summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog505
-rw-r--r--Makefile.in105
-rw-r--r--README6
-rw-r--r--README.privsep6
-rw-r--r--TODO5
-rw-r--r--acconfig.h15
-rw-r--r--auth-krb4.c4
-rw-r--r--auth-krb5.c4
-rw-r--r--auth-pam.c10
-rw-r--r--auth-passwd.c87
-rw-r--r--auth-sia.c47
-rw-r--r--auth-sia.h2
-rw-r--r--auth.c50
-rw-r--r--auth1.c8
-rw-r--r--auth2-pam.c5
-rw-r--r--auth2.c5
-rw-r--r--authfd.c10
-rw-r--r--authfd.h6
-rw-r--r--authfile.c32
-rw-r--r--autom4te-2.53.cache/output.0514
-rw-r--r--autom4te-2.53.cache/requests128
-rw-r--r--autom4te-2.53.cache/traces.01122
-rw-r--r--bufaux.c4
-rw-r--r--canohost.c25
-rw-r--r--channels.c23
-rw-r--r--cipher.c4
-rw-r--r--clientloop.c16
-rwxr-xr-xconfig.guess3
-rw-r--r--config.h.in42
-rwxr-xr-xconfig.sub9
-rwxr-xr-xconfigure514
-rw-r--r--configure.ac121
-rw-r--r--contrib/aix/README13
-rwxr-xr-xcontrib/aix/buildbff.sh62
-rwxr-xr-xcontrib/aix/inventory.sh4
-rw-r--r--contrib/caldera/openssh.spec21
-rw-r--r--contrib/cygwin/ssh-host-config11
-rw-r--r--contrib/gnome-ssh-askpass2.c50
-rw-r--r--contrib/redhat/openssh.spec4
-rwxr-xr-xcontrib/solaris/opensshd.in2
-rw-r--r--contrib/ssh-copy-id7
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--crc32.c195
-rw-r--r--crc32.h41
-rw-r--r--defines.h16
-rw-r--r--dh.c6
-rwxr-xr-xfixpaths49
-rw-r--r--hostfile.h12
-rw-r--r--includes.h4
-rw-r--r--kex.c66
-rw-r--r--kex.h23
-rw-r--r--kexdh.c234
-rw-r--r--kexdhc.c137
-rw-r--r--kexdhs.c138
-rw-r--r--kexgex.c328
-rw-r--r--kexgexc.c189
-rw-r--r--kexgexs.c186
-rw-r--r--key.c8
-rw-r--r--key.h7
-rw-r--r--log.c10
-rw-r--r--loginrec.c67
-rw-r--r--misc.c4
-rw-r--r--monitor.c42
-rw-r--r--monitor_wrap.c32
-rw-r--r--msg.c2
-rw-r--r--msg.h2
-rw-r--r--openbsd-compat/Makefile.in4
-rw-r--r--openbsd-compat/base64.c9
-rw-r--r--openbsd-compat/base64.h11
-rw-r--r--openbsd-compat/basename.c73
-rw-r--r--openbsd-compat/basename.h12
-rw-r--r--openbsd-compat/bsd-arc4random.c4
-rw-r--r--openbsd-compat/bsd-cray.h6
-rw-r--r--openbsd-compat/bsd-cygwin_util.c72
-rw-r--r--openbsd-compat/bsd-getpeereid.c4
-rw-r--r--openbsd-compat/bsd-misc.c43
-rw-r--r--openbsd-compat/bsd-misc.h11
-rw-r--r--openbsd-compat/fake-getaddrinfo.c28
-rw-r--r--openbsd-compat/fake-getaddrinfo.h2
-rw-r--r--openbsd-compat/getcwd.c4
-rw-r--r--openbsd-compat/getopt.c5
-rw-r--r--openbsd-compat/mktemp.c4
-rw-r--r--openbsd-compat/mktemp.h6
-rw-r--r--openbsd-compat/openbsd-compat.h4
-rw-r--r--openbsd-compat/port-aix.h11
-rw-r--r--openbsd-compat/setenv.c5
-rw-r--r--openbsd-compat/setproctitle.c281
-rw-r--r--openbsd-compat/setproctitle.h3
-rw-r--r--openbsd-compat/sys-tree.h8
-rw-r--r--openbsd-compat/vis.c232
-rw-r--r--openbsd-compat/vis.h91
-rw-r--r--packet.c64
-rw-r--r--progressmeter.c282
-rw-r--r--progressmeter.h27
-rw-r--r--readconf.c26
-rw-r--r--readconf.h4
-rw-r--r--readpass.c16
-rw-r--r--regress/Makefile14
-rw-r--r--regress/agent-getpeereid.sh34
-rw-r--r--regress/agent-ptrace.sh28
-rw-r--r--regress/agent-timeout.sh36
-rw-r--r--regress/keygen-change.sh23
-rw-r--r--regress/proxy-connect.sh9
-rw-r--r--regress/sftp-batch.sh57
-rw-r--r--regress/sftp-cmds.sh100
-rw-r--r--regress/ssh-com-client.sh6
-rw-r--r--regress/ssh-com-keygen.sh6
-rw-r--r--regress/ssh-com-sftp.sh6
-rw-r--r--regress/ssh-com.sh10
-rw-r--r--scp.081
-rw-r--r--scp.119
-rw-r--r--scp.c337
-rw-r--r--servconf.c3
-rw-r--r--session.c61
-rw-r--r--sftp-client.c110
-rw-r--r--sftp-common.c4
-rw-r--r--sftp-int.c197
-rw-r--r--sftp-int.h4
-rw-r--r--sftp-server.030
-rw-r--r--sftp-server.c47
-rw-r--r--sftp.0201
-rw-r--r--sftp.119
-rw-r--r--sftp.c13
-rw-r--r--ssh-add.088
-rw-r--r--ssh-add.114
-rw-r--r--ssh-add.c26
-rw-r--r--ssh-agent.085
-rw-r--r--ssh-agent.111
-rw-r--r--ssh-agent.c79
-rw-r--r--ssh-dss.c3
-rw-r--r--ssh-keygen.0157
-rw-r--r--ssh-keygen.15
-rw-r--r--ssh-keygen.c3
-rw-r--r--ssh-keyscan.093
-rw-r--r--ssh-keyscan.c4
-rw-r--r--ssh-keysign.040
-rw-r--r--ssh-keysign.86
-rw-r--r--ssh-keysign.c13
-rw-r--r--ssh-rand-helper.048
-rw-r--r--ssh-rand-helper.c9
-rw-r--r--ssh-rsa.c5
-rw-r--r--ssh.0524
-rw-r--r--ssh.c19
-rw-r--r--ssh_config.0403
-rw-r--r--ssh_config.55
-rw-r--r--sshconnect.c12
-rw-r--r--sshconnect2.c40
-rw-r--r--sshd.0414
-rw-r--r--sshd.831
-rw-r--r--sshd.c32
-rw-r--r--sshd_config.0477
-rw-r--r--sshd_config.54
-rw-r--r--sshlogin.c6
-rw-r--r--sshlogin.h2
-rw-r--r--sshpty.c6
-rw-r--r--version.h7
156 files changed, 7161 insertions, 3728 deletions
diff --git a/ChangeLog b/ChangeLog
index 87604663b..9a7e2ea93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,504 @@
120030326
2 - (djm) OpenBSD CVS Sync
3 - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
4 [sftp-server.c]
5 one last fix to the tree: race fix broke stuff; pr 3169;
6 srp@srparish.net, help from djm
7 - (djm) Fix getpeerid support for 64 bit BE systems. From
8 Arnd Bergmann <arndb@de.ibm.com>
9 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
10 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
11 - Release 3.6p1
12
1320030324
14 - (djm) OpenBSD CVS Sync
15 - markus@cvs.openbsd.org 2003/03/23 19:02:00
16 [monitor.c]
17 unbreak rekeying for privsep; ok millert@
18
1920030320
20 - (djm) OpenBSD CVS Sync
21 - markus@cvs.openbsd.org 2003/03/17 10:38:38
22 [progressmeter.c]
23 don't print \n if backgrounded; from ho@
24 - markus@cvs.openbsd.org 2003/03/17 11:43:47
25 [version.h]
26 enter 3.6
27 - (bal) The days of lack of int64_t support are over. Sorry kids.
28 - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
29 - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
30 guessing rules)
31 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
32 with SIA. Also, clean up of tru64 support patch by Chris Adams
33 <cmadams@hiwaay.net>
34 - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
35 section.
36
3720030318
38 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
39 add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
40
4120030317
42 - (djm) Fix return value checks for RAND_bytes. Report from
43 Steve G <linux_4ever@yahoo.com>
44
4520030315
46 - (djm) OpenBSD CVS Sync
47 - markus@cvs.openbsd.org 2003/03/13 11:42:19
48 [authfile.c ssh-keysign.c]
49 move RSA_blinding_on to generic key load method
50 - markus@cvs.openbsd.org 2003/03/13 11:44:50
51 [ssh-agent.c]
52 ssh-agent is similar to ssh-keysign (allows other processes to use
53 private rsa keys). however, it gets key over socket and not from
54 a file, so we have to do blinding here as well.
55
5620030310
57- (djm) OpenBSD CVS Sync
58 - markus@cvs.openbsd.org 2003/03/05 22:33:43
59 [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
60 [sftp-server.c ssh-add.c sshconnect2.c]
61 fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
62 - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
63 CLOUSEAU
64 - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
65 dtucker@zip.com.au
66 - (djm) AIX package builder update from dtucker@zip.com.au
67
6820030225
69 - (djm) Fix some compile errors spotted by dtucker and his fabulous
70 tinderbox
71
7220030224
73 - (djm) Tweak gnome-ssh-askpass2:
74 - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
75 immediately fail if you are doing something else when it appears (e.g.
76 dragging a window)
77 - Perform server grab after we have the keyboard and/or pointer to avoid
78 races.
79 - (djm) OpenBSD CVS Sync
80 - markus@cvs.openbsd.org 2003/01/27 17:06:31
81 [sshd.c]
82 more specific error message when /var/empty has wrong permissions;
83 bug #46, map@appgate.com; ok henning@, provos@, stevesk@
84 - markus@cvs.openbsd.org 2003/01/28 16:11:52
85 [scp.1]
86 document -l; pekkas@netcore.fi
87 - stevesk@cvs.openbsd.org 2003/01/28 17:24:51
88 [scp.1]
89 remove example not pertinent with -1 addition; ok markus@
90 - jmc@cvs.openbsd.org 2003/01/31 21:54:40
91 [sshd.8]
92 typos; sshd(8): help and ok markus@
93 help and ok millert@
94 - markus@cvs.openbsd.org 2003/02/02 10:51:13
95 [scp.c]
96 call okname() only when using system(3) for remote-remote copy;
97 fixes bugs #483, #472; ok deraadt@, mouring@
98 - markus@cvs.openbsd.org 2003/02/02 10:56:08
99 [kex.c]
100 add support for key exchange guesses; based on work by
101 avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
102 - markus@cvs.openbsd.org 2003/02/03 08:56:16
103 [sshpty.c]
104 don't call error() for readonly /dev; from soekris list; ok mcbride,
105 henning, deraadt.
106 - markus@cvs.openbsd.org 2003/02/04 09:32:08
107 [key.c]
108 better debug3 message
109 - markus@cvs.openbsd.org 2003/02/04 09:33:22
110 [monitor.c monitor_wrap.c]
111 skey/bsdauth: use 0 to indicate failure instead of -1, because
112 the buffer API only supports unsigned ints.
113 - markus@cvs.openbsd.org 2003/02/05 09:02:28
114 [readconf.c]
115 simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
116 - markus@cvs.openbsd.org 2003/02/06 09:26:23
117 [session.c]
118 missing call to setproctitle() after authentication; ok provos@
119 - markus@cvs.openbsd.org 2003/02/06 09:27:29
120 [ssh.c ssh_config.5]
121 support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
122 - markus@cvs.openbsd.org 2003/02/06 09:29:18
123 [sftp-server.c]
124 fix races in rename/symlink; from Tony Finch; ok djm@
125 - markus@cvs.openbsd.org 2003/02/06 21:22:43
126 [auth1.c auth2.c]
127 undo broken fix for #387, fixes #486
128 - markus@cvs.openbsd.org 2003/02/10 11:51:47
129 [ssh-add.1]
130 xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
131 - markus@cvs.openbsd.org 2003/02/12 09:33:04
132 [key.c key.h ssh-dss.c ssh-rsa.c]
133 merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
134 - markus@cvs.openbsd.org 2003/02/12 21:39:50
135 [crc32.c crc32.h]
136 replace crc32.c with a BSD licensed version; noted by David Turner
137 - markus@cvs.openbsd.org 2003/02/16 17:09:57
138 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
139 split kex into client and server code, no need to link
140 server code into the client; ok provos@
141 - markus@cvs.openbsd.org 2003/02/16 17:30:33
142 [monitor.c monitor_wrap.c]
143 fix permitrootlogin forced-commands-only for privsep; bux #387;
144 ok provos@
145 - markus@cvs.openbsd.org 2003/02/21 09:05:53
146 [servconf.c]
147 print sshd_config filename in debug2 mode.
148 - mpech@cvs.openbsd.org 2003/02/21 10:34:48
149 [auth-krb4.c]
150 ...sizeof(&adat.session) is not good here.
151 henning@, deraadt@, millert@
152 - (djm) Add new object files to Makefile and reorder
153 - (djm) Bug #501: gai_strerror should return char*;
154 fix from dtucker@zip.com.au
155 - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter;
156 From vinschen@redhat.com
157 - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc
158 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
159 From vinschen@redhat.com
160 - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com
161
16220030211
163 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
164
16520030206
166 - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a
167 string service name. Suggested by markus@, review by itojun@
168
16920030131
170 - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by
171 dtucker@zip.com.au
172
17320030130
174 - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
175
176200301028
177 - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au
178 and openssh-unix-dev@thewrittenword.com
179
180200301027
181 - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for
182 cray. Also removed test for tcgetpgrp in configure.ac since it
183 is no longer used.
184
18520030124
186 - (djm) OpenBSD CVS Sync
187 - jmc@cvs.openbsd.org 2003/01/23 08:58:47
188 [sshd_config.5]
189 typos; ok millert@
190 - markus@cvs.openbsd.org 2003/01/23 13:50:27
191 [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
192 ssh-add -c, prompt user for confirmation (using ssh-askpass) when
193 private agent key is used; with djm@; test by dugsong@, djm@;
194 ok deraadt@
195 - markus@cvs.openbsd.org 2003/01/23 14:01:53
196 [scp.c]
197 bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
198 - markus@cvs.openbsd.org 2003/01/23 14:06:15
199 [scp.1 scp.c]
200 scp -12; Sam Smith and others; ok provos@, deraadt@
201 - (djm) Add TIMEVAL_TO_TIMESPEC macros
202
20320030123
204 - (djm) OpenBSD CVS Sync
205 - djm@cvs.openbsd.org 2003/01/23 00:03:00
206 [auth1.c]
207 Don't log TIS auth response; "get rid of it" - markus@
208
20920030122
210 - (djm) OpenBSD CVS Sync
211 - marc@cvs.openbsd.org 2003/01/21 18:14:36
212 [ssh-agent.1 ssh-agent.c]
213 Add a -t life option to ssh-agent that set the default lifetime.
214 The default can still be overriden by using -t in ssh-add.
215 OK markus@
216 - (djm) Reorganise PAM & SIA password handling to eliminate some common code
217 - (djm) Sync regress with OpenBSD -current
218
21920030120
220 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au
221 - (tim) [progressmeter.c] make compilers without long long happy.
222 - (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when
223 using cc. (gcc already did)
224
22520030118
226 - (djm) Revert fix for Bug #442 for now.
227
22820030117
229 - (djm) Bug #470: Detect strnvis, not strvis in configure.
230 From d_wllms@lanl.gov
231
23220030116
233 - (djm) OpenBSD CVS Sync
234 - djm@cvs.openbsd.org 2003/01/16 03:41:55
235 [sftp-int.c]
236 explicitly use first glob result
237
23820030114
239 - (djm) OpenBSD CVS Sync
240 - fgsch@cvs.openbsd.org 2003/01/10 23:23:24
241 [sftp-int.c]
242 typo; from Nils Nordman <nino at nforced dot com>.
243 - markus@cvs.openbsd.org 2003/01/11 18:29:43
244 [log.c]
245 set fatal_cleanups to NULL in fatal_remove_all_cleanups();
246 dtucker@zip.com.au
247 - markus@cvs.openbsd.org 2003/01/12 16:57:02
248 [progressmeter.c]
249 allow WARNINGS=yes; ok djm@
250 - djm@cvs.openbsd.org 2003/01/13 11:04:04
251 [sftp-int.c]
252 make cmds[] array static to avoid conflict with BSDI libc.
253 mindrot bug #466. Fix from mdev@idg.nl; ok markus@
254 - djm@cvs.openbsd.org 2003/01/14 10:58:00
255 [sftp-client.c sftp-int.c]
256 Don't try to upload or download non-regular files. Report from
257 apoloval@pantuflo.escet.urjc.es; ok markus@
258
25920030113
260 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type
261 detection to configure.ac. Prompted by stevesk@
262 - (djm) Bug #467: Add a --disable-strip option to turn off stripping of
263 installed binaries. From mdev@idg.nl
264
26520030110
266 - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
267 systems may be added later.
268 - (djm) OpenBSD CVS Sync
269 - djm@cvs.openbsd.org 2003/01/08 23:53:26
270 [sftp.1 sftp.c sftp-int.c sftp-int.h]
271 Cleanup error handling for batchmode
272 Allow blank lines and comments in input
273 Ability to suppress abort on error in batchmode ("-put blah")
274 Fixes mindrot bug #452; markus@ ok
275 - fgsch@cvs.openbsd.org 2003/01/10 08:19:07
276 [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c]
277 [progressmeter.h]
278 sftp progress meter support.
279 original diffs by Nils Nordman <nino at nforced dot com> via
280 markus@, merged to -current by me, djm@ ok.
281 - djm@cvs.openbsd.org 2003/01/10 08:48:15
282 [sftp-client.c]
283 Simplify and avoid redundancy in packet send and receive
284 functions; ok fgs@
285 - djm@cvs.openbsd.org 2003/01/10 10:29:35
286 [scp.c]
287 Don't ftruncate after write error, creating sparse files of
288 incorrect length
289 mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
290 - djm@cvs.openbsd.org 2003/01/10 10:32:54
291 [channels.c]
292 hush socket() errors, except last. Fixes mindrot bug #408; ok markus@
293
29420030108
295 - (djm) Sync openbsd-compat/ with OpenBSD -current
296 - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@
297 - (djm) OpenBSD CVS Sync
298 - markus@cvs.openbsd.org 2003/01/01 18:08:52
299 [channels.c]
300 move big output buffer messages to debug2
301 - djm@cvs.openbsd.org 2003/01/06 23:51:22
302 [sftp-client.c]
303 Fix "get -p" download to not add user-write perm. mindrot bug #426
304 reported by gfernandez@livevault.com; ok markus@
305 - fgsch@cvs.openbsd.org 2003/01/07 23:42:54
306 [sftp.1]
307 add version; from Nils Nordman <nino at nforced dot com> via markus@.
308 markus@ ok
309 - (djm) Update README to reflect AIX's status as a well supported platform.
310 From dtucker@zip.com.au
311 - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch
312 by Mo DeJong.
313 - (tim) [auth.c] declare today at top of allowed_user() to keep
314 older compilers happy.
315 - (tim) [scp.c] make compilers without long long happy.
316
31720030107
318 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
319 Based on fix from yoshfuji@linux-ipv6.org
320 - (djm) Bug #442: Check for and deny access to accounts with locked
321 passwords. Patch from dtucker@zip.com.au
322 - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes
323 Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
324 - (djm) Fix Bug #442 for PAM case
325 - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based
326 on one by peak@argo.troja.mff.cuni.cz
327 - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate
328 nasties. Report from peak@argo.troja.mff.cuni.cz
329 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
330 Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
331 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
332 dtucker@zip.com.au. Reorder for clarity too.
333
33420030103
335 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
336 cjwatson@debian.org
337 - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from
338 cjwatson@debian.org
339 - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
340 mii@ornl.gov
341
34220030101
343 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
344 parts of pass addrlen with sockaddr * fix.
345 from Hajimu UMEMOTO <ume@FreeBSD.org>
346
34720021222
348 - (bal) OpenBSD CVS Sync
349 - fgsch@cvs.openbsd.org 2002/11/15 10:03:09
350 [authfile.c]
351 lseek(2) may return -1 when getting the public/private key lenght.
352 Simplify the code and check for errors using fstat(2).
353
354 Problem reported by Mauricio Sanchez, markus@ ok.
355 - markus@cvs.openbsd.org 2002/11/18 16:43:44
356 [clientloop.c]
357 don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
358 e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
359 - markus@cvs.openbsd.org 2002/11/21 22:22:50
360 [dh.c]
361 debug->debug2
362 - markus@cvs.openbsd.org 2002/11/21 22:45:31
363 [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
364 debug->debug2, unify debug messages
365 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
366 [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
367 sshconnect.c]
368 KNF
369 - markus@cvs.openbsd.org 2002/11/21 23:04:33
370 [ssh.c]
371 debug->debug2
372 - stevesk@cvs.openbsd.org 2002/11/24 21:46:24
373 [ssh-keysign.8]
374 typo: "the the"
375 - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
376 [scp.c ssh-keygen.c]
377 Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
378 ok markus@
379 - stevesk@cvs.openbsd.org 2002/11/26 02:35:30
380 [ssh-keygen.1]
381 remove outdated statement; ok markus@ deraadt@
382 - stevesk@cvs.openbsd.org 2002/11/26 02:38:54
383 [canohost.c]
384 KNF, comment and error message repair; ok markus@
385 - markus@cvs.openbsd.org 2002/11/27 17:53:35
386 [scp.c sftp.c ssh.c]
387 allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
388 http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
389 - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
390 [session.c]
391 remove xauth entries before add; PR 2994 from janjaap@stack.nl.
392 ok markus@
393 - markus@cvs.openbsd.org 2002/12/05 11:08:35
394 [scp.c]
395 use roundup() similar to rcp/util.c and avoid problems with strange
396 filesystem block sizes, noted by tjr@freebsd.org; ok djm@
397 - djm@cvs.openbsd.org 2002/12/06 05:20:02
398 [sftp.1]
399 Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@
400 - millert@cvs.openbsd.org 2002/12/09 16:50:30
401 [ssh.c]
402 Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
403 markus@ OK
404 - markus@cvs.openbsd.org 2002/12/10 08:56:00
405 [session.c]
406 Make sure $SHELL points to the shell from the password file, even if shell
407 is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
408 - markus@cvs.openbsd.org 2002/12/10 19:26:50
409 [packet.c]
410 move tos handling to packet_set_tos; ok provos/henning/deraadt
411 - markus@cvs.openbsd.org 2002/12/10 19:47:14
412 [packet.c]
413 static
414 - markus@cvs.openbsd.org 2002/12/13 10:03:15
415 [channels.c misc.c sshconnect2.c]
416 cleanup debug messages, more useful information for the client user.
417 - markus@cvs.openbsd.org 2002/12/13 15:20:52
418 [scp.c]
419 1) include stalling time in total time
420 2) truncate filenames to 45 instead of 20 characters
421 3) print rate instead of progress bar, no more stars
422 4) scale output to tty width
423 based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
424 - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
425 we already did s/msg_send/ssh_msg_send/
426
42720021205
428 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
429
43020021122
431 - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
432 advax@triumf.ca. This type of solution tested by <herb@sgi.com>
433
43420021113
435 - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
436
43720021111
438 - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
439 not world writable.
440
44120021109
442 - (bal) OpenBSD CVS Sync
443 - itojun@cvs.openbsd.org 2002/10/16 14:31:48
444 [sftp-common.c]
445 64bit pedant. %llu is "unsigned long long". markus ok
446 - markus@cvs.openbsd.org 2002/10/23 10:32:13
447 [packet.c]
448 use %u for u_int
449 - markus@cvs.openbsd.org 2002/10/23 10:40:16
450 [bufaux.c]
451 %u for u_int
452 - markus@cvs.openbsd.org 2002/11/04 10:07:53
453 [auth.c]
454 don't compare against pw_home if realpath fails for pw_home (seen
455 on AFS); ok djm@
456 - markus@cvs.openbsd.org 2002/11/04 10:09:51
457 [packet.c]
458 log before send disconnect; ok djm@
459 - markus@cvs.openbsd.org 2002/11/05 19:45:20
460 [monitor.c]
461 handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
462 - markus@cvs.openbsd.org 2002/11/05 20:10:37
463 [sftp-client.c]
464 typo; GaryF@livevault.com
465 - markus@cvs.openbsd.org 2002/11/07 16:28:47
466 [sshd.c]
467 log to stderr if -ie is given, bug #414, prj@po.cwru.edu
468 - markus@cvs.openbsd.org 2002/11/07 22:08:07
469 [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
470 we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
471 because HostbasedAuthentication might be enabled based on the
472 target host and ssh-keysign(8) does not know the remote hostname
473 and not trust ssh(1) about the hostname, so we add a new option
474 EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
475 - markus@cvs.openbsd.org 2002/11/07 22:35:38
476 [scp.c]
477 check exit status from ssh, and exit(1) if ssh fails; bug#369;
478 binder@arago.de
479 - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
480 ntsec now default if cygwin version beginning w/ version 56. Patch
481 by Corinna Vinschen <vinschen@redhat.com>
482 - (bal) AIX does not log login attempts for unknown users (bug #432).
483 patch by dtucker@zip.com.au
484
48520021021
486 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
487 dtucker@zip.com.au
488 - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
489 dirk.meyer@dinoex.sub.org
490
49120021015
492 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
493 - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
494
49520021015
496 - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
497
49820021004
499 - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
500 SIA.
501
120021003 50220021003
2 - (djm) OpenBSD CVS Sync 503 - (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2002/10/01 20:34:12 504 - markus@cvs.openbsd.org 2002/10/01 20:34:12
@@ -7,7 +508,7 @@
7 [version.h] 508 [version.h]
8 OpenSSH 3.5 509 OpenSSH 3.5
9 - (djm) Bump RPM spec version numbers 510 - (djm) Bump RPM spec version numbers
10 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 511 - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
11 512
1220020930 51320020930
13 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, 514 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
@@ -757,4 +1258,4 @@
757 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1258 save auth method before monitor_reset_key_state(); bugzilla bug #284;
758 ok provos@ 1259 ok provos@
759 1260
760$Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $ 1261$Id: ChangeLog,v 1.2633.2.9 2003/03/26 05:03:05 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 89d02c959..b94eae158 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $ 1# $Id: Makefile.in,v 1.227.2.1 2003/03/21 00:51:35 mouring Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -27,6 +27,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
27RAND_HELPER=$(libexecdir)/ssh-rand-helper 27RAND_HELPER=$(libexecdir)/ssh-rand-helper
28PRIVSEP_PATH=@PRIVSEP_PATH@ 28PRIVSEP_PATH=@PRIVSEP_PATH@
29SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ 29SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
30STRIP_OPT=@STRIP_OPT@
30 31
31PATHS= -DSSHDIR=\"$(sysconfdir)\" \ 32PATHS= -DSSHDIR=\"$(sysconfdir)\" \
32 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ 33 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@@ -48,6 +49,7 @@ AR=@AR@
48RANLIB=@RANLIB@ 49RANLIB=@RANLIB@
49INSTALL=@INSTALL@ 50INSTALL=@INSTALL@
50PERL=@PERL@ 51PERL=@PERL@
52SED=@SED@
51ENT=@ENT@ 53ENT=@ENT@
52XAUTH_PATH=@XAUTH_PATH@ 54XAUTH_PATH=@XAUTH_PATH@
53LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ 55LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
@@ -56,15 +58,30 @@ EXEEXT=@EXEEXT@
56INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ 58INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
57INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ 59INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
58 60
59@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) 61TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
60 62
61TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) 63LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
62 64 cipher.o compat.o compress.o crc32.o deattack.o fatal.o \
63LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o 65 hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \
64 66 rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
65SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o 67 key.o dispatch.o kex.o mac.o uuencode.o misc.o \
66 68 rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
67SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o 69 kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \
70 entropy.o
71
72SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
73 sshconnect.o sshconnect1.o sshconnect2.o
74
75SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
76 sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
77 auth.o auth1.o auth2.o auth-options.o session.o \
78 auth-chall.o auth2-chall.o groupaccess.o \
79 auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
80 auth2-none.o auth2-passwd.o auth2-pubkey.o \
81 monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
82 kexdhs.o kexgexs.o \
83 auth-krb5.o auth-krb4.o \
84 loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o
68 85
69MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out 86MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
70MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 87MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@@ -74,23 +91,23 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out
74CONFIGFILES_IN=sshd_config ssh_config moduli 91CONFIGFILES_IN=sshd_config ssh_config moduli
75 92
76PATHSUBS = \ 93PATHSUBS = \
77 -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \ 94 -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
78 -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \ 95 -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
79 -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \ 96 -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
80 -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \ 97 -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
81 -D/usr/libexec=$(libexecdir) \ 98 -e 's|/usr/libexec|$(libexecdir)|g' \
82 -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \ 99 -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
83 -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \ 100 -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
84 -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \ 101 -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
85 -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \ 102 -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
86 -D/var/run/sshd.pid=$(piddir)/sshd.pid \ 103 -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
87 -D/etc/ssh/moduli=$(sysconfdir)/moduli \ 104 -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
88 -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ 105 -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
89 -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ 106 -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
90 -D/var/empty=$(PRIVSEP_PATH) \ 107 -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
91 -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ 108 -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
92 109
93FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) 110FIXPATHSCMD = $(SED) $(PATHSUBS)
94 111
95all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) 112all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
96 113
@@ -116,8 +133,8 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
116sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) 133sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
117 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) 134 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
118 135
119scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o 136scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
120 $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 137 $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
121 138
122ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o 139ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
123 $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 140 $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -137,8 +154,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
137sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o 154sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
138 $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 155 $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
139 156
140sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o 157sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
141 $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 158 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
142 159
143ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o 160ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
144 $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 161 $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -217,19 +234,19 @@ install-files: scard-install
217 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 234 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
218 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) 235 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
219 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) 236 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
220 $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh 237 $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
221 $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp 238 $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
222 $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add 239 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add
223 $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent 240 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
224 $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen 241 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
225 $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan 242 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
226 $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd 243 $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
227 if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ 244 if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
228 $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ 245 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
229 fi 246 fi
230 $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) 247 $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
231 @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp 248 $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
232 @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER) 249 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
233 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 250 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
234 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 251 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
235 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 252 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -242,8 +259,8 @@ install-files: scard-install
242 if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ 259 if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
243 $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ 260 $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
244 fi 261 fi
245 @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 262 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
246 @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 263 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
247 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 264 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
248 -rm -f $(DESTDIR)$(bindir)/slogin 265 -rm -f $(DESTDIR)$(bindir)/slogin
249 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 266 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
diff --git a/README b/README
index 3c54c477b..5709fbeaf 100644
--- a/README
+++ b/README
@@ -15,8 +15,8 @@ and Dug Song. It has a homepage at http://www.openssh.com/
15This port consists of the re-introduction of autoconf support, PAM 15This port consists of the re-introduction of autoconf support, PAM
16support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements 16support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
17for OpenBSD library functions that are (regrettably) absent from other 17for OpenBSD library functions that are (regrettably) absent from other
18unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD 18unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
19and Irix. Support for AIX, SCO, NeXT and other Unices is underway. 19Irix and AIX. Support for SCO, NeXT and other Unices is underway.
20This version actively tracks changes in the OpenBSD CVS repository. 20This version actively tracks changes in the OpenBSD CVS repository.
21 21
22The PAM support is now more functional than the popular packages of 22The PAM support is now more functional than the popular packages of
@@ -63,4 +63,4 @@ References -
63[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 63[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
64[7] http://www.openssh.com/faq.html 64[7] http://www.openssh.com/faq.html
65 65
66$Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $ 66$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $
diff --git a/README.privsep b/README.privsep
index ced943f26..e92af2c41 100644
--- a/README.privsep
+++ b/README.privsep
@@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system
43configuration. PAMAuthenticationViaKbdInt does not function with 43configuration. PAMAuthenticationViaKbdInt does not function with
44privsep. 44privsep.
45 45
46On Compaq Tru64 Unix, only the pre-authentication part of privsep is
47supported. Post-authentication privsep is disabled automatically (so
48you won't see the additional process mentioned below).
49
46Note that for a normal interactive login with a shell, enabling privsep 50Note that for a normal interactive login with a shell, enabling privsep
47will require 1 additional process per login session. 51will require 1 additional process per login session.
48 52
@@ -58,4 +62,4 @@ process 1005 is the sshd process listening for new connections.
58process 6917 is the privileged monitor process, 6919 is the user owned 62process 6917 is the privileged monitor process, 6919 is the user owned
59sshd process and 6921 is the shell process. 63sshd process and 6921 is the shell process.
60 64
61$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $ 65$Id: README.privsep,v 1.10.6.1 2003/03/21 01:15:18 mouring Exp $
diff --git a/TODO b/TODO
index f667d59d6..de83000f5 100644
--- a/TODO
+++ b/TODO
@@ -13,7 +13,7 @@ Programming:
13- Write a test program that calls stat() to search for EGD/PRNGd socket 13- Write a test program that calls stat() to search for EGD/PRNGd socket
14 rather than use the (non-portable) "test -S". 14 rather than use the (non-portable) "test -S".
15 15
16- Replacement for setproctitle() - HP-UX support only currently 16- More platforms for for setproctitle() emulation (testing needed)
17 17
18- Handle changing passwords for the non-PAM expired password case 18- Handle changing passwords for the non-PAM expired password case
19 19
@@ -101,6 +101,7 @@ Clean up configure/makefiles:
101 (vinschen@redhat.com) 101 (vinschen@redhat.com)
102 102
103- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 103- Replace the whole u_intXX_t evilness in acconfig.h with something better???
104 - Do it in configure.ac
104 105
105- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 106- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test
106 to allow people to (right/wrongfully) link against Bind directly. 107 to allow people to (right/wrongfully) link against Bind directly.
@@ -133,4 +134,4 @@ PrivSep Issues:
133- Cygwin 134- Cygwin
134 + Privsep for Pre-auth only (no fd passing) 135 + Privsep for Pre-auth only (no fd passing)
135 136
136$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ 137$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $
diff --git a/acconfig.h b/acconfig.h
index 3e058f3ea..b6e4b37cc 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
1/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ 1/* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */
2 2
3#ifndef _CONFIG_H 3#ifndef _CONFIG_H
4#define _CONFIG_H 4#define _CONFIG_H
@@ -364,6 +364,19 @@
364/* Define if your platform needs to skip post auth file descriptor passing */ 364/* Define if your platform needs to skip post auth file descriptor passing */
365#undef DISABLE_FD_PASSING 365#undef DISABLE_FD_PASSING
366 366
367/* Silly mkstemp() */
368#undef HAVE_STRICT_MKSTEMP
369
370/* Setproctitle emulation */
371#undef SETPROCTITLE_STRATEGY
372#undef SETPROCTITLE_PS_PADDING
373
374/* Some systems put this outside of libc */
375#undef HAVE_NANOSLEEP
376
377/* Pushing STREAMS modules incorrectly acquires a controlling TTY */
378#undef STREAMS_PUSH_ACQUIRES_CTTY
379
367@BOTTOM@ 380@BOTTOM@
368 381
369/* ******************* Shouldn't need to edit below this line ************** */ 382/* ******************* Shouldn't need to edit below this line ************** */
diff --git a/auth-krb4.c b/auth-krb4.c
index b86ce7e49..b28df469f 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $"); 26RCSID("$OpenBSD: auth-krb4.c,v 1.29 2003/02/21 10:34:48 mpech Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh1.h" 29#include "ssh1.h"
@@ -271,7 +271,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
271 reply->length = r; 271 reply->length = r;
272 272
273 /* Clear session key. */ 273 /* Clear session key. */
274 memset(&adat.session, 0, sizeof(&adat.session)); 274 memset(&adat.session, 0, sizeof(adat.session));
275 return (1); 275 return (1);
276} 276}
277#endif /* KRB4 */ 277#endif /* KRB4 */
diff --git a/auth-krb5.c b/auth-krb5.c
index 512f70b78..e3e2d9751 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); 31RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "ssh1.h" 34#include "ssh1.h"
@@ -107,7 +107,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
107 if (problem) 107 if (problem)
108 goto err; 108 goto err;
109 109
110 problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , 110 problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
111 KRB5_NT_SRV_HST, &server); 111 KRB5_NT_SRV_HST, &server);
112 if (problem) 112 if (problem)
113 goto err; 113 goto err;
diff --git a/auth-pam.c b/auth-pam.c
index 99b03f45b..fe9570f92 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -38,7 +38,7 @@ extern char *__progname;
38 38
39extern int use_privsep; 39extern int use_privsep;
40 40
41RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $"); 41RCSID("$Id: auth-pam.c,v 1.55 2003/01/22 04:42:26 djm Exp $");
42 42
43#define NEW_AUTHTOK_MSG \ 43#define NEW_AUTHTOK_MSG \
44 "Warning: Your password has expired, please change it now." 44 "Warning: Your password has expired, please change it now."
@@ -210,14 +210,6 @@ int auth_pam_password(Authctxt *authctxt, const char *password)
210 210
211 do_pam_set_conv(&conv); 211 do_pam_set_conv(&conv);
212 212
213 /* deny if no user. */
214 if (pw == NULL)
215 return 0;
216 if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
217 return 0;
218 if (*password == '\0' && options.permit_empty_passwd == 0)
219 return 0;
220
221 __pampasswd = password; 213 __pampasswd = password;
222 214
223 pamstate = INITIAL_LOGIN; 215 pamstate = INITIAL_LOGIN;
diff --git a/auth-passwd.c b/auth-passwd.c
index 185db7d6d..9901d4842 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -92,33 +92,26 @@ extern char *aixloginmsg;
92int 92int
93auth_password(Authctxt *authctxt, const char *password) 93auth_password(Authctxt *authctxt, const char *password)
94{ 94{
95#if defined(USE_PAM)
96 if (*password == '\0' && options.permit_empty_passwd == 0)
97 return 0;
98 return auth_pam_password(authctxt, password);
99#elif defined(HAVE_OSF_SIA)
100 if (*password == '\0' && options.permit_empty_passwd == 0)
101 return 0;
102 return auth_sia_password(authctxt, password);
103#else
104 struct passwd * pw = authctxt->pw; 95 struct passwd * pw = authctxt->pw;
96#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
105 char *encrypted_password; 97 char *encrypted_password;
106 char *pw_password; 98 char *pw_password;
107 char *salt; 99 char *salt;
108#if defined(__hpux) || defined(HAVE_SECUREWARE) 100# if defined(__hpux) || defined(HAVE_SECUREWARE)
109 struct pr_passwd *spw; 101 struct pr_passwd *spw;
110#endif /* __hpux || HAVE_SECUREWARE */ 102# endif /* __hpux || HAVE_SECUREWARE */
111#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 103# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
112 struct spwd *spw; 104 struct spwd *spw;
113#endif 105# endif
114#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) 106# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
115 struct passwd_adjunct *spw; 107 struct passwd_adjunct *spw;
116#endif 108# endif
117#ifdef WITH_AIXAUTHENTICATE 109# ifdef WITH_AIXAUTHENTICATE
118 char *authmsg; 110 char *authmsg;
119 int authsuccess; 111 int authsuccess;
120 int reenter = 1; 112 int reenter = 1;
121#endif 113# endif
114#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
122 115
123 /* deny if no user. */ 116 /* deny if no user. */
124 if (pw == NULL) 117 if (pw == NULL)
@@ -129,15 +122,21 @@ auth_password(Authctxt *authctxt, const char *password)
129#endif 122#endif
130 if (*password == '\0' && options.permit_empty_passwd == 0) 123 if (*password == '\0' && options.permit_empty_passwd == 0)
131 return 0; 124 return 0;
132#ifdef KRB5 125
126#if defined(USE_PAM)
127 return auth_pam_password(authctxt, password);
128#elif defined(HAVE_OSF_SIA)
129 return auth_sia_password(authctxt, password);
130#else
131# ifdef KRB5
133 if (options.kerberos_authentication == 1) { 132 if (options.kerberos_authentication == 1) {
134 int ret = auth_krb5_password(authctxt, password); 133 int ret = auth_krb5_password(authctxt, password);
135 if (ret == 1 || ret == 0) 134 if (ret == 1 || ret == 0)
136 return ret; 135 return ret;
137 /* Fall back to ordinary passwd authentication. */ 136 /* Fall back to ordinary passwd authentication. */
138 } 137 }
139#endif 138# endif
140#ifdef HAVE_CYGWIN 139# ifdef HAVE_CYGWIN
141 if (is_winnt) { 140 if (is_winnt) {
142 HANDLE hToken = cygwin_logon_user(pw, password); 141 HANDLE hToken = cygwin_logon_user(pw, password);
143 142
@@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password)
146 cygwin_set_impersonation_token(hToken); 145 cygwin_set_impersonation_token(hToken);
147 return 1; 146 return 1;
148 } 147 }
149#endif 148# endif
150#ifdef WITH_AIXAUTHENTICATE 149# ifdef WITH_AIXAUTHENTICATE
151 authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); 150 authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
152 151
153 if (authsuccess) 152 if (authsuccess)
@@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password)
158 aixloginmsg = NULL; 157 aixloginmsg = NULL;
159 158
160 return(authsuccess); 159 return(authsuccess);
161#endif 160# endif
162#ifdef KRB4 161# ifdef KRB4
163 if (options.kerberos_authentication == 1) { 162 if (options.kerberos_authentication == 1) {
164 int ret = auth_krb4_password(authctxt, password); 163 int ret = auth_krb4_password(authctxt, password);
165 if (ret == 1 || ret == 0) 164 if (ret == 1 || ret == 0)
166 return ret; 165 return ret;
167 /* Fall back to ordinary passwd authentication. */ 166 /* Fall back to ordinary passwd authentication. */
168 } 167 }
169#endif 168# endif
170#ifdef BSD_AUTH 169# ifdef BSD_AUTH
171 if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", 170 if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
172 (char *)password) == 0) 171 (char *)password) == 0)
173 return 0; 172 return 0;
174 else 173 else
175 return 1; 174 return 1;
176#endif 175# endif
177 pw_password = pw->pw_passwd; 176 pw_password = pw->pw_passwd;
178 177
179 /* 178 /*
180 * Various interfaces to shadow or protected password data 179 * Various interfaces to shadow or protected password data
181 */ 180 */
182#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 181# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
183 spw = getspnam(pw->pw_name); 182 spw = getspnam(pw->pw_name);
184 if (spw != NULL) 183 if (spw != NULL)
185 pw_password = spw->sp_pwdp; 184 pw_password = spw->sp_pwdp;
186#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 185# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
187 186
188#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) 187# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
189 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) 188 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
190 pw_password = spw->pwa_passwd; 189 pw_password = spw->pwa_passwd;
191#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ 190# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
192 191
193#ifdef HAVE_SECUREWARE 192# ifdef HAVE_SECUREWARE
194 if ((spw = getprpwnam(pw->pw_name)) != NULL) 193 if ((spw = getprpwnam(pw->pw_name)) != NULL)
195 pw_password = spw->ufld.fd_encrypt; 194 pw_password = spw->ufld.fd_encrypt;
196#endif /* HAVE_SECUREWARE */ 195# endif /* HAVE_SECUREWARE */
197 196
198#if defined(__hpux) && !defined(HAVE_SECUREWARE) 197# if defined(__hpux) && !defined(HAVE_SECUREWARE)
199 if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) 198 if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
200 pw_password = spw->ufld.fd_encrypt; 199 pw_password = spw->ufld.fd_encrypt;
201#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ 200# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
202 201
203 /* Check for users with no password. */ 202 /* Check for users with no password. */
204 if ((password[0] == '\0') && (pw_password[0] == '\0')) 203 if ((password[0] == '\0') && (pw_password[0] == '\0'))
@@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password)
209 else 208 else
210 salt = "xx"; 209 salt = "xx";
211 210
212#ifdef HAVE_MD5_PASSWORDS 211# ifdef HAVE_MD5_PASSWORDS
213 if (is_md5_salt(salt)) 212 if (is_md5_salt(salt))
214 encrypted_password = md5_crypt(password, salt); 213 encrypted_password = md5_crypt(password, salt);
215 else 214 else
216 encrypted_password = crypt(password, salt); 215 encrypted_password = crypt(password, salt);
217#else /* HAVE_MD5_PASSWORDS */ 216# else /* HAVE_MD5_PASSWORDS */
218# if defined(__hpux) && !defined(HAVE_SECUREWARE) 217# if defined(__hpux) && !defined(HAVE_SECUREWARE)
219 if (iscomsec()) 218 if (iscomsec())
220 encrypted_password = bigcrypt(password, salt); 219 encrypted_password = bigcrypt(password, salt);
221 else 220 else
222 encrypted_password = crypt(password, salt); 221 encrypted_password = crypt(password, salt);
223# else
224# ifdef HAVE_SECUREWARE
225 encrypted_password = bigcrypt(password, salt);
226# else 222# else
223# ifdef HAVE_SECUREWARE
224 encrypted_password = bigcrypt(password, salt);
225# else
227 encrypted_password = crypt(password, salt); 226 encrypted_password = crypt(password, salt);
228# endif /* HAVE_SECUREWARE */ 227# endif /* HAVE_SECUREWARE */
229# endif /* __hpux && !defined(HAVE_SECUREWARE) */ 228# endif /* __hpux && !defined(HAVE_SECUREWARE) */
230#endif /* HAVE_MD5_PASSWORDS */ 229# endif /* HAVE_MD5_PASSWORDS */
231 230
232 /* Authentication is accepted if the encrypted passwords are identical. */ 231 /* Authentication is accepted if the encrypted passwords are identical. */
233 return (strcmp(encrypted_password, pw_password) == 0); 232 return (strcmp(encrypted_password, pw_password) == 0);
diff --git a/auth-sia.c b/auth-sia.c
index 58b17c16f..5c9b3f5de 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -45,27 +45,25 @@ extern ServerOptions options;
45extern int saved_argc; 45extern int saved_argc;
46extern char **saved_argv; 46extern char **saved_argv;
47 47
48extern int errno;
49
50int 48int
51auth_sia_password(Authctxt *authctxt, char *pass) 49auth_sia_password(Authctxt *authctxt, char *pass)
52{ 50{
53 int ret; 51 int ret;
54 SIAENTITY *ent = NULL; 52 SIAENTITY *ent = NULL;
55 const char *host; 53 const char *host;
56 char *user = authctxt->user;
57 54
58 host = get_canonical_hostname(options.verify_reverse_mapping); 55 host = get_canonical_hostname(options.verify_reverse_mapping);
59 56
60 if (!user || !pass || pass[0] == '\0') 57 if (!authctxt->user || !pass || pass[0] == '\0')
61 return(0); 58 return(0);
62 59
63 if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, 60 if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
64 NULL) != SIASUCCESS) 61 NULL, 0, NULL) != SIASUCCESS)
65 return(0); 62 return(0);
66 63
67 if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 64 if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
68 error("Couldn't authenticate %s from %s", user, host); 65 error("Couldn't authenticate %s from %s", authctxt->user,
66 host);
69 if (ret & SIASTOP) 67 if (ret & SIASTOP)
70 sia_ses_release(&ent); 68 sia_ses_release(&ent);
71 return(0); 69 return(0);
@@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass)
77} 75}
78 76
79void 77void
80session_setup_sia(char *user, char *tty) 78session_setup_sia(struct passwd *pw, char *tty)
81{ 79{
82 struct passwd *pw;
83 SIAENTITY *ent = NULL; 80 SIAENTITY *ent = NULL;
84 const char *host; 81 const char *host;
85 82
86 host = get_canonical_hostname (options.verify_reverse_mapping); 83 host = get_canonical_hostname(options.verify_reverse_mapping);
87 84
88 if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, 85 if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
89 NULL) != SIASUCCESS) { 86 0, NULL) != SIASUCCESS)
90 fatal("sia_ses_init failed"); 87 fatal("sia_ses_init failed");
91 }
92 88
93 if ((pw = getpwnam(user)) == NULL) {
94 sia_ses_release(&ent);
95 fatal("getpwnam: no user: %s", user);
96 }
97 if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 89 if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
98 sia_ses_release(&ent); 90 sia_ses_release(&ent);
99 fatal("sia_make_entity_pwd failed"); 91 fatal("sia_make_entity_pwd failed");
100 } 92 }
101 93
102 ent->authtype = SIA_A_NONE; 94 ent->authtype = SIA_A_NONE;
103 if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { 95 if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
104 fatal("Couldn't establish session for %s from %s", user, 96 fatal("Couldn't establish session for %s from %s",
105 host); 97 pw->pw_name, host);
106 }
107
108 if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
109 sia_ses_release(&ent);
110 fatal("setpriority: %s", strerror (errno));
111 }
112 98
113 if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { 99 if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
114 fatal("Couldn't launch session for %s from %s", user, host); 100 fatal("Couldn't launch session for %s from %s", pw->pw_name,
115 } 101 host);
116 102
117 sia_ses_release(&ent); 103 sia_ses_release(&ent);
118 104
119 if (setreuid(geteuid(), geteuid()) < 0) { 105 if (setreuid(geteuid(), geteuid()) < 0)
120 fatal("setreuid: %s", strerror(errno)); 106 fatal("setreuid: %s", strerror(errno));
121 }
122} 107}
123 108
124#endif /* HAVE_OSF_SIA */ 109#endif /* HAVE_OSF_SIA */
diff --git a/auth-sia.h b/auth-sia.h
index caa584132..7aecce940 100644
--- a/auth-sia.h
+++ b/auth-sia.h
@@ -27,6 +27,6 @@
27#ifdef HAVE_OSF_SIA 27#ifdef HAVE_OSF_SIA
28 28
29int auth_sia_password(Authctxt *authctxt, char *pass); 29int auth_sia_password(Authctxt *authctxt, char *pass);
30void session_setup_sia(char *user, char *tty); 30void session_setup_sia(struct passwd *pw, char *tty);
31 31
32#endif /* HAVE_OSF_SIA */ 32#endif /* HAVE_OSF_SIA */
diff --git a/auth.c b/auth.c
index 48720da8f..1268accb1 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -79,17 +79,20 @@ allowed_user(struct passwd * pw)
79 char *loginmsg; 79 char *loginmsg;
80#endif /* WITH_AIXAUTHENTICATE */ 80#endif /* WITH_AIXAUTHENTICATE */
81#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ 81#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
82 !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 82 !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
83 struct spwd *spw; 83 struct spwd *spw;
84 time_t today;
85#endif
84 86
85 /* Shouldn't be called if pw is NULL, but better safe than sorry... */ 87 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
86 if (!pw || !pw->pw_name) 88 if (!pw || !pw->pw_name)
87 return 0; 89 return 0;
88 90
91#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
92 !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
89#define DAY (24L * 60 * 60) /* 1 day in seconds */ 93#define DAY (24L * 60 * 60) /* 1 day in seconds */
90 spw = getspnam(pw->pw_name); 94 if ((spw = getspnam(pw->pw_name)) != NULL) {
91 if (spw != NULL) { 95 today = time(NULL) / DAY;
92 time_t today = time(NULL) / DAY;
93 debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" 96 debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
94 " sp_max %d", (int)today, (int)spw->sp_expire, 97 " sp_max %d", (int)today, (int)spw->sp_expire,
95 (int)spw->sp_lstchg, (int)spw->sp_max); 98 (int)spw->sp_lstchg, (int)spw->sp_max);
@@ -116,10 +119,6 @@ allowed_user(struct passwd * pw)
116 return 0; 119 return 0;
117 } 120 }
118 } 121 }
119#else
120 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
121 if (!pw || !pw->pw_name)
122 return 0;
123#endif 122#endif
124 123
125 /* 124 /*
@@ -202,7 +201,15 @@ allowed_user(struct passwd * pw)
202 } 201 }
203 202
204#ifdef WITH_AIXAUTHENTICATE 203#ifdef WITH_AIXAUTHENTICATE
205 if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { 204 /*
205 * Don't check loginrestrictions() for root account (use
206 * PermitRootLogin to control logins via ssh), or if running as
207 * non-root user (since loginrestrictions will always fail).
208 */
209 if ((pw->pw_uid != 0) && (geteuid() == 0) &&
210 loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
211 int loginrestrict_errno = errno;
212
206 if (loginmsg && *loginmsg) { 213 if (loginmsg && *loginmsg) {
207 /* Remove embedded newlines (if any) */ 214 /* Remove embedded newlines (if any) */
208 char *p; 215 char *p;
@@ -212,9 +219,13 @@ allowed_user(struct passwd * pw)
212 } 219 }
213 /* Remove trailing newline */ 220 /* Remove trailing newline */
214 *--p = '\0'; 221 *--p = '\0';
215 log("Login restricted for %s: %.100s", pw->pw_name, loginmsg); 222 log("Login restricted for %s: %.100s", pw->pw_name,
223 loginmsg);
216 } 224 }
217 return 0; 225 /* Don't fail if /etc/nologin set */
226 if (!(loginrestrict_errno == EPERM &&
227 stat(_PATH_NOLOGIN, &st) == 0))
228 return 0;
218 } 229 }
219#endif /* WITH_AIXAUTHENTICATE */ 230#endif /* WITH_AIXAUTHENTICATE */
220 231
@@ -417,6 +428,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
417 uid_t uid = pw->pw_uid; 428 uid_t uid = pw->pw_uid;
418 char buf[MAXPATHLEN], homedir[MAXPATHLEN]; 429 char buf[MAXPATHLEN], homedir[MAXPATHLEN];
419 char *cp; 430 char *cp;
431 int comparehome = 0;
420 struct stat st; 432 struct stat st;
421 433
422 if (realpath(file, buf) == NULL) { 434 if (realpath(file, buf) == NULL) {
@@ -424,11 +436,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
424 strerror(errno)); 436 strerror(errno));
425 return -1; 437 return -1;
426 } 438 }
427 if (realpath(pw->pw_dir, homedir) == NULL) { 439 if (realpath(pw->pw_dir, homedir) != NULL)
428 snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, 440 comparehome = 1;
429 strerror(errno));
430 return -1;
431 }
432 441
433 /* check the open file to avoid races */ 442 /* check the open file to avoid races */
434 if (fstat(fileno(f), &st) < 0 || 443 if (fstat(fileno(f), &st) < 0 ||
@@ -457,7 +466,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
457 } 466 }
458 467
459 /* If are passed the homedir then we can stop */ 468 /* If are passed the homedir then we can stop */
460 if (strcmp(homedir, buf) == 0) { 469 if (comparehome && strcmp(homedir, buf) == 0) {
461 debug3("secure_filename: terminating check at '%s'", 470 debug3("secure_filename: terminating check at '%s'",
462 buf); 471 buf);
463 break; 472 break;
@@ -487,6 +496,11 @@ getpwnamallow(const char *user)
487 if (pw == NULL) { 496 if (pw == NULL) {
488 log("Illegal user %.100s from %.100s", 497 log("Illegal user %.100s from %.100s",
489 user, get_remote_ipaddr()); 498 user, get_remote_ipaddr());
499#ifdef WITH_AIXAUTHENTICATE
500 loginfailed(user,
501 get_canonical_hostname(options.verify_reverse_mapping),
502 "ssh");
503#endif
490 return (NULL); 504 return (NULL);
491 } 505 }
492 if (!allowed_user(pw)) 506 if (!allowed_user(pw))
diff --git a/auth1.c b/auth1.c
index 9527ba004..c273f2fb6 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -150,7 +150,7 @@ do_authloop(Authctxt *authctxt)
150 snprintf(info, sizeof(info), 150 snprintf(info, sizeof(info),
151 " tktuser %.100s", 151 " tktuser %.100s",
152 client_user); 152 client_user);
153 153
154 /* Send response to client */ 154 /* Send response to client */
155 packet_start( 155 packet_start(
156 SSH_SMSG_AUTH_KERBEROS_RESPONSE); 156 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
@@ -285,7 +285,6 @@ do_authloop(Authctxt *authctxt)
285 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 285 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
286 if (options.challenge_response_authentication == 1) { 286 if (options.challenge_response_authentication == 1) {
287 char *response = packet_get_string(&dlen); 287 char *response = packet_get_string(&dlen);
288 debug("got response '%s'", response);
289 packet_check_eom(); 288 packet_check_eom();
290 authenticated = verify_response(authctxt, response); 289 authenticated = verify_response(authctxt, response);
291 memset(response, 'r', dlen); 290 memset(response, 'r', dlen);
@@ -329,8 +328,7 @@ do_authloop(Authctxt *authctxt)
329 } 328 }
330#else 329#else
331 /* Special handling for root */ 330 /* Special handling for root */
332 if (!use_privsep && 331 if (authenticated && authctxt->pw->pw_uid == 0 &&
333 authenticated && authctxt->pw->pw_uid == 0 &&
334 !auth_root_allowed(get_authname(type))) 332 !auth_root_allowed(get_authname(type)))
335 authenticated = 0; 333 authenticated = 0;
336#endif 334#endif
diff --git a/auth2-pam.c b/auth2-pam.c
index a2daf96b7..ac28fb245 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,5 +1,5 @@
1#include "includes.h" 1#include "includes.h"
2RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $"); 2RCSID("$Id: auth2-pam.c,v 1.15 2003/01/08 01:37:03 djm Exp $");
3 3
4#ifdef USE_PAM 4#ifdef USE_PAM
5#include <security/pam_appl.h> 5#include <security/pam_appl.h>
@@ -154,8 +154,7 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
154 154
155 resp = packet_get_string(&rlen); 155 resp = packet_get_string(&rlen);
156 context_pam2.responses[j].resp_retcode = PAM_SUCCESS; 156 context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
157 context_pam2.responses[j].resp = xstrdup(resp); 157 context_pam2.responses[j].resp = resp;
158 xfree(resp);
159 context_pam2.num_received++; 158 context_pam2.num_received++;
160 } 159 }
161 160
diff --git a/auth2.c b/auth2.c
index 17c58552a..1b21eb2da 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -205,8 +205,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
205 authctxt->user); 205 authctxt->user);
206 206
207 /* Special handling for root */ 207 /* Special handling for root */
208 if (!use_privsep && 208 if (authenticated && authctxt->pw->pw_uid == 0 &&
209 authenticated && authctxt->pw->pw_uid == 0 &&
210 !auth_root_allowed(method)) 209 !auth_root_allowed(method))
211 authenticated = 0; 210 authenticated = 0;
212 211
diff --git a/authfd.c b/authfd.c
index f04e0858b..a186e0117 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -499,10 +499,10 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
499 499
500int 500int
501ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, 501ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
502 const char *comment, u_int life) 502 const char *comment, u_int life, u_int confirm)
503{ 503{
504 Buffer msg; 504 Buffer msg;
505 int type, constrained = (life != 0); 505 int type, constrained = (life || confirm);
506 506
507 buffer_init(&msg); 507 buffer_init(&msg);
508 508
@@ -532,6 +532,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
532 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); 532 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
533 buffer_put_int(&msg, life); 533 buffer_put_int(&msg, life);
534 } 534 }
535 if (confirm != 0)
536 buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
535 } 537 }
536 if (ssh_request_reply(auth, &msg, &msg) == 0) { 538 if (ssh_request_reply(auth, &msg, &msg) == 0) {
537 buffer_free(&msg); 539 buffer_free(&msg);
@@ -545,7 +547,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
545int 547int
546ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) 548ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
547{ 549{
548 return ssh_add_identity_constrained(auth, key, comment, 0); 550 return ssh_add_identity_constrained(auth, key, comment, 0, 0);
549} 551}
550 552
551/* 553/*
diff --git a/authfd.h b/authfd.h
index 38ee49e88..2a8751ec1 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */ 1/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -51,6 +51,7 @@
51#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 51#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
52 52
53#define SSH_AGENT_CONSTRAIN_LIFETIME 1 53#define SSH_AGENT_CONSTRAIN_LIFETIME 1
54#define SSH_AGENT_CONSTRAIN_CONFIRM 2
54 55
55/* extended failure messages */ 56/* extended failure messages */
56#define SSH2_AGENT_FAILURE 30 57#define SSH2_AGENT_FAILURE 30
@@ -76,7 +77,8 @@ int ssh_get_num_identities(AuthenticationConnection *, int);
76Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); 77Key *ssh_get_first_identity(AuthenticationConnection *, char **, int);
77Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); 78Key *ssh_get_next_identity(AuthenticationConnection *, char **, int);
78int ssh_add_identity(AuthenticationConnection *, Key *, const char *); 79int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
79int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int); 80int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
81 const char *, u_int, u_int);
80int ssh_remove_identity(AuthenticationConnection *, Key *); 82int ssh_remove_identity(AuthenticationConnection *, Key *);
81int ssh_remove_all_identities(AuthenticationConnection *, int); 83int ssh_remove_all_identities(AuthenticationConnection *, int);
82int ssh_lock_agent(AuthenticationConnection *, int, const char *); 84int ssh_lock_agent(AuthenticationConnection *, int, const char *);
diff --git a/authfile.c b/authfile.c
index 1fa5d811a..90618efde 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); 39RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
40 40
41#include <openssl/err.h> 41#include <openssl/err.h>
42#include <openssl/evp.h> 42#include <openssl/evp.h>
@@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
232{ 232{
233 Buffer buffer; 233 Buffer buffer;
234 Key *pub; 234 Key *pub;
235 struct stat st;
235 char *cp; 236 char *cp;
236 int i; 237 int i;
237 off_t len; 238 off_t len;
238 239
239 len = lseek(fd, (off_t) 0, SEEK_END); 240 if (fstat(fd, &st) < 0) {
240 lseek(fd, (off_t) 0, SEEK_SET); 241 error("fstat for key file %.200s failed: %.100s",
242 filename, strerror(errno));
243 return NULL;
244 }
245 len = st.st_size;
241 246
242 buffer_init(&buffer); 247 buffer_init(&buffer);
243 cp = buffer_append_space(&buffer, len); 248 cp = buffer_append_space(&buffer, len);
@@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
318 CipherContext ciphercontext; 323 CipherContext ciphercontext;
319 Cipher *cipher; 324 Cipher *cipher;
320 Key *prv = NULL; 325 Key *prv = NULL;
326 struct stat st;
321 327
322 len = lseek(fd, (off_t) 0, SEEK_END); 328 if (fstat(fd, &st) < 0) {
323 lseek(fd, (off_t) 0, SEEK_SET); 329 error("fstat for key file %.200s failed: %.100s",
330 filename, strerror(errno));
331 close(fd);
332 return NULL;
333 }
334 len = st.st_size;
324 335
325 buffer_init(&buffer); 336 buffer_init(&buffer);
326 cp = buffer_append_space(&buffer, len); 337 cp = buffer_append_space(&buffer, len);
@@ -410,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
410 rsa_generate_additional_parameters(prv->rsa); 421 rsa_generate_additional_parameters(prv->rsa);
411 422
412 buffer_free(&decrypted); 423 buffer_free(&decrypted);
424
425 /* enable blinding */
426 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
427 error("key_load_private_rsa1: RSA_blinding_on failed");
428 goto fail;
429 }
413 close(fd); 430 close(fd);
414 return prv; 431 return prv;
415 432
@@ -449,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
449#ifdef DEBUG_PK 466#ifdef DEBUG_PK
450 RSA_print_fp(stderr, prv->rsa, 8); 467 RSA_print_fp(stderr, prv->rsa, 8);
451#endif 468#endif
469 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
470 error("key_load_private_pem: RSA_blinding_on failed");
471 key_free(prv);
472 prv = NULL;
473 }
452 } else if (pk->type == EVP_PKEY_DSA && 474 } else if (pk->type == EVP_PKEY_DSA &&
453 (type == KEY_UNSPEC||type==KEY_DSA)) { 475 (type == KEY_UNSPEC||type==KEY_DSA)) {
454 prv = key_new(KEY_UNSPEC); 476 prv = key_new(KEY_UNSPEC);
diff --git a/autom4te-2.53.cache/output.0 b/autom4te-2.53.cache/output.0
index 97d453542..74f5afd76 100644
--- a/autom4te-2.53.cache/output.0
+++ b/autom4te-2.53.cache/output.0
@@ -827,6 +827,7 @@ Optional Features:
827 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) 827 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
828 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 828 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
829 --disable-largefile omit support for large files 829 --disable-largefile omit support for large files
830 --disable-strip Disable calling strip(1) on install
830 --disable-lastlog disable use of lastlog even if detected no 831 --disable-lastlog disable use of lastlog even if detected no
831 --disable-utmp disable use of utmp even if detected no 832 --disable-utmp disable use of utmp even if detected no
832 --disable-utmpx disable use of utmpx even if detected no 833 --disable-utmpx disable use of utmpx even if detected no
@@ -2719,6 +2720,45 @@ fi
2719 test -n "$PERL" && break 2720 test -n "$PERL" && break
2720done 2721done
2721 2722
2723# Extract the first word of "sed", so it can be a program name with args.
2724set dummy sed; ac_word=$2
2725echo "$as_me:$LINENO: checking for $ac_word" >&5
2726echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
2727if test "${ac_cv_path_SED+set}" = set; then
2728 echo $ECHO_N "(cached) $ECHO_C" >&6
2729else
2730 case $SED in
2731 [\\/]* | ?:[\\/]*)
2732 ac_cv_path_SED="$SED" # Let the user override the test with a path.
2733 ;;
2734 *)
2735 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2736for as_dir in $PATH
2737do
2738 IFS=$as_save_IFS
2739 test -z "$as_dir" && as_dir=.
2740 for ac_exec_ext in '' $ac_executable_extensions; do
2741 if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2742 ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
2743 echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
2744 break 2
2745 fi
2746done
2747done
2748
2749 ;;
2750esac
2751fi
2752SED=$ac_cv_path_SED
2753
2754if test -n "$SED"; then
2755 echo "$as_me:$LINENO: result: $SED" >&5
2756echo "${ECHO_T}$SED" >&6
2757else
2758 echo "$as_me:$LINENO: result: no" >&5
2759echo "${ECHO_T}no" >&6
2760fi
2761
2722 2762
2723# Extract the first word of "ent", so it can be a program name with args. 2763# Extract the first word of "ent", so it can be a program name with args.
2724set dummy ent; ac_word=$2 2764set dummy ent; ac_word=$2
@@ -3660,8 +3700,17 @@ _ACEOF
3660@%:@define LOGIN_NEEDS_UTMPX 1 3700@%:@define LOGIN_NEEDS_UTMPX 1
3661_ACEOF 3701_ACEOF
3662 3702
3703 cat >>confdefs.h <<\_ACEOF
3704@%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
3705_ACEOF
3706
3707 cat >>confdefs.h <<\_ACEOF
3708@%:@define SETPROCTITLE_PS_PADDING '\0'
3709_ACEOF
3710
3663 ;; 3711 ;;
3664*-*-cygwin*) 3712*-*-cygwin*)
3713 check_for_libcrypt_later=1
3665 LIBS="$LIBS /usr/lib/textmode.o" 3714 LIBS="$LIBS /usr/lib/textmode.o"
3666 cat >>confdefs.h <<\_ACEOF 3715 cat >>confdefs.h <<\_ACEOF
3667@%:@define HAVE_CYGWIN 1 3716@%:@define HAVE_CYGWIN 1
@@ -3782,7 +3831,7 @@ _ACEOF
3782_ACEOF 3831_ACEOF
3783 3832
3784 cat >>confdefs.h <<\_ACEOF 3833 cat >>confdefs.h <<\_ACEOF
3785@%:@define SPT_TYPE SPT_PSTAT 3834@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3786_ACEOF 3835_ACEOF
3787 3836
3788 LIBS="$LIBS -lsec -lsecpw" 3837 LIBS="$LIBS -lsec -lsecpw"
@@ -3884,7 +3933,7 @@ _ACEOF
3884_ACEOF 3933_ACEOF
3885 3934
3886 cat >>confdefs.h <<\_ACEOF 3935 cat >>confdefs.h <<\_ACEOF
3887@%:@define SPT_TYPE SPT_PSTAT 3936@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3888_ACEOF 3937_ACEOF
3889 3938
3890 LIBS="$LIBS -lsec" 3939 LIBS="$LIBS -lsec"
@@ -3986,7 +4035,7 @@ _ACEOF
3986_ACEOF 4035_ACEOF
3987 4036
3988 cat >>confdefs.h <<\_ACEOF 4037 cat >>confdefs.h <<\_ACEOF
3989@%:@define SPT_TYPE SPT_PSTAT 4038@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3990_ACEOF 4039_ACEOF
3991 4040
3992 LIBS="$LIBS -lsec" 4041 LIBS="$LIBS -lsec"
@@ -4180,6 +4229,14 @@ _ACEOF
4180@%:@define PAM_TTY_KLUDGE 1 4229@%:@define PAM_TTY_KLUDGE 1
4181_ACEOF 4230_ACEOF
4182 4231
4232 cat >>confdefs.h <<\_ACEOF
4233@%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
4234_ACEOF
4235
4236 cat >>confdefs.h <<\_ACEOF
4237@%:@define SETPROCTITLE_PS_PADDING '\0'
4238_ACEOF
4239
4183 inet6_default_4in6=yes 4240 inet6_default_4in6=yes
4184 ;; 4241 ;;
4185mips-sony-bsd|mips-sony-newsos4) 4242mips-sony-bsd|mips-sony-newsos4)
@@ -4240,6 +4297,10 @@ _ACEOF
4240@%:@define PAM_TTY_KLUDGE 1 4297@%:@define PAM_TTY_KLUDGE 1
4241_ACEOF 4298_ACEOF
4242 4299
4300 cat >>confdefs.h <<\_ACEOF
4301@%:@define STREAMS_PUSH_ACQUIRES_CTTY 1
4302_ACEOF
4303
4243 # hardwire lastlog location (can't detect it on some versions) 4304 # hardwire lastlog location (can't detect it on some versions)
4244 conf_lastlog_location="/var/adm/lastlog" 4305 conf_lastlog_location="/var/adm/lastlog"
4245 echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 4306 echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5
@@ -4504,6 +4565,9 @@ done
4504 do_sco3_extra_lib_check=yes 4565 do_sco3_extra_lib_check=yes
4505 ;; 4566 ;;
4506*-*-sco3.2v5*) 4567*-*-sco3.2v5*)
4568 if test -z "$GCC"; then
4569 CFLAGS="$CFLAGS -belf"
4570 fi
4507 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 4571 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
4508 LDFLAGS="$LDFLAGS -L/usr/local/lib" 4572 LDFLAGS="$LDFLAGS -L/usr/local/lib"
4509 LIBS="$LIBS -lprot -lx -ltinfo -lm" 4573 LIBS="$LIBS -lprot -lx -ltinfo -lm"
@@ -4604,8 +4668,6 @@ done
4604 MANTYPE=man 4668 MANTYPE=man
4605 ;; 4669 ;;
4606*-*-unicosmk*) 4670*-*-unicosmk*)
4607 no_libsocket=1
4608 no_libnsl=1
4609 cat >>confdefs.h <<\_ACEOF 4671 cat >>confdefs.h <<\_ACEOF
4610@%:@define USE_PIPES 1 4672@%:@define USE_PIPES 1
4611_ACEOF 4673_ACEOF
@@ -4619,8 +4681,6 @@ _ACEOF
4619 MANTYPE=cat 4681 MANTYPE=cat
4620 ;; 4682 ;;
4621*-*-unicos*) 4683*-*-unicos*)
4622 no_libsocket=1
4623 no_libnsl=1
4624 cat >>confdefs.h <<\_ACEOF 4684 cat >>confdefs.h <<\_ACEOF
4625@%:@define USE_PIPES 1 4685@%:@define USE_PIPES 1
4626_ACEOF 4686_ACEOF
@@ -4665,12 +4725,20 @@ _ACEOF
4665@%:@define DISABLE_LOGIN 1 4725@%:@define DISABLE_LOGIN 1
4666_ACEOF 4726_ACEOF
4667 4727
4728 cat >>confdefs.h <<\_ACEOF
4729@%:@define DISABLE_FD_PASSING 1
4730_ACEOF
4731
4668 LIBS="$LIBS -lsecurity -ldb -lm -laud" 4732 LIBS="$LIBS -lsecurity -ldb -lm -laud"
4669 else 4733 else
4670 echo "$as_me:$LINENO: result: no" >&5 4734 echo "$as_me:$LINENO: result: no" >&5
4671echo "${ECHO_T}no" >&6 4735echo "${ECHO_T}no" >&6
4672 fi 4736 fi
4673 fi 4737 fi
4738 cat >>confdefs.h <<\_ACEOF
4739@%:@define DISABLE_FD_PASSING 1
4740_ACEOF
4741
4674 ;; 4742 ;;
4675 4743
4676*-*-nto-qnx) 4744*-*-nto-qnx)
@@ -4984,14 +5052,17 @@ done
4984 5052
4985 5053
4986 5054
5055
5056
5057
4987for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ 5058for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
4988 getopt.h glob.h ia.h lastlog.h limits.h login.h \ 5059 getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
4989 login_cap.h maillock.h netdb.h netgroup.h \ 5060 login_cap.h maillock.h netdb.h netgroup.h \
4990 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 5061 netinet/in_systm.h paths.h pty.h readpassphrase.h \
4991 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 5062 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
4992 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 5063 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
4993 sys/mman.h sys/select.h sys/stat.h \ 5064 sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
4994 sys/stropts.h sys/sysmacros.h sys/time.h \ 5065 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
4995 sys/un.h time.h tmpdir.h ttyent.h usersec.h \ 5066 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
4996 util.h utime.h utmp.h utmpx.h 5067 util.h utime.h utmp.h utmpx.h
4997do 5068do
@@ -6740,17 +6811,262 @@ fi;
6740 6811
6741 6812
6742 6813
6743for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ 6814
6744 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 6815
6745 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ 6816
6746 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 6817
6747 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 6818
6748 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 6819for ac_func in \
6749 realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ 6820 arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
6750 setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ 6821 bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
6751 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ 6822 gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
6752 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 6823 getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
6753 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty 6824 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
6825 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
6826 readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
6827 setegid setenv seteuid setgroups setlogin setpcred setproctitle \
6828 setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
6829 snprintf socketpair strerror strlcat strlcpy strmode strnvis \
6830 sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
6831
6832do
6833as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
6834echo "$as_me:$LINENO: checking for $ac_func" >&5
6835echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
6836if eval "test \"\${$as_ac_var+set}\" = set"; then
6837 echo $ECHO_N "(cached) $ECHO_C" >&6
6838else
6839 cat >conftest.$ac_ext <<_ACEOF
6840#line $LINENO "configure"
6841#include "confdefs.h"
6842/* System header to define __stub macros and hopefully few prototypes,
6843 which can conflict with char $ac_func (); below. */
6844#include <assert.h>
6845/* Override any gcc2 internal prototype to avoid an error. */
6846#ifdef __cplusplus
6847extern "C"
6848#endif
6849/* We use char because int might match the return type of a gcc2
6850 builtin and then its argument prototype would still apply. */
6851char $ac_func ();
6852char (*f) ();
6853
6854#ifdef F77_DUMMY_MAIN
6855# ifdef __cplusplus
6856 extern "C"
6857# endif
6858 int F77_DUMMY_MAIN() { return 1; }
6859#endif
6860int
6861main ()
6862{
6863/* The GNU C library defines this for functions which it implements
6864 to always fail with ENOSYS. Some functions are actually named
6865 something starting with __ and the normal name is an alias. */
6866#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
6867choke me
6868#else
6869f = $ac_func;
6870#endif
6871
6872 ;
6873 return 0;
6874}
6875_ACEOF
6876rm -f conftest.$ac_objext conftest$ac_exeext
6877if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6878 (eval $ac_link) 2>&5
6879 ac_status=$?
6880 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6881 (exit $ac_status); } &&
6882 { ac_try='test -s conftest$ac_exeext'
6883 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6884 (eval $ac_try) 2>&5
6885 ac_status=$?
6886 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6887 (exit $ac_status); }; }; then
6888 eval "$as_ac_var=yes"
6889else
6890 echo "$as_me: failed program was:" >&5
6891cat conftest.$ac_ext >&5
6892eval "$as_ac_var=no"
6893fi
6894rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
6895fi
6896echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
6897echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
6898if test `eval echo '${'$as_ac_var'}'` = yes; then
6899 cat >>confdefs.h <<_ACEOF
6900@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
6901_ACEOF
6902
6903fi
6904done
6905
6906
6907echo "$as_me:$LINENO: checking for library containing nanosleep" >&5
6908echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6
6909if test "${ac_cv_search_nanosleep+set}" = set; then
6910 echo $ECHO_N "(cached) $ECHO_C" >&6
6911else
6912 ac_func_search_save_LIBS=$LIBS
6913ac_cv_search_nanosleep=no
6914cat >conftest.$ac_ext <<_ACEOF
6915#line $LINENO "configure"
6916#include "confdefs.h"
6917
6918/* Override any gcc2 internal prototype to avoid an error. */
6919#ifdef __cplusplus
6920extern "C"
6921#endif
6922/* We use char because int might match the return type of a gcc2
6923 builtin and then its argument prototype would still apply. */
6924char nanosleep ();
6925#ifdef F77_DUMMY_MAIN
6926# ifdef __cplusplus
6927 extern "C"
6928# endif
6929 int F77_DUMMY_MAIN() { return 1; }
6930#endif
6931int
6932main ()
6933{
6934nanosleep ();
6935 ;
6936 return 0;
6937}
6938_ACEOF
6939rm -f conftest.$ac_objext conftest$ac_exeext
6940if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6941 (eval $ac_link) 2>&5
6942 ac_status=$?
6943 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6944 (exit $ac_status); } &&
6945 { ac_try='test -s conftest$ac_exeext'
6946 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6947 (eval $ac_try) 2>&5
6948 ac_status=$?
6949 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6950 (exit $ac_status); }; }; then
6951 ac_cv_search_nanosleep="none required"
6952else
6953 echo "$as_me: failed program was:" >&5
6954cat conftest.$ac_ext >&5
6955fi
6956rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
6957if test "$ac_cv_search_nanosleep" = no; then
6958 for ac_lib in rt posix4; do
6959 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
6960 cat >conftest.$ac_ext <<_ACEOF
6961#line $LINENO "configure"
6962#include "confdefs.h"
6963
6964/* Override any gcc2 internal prototype to avoid an error. */
6965#ifdef __cplusplus
6966extern "C"
6967#endif
6968/* We use char because int might match the return type of a gcc2
6969 builtin and then its argument prototype would still apply. */
6970char nanosleep ();
6971#ifdef F77_DUMMY_MAIN
6972# ifdef __cplusplus
6973 extern "C"
6974# endif
6975 int F77_DUMMY_MAIN() { return 1; }
6976#endif
6977int
6978main ()
6979{
6980nanosleep ();
6981 ;
6982 return 0;
6983}
6984_ACEOF
6985rm -f conftest.$ac_objext conftest$ac_exeext
6986if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6987 (eval $ac_link) 2>&5
6988 ac_status=$?
6989 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6990 (exit $ac_status); } &&
6991 { ac_try='test -s conftest$ac_exeext'
6992 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6993 (eval $ac_try) 2>&5
6994 ac_status=$?
6995 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6996 (exit $ac_status); }; }; then
6997 ac_cv_search_nanosleep="-l$ac_lib"
6998break
6999else
7000 echo "$as_me: failed program was:" >&5
7001cat conftest.$ac_ext >&5
7002fi
7003rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
7004 done
7005fi
7006LIBS=$ac_func_search_save_LIBS
7007fi
7008echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5
7009echo "${ECHO_T}$ac_cv_search_nanosleep" >&6
7010if test "$ac_cv_search_nanosleep" != no; then
7011 test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS"
7012 cat >>confdefs.h <<\_ACEOF
7013@%:@define HAVE_NANOSLEEP 1
7014_ACEOF
7015
7016fi
7017
7018
7019echo "$as_me:$LINENO: checking whether strsep is declared" >&5
7020echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6
7021if test "${ac_cv_have_decl_strsep+set}" = set; then
7022 echo $ECHO_N "(cached) $ECHO_C" >&6
7023else
7024 cat >conftest.$ac_ext <<_ACEOF
7025#line $LINENO "configure"
7026#include "confdefs.h"
7027$ac_includes_default
7028#ifdef F77_DUMMY_MAIN
7029# ifdef __cplusplus
7030 extern "C"
7031# endif
7032 int F77_DUMMY_MAIN() { return 1; }
7033#endif
7034int
7035main ()
7036{
7037#ifndef strsep
7038 char *p = (char *) strsep;
7039#endif
7040
7041 ;
7042 return 0;
7043}
7044_ACEOF
7045rm -f conftest.$ac_objext
7046if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
7047 (eval $ac_compile) 2>&5
7048 ac_status=$?
7049 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7050 (exit $ac_status); } &&
7051 { ac_try='test -s conftest.$ac_objext'
7052 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7053 (eval $ac_try) 2>&5
7054 ac_status=$?
7055 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7056 (exit $ac_status); }; }; then
7057 ac_cv_have_decl_strsep=yes
7058else
7059 echo "$as_me: failed program was:" >&5
7060cat conftest.$ac_ext >&5
7061ac_cv_have_decl_strsep=no
7062fi
7063rm -f conftest.$ac_objext conftest.$ac_ext
7064fi
7065echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5
7066echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6
7067if test $ac_cv_have_decl_strsep = yes; then
7068
7069for ac_func in strsep
6754do 7070do
6755as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 7071as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
6756echo "$as_me:$LINENO: checking for $ac_func" >&5 7072echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -6825,6 +7141,8 @@ _ACEOF
6825fi 7141fi
6826done 7142done
6827 7143
7144fi
7145
6828 7146
6829 7147
6830for ac_func in dirname 7148for ac_func in dirname
@@ -7975,6 +8293,65 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
7975fi 8293fi
7976fi 8294fi
7977 8295
8296if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
8297echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5
8298echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6
8299if test "$cross_compiling" = yes; then
8300
8301 echo "$as_me:$LINENO: result: yes" >&5
8302echo "${ECHO_T}yes" >&6
8303 cat >>confdefs.h <<\_ACEOF
8304@%:@define HAVE_STRICT_MKSTEMP 1
8305_ACEOF
8306
8307
8308
8309else
8310 cat >conftest.$ac_ext <<_ACEOF
8311#line $LINENO "configure"
8312#include "confdefs.h"
8313
8314#include <stdlib.h>
8315main() { char template[]="conftest.mkstemp-test";
8316if (mkstemp(template) == -1)
8317 exit(1);
8318unlink(template); exit(0);
8319}
8320
8321_ACEOF
8322rm -f conftest$ac_exeext
8323if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8324 (eval $ac_link) 2>&5
8325 ac_status=$?
8326 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8327 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8328 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8329 (eval $ac_try) 2>&5
8330 ac_status=$?
8331 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8332 (exit $ac_status); }; }; then
8333
8334 echo "$as_me:$LINENO: result: no" >&5
8335echo "${ECHO_T}no" >&6
8336
8337else
8338 echo "$as_me: program exited with status $ac_status" >&5
8339echo "$as_me: failed program was:" >&5
8340cat conftest.$ac_ext >&5
8341( exit $ac_status )
8342
8343 echo "$as_me:$LINENO: result: yes" >&5
8344echo "${ECHO_T}yes" >&6
8345 cat >>confdefs.h <<\_ACEOF
8346@%:@define HAVE_STRICT_MKSTEMP 1
8347_ACEOF
8348
8349
8350fi
8351rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8352fi
8353fi
8354
7978echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 8355echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5
7979echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 8356echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6
7980if test "${ac_cv_func_getpgrp_void+set}" = set; then 8357if test "${ac_cv_func_getpgrp_void+set}" = set; then
@@ -13128,12 +13505,72 @@ _ACEOF
13128 have_struct_timeval=1 13505 have_struct_timeval=1
13129fi 13506fi
13130 13507
13131# If we don't have int64_t then we can't compile sftp-server. So don't 13508echo "$as_me:$LINENO: checking for struct timespec" >&5
13132# even attempt to do it. 13509echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6
13510if test "${ac_cv_type_struct_timespec+set}" = set; then
13511 echo $ECHO_N "(cached) $ECHO_C" >&6
13512else
13513 cat >conftest.$ac_ext <<_ACEOF
13514#line $LINENO "configure"
13515#include "confdefs.h"
13516$ac_includes_default
13517#ifdef F77_DUMMY_MAIN
13518# ifdef __cplusplus
13519 extern "C"
13520# endif
13521 int F77_DUMMY_MAIN() { return 1; }
13522#endif
13523int
13524main ()
13525{
13526if ((struct timespec *) 0)
13527 return 0;
13528if (sizeof (struct timespec))
13529 return 0;
13530 ;
13531 return 0;
13532}
13533_ACEOF
13534rm -f conftest.$ac_objext
13535if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
13536 (eval $ac_compile) 2>&5
13537 ac_status=$?
13538 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13539 (exit $ac_status); } &&
13540 { ac_try='test -s conftest.$ac_objext'
13541 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
13542 (eval $ac_try) 2>&5
13543 ac_status=$?
13544 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13545 (exit $ac_status); }; }; then
13546 ac_cv_type_struct_timespec=yes
13547else
13548 echo "$as_me: failed program was:" >&5
13549cat conftest.$ac_ext >&5
13550ac_cv_type_struct_timespec=no
13551fi
13552rm -f conftest.$ac_objext conftest.$ac_ext
13553fi
13554echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5
13555echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6
13556if test $ac_cv_type_struct_timespec = yes; then
13557
13558cat >>confdefs.h <<_ACEOF
13559@%:@define HAVE_STRUCT_TIMESPEC 1
13560_ACEOF
13561
13562
13563fi
13564
13565
13566# We need int64_t or else certian parts of the compile will fail.
13133if test "x$ac_cv_have_int64_t" = "xno" -a \ 13567if test "x$ac_cv_have_int64_t" = "xno" -a \
13134 "x$ac_cv_sizeof_long_int" != "x8" -a \ 13568 "x$ac_cv_sizeof_long_int" != "x8" -a \
13135 "x$ac_cv_sizeof_long_long_int" = "x0" ; then 13569 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
13136 NO_SFTP='#' 13570 echo "OpenSSH requires int64_t support. Contact your vendor or install"
13571 echo "an alternative compiler (I.E., GCC) before continuing."
13572 echo ""
13573 exit 1;
13137else 13574else
13138 if test "$cross_compiling" = yes; then 13575 if test "$cross_compiling" = yes; then
13139 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 13576 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
@@ -13196,7 +13633,6 @@ fi
13196fi 13633fi
13197 13634
13198 13635
13199
13200# look for field 'ut_host' in header 'utmp.h' 13636# look for field 'ut_host' in header 'utmp.h'
13201 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` 13637 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
13202 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host 13638 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
@@ -15730,6 +16166,19 @@ fi
15730 16166
15731fi; 16167fi;
15732 16168
16169STRIP_OPT=-s
16170# Check whether --enable-strip or --disable-strip was given.
16171if test "${enable_strip+set}" = set; then
16172 enableval="$enable_strip"
16173
16174 if test "x$enableval" = "xno" ; then
16175 STRIP_OPT=
16176 fi
16177
16178
16179fi;
16180
16181
15733if test -z "$xauth_path" ; then 16182if test -z "$xauth_path" ; then
15734 XAUTH_PATH="undefined" 16183 XAUTH_PATH="undefined"
15735 16184
@@ -16056,7 +16505,11 @@ else
16056# include <paths.h> 16505# include <paths.h>
16057#endif 16506#endif
16058#ifndef _PATH_STDPATH 16507#ifndef _PATH_STDPATH
16059# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 16508# ifdef _PATH_USERPATH /* Irix */
16509# define _PATH_STDPATH _PATH_USERPATH
16510# else
16511# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
16512# endif
16060#endif 16513#endif
16061#include <sys/types.h> 16514#include <sys/types.h>
16062#include <sys/stat.h> 16515#include <sys/stat.h>
@@ -17346,6 +17799,7 @@ s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
17346s,@INSTALL_DATA@,$INSTALL_DATA,;t t 17799s,@INSTALL_DATA@,$INSTALL_DATA,;t t
17347s,@AR@,$AR,;t t 17800s,@AR@,$AR,;t t
17348s,@PERL@,$PERL,;t t 17801s,@PERL@,$PERL,;t t
17802s,@SED@,$SED,;t t
17349s,@ENT@,$ENT,;t t 17803s,@ENT@,$ENT,;t t
17350s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t 17804s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
17351s,@SH@,$SH,;t t 17805s,@SH@,$SH,;t t
@@ -17372,10 +17826,10 @@ s,@PROG_UPTIME@,$PROG_UPTIME,;t t
17372s,@PROG_IPCS@,$PROG_IPCS,;t t 17826s,@PROG_IPCS@,$PROG_IPCS,;t t
17373s,@PROG_TAIL@,$PROG_TAIL,;t t 17827s,@PROG_TAIL@,$PROG_TAIL,;t t
17374s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t 17828s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t
17375s,@NO_SFTP@,$NO_SFTP,;t t
17376s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t 17829s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t
17377s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t 17830s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t
17378s,@xauth_path@,$xauth_path,;t t 17831s,@xauth_path@,$xauth_path,;t t
17832s,@STRIP_OPT@,$STRIP_OPT,;t t
17379s,@XAUTH_PATH@,$XAUTH_PATH,;t t 17833s,@XAUTH_PATH@,$XAUTH_PATH,;t t
17380s,@NROFF@,$NROFF,;t t 17834s,@NROFF@,$NROFF,;t t
17381s,@MANTYPE@,$MANTYPE,;t t 17835s,@MANTYPE@,$MANTYPE,;t t
@@ -17895,12 +18349,6 @@ if test "x$PAM_MSG" = "xyes" ; then
17895 echo "" 18349 echo ""
17896fi 18350fi
17897 18351
17898if test ! -z "$NO_SFTP"; then
17899 echo "sftp-server will be disabled. Your compiler does not "
17900 echo "support 64bit integers."
17901 echo ""
17902fi
17903
17904if test ! -z "$RAND_HELPER_CMDHASH" ; then 18352if test ! -z "$RAND_HELPER_CMDHASH" ; then
17905 echo "WARNING: you are using the builtin random number collection " 18353 echo "WARNING: you are using the builtin random number collection "
17906 echo "service. Please read WARNING.RNG and request that your OS " 18354 echo "service. Please read WARNING.RNG and request that your OS "
diff --git a/autom4te-2.53.cache/requests b/autom4te-2.53.cache/requests
index a1d9e872f..17e72cec4 100644
--- a/autom4te-2.53.cache/requests
+++ b/autom4te-2.53.cache/requests
@@ -7,89 +7,89 @@
7 '0', 7 '0',
8 1, 8 1,
9 [ 9 [
10 '/usr/share/autoconf-2.53' 10 '/usr/share/autoconf'
11 ], 11 ],
12 [ 12 [
13 '--reload-state=/usr/share/autoconf-2.53/autoconf/autoconf.m4f', 13 '--reload-state=/usr/share/autoconf/autoconf/autoconf.m4f',
14 'aclocal.m4', 14 'aclocal.m4',
15 'configure.ac' 15 'configure.ac'
16 ], 16 ],
17 { 17 {
18 'AC_HEADER_STAT' => 1, 18 'm4_pattern_forbid' => 1,
19 'AC_FUNC_STRFTIME' => 1, 19 'AC_TYPE_OFF_T' => 1,
20 'AC_PROG_RANLIB' => 1, 20 'AC_PROG_LIBTOOL' => 1,
21 'AC_FUNC_WAIT3' => 1, 21 'AC_FUNC_STAT' => 1,
22 'AC_FUNC_SETPGRP' => 1,
23 'AC_HEADER_TIME' => 1, 22 'AC_HEADER_TIME' => 1,
24 'AC_FUNC_SETVBUF_REVERSED' => 1, 23 'AC_FUNC_WAIT3' => 1,
25 'AC_HEADER_SYS_WAIT' => 1, 24 'AC_STRUCT_TM' => 1,
25 'AC_FUNC_LSTAT' => 1,
26 'AC_TYPE_MODE_T' => 1,
27 'AC_FUNC_STRTOD' => 1,
28 'AC_CHECK_HEADERS' => 1,
29 'AC_PROG_CXX' => 1,
30 'AC_PATH_X' => 1,
31 'AC_PROG_AWK' => 1,
32 'AC_HEADER_STDC' => 1,
33 'AC_HEADER_MAJOR' => 1,
34 'AC_FUNC_ERROR_AT_LINE' => 1,
35 'AC_PROG_GCC_TRADITIONAL' => 1,
36 'AC_LIBSOURCE' => 1,
37 'AC_STRUCT_ST_BLOCKS' => 1,
38 'AC_TYPE_SIGNAL' => 1,
26 'AC_TYPE_UID_T' => 1, 39 'AC_TYPE_UID_T' => 1,
27 'AM_CONDITIONAL' => 1, 40 'AC_PROG_MAKE_SET' => 1,
28 'AC_CHECK_LIB' => 1, 41 'm4_pattern_allow' => 1,
29 'AC_PROG_LN_S' => 1, 42 'AC_DEFINE_TRACE_LITERAL' => 1,
30 'AC_FUNC_MEMCMP' => 1, 43 'AM_PROG_LIBTOOL' => 1,
44 'AC_FUNC_STRERROR_R' => 1,
45 'AC_PROG_CC' => 1,
46 'AC_DECL_SYS_SIGLIST' => 1,
31 'AC_FUNC_FORK' => 1, 47 'AC_FUNC_FORK' => 1,
32 'AC_FUNC_GETGROUPS' => 1, 48 'AC_FUNC_VPRINTF' => 1,
33 'AC_HEADER_MAJOR' => 1, 49 'AC_FUNC_STRCOLL' => 1,
34 'AC_FUNC_STRTOD' => 1, 50 'AC_PROG_YACC' => 1,
35 'AC_HEADER_DIRENT' => 1, 51 'AC_INIT' => 1,
36 'AC_FUNC_UTIME_NULL' => 1,
37 'AC_CONFIG_FILES' => 1,
38 'AC_FUNC_ALLOCA' => 1,
39 'AC_C_CONST' => 1,
40 'include' => 1,
41 'AC_FUNC_OBSTACK' => 1,
42 'AC_FUNC_LSTAT' => 1,
43 'AC_STRUCT_TIMEZONE' => 1, 52 'AC_STRUCT_TIMEZONE' => 1,
53 'AC_FUNC_CHOWN' => 1,
54 'AC_SUBST' => 1,
55 'AC_FUNC_ALLOCA' => 1,
44 'AC_FUNC_GETPGRP' => 1, 56 'AC_FUNC_GETPGRP' => 1,
45 'AC_DEFINE_TRACE_LITERAL' => 1, 57 'AC_PROG_RANLIB' => 1,
46 'AC_CHECK_HEADERS' => 1, 58 'AC_FUNC_SETPGRP' => 1,
47 'AC_TYPE_MODE_T' => 1, 59 'AC_CONFIG_SUBDIRS' => 1,
60 'AC_FUNC_MMAP' => 1,
61 'AC_TYPE_SIZE_T' => 1,
48 'AC_CHECK_TYPES' => 1, 62 'AC_CHECK_TYPES' => 1,
49 'AC_PROG_YACC' => 1, 63 'AC_FUNC_UTIME_NULL' => 1,
64 'AC_FUNC_STRFTIME' => 1,
65 'AC_HEADER_STAT' => 1,
66 'AC_C_INLINE' => 1,
67 'AC_PROG_CPP' => 1,
68 'AC_C_CONST' => 1,
69 'AC_PROG_LEX' => 1,
50 'AC_TYPE_PID_T' => 1, 70 'AC_TYPE_PID_T' => 1,
51 'AC_FUNC_STRERROR_R' => 1, 71 'AC_CONFIG_FILES' => 1,
52 'AC_STRUCT_ST_BLOCKS' => 1, 72 'include' => 1,
53 'AC_PROG_GCC_TRADITIONAL' => 1, 73 'AC_FUNC_SETVBUF_REVERSED' => 1,
54 'AC_TYPE_SIGNAL' => 1,
55 'AM_PROG_LIBTOOL' => 1,
56 'AC_FUNC_FNMATCH' => 1, 74 'AC_FUNC_FNMATCH' => 1,
57 'AC_PROG_CPP' => 1,
58 'AC_FUNC_STAT' => 1,
59 'AC_PROG_INSTALL' => 1, 75 'AC_PROG_INSTALL' => 1,
60 'AM_GNU_GETTEXT' => 1, 76 'AM_GNU_GETTEXT' => 1,
61 'AC_CONFIG_SUBDIRS' => 1, 77 'AC_FUNC_OBSTACK' => 1,
62 'AC_FUNC_STRCOLL' => 1, 78 'AC_CHECK_LIB' => 1,
63 'AC_LIBSOURCE' => 1, 79 'AC_FUNC_MALLOC' => 1,
64 'AC_C_INLINE' => 1, 80 'AC_FUNC_GETGROUPS' => 1,
65 'AC_FUNC_CHOWN' => 1,
66 'AC_INIT' => 1,
67 'AC_PROG_LEX' => 1,
68 'AH_OUTPUT' => 1,
69 'AC_HEADER_STDC' => 1,
70 'AC_FUNC_GETLOADAVG' => 1, 81 'AC_FUNC_GETLOADAVG' => 1,
71 'AC_CHECK_FUNCS' => 1, 82 'AH_OUTPUT' => 1,
72 'AC_TYPE_SIZE_T' => 1, 83 'AC_FUNC_FSEEKO' => 1,
73 'AC_DECL_SYS_SIGLIST' => 1,
74 'AC_FUNC_MKTIME' => 1, 84 'AC_FUNC_MKTIME' => 1,
75 'AC_PROG_MAKE_SET' => 1, 85 'AM_CONDITIONAL' => 1,
76 'AC_PROG_CXX' => 1,
77 'm4_pattern_allow' => 1,
78 'm4_include' => 1,
79 'm4_pattern_forbid' => 1,
80 'AC_PROG_AWK' => 1,
81 'AC_FUNC_VPRINTF' => 1,
82 'AC_CONFIG_HEADERS' => 1, 86 'AC_CONFIG_HEADERS' => 1,
83 'AC_PATH_X' => 1, 87 'AC_HEADER_SYS_WAIT' => 1,
84 'AC_TYPE_OFF_T' => 1, 88 'AC_PROG_LN_S' => 1,
85 'AC_FUNC_MALLOC' => 1, 89 'AC_FUNC_MEMCMP' => 1,
86 'AC_FUNC_ERROR_AT_LINE' => 1, 90 'm4_include' => 1,
87 'AC_FUNC_FSEEKO' => 1, 91 'AC_HEADER_DIRENT' => 1,
88 'AC_FUNC_MMAP' => 1, 92 'AC_CHECK_FUNCS' => 1
89 'AC_STRUCT_TM' => 1,
90 'AC_SUBST' => 1,
91 'AC_PROG_LIBTOOL' => 1,
92 'AC_PROG_CC' => 1
93 } 93 }
94 ], 'Request' ) 94 ], 'Request' )
95 ); 95 );
diff --git a/autom4te-2.53.cache/traces.0 b/autom4te-2.53.cache/traces.0
index 3fcfab66c..c928d0c58 100644
--- a/autom4te-2.53.cache/traces.0
+++ b/autom4te-2.53.cache/traces.0
@@ -91,462 +91,492 @@ m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_SCRIPT])
91m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA]) 91m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA])
92m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR]) 92m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR])
93m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL]) 93m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL])
94m4trace:configure.ac:17: -1- AC_SUBST([PERL]) 94m4trace:configure.ac:17: -1- AC_SUBST([SED], [$ac_cv_path_SED])
95m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) 95m4trace:configure.ac:18: -1- AC_SUBST([PERL])
96m4trace:configure.ac:19: -1- AC_SUBST([ENT]) 96m4trace:configure.ac:19: -1- AC_SUBST([ENT], [$ac_cv_path_ENT])
97m4trace:configure.ac:20: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 97m4trace:configure.ac:20: -1- AC_SUBST([ENT])
98m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 98m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
99m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 99m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
100m4trace:configure.ac:23: -1- AC_SUBST([SH], [$ac_cv_path_SH]) 100m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
101m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) 101m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH])
102m4trace:configure.ac:26: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */ 102m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS])
103m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
103#undef _FILE_OFFSET_BITS]) 104#undef _FILE_OFFSET_BITS])
104m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) 105m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES])
105m4trace:configure.ac:26: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ 106m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */
106#undef _LARGE_FILES]) 107#undef _LARGE_FILES])
107m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) 108m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
108m4trace:configure.ac:37: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) 109m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK])
109m4trace:configure.ac:39: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) 110m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
110m4trace:configure.ac:46: -1- AC_SUBST([LD]) 111m4trace:configure.ac:47: -1- AC_SUBST([LD])
111m4trace:configure.ac:48: -1- AC_C_INLINE 112m4trace:configure.ac:49: -1- AC_C_INLINE
112m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) 113m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
113m4trace:configure.ac:48: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing 114m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing
114 if it is not supported. */ 115 if it is not supported. */
115#undef inline]) 116#undef inline])
116m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) 117m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
117m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) 118m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
118m4trace:configure.ac:78: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE) 119m4trace:configure.ac:79: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE)
119 LIBS="$LIBS -ls" 120 LIBS="$LIBS -ls"
120 ]) 121 ])
121m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) 122m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
122m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) 123m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
123m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) 124m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
124m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 125m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
125m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 126m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
126m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) 127m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
127m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 128m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING])
128m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 129m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
129m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) 130m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
130m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 131m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
131m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) 132m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
132m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT]) 133m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
133m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) 134m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
134m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) 135m4trace:configure.ac:97: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT])
135m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 136m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
136m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) 137m4trace:configure.ac:99: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
137m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 138m4trace:configure.ac:102: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
138m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 139m4trace:configure.ac:114: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
139m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 140m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
140m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 141m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
141m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 142m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
142m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 143m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
143m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 144m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
144m4trace:configure.ac:126: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 145m4trace:configure.ac:127: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
146m4trace:configure.ac:128: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
147m4trace:configure.ac:130: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
145echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} 148echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
146 { (exit 1); exit 1; }; }]) 149 { (exit 1); exit 1; }; }])
147m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ 150m4trace:configure.ac:130: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
148#undef HAVE_LIBXNET]) 151#undef HAVE_LIBXNET])
149m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) 152m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
150m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 153m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
151m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 154m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
152m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 155m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
153m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 156m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
154m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 157m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
155m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 158m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
156m4trace:configure.ac:142: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 159m4trace:configure.ac:146: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
157echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} 160echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
158 { (exit 1); exit 1; }; }]) 161 { (exit 1); exit 1; }; }])
159m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ 162m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
160#undef HAVE_LIBXNET]) 163#undef HAVE_LIBXNET])
161m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) 164m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
162m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 165m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
163m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 166m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
164m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 167m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
165m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 168m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
166m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 169m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
167m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 170m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
168m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 171m4trace:configure.ac:157: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
169m4trace:configure.ac:155: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 172m4trace:configure.ac:159: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
170echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} 173echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
171 { (exit 1); exit 1; }; }]) 174 { (exit 1); exit 1; }; }])
172m4trace:configure.ac:155: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ 175m4trace:configure.ac:159: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
173#undef HAVE_LIBXNET]) 176#undef HAVE_LIBXNET])
174m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) 177m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
175m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) 178m4trace:configure.ac:165: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
176m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) 179m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
177m4trace:configure.ac:168: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) 180m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
178m4trace:configure.ac:169: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) 181m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
179m4trace:configure.ac:170: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) 182m4trace:configure.ac:174: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
180m4trace:configure.ac:171: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) 183m4trace:configure.ac:175: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
181m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) 184m4trace:configure.ac:176: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
182m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) 185m4trace:configure.ac:177: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
183m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) 186m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
184m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) 187m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
185m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) 188m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
186m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) 189m4trace:configure.ac:185: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING])
187m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) 190m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
188m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 191m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
189m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) 192m4trace:configure.ac:205: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
190m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 193m4trace:configure.ac:206: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
191m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 194m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
192m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) 195m4trace:configure.ac:215: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
193m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) 196m4trace:configure.ac:216: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
194m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 197m4trace:configure.ac:217: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
195m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 198m4trace:configure.ac:218: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
196m4trace:configure.ac:227: -1- AC_CHECK_FUNCS([getpwanam]) 199m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([STREAMS_PUSH_ACQUIRES_CTTY])
197m4trace:configure.ac:227: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ 200m4trace:configure.ac:226: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
201m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
202m4trace:configure.ac:234: -1- AC_CHECK_FUNCS([getpwanam])
203m4trace:configure.ac:234: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
198#undef HAVE_GETPWANAM]) 204#undef HAVE_GETPWANAM])
199m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 205m4trace:configure.ac:235: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
200m4trace:configure.ac:232: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 206m4trace:configure.ac:239: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
201m4trace:configure.ac:238: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
202m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 207m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
203m4trace:configure.ac:246: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 208m4trace:configure.ac:252: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
204m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 209m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
205m4trace:configure.ac:259: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 210m4trace:configure.ac:261: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
206m4trace:configure.ac:271: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H]) 211m4trace:configure.ac:266: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
207m4trace:configure.ac:272: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 212m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
208m4trace:configure.ac:273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 213m4trace:configure.ac:279: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
209m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 214m4trace:configure.ac:280: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
210m4trace:configure.ac:275: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) 215m4trace:configure.ac:281: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
211m4trace:configure.ac:276: -1- AC_CHECK_FUNCS([getluid setluid]) 216m4trace:configure.ac:282: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
212m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ 217m4trace:configure.ac:283: -1- AC_CHECK_FUNCS([getluid setluid])
218m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
213#undef HAVE_GETLUID]) 219#undef HAVE_GETLUID])
214m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ 220m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
215#undef HAVE_SETLUID]) 221#undef HAVE_SETLUID])
216m4trace:configure.ac:285: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 222m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
217m4trace:configure.ac:286: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 223m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
218m4trace:configure.ac:287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 224m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
219m4trace:configure.ac:288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) 225m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
220m4trace:configure.ac:289: -1- AC_CHECK_FUNCS([getluid setluid]) 226m4trace:configure.ac:299: -1- AC_CHECK_FUNCS([getluid setluid])
221m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ 227m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
222#undef HAVE_GETLUID]) 228#undef HAVE_GETLUID])
223m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ 229m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
224#undef HAVE_SETLUID]) 230#undef HAVE_SETLUID])
225m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 231m4trace:configure.ac:303: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
226m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) 232m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
227m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 233m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
228m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) 234m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
229m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG]) 235m4trace:configure.ac:312: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG])
230m4trace:configure.ac:326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) 236m4trace:configure.ac:332: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
231m4trace:configure.ac:327: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) 237m4trace:configure.ac:333: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
232m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 238m4trace:configure.ac:334: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
233m4trace:configure.ac:337: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) 239m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
234m4trace:configure.ac:338: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) 240m4trace:configure.ac:344: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
235m4trace:configure.ac:339: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) 241m4trace:configure.ac:345: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
236m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) 242m4trace:configure.ac:346: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
237m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ 243m4trace:configure.ac:347: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
238 getopt.h glob.h ia.h lastlog.h limits.h login.h \ 244m4trace:configure.ac:348: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
245m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
246 getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
239 login_cap.h maillock.h netdb.h netgroup.h \ 247 login_cap.h maillock.h netdb.h netgroup.h \
240 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 248 netinet/in_systm.h paths.h pty.h readpassphrase.h \
241 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 249 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
242 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 250 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
243 sys/mman.h sys/select.h sys/stat.h \ 251 sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
244 sys/stropts.h sys/sysmacros.h sys/time.h \ 252 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
245 sys/un.h time.h tmpdir.h ttyent.h usersec.h \ 253 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
246 util.h utime.h utmp.h utmpx.h]) 254 util.h utime.h utmp.h utmpx.h])
247m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ 255m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
248#undef HAVE_BSTRING_H]) 256#undef HAVE_BSTRING_H])
249m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ 257m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
250#undef HAVE_CRYPT_H]) 258#undef HAVE_CRYPT_H])
251m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ 259m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
252#undef HAVE_ENDIAN_H]) 260#undef HAVE_ENDIAN_H])
253m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ 261m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
254#undef HAVE_FLOATINGPOINT_H]) 262#undef HAVE_FLOATINGPOINT_H])
255m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ 263m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
256#undef HAVE_GETOPT_H]) 264#undef HAVE_GETOPT_H])
257m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ 265m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
258#undef HAVE_GLOB_H]) 266#undef HAVE_GLOB_H])
259m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */ 267m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */
260#undef HAVE_IA_H]) 268#undef HAVE_IA_H])
261m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ 269m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
262#undef HAVE_LASTLOG_H]) 270#undef HAVE_LASTLOG_H])
263m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ 271m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
272#undef HAVE_LIBGEN_H])
273m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
264#undef HAVE_LIMITS_H]) 274#undef HAVE_LIMITS_H])
265m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ 275m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
266#undef HAVE_LOGIN_H]) 276#undef HAVE_LOGIN_H])
267m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ 277m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
268#undef HAVE_LOGIN_CAP_H]) 278#undef HAVE_LOGIN_CAP_H])
269m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ 279m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
270#undef HAVE_MAILLOCK_H]) 280#undef HAVE_MAILLOCK_H])
271m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ 281m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
272#undef HAVE_NETDB_H]) 282#undef HAVE_NETDB_H])
273m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ 283m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
274#undef HAVE_NETGROUP_H]) 284#undef HAVE_NETGROUP_H])
275m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ 285m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
276#undef HAVE_NETINET_IN_SYSTM_H]) 286#undef HAVE_NETINET_IN_SYSTM_H])
277m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ 287m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
278#undef HAVE_PATHS_H]) 288#undef HAVE_PATHS_H])
279m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ 289m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
280#undef HAVE_PTY_H]) 290#undef HAVE_PTY_H])
281m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ 291m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
282#undef HAVE_READPASSPHRASE_H]) 292#undef HAVE_READPASSPHRASE_H])
283m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ 293m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
284#undef HAVE_RPC_TYPES_H]) 294#undef HAVE_RPC_TYPES_H])
285m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ 295m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
286#undef HAVE_SECURITY_PAM_APPL_H]) 296#undef HAVE_SECURITY_PAM_APPL_H])
287m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ 297m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
288#undef HAVE_SHADOW_H]) 298#undef HAVE_SHADOW_H])
289m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ 299m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
290#undef HAVE_STDDEF_H]) 300#undef HAVE_STDDEF_H])
291m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ 301m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
292#undef HAVE_STDINT_H]) 302#undef HAVE_STDINT_H])
293m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ 303m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
294#undef HAVE_STRINGS_H]) 304#undef HAVE_STRINGS_H])
295m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ 305m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
296#undef HAVE_SYS_BITYPES_H]) 306#undef HAVE_SYS_BITYPES_H])
297m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ 307m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
298#undef HAVE_SYS_BSDTTY_H]) 308#undef HAVE_SYS_BSDTTY_H])
299m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ 309m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
300#undef HAVE_SYS_CDEFS_H]) 310#undef HAVE_SYS_CDEFS_H])
301m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ 311m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
302#undef HAVE_SYS_MMAN_H]) 312#undef HAVE_SYS_MMAN_H])
303m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ 313m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_PSTAT_H], [/* Define to 1 if you have the <sys/pstat.h> header file. */
314#undef HAVE_SYS_PSTAT_H])
315m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
304#undef HAVE_SYS_SELECT_H]) 316#undef HAVE_SYS_SELECT_H])
305m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ 317m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
306#undef HAVE_SYS_STAT_H]) 318#undef HAVE_SYS_STAT_H])
307m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ 319m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
308#undef HAVE_SYS_STROPTS_H]) 320#undef HAVE_SYS_STROPTS_H])
309m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ 321m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
310#undef HAVE_SYS_SYSMACROS_H]) 322#undef HAVE_SYS_SYSMACROS_H])
311m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ 323m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
312#undef HAVE_SYS_TIME_H]) 324#undef HAVE_SYS_TIME_H])
313m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ 325m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIMERS_H], [/* Define to 1 if you have the <sys/timers.h> header file. */
326#undef HAVE_SYS_TIMERS_H])
327m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
314#undef HAVE_SYS_UN_H]) 328#undef HAVE_SYS_UN_H])
315m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ 329m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
316#undef HAVE_TIME_H]) 330#undef HAVE_TIME_H])
317m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */ 331m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */
318#undef HAVE_TMPDIR_H]) 332#undef HAVE_TMPDIR_H])
319m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ 333m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
320#undef HAVE_TTYENT_H]) 334#undef HAVE_TTYENT_H])
321m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ 335m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
322#undef HAVE_USERSEC_H]) 336#undef HAVE_USERSEC_H])
323m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ 337m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
324#undef HAVE_UTIL_H]) 338#undef HAVE_UTIL_H])
325m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ 339m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
326#undef HAVE_UTIME_H]) 340#undef HAVE_UTIME_H])
327m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ 341m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
328#undef HAVE_UTMP_H]) 342#undef HAVE_UTMP_H])
329m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ 343m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
330#undef HAVE_UTMPX_H]) 344#undef HAVE_UTMPX_H])
331m4trace:configure.ac:388: -1- AC_HEADER_STDC 345m4trace:configure.ac:396: -1- AC_HEADER_STDC
332m4trace:configure.ac:388: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) 346m4trace:configure.ac:396: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
333m4trace:configure.ac:388: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ 347m4trace:configure.ac:396: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
334#undef STDC_HEADERS]) 348#undef STDC_HEADERS])
335m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ 349m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
336 inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) 350 inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default])
337m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ 351m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
338#undef HAVE_SYS_TYPES_H]) 352#undef HAVE_SYS_TYPES_H])
339m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ 353m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
340#undef HAVE_SYS_STAT_H]) 354#undef HAVE_SYS_STAT_H])
341m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ 355m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
342#undef HAVE_STDLIB_H]) 356#undef HAVE_STDLIB_H])
343m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ 357m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
344#undef HAVE_STRING_H]) 358#undef HAVE_STRING_H])
345m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ 359m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
346#undef HAVE_MEMORY_H]) 360#undef HAVE_MEMORY_H])
347m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ 361m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
348#undef HAVE_STRINGS_H]) 362#undef HAVE_STRINGS_H])
349m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ 363m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
350#undef HAVE_INTTYPES_H]) 364#undef HAVE_INTTYPES_H])
351m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ 365m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
352#undef HAVE_STDINT_H]) 366#undef HAVE_STDINT_H])
353m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ 367m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
354#undef HAVE_UNISTD_H]) 368#undef HAVE_UNISTD_H])
355m4trace:configure.ac:391: -2- AC_CHECK_LIB([nsl], [yp_match]) 369m4trace:configure.ac:399: -2- AC_CHECK_LIB([nsl], [yp_match])
356m4trace:configure.ac:391: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ 370m4trace:configure.ac:399: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
357#undef HAVE_LIBNSL]) 371#undef HAVE_LIBNSL])
358m4trace:configure.ac:391: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) 372m4trace:configure.ac:399: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
359m4trace:configure.ac:392: -2- AC_CHECK_LIB([socket], [setsockopt]) 373m4trace:configure.ac:400: -2- AC_CHECK_LIB([socket], [setsockopt])
360m4trace:configure.ac:392: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ 374m4trace:configure.ac:400: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
361#undef HAVE_LIBSOCKET]) 375#undef HAVE_LIBSOCKET])
362m4trace:configure.ac:392: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) 376m4trace:configure.ac:400: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
363m4trace:configure.ac:397: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) 377m4trace:configure.ac:405: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
364m4trace:configure.ac:402: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) 378m4trace:configure.ac:410: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
365m4trace:configure.ac:444: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 379m4trace:configure.ac:452: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
366echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} 380echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
367 { (exit 1); exit 1; }; }]) 381 { (exit 1); exit 1; }; }])
368m4trace:configure.ac:444: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ 382m4trace:configure.ac:452: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
369#undef HAVE_LIBZ]) 383#undef HAVE_LIBZ])
370m4trace:configure.ac:444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) 384m4trace:configure.ac:452: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
371m4trace:configure.ac:449: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) 385m4trace:configure.ac:457: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
372m4trace:configure.ac:453: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES) 386m4trace:configure.ac:461: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES)
373 LIBS="$LIBS -lc89"]) 387 LIBS="$LIBS -lc89"])
374m4trace:configure.ac:453: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES]) 388m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES])
375m4trace:configure.ac:456: -1- AC_CHECK_HEADERS([libutil.h]) 389m4trace:configure.ac:464: -1- AC_CHECK_HEADERS([libutil.h])
376m4trace:configure.ac:456: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ 390m4trace:configure.ac:464: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
377#undef HAVE_LIBUTIL_H]) 391#undef HAVE_LIBUTIL_H])
378m4trace:configure.ac:457: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) 392m4trace:configure.ac:465: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
379m4trace:configure.ac:458: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) 393m4trace:configure.ac:466: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
380m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ 394m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
381#undef HAVE_LOGOUT]) 395#undef HAVE_LOGOUT])
382m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ 396m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
383#undef HAVE_UPDWTMP]) 397#undef HAVE_UPDWTMP])
384m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ 398m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
385#undef HAVE_LOGWTMP]) 399#undef HAVE_LOGWTMP])
386m4trace:configure.ac:460: -1- AC_FUNC_STRFTIME 400m4trace:configure.ac:468: -1- AC_FUNC_STRFTIME
387m4trace:configure.ac:460: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. 401m4trace:configure.ac:468: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
388AC_CHECK_LIB(intl, strftime, 402AC_CHECK_LIB(intl, strftime,
389 [AC_DEFINE(HAVE_STRFTIME) 403 [AC_DEFINE(HAVE_STRFTIME)
390LIBS="-lintl $LIBS"])]) 404LIBS="-lintl $LIBS"])])
391m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ 405m4trace:configure.ac:468: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
392#undef HAVE_STRFTIME]) 406#undef HAVE_STRFTIME])
393m4trace:configure.ac:460: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) 407m4trace:configure.ac:468: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
394LIBS="-lintl $LIBS"]) 408LIBS="-lintl $LIBS"])
395m4trace:configure.ac:460: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) 409m4trace:configure.ac:468: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
396m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) 410m4trace:configure.ac:486: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
397m4trace:configure.ac:494: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) 411m4trace:configure.ac:502: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
398m4trace:configure.ac:508: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 412m4trace:configure.ac:516: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
399m4trace:configure.ac:541: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) 413m4trace:configure.ac:549: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
400m4trace:configure.ac:595: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) 414m4trace:configure.ac:603: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
401m4trace:configure.ac:595: -1- AC_SUBST([LIBWRAP]) 415m4trace:configure.ac:603: -1- AC_SUBST([LIBWRAP])
402m4trace:configure.ac:608: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \ 416m4trace:configure.ac:618: -1- AC_CHECK_FUNCS([\
403 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 417 arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
404 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ 418 bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
405 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 419 gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
406 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 420 getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
407 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 421 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
408 realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ 422 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
409 setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ 423 readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
410 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ 424 setegid setenv seteuid setgroups setlogin setpcred setproctitle \
411 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 425 setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
412 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty]) 426 snprintf socketpair strerror strlcat strlcpy strmode strnvis \
413m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ 427 sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
428])
429m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
414#undef HAVE_ARC4RANDOM]) 430#undef HAVE_ARC4RANDOM])
415m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ 431m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
432#undef HAVE___B64_NTOP])
433m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
416#undef HAVE_B64_NTOP]) 434#undef HAVE_B64_NTOP])
417m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ 435m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_PTON], [/* Define to 1 if you have the \`__b64_pton' function. */
436#undef HAVE___B64_PTON])
437m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_PTON], [/* Define to 1 if you have the \`b64_pton' function. */
438#undef HAVE_B64_PTON])
439m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BASENAME], [/* Define to 1 if you have the \`basename' function. */
440#undef HAVE_BASENAME])
441m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
418#undef HAVE_BCOPY]) 442#undef HAVE_BCOPY])
419m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ 443m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
420#undef HAVE_BINDRESVPORT_SA]) 444#undef HAVE_BINDRESVPORT_SA])
421m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ 445m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
422#undef HAVE_CLOCK]) 446#undef HAVE_CLOCK])
423m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ 447m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
424#undef HAVE_FCHMOD]) 448#undef HAVE_FCHMOD])
425m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ 449m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
426#undef HAVE_FCHOWN]) 450#undef HAVE_FCHOWN])
427m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ 451m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
428#undef HAVE_FREEADDRINFO]) 452#undef HAVE_FREEADDRINFO])
429m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ 453m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
430#undef HAVE_FUTIMES]) 454#undef HAVE_FUTIMES])
431m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ 455m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
432#undef HAVE_GAI_STRERROR]) 456#undef HAVE_GAI_STRERROR])
433m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ 457m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
434#undef HAVE_GETADDRINFO]) 458#undef HAVE_GETADDRINFO])
435m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ 459m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
436#undef HAVE_GETCWD]) 460#undef HAVE_GETCWD])
437m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ 461m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
438#undef HAVE_GETGROUPLIST]) 462#undef HAVE_GETGROUPLIST])
439m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ 463m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
440#undef HAVE_GETNAMEINFO]) 464#undef HAVE_GETNAMEINFO])
441m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ 465m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
442#undef HAVE_GETOPT]) 466#undef HAVE_GETOPT])
443m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */ 467m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */
444#undef HAVE_GETPEEREID]) 468#undef HAVE_GETPEEREID])
445m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ 469m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
470#undef HAVE__GETPTY])
471m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
446#undef HAVE_GETRLIMIT]) 472#undef HAVE_GETRLIMIT])
447m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ 473m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
448#undef HAVE_GETRUSAGE]) 474#undef HAVE_GETRUSAGE])
449m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ 475m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
450#undef HAVE_GETTTYENT]) 476#undef HAVE_GETTTYENT])
451m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ 477m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
452#undef HAVE_GLOB]) 478#undef HAVE_GLOB])
453m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ 479m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
454#undef HAVE_INET_ATON]) 480#undef HAVE_INET_ATON])
455m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ 481m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
456#undef HAVE_INET_NTOA]) 482#undef HAVE_INET_NTOA])
457m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ 483m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
458#undef HAVE_INET_NTOP]) 484#undef HAVE_INET_NTOP])
459m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ 485m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
460#undef HAVE_INNETGR]) 486#undef HAVE_INNETGR])
461m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ 487m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
462#undef HAVE_LOGIN_GETCAPBOOL]) 488#undef HAVE_LOGIN_GETCAPBOOL])
463m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ 489m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
464#undef HAVE_MD5_CRYPT]) 490#undef HAVE_MD5_CRYPT])
465m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ 491m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
466#undef HAVE_MEMMOVE]) 492#undef HAVE_MEMMOVE])
467m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ 493m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
468#undef HAVE_MKDTEMP]) 494#undef HAVE_MKDTEMP])
469m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ 495m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
470#undef HAVE_MMAP]) 496#undef HAVE_MMAP])
471m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ 497m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
472#undef HAVE_NGETADDRINFO]) 498#undef HAVE_NGETADDRINFO])
473m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ 499m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NSLEEP], [/* Define to 1 if you have the \`nsleep' function. */
474#undef HAVE_OPENPTY]) 500#undef HAVE_NSLEEP])
475m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ 501m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
476#undef HAVE_OGETADDRINFO]) 502#undef HAVE_OGETADDRINFO])
477m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ 503m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
504#undef HAVE_OPENPTY])
505m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_PSTAT], [/* Define to 1 if you have the \`pstat' function. */
506#undef HAVE_PSTAT])
507m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
478#undef HAVE_READPASSPHRASE]) 508#undef HAVE_READPASSPHRASE])
479m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ 509m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
480#undef HAVE_REALPATH]) 510#undef HAVE_REALPATH])
481m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ 511m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
482#undef HAVE_RECVMSG]) 512#undef HAVE_RECVMSG])
483m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ 513m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
484#undef HAVE_RRESVPORT_AF]) 514#undef HAVE_RRESVPORT_AF])
485m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ 515m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
486#undef HAVE_SENDMSG]) 516#undef HAVE_SENDMSG])
487m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ 517m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
488#undef HAVE_SETDTABLESIZE]) 518#undef HAVE_SETDTABLESIZE])
489m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ 519m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
490#undef HAVE_SETEGID]) 520#undef HAVE_SETEGID])
491m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ 521m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
492#undef HAVE_SETENV]) 522#undef HAVE_SETENV])
493m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ 523m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
494#undef HAVE_SETEUID]) 524#undef HAVE_SETEUID])
495m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ 525m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
496#undef HAVE_SETGROUPS]) 526#undef HAVE_SETGROUPS])
497m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ 527m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
498#undef HAVE_SETLOGIN]) 528#undef HAVE_SETLOGIN])
499m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ 529m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
530#undef HAVE_SETPCRED])
531m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
500#undef HAVE_SETPROCTITLE]) 532#undef HAVE_SETPROCTITLE])
501m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ 533m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
502#undef HAVE_SETRESGID]) 534#undef HAVE_SETRESGID])
503m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ 535m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
504#undef HAVE_SETREUID]) 536#undef HAVE_SETREUID])
505m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ 537m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
506#undef HAVE_SETRLIMIT]) 538#undef HAVE_SETRLIMIT])
507m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ 539m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
508#undef HAVE_SETSID]) 540#undef HAVE_SETSID])
509m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ 541m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
510#undef HAVE_SETPCRED])
511m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
512#undef HAVE_SETVBUF]) 542#undef HAVE_SETVBUF])
513m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ 543m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
514#undef HAVE_SIGACTION]) 544#undef HAVE_SIGACTION])
515m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ 545m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
516#undef HAVE_SIGVEC]) 546#undef HAVE_SIGVEC])
517m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ 547m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
518#undef HAVE_SNPRINTF]) 548#undef HAVE_SNPRINTF])
519m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ 549m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
520#undef HAVE_SOCKETPAIR]) 550#undef HAVE_SOCKETPAIR])
521m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ 551m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
522#undef HAVE_STRERROR]) 552#undef HAVE_STRERROR])
523m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ 553m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
524#undef HAVE_STRLCAT]) 554#undef HAVE_STRLCAT])
525m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ 555m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
526#undef HAVE_STRLCPY]) 556#undef HAVE_STRLCPY])
527m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ 557m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
528#undef HAVE_STRMODE]) 558#undef HAVE_STRMODE])
529m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ 559m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRNVIS], [/* Define to 1 if you have the \`strnvis' function. */
530#undef HAVE_STRSEP]) 560#undef HAVE_STRNVIS])
531m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ 561m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
532#undef HAVE_SYSCONF]) 562#undef HAVE_SYSCONF])
533m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ 563m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
534#undef HAVE_TCGETPGRP]) 564#undef HAVE_TCGETPGRP])
535m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ 565m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
536#undef HAVE_TRUNCATE]) 566#undef HAVE_TRUNCATE])
537m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ 567m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
538#undef HAVE_UTIMES]) 568#undef HAVE_UTIMES])
539m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ 569m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
540#undef HAVE_VHANGUP]) 570#undef HAVE_VHANGUP])
541m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ 571m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
542#undef HAVE_VSNPRINTF]) 572#undef HAVE_VSNPRINTF])
543m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ 573m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
544#undef HAVE_WAITPID]) 574#undef HAVE_WAITPID])
545m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ 575m4trace:configure.ac:620: -2- AC_DEFINE_TRACE_LITERAL([HAVE_NANOSLEEP])
546#undef HAVE___B64_NTOP]) 576m4trace:configure.ac:623: -1- AC_CHECK_FUNCS([strsep])
547m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ 577m4trace:configure.ac:623: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
548#undef HAVE__GETPTY]) 578#undef HAVE_STRSEP])
549m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [ 579m4trace:configure.ac:660: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
550 AC_CHECK_LIB(gen, dirname,[ 580 AC_CHECK_LIB(gen, dirname,[
551 AC_CACHE_CHECK([for broken dirname], 581 AC_CACHE_CHECK([for broken dirname],
552 ac_cv_have_broken_dirname, [ 582 ac_cv_have_broken_dirname, [
@@ -581,12 +611,12 @@ int main(int argc, char **argv) {
581 fi 611 fi
582 ]) 612 ])
583]) 613])
584m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ 614m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
585#undef HAVE_DIRNAME]) 615#undef HAVE_DIRNAME])
586m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) 616m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h])
587m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ 617m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
588#undef HAVE_LIBGEN_H]) 618#undef HAVE_LIBGEN_H])
589m4trace:configure.ac:645: -1- AC_CHECK_LIB([gen], [dirname], [ 619m4trace:configure.ac:660: -1- AC_CHECK_LIB([gen], [dirname], [
590 AC_CACHE_CHECK([for broken dirname], 620 AC_CACHE_CHECK([for broken dirname],
591 ac_cv_have_broken_dirname, [ 621 ac_cv_have_broken_dirname, [
592 save_LIBS="$LIBS" 622 save_LIBS="$LIBS"
@@ -619,287 +649,293 @@ int main(int argc, char **argv) {
619 AC_CHECK_HEADERS(libgen.h) 649 AC_CHECK_HEADERS(libgen.h)
620 fi 650 fi
621 ]) 651 ])
622m4trace:configure.ac:645: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) 652m4trace:configure.ac:660: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
623m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) 653m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h])
624m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ 654m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
625#undef HAVE_LIBGEN_H]) 655#undef HAVE_LIBGEN_H])
626m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([gettimeofday time]) 656m4trace:configure.ac:663: -1- AC_CHECK_FUNCS([gettimeofday time])
627m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ 657m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
628#undef HAVE_GETTIMEOFDAY]) 658#undef HAVE_GETTIMEOFDAY])
629m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ 659m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
630#undef HAVE_TIME]) 660#undef HAVE_TIME])
631m4trace:configure.ac:650: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 661m4trace:configure.ac:665: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
632m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ 662m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
633#undef HAVE_ENDUTENT]) 663#undef HAVE_ENDUTENT])
634m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ 664m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
635#undef HAVE_GETUTENT]) 665#undef HAVE_GETUTENT])
636m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ 666m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
637#undef HAVE_GETUTID]) 667#undef HAVE_GETUTID])
638m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ 668m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
639#undef HAVE_GETUTLINE]) 669#undef HAVE_GETUTLINE])
640m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ 670m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
641#undef HAVE_PUTUTLINE]) 671#undef HAVE_PUTUTLINE])
642m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ 672m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
643#undef HAVE_SETUTENT]) 673#undef HAVE_SETUTENT])
644m4trace:configure.ac:651: -1- AC_CHECK_FUNCS([utmpname]) 674m4trace:configure.ac:666: -1- AC_CHECK_FUNCS([utmpname])
645m4trace:configure.ac:651: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ 675m4trace:configure.ac:666: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
646#undef HAVE_UTMPNAME]) 676#undef HAVE_UTMPNAME])
647m4trace:configure.ac:653: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) 677m4trace:configure.ac:668: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
648m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ 678m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
649#undef HAVE_ENDUTXENT]) 679#undef HAVE_ENDUTXENT])
650m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ 680m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
651#undef HAVE_GETUTXENT]) 681#undef HAVE_GETUTXENT])
652m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ 682m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
653#undef HAVE_GETUTXID]) 683#undef HAVE_GETUTXID])
654m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ 684m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
655#undef HAVE_GETUTXLINE]) 685#undef HAVE_GETUTXLINE])
656m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ 686m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
657#undef HAVE_PUTUTXLINE]) 687#undef HAVE_PUTUTXLINE])
658m4trace:configure.ac:654: -1- AC_CHECK_FUNCS([setutxent utmpxname]) 688m4trace:configure.ac:669: -1- AC_CHECK_FUNCS([setutxent utmpxname])
659m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ 689m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
660#undef HAVE_SETUTXENT]) 690#undef HAVE_SETUTXENT])
661m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ 691m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
662#undef HAVE_UTMPXNAME]) 692#undef HAVE_UTMPXNAME])
663m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) 693m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
664m4trace:configure.ac:659: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) 694m4trace:configure.ac:674: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
665m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) 695m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
666m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) 696m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
667m4trace:configure.ac:664: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) 697m4trace:configure.ac:679: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
668m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) 698m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
669m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) 699m4trace:configure.ac:695: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
670m4trace:configure.ac:683: -1- AC_FUNC_GETPGRP 700m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP])
671m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) 701m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP])
672m4trace:configure.ac:683: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ 702m4trace:configure.ac:724: -1- AC_FUNC_GETPGRP
703m4trace:configure.ac:724: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
704m4trace:configure.ac:724: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
673#undef GETPGRP_VOID]) 705#undef GETPGRP_VOID])
674m4trace:configure.ac:711: -1- AC_CHECK_LIB([dl], [dlopen], [], []) 706m4trace:configure.ac:752: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
675m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ 707m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
676#undef HAVE_LIBDL]) 708#undef HAVE_LIBDL])
677m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) 709m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
678m4trace:configure.ac:711: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 710m4trace:configure.ac:752: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
679echo "$as_me: error: *** libpam missing" >&2;} 711echo "$as_me: error: *** libpam missing" >&2;}
680 { (exit 1); exit 1; }; }]) 712 { (exit 1); exit 1; }; }])
681m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ 713m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
682#undef HAVE_LIBPAM]) 714#undef HAVE_LIBPAM])
683m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) 715m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
684m4trace:configure.ac:711: -1- AC_CHECK_FUNCS([pam_getenvlist]) 716m4trace:configure.ac:752: -1- AC_CHECK_FUNCS([pam_getenvlist])
685m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ 717m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
686#undef HAVE_PAM_GETENVLIST]) 718#undef HAVE_PAM_GETENVLIST])
687m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) 719m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
688m4trace:configure.ac:711: -1- AC_SUBST([LIBPAM]) 720m4trace:configure.ac:752: -1- AC_SUBST([LIBPAM])
689m4trace:configure.ac:729: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) 721m4trace:configure.ac:770: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
690m4trace:configure.ac:735: -1- AC_CHECK_LIB([crypt], [crypt]) 722m4trace:configure.ac:776: -1- AC_CHECK_LIB([crypt], [crypt])
691m4trace:configure.ac:735: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */ 723m4trace:configure.ac:776: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */
692#undef HAVE_LIBCRYPT]) 724#undef HAVE_LIBCRYPT])
693m4trace:configure.ac:735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT]) 725m4trace:configure.ac:776: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT])
694m4trace:configure.ac:767: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) 726m4trace:configure.ac:808: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
695m4trace:configure.ac:782: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) 727m4trace:configure.ac:823: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
696m4trace:configure.ac:869: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 728m4trace:configure.ac:910: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
697m4trace:configure.ac:917: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) 729m4trace:configure.ac:958: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
698m4trace:configure.ac:925: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) 730m4trace:configure.ac:966: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
699m4trace:configure.ac:948: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) 731m4trace:configure.ac:989: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
700m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) 732m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
701m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) 733m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
702m4trace:configure.ac:1010: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) 734m4trace:configure.ac:1051: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
703m4trace:configure.ac:1021: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) 735m4trace:configure.ac:1062: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
704m4trace:configure.ac:1022: -1- AC_SUBST([SSH_PRIVSEP_USER]) 736m4trace:configure.ac:1063: -1- AC_SUBST([SSH_PRIVSEP_USER])
705m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) 737m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
706m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS]) 738m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS])
707m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) 739m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
708m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT]) 740m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT])
709m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) 741m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
710m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP]) 742m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP])
711m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) 743m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
712m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG]) 744m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG])
713m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) 745m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
714m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT]) 746m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT])
715m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) 747m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
716m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS]) 748m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS])
717m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) 749m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
718m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR]) 750m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR])
719m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) 751m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
720m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W]) 752m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W])
721m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) 753m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
722m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO]) 754m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO])
723m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) 755m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
724m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST]) 756m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST])
725m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) 757m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
726m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG]) 758m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG])
727m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) 759m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
728m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF]) 760m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF])
729m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) 761m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
730m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT]) 762m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT])
731m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) 763m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
732m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME]) 764m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME])
733m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) 765m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
734m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS]) 766m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS])
735m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) 767m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
736m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL]) 768m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL])
737m4trace:configure.ac:1071: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) 769m4trace:configure.ac:1112: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
738m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) 770m4trace:configure.ac:1121: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
739m4trace:configure.ac:1080: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ 771m4trace:configure.ac:1121: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
740#undef SIZEOF_CHAR]) 772#undef SIZEOF_CHAR])
741m4trace:configure.ac:1081: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) 773m4trace:configure.ac:1122: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
742m4trace:configure.ac:1081: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ 774m4trace:configure.ac:1122: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
743#undef SIZEOF_SHORT_INT]) 775#undef SIZEOF_SHORT_INT])
744m4trace:configure.ac:1082: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) 776m4trace:configure.ac:1123: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
745m4trace:configure.ac:1082: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ 777m4trace:configure.ac:1123: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
746#undef SIZEOF_INT]) 778#undef SIZEOF_INT])
747m4trace:configure.ac:1083: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) 779m4trace:configure.ac:1124: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
748m4trace:configure.ac:1083: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ 780m4trace:configure.ac:1124: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
749#undef SIZEOF_LONG_INT]) 781#undef SIZEOF_LONG_INT])
750m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) 782m4trace:configure.ac:1125: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
751m4trace:configure.ac:1084: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ 783m4trace:configure.ac:1125: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
752#undef SIZEOF_LONG_LONG_INT]) 784#undef SIZEOF_LONG_LONG_INT])
753m4trace:configure.ac:1101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) 785m4trace:configure.ac:1142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
754m4trace:configure.ac:1114: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 786m4trace:configure.ac:1155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
755m4trace:configure.ac:1130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 787m4trace:configure.ac:1171: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
756m4trace:configure.ac:1151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) 788m4trace:configure.ac:1192: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
757m4trace:configure.ac:1163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 789m4trace:configure.ac:1204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
758m4trace:configure.ac:1177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 790m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
759m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) 791m4trace:configure.ac:1230: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
760m4trace:configure.ac:1203: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) 792m4trace:configure.ac:1244: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
761m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) 793m4trace:configure.ac:1259: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
762m4trace:configure.ac:1232: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) 794m4trace:configure.ac:1273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
763m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 795m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
764m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 796m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
765m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) 797m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
766m4trace:configure.ac:1272: -1- AC_DEFINE_TRACE_LITERAL([socklen_t]) 798m4trace:configure.ac:1313: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
767m4trace:configure.ac:1272: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */ 799m4trace:configure.ac:1313: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
768#undef socklen_t]) 800#undef socklen_t])
769m4trace:configure.ac:1274: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) 801m4trace:configure.ac:1315: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
770m4trace:configure.ac:1274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) 802m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
771m4trace:configure.ac:1274: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ 803m4trace:configure.ac:1315: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
772#undef HAVE_SIG_ATOMIC_T]) 804#undef HAVE_SIG_ATOMIC_T])
773m4trace:configure.ac:1287: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) 805m4trace:configure.ac:1328: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
774m4trace:configure.ac:1301: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) 806m4trace:configure.ac:1342: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
775m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) 807m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
776m4trace:configure.ac:1340: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) 808m4trace:configure.ac:1381: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
777m4trace:configure.ac:1354: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) 809m4trace:configure.ac:1395: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
778m4trace:configure.ac:1368: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) 810m4trace:configure.ac:1409: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
779m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) 811m4trace:configure.ac:1425: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
780m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) 812m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
781m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) 813m4trace:configure.ac:1455: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
782m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) 814m4trace:configure.ac:1471: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
783m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) 815m4trace:configure.ac:1483: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
784m4trace:configure.ac:1479: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) 816m4trace:configure.ac:1487: -1- AC_CHECK_TYPES([struct timespec])
785m4trace:configure.ac:1481: -1- AC_SUBST([NO_SFTP]) 817m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMESPEC])
786m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) 818m4trace:configure.ac:1487: -1- AH_OUTPUT([HAVE_STRUCT_TIMESPEC], [/* Define to 1 if the system has the type \`struct timespec'. */
787m4trace:configure.ac:1485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) 819#undef HAVE_STRUCT_TIMESPEC])
788m4trace:configure.ac:1486: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) 820m4trace:configure.ac:1524: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
789m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) 821m4trace:configure.ac:1528: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
790m4trace:configure.ac:1488: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) 822m4trace:configure.ac:1529: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
791m4trace:configure.ac:1489: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) 823m4trace:configure.ac:1530: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
792m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) 824m4trace:configure.ac:1531: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
793m4trace:configure.ac:1491: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) 825m4trace:configure.ac:1532: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
794m4trace:configure.ac:1492: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) 826m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
795m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) 827m4trace:configure.ac:1534: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
796m4trace:configure.ac:1494: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) 828m4trace:configure.ac:1535: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
797m4trace:configure.ac:1495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) 829m4trace:configure.ac:1536: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
798m4trace:configure.ac:1496: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) 830m4trace:configure.ac:1537: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
799m4trace:configure.ac:1497: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) 831m4trace:configure.ac:1538: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
800m4trace:configure.ac:1498: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) 832m4trace:configure.ac:1539: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
801m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) 833m4trace:configure.ac:1540: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
802m4trace:configure.ac:1500: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) 834m4trace:configure.ac:1541: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
803m4trace:configure.ac:1502: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) 835m4trace:configure.ac:1542: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
804m4trace:configure.ac:1502: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ 836m4trace:configure.ac:1543: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
837m4trace:configure.ac:1544: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
838m4trace:configure.ac:1546: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
839m4trace:configure.ac:1546: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
805#undef HAVE_STRUCT_STAT_ST_BLKSIZE]) 840#undef HAVE_STRUCT_STAT_ST_BLKSIZE])
806m4trace:configure.ac:1517: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) 841m4trace:configure.ac:1561: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
807m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) 842m4trace:configure.ac:1577: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
808m4trace:configure.ac:1548: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) 843m4trace:configure.ac:1592: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
809m4trace:configure.ac:1563: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) 844m4trace:configure.ac:1607: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
810m4trace:configure.ac:1578: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) 845m4trace:configure.ac:1622: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
811m4trace:configure.ac:1603: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) 846m4trace:configure.ac:1647: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
812m4trace:configure.ac:1627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) 847m4trace:configure.ac:1671: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
813m4trace:configure.ac:1638: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) 848m4trace:configure.ac:1682: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
814m4trace:configure.ac:1651: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) 849m4trace:configure.ac:1695: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
815m4trace:configure.ac:1664: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) 850m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
816m4trace:configure.ac:1679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) 851m4trace:configure.ac:1723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
817m4trace:configure.ac:1690: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) 852m4trace:configure.ac:1734: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
818m4trace:configure.ac:1702: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) 853m4trace:configure.ac:1746: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
819m4trace:configure.ac:1735: -1- AC_CHECK_HEADERS([sectok.h]) 854m4trace:configure.ac:1779: -1- AC_CHECK_HEADERS([sectok.h])
820m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ 855m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
821#undef HAVE_SECTOK_H]) 856#undef HAVE_SECTOK_H])
822m4trace:configure.ac:1735: -1- AC_CHECK_LIB([sectok], [sectok_open]) 857m4trace:configure.ac:1779: -1- AC_CHECK_LIB([sectok], [sectok_open])
823m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ 858m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
824#undef HAVE_LIBSECTOK]) 859#undef HAVE_LIBSECTOK])
825m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) 860m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
826m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) 861m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
827m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) 862m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
828m4trace:configure.ac:1744: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) 863m4trace:configure.ac:1788: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
829m4trace:configure.ac:1750: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) 864m4trace:configure.ac:1794: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
830m4trace:configure.ac:1751: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) 865m4trace:configure.ac:1795: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
831m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) 866m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
832m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) 867m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
833m4trace:configure.ac:1793: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) 868m4trace:configure.ac:1837: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
834m4trace:configure.ac:1793: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ 869m4trace:configure.ac:1837: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
835#undef HAVE_LIBRESOLV]) 870#undef HAVE_LIBRESOLV])
836m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) 871m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
837m4trace:configure.ac:1847: -1- AC_CHECK_HEADERS([krb.h]) 872m4trace:configure.ac:1891: -1- AC_CHECK_HEADERS([krb.h])
838m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ 873m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
839#undef HAVE_KRB_H]) 874#undef HAVE_KRB_H])
840m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb], [main]) 875m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb], [main])
841m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ 876m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
842#undef HAVE_LIBKRB]) 877#undef HAVE_LIBKRB])
843m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) 878m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
844m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb4], [main]) 879m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb4], [main])
845m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ 880m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
846#undef HAVE_LIBKRB4]) 881#undef HAVE_LIBKRB4])
847m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) 882m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
848m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) 883m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
849m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ 884m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
850#undef HAVE_LIBDES]) 885#undef HAVE_LIBDES])
851m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) 886m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
852m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) 887m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
853m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ 888m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
854#undef HAVE_LIBDES425]) 889#undef HAVE_LIBDES425])
855m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) 890m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
856m4trace:configure.ac:1847: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) 891m4trace:configure.ac:1891: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
857m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ 892m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
858#undef HAVE_LIBRESOLV]) 893#undef HAVE_LIBRESOLV])
859m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) 894m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
860m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) 895m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
861m4trace:configure.ac:1873: -1- AC_DEFINE_TRACE_LITERAL([AFS]) 896m4trace:configure.ac:1917: -1- AC_DEFINE_TRACE_LITERAL([AFS])
862m4trace:configure.ac:1887: -1- AC_SUBST([PRIVSEP_PATH]) 897m4trace:configure.ac:1931: -1- AC_SUBST([PRIVSEP_PATH])
863m4trace:configure.ac:1907: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) 898m4trace:configure.ac:1951: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
864m4trace:configure.ac:1911: -1- AC_SUBST([XAUTH_PATH]) 899m4trace:configure.ac:1962: -1- AC_SUBST([STRIP_OPT])
865m4trace:configure.ac:1913: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) 900m4trace:configure.ac:1966: -1- AC_SUBST([XAUTH_PATH])
866m4trace:configure.ac:1915: -1- AC_SUBST([XAUTH_PATH]) 901m4trace:configure.ac:1968: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
867m4trace:configure.ac:1921: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) 902m4trace:configure.ac:1970: -1- AC_SUBST([XAUTH_PATH])
868m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) 903m4trace:configure.ac:1976: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
869m4trace:configure.ac:1939: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) 904m4trace:configure.ac:1986: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
870m4trace:configure.ac:1957: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) 905m4trace:configure.ac:1994: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
871m4trace:configure.ac:1966: -1- AC_SUBST([MANTYPE]) 906m4trace:configure.ac:2012: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
872m4trace:configure.ac:1972: -1- AC_SUBST([mansubdir]) 907m4trace:configure.ac:2021: -1- AC_SUBST([MANTYPE])
873m4trace:configure.ac:1984: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) 908m4trace:configure.ac:2027: -1- AC_SUBST([mansubdir])
874m4trace:configure.ac:1995: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 909m4trace:configure.ac:2039: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
875m4trace:configure.ac:2010: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) 910m4trace:configure.ac:2050: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
876m4trace:configure.ac:2019: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) 911m4trace:configure.ac:2065: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
877m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) 912m4trace:configure.ac:2074: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
878m4trace:configure.ac:2107: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) 913m4trace:configure.ac:2085: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
879m4trace:configure.ac:2108: -1- AC_SUBST([user_path]) 914m4trace:configure.ac:2166: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
880m4trace:configure.ac:2120: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) 915m4trace:configure.ac:2167: -1- AC_SUBST([user_path])
881m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) 916m4trace:configure.ac:2179: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
882m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) 917m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
883m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) 918m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
884m4trace:configure.ac:2168: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) 919m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
885m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) 920m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
886m4trace:configure.ac:2193: -1- AC_SUBST([piddir]) 921m4trace:configure.ac:2251: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
887m4trace:configure.ac:2199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 922m4trace:configure.ac:2252: -1- AC_SUBST([piddir])
888m4trace:configure.ac:2203: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 923m4trace:configure.ac:2258: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
889m4trace:configure.ac:2207: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) 924m4trace:configure.ac:2262: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
890m4trace:configure.ac:2211: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 925m4trace:configure.ac:2266: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
891m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) 926m4trace:configure.ac:2270: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
892m4trace:configure.ac:2219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) 927m4trace:configure.ac:2274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
893m4trace:configure.ac:2223: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) 928m4trace:configure.ac:2278: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
894m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) 929m4trace:configure.ac:2282: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
895m4trace:configure.ac:2237: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 930m4trace:configure.ac:2286: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
896m4trace:configure.ac:2299: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) 931m4trace:configure.ac:2296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
897m4trace:configure.ac:2324: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 932m4trace:configure.ac:2358: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
898m4trace:configure.ac:2329: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) 933m4trace:configure.ac:2383: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
899m4trace:configure.ac:2354: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 934m4trace:configure.ac:2388: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
900m4trace:configure.ac:2359: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) 935m4trace:configure.ac:2413: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
901m4trace:configure.ac:2384: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) 936m4trace:configure.ac:2418: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
902m4trace:configure.ac:2387: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) 937m4trace:configure.ac:2443: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
903m4trace:configure.ac:2409: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) 938m4trace:configure.ac:2446: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
904m4trace:configure.ac:2412: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) 939m4trace:configure.ac:2468: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
905m4trace:configure.ac:2430: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) 940m4trace:configure.ac:2471: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
941m4trace:configure.ac:2489: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
diff --git a/bufaux.c b/bufaux.c
index d3dc674ce..3c276b810 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.28 2002/10/23 10:40:16 markus Exp $");
41 41
42#include <openssl/bn.h> 42#include <openssl/bn.h>
43#include "bufaux.h" 43#include "bufaux.h"
@@ -225,7 +225,7 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr)
225 /* Get the length. */ 225 /* Get the length. */
226 len = buffer_get_int(buffer); 226 len = buffer_get_int(buffer);
227 if (len > 256 * 1024) 227 if (len > 256 * 1024)
228 fatal("buffer_get_string: bad string length %d", len); 228 fatal("buffer_get_string: bad string length %u", len);
229 /* Allocate space for the string. Add one byte for a null character. */ 229 /* Allocate space for the string. Add one byte for a null character. */
230 value = xmalloc(len + 1); 230 value = xmalloc(len + 1);
231 /* Get the string. */ 231 /* Get the string. */
diff --git a/canohost.c b/canohost.c
index a457d3c52..941db23b6 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -38,7 +38,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
38 /* Get IP address of client. */ 38 /* Get IP address of client. */
39 fromlen = sizeof(from); 39 fromlen = sizeof(from);
40 memset(&from, 0, sizeof(from)); 40 memset(&from, 0, sizeof(from));
41 if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { 41 if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) {
42 debug("getpeername failed: %.100s", strerror(errno)); 42 debug("getpeername failed: %.100s", strerror(errno));
43 fatal_cleanup(); 43 fatal_cleanup();
44 } 44 }
@@ -59,11 +59,14 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
59 memset(&from, 0, sizeof(from)); 59 memset(&from, 0, sizeof(from));
60 60
61 from4->sin_family = AF_INET; 61 from4->sin_family = AF_INET;
62 fromlen = sizeof(*from4);
62 memcpy(&from4->sin_addr, &addr, sizeof(addr)); 63 memcpy(&from4->sin_addr, &addr, sizeof(addr));
63 from4->sin_port = port; 64 from4->sin_port = port;
64 } 65 }
65 } 66 }
66#endif 67#endif
68 if (from.ss_family == AF_INET6)
69 fromlen = sizeof(struct sockaddr_in6);
67 70
68 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), 71 if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
69 NULL, 0, NI_NUMERICHOST) != 0) 72 NULL, 0, NI_NUMERICHOST) != 0)
@@ -202,8 +205,8 @@ get_canonical_hostname(int verify_reverse_mapping)
202} 205}
203 206
204/* 207/*
205 * Returns the remote IP-address of socket as a string. The returned 208 * Returns the local/remote IP-address/hostname of socket as a string.
206 * string must be freed. 209 * The returned string must be freed.
207 */ 210 */
208static char * 211static char *
209get_socket_address(int socket, int remote, int flags) 212get_socket_address(int socket, int remote, int flags)
@@ -225,10 +228,15 @@ get_socket_address(int socket, int remote, int flags)
225 < 0) 228 < 0)
226 return NULL; 229 return NULL;
227 } 230 }
231
232 /* Work around Linux IPv6 weirdness */
233 if (addr.ss_family == AF_INET6)
234 addrlen = sizeof(struct sockaddr_in6);
235
228 /* Get the address in ascii. */ 236 /* Get the address in ascii. */
229 if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), 237 if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
230 NULL, 0, flags) != 0) { 238 NULL, 0, flags) != 0) {
231 error("get_socket_ipaddr: getnameinfo %d failed", flags); 239 error("get_socket_address: getnameinfo %d failed", flags);
232 return NULL; 240 return NULL;
233 } 241 }
234 return xstrdup(ntop); 242 return xstrdup(ntop);
@@ -314,11 +322,16 @@ get_sock_port(int sock, int local)
314 return 0; 322 return 0;
315 } 323 }
316 } else { 324 } else {
317 if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { 325 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
318 debug("getpeername failed: %.100s", strerror(errno)); 326 debug("getpeername failed: %.100s", strerror(errno));
319 fatal_cleanup(); 327 fatal_cleanup();
320 } 328 }
321 } 329 }
330
331 /* Work around Linux IPv6 weirdness */
332 if (from.ss_family == AF_INET6)
333 fromlen = sizeof(struct sockaddr_in6);
334
322 /* Return port number. */ 335 /* Return port number. */
323 if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, 336 if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
324 strport, sizeof(strport), NI_NUMERICSERV) != 0) 337 strport, sizeof(strport), NI_NUMERICSERV) != 0)
diff --git a/channels.c b/channels.c
index 6ff9e2583..1937b0244 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -413,13 +413,13 @@ channel_not_very_much_buffered_data(void)
413#if 0 413#if 0
414 if (!compat20 && 414 if (!compat20 &&
415 buffer_len(&c->input) > packet_get_maxsize()) { 415 buffer_len(&c->input) > packet_get_maxsize()) {
416 debug("channel %d: big input buffer %d", 416 debug2("channel %d: big input buffer %d",
417 c->self, buffer_len(&c->input)); 417 c->self, buffer_len(&c->input));
418 return 0; 418 return 0;
419 } 419 }
420#endif 420#endif
421 if (buffer_len(&c->output) > packet_get_maxsize()) { 421 if (buffer_len(&c->output) > packet_get_maxsize()) {
422 debug("channel %d: big output buffer %d > %d", 422 debug2("channel %d: big output buffer %d > %d",
423 c->self, buffer_len(&c->output), 423 c->self, buffer_len(&c->output),
424 packet_get_maxsize()); 424 packet_get_maxsize());
425 return 0; 425 return 0;
@@ -578,7 +578,7 @@ channel_send_open(int id)
578 log("channel_send_open: %d: bad id", id); 578 log("channel_send_open: %d: bad id", id);
579 return; 579 return;
580 } 580 }
581 debug("send channel open %d", id); 581 debug2("channel %d: send open", id);
582 packet_start(SSH2_MSG_CHANNEL_OPEN); 582 packet_start(SSH2_MSG_CHANNEL_OPEN);
583 packet_put_cstring(c->ctype); 583 packet_put_cstring(c->ctype);
584 packet_put_int(c->self); 584 packet_put_int(c->self);
@@ -588,15 +588,15 @@ channel_send_open(int id)
588} 588}
589 589
590void 590void
591channel_request_start(int local_id, char *service, int wantconfirm) 591channel_request_start(int id, char *service, int wantconfirm)
592{ 592{
593 Channel *c = channel_lookup(local_id); 593 Channel *c = channel_lookup(id);
594 594
595 if (c == NULL) { 595 if (c == NULL) {
596 log("channel_request_start: %d: unknown channel id", local_id); 596 log("channel_request_start: %d: unknown channel id", id);
597 return; 597 return;
598 } 598 }
599 debug("channel request %d: %s", local_id, service) ; 599 debug("channel %d: request %s", id, service) ;
600 packet_start(SSH2_MSG_CHANNEL_REQUEST); 600 packet_start(SSH2_MSG_CHANNEL_REQUEST);
601 packet_put_int(c->remote_id); 601 packet_put_int(c->remote_id);
602 packet_put_cstring(service); 602 packet_put_cstring(service);
@@ -1997,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
1997 c->remote_id = remote_id; 1997 c->remote_id = remote_id;
1998 } 1998 }
1999 if (c == NULL) { 1999 if (c == NULL) {
2000 xfree(originator_string);
2000 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 2001 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2001 packet_put_int(remote_id); 2002 packet_put_int(remote_id);
2002 packet_send(); 2003 packet_send();
@@ -2281,7 +2282,10 @@ connect_to(const char *host, u_short port)
2281 } 2282 }
2282 sock = socket(ai->ai_family, SOCK_STREAM, 0); 2283 sock = socket(ai->ai_family, SOCK_STREAM, 0);
2283 if (sock < 0) { 2284 if (sock < 0) {
2284 error("socket: %.100s", strerror(errno)); 2285 if (ai->ai_next == NULL)
2286 error("socket: %.100s", strerror(errno));
2287 else
2288 verbose("socket: %.100s", strerror(errno));
2285 continue; 2289 continue;
2286 } 2290 }
2287 if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) 2291 if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
@@ -2606,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
2606 /* Send refusal to the remote host. */ 2610 /* Send refusal to the remote host. */
2607 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 2611 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2608 packet_put_int(remote_id); 2612 packet_put_int(remote_id);
2613 xfree(remote_host);
2609 } else { 2614 } else {
2610 /* Send a confirmation to the remote host. */ 2615 /* Send a confirmation to the remote host. */
2611 packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); 2616 packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
diff --git a/cipher.c b/cipher.c
index 1933d3eab..b5d38747e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "log.h" 41#include "log.h"
@@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
239 cipher->name); 239 cipher->name);
240 klen = EVP_CIPHER_CTX_key_length(&cc->evp); 240 klen = EVP_CIPHER_CTX_key_length(&cc->evp);
241 if (klen > 0 && keylen != klen) { 241 if (klen > 0 && keylen != klen) {
242 debug("cipher_init: set keylen (%d -> %d)", klen, keylen); 242 debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
243 if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) 243 if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
244 fatal("cipher_init: set keylen failed (%d -> %d)", 244 fatal("cipher_init: set keylen failed (%d -> %d)",
245 klen, keylen); 245 klen, keylen);
diff --git a/clientloop.c b/clientloop.c
index 2c030e71b..fcd75d2d7 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -888,10 +888,16 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
888 888
889 client_init_dispatch(); 889 client_init_dispatch();
890 890
891 /* Set signal handlers to restore non-blocking mode. */ 891 /*
892 signal(SIGINT, signal_handler); 892 * Set signal handlers, (e.g. to restore non-blocking mode)
893 signal(SIGQUIT, signal_handler); 893 * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
894 signal(SIGTERM, signal_handler); 894 */
895 if (signal(SIGINT, SIG_IGN) != SIG_IGN)
896 signal(SIGINT, signal_handler);
897 if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
898 signal(SIGQUIT, signal_handler);
899 if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
900 signal(SIGTERM, signal_handler);
895 if (have_pty) 901 if (have_pty)
896 signal(SIGWINCH, window_change_handler); 902 signal(SIGWINCH, window_change_handler);
897 903
diff --git a/config.guess b/config.guess
index fd30ab031..e8f206123 100755
--- a/config.guess
+++ b/config.guess
@@ -726,6 +726,9 @@ EOF
726 CRAY*SV1:*:*:*) 726 CRAY*SV1:*:*:*)
727 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 727 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
728 exit 0 ;; 728 exit 0 ;;
729 *:UNICOS/mp:*:*)
730 echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/'
731 exit 0 ;;
729 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) 732 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
730 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` 733 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
731 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` 734 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
diff --git a/config.h.in b/config.h.in
index e87309415..55149792c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,5 @@
1/* config.h.in. Generated from configure.ac by autoheader. */ 1/* config.h.in. Generated from configure.ac by autoheader. */
2/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ 2/* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */
3 3
4#ifndef _CONFIG_H 4#ifndef _CONFIG_H
5#define _CONFIG_H 5#define _CONFIG_H
@@ -364,6 +364,19 @@
364/* Define if your platform needs to skip post auth file descriptor passing */ 364/* Define if your platform needs to skip post auth file descriptor passing */
365#undef DISABLE_FD_PASSING 365#undef DISABLE_FD_PASSING
366 366
367/* Silly mkstemp() */
368#undef HAVE_STRICT_MKSTEMP
369
370/* Setproctitle emulation */
371#undef SETPROCTITLE_STRATEGY
372#undef SETPROCTITLE_PS_PADDING
373
374/* Some systems put this outside of libc */
375#undef HAVE_NANOSLEEP
376
377/* Pushing STREAMS modules incorrectly acquires a controlling TTY */
378#undef STREAMS_PUSH_ACQUIRES_CTTY
379
367 380
368/* Define to 1 if the `getpgrp' function requires zero arguments. */ 381/* Define to 1 if the `getpgrp' function requires zero arguments. */
369#undef GETPGRP_VOID 382#undef GETPGRP_VOID
@@ -374,6 +387,12 @@
374/* Define to 1 if you have the `b64_ntop' function. */ 387/* Define to 1 if you have the `b64_ntop' function. */
375#undef HAVE_B64_NTOP 388#undef HAVE_B64_NTOP
376 389
390/* Define to 1 if you have the `b64_pton' function. */
391#undef HAVE_B64_PTON
392
393/* Define to 1 if you have the `basename' function. */
394#undef HAVE_BASENAME
395
377/* Define to 1 if you have the `bcopy' function. */ 396/* Define to 1 if you have the `bcopy' function. */
378#undef HAVE_BCOPY 397#undef HAVE_BCOPY
379 398
@@ -599,6 +618,9 @@
599/* Define to 1 if you have the `ngetaddrinfo' function. */ 618/* Define to 1 if you have the `ngetaddrinfo' function. */
600#undef HAVE_NGETADDRINFO 619#undef HAVE_NGETADDRINFO
601 620
621/* Define to 1 if you have the `nsleep' function. */
622#undef HAVE_NSLEEP
623
602/* Define to 1 if you have the `ogetaddrinfo' function. */ 624/* Define to 1 if you have the `ogetaddrinfo' function. */
603#undef HAVE_OGETADDRINFO 625#undef HAVE_OGETADDRINFO
604 626
@@ -611,6 +633,9 @@
611/* Define to 1 if you have the <paths.h> header file. */ 633/* Define to 1 if you have the <paths.h> header file. */
612#undef HAVE_PATHS_H 634#undef HAVE_PATHS_H
613 635
636/* Define to 1 if you have the `pstat' function. */
637#undef HAVE_PSTAT
638
614/* Define to 1 if you have the <pty.h> header file. */ 639/* Define to 1 if you have the <pty.h> header file. */
615#undef HAVE_PTY_H 640#undef HAVE_PTY_H
616 641
@@ -743,12 +768,18 @@
743/* Define to 1 if you have the `strmode' function. */ 768/* Define to 1 if you have the `strmode' function. */
744#undef HAVE_STRMODE 769#undef HAVE_STRMODE
745 770
771/* Define to 1 if you have the `strnvis' function. */
772#undef HAVE_STRNVIS
773
746/* Define to 1 if you have the `strsep' function. */ 774/* Define to 1 if you have the `strsep' function. */
747#undef HAVE_STRSEP 775#undef HAVE_STRSEP
748 776
749/* Define to 1 if `st_blksize' is member of `struct stat'. */ 777/* Define to 1 if `st_blksize' is member of `struct stat'. */
750#undef HAVE_STRUCT_STAT_ST_BLKSIZE 778#undef HAVE_STRUCT_STAT_ST_BLKSIZE
751 779
780/* Define to 1 if the system has the type `struct timespec'. */
781#undef HAVE_STRUCT_TIMESPEC
782
752/* Define to 1 if you have the `sysconf' function. */ 783/* Define to 1 if you have the `sysconf' function. */
753#undef HAVE_SYSCONF 784#undef HAVE_SYSCONF
754 785
@@ -764,6 +795,9 @@
764/* Define to 1 if you have the <sys/mman.h> header file. */ 795/* Define to 1 if you have the <sys/mman.h> header file. */
765#undef HAVE_SYS_MMAN_H 796#undef HAVE_SYS_MMAN_H
766 797
798/* Define to 1 if you have the <sys/pstat.h> header file. */
799#undef HAVE_SYS_PSTAT_H
800
767/* Define to 1 if you have the <sys/select.h> header file. */ 801/* Define to 1 if you have the <sys/select.h> header file. */
768#undef HAVE_SYS_SELECT_H 802#undef HAVE_SYS_SELECT_H
769 803
@@ -776,6 +810,9 @@
776/* Define to 1 if you have the <sys/sysmacros.h> header file. */ 810/* Define to 1 if you have the <sys/sysmacros.h> header file. */
777#undef HAVE_SYS_SYSMACROS_H 811#undef HAVE_SYS_SYSMACROS_H
778 812
813/* Define to 1 if you have the <sys/timers.h> header file. */
814#undef HAVE_SYS_TIMERS_H
815
779/* Define to 1 if you have the <sys/time.h> header file. */ 816/* Define to 1 if you have the <sys/time.h> header file. */
780#undef HAVE_SYS_TIME_H 817#undef HAVE_SYS_TIME_H
781 818
@@ -848,6 +885,9 @@
848/* Define to 1 if you have the `__b64_ntop' function. */ 885/* Define to 1 if you have the `__b64_ntop' function. */
849#undef HAVE___B64_NTOP 886#undef HAVE___B64_NTOP
850 887
888/* Define to 1 if you have the `__b64_pton' function. */
889#undef HAVE___B64_PTON
890
851/* Define to the address where bug reports for this package should be sent. */ 891/* Define to the address where bug reports for this package should be sent. */
852#undef PACKAGE_BUGREPORT 892#undef PACKAGE_BUGREPORT
853 893
diff --git a/config.sub b/config.sub
index 9ff085efa..a0b7bb9e8 100755
--- a/config.sub
+++ b/config.sub
@@ -315,7 +315,7 @@ case $basic_machine in
315 | mipsisa64-* | mipsisa64el-* \ 315 | mipsisa64-* | mipsisa64el-* \
316 | mipsisa64sb1-* | mipsisa64sb1el-* \ 316 | mipsisa64sb1-* | mipsisa64sb1el-* \
317 | mipstx39 | mipstx39el \ 317 | mipstx39 | mipstx39el \
318 | none-* | np1-* | ns16k-* | ns32k-* \ 318 | none-* | np1-* | ns16k-* | ns32k-* | nv1-* \
319 | orion-* \ 319 | orion-* \
320 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ 320 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
321 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ 321 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
@@ -715,6 +715,9 @@ case $basic_machine in
715 nsr-tandem) 715 nsr-tandem)
716 basic_machine=nsr-tandem 716 basic_machine=nsr-tandem
717 ;; 717 ;;
718 nv1)
719 basic_machine=nv1-cray
720 ;;
718 op50n-* | op60c-*) 721 op50n-* | op60c-*)
719 basic_machine=hppa1.1-oki 722 basic_machine=hppa1.1-oki
720 os=-proelf 723 os=-proelf
@@ -887,6 +890,10 @@ case $basic_machine in
887 basic_machine=sv1-cray 890 basic_machine=sv1-cray
888 os=-unicos 891 os=-unicos
889 ;; 892 ;;
893 sx*-nec)
894 basic_machine=sx6-nec
895 os=-sysv
896 ;;
890 symmetry) 897 symmetry)
891 basic_machine=i386-sequent 898 basic_machine=i386-sequent
892 os=-dynix 899 os=-dynix
diff --git a/configure b/configure
index 565e9ee79..b142fd782 100755
--- a/configure
+++ b/configure
@@ -827,6 +827,7 @@ Optional Features:
827 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) 827 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
828 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 828 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
829 --disable-largefile omit support for large files 829 --disable-largefile omit support for large files
830 --disable-strip Disable calling strip(1) on install
830 --disable-lastlog disable use of lastlog even if detected no 831 --disable-lastlog disable use of lastlog even if detected no
831 --disable-utmp disable use of utmp even if detected no 832 --disable-utmp disable use of utmp even if detected no
832 --disable-utmpx disable use of utmpx even if detected no 833 --disable-utmpx disable use of utmpx even if detected no
@@ -2719,6 +2720,45 @@ fi
2719 test -n "$PERL" && break 2720 test -n "$PERL" && break
2720done 2721done
2721 2722
2723# Extract the first word of "sed", so it can be a program name with args.
2724set dummy sed; ac_word=$2
2725echo "$as_me:$LINENO: checking for $ac_word" >&5
2726echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
2727if test "${ac_cv_path_SED+set}" = set; then
2728 echo $ECHO_N "(cached) $ECHO_C" >&6
2729else
2730 case $SED in
2731 [\\/]* | ?:[\\/]*)
2732 ac_cv_path_SED="$SED" # Let the user override the test with a path.
2733 ;;
2734 *)
2735 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2736for as_dir in $PATH
2737do
2738 IFS=$as_save_IFS
2739 test -z "$as_dir" && as_dir=.
2740 for ac_exec_ext in '' $ac_executable_extensions; do
2741 if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2742 ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
2743 echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
2744 break 2
2745 fi
2746done
2747done
2748
2749 ;;
2750esac
2751fi
2752SED=$ac_cv_path_SED
2753
2754if test -n "$SED"; then
2755 echo "$as_me:$LINENO: result: $SED" >&5
2756echo "${ECHO_T}$SED" >&6
2757else
2758 echo "$as_me:$LINENO: result: no" >&5
2759echo "${ECHO_T}no" >&6
2760fi
2761
2722 2762
2723# Extract the first word of "ent", so it can be a program name with args. 2763# Extract the first word of "ent", so it can be a program name with args.
2724set dummy ent; ac_word=$2 2764set dummy ent; ac_word=$2
@@ -3660,8 +3700,17 @@ _ACEOF
3660#define LOGIN_NEEDS_UTMPX 1 3700#define LOGIN_NEEDS_UTMPX 1
3661_ACEOF 3701_ACEOF
3662 3702
3703 cat >>confdefs.h <<\_ACEOF
3704#define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
3705_ACEOF
3706
3707 cat >>confdefs.h <<\_ACEOF
3708#define SETPROCTITLE_PS_PADDING '\0'
3709_ACEOF
3710
3663 ;; 3711 ;;
3664*-*-cygwin*) 3712*-*-cygwin*)
3713 check_for_libcrypt_later=1
3665 LIBS="$LIBS /usr/lib/textmode.o" 3714 LIBS="$LIBS /usr/lib/textmode.o"
3666 cat >>confdefs.h <<\_ACEOF 3715 cat >>confdefs.h <<\_ACEOF
3667#define HAVE_CYGWIN 1 3716#define HAVE_CYGWIN 1
@@ -3782,7 +3831,7 @@ _ACEOF
3782_ACEOF 3831_ACEOF
3783 3832
3784 cat >>confdefs.h <<\_ACEOF 3833 cat >>confdefs.h <<\_ACEOF
3785#define SPT_TYPE SPT_PSTAT 3834#define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3786_ACEOF 3835_ACEOF
3787 3836
3788 LIBS="$LIBS -lsec -lsecpw" 3837 LIBS="$LIBS -lsec -lsecpw"
@@ -3884,7 +3933,7 @@ _ACEOF
3884_ACEOF 3933_ACEOF
3885 3934
3886 cat >>confdefs.h <<\_ACEOF 3935 cat >>confdefs.h <<\_ACEOF
3887#define SPT_TYPE SPT_PSTAT 3936#define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3888_ACEOF 3937_ACEOF
3889 3938
3890 LIBS="$LIBS -lsec" 3939 LIBS="$LIBS -lsec"
@@ -3986,7 +4035,7 @@ _ACEOF
3986_ACEOF 4035_ACEOF
3987 4036
3988 cat >>confdefs.h <<\_ACEOF 4037 cat >>confdefs.h <<\_ACEOF
3989#define SPT_TYPE SPT_PSTAT 4038#define SETPROCTITLE_STRATEGY PS_USE_PSTAT
3990_ACEOF 4039_ACEOF
3991 4040
3992 LIBS="$LIBS -lsec" 4041 LIBS="$LIBS -lsec"
@@ -4180,6 +4229,14 @@ _ACEOF
4180#define PAM_TTY_KLUDGE 1 4229#define PAM_TTY_KLUDGE 1
4181_ACEOF 4230_ACEOF
4182 4231
4232 cat >>confdefs.h <<\_ACEOF
4233#define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
4234_ACEOF
4235
4236 cat >>confdefs.h <<\_ACEOF
4237#define SETPROCTITLE_PS_PADDING '\0'
4238_ACEOF
4239
4183 inet6_default_4in6=yes 4240 inet6_default_4in6=yes
4184 ;; 4241 ;;
4185mips-sony-bsd|mips-sony-newsos4) 4242mips-sony-bsd|mips-sony-newsos4)
@@ -4240,6 +4297,10 @@ _ACEOF
4240#define PAM_TTY_KLUDGE 1 4297#define PAM_TTY_KLUDGE 1
4241_ACEOF 4298_ACEOF
4242 4299
4300 cat >>confdefs.h <<\_ACEOF
4301#define STREAMS_PUSH_ACQUIRES_CTTY 1
4302_ACEOF
4303
4243 # hardwire lastlog location (can't detect it on some versions) 4304 # hardwire lastlog location (can't detect it on some versions)
4244 conf_lastlog_location="/var/adm/lastlog" 4305 conf_lastlog_location="/var/adm/lastlog"
4245 echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 4306 echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5
@@ -4504,6 +4565,9 @@ done
4504 do_sco3_extra_lib_check=yes 4565 do_sco3_extra_lib_check=yes
4505 ;; 4566 ;;
4506*-*-sco3.2v5*) 4567*-*-sco3.2v5*)
4568 if test -z "$GCC"; then
4569 CFLAGS="$CFLAGS -belf"
4570 fi
4507 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 4571 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
4508 LDFLAGS="$LDFLAGS -L/usr/local/lib" 4572 LDFLAGS="$LDFLAGS -L/usr/local/lib"
4509 LIBS="$LIBS -lprot -lx -ltinfo -lm" 4573 LIBS="$LIBS -lprot -lx -ltinfo -lm"
@@ -4604,8 +4668,6 @@ done
4604 MANTYPE=man 4668 MANTYPE=man
4605 ;; 4669 ;;
4606*-*-unicosmk*) 4670*-*-unicosmk*)
4607 no_libsocket=1
4608 no_libnsl=1
4609 cat >>confdefs.h <<\_ACEOF 4671 cat >>confdefs.h <<\_ACEOF
4610#define USE_PIPES 1 4672#define USE_PIPES 1
4611_ACEOF 4673_ACEOF
@@ -4619,8 +4681,6 @@ _ACEOF
4619 MANTYPE=cat 4681 MANTYPE=cat
4620 ;; 4682 ;;
4621*-*-unicos*) 4683*-*-unicos*)
4622 no_libsocket=1
4623 no_libnsl=1
4624 cat >>confdefs.h <<\_ACEOF 4684 cat >>confdefs.h <<\_ACEOF
4625#define USE_PIPES 1 4685#define USE_PIPES 1
4626_ACEOF 4686_ACEOF
@@ -4665,12 +4725,20 @@ _ACEOF
4665#define DISABLE_LOGIN 1 4725#define DISABLE_LOGIN 1
4666_ACEOF 4726_ACEOF
4667 4727
4728 cat >>confdefs.h <<\_ACEOF
4729#define DISABLE_FD_PASSING 1
4730_ACEOF
4731
4668 LIBS="$LIBS -lsecurity -ldb -lm -laud" 4732 LIBS="$LIBS -lsecurity -ldb -lm -laud"
4669 else 4733 else
4670 echo "$as_me:$LINENO: result: no" >&5 4734 echo "$as_me:$LINENO: result: no" >&5
4671echo "${ECHO_T}no" >&6 4735echo "${ECHO_T}no" >&6
4672 fi 4736 fi
4673 fi 4737 fi
4738 cat >>confdefs.h <<\_ACEOF
4739#define DISABLE_FD_PASSING 1
4740_ACEOF
4741
4674 ;; 4742 ;;
4675 4743
4676*-*-nto-qnx) 4744*-*-nto-qnx)
@@ -4984,14 +5052,17 @@ done
4984 5052
4985 5053
4986 5054
5055
5056
5057
4987for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ 5058for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
4988 getopt.h glob.h ia.h lastlog.h limits.h login.h \ 5059 getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
4989 login_cap.h maillock.h netdb.h netgroup.h \ 5060 login_cap.h maillock.h netdb.h netgroup.h \
4990 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 5061 netinet/in_systm.h paths.h pty.h readpassphrase.h \
4991 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 5062 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
4992 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 5063 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
4993 sys/mman.h sys/select.h sys/stat.h \ 5064 sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
4994 sys/stropts.h sys/sysmacros.h sys/time.h \ 5065 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
4995 sys/un.h time.h tmpdir.h ttyent.h usersec.h \ 5066 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
4996 util.h utime.h utmp.h utmpx.h 5067 util.h utime.h utmp.h utmpx.h
4997do 5068do
@@ -6740,17 +6811,24 @@ fi;
6740 6811
6741 6812
6742 6813
6743for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ 6814
6744 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 6815
6745 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ 6816
6746 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 6817
6747 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 6818
6748 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 6819for ac_func in \
6749 realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ 6820 arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
6750 setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ 6821 bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
6751 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ 6822 gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
6752 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 6823 getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
6753 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty 6824 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
6825 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
6826 readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
6827 setegid setenv seteuid setgroups setlogin setpcred setproctitle \
6828 setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
6829 snprintf socketpair strerror strlcat strlcpy strmode strnvis \
6830 sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
6831
6754do 6832do
6755as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 6833as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
6756echo "$as_me:$LINENO: checking for $ac_func" >&5 6834echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -6826,6 +6904,246 @@ fi
6826done 6904done
6827 6905
6828 6906
6907echo "$as_me:$LINENO: checking for library containing nanosleep" >&5
6908echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6
6909if test "${ac_cv_search_nanosleep+set}" = set; then
6910 echo $ECHO_N "(cached) $ECHO_C" >&6
6911else
6912 ac_func_search_save_LIBS=$LIBS
6913ac_cv_search_nanosleep=no
6914cat >conftest.$ac_ext <<_ACEOF
6915#line $LINENO "configure"
6916#include "confdefs.h"
6917
6918/* Override any gcc2 internal prototype to avoid an error. */
6919#ifdef __cplusplus
6920extern "C"
6921#endif
6922/* We use char because int might match the return type of a gcc2
6923 builtin and then its argument prototype would still apply. */
6924char nanosleep ();
6925#ifdef F77_DUMMY_MAIN
6926# ifdef __cplusplus
6927 extern "C"
6928# endif
6929 int F77_DUMMY_MAIN() { return 1; }
6930#endif
6931int
6932main ()
6933{
6934nanosleep ();
6935 ;
6936 return 0;
6937}
6938_ACEOF
6939rm -f conftest.$ac_objext conftest$ac_exeext
6940if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6941 (eval $ac_link) 2>&5
6942 ac_status=$?
6943 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6944 (exit $ac_status); } &&
6945 { ac_try='test -s conftest$ac_exeext'
6946 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6947 (eval $ac_try) 2>&5
6948 ac_status=$?
6949 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6950 (exit $ac_status); }; }; then
6951 ac_cv_search_nanosleep="none required"
6952else
6953 echo "$as_me: failed program was:" >&5
6954cat conftest.$ac_ext >&5
6955fi
6956rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
6957if test "$ac_cv_search_nanosleep" = no; then
6958 for ac_lib in rt posix4; do
6959 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
6960 cat >conftest.$ac_ext <<_ACEOF
6961#line $LINENO "configure"
6962#include "confdefs.h"
6963
6964/* Override any gcc2 internal prototype to avoid an error. */
6965#ifdef __cplusplus
6966extern "C"
6967#endif
6968/* We use char because int might match the return type of a gcc2
6969 builtin and then its argument prototype would still apply. */
6970char nanosleep ();
6971#ifdef F77_DUMMY_MAIN
6972# ifdef __cplusplus
6973 extern "C"
6974# endif
6975 int F77_DUMMY_MAIN() { return 1; }
6976#endif
6977int
6978main ()
6979{
6980nanosleep ();
6981 ;
6982 return 0;
6983}
6984_ACEOF
6985rm -f conftest.$ac_objext conftest$ac_exeext
6986if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6987 (eval $ac_link) 2>&5
6988 ac_status=$?
6989 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6990 (exit $ac_status); } &&
6991 { ac_try='test -s conftest$ac_exeext'
6992 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6993 (eval $ac_try) 2>&5
6994 ac_status=$?
6995 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6996 (exit $ac_status); }; }; then
6997 ac_cv_search_nanosleep="-l$ac_lib"
6998break
6999else
7000 echo "$as_me: failed program was:" >&5
7001cat conftest.$ac_ext >&5
7002fi
7003rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
7004 done
7005fi
7006LIBS=$ac_func_search_save_LIBS
7007fi
7008echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5
7009echo "${ECHO_T}$ac_cv_search_nanosleep" >&6
7010if test "$ac_cv_search_nanosleep" != no; then
7011 test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS"
7012 cat >>confdefs.h <<\_ACEOF
7013#define HAVE_NANOSLEEP 1
7014_ACEOF
7015
7016fi
7017
7018
7019echo "$as_me:$LINENO: checking whether strsep is declared" >&5
7020echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6
7021if test "${ac_cv_have_decl_strsep+set}" = set; then
7022 echo $ECHO_N "(cached) $ECHO_C" >&6
7023else
7024 cat >conftest.$ac_ext <<_ACEOF
7025#line $LINENO "configure"
7026#include "confdefs.h"
7027$ac_includes_default
7028#ifdef F77_DUMMY_MAIN
7029# ifdef __cplusplus
7030 extern "C"
7031# endif
7032 int F77_DUMMY_MAIN() { return 1; }
7033#endif
7034int
7035main ()
7036{
7037#ifndef strsep
7038 char *p = (char *) strsep;
7039#endif
7040
7041 ;
7042 return 0;
7043}
7044_ACEOF
7045rm -f conftest.$ac_objext
7046if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
7047 (eval $ac_compile) 2>&5
7048 ac_status=$?
7049 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7050 (exit $ac_status); } &&
7051 { ac_try='test -s conftest.$ac_objext'
7052 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7053 (eval $ac_try) 2>&5
7054 ac_status=$?
7055 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7056 (exit $ac_status); }; }; then
7057 ac_cv_have_decl_strsep=yes
7058else
7059 echo "$as_me: failed program was:" >&5
7060cat conftest.$ac_ext >&5
7061ac_cv_have_decl_strsep=no
7062fi
7063rm -f conftest.$ac_objext conftest.$ac_ext
7064fi
7065echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5
7066echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6
7067if test $ac_cv_have_decl_strsep = yes; then
7068
7069for ac_func in strsep
7070do
7071as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
7072echo "$as_me:$LINENO: checking for $ac_func" >&5
7073echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
7074if eval "test \"\${$as_ac_var+set}\" = set"; then
7075 echo $ECHO_N "(cached) $ECHO_C" >&6
7076else
7077 cat >conftest.$ac_ext <<_ACEOF
7078#line $LINENO "configure"
7079#include "confdefs.h"
7080/* System header to define __stub macros and hopefully few prototypes,
7081 which can conflict with char $ac_func (); below. */
7082#include <assert.h>
7083/* Override any gcc2 internal prototype to avoid an error. */
7084#ifdef __cplusplus
7085extern "C"
7086#endif
7087/* We use char because int might match the return type of a gcc2
7088 builtin and then its argument prototype would still apply. */
7089char $ac_func ();
7090char (*f) ();
7091
7092#ifdef F77_DUMMY_MAIN
7093# ifdef __cplusplus
7094 extern "C"
7095# endif
7096 int F77_DUMMY_MAIN() { return 1; }
7097#endif
7098int
7099main ()
7100{
7101/* The GNU C library defines this for functions which it implements
7102 to always fail with ENOSYS. Some functions are actually named
7103 something starting with __ and the normal name is an alias. */
7104#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
7105choke me
7106#else
7107f = $ac_func;
7108#endif
7109
7110 ;
7111 return 0;
7112}
7113_ACEOF
7114rm -f conftest.$ac_objext conftest$ac_exeext
7115if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
7116 (eval $ac_link) 2>&5
7117 ac_status=$?
7118 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7119 (exit $ac_status); } &&
7120 { ac_try='test -s conftest$ac_exeext'
7121 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7122 (eval $ac_try) 2>&5
7123 ac_status=$?
7124 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7125 (exit $ac_status); }; }; then
7126 eval "$as_ac_var=yes"
7127else
7128 echo "$as_me: failed program was:" >&5
7129cat conftest.$ac_ext >&5
7130eval "$as_ac_var=no"
7131fi
7132rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
7133fi
7134echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
7135echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
7136if test `eval echo '${'$as_ac_var'}'` = yes; then
7137 cat >>confdefs.h <<_ACEOF
7138#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
7139_ACEOF
7140
7141fi
7142done
7143
7144fi
7145
7146
6829 7147
6830for ac_func in dirname 7148for ac_func in dirname
6831do 7149do
@@ -7975,6 +8293,65 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
7975fi 8293fi
7976fi 8294fi
7977 8295
8296if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
8297echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5
8298echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6
8299if test "$cross_compiling" = yes; then
8300
8301 echo "$as_me:$LINENO: result: yes" >&5
8302echo "${ECHO_T}yes" >&6
8303 cat >>confdefs.h <<\_ACEOF
8304#define HAVE_STRICT_MKSTEMP 1
8305_ACEOF
8306
8307
8308
8309else
8310 cat >conftest.$ac_ext <<_ACEOF
8311#line $LINENO "configure"
8312#include "confdefs.h"
8313
8314#include <stdlib.h>
8315main() { char template[]="conftest.mkstemp-test";
8316if (mkstemp(template) == -1)
8317 exit(1);
8318unlink(template); exit(0);
8319}
8320
8321_ACEOF
8322rm -f conftest$ac_exeext
8323if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8324 (eval $ac_link) 2>&5
8325 ac_status=$?
8326 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8327 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8328 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8329 (eval $ac_try) 2>&5
8330 ac_status=$?
8331 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8332 (exit $ac_status); }; }; then
8333
8334 echo "$as_me:$LINENO: result: no" >&5
8335echo "${ECHO_T}no" >&6
8336
8337else
8338 echo "$as_me: program exited with status $ac_status" >&5
8339echo "$as_me: failed program was:" >&5
8340cat conftest.$ac_ext >&5
8341( exit $ac_status )
8342
8343 echo "$as_me:$LINENO: result: yes" >&5
8344echo "${ECHO_T}yes" >&6
8345 cat >>confdefs.h <<\_ACEOF
8346#define HAVE_STRICT_MKSTEMP 1
8347_ACEOF
8348
8349
8350fi
8351rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8352fi
8353fi
8354
7978echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 8355echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5
7979echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 8356echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6
7980if test "${ac_cv_func_getpgrp_void+set}" = set; then 8357if test "${ac_cv_func_getpgrp_void+set}" = set; then
@@ -13128,12 +13505,72 @@ _ACEOF
13128 have_struct_timeval=1 13505 have_struct_timeval=1
13129fi 13506fi
13130 13507
13131# If we don't have int64_t then we can't compile sftp-server. So don't 13508echo "$as_me:$LINENO: checking for struct timespec" >&5
13132# even attempt to do it. 13509echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6
13510if test "${ac_cv_type_struct_timespec+set}" = set; then
13511 echo $ECHO_N "(cached) $ECHO_C" >&6
13512else
13513 cat >conftest.$ac_ext <<_ACEOF
13514#line $LINENO "configure"
13515#include "confdefs.h"
13516$ac_includes_default
13517#ifdef F77_DUMMY_MAIN
13518# ifdef __cplusplus
13519 extern "C"
13520# endif
13521 int F77_DUMMY_MAIN() { return 1; }
13522#endif
13523int
13524main ()
13525{
13526if ((struct timespec *) 0)
13527 return 0;
13528if (sizeof (struct timespec))
13529 return 0;
13530 ;
13531 return 0;
13532}
13533_ACEOF
13534rm -f conftest.$ac_objext
13535if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
13536 (eval $ac_compile) 2>&5
13537 ac_status=$?
13538 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13539 (exit $ac_status); } &&
13540 { ac_try='test -s conftest.$ac_objext'
13541 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
13542 (eval $ac_try) 2>&5
13543 ac_status=$?
13544 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13545 (exit $ac_status); }; }; then
13546 ac_cv_type_struct_timespec=yes
13547else
13548 echo "$as_me: failed program was:" >&5
13549cat conftest.$ac_ext >&5
13550ac_cv_type_struct_timespec=no
13551fi
13552rm -f conftest.$ac_objext conftest.$ac_ext
13553fi
13554echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5
13555echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6
13556if test $ac_cv_type_struct_timespec = yes; then
13557
13558cat >>confdefs.h <<_ACEOF
13559#define HAVE_STRUCT_TIMESPEC 1
13560_ACEOF
13561
13562
13563fi
13564
13565
13566# We need int64_t or else certian parts of the compile will fail.
13133if test "x$ac_cv_have_int64_t" = "xno" -a \ 13567if test "x$ac_cv_have_int64_t" = "xno" -a \
13134 "x$ac_cv_sizeof_long_int" != "x8" -a \ 13568 "x$ac_cv_sizeof_long_int" != "x8" -a \
13135 "x$ac_cv_sizeof_long_long_int" = "x0" ; then 13569 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
13136 NO_SFTP='#' 13570 echo "OpenSSH requires int64_t support. Contact your vendor or install"
13571 echo "an alternative compiler (I.E., GCC) before continuing."
13572 echo ""
13573 exit 1;
13137else 13574else
13138 if test "$cross_compiling" = yes; then 13575 if test "$cross_compiling" = yes; then
13139 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 13576 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
@@ -13196,7 +13633,6 @@ fi
13196fi 13633fi
13197 13634
13198 13635
13199
13200# look for field 'ut_host' in header 'utmp.h' 13636# look for field 'ut_host' in header 'utmp.h'
13201 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` 13637 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
13202 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host 13638 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
@@ -15730,6 +16166,19 @@ fi
15730 16166
15731fi; 16167fi;
15732 16168
16169STRIP_OPT=-s
16170# Check whether --enable-strip or --disable-strip was given.
16171if test "${enable_strip+set}" = set; then
16172 enableval="$enable_strip"
16173
16174 if test "x$enableval" = "xno" ; then
16175 STRIP_OPT=
16176 fi
16177
16178
16179fi;
16180
16181
15733if test -z "$xauth_path" ; then 16182if test -z "$xauth_path" ; then
15734 XAUTH_PATH="undefined" 16183 XAUTH_PATH="undefined"
15735 16184
@@ -16056,7 +16505,11 @@ else
16056# include <paths.h> 16505# include <paths.h>
16057#endif 16506#endif
16058#ifndef _PATH_STDPATH 16507#ifndef _PATH_STDPATH
16059# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 16508# ifdef _PATH_USERPATH /* Irix */
16509# define _PATH_STDPATH _PATH_USERPATH
16510# else
16511# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
16512# endif
16060#endif 16513#endif
16061#include <sys/types.h> 16514#include <sys/types.h>
16062#include <sys/stat.h> 16515#include <sys/stat.h>
@@ -17346,6 +17799,7 @@ s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
17346s,@INSTALL_DATA@,$INSTALL_DATA,;t t 17799s,@INSTALL_DATA@,$INSTALL_DATA,;t t
17347s,@AR@,$AR,;t t 17800s,@AR@,$AR,;t t
17348s,@PERL@,$PERL,;t t 17801s,@PERL@,$PERL,;t t
17802s,@SED@,$SED,;t t
17349s,@ENT@,$ENT,;t t 17803s,@ENT@,$ENT,;t t
17350s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t 17804s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
17351s,@SH@,$SH,;t t 17805s,@SH@,$SH,;t t
@@ -17372,10 +17826,10 @@ s,@PROG_UPTIME@,$PROG_UPTIME,;t t
17372s,@PROG_IPCS@,$PROG_IPCS,;t t 17826s,@PROG_IPCS@,$PROG_IPCS,;t t
17373s,@PROG_TAIL@,$PROG_TAIL,;t t 17827s,@PROG_TAIL@,$PROG_TAIL,;t t
17374s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t 17828s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t
17375s,@NO_SFTP@,$NO_SFTP,;t t
17376s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t 17829s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t
17377s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t 17830s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t
17378s,@xauth_path@,$xauth_path,;t t 17831s,@xauth_path@,$xauth_path,;t t
17832s,@STRIP_OPT@,$STRIP_OPT,;t t
17379s,@XAUTH_PATH@,$XAUTH_PATH,;t t 17833s,@XAUTH_PATH@,$XAUTH_PATH,;t t
17380s,@NROFF@,$NROFF,;t t 17834s,@NROFF@,$NROFF,;t t
17381s,@MANTYPE@,$MANTYPE,;t t 17835s,@MANTYPE@,$MANTYPE,;t t
@@ -17895,12 +18349,6 @@ if test "x$PAM_MSG" = "xyes" ; then
17895 echo "" 18349 echo ""
17896fi 18350fi
17897 18351
17898if test ! -z "$NO_SFTP"; then
17899 echo "sftp-server will be disabled. Your compiler does not "
17900 echo "support 64bit integers."
17901 echo ""
17902fi
17903
17904if test ! -z "$RAND_HELPER_CMDHASH" ; then 18352if test ! -z "$RAND_HELPER_CMDHASH" ; then
17905 echo "WARNING: you are using the builtin random number collection " 18353 echo "WARNING: you are using the builtin random number collection "
17906 echo "service. Please read WARNING.RNG and request that your OS " 18354 echo "service. Please read WARNING.RNG and request that your OS "
diff --git a/configure.ac b/configure.ac
index 5fe50e56b..48a98d319 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ 1# $Id: configure.ac,v 1.111.2.2 2003/03/21 01:15:18 mouring Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
@@ -14,6 +14,7 @@ AC_PROG_RANLIB
14AC_PROG_INSTALL 14AC_PROG_INSTALL
15AC_PATH_PROG(AR, ar) 15AC_PATH_PROG(AR, ar)
16AC_PATH_PROGS(PERL, perl5 perl) 16AC_PATH_PROGS(PERL, perl5 perl)
17AC_PATH_PROG(SED, sed)
17AC_SUBST(PERL) 18AC_SUBST(PERL)
18AC_PATH_PROG(ENT, ent) 19AC_PATH_PROG(ENT, ent)
19AC_SUBST(ENT) 20AC_SUBST(ENT)
@@ -81,8 +82,11 @@ case "$host" in
81 dnl AIX handles lastlog as part of its login message 82 dnl AIX handles lastlog as part of its login message
82 AC_DEFINE(DISABLE_LASTLOG) 83 AC_DEFINE(DISABLE_LASTLOG)
83 AC_DEFINE(LOGIN_NEEDS_UTMPX) 84 AC_DEFINE(LOGIN_NEEDS_UTMPX)
85 AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
86 AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
84 ;; 87 ;;
85*-*-cygwin*) 88*-*-cygwin*)
89 check_for_libcrypt_later=1
86 LIBS="$LIBS /usr/lib/textmode.o" 90 LIBS="$LIBS /usr/lib/textmode.o"
87 AC_DEFINE(HAVE_CYGWIN) 91 AC_DEFINE(HAVE_CYGWIN)
88 AC_DEFINE(USE_PIPES) 92 AC_DEFINE(USE_PIPES)
@@ -121,7 +125,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
121 AC_DEFINE(LOGIN_NEEDS_UTMPX) 125 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(DISABLE_SHADOW) 126 AC_DEFINE(DISABLE_SHADOW)
123 AC_DEFINE(DISABLE_UTMP) 127 AC_DEFINE(DISABLE_UTMP)
124 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 128 AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
125 LIBS="$LIBS -lsec -lsecpw" 129 LIBS="$LIBS -lsec -lsecpw"
126 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 130 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
127 disable_ptmx_check=yes 131 disable_ptmx_check=yes
@@ -137,7 +141,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
137 AC_DEFINE(LOGIN_NEEDS_UTMPX) 141 AC_DEFINE(LOGIN_NEEDS_UTMPX)
138 AC_DEFINE(DISABLE_SHADOW) 142 AC_DEFINE(DISABLE_SHADOW)
139 AC_DEFINE(DISABLE_UTMP) 143 AC_DEFINE(DISABLE_UTMP)
140 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 144 AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
141 LIBS="$LIBS -lsec" 145 LIBS="$LIBS -lsec"
142 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 146 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
143 ;; 147 ;;
@@ -150,7 +154,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
150 AC_DEFINE(LOGIN_NEEDS_UTMPX) 154 AC_DEFINE(LOGIN_NEEDS_UTMPX)
151 AC_DEFINE(DISABLE_SHADOW) 155 AC_DEFINE(DISABLE_SHADOW)
152 AC_DEFINE(DISABLE_UTMP) 156 AC_DEFINE(DISABLE_UTMP)
153 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 157 AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
154 LIBS="$LIBS -lsec" 158 LIBS="$LIBS -lsec"
155 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 159 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
156 ;; 160 ;;
@@ -177,6 +181,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
177 check_for_libcrypt_later=1 181 check_for_libcrypt_later=1
178 AC_DEFINE(DONT_TRY_OTHER_AF) 182 AC_DEFINE(DONT_TRY_OTHER_AF)
179 AC_DEFINE(PAM_TTY_KLUDGE) 183 AC_DEFINE(PAM_TTY_KLUDGE)
184 AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
185 AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
180 inet6_default_4in6=yes 186 inet6_default_4in6=yes
181 ;; 187 ;;
182mips-sony-bsd|mips-sony-newsos4) 188mips-sony-bsd|mips-sony-newsos4)
@@ -210,6 +216,7 @@ mips-sony-bsd|mips-sony-newsos4)
210 AC_DEFINE(LOGIN_NEEDS_UTMPX) 216 AC_DEFINE(LOGIN_NEEDS_UTMPX)
211 AC_DEFINE(LOGIN_NEEDS_TERM) 217 AC_DEFINE(LOGIN_NEEDS_TERM)
212 AC_DEFINE(PAM_TTY_KLUDGE) 218 AC_DEFINE(PAM_TTY_KLUDGE)
219 AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
213 # hardwire lastlog location (can't detect it on some versions) 220 # hardwire lastlog location (can't detect it on some versions)
214 conf_lastlog_location="/var/adm/lastlog" 221 conf_lastlog_location="/var/adm/lastlog"
215 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) 222 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
@@ -278,6 +285,9 @@ mips-sony-bsd|mips-sony-newsos4)
278 do_sco3_extra_lib_check=yes 285 do_sco3_extra_lib_check=yes
279 ;; 286 ;;
280*-*-sco3.2v5*) 287*-*-sco3.2v5*)
288 if test -z "$GCC"; then
289 CFLAGS="$CFLAGS -belf"
290 fi
281 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 291 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
282 LDFLAGS="$LDFLAGS -L/usr/local/lib" 292 LDFLAGS="$LDFLAGS -L/usr/local/lib"
283 LIBS="$LIBS -lprot -lx -ltinfo -lm" 293 LIBS="$LIBS -lprot -lx -ltinfo -lm"
@@ -290,8 +300,6 @@ mips-sony-bsd|mips-sony-newsos4)
290 MANTYPE=man 300 MANTYPE=man
291 ;; 301 ;;
292*-*-unicosmk*) 302*-*-unicosmk*)
293 no_libsocket=1
294 no_libnsl=1
295 AC_DEFINE(USE_PIPES) 303 AC_DEFINE(USE_PIPES)
296 AC_DEFINE(DISABLE_FD_PASSING) 304 AC_DEFINE(DISABLE_FD_PASSING)
297 LDFLAGS="$LDFLAGS" 305 LDFLAGS="$LDFLAGS"
@@ -299,8 +307,6 @@ mips-sony-bsd|mips-sony-newsos4)
299 MANTYPE=cat 307 MANTYPE=cat
300 ;; 308 ;;
301*-*-unicos*) 309*-*-unicos*)
302 no_libsocket=1
303 no_libnsl=1
304 AC_DEFINE(USE_PIPES) 310 AC_DEFINE(USE_PIPES)
305 AC_DEFINE(DISABLE_FD_PASSING) 311 AC_DEFINE(DISABLE_FD_PASSING)
306 AC_DEFINE(NO_SSH_LASTLOG) 312 AC_DEFINE(NO_SSH_LASTLOG)
@@ -325,11 +331,13 @@ mips-sony-bsd|mips-sony-newsos4)
325 AC_MSG_RESULT(yes) 331 AC_MSG_RESULT(yes)
326 AC_DEFINE(HAVE_OSF_SIA) 332 AC_DEFINE(HAVE_OSF_SIA)
327 AC_DEFINE(DISABLE_LOGIN) 333 AC_DEFINE(DISABLE_LOGIN)
334 AC_DEFINE(DISABLE_FD_PASSING)
328 LIBS="$LIBS -lsecurity -ldb -lm -laud" 335 LIBS="$LIBS -lsecurity -ldb -lm -laud"
329 else 336 else
330 AC_MSG_RESULT(no) 337 AC_MSG_RESULT(no)
331 fi 338 fi
332 fi 339 fi
340 AC_DEFINE(DISABLE_FD_PASSING)
333 ;; 341 ;;
334 342
335*-*-nto-qnx) 343*-*-nto-qnx)
@@ -377,13 +385,13 @@ AC_ARG_WITH(libs,
377 385
378# Checks for header files. 386# Checks for header files.
379AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ 387AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
380 getopt.h glob.h ia.h lastlog.h limits.h login.h \ 388 getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
381 login_cap.h maillock.h netdb.h netgroup.h \ 389 login_cap.h maillock.h netdb.h netgroup.h \
382 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 390 netinet/in_systm.h paths.h pty.h readpassphrase.h \
383 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 391 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
384 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 392 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
385 sys/mman.h sys/select.h sys/stat.h \ 393 sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
386 sys/stropts.h sys/sysmacros.h sys/time.h \ 394 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
387 sys/un.h time.h tmpdir.h ttyent.h usersec.h \ 395 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
388 util.h utime.h utmp.h utmpx.h) 396 util.h utime.h utmp.h utmpx.h)
389 397
@@ -594,18 +602,25 @@ AC_ARG_WITH(tcp-wrappers,
594 ] 602 ]
595) 603)
596 604
597dnl Checks for library functions. 605dnl Checks for library functions. Please keep in alphabetical order
598AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ 606AC_CHECK_FUNCS(\
599 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 607 arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
600 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ 608 bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
601 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 609 gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
602 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 610 getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
603 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 611 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
604 realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ 612 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
605 setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ 613 readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
606 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ 614 setegid setenv seteuid setgroups setlogin setpcred setproctitle \
607 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 615 setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
608 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) 616 snprintf socketpair strerror strlcat strlcpy strmode strnvis \
617 sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
618)
619
620AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
621
622dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
623AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
609 624
610dnl IRIX and Solaris 2.5.1 have dirname() in libgen 625dnl IRIX and Solaris 2.5.1 have dirname() in libgen
611AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ 626AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@@ -680,6 +695,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
680 ) 695 )
681fi 696fi
682 697
698dnl see whether mkstemp() requires XXXXXX
699if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
700AC_MSG_CHECKING([for (overly) strict mkstemp])
701AC_TRY_RUN(
702 [
703#include <stdlib.h>
704main() { char template[]="conftest.mkstemp-test";
705if (mkstemp(template) == -1)
706 exit(1);
707unlink(template); exit(0);
708}
709 ],
710 [
711 AC_MSG_RESULT(no)
712 ],
713 [
714 AC_MSG_RESULT(yes)
715 AC_DEFINE(HAVE_STRICT_MKSTEMP)
716 ],
717 [
718 AC_MSG_RESULT(yes)
719 AC_DEFINE(HAVE_STRICT_MKSTEMP)
720 ]
721)
722fi
723
683AC_FUNC_GETPGRP 724AC_FUNC_GETPGRP
684 725
685# Check for PAM libs 726# Check for PAM libs
@@ -1443,12 +1484,16 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1443 have_struct_timeval=1 1484 have_struct_timeval=1
1444fi 1485fi
1445 1486
1446# If we don't have int64_t then we can't compile sftp-server. So don't 1487AC_CHECK_TYPES(struct timespec)
1447# even attempt to do it. 1488
1489# We need int64_t or else certian parts of the compile will fail.
1448if test "x$ac_cv_have_int64_t" = "xno" -a \ 1490if test "x$ac_cv_have_int64_t" = "xno" -a \
1449 "x$ac_cv_sizeof_long_int" != "x8" -a \ 1491 "x$ac_cv_sizeof_long_int" != "x8" -a \
1450 "x$ac_cv_sizeof_long_long_int" = "x0" ; then 1492 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1451 NO_SFTP='#' 1493 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1494 echo "an alternative compiler (I.E., GCC) before continuing."
1495 echo ""
1496 exit 1;
1452else 1497else
1453dnl test snprintf (broken on SCO w/gcc) 1498dnl test snprintf (broken on SCO w/gcc)
1454 AC_TRY_RUN( 1499 AC_TRY_RUN(
@@ -1478,7 +1523,6 @@ main() { exit(0); }
1478 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] 1523 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1479 ) 1524 )
1480fi 1525fi
1481AC_SUBST(NO_SFTP)
1482 1526
1483dnl Checks for structure members 1527dnl Checks for structure members
1484OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) 1528OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
@@ -1906,6 +1950,17 @@ AC_ARG_WITH(xauth,
1906 ] 1950 ]
1907) 1951)
1908 1952
1953STRIP_OPT=-s
1954AC_ARG_ENABLE(strip,
1955 [ --disable-strip Disable calling strip(1) on install],
1956 [
1957 if test "x$enableval" = "xno" ; then
1958 STRIP_OPT=
1959 fi
1960 ]
1961)
1962AC_SUBST(STRIP_OPT)
1963
1909if test -z "$xauth_path" ; then 1964if test -z "$xauth_path" ; then
1910 XAUTH_PATH="undefined" 1965 XAUTH_PATH="undefined"
1911 AC_SUBST(XAUTH_PATH) 1966 AC_SUBST(XAUTH_PATH)
@@ -2060,7 +2115,11 @@ Edit /etc/login.conf instead.])
2060# include <paths.h> 2115# include <paths.h>
2061#endif 2116#endif
2062#ifndef _PATH_STDPATH 2117#ifndef _PATH_STDPATH
2063# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 2118# ifdef _PATH_USERPATH /* Irix */
2119# define _PATH_STDPATH _PATH_USERPATH
2120# else
2121# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2122# endif
2064#endif 2123#endif
2065#include <sys/types.h> 2124#include <sys/types.h>
2066#include <sys/stat.h> 2125#include <sys/stat.h>
@@ -2498,12 +2557,6 @@ if test "x$PAM_MSG" = "xyes" ; then
2498 echo "" 2557 echo ""
2499fi 2558fi
2500 2559
2501if test ! -z "$NO_SFTP"; then
2502 echo "sftp-server will be disabled. Your compiler does not "
2503 echo "support 64bit integers."
2504 echo ""
2505fi
2506
2507if test ! -z "$RAND_HELPER_CMDHASH" ; then 2560if test ! -z "$RAND_HELPER_CMDHASH" ; then
2508 echo "WARNING: you are using the builtin random number collection " 2561 echo "WARNING: you are using the builtin random number collection "
2509 echo "service. Please read WARNING.RNG and request that your OS " 2562 echo "service. Please read WARNING.RNG and request that your OS "
diff --git a/contrib/aix/README b/contrib/aix/README
index 033fd0a5d..82fd8be1b 100644
--- a/contrib/aix/README
+++ b/contrib/aix/README
@@ -6,9 +6,15 @@ installable) openssh package.
6 6
7Directions: 7Directions:
8 8
9(optional) create config.local in your build dir
9./configure [options] 10./configure [options]
10cd contrib/aix; ./buildbff.sh 11contrib/aix/buildbff.sh
11 12
13The file config.local or the environment is read to set the following options
14(default first):
15PERMIT_ROOT_LOGIN=[no|yes]
16X11_FORWARDING=[no|yes]
17AIX_SRC=[no|yes]
12 18
13Acknowledgements: 19Acknowledgements:
14 20
@@ -19,6 +25,8 @@ Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
19and for comparison with the output from this script, however no code 25and for comparison with the output from this script, however no code
20from lppbuild is included and it is not required for operation. 26from lppbuild is included and it is not required for operation.
21 27
28SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
29
22 30
23Other notes: 31Other notes:
24 32
@@ -26,8 +34,7 @@ The script treats all packages as USR packages (not ROOT+USR when
26appropriate). It seems to work, though...... 34appropriate). It seems to work, though......
27 35
28If there are any patches to this that have not yet been integrated they 36If there are any patches to this that have not yet been integrated they
29may be found at http://www.zip.com.au/~dtucker/openssh/ or 37may be found at http://www.zip.com.au/~dtucker/openssh/.
30http://home.usf.advantra.com.au/~dtucker/openssh/.
31 38
32 39
33Disclaimer: 40Disclaimer:
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 5c09c6b75..3b3699660 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -11,10 +11,12 @@
11 11
12# 12#
13# Tunable configuration settings 13# Tunable configuration settings
14# create a "config.local" in your build directory to override these. 14# create a "config.local" in your build directory or set
15# environment variables to override these.
15# 16#
16PERMIT_ROOT_LOGIN=no 17[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no
17X11_FORWARDING=no 18[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no
19[ -z "$AIX_SRC" ] || AIX_SRC=no
18 20
19umask 022 21umask 022
20 22
@@ -167,6 +169,18 @@ For the full text of the license, see /usr/lpp/openssh/LICENCE
167EOD 169EOD
168 170
169# 171#
172# openssh.size file allows filesystem expansion as required
173# generate list of directories containing files
174# then calculate disk usage for each directory and store in openssh.size
175#
176files=`find . -type f -print`
177dirs=`for file in $files; do dirname $file; done | sort -u`
178for dir in $dirs
179do
180 du $dir
181done > ../openssh.size
182
183#
170# Create postinstall script 184# Create postinstall script
171# 185#
172cat <<EOF >>../openssh.post_i 186cat <<EOF >>../openssh.post_i
@@ -245,14 +259,42 @@ else
245fi 259fi
246echo 260echo
247 261
248# Add to system startup if required 262# Set startup command depending on SRC support
249if grep $sbindir/sshd /etc/rc.tcpip >/dev/null 263if [ "$AIX_SRC" = "yes" ]
264then
265 echo Creating SRC sshd subsystem.
266 rmssys -s sshd 2>&1 >/dev/null
267 mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
268 startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
269 oldstartcmd="$sbindir/sshd"
270else
271 startupcmd="$sbindir/sshd"
272 oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
273fi
274
275# If migrating to or from SRC, change previous startup command
276# otherwise add to rc.tcpip
277if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
250then 278then
251 echo "sshd found in rc.tcpip, not adding." 279 if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
280 then
281 chmod 0755 /etc/rc.tcpip.new
282 mv /etc/rc.tcpip /etc/rc.tcpip.old && \
283 mv /etc/rc.tcpip.new /etc/rc.tcpip
284 else
285 echo "Updating /etc/rc.tcpip failed, please check."
286 fi
252else 287else
253 echo >>/etc/rc.tcpip 288 # Add to system startup if required
254 echo "echo Starting sshd" >>/etc/rc.tcpip 289 if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
255 echo "$sbindir/sshd" >>/etc/rc.tcpip 290 then
291 echo "sshd found in rc.tcpip, not adding."
292 else
293 echo "Adding sshd to rc.tcpip"
294 echo >>/etc/rc.tcpip
295 echo "# Start sshd" >>/etc/rc.tcpip
296 echo "\$startupcmd" >>/etc/rc.tcpip
297 fi
256fi 298fi
257EOF 299EOF
258 300
@@ -262,7 +304,7 @@ EOF
262echo Creating liblpp.a 304echo Creating liblpp.a
263( 305(
264 cd .. 306 cd ..
265 for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* 307 for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
266 do 308 do
267 ar -r liblpp.a $i 309 ar -r liblpp.a $i
268 rm $i 310 rm $i
diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh
index 78df0d16e..619493ae2 100755
--- a/contrib/aix/inventory.sh
+++ b/contrib/aix/inventory.sh
@@ -2,9 +2,9 @@
2# 2#
3# inventory.sh 3# inventory.sh
4# 4#
5# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl 5# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
6# 6#
7# This will produced and AIX package inventory file, which looks like: 7# This will produce an AIX package inventory file, which looks like:
8# 8#
9# /usr/local/bin: 9# /usr/local/bin:
10# class=apply,inventory,openssh 10# class=apply,inventory,openssh
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index b7de22e8b..e70ac8f37 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 3.5p1 20 %define version 3.6p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 2 22 %define release 2
23%else 23%else
@@ -198,7 +198,7 @@ xmkmf
198%Install 198%Install
199[ %{buildroot} != "/" ] && rm -rf %{buildroot} 199[ %{buildroot} != "/" ] && rm -rf %{buildroot}
200 200
201%makeinstall 201make install DESTDIR=%{buildroot}
202%makeinstall -C %{askpass} \ 202%makeinstall -C %{askpass} \
203 BINDIR=%{_libexecdir} \ 203 BINDIR=%{_libexecdir} \
204 MANPATH=%{_mandir} \ 204 MANPATH=%{_mandir} \
@@ -316,8 +316,16 @@ fi
316%defattr(-,root,root) 316%defattr(-,root,root)
317%dir %{_sysconfdir} 317%dir %{_sysconfdir}
318%config %{_sysconfdir}/ssh_config 318%config %{_sysconfdir}/ssh_config
319%{_bindir}/* 319%{_bindir}/scp
320%{_bindir}/sftp
321%{_bindir}/ssh
322%{_bindir}/slogin
323%{_bindir}/ssh-add
324%attr(2755,root,nobody) %{_bindir}/ssh-agent
325%{_bindir}/ssh-keygen
326%{_bindir}/ssh-keyscan
320%dir %{_libexecdir} 327%dir %{_libexecdir}
328%attr(4711,root,root) %{_libexecdir}/ssh-keysign
321%{_sbindir}/ssh-host-keygen 329%{_sbindir}/ssh-host-keygen
322%dir %{_defaultdocdir}/%{name}-%{version} 330%dir %{_defaultdocdir}/%{name}-%{version}
323%{_defaultdocdir}/%{name}-%{version}/CREDITS 331%{_defaultdocdir}/%{name}-%{version}/CREDITS
@@ -328,10 +336,12 @@ fi
328%{_defaultdocdir}/%{name}-%{version}/TODO 336%{_defaultdocdir}/%{name}-%{version}/TODO
329%{_defaultdocdir}/%{name}-%{version}/faq.html 337%{_defaultdocdir}/%{name}-%{version}/faq.html
330%{_mandir}/man1/* 338%{_mandir}/man1/*
339%{_mandir}/man8/ssh-keysign.8.gz
340%{_mandir}/man5/ssh_config.5.gz
331 341
332%Files server 342%Files server
333%defattr(-,root,root) 343%defattr(-,root,root)
334%dir %attr(0700,root,root) %{_var}/empty/sshd 344%dir %{_var}/empty/sshd
335%config %{SVIdir}/sshd 345%config %{SVIdir}/sshd
336%config /etc/pam.d/sshd 346%config /etc/pam.d/sshd
337%config %{_sysconfdir}/moduli 347%config %{_sysconfdir}/moduli
@@ -339,6 +349,7 @@ fi
339%config %{SVIcdir}/sshd 349%config %{SVIcdir}/sshd
340%{_libexecdir}/sftp-server 350%{_libexecdir}/sftp-server
341%{_sbindir}/sshd 351%{_sbindir}/sshd
352%{_mandir}/man5/sshd_config.5.gz
342%{_mandir}/man8/sftp-server.8.gz 353%{_mandir}/man8/sftp-server.8.gz
343%{_mandir}/man8/sshd.8.gz 354%{_mandir}/man8/sshd.8.gz
344 355
@@ -353,4 +364,4 @@ fi
353* Mon Jan 01 1998 ... 364* Mon Jan 01 1998 ...
354Template Version: 1.31 365Template Version: 1.31
355 366
356$Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $ 367$Id: openssh.spec,v 1.39.2.2 2003/03/21 04:52:56 tim Exp $
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 4df5aa969..2c6db51e5 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -378,6 +378,8 @@ then
378# This is the sshd server system-wide configuration file. See 378# This is the sshd server system-wide configuration file. See
379# sshd_config(5) for more information. 379# sshd_config(5) for more information.
380 380
381# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
382
381# The strategy used for options in the default sshd_config shipped with 383# The strategy used for options in the default sshd_config shipped with
382# OpenSSH is to specify options with their default value where 384# OpenSSH is to specify options with their default value where
383# possible, but leave them commented. Uncommented options change a 385# possible, but leave them commented. Uncommented options change a
@@ -394,7 +396,7 @@ Port $port_number
394#HostKey ${SYSCONFDIR}/ssh_host_rsa_key 396#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
395#HostKey ${SYSCONFDIR}/ssh_host_dsa_key 397#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
396 398
397# Lifetime and size of ephemeral version 1 server ke 399# Lifetime and size of ephemeral version 1 server key
398#KeyRegenerationInterval 3600 400#KeyRegenerationInterval 3600
399#ServerKeyBits 768 401#ServerKeyBits 768
400 402
@@ -405,7 +407,7 @@ Port $port_number
405 407
406# Authentication: 408# Authentication:
407 409
408#LoginGraceTime 600 410#LoginGraceTime 120
409#PermitRootLogin yes 411#PermitRootLogin yes
410# The following setting overrides permission checks on host key files 412# The following setting overrides permission checks on host key files
411# and directories. For security reasons set this to "yes" when running 413# and directories. For security reasons set this to "yes" when running
@@ -414,11 +416,11 @@ StrictModes no
414 416
415#RSAAuthentication yes 417#RSAAuthentication yes
416#PubkeyAuthentication yes 418#PubkeyAuthentication yes
417#AuthorizedKeysFile %h/.ssh/authorized_keys 419#AuthorizedKeysFile .ssh/authorized_keys
418 420
419# rhosts authentication should not be used 421# rhosts authentication should not be used
420#RhostsAuthentication no 422#RhostsAuthentication no
421# Don't read ~/.rhosts and ~/.shosts files 423# Don't read the user's ~/.rhosts and ~/.shosts files
422#IgnoreRhosts yes 424#IgnoreRhosts yes
423# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts 425# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
424#RhostsRSAAuthentication no 426#RhostsRSAAuthentication no
@@ -443,6 +445,7 @@ StrictModes no
443#KeepAlive yes 445#KeepAlive yes
444#UseLogin no 446#UseLogin no
445UsePrivilegeSeparation $privsep_used 447UsePrivilegeSeparation $privsep_used
448#PermitUserEnvironment no
446#Compression yes 449#Compression yes
447 450
448#MaxStartups 10 451#MaxStartups 10
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index 89a412aa8..9e8eaf920 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -36,10 +36,13 @@
36 * you don't trust your X server. We grab the keyboard always. 36 * you don't trust your X server. We grab the keyboard always.
37 */ 37 */
38 38
39#define GRAB_TRIES 16
40#define GRAB_WAIT 250 /* milliseconds */
41
39/* 42/*
40 * Compile with: 43 * Compile with:
41 * 44 *
42 * cc `pkg-config --cflags gtk+-2.0` \ 45 * cc -Wall `pkg-config --cflags gtk+-2.0` \
43 * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ 46 * gnome-ssh-askpass2.c -o gnome-ssh-askpass \
44 * `pkg-config --libs gtk+-2.0` 47 * `pkg-config --libs gtk+-2.0`
45 * 48 *
@@ -48,6 +51,7 @@
48#include <stdlib.h> 51#include <stdlib.h>
49#include <stdio.h> 52#include <stdio.h>
50#include <string.h> 53#include <string.h>
54#include <unistd.h>
51#include <X11/Xlib.h> 55#include <X11/Xlib.h>
52#include <gtk/gtk.h> 56#include <gtk/gtk.h>
53#include <gdk/gdkx.h> 57#include <gdk/gdkx.h>
@@ -84,13 +88,13 @@ passphrase_dialog(char *message)
84{ 88{
85 const char *failed; 89 const char *failed;
86 char *passphrase, *local; 90 char *passphrase, *local;
87 char **messages; 91 int result, grab_tries, grab_server, grab_pointer;
88 int result, i, grab_server, grab_pointer; 92 GtkWidget *dialog, *entry;
89 GtkWidget *dialog, *entry, *label;
90 GdkGrabStatus status; 93 GdkGrabStatus status;
91 94
92 grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); 95 grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
93 grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); 96 grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
97 grab_tries = 0;
94 98
95 dialog = gtk_message_dialog_new(NULL, 0, 99 dialog = gtk_message_dialog_new(NULL, 0,
96 GTK_MESSAGE_QUESTION, 100 GTK_MESSAGE_QUESTION,
@@ -117,23 +121,35 @@ passphrase_dialog(char *message)
117 121
118 /* Grab focus */ 122 /* Grab focus */
119 gtk_widget_show_now(dialog); 123 gtk_widget_show_now(dialog);
120 if (grab_server) {
121 gdk_x11_grab_server();
122 }
123 if (grab_pointer) { 124 if (grab_pointer) {
124 status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE, 125 for(;;) {
125 0, NULL, NULL, GDK_CURRENT_TIME); 126 status = gdk_pointer_grab(
126 if (status != GDK_GRAB_SUCCESS) { 127 (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
127 failed = "mouse"; 128 NULL, GDK_CURRENT_TIME);
128 goto nograb; 129 if (status == GDK_GRAB_SUCCESS)
130 break;
131 usleep(GRAB_WAIT * 1000);
132 if (++grab_tries > GRAB_TRIES) {
133 failed = "mouse";
134 goto nograb;
135 }
129 } 136 }
130 } 137 }
131 status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE, 138 for(;;) {
132 GDK_CURRENT_TIME); 139 status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
133 if (status != GDK_GRAB_SUCCESS) { 140 FALSE, GDK_CURRENT_TIME);
134 failed = "keyboard"; 141 if (status == GDK_GRAB_SUCCESS)
135 goto nograbkb; 142 break;
143 usleep(GRAB_WAIT * 1000);
144 if (++grab_tries > GRAB_TRIES) {
145 failed = "keyboard";
146 goto nograbkb;
147 }
136 } 148 }
149 if (grab_server) {
150 gdk_x11_grab_server();
151 }
152
137 result = gtk_dialog_run(GTK_DIALOG(dialog)); 153 result = gtk_dialog_run(GTK_DIALOG(dialog));
138 154
139 /* Ungrab */ 155 /* Ungrab */
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index e7005064d..f71c0b261 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 3.5p1 1%define ver 3.6p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
@@ -21,7 +21,7 @@
21%define scard 0 21%define scard 0
22 22
23# Use GTK2 instead of GNOME in gnome-ssh-askpass 23# Use GTK2 instead of GNOME in gnome-ssh-askpass
24%define gtk2 0 24%define gtk2 1
25 25
26# Is this build for RHL 6.x? 26# Is this build for RHL 6.x?
27%define build6x 0 27%define build6x 0
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
index e7ca2489f..48b6c5702 100755
--- a/contrib/solaris/opensshd.in
+++ b/contrib/solaris/opensshd.in
@@ -3,6 +3,8 @@
3# 3#
4# Stripped PRNGd out of it for the time being. 4# Stripped PRNGd out of it for the time being.
5 5
6umask 022
7
6CAT=/usr/bin/cat 8CAT=/usr/bin/cat
7KILL=/usr/bin/kill 9KILL=/usr/bin/kill
8 10
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index 2346761f7..a1ad34a8d 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -29,7 +29,12 @@ if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then
29fi 29fi
30 30
31if [ -z "`eval $GET_ID`" ]; then 31if [ -z "`eval $GET_ID`" ]; then
32 echo "$0: ERROR: No identities found" 32 echo "$0: ERROR: No identities found" >&2
33 exit 1
34fi
35
36if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
37 echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
33 exit 1 38 exit 1
34fi 39fi
35 40
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 3ae1dfc80..55de013dc 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2Name: openssh 2Name: openssh
3Version: 3.5p1 3Version: 3.6p1
4URL: http://www.openssh.com/ 4URL: http://www.openssh.com/
5Release: 1 5Release: 1
6Source0: openssh-%{version}.tar.gz 6Source0: openssh-%{version}.tar.gz
diff --git a/crc32.c b/crc32.c
index 4774c8ba1..ac627b57a 100644
--- a/crc32.c
+++ b/crc32.c
@@ -1,114 +1,105 @@
1/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
2
1/* 3/*
2 * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or 4 * Copyright (c) 2003 Markus Friedl. All rights reserved.
3 * code or tables extracted from it, as desired without restriction.
4 *
5 * First, the polynomial itself and its table of feedback terms. The
6 * polynomial is
7 * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
8 *
9 * Note that we take it "backwards" and put the highest-order term in
10 * the lowest-order bit. The X^32 term is "implied"; the LSB is the
11 * X^31 term, etc. The X^0 term (usually shown as "+1") results in
12 * the MSB being 1
13 *
14 * Note that the usual hardware shift register implementation, which
15 * is what we're using (we're merely optimizing it by doing eight-bit
16 * chunks at a time) shifts bits into the lowest-order term. In our
17 * implementation, that means shifting towards the right. Why do we
18 * do it this way? Because the calculated CRC must be transmitted in
19 * order from highest-order term to lowest-order term. UARTs transmit
20 * characters in order from LSB to MSB. By storing the CRC this way
21 * we hand it to the UART in the order low-byte to high-byte; the UART
22 * sends each low-bit to hight-bit; and the result is transmission bit
23 * by bit from highest- to lowest-order term without requiring any bit
24 * shuffling on our part. Reception works similarly
25 *
26 * The feedback terms table consists of 256, 32-bit entries. Notes
27 * 5 *
28 * The table can be generated at runtime if desired; code to do so 6 * Redistribution and use in source and binary forms, with or without
29 * is shown later. It might not be obvious, but the feedback 7 * modification, are permitted provided that the following conditions
30 * terms simply represent the results of eight shift/xor opera 8 * are met:
31 * tions for all combinations of data and CRC register values 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
32 * 14 *
33 * The values must be right-shifted by eight bits by the "updcrc 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
34 * logic; the shift must be u_(bring in zeroes). On some 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
35 * hardware you could probably optimize the shift in assembler by 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
36 * using byte-swap instructions 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
37 * polynomial $edb88320 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 */ 25 */
39
40
41#include "includes.h" 26#include "includes.h"
42RCSID("$OpenBSD: crc32.c,v 1.8 2000/12/19 23:17:56 markus Exp $");
43
44#include "crc32.h" 27#include "crc32.h"
45 28
46static u_int crc32_tab[] = { 29static const u_int32_t crc32tab[] = {
47 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 30 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL,
48 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, 31 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L,
49 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 32 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L,
50 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, 33 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L,
51 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, 34 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
52 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, 35 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L,
53 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 36 0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL,
54 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, 37 0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L,
55 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, 38 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L,
56 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, 39 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
57 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 40 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L,
58 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, 41 0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L,
59 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, 42 0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L,
60 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, 43 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL,
61 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 44 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
62 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, 45 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL,
63 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, 46 0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL,
64 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, 47 0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L,
65 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 48 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L,
66 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, 49 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
67 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, 50 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL,
68 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, 51 0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L,
69 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 52 0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL,
70 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, 53 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L,
71 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, 54 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
72 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, 55 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL,
73 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, 56 0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L,
74 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, 57 0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L,
75 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, 58 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L,
76 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, 59 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
77 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 60 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L,
78 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, 61 0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL,
79 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, 62 0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL,
80 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, 63 0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L,
81 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 64 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
82 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, 65 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L,
83 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, 66 0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL,
84 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, 67 0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L,
85 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 68 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL,
86 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, 69 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
87 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, 70 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L,
88 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, 71 0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL,
89 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 72 0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L,
90 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, 73 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L,
91 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, 74 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
92 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, 75 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL,
93 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 76 0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L,
94 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, 77 0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL,
95 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, 78 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL,
96 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, 79 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
97 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 80 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L,
98 0x2d02ef8dL 81 0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L,
82 0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL,
83 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L,
84 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
85 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L,
86 0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L,
87 0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL,
88 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L,
89 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
90 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L,
91 0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL,
92 0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L,
93 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL
99}; 94};
100 95
101/* Return a 32-bit CRC of the contents of the buffer. */ 96u_int32_t
102 97ssh_crc32(const u_char *buf, u_int32_t size)
103u_int
104ssh_crc32(const u_char *s, u_int len)
105{ 98{
106 u_int i; 99 u_int32_t i, crc;
107 u_int crc32val;
108 100
109 crc32val = 0; 101 crc = 0;
110 for (i = 0; i < len; i ++) { 102 for (i = 0; i < size; i++)
111 crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8); 103 crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
112 } 104 return crc;
113 return crc32val;
114} 105}
diff --git a/crc32.h b/crc32.h
index cd1832ff6..a2fb58493 100644
--- a/crc32.h
+++ b/crc32.h
@@ -1,21 +1,30 @@
1/* $OpenBSD: crc32.h,v 1.13 2002/03/04 17:27:39 stevesk Exp $ */ 1/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 2003 Markus Friedl. All rights reserved.
5 * Copyright (c) 1992 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
7 * Functions for computing 32-bit CRC.
8 * 5 *
9 * As far as I am concerned, the code I have written for this software 6 * Redistribution and use in source and binary forms, with or without
10 * can be used freely for any purpose. Any derived versions of this 7 * modification, are permitted provided that the following conditions
11 * software must be clearly marked as such, and if the derived work is 8 * are met:
12 * incompatible with the protocol description in the RFC file, it must be 9 * 1. Redistributions of source code must retain the above copyright
13 * called by a name other than "ssh" or "Secure Shell". 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
14 */ 25 */
15 26
16#ifndef CRC32_H 27#ifndef SSH_CRC32_H
17#define CRC32_H 28#define SSH_CRC32_H
18 29u_int32_t ssh_crc32(const u_char *, u_int32_t);
19u_int ssh_crc32(const u_char *, u_int); 30#endif
20
21#endif /* CRC32_H */
diff --git a/defines.h b/defines.h
index ab19a077c..73fbe077b 100644
--- a/defines.h
+++ b/defines.h
@@ -1,7 +1,7 @@
1#ifndef _DEFINES_H 1#ifndef _DEFINES_H
2#define _DEFINES_H 2#define _DEFINES_H
3 3
4/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ 4/* $Id: defines.h,v 1.97 2003/01/24 00:50:32 djm Exp $ */
5 5
6 6
7/* Constants */ 7/* Constants */
@@ -370,6 +370,20 @@ struct winsize {
370 } while (0) 370 } while (0)
371#endif 371#endif
372 372
373#ifndef TIMEVAL_TO_TIMESPEC
374#define TIMEVAL_TO_TIMESPEC(tv, ts) { \
375 (ts)->tv_sec = (tv)->tv_sec; \
376 (ts)->tv_nsec = (tv)->tv_usec * 1000; \
377}
378#endif
379
380#ifndef TIMESPEC_TO_TIMEVAL
381#define TIMESPEC_TO_TIMEVAL(tv, ts) { \
382 (tv)->tv_sec = (ts)->tv_sec; \
383 (tv)->tv_usec = (ts)->tv_nsec / 1000; \
384}
385#endif
386
373#ifndef __P 387#ifndef __P
374# define __P(x) x 388# define __P(x) x
375#endif 389#endif
diff --git a/dh.c b/dh.c
index 6ec37867a..1be51953c 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $"); 26RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29 29
@@ -182,7 +182,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
182 for (i = 0; i <= n; i++) 182 for (i = 0; i <= n; i++)
183 if (BN_is_bit_set(dh_pub, i)) 183 if (BN_is_bit_set(dh_pub, i))
184 bits_set++; 184 bits_set++;
185 debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); 185 debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
186 186
187 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ 187 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
188 if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) 188 if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
@@ -214,7 +214,7 @@ dh_gen_key(DH *dh, int need)
214 for (i = 0; i <= BN_num_bits(dh->priv_key); i++) 214 for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
215 if (BN_is_bit_set(dh->priv_key, i)) 215 if (BN_is_bit_set(dh->priv_key, i))
216 bits_set++; 216 bits_set++;
217 debug("dh_gen_key: priv key bits set: %d/%d", 217 debug2("dh_gen_key: priv key bits set: %d/%d",
218 bits_set, BN_num_bits(dh->priv_key)); 218 bits_set, BN_num_bits(dh->priv_key));
219 if (tries++ > 10) 219 if (tries++ > 10)
220 fatal("dh_gen_key: too many bad keys: giving up"); 220 fatal("dh_gen_key: too many bad keys: giving up");
diff --git a/fixpaths b/fixpaths
index 7e4178e4a..60a67990f 100755
--- a/fixpaths
+++ b/fixpaths
@@ -1,43 +1,22 @@
1#!/usr/bin/perl -w 1#!/bin/sh
2# 2#
3# fixpaths - substitute makefile variables into text files 3# fixpaths - substitute makefile variables into text files
4# Usage: fixpaths -Dsomething=somethingelse ...
4 5
5 6die() {
6$usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n"; 7 echo $*
7 8 exit -1
8if (!defined(@ARGV)) { die ("$usage"); }
9
10# read in the command line and get some definitions
11while ($_=$ARGV[0], /^-/) {
12 if (/^-D/) {
13 # definition
14 shift(@ARGV);
15 if ( /-D(.*)=(.*)/ ) {
16 $def{"$1"}=$2;
17 } else {
18 die ("$usage$0: error in command line arguments.\n");
19 }
20 } else {
21 @cmd = split(//, $ARGV[0]); $opt = $cmd[1];
22 die ("$usage$0: unknown option '-$opt'\n");
23 }
24} # while parsing arguments
25
26if (!defined(%def)) {
27 die ("$0: nothing to do - no substitutions listed!\n");
28} 9}
29 10
30for $f (@ARGV) { 11test -n "`echo $1|grep -- -D`" || \
12 die $0: nothing to do - no substitutions listed!
13
14test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \
15 die $0: error in command line arguments.
31 16
32 $f =~ /(.*\/)*(.*)$/; 17test -n "`echo $*|grep -- ' [^-]'`" || \
18 die Usage: $0 '[-Dstring=replacement] [[infile] ...]'
33 19
34 open(IN, "<$f") || die ("$0: input file $f missing!\n"); 20sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'`
35 while (<IN>) {
36 for $s (keys(%def)) {
37 s#$s#$def{$s}#;
38 } # for $s
39 print;
40 } # while <IN>
41} # for $f
42 21
43exit 0; 22exit 0
diff --git a/hostfile.h b/hostfile.h
index 1df7a22f2..e3d116581 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ 1/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -19,10 +19,10 @@ typedef enum {
19} HostStatus; 19} HostStatus;
20 20
21int hostfile_read_key(char **, u_int *, Key *); 21int hostfile_read_key(char **, u_int *, Key *);
22HostStatus 22HostStatus check_host_in_hostfile(const char *, const char *,
23check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); 23 Key *, Key *, int *);
24int add_host_to_hostfile(const char *, const char *, Key *); 24int add_host_to_hostfile(const char *, const char *, Key *);
25int 25int lookup_key_in_hostfile_by_type(const char *, const char *,
26lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *); 26 int, Key *, int *);
27 27
28#endif 28#endif
diff --git a/includes.h b/includes.h
index d7b875c52..37d402ef4 100644
--- a/includes.h
+++ b/includes.h
@@ -157,6 +157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
157# include <tmpdir.h> 157# include <tmpdir.h>
158#endif 158#endif
159 159
160#ifdef HAVE_LIBUTIL_H
161# include <libutil.h> /* Openpty on FreeBSD at least */
162#endif
163
160#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ 164#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
161 165
162#include "defines.h" 166#include "defines.h"
diff --git a/kex.c b/kex.c
index bdbf3882c..2c1cacfec 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -44,11 +44,6 @@ RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
44 44
45#define KEX_COOKIE_LEN 16 45#define KEX_COOKIE_LEN 16
46 46
47/* Use privilege separation for sshd */
48int use_privsep;
49struct monitor *pmonitor;
50
51
52/* prototype */ 47/* prototype */
53static void kex_kexinit_finish(Kex *); 48static void kex_kexinit_finish(Kex *);
54static void kex_choose_conf(Kex *); 49static void kex_choose_conf(Kex *);
@@ -74,7 +69,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
74 69
75/* parse buffer and return algorithm proposal */ 70/* parse buffer and return algorithm proposal */
76static char ** 71static char **
77kex_buf2prop(Buffer *raw) 72kex_buf2prop(Buffer *raw, int *first_kex_follows)
78{ 73{
79 Buffer b; 74 Buffer b;
80 int i; 75 int i;
@@ -94,6 +89,8 @@ kex_buf2prop(Buffer *raw)
94 } 89 }
95 /* first kex follows / reserved */ 90 /* first kex follows / reserved */
96 i = buffer_get_char(&b); 91 i = buffer_get_char(&b);
92 if (first_kex_follows != NULL)
93 *first_kex_follows = i;
97 debug2("kex_parse_kexinit: first_kex_follows %d ", i); 94 debug2("kex_parse_kexinit: first_kex_follows %d ", i);
98 i = buffer_get_int(&b); 95 i = buffer_get_int(&b);
99 debug2("kex_parse_kexinit: reserved %d ", i); 96 debug2("kex_parse_kexinit: reserved %d ", i);
@@ -135,7 +132,7 @@ kex_finish(Kex *kex)
135 /* packet_write_wait(); */ 132 /* packet_write_wait(); */
136 debug("SSH2_MSG_NEWKEYS sent"); 133 debug("SSH2_MSG_NEWKEYS sent");
137 134
138 debug("waiting for SSH2_MSG_NEWKEYS"); 135 debug("expecting SSH2_MSG_NEWKEYS");
139 packet_read_expect(SSH2_MSG_NEWKEYS); 136 packet_read_expect(SSH2_MSG_NEWKEYS);
140 packet_check_eom(); 137 packet_check_eom();
141 debug("SSH2_MSG_NEWKEYS received"); 138 debug("SSH2_MSG_NEWKEYS received");
@@ -235,14 +232,10 @@ kex_kexinit_finish(Kex *kex)
235 232
236 kex_choose_conf(kex); 233 kex_choose_conf(kex);
237 234
238 switch (kex->kex_type) { 235 if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
239 case DH_GRP1_SHA1: 236 kex->kex[kex->kex_type] != NULL) {
240 kexdh(kex); 237 (kex->kex[kex->kex_type])(kex);
241 break; 238 } else {
242 case DH_GEX_SHA1:
243 kexgex(kex);
244 break;
245 default:
246 fatal("Unsupported key exchange %d", kex->kex_type); 239 fatal("Unsupported key exchange %d", kex->kex_type);
247 } 240 }
248} 241}
@@ -299,9 +292,9 @@ choose_kex(Kex *k, char *client, char *server)
299 if (k->name == NULL) 292 if (k->name == NULL)
300 fatal("no kex alg"); 293 fatal("no kex alg");
301 if (strcmp(k->name, KEX_DH1) == 0) { 294 if (strcmp(k->name, KEX_DH1) == 0) {
302 k->kex_type = DH_GRP1_SHA1; 295 k->kex_type = KEX_DH_GRP1_SHA1;
303 } else if (strcmp(k->name, KEX_DHGEX) == 0) { 296 } else if (strcmp(k->name, KEX_DHGEX) == 0) {
304 k->kex_type = DH_GEX_SHA1; 297 k->kex_type = KEX_DH_GEX_SHA1;
305 } else 298 } else
306 fatal("bad kex alg %s", k->name); 299 fatal("bad kex alg %s", k->name);
307} 300}
@@ -317,6 +310,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
317 xfree(hostkeyalg); 310 xfree(hostkeyalg);
318} 311}
319 312
313static int
314proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
315{
316 static int check[] = {
317 PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
318 };
319 int *idx;
320 char *p;
321
322 for (idx = &check[0]; *idx != -1; idx++) {
323 if ((p = strchr(my[*idx], ',')) != NULL)
324 *p = '\0';
325 if ((p = strchr(peer[*idx], ',')) != NULL)
326 *p = '\0';
327 if (strcmp(my[*idx], peer[*idx]) != 0) {
328 debug2("proposal mismatch: my %s peer %s",
329 my[*idx], peer[*idx]);
330 return (0);
331 }
332 }
333 debug2("proposals match");
334 return (1);
335}
336
320static void 337static void
321kex_choose_conf(Kex *kex) 338kex_choose_conf(Kex *kex)
322{ 339{
@@ -327,9 +344,10 @@ kex_choose_conf(Kex *kex)
327 int mode; 344 int mode;
328 int ctos; /* direction: if true client-to-server */ 345 int ctos; /* direction: if true client-to-server */
329 int need; 346 int need;
347 int first_kex_follows, type;
330 348
331 my = kex_buf2prop(&kex->my); 349 my = kex_buf2prop(&kex->my, NULL);
332 peer = kex_buf2prop(&kex->peer); 350 peer = kex_buf2prop(&kex->peer, &first_kex_follows);
333 351
334 if (kex->server) { 352 if (kex->server) {
335 cprop=peer; 353 cprop=peer;
@@ -373,6 +391,12 @@ kex_choose_conf(Kex *kex)
373 /* XXX need runden? */ 391 /* XXX need runden? */
374 kex->we_need = need; 392 kex->we_need = need;
375 393
394 /* ignore the next message if the proposals do not match */
395 if (first_kex_follows && !proposals_match(my, peer)) {
396 type = packet_read();
397 debug2("skipping next packet (type %u)", type);
398 }
399
376 kex_prop_free(my); 400 kex_prop_free(my);
377 kex_prop_free(peer); 401 kex_prop_free(peer);
378} 402}
@@ -433,7 +457,7 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
433 for (i = 0; i < NKEYS; i++) 457 for (i = 0; i < NKEYS; i++)
434 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); 458 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
435 459
436 debug("kex_derive_keys"); 460 debug2("kex_derive_keys");
437 for (mode = 0; mode < MODE_MAX; mode++) { 461 for (mode = 0; mode < MODE_MAX; mode++) {
438 current_keys[mode] = kex->newkeys[mode]; 462 current_keys[mode] = kex->newkeys[mode];
439 kex->newkeys[mode] = NULL; 463 kex->newkeys[mode] = NULL;
diff --git a/kex.h b/kex.h
index 93a529e12..52d442e9a 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -55,8 +55,9 @@ enum kex_modes {
55}; 55};
56 56
57enum kex_exchange { 57enum kex_exchange {
58 DH_GRP1_SHA1, 58 KEX_DH_GRP1_SHA1,
59 DH_GEX_SHA1 59 KEX_DH_GEX_SHA1,
60 KEX_MAX
60}; 61};
61 62
62#define KEX_INIT_SENT 0x0001 63#define KEX_INIT_SENT 0x0001
@@ -112,6 +113,7 @@ struct Kex {
112 int (*verify_host_key)(Key *); 113 int (*verify_host_key)(Key *);
113 Key *(*load_host_key)(int); 114 Key *(*load_host_key)(int);
114 int (*host_key_index)(Key *); 115 int (*host_key_index)(Key *);
116 void (*kex[KEX_MAX])(Kex *);
115}; 117};
116 118
117Kex *kex_setup(char *[PROPOSAL_MAX]); 119Kex *kex_setup(char *[PROPOSAL_MAX]);
@@ -121,11 +123,20 @@ void kex_send_kexinit(Kex *);
121void kex_input_kexinit(int, u_int32_t, void *); 123void kex_input_kexinit(int, u_int32_t, void *);
122void kex_derive_keys(Kex *, u_char *, BIGNUM *); 124void kex_derive_keys(Kex *, u_char *, BIGNUM *);
123 125
124void kexdh(Kex *);
125void kexgex(Kex *);
126
127Newkeys *kex_get_newkeys(int); 126Newkeys *kex_get_newkeys(int);
128 127
128void kexdh_client(Kex *);
129void kexdh_server(Kex *);
130void kexgex_client(Kex *);
131void kexgex_server(Kex *);
132
133u_char *
134kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
135 BIGNUM *, BIGNUM *, BIGNUM *);
136u_char *
137kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
138 int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
139
129#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) 140#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
130void dump_digest(char *, u_char *, int); 141void dump_digest(char *, u_char *, int);
131#endif 142#endif
diff --git a/kexdh.c b/kexdh.c
index 1e91e2550..4bbb7d1db 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,23 +23,16 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $"); 26RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/evp.h>
29#include <openssl/bn.h>
30 29
31#include "xmalloc.h"
32#include "buffer.h" 30#include "buffer.h"
33#include "bufaux.h" 31#include "bufaux.h"
34#include "key.h"
35#include "kex.h"
36#include "log.h"
37#include "packet.h"
38#include "dh.h"
39#include "ssh2.h" 32#include "ssh2.h"
40#include "monitor_wrap.h" 33#include "kex.h"
41 34
42static u_char * 35u_char *
43kex_dh_hash( 36kex_dh_hash(
44 char *client_version_string, 37 char *client_version_string,
45 char *server_version_string, 38 char *server_version_string,
@@ -86,222 +79,3 @@ kex_dh_hash(
86#endif 79#endif
87 return digest; 80 return digest;
88} 81}
89
90/* client */
91
92static void
93kexdh_client(Kex *kex)
94{
95 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
96 DH *dh;
97 Key *server_host_key;
98 u_char *server_host_key_blob = NULL, *signature = NULL;
99 u_char *kbuf, *hash;
100 u_int klen, kout, slen, sbloblen;
101
102 /* generate and send 'e', client DH public key */
103 dh = dh_new_group1();
104 dh_gen_key(dh, kex->we_need * 8);
105 packet_start(SSH2_MSG_KEXDH_INIT);
106 packet_put_bignum2(dh->pub_key);
107 packet_send();
108
109 debug("sending SSH2_MSG_KEXDH_INIT");
110#ifdef DEBUG_KEXDH
111 DHparams_print_fp(stderr, dh);
112 fprintf(stderr, "pub= ");
113 BN_print_fp(stderr, dh->pub_key);
114 fprintf(stderr, "\n");
115#endif
116
117 debug("expecting SSH2_MSG_KEXDH_REPLY");
118 packet_read_expect(SSH2_MSG_KEXDH_REPLY);
119
120 /* key, cert */
121 server_host_key_blob = packet_get_string(&sbloblen);
122 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
123 if (server_host_key == NULL)
124 fatal("cannot decode server_host_key_blob");
125 if (server_host_key->type != kex->hostkey_type)
126 fatal("type mismatch for decoded server_host_key_blob");
127 if (kex->verify_host_key == NULL)
128 fatal("cannot verify server_host_key");
129 if (kex->verify_host_key(server_host_key) == -1)
130 fatal("server_host_key verification failed");
131
132 /* DH paramter f, server public DH key */
133 if ((dh_server_pub = BN_new()) == NULL)
134 fatal("dh_server_pub == NULL");
135 packet_get_bignum2(dh_server_pub);
136
137#ifdef DEBUG_KEXDH
138 fprintf(stderr, "dh_server_pub= ");
139 BN_print_fp(stderr, dh_server_pub);
140 fprintf(stderr, "\n");
141 debug("bits %d", BN_num_bits(dh_server_pub));
142#endif
143
144 /* signed H */
145 signature = packet_get_string(&slen);
146 packet_check_eom();
147
148 if (!dh_pub_is_valid(dh, dh_server_pub))
149 packet_disconnect("bad server public DH value");
150
151 klen = DH_size(dh);
152 kbuf = xmalloc(klen);
153 kout = DH_compute_key(kbuf, dh_server_pub, dh);
154#ifdef DEBUG_KEXDH
155 dump_digest("shared secret", kbuf, kout);
156#endif
157 if ((shared_secret = BN_new()) == NULL)
158 fatal("kexdh_client: BN_new failed");
159 BN_bin2bn(kbuf, kout, shared_secret);
160 memset(kbuf, 0, klen);
161 xfree(kbuf);
162
163 /* calc and verify H */
164 hash = kex_dh_hash(
165 kex->client_version_string,
166 kex->server_version_string,
167 buffer_ptr(&kex->my), buffer_len(&kex->my),
168 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
169 server_host_key_blob, sbloblen,
170 dh->pub_key,
171 dh_server_pub,
172 shared_secret
173 );
174 xfree(server_host_key_blob);
175 BN_clear_free(dh_server_pub);
176 DH_free(dh);
177
178 if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
179 fatal("key_verify failed for server_host_key");
180 key_free(server_host_key);
181 xfree(signature);
182
183 /* save session id */
184 if (kex->session_id == NULL) {
185 kex->session_id_len = 20;
186 kex->session_id = xmalloc(kex->session_id_len);
187 memcpy(kex->session_id, hash, kex->session_id_len);
188 }
189
190 kex_derive_keys(kex, hash, shared_secret);
191 BN_clear_free(shared_secret);
192 kex_finish(kex);
193}
194
195/* server */
196
197static void
198kexdh_server(Kex *kex)
199{
200 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
201 DH *dh;
202 Key *server_host_key;
203 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
204 u_int sbloblen, klen, kout;
205 u_int slen;
206
207 /* generate server DH public key */
208 dh = dh_new_group1();
209 dh_gen_key(dh, kex->we_need * 8);
210
211 debug("expecting SSH2_MSG_KEXDH_INIT");
212 packet_read_expect(SSH2_MSG_KEXDH_INIT);
213
214 if (kex->load_host_key == NULL)
215 fatal("Cannot load hostkey");
216 server_host_key = kex->load_host_key(kex->hostkey_type);
217 if (server_host_key == NULL)
218 fatal("Unsupported hostkey type %d", kex->hostkey_type);
219
220 /* key, cert */
221 if ((dh_client_pub = BN_new()) == NULL)
222 fatal("dh_client_pub == NULL");
223 packet_get_bignum2(dh_client_pub);
224 packet_check_eom();
225
226#ifdef DEBUG_KEXDH
227 fprintf(stderr, "dh_client_pub= ");
228 BN_print_fp(stderr, dh_client_pub);
229 fprintf(stderr, "\n");
230 debug("bits %d", BN_num_bits(dh_client_pub));
231#endif
232
233#ifdef DEBUG_KEXDH
234 DHparams_print_fp(stderr, dh);
235 fprintf(stderr, "pub= ");
236 BN_print_fp(stderr, dh->pub_key);
237 fprintf(stderr, "\n");
238#endif
239 if (!dh_pub_is_valid(dh, dh_client_pub))
240 packet_disconnect("bad client public DH value");
241
242 klen = DH_size(dh);
243 kbuf = xmalloc(klen);
244 kout = DH_compute_key(kbuf, dh_client_pub, dh);
245#ifdef DEBUG_KEXDH
246 dump_digest("shared secret", kbuf, kout);
247#endif
248 if ((shared_secret = BN_new()) == NULL)
249 fatal("kexdh_server: BN_new failed");
250 BN_bin2bn(kbuf, kout, shared_secret);
251 memset(kbuf, 0, klen);
252 xfree(kbuf);
253
254 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
255
256 /* calc H */
257 hash = kex_dh_hash(
258 kex->client_version_string,
259 kex->server_version_string,
260 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
261 buffer_ptr(&kex->my), buffer_len(&kex->my),
262 server_host_key_blob, sbloblen,
263 dh_client_pub,
264 dh->pub_key,
265 shared_secret
266 );
267 BN_clear_free(dh_client_pub);
268
269 /* save session id := H */
270 /* XXX hashlen depends on KEX */
271 if (kex->session_id == NULL) {
272 kex->session_id_len = 20;
273 kex->session_id = xmalloc(kex->session_id_len);
274 memcpy(kex->session_id, hash, kex->session_id_len);
275 }
276
277 /* sign H */
278 /* XXX hashlen depends on KEX */
279 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
280
281 /* destroy_sensitive_data(); */
282
283 /* send server hostkey, DH pubkey 'f' and singed H */
284 packet_start(SSH2_MSG_KEXDH_REPLY);
285 packet_put_string(server_host_key_blob, sbloblen);
286 packet_put_bignum2(dh->pub_key); /* f */
287 packet_put_string(signature, slen);
288 packet_send();
289
290 xfree(signature);
291 xfree(server_host_key_blob);
292 /* have keys, free DH */
293 DH_free(dh);
294
295 kex_derive_keys(kex, hash, shared_secret);
296 BN_clear_free(shared_secret);
297 kex_finish(kex);
298}
299
300void
301kexdh(Kex *kex)
302{
303 if (kex->server)
304 kexdh_server(kex);
305 else
306 kexdh_client(kex);
307}
diff --git a/kexdhc.c b/kexdhc.c
new file mode 100644
index 000000000..fe6dc53f8
--- /dev/null
+++ b/kexdhc.c
@@ -0,0 +1,137 @@
1/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
27
28#include "xmalloc.h"
29#include "key.h"
30#include "kex.h"
31#include "log.h"
32#include "packet.h"
33#include "dh.h"
34#include "ssh2.h"
35
36void
37kexdh_client(Kex *kex)
38{
39 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
40 DH *dh;
41 Key *server_host_key;
42 u_char *server_host_key_blob = NULL, *signature = NULL;
43 u_char *kbuf, *hash;
44 u_int klen, kout, slen, sbloblen;
45
46 /* generate and send 'e', client DH public key */
47 dh = dh_new_group1();
48 dh_gen_key(dh, kex->we_need * 8);
49 packet_start(SSH2_MSG_KEXDH_INIT);
50 packet_put_bignum2(dh->pub_key);
51 packet_send();
52
53 debug("sending SSH2_MSG_KEXDH_INIT");
54#ifdef DEBUG_KEXDH
55 DHparams_print_fp(stderr, dh);
56 fprintf(stderr, "pub= ");
57 BN_print_fp(stderr, dh->pub_key);
58 fprintf(stderr, "\n");
59#endif
60
61 debug("expecting SSH2_MSG_KEXDH_REPLY");
62 packet_read_expect(SSH2_MSG_KEXDH_REPLY);
63
64 /* key, cert */
65 server_host_key_blob = packet_get_string(&sbloblen);
66 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
67 if (server_host_key == NULL)
68 fatal("cannot decode server_host_key_blob");
69 if (server_host_key->type != kex->hostkey_type)
70 fatal("type mismatch for decoded server_host_key_blob");
71 if (kex->verify_host_key == NULL)
72 fatal("cannot verify server_host_key");
73 if (kex->verify_host_key(server_host_key) == -1)
74 fatal("server_host_key verification failed");
75
76 /* DH paramter f, server public DH key */
77 if ((dh_server_pub = BN_new()) == NULL)
78 fatal("dh_server_pub == NULL");
79 packet_get_bignum2(dh_server_pub);
80
81#ifdef DEBUG_KEXDH
82 fprintf(stderr, "dh_server_pub= ");
83 BN_print_fp(stderr, dh_server_pub);
84 fprintf(stderr, "\n");
85 debug("bits %d", BN_num_bits(dh_server_pub));
86#endif
87
88 /* signed H */
89 signature = packet_get_string(&slen);
90 packet_check_eom();
91
92 if (!dh_pub_is_valid(dh, dh_server_pub))
93 packet_disconnect("bad server public DH value");
94
95 klen = DH_size(dh);
96 kbuf = xmalloc(klen);
97 kout = DH_compute_key(kbuf, dh_server_pub, dh);
98#ifdef DEBUG_KEXDH
99 dump_digest("shared secret", kbuf, kout);
100#endif
101 if ((shared_secret = BN_new()) == NULL)
102 fatal("kexdh_client: BN_new failed");
103 BN_bin2bn(kbuf, kout, shared_secret);
104 memset(kbuf, 0, klen);
105 xfree(kbuf);
106
107 /* calc and verify H */
108 hash = kex_dh_hash(
109 kex->client_version_string,
110 kex->server_version_string,
111 buffer_ptr(&kex->my), buffer_len(&kex->my),
112 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
113 server_host_key_blob, sbloblen,
114 dh->pub_key,
115 dh_server_pub,
116 shared_secret
117 );
118 xfree(server_host_key_blob);
119 BN_clear_free(dh_server_pub);
120 DH_free(dh);
121
122 if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
123 fatal("key_verify failed for server_host_key");
124 key_free(server_host_key);
125 xfree(signature);
126
127 /* save session id */
128 if (kex->session_id == NULL) {
129 kex->session_id_len = 20;
130 kex->session_id = xmalloc(kex->session_id_len);
131 memcpy(kex->session_id, hash, kex->session_id_len);
132 }
133
134 kex_derive_keys(kex, hash, shared_secret);
135 BN_clear_free(shared_secret);
136 kex_finish(kex);
137}
diff --git a/kexdhs.c b/kexdhs.c
new file mode 100644
index 000000000..f04bce825
--- /dev/null
+++ b/kexdhs.c
@@ -0,0 +1,138 @@
1/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
27
28#include "xmalloc.h"
29#include "key.h"
30#include "kex.h"
31#include "log.h"
32#include "packet.h"
33#include "dh.h"
34#include "ssh2.h"
35#include "monitor_wrap.h"
36
37void
38kexdh_server(Kex *kex)
39{
40 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
41 DH *dh;
42 Key *server_host_key;
43 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
44 u_int sbloblen, klen, kout;
45 u_int slen;
46
47 /* generate server DH public key */
48 dh = dh_new_group1();
49 dh_gen_key(dh, kex->we_need * 8);
50
51 debug("expecting SSH2_MSG_KEXDH_INIT");
52 packet_read_expect(SSH2_MSG_KEXDH_INIT);
53
54 if (kex->load_host_key == NULL)
55 fatal("Cannot load hostkey");
56 server_host_key = kex->load_host_key(kex->hostkey_type);
57 if (server_host_key == NULL)
58 fatal("Unsupported hostkey type %d", kex->hostkey_type);
59
60 /* key, cert */
61 if ((dh_client_pub = BN_new()) == NULL)
62 fatal("dh_client_pub == NULL");
63 packet_get_bignum2(dh_client_pub);
64 packet_check_eom();
65
66#ifdef DEBUG_KEXDH
67 fprintf(stderr, "dh_client_pub= ");
68 BN_print_fp(stderr, dh_client_pub);
69 fprintf(stderr, "\n");
70 debug("bits %d", BN_num_bits(dh_client_pub));
71#endif
72
73#ifdef DEBUG_KEXDH
74 DHparams_print_fp(stderr, dh);
75 fprintf(stderr, "pub= ");
76 BN_print_fp(stderr, dh->pub_key);
77 fprintf(stderr, "\n");
78#endif
79 if (!dh_pub_is_valid(dh, dh_client_pub))
80 packet_disconnect("bad client public DH value");
81
82 klen = DH_size(dh);
83 kbuf = xmalloc(klen);
84 kout = DH_compute_key(kbuf, dh_client_pub, dh);
85#ifdef DEBUG_KEXDH
86 dump_digest("shared secret", kbuf, kout);
87#endif
88 if ((shared_secret = BN_new()) == NULL)
89 fatal("kexdh_server: BN_new failed");
90 BN_bin2bn(kbuf, kout, shared_secret);
91 memset(kbuf, 0, klen);
92 xfree(kbuf);
93
94 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
95
96 /* calc H */
97 hash = kex_dh_hash(
98 kex->client_version_string,
99 kex->server_version_string,
100 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
101 buffer_ptr(&kex->my), buffer_len(&kex->my),
102 server_host_key_blob, sbloblen,
103 dh_client_pub,
104 dh->pub_key,
105 shared_secret
106 );
107 BN_clear_free(dh_client_pub);
108
109 /* save session id := H */
110 /* XXX hashlen depends on KEX */
111 if (kex->session_id == NULL) {
112 kex->session_id_len = 20;
113 kex->session_id = xmalloc(kex->session_id_len);
114 memcpy(kex->session_id, hash, kex->session_id_len);
115 }
116
117 /* sign H */
118 /* XXX hashlen depends on KEX */
119 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
120
121 /* destroy_sensitive_data(); */
122
123 /* send server hostkey, DH pubkey 'f' and singed H */
124 packet_start(SSH2_MSG_KEXDH_REPLY);
125 packet_put_string(server_host_key_blob, sbloblen);
126 packet_put_bignum2(dh->pub_key); /* f */
127 packet_put_string(signature, slen);
128 packet_send();
129
130 xfree(signature);
131 xfree(server_host_key_blob);
132 /* have keys, free DH */
133 DH_free(dh);
134
135 kex_derive_keys(kex, hash, shared_secret);
136 BN_clear_free(shared_secret);
137 kex_finish(kex);
138}
diff --git a/kexgex.c b/kexgex.c
index 2d4a58153..b0c39c8cb 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,23 +24,16 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $"); 27RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
28 28
29#include <openssl/bn.h> 29#include <openssl/evp.h>
30 30
31#include "xmalloc.h"
32#include "buffer.h" 31#include "buffer.h"
33#include "bufaux.h" 32#include "bufaux.h"
34#include "key.h"
35#include "kex.h" 33#include "kex.h"
36#include "log.h"
37#include "packet.h"
38#include "dh.h"
39#include "ssh2.h" 34#include "ssh2.h"
40#include "compat.h"
41#include "monitor_wrap.h"
42 35
43static u_char * 36u_char *
44kexgex_hash( 37kexgex_hash(
45 char *client_version_string, 38 char *client_version_string,
46 char *server_version_string, 39 char *server_version_string,
@@ -97,318 +90,3 @@ kexgex_hash(
97#endif 90#endif
98 return digest; 91 return digest;
99} 92}
100
101/* client */
102
103static void
104kexgex_client(Kex *kex)
105{
106 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
107 BIGNUM *p = NULL, *g = NULL;
108 Key *server_host_key;
109 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
110 u_int klen, kout, slen, sbloblen;
111 int min, max, nbits;
112 DH *dh;
113
114 nbits = dh_estimate(kex->we_need * 8);
115
116 if (datafellows & SSH_OLD_DHGEX) {
117 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
118
119 /* Old GEX request */
120 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
121 packet_put_int(nbits);
122 min = DH_GRP_MIN;
123 max = DH_GRP_MAX;
124 } else {
125 debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
126
127 /* New GEX request */
128 min = DH_GRP_MIN;
129 max = DH_GRP_MAX;
130 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
131 packet_put_int(min);
132 packet_put_int(nbits);
133 packet_put_int(max);
134 }
135#ifdef DEBUG_KEXDH
136 fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
137 min, nbits, max);
138#endif
139 packet_send();
140
141 debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
142 packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
143
144 if ((p = BN_new()) == NULL)
145 fatal("BN_new");
146 packet_get_bignum2(p);
147 if ((g = BN_new()) == NULL)
148 fatal("BN_new");
149 packet_get_bignum2(g);
150 packet_check_eom();
151
152 if (BN_num_bits(p) < min || BN_num_bits(p) > max)
153 fatal("DH_GEX group out of range: %d !< %d !< %d",
154 min, BN_num_bits(p), max);
155
156 dh = dh_new_group(g, p);
157 dh_gen_key(dh, kex->we_need * 8);
158
159#ifdef DEBUG_KEXDH
160 DHparams_print_fp(stderr, dh);
161 fprintf(stderr, "pub= ");
162 BN_print_fp(stderr, dh->pub_key);
163 fprintf(stderr, "\n");
164#endif
165
166 debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
167 /* generate and send 'e', client DH public key */
168 packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
169 packet_put_bignum2(dh->pub_key);
170 packet_send();
171
172 debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
173 packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
174
175 /* key, cert */
176 server_host_key_blob = packet_get_string(&sbloblen);
177 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
178 if (server_host_key == NULL)
179 fatal("cannot decode server_host_key_blob");
180 if (server_host_key->type != kex->hostkey_type)
181 fatal("type mismatch for decoded server_host_key_blob");
182 if (kex->verify_host_key == NULL)
183 fatal("cannot verify server_host_key");
184 if (kex->verify_host_key(server_host_key) == -1)
185 fatal("server_host_key verification failed");
186
187 /* DH paramter f, server public DH key */
188 if ((dh_server_pub = BN_new()) == NULL)
189 fatal("dh_server_pub == NULL");
190 packet_get_bignum2(dh_server_pub);
191
192#ifdef DEBUG_KEXDH
193 fprintf(stderr, "dh_server_pub= ");
194 BN_print_fp(stderr, dh_server_pub);
195 fprintf(stderr, "\n");
196 debug("bits %d", BN_num_bits(dh_server_pub));
197#endif
198
199 /* signed H */
200 signature = packet_get_string(&slen);
201 packet_check_eom();
202
203 if (!dh_pub_is_valid(dh, dh_server_pub))
204 packet_disconnect("bad server public DH value");
205
206 klen = DH_size(dh);
207 kbuf = xmalloc(klen);
208 kout = DH_compute_key(kbuf, dh_server_pub, dh);
209#ifdef DEBUG_KEXDH
210 dump_digest("shared secret", kbuf, kout);
211#endif
212 if ((shared_secret = BN_new()) == NULL)
213 fatal("kexgex_client: BN_new failed");
214 BN_bin2bn(kbuf, kout, shared_secret);
215 memset(kbuf, 0, klen);
216 xfree(kbuf);
217
218 if (datafellows & SSH_OLD_DHGEX)
219 min = max = -1;
220
221 /* calc and verify H */
222 hash = kexgex_hash(
223 kex->client_version_string,
224 kex->server_version_string,
225 buffer_ptr(&kex->my), buffer_len(&kex->my),
226 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
227 server_host_key_blob, sbloblen,
228 min, nbits, max,
229 dh->p, dh->g,
230 dh->pub_key,
231 dh_server_pub,
232 shared_secret
233 );
234 /* have keys, free DH */
235 DH_free(dh);
236 xfree(server_host_key_blob);
237 BN_clear_free(dh_server_pub);
238
239 if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
240 fatal("key_verify failed for server_host_key");
241 key_free(server_host_key);
242 xfree(signature);
243
244 /* save session id */
245 if (kex->session_id == NULL) {
246 kex->session_id_len = 20;
247 kex->session_id = xmalloc(kex->session_id_len);
248 memcpy(kex->session_id, hash, kex->session_id_len);
249 }
250 kex_derive_keys(kex, hash, shared_secret);
251 BN_clear_free(shared_secret);
252
253 kex_finish(kex);
254}
255
256/* server */
257
258static void
259kexgex_server(Kex *kex)
260{
261 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
262 Key *server_host_key;
263 DH *dh;
264 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
265 u_int sbloblen, klen, kout, slen;
266 int min = -1, max = -1, nbits = -1, type;
267
268 if (kex->load_host_key == NULL)
269 fatal("Cannot load hostkey");
270 server_host_key = kex->load_host_key(kex->hostkey_type);
271 if (server_host_key == NULL)
272 fatal("Unsupported hostkey type %d", kex->hostkey_type);
273
274 type = packet_read();
275 switch (type) {
276 case SSH2_MSG_KEX_DH_GEX_REQUEST:
277 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
278 min = packet_get_int();
279 nbits = packet_get_int();
280 max = packet_get_int();
281 min = MAX(DH_GRP_MIN, min);
282 max = MIN(DH_GRP_MAX, max);
283 break;
284 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
285 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
286 nbits = packet_get_int();
287 min = DH_GRP_MIN;
288 max = DH_GRP_MAX;
289 /* unused for old GEX */
290 break;
291 default:
292 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
293 }
294 packet_check_eom();
295
296 if (max < min || nbits < min || max < nbits)
297 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
298 min, nbits, max);
299
300 /* Contact privileged parent */
301 dh = PRIVSEP(choose_dh(min, nbits, max));
302 if (dh == NULL)
303 packet_disconnect("Protocol error: no matching DH grp found");
304
305 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
306 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
307 packet_put_bignum2(dh->p);
308 packet_put_bignum2(dh->g);
309 packet_send();
310
311 /* flush */
312 packet_write_wait();
313
314 /* Compute our exchange value in parallel with the client */
315 dh_gen_key(dh, kex->we_need * 8);
316
317 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
318 packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
319
320 /* key, cert */
321 if ((dh_client_pub = BN_new()) == NULL)
322 fatal("dh_client_pub == NULL");
323 packet_get_bignum2(dh_client_pub);
324 packet_check_eom();
325
326#ifdef DEBUG_KEXDH
327 fprintf(stderr, "dh_client_pub= ");
328 BN_print_fp(stderr, dh_client_pub);
329 fprintf(stderr, "\n");
330 debug("bits %d", BN_num_bits(dh_client_pub));
331#endif
332
333#ifdef DEBUG_KEXDH
334 DHparams_print_fp(stderr, dh);
335 fprintf(stderr, "pub= ");
336 BN_print_fp(stderr, dh->pub_key);
337 fprintf(stderr, "\n");
338#endif
339 if (!dh_pub_is_valid(dh, dh_client_pub))
340 packet_disconnect("bad client public DH value");
341
342 klen = DH_size(dh);
343 kbuf = xmalloc(klen);
344 kout = DH_compute_key(kbuf, dh_client_pub, dh);
345#ifdef DEBUG_KEXDH
346 dump_digest("shared secret", kbuf, kout);
347#endif
348 if ((shared_secret = BN_new()) == NULL)
349 fatal("kexgex_server: BN_new failed");
350 BN_bin2bn(kbuf, kout, shared_secret);
351 memset(kbuf, 0, klen);
352 xfree(kbuf);
353
354 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
355
356 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
357 min = max = -1;
358
359 /* calc H */ /* XXX depends on 'kex' */
360 hash = kexgex_hash(
361 kex->client_version_string,
362 kex->server_version_string,
363 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
364 buffer_ptr(&kex->my), buffer_len(&kex->my),
365 server_host_key_blob, sbloblen,
366 min, nbits, max,
367 dh->p, dh->g,
368 dh_client_pub,
369 dh->pub_key,
370 shared_secret
371 );
372 BN_clear_free(dh_client_pub);
373
374 /* save session id := H */
375 /* XXX hashlen depends on KEX */
376 if (kex->session_id == NULL) {
377 kex->session_id_len = 20;
378 kex->session_id = xmalloc(kex->session_id_len);
379 memcpy(kex->session_id, hash, kex->session_id_len);
380 }
381
382 /* sign H */
383 /* XXX hashlen depends on KEX */
384 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
385
386 /* destroy_sensitive_data(); */
387
388 /* send server hostkey, DH pubkey 'f' and singed H */
389 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
390 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
391 packet_put_string(server_host_key_blob, sbloblen);
392 packet_put_bignum2(dh->pub_key); /* f */
393 packet_put_string(signature, slen);
394 packet_send();
395
396 xfree(signature);
397 xfree(server_host_key_blob);
398 /* have keys, free DH */
399 DH_free(dh);
400
401 kex_derive_keys(kex, hash, shared_secret);
402 BN_clear_free(shared_secret);
403
404 kex_finish(kex);
405}
406
407void
408kexgex(Kex *kex)
409{
410 if (kex->server)
411 kexgex_server(kex);
412 else
413 kexgex_client(kex);
414}
diff --git a/kexgexc.c b/kexgexc.c
new file mode 100644
index 000000000..f14ac44ca
--- /dev/null
+++ b/kexgexc.c
@@ -0,0 +1,189 @@
1/*
2 * Copyright (c) 2000 Niels Provos. All rights reserved.
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
28
29#include "xmalloc.h"
30#include "key.h"
31#include "kex.h"
32#include "log.h"
33#include "packet.h"
34#include "dh.h"
35#include "ssh2.h"
36#include "compat.h"
37
38void
39kexgex_client(Kex *kex)
40{
41 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
42 BIGNUM *p = NULL, *g = NULL;
43 Key *server_host_key;
44 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
45 u_int klen, kout, slen, sbloblen;
46 int min, max, nbits;
47 DH *dh;
48
49 nbits = dh_estimate(kex->we_need * 8);
50
51 if (datafellows & SSH_OLD_DHGEX) {
52 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
53
54 /* Old GEX request */
55 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
56 packet_put_int(nbits);
57 min = DH_GRP_MIN;
58 max = DH_GRP_MAX;
59 } else {
60 debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
61
62 /* New GEX request */
63 min = DH_GRP_MIN;
64 max = DH_GRP_MAX;
65 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
66 packet_put_int(min);
67 packet_put_int(nbits);
68 packet_put_int(max);
69 }
70#ifdef DEBUG_KEXDH
71 fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
72 min, nbits, max);
73#endif
74 packet_send();
75
76 debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
77 packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
78
79 if ((p = BN_new()) == NULL)
80 fatal("BN_new");
81 packet_get_bignum2(p);
82 if ((g = BN_new()) == NULL)
83 fatal("BN_new");
84 packet_get_bignum2(g);
85 packet_check_eom();
86
87 if (BN_num_bits(p) < min || BN_num_bits(p) > max)
88 fatal("DH_GEX group out of range: %d !< %d !< %d",
89 min, BN_num_bits(p), max);
90
91 dh = dh_new_group(g, p);
92 dh_gen_key(dh, kex->we_need * 8);
93
94#ifdef DEBUG_KEXDH
95 DHparams_print_fp(stderr, dh);
96 fprintf(stderr, "pub= ");
97 BN_print_fp(stderr, dh->pub_key);
98 fprintf(stderr, "\n");
99#endif
100
101 debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
102 /* generate and send 'e', client DH public key */
103 packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
104 packet_put_bignum2(dh->pub_key);
105 packet_send();
106
107 debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
108 packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
109
110 /* key, cert */
111 server_host_key_blob = packet_get_string(&sbloblen);
112 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
113 if (server_host_key == NULL)
114 fatal("cannot decode server_host_key_blob");
115 if (server_host_key->type != kex->hostkey_type)
116 fatal("type mismatch for decoded server_host_key_blob");
117 if (kex->verify_host_key == NULL)
118 fatal("cannot verify server_host_key");
119 if (kex->verify_host_key(server_host_key) == -1)
120 fatal("server_host_key verification failed");
121
122 /* DH paramter f, server public DH key */
123 if ((dh_server_pub = BN_new()) == NULL)
124 fatal("dh_server_pub == NULL");
125 packet_get_bignum2(dh_server_pub);
126
127#ifdef DEBUG_KEXDH
128 fprintf(stderr, "dh_server_pub= ");
129 BN_print_fp(stderr, dh_server_pub);
130 fprintf(stderr, "\n");
131 debug("bits %d", BN_num_bits(dh_server_pub));
132#endif
133
134 /* signed H */
135 signature = packet_get_string(&slen);
136 packet_check_eom();
137
138 if (!dh_pub_is_valid(dh, dh_server_pub))
139 packet_disconnect("bad server public DH value");
140
141 klen = DH_size(dh);
142 kbuf = xmalloc(klen);
143 kout = DH_compute_key(kbuf, dh_server_pub, dh);
144#ifdef DEBUG_KEXDH
145 dump_digest("shared secret", kbuf, kout);
146#endif
147 if ((shared_secret = BN_new()) == NULL)
148 fatal("kexgex_client: BN_new failed");
149 BN_bin2bn(kbuf, kout, shared_secret);
150 memset(kbuf, 0, klen);
151 xfree(kbuf);
152
153 if (datafellows & SSH_OLD_DHGEX)
154 min = max = -1;
155
156 /* calc and verify H */
157 hash = kexgex_hash(
158 kex->client_version_string,
159 kex->server_version_string,
160 buffer_ptr(&kex->my), buffer_len(&kex->my),
161 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
162 server_host_key_blob, sbloblen,
163 min, nbits, max,
164 dh->p, dh->g,
165 dh->pub_key,
166 dh_server_pub,
167 shared_secret
168 );
169 /* have keys, free DH */
170 DH_free(dh);
171 xfree(server_host_key_blob);
172 BN_clear_free(dh_server_pub);
173
174 if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
175 fatal("key_verify failed for server_host_key");
176 key_free(server_host_key);
177 xfree(signature);
178
179 /* save session id */
180 if (kex->session_id == NULL) {
181 kex->session_id_len = 20;
182 kex->session_id = xmalloc(kex->session_id_len);
183 memcpy(kex->session_id, hash, kex->session_id_len);
184 }
185 kex_derive_keys(kex, hash, shared_secret);
186 BN_clear_free(shared_secret);
187
188 kex_finish(kex);
189}
diff --git a/kexgexs.c b/kexgexs.c
new file mode 100644
index 000000000..baebfcfb0
--- /dev/null
+++ b/kexgexs.c
@@ -0,0 +1,186 @@
1/*
2 * Copyright (c) 2000 Niels Provos. All rights reserved.
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
28
29#include "xmalloc.h"
30#include "key.h"
31#include "kex.h"
32#include "log.h"
33#include "packet.h"
34#include "dh.h"
35#include "ssh2.h"
36#include "compat.h"
37#include "monitor_wrap.h"
38
39void
40kexgex_server(Kex *kex)
41{
42 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
43 Key *server_host_key;
44 DH *dh;
45 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
46 u_int sbloblen, klen, kout, slen;
47 int min = -1, max = -1, nbits = -1, type;
48
49 if (kex->load_host_key == NULL)
50 fatal("Cannot load hostkey");
51 server_host_key = kex->load_host_key(kex->hostkey_type);
52 if (server_host_key == NULL)
53 fatal("Unsupported hostkey type %d", kex->hostkey_type);
54
55 type = packet_read();
56 switch (type) {
57 case SSH2_MSG_KEX_DH_GEX_REQUEST:
58 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
59 min = packet_get_int();
60 nbits = packet_get_int();
61 max = packet_get_int();
62 min = MAX(DH_GRP_MIN, min);
63 max = MIN(DH_GRP_MAX, max);
64 break;
65 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
66 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
67 nbits = packet_get_int();
68 min = DH_GRP_MIN;
69 max = DH_GRP_MAX;
70 /* unused for old GEX */
71 break;
72 default:
73 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
74 }
75 packet_check_eom();
76
77 if (max < min || nbits < min || max < nbits)
78 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
79 min, nbits, max);
80
81 /* Contact privileged parent */
82 dh = PRIVSEP(choose_dh(min, nbits, max));
83 if (dh == NULL)
84 packet_disconnect("Protocol error: no matching DH grp found");
85
86 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
87 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
88 packet_put_bignum2(dh->p);
89 packet_put_bignum2(dh->g);
90 packet_send();
91
92 /* flush */
93 packet_write_wait();
94
95 /* Compute our exchange value in parallel with the client */
96 dh_gen_key(dh, kex->we_need * 8);
97
98 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
99 packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
100
101 /* key, cert */
102 if ((dh_client_pub = BN_new()) == NULL)
103 fatal("dh_client_pub == NULL");
104 packet_get_bignum2(dh_client_pub);
105 packet_check_eom();
106
107#ifdef DEBUG_KEXDH
108 fprintf(stderr, "dh_client_pub= ");
109 BN_print_fp(stderr, dh_client_pub);
110 fprintf(stderr, "\n");
111 debug("bits %d", BN_num_bits(dh_client_pub));
112#endif
113
114#ifdef DEBUG_KEXDH
115 DHparams_print_fp(stderr, dh);
116 fprintf(stderr, "pub= ");
117 BN_print_fp(stderr, dh->pub_key);
118 fprintf(stderr, "\n");
119#endif
120 if (!dh_pub_is_valid(dh, dh_client_pub))
121 packet_disconnect("bad client public DH value");
122
123 klen = DH_size(dh);
124 kbuf = xmalloc(klen);
125 kout = DH_compute_key(kbuf, dh_client_pub, dh);
126#ifdef DEBUG_KEXDH
127 dump_digest("shared secret", kbuf, kout);
128#endif
129 if ((shared_secret = BN_new()) == NULL)
130 fatal("kexgex_server: BN_new failed");
131 BN_bin2bn(kbuf, kout, shared_secret);
132 memset(kbuf, 0, klen);
133 xfree(kbuf);
134
135 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
136
137 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
138 min = max = -1;
139
140 /* calc H */ /* XXX depends on 'kex' */
141 hash = kexgex_hash(
142 kex->client_version_string,
143 kex->server_version_string,
144 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
145 buffer_ptr(&kex->my), buffer_len(&kex->my),
146 server_host_key_blob, sbloblen,
147 min, nbits, max,
148 dh->p, dh->g,
149 dh_client_pub,
150 dh->pub_key,
151 shared_secret
152 );
153 BN_clear_free(dh_client_pub);
154
155 /* save session id := H */
156 /* XXX hashlen depends on KEX */
157 if (kex->session_id == NULL) {
158 kex->session_id_len = 20;
159 kex->session_id = xmalloc(kex->session_id_len);
160 memcpy(kex->session_id, hash, kex->session_id_len);
161 }
162
163 /* sign H */
164 /* XXX hashlen depends on KEX */
165 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
166
167 /* destroy_sensitive_data(); */
168
169 /* send server hostkey, DH pubkey 'f' and singed H */
170 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
171 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
172 packet_put_string(server_host_key_blob, sbloblen);
173 packet_put_bignum2(dh->pub_key); /* f */
174 packet_put_string(signature, slen);
175 packet_send();
176
177 xfree(signature);
178 xfree(server_host_key_blob);
179 /* have keys, free DH */
180 DH_free(dh);
181
182 kex_derive_keys(kex, hash, shared_secret);
183 BN_clear_free(shared_secret);
184
185 kex_finish(kex);
186}
diff --git a/key.c b/key.c
index 9806a729a..060b63745 100644
--- a/key.c
+++ b/key.c
@@ -32,15 +32,13 @@
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */ 33 */
34#include "includes.h" 34#include "includes.h"
35RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); 35RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $");
36 36
37#include <openssl/evp.h> 37#include <openssl/evp.h>
38 38
39#include "xmalloc.h" 39#include "xmalloc.h"
40#include "key.h" 40#include "key.h"
41#include "rsa.h" 41#include "rsa.h"
42#include "ssh-dss.h"
43#include "ssh-rsa.h"
44#include "uuencode.h" 42#include "uuencode.h"
45#include "buffer.h" 43#include "buffer.h"
46#include "bufaux.h" 44#include "bufaux.h"
@@ -410,14 +408,14 @@ key_read(Key *ret, char **cpp)
410 case KEY_DSA: 408 case KEY_DSA:
411 space = strchr(cp, ' '); 409 space = strchr(cp, ' ');
412 if (space == NULL) { 410 if (space == NULL) {
413 debug3("key_read: no space"); 411 debug3("key_read: missing whitespace");
414 return -1; 412 return -1;
415 } 413 }
416 *space = '\0'; 414 *space = '\0';
417 type = key_type_from_name(cp); 415 type = key_type_from_name(cp);
418 *space = ' '; 416 *space = ' ';
419 if (type == KEY_UNSPEC) { 417 if (type == KEY_UNSPEC) {
420 debug3("key_read: no key found"); 418 debug3("key_read: missing keytype");
421 return -1; 419 return -1;
422 } 420 }
423 cp = space+1; 421 cp = space+1;
diff --git a/key.h b/key.h
index 8d1fa4126..725c7a04a 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ 1/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -78,4 +78,9 @@ int key_names_valid2(const char *);
78int key_sign(Key *, u_char **, u_int *, u_char *, u_int); 78int key_sign(Key *, u_char **, u_int *, u_char *, u_int);
79int key_verify(Key *, u_char *, u_int, u_char *, u_int); 79int key_verify(Key *, u_char *, u_int, u_char *, u_int);
80 80
81int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
82int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
83int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
84int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
85
81#endif 86#endif
diff --git a/log.c b/log.c
index 96626d7d4..84e4ce0ac 100644
--- a/log.c
+++ b/log.c
@@ -34,7 +34,7 @@
34 */ 34 */
35 35
36#include "includes.h" 36#include "includes.h"
37RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); 37RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $");
38 38
39#include "log.h" 39#include "log.h"
40#include "xmalloc.h" 40#include "xmalloc.h"
@@ -233,6 +233,7 @@ fatal_remove_all_cleanups(void)
233 next_cu = cu->next; 233 next_cu = cu->next;
234 xfree(cu); 234 xfree(cu);
235 } 235 }
236 fatal_cleanups = NULL;
236} 237}
237 238
238/* Cleanup and exit */ 239/* Cleanup and exit */
@@ -386,11 +387,14 @@ do_log(LogLevel level, const char *fmt, va_list args)
386 } else { 387 } else {
387 vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); 388 vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
388 } 389 }
390 /* Escape magic chars in output. */
391 strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL);
392
389 if (log_on_stderr) { 393 if (log_on_stderr) {
390 fprintf(stderr, "%s\r\n", msgbuf); 394 fprintf(stderr, "%s\r\n", fmtbuf);
391 } else { 395 } else {
392 openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); 396 openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
393 syslog(pri, "%.500s", msgbuf); 397 syslog(pri, "%.500s", fmtbuf);
394 closelog(); 398 closelog();
395 } 399 }
396} 400}
diff --git a/loginrec.c b/loginrec.c
index 02c3106a3..6697ca7b0 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -163,7 +163,7 @@
163#include "log.h" 163#include "log.h"
164#include "atomicio.h" 164#include "atomicio.h"
165 165
166RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); 166RCSID("$Id: loginrec.c,v 1.47 2003/03/10 00:23:07 djm Exp $");
167 167
168#ifdef HAVE_UTIL_H 168#ifdef HAVE_UTIL_H
169# include <util.h> 169# include <util.h>
@@ -609,6 +609,9 @@ void
609construct_utmp(struct logininfo *li, 609construct_utmp(struct logininfo *li,
610 struct utmp *ut) 610 struct utmp *ut)
611{ 611{
612# ifdef HAVE_ADDR_V6_IN_UTMP
613 struct sockaddr_in6 *sa6;
614# endif
612 memset(ut, '\0', sizeof(*ut)); 615 memset(ut, '\0', sizeof(*ut));
613 616
614 /* First fill out fields used for both logins and logouts */ 617 /* First fill out fields used for both logins and logouts */
@@ -661,6 +664,19 @@ construct_utmp(struct logininfo *li,
661 if (li->hostaddr.sa.sa_family == AF_INET) 664 if (li->hostaddr.sa.sa_family == AF_INET)
662 ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; 665 ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
663# endif 666# endif
667# ifdef HAVE_ADDR_V6_IN_UTMP
668 /* this is just a 128-bit IPv6 address */
669 if (li->hostaddr.sa.sa_family == AF_INET6) {
670 sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
671 memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
672 if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
673 ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
674 ut->ut_addr_v6[1] = 0;
675 ut->ut_addr_v6[2] = 0;
676 ut->ut_addr_v6[3] = 0;
677 }
678 }
679# endif
664} 680}
665#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */ 681#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
666 682
@@ -689,6 +705,9 @@ set_utmpx_time(struct logininfo *li, struct utmpx *utx)
689void 705void
690construct_utmpx(struct logininfo *li, struct utmpx *utx) 706construct_utmpx(struct logininfo *li, struct utmpx *utx)
691{ 707{
708# ifdef HAVE_ADDR_V6_IN_UTMP
709 struct sockaddr_in6 *sa6;
710# endif
692 memset(utx, '\0', sizeof(*utx)); 711 memset(utx, '\0', sizeof(*utx));
693# ifdef HAVE_ID_IN_UTMPX 712# ifdef HAVE_ID_IN_UTMPX
694 line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); 713 line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
@@ -725,6 +744,19 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
725 if (li->hostaddr.sa.sa_family == AF_INET) 744 if (li->hostaddr.sa.sa_family == AF_INET)
726 utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; 745 utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
727# endif 746# endif
747# ifdef HAVE_ADDR_V6_IN_UTMP
748 /* this is just a 128-bit IPv6 address */
749 if (li->hostaddr.sa.sa_family == AF_INET6) {
750 sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
751 memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
752 if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
753 ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
754 ut->ut_addr_v6[1] = 0;
755 ut->ut_addr_v6[2] = 0;
756 ut->ut_addr_v6[3] = 0;
757 }
758 }
759# endif
728# ifdef HAVE_SYSLEN_IN_UTMPX 760# ifdef HAVE_SYSLEN_IN_UTMPX
729 /* ut_syslen is the length of the utx_host string */ 761 /* ut_syslen is the length of the utx_host string */
730 utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host)); 762 utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
@@ -1313,6 +1345,7 @@ syslogin_perform_login(struct logininfo *li)
1313 } 1345 }
1314 construct_utmp(li, ut); 1346 construct_utmp(li, ut);
1315 login(ut); 1347 login(ut);
1348 free(ut);
1316 1349
1317 return 1; 1350 return 1;
1318} 1351}
@@ -1490,22 +1523,32 @@ int
1490lastlog_get_entry(struct logininfo *li) 1523lastlog_get_entry(struct logininfo *li)
1491{ 1524{
1492 struct lastlog last; 1525 struct lastlog last;
1493 int fd; 1526 int fd, ret;
1494 1527
1495 if (!lastlog_openseek(li, &fd, O_RDONLY)) 1528 if (!lastlog_openseek(li, &fd, O_RDONLY))
1496 return 0; 1529 return (0);
1497
1498 if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) {
1499 close(fd);
1500 log("lastlog_get_entry: Error reading from %s: %s",
1501 LASTLOG_FILE, strerror(errno));
1502 return 0;
1503 }
1504 1530
1531 ret = atomicio(read, fd, &last, sizeof(last));
1505 close(fd); 1532 close(fd);
1506 1533
1507 lastlog_populate_entry(li, &last); 1534 switch (ret) {
1535 case 0:
1536 memset(&last, '\0', sizeof(last));
1537 /* FALLTHRU */
1538 case sizeof(last):
1539 lastlog_populate_entry(li, &last);
1540 return (1);
1541 case -1:
1542 error("%s: Error reading from %s: %s", __func__,
1543 LASTLOG_FILE, strerror(errno));
1544 return (0);
1545 default:
1546 error("%s: Error reading from %s: Expecting %d, got %d",
1547 __func__, LASTLOG_FILE, sizeof(last), ret);
1548 return (0);
1549 }
1508 1550
1509 return 1; 1551 /* NOTREACHED */
1552 return (0);
1510} 1553}
1511#endif /* USE_LASTLOG */ 1554#endif /* USE_LASTLOG */
diff --git a/misc.c b/misc.c
index e9fcef6ca..512fb22fb 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $"); 26RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $");
27 27
28#include "misc.h" 28#include "misc.h"
29#include "log.h" 29#include "log.h"
@@ -105,7 +105,7 @@ set_nodelay(int fd)
105 return; 105 return;
106 } 106 }
107 opt = 1; 107 opt = 1;
108 debug("fd %d setting TCP_NODELAY", fd); 108 debug2("fd %d setting TCP_NODELAY", fd);
109 if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) 109 if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
110 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 110 error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
111} 111}
diff --git a/monitor.c b/monitor.c
index 4ad3f3d21..3d7dcaf86 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -634,20 +634,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m)
634 u_int numprompts; 634 u_int numprompts;
635 u_int *echo_on; 635 u_int *echo_on;
636 char **prompts; 636 char **prompts;
637 int res; 637 u_int success;
638 638
639 res = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 639 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
640 &prompts, &echo_on); 640 &prompts, &echo_on) < 0 ? 0 : 1;
641 641
642 buffer_clear(m); 642 buffer_clear(m);
643 buffer_put_int(m, res); 643 buffer_put_int(m, success);
644 if (res != -1) 644 if (success)
645 buffer_put_cstring(m, prompts[0]); 645 buffer_put_cstring(m, prompts[0]);
646 646
647 debug3("%s: sending challenge res: %d", __func__, res); 647 debug3("%s: sending challenge success: %u", __func__, success);
648 mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); 648 mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
649 649
650 if (res != -1) { 650 if (success) {
651 xfree(name); 651 xfree(name);
652 xfree(infotxt); 652 xfree(infotxt);
653 xfree(prompts); 653 xfree(prompts);
@@ -691,16 +691,16 @@ mm_answer_skeyquery(int socket, Buffer *m)
691{ 691{
692 struct skey skey; 692 struct skey skey;
693 char challenge[1024]; 693 char challenge[1024];
694 int res; 694 u_int success;
695 695
696 res = skeychallenge(&skey, authctxt->user, challenge); 696 success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
697 697
698 buffer_clear(m); 698 buffer_clear(m);
699 buffer_put_int(m, res); 699 buffer_put_int(m, success);
700 if (res != -1) 700 if (success)
701 buffer_put_cstring(m, challenge); 701 buffer_put_cstring(m, challenge);
702 702
703 debug3("%s: sending challenge res: %d", __func__, res); 703 debug3("%s: sending challenge success: %u", __func__, success);
704 mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); 704 mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
705 705
706 return (0); 706 return (0);
@@ -806,8 +806,9 @@ mm_answer_keyallowed(int socket, Buffer *m)
806 fatal("%s: unknown key type %d", __func__, type); 806 fatal("%s: unknown key type %d", __func__, type);
807 break; 807 break;
808 } 808 }
809 key_free(key);
810 } 809 }
810 if (key != NULL)
811 key_free(key);
811 812
812 /* clear temporarily storage (used by verify) */ 813 /* clear temporarily storage (used by verify) */
813 monitor_reset_key_state(); 814 monitor_reset_key_state();
@@ -826,6 +827,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
826 827
827 buffer_clear(m); 828 buffer_clear(m);
828 buffer_put_int(m, allowed); 829 buffer_put_int(m, allowed);
830 buffer_put_int(m, forced_command != NULL);
829 831
830 mm_append_debug(m); 832 mm_append_debug(m);
831 833
@@ -1188,6 +1190,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
1188 } 1190 }
1189 buffer_clear(m); 1191 buffer_clear(m);
1190 buffer_put_int(m, allowed); 1192 buffer_put_int(m, allowed);
1193 buffer_put_int(m, forced_command != NULL);
1191 1194
1192 /* clear temporarily storage (used by generate challenge) */ 1195 /* clear temporarily storage (used by generate challenge) */
1193 monitor_reset_key_state(); 1196 monitor_reset_key_state();
@@ -1202,8 +1205,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
1202 key_blob = blob; 1205 key_blob = blob;
1203 key_bloblen = blen; 1206 key_bloblen = blen;
1204 key_blobtype = MM_RSAUSERKEY; 1207 key_blobtype = MM_RSAUSERKEY;
1205 key_free(key);
1206 } 1208 }
1209 if (key != NULL)
1210 key_free(key);
1207 1211
1208 mm_append_debug(m); 1212 mm_append_debug(m);
1209 1213
@@ -1244,6 +1248,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m)
1244 mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); 1248 mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
1245 1249
1246 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1250 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
1251
1252 xfree(blob);
1253 key_free(key);
1247 return (0); 1254 return (0);
1248} 1255}
1249 1256
@@ -1274,6 +1281,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
1274 fatal("%s: received bad response to challenge", __func__); 1281 fatal("%s: received bad response to challenge", __func__);
1275 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1282 success = auth_rsa_verify_response(key, ssh1_challenge, response);
1276 1283
1284 xfree(blob);
1277 key_free(key); 1285 key_free(key);
1278 xfree(response); 1286 xfree(response);
1279 1287
@@ -1458,6 +1466,8 @@ mm_get_kex(Buffer *m)
1458 (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) 1466 (memcmp(kex->session_id, session_id2, session_id2_len) != 0))
1459 fatal("mm_get_get: internal error: bad session id"); 1467 fatal("mm_get_get: internal error: bad session id");
1460 kex->we_need = buffer_get_int(m); 1468 kex->we_need = buffer_get_int(m);
1469 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1470 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1461 kex->server = 1; 1471 kex->server = 1;
1462 kex->hostkey_type = buffer_get_int(m); 1472 kex->hostkey_type = buffer_get_int(m);
1463 kex->kex_type = buffer_get_int(m); 1473 kex->kex_type = buffer_get_int(m);
@@ -1551,7 +1561,7 @@ mm_get_keystate(struct monitor *pmonitor)
1551void * 1561void *
1552mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 1562mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
1553{ 1563{
1554 size_t len = size * ncount; 1564 size_t len = (size_t) size * ncount;
1555 void *address; 1565 void *address;
1556 1566
1557 if (len == 0 || ncount > SIZE_T_MAX / size) 1567 if (len == 0 || ncount > SIZE_T_MAX / size)
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4c53bfd13..1395a32f4 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
34#include "dh.h" 34#include "dh.h"
35#include "kex.h" 35#include "kex.h"
36#include "auth.h" 36#include "auth.h"
37#include "auth-options.h"
37#include "buffer.h" 38#include "buffer.h"
38#include "bufaux.h" 39#include "bufaux.h"
39#include "packet.h" 40#include "packet.h"
@@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
312 Buffer m; 313 Buffer m;
313 u_char *blob; 314 u_char *blob;
314 u_int len; 315 u_int len;
315 int allowed = 0; 316 int allowed = 0, have_forced = 0;
316 317
317 debug3("%s entering", __func__); 318 debug3("%s entering", __func__);
318 319
@@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
334 335
335 allowed = buffer_get_int(&m); 336 allowed = buffer_get_int(&m);
336 337
338 /* fake forced command */
339 auth_clear_options();
340 have_forced = buffer_get_int(&m);
341 forced_command = have_forced ? xstrdup("true") : NULL;
342
337 /* Send potential debug messages */ 343 /* Send potential debug messages */
338 mm_send_debug(&m); 344 mm_send_debug(&m);
339 345
@@ -714,7 +720,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
714 u_int *numprompts, char ***prompts, u_int **echo_on) 720 u_int *numprompts, char ***prompts, u_int **echo_on)
715{ 721{
716 Buffer m; 722 Buffer m;
717 int res; 723 u_int success;
718 char *challenge; 724 char *challenge;
719 725
720 debug3("%s: entering", __func__); 726 debug3("%s: entering", __func__);
@@ -724,8 +730,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
724 730
725 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, 731 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
726 &m); 732 &m);
727 res = buffer_get_int(&m); 733 success = buffer_get_int(&m);
728 if (res == -1) { 734 if (success == 0) {
729 debug3("%s: no challenge", __func__); 735 debug3("%s: no challenge", __func__);
730 buffer_free(&m); 736 buffer_free(&m);
731 return (-1); 737 return (-1);
@@ -771,7 +777,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
771 u_int *numprompts, char ***prompts, u_int **echo_on) 777 u_int *numprompts, char ***prompts, u_int **echo_on)
772{ 778{
773 Buffer m; 779 Buffer m;
774 int len, res; 780 int len;
781 u_int success;
775 char *p, *challenge; 782 char *p, *challenge;
776 783
777 debug3("%s: entering", __func__); 784 debug3("%s: entering", __func__);
@@ -781,8 +788,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
781 788
782 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, 789 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
783 &m); 790 &m);
784 res = buffer_get_int(&m); 791 success = buffer_get_int(&m);
785 if (res == -1) { 792 if (success == 0) {
786 debug3("%s: no challenge", __func__); 793 debug3("%s: no challenge", __func__);
787 buffer_free(&m); 794 buffer_free(&m);
788 return (-1); 795 return (-1);
@@ -852,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
852 Key *key; 859 Key *key;
853 u_char *blob; 860 u_char *blob;
854 u_int blen; 861 u_int blen;
855 int allowed = 0; 862 int allowed = 0, have_forced = 0;
856 863
857 debug3("%s entering", __func__); 864 debug3("%s entering", __func__);
858 865
@@ -864,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
864 871
865 allowed = buffer_get_int(&m); 872 allowed = buffer_get_int(&m);
866 873
874 /* fake forced command */
875 auth_clear_options();
876 have_forced = buffer_get_int(&m);
877 forced_command = have_forced ? xstrdup("true") : NULL;
878
867 if (allowed && rkey != NULL) { 879 if (allowed && rkey != NULL) {
868 blob = buffer_get_string(&m, &blen); 880 blob = buffer_get_string(&m, &blen);
869 if ((key = key_from_blob(blob, blen)) == NULL) 881 if ((key = key_from_blob(blob, blen)) == NULL)
@@ -969,7 +981,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
969 xfree(p); 981 xfree(p);
970 } 982 }
971 buffer_free(&m); 983 buffer_free(&m);
972 return (success); 984 return (success);
973} 985}
974#endif 986#endif
975 987
diff --git a/msg.c b/msg.c
index 107a37691..5d266c207 100644
--- a/msg.c
+++ b/msg.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); 25RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "getput.h" 28#include "getput.h"
diff --git a/msg.h b/msg.h
index 8980e254e..c07df88a7 100644
--- a/msg.h
+++ b/msg.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */ 1/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 5229e7e20..8615e3633 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $ 1# $Id: Makefile.in,v 1.25 2003/02/24 01:55:56 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
16INSTALL=@INSTALL@ 16INSTALL=@INSTALL@
17LDFLAGS=-L. @LDFLAGS@ 17LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o 19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
20 20
21COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o 21COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o
22 22
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c
index 005170b80..91a5ab0ed 100644
--- a/openbsd-compat/base64.c
+++ b/openbsd-compat/base64.c
@@ -44,7 +44,7 @@
44 44
45#include "includes.h" 45#include "includes.h"
46 46
47#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) 47#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON))
48 48
49#include <sys/types.h> 49#include <sys/types.h>
50#include <sys/param.h> 50#include <sys/param.h>
@@ -130,6 +130,7 @@ static const char Pad64 = '=';
130 characters followed by one "=" padding character. 130 characters followed by one "=" padding character.
131 */ 131 */
132 132
133#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
133int 134int
134b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) 135b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
135{ 136{
@@ -190,6 +191,9 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
190 target[datalength] = '\0'; /* Returned value doesn't count \0. */ 191 target[datalength] = '\0'; /* Returned value doesn't count \0. */
191 return (datalength); 192 return (datalength);
192} 193}
194#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
195
196#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)
193 197
194/* skips all whitespace anywhere. 198/* skips all whitespace anywhere.
195 converts characters, four at a time, starting at (or after) 199 converts characters, four at a time, starting at (or after)
@@ -314,4 +318,5 @@ b64_pton(char const *src, u_char *target, size_t targsize)
314 return (tarindex); 318 return (tarindex);
315} 319}
316 320
317#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ 321#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */
322#endif
diff --git a/openbsd-compat/base64.h b/openbsd-compat/base64.h
index c92e70ea0..72db3ffc7 100644
--- a/openbsd-compat/base64.h
+++ b/openbsd-compat/base64.h
@@ -1,4 +1,4 @@
1/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */ 1/* $Id: base64.h,v 1.4 2003/02/24 04:45:43 djm Exp $ */
2 2
3#ifndef _BSD_BASE64_H 3#ifndef _BSD_BASE64_H
4#define _BSD_BASE64_H 4#define _BSD_BASE64_H
@@ -9,10 +9,15 @@
9# ifndef HAVE_B64_NTOP 9# ifndef HAVE_B64_NTOP
10int b64_ntop(u_char const *src, size_t srclength, char *target, 10int b64_ntop(u_char const *src, size_t srclength, char *target,
11 size_t targsize); 11 size_t targsize);
12int b64_pton(char const *src, u_char *target, size_t targsize);
13# endif /* !HAVE_B64_NTOP */ 12# endif /* !HAVE_B64_NTOP */
14# define __b64_ntop b64_ntop 13# define __b64_ntop b64_ntop
15# define __b64_pton b64_pton
16#endif /* HAVE___B64_NTOP */ 14#endif /* HAVE___B64_NTOP */
17 15
16#ifndef HAVE___B64_PTON
17# ifndef HAVE_B64_PTON
18int b64_pton(char const *src, u_char *target, size_t targsize);
19# endif /* !HAVE_B64_PTON */
20# define __b64_pton b64_pton
21#endif /* HAVE___B64_PTON */
22
18#endif /* _BSD_BASE64_H */ 23#endif /* _BSD_BASE64_H */
diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c
new file mode 100644
index 000000000..5a3823bc5
--- /dev/null
+++ b/openbsd-compat/basename.c
@@ -0,0 +1,73 @@
1/* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */
2
3/*
4 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
23 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
24 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
26 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
27 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29#include "includes.h"
30
31#if !defined(HAVE_BASENAME)
32
33#ifndef lint
34static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $";
35#endif /* not lint */
36
37char *
38basename(const char *path)
39{
40 static char bname[MAXPATHLEN];
41 register const char *endp, *startp;
42
43 /* Empty or NULL string gets treated as "." */
44 if (path == NULL || *path == '\0') {
45 (void)strlcpy(bname, ".", sizeof bname);
46 return(bname);
47 }
48
49 /* Strip trailing slashes */
50 endp = path + strlen(path) - 1;
51 while (endp > path && *endp == '/')
52 endp--;
53
54 /* All slashes become "/" */
55 if (endp == path && *endp == '/') {
56 (void)strlcpy(bname, "/", sizeof bname);
57 return(bname);
58 }
59
60 /* Find the start of the base */
61 startp = endp;
62 while (startp > path && *(startp - 1) != '/')
63 startp--;
64
65 if (endp - startp + 2 > sizeof(bname)) {
66 errno = ENAMETOOLONG;
67 return(NULL);
68 }
69 strlcpy(bname, startp, endp - startp + 2);
70 return(bname);
71}
72
73#endif /* !defined(HAVE_BASENAME) */
diff --git a/openbsd-compat/basename.h b/openbsd-compat/basename.h
new file mode 100644
index 000000000..a8bd6c17c
--- /dev/null
+++ b/openbsd-compat/basename.h
@@ -0,0 +1,12 @@
1/* $Id: basename.h,v 1.3 2003/02/25 03:32:16 djm Exp $ */
2
3#ifndef _BASENAME_H
4#define _BASENAME_H
5#include "config.h"
6
7#if !defined(HAVE_BASENAME)
8
9char *basename(const char *path);
10
11#endif /* !defined(HAVE_BASENAME) */
12#endif /* _BASENAME_H */
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index ab4e1431e..dd08130d5 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -25,7 +25,7 @@
25#include "includes.h" 25#include "includes.h"
26#include "log.h" 26#include "log.h"
27 27
28RCSID("$Id: bsd-arc4random.c,v 1.5 2002/05/08 22:57:18 tim Exp $"); 28RCSID("$Id: bsd-arc4random.c,v 1.6 2003/03/17 05:13:53 djm Exp $");
29 29
30#ifndef HAVE_ARC4RANDOM 30#ifndef HAVE_ARC4RANDOM
31 31
@@ -66,7 +66,7 @@ void arc4random_stir(void)
66 unsigned char rand_buf[SEED_SIZE]; 66 unsigned char rand_buf[SEED_SIZE];
67 67
68 memset(&rc4, 0, sizeof(rc4)); 68 memset(&rc4, 0, sizeof(rc4));
69 if (!RAND_bytes(rand_buf, sizeof(rand_buf))) 69 if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
70 fatal("Couldn't obtain random bytes (error %ld)", 70 fatal("Couldn't obtain random bytes (error %ld)",
71 ERR_get_error()); 71 ERR_get_error());
72 RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); 72 RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index 8868b4364..68947c92f 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ 2 * $Id: bsd-cray.h,v 1.6.2.1 2003/03/21 01:07:45 mouring Exp $
3 * 3 *
4 * bsd-cray.h 4 * bsd-cray.h
5 * 5 *
@@ -49,6 +49,10 @@ extern char cray_tmpdir[]; /* cray tmpdir */
49#ifndef MAXHOSTNAMELEN 49#ifndef MAXHOSTNAMELEN
50#define MAXHOSTNAMELEN 64 50#define MAXHOSTNAMELEN 64
51#endif 51#endif
52#ifndef _CRAYT3E
53#include <sys/ttold.h>
54#define TIOCGPGRP (tIOC|20)
55#endif
52#endif 56#endif
53 57
54#endif /* _BSD_CRAY_H */ 58#endif /* _BSD_CRAY_H */
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 2396a6e6b..0fa5964bc 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -31,7 +31,7 @@
31 31
32#include "includes.h" 32#include "includes.h"
33 33
34RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $"); 34RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $");
35 35
36#ifdef HAVE_CYGWIN 36#ifdef HAVE_CYGWIN
37 37
@@ -43,6 +43,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $");
43#define is_winnt (GetVersion() < 0x80000000) 43#define is_winnt (GetVersion() < 0x80000000)
44 44
45#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) 45#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
46#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
46#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) 47#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
47 48
48#if defined(open) && open == binary_open 49#if defined(open) && open == binary_open
@@ -74,6 +75,56 @@ int binary_pipe(int fd[2])
74 return ret; 75 return ret;
75} 76}
76 77
78#define HAS_CREATE_TOKEN 1
79#define HAS_NTSEC_BY_DEFAULT 2
80
81static int has_capability(int what)
82{
83 /* has_capability() basically calls uname() and checks if
84 specific capabilities of Cygwin can be evaluated from that.
85 This simplifies the calling functions which only have to ask
86 for a capability using has_capability() instead of having
87 to figure that out by themselves. */
88 static int inited;
89 static int has_create_token;
90 static int has_ntsec_by_default;
91
92 if (!inited) {
93 struct utsname uts;
94 char *c;
95
96 if (!uname(&uts)) {
97 int major_high = 0;
98 int major_low = 0;
99 int minor = 0;
100 int api_major_version = 0;
101 int api_minor_version = 0;
102 char *c;
103
104 sscanf(uts.release, "%d.%d.%d", &major_high,
105 &major_low, &minor);
106 c = strchr(uts.release, '(');
107 if (c)
108 sscanf(c + 1, "%d.%d", &api_major_version,
109 &api_minor_version);
110 if (major_high > 1 ||
111 (major_high == 1 && (major_low > 3 ||
112 (major_low == 3 && minor >= 2))))
113 has_create_token = 1;
114 if (api_major_version > 0 || api_minor_version >= 56)
115 has_ntsec_by_default = 1;
116 inited = 1;
117 }
118 }
119 switch (what) {
120 case HAS_CREATE_TOKEN:
121 return has_create_token;
122 case HAS_NTSEC_BY_DEFAULT:
123 return has_ntsec_by_default;
124 }
125 return 0;
126}
127
77int check_nt_auth(int pwd_authenticated, struct passwd *pw) 128int check_nt_auth(int pwd_authenticated, struct passwd *pw)
78{ 129{
79 /* 130 /*
@@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, struct passwd *pw)
93 return 0; 144 return 0;
94 if (is_winnt) { 145 if (is_winnt) {
95 if (has_create_token < 0) { 146 if (has_create_token < 0) {
96 struct utsname uts;
97 int major_high = 0, major_low = 0, minor = 0;
98 char *cygwin = getenv("CYGWIN"); 147 char *cygwin = getenv("CYGWIN");
99 148
100 has_create_token = 0; 149 has_create_token = 0;
101 if (ntsec_on(cygwin) && !uname(&uts)) { 150 if (has_capability(HAS_CREATE_TOKEN) &&
102 sscanf(uts.release, "%d.%d.%d", 151 (ntsec_on(cygwin) ||
103 &major_high, &major_low, &minor); 152 (has_capability(HAS_NTSEC_BY_DEFAULT) &&
104 if (major_high > 1 || 153 !ntsec_off(cygwin))))
105 (major_high == 1 && (major_low > 3 || 154 has_create_token = 1;
106 (major_low == 3 && minor >= 2))))
107 has_create_token = 1;
108 }
109 } 155 }
110 if (has_create_token < 1 && 156 if (has_create_token < 1 &&
111 !pwd_authenticated && geteuid() != pw->pw_uid) 157 !pwd_authenticated && geteuid() != pw->pw_uid)
@@ -128,7 +174,9 @@ int check_ntsec(const char *filename)
128 /* Evaluate current CYGWIN settings. */ 174 /* Evaluate current CYGWIN settings. */
129 cygwin = getenv("CYGWIN"); 175 cygwin = getenv("CYGWIN");
130 allow_ntea = ntea_on(cygwin); 176 allow_ntea = ntea_on(cygwin);
131 allow_ntsec = ntsec_on(cygwin); 177 allow_ntsec = ntsec_on(cygwin) ||
178 (has_capability(HAS_NTSEC_BY_DEFAULT) &&
179 !ntsec_off(cygwin));
132 180
133 /* 181 /*
134 * `ntea' is an emulation of POSIX attributes. It doesn't support 182 * `ntea' is an emulation of POSIX attributes. It doesn't support
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
index c7876823d..3f554e72a 100644
--- a/openbsd-compat/bsd-getpeereid.c
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $"); 27RCSID("$Id: bsd-getpeereid.c,v 1.1.4.1 2003/03/26 05:02:47 djm Exp $");
28 28
29#if !defined(HAVE_GETPEEREID) 29#if !defined(HAVE_GETPEEREID)
30 30
@@ -33,7 +33,7 @@ int
33getpeereid(int s, uid_t *euid, gid_t *gid) 33getpeereid(int s, uid_t *euid, gid_t *gid)
34{ 34{
35 struct ucred cred; 35 struct ucred cred;
36 size_t len = sizeof(cred); 36 socklen_t len = sizeof(cred);
37 37
38 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) 38 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0)
39 return (-1); 39 return (-1);
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 1c1e43a52..b8e9996d5 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -23,15 +23,20 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26#include "xmalloc.h"
26 27
27RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $"); 28RCSID("$Id: bsd-misc.c,v 1.12 2003/03/18 18:21:41 tim Exp $");
28 29
30/*
31 * NB. duplicate __progname in case it is an alias for argv[0]
32 * Otherwise it may get clobbered by setproctitle()
33 */
29char *get_progname(char *argv0) 34char *get_progname(char *argv0)
30{ 35{
31#ifdef HAVE___PROGNAME 36#ifdef HAVE___PROGNAME
32 extern char *__progname; 37 extern char *__progname;
33 38
34 return __progname; 39 return xstrdup(__progname);
35#else 40#else
36 char *p; 41 char *p;
37 42
@@ -42,7 +47,8 @@ char *get_progname(char *argv0)
42 p = argv0; 47 p = argv0;
43 else 48 else
44 p++; 49 p++;
45 return p; 50
51 return xstrdup(p);
46#endif 52#endif
47} 53}
48 54
@@ -129,3 +135,34 @@ setgroups(size_t size, const gid_t *list)
129} 135}
130#endif 136#endif
131 137
138#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
139int nanosleep(const struct timespec *req, struct timespec *rem)
140{
141 int rc, saverrno;
142 extern int errno;
143 struct timeval tstart, tstop, tremain, time2wait;
144
145 TIMESPEC_TO_TIMEVAL(&time2wait, req)
146 (void) gettimeofday(&tstart, NULL);
147 rc = select(0, NULL, NULL, NULL, &time2wait);
148 if (rc == -1) {
149 saverrno = errno;
150 (void) gettimeofday (&tstop, NULL);
151 errno = saverrno;
152 tremain.tv_sec = time2wait.tv_sec -
153 (tstop.tv_sec - tstart.tv_sec);
154 tremain.tv_usec = time2wait.tv_usec -
155 (tstop.tv_usec - tstart.tv_usec);
156 tremain.tv_sec += tremain.tv_usec / 1000000L;
157 tremain.tv_usec %= 1000000L;
158 } else {
159 tremain.tv_sec = 0;
160 tremain.tv_usec = 0;
161 }
162 TIMEVAL_TO_TIMESPEC(&tremain, rem)
163
164 return(rc);
165}
166
167#endif
168
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 981196044..78d9ccdd4 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24 24
25/* $Id: bsd-misc.h,v 1.6 2002/06/13 21:34:58 mouring Exp $ */ 25/* $Id: bsd-misc.h,v 1.7 2003/03/18 18:21:41 tim Exp $ */
26 26
27#ifndef _BSD_MISC_H 27#ifndef _BSD_MISC_H
28#define _BSD_MISC_H 28#define _BSD_MISC_H
@@ -80,5 +80,14 @@ int truncate (const char *path, off_t length);
80int setgroups(size_t size, const gid_t *list); 80int setgroups(size_t size, const gid_t *list);
81#endif 81#endif
82 82
83#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
84#ifndef HAVE_STRUCT_TIMESPEC
85struct timespec {
86 time_t tv_sec;
87 long tv_nsec;
88};
89#endif
90int nanosleep(const struct timespec *req, struct timespec *rem);
91#endif
83 92
84#endif /* _BSD_MISC_H */ 93#endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c
index 67e9eb788..bc58f30a6 100644
--- a/openbsd-compat/fake-getaddrinfo.c
+++ b/openbsd-compat/fake-getaddrinfo.c
@@ -12,7 +12,7 @@
12#include "includes.h" 12#include "includes.h"
13#include "ssh.h" 13#include "ssh.h"
14 14
15RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $"); 15RCSID("$Id: fake-getaddrinfo.c,v 1.4.2.1 2003/03/26 05:03:06 djm Exp $");
16 16
17#ifndef HAVE_GAI_STRERROR 17#ifndef HAVE_GAI_STRERROR
18char *gai_strerror(int ecode) 18char *gai_strerror(int ecode)
@@ -67,16 +67,30 @@ int getaddrinfo(const char *hostname, const char *servname,
67{ 67{
68 struct addrinfo *cur, *prev = NULL; 68 struct addrinfo *cur, *prev = NULL;
69 struct hostent *hp; 69 struct hostent *hp;
70 struct servent *sp;
70 struct in_addr in; 71 struct in_addr in;
71 int i, port; 72 int i;
73 long int port;
74 u_long addr;
72 75
73 if (servname) 76 port = 0;
74 port = htons(atoi(servname)); 77 if (servname != NULL) {
75 else 78 char *cp;
76 port = 0; 79
80 port = strtol(servname, &cp, 10);
81 if (port > 0 && port <= 65535 && *cp == '\0')
82 port = htons(port);
83 else if ((sp = getservbyname(servname, NULL)) != NULL)
84 port = sp->s_port;
85 else
86 port = 0;
87 }
77 88
78 if (hints && hints->ai_flags & AI_PASSIVE) { 89 if (hints && hints->ai_flags & AI_PASSIVE) {
79 if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) 90 addr = htonl(0x00000000);
91 if (hostname && inet_aton(hostname, &in) != 0)
92 addr = in.s_addr;
93 if (NULL != (*res = malloc_ai(port, addr)))
80 return 0; 94 return 0;
81 else 95 else
82 return EAI_MEMORY; 96 return EAI_MEMORY;
diff --git a/openbsd-compat/fake-getaddrinfo.h b/openbsd-compat/fake-getaddrinfo.h
index afd0226e2..6943378e9 100644
--- a/openbsd-compat/fake-getaddrinfo.h
+++ b/openbsd-compat/fake-getaddrinfo.h
@@ -1,4 +1,4 @@
1/* $Id: fake-getaddrinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ 1/* $Id: fake-getaddrinfo.h,v 1.4 2003/02/24 01:35:09 djm Exp $ */
2 2
3#ifndef _FAKE_GETADDRINFO_H 3#ifndef _FAKE_GETADDRINFO_H
4#define _FAKE_GETADDRINFO_H 4#define _FAKE_GETADDRINFO_H
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c
index 6fd8543a5..f4b98e824 100644
--- a/openbsd-compat/getcwd.c
+++ b/openbsd-compat/getcwd.c
@@ -29,7 +29,7 @@
29#if !defined(HAVE_GETCWD) 29#if !defined(HAVE_GETCWD)
30 30
31#if defined(LIBC_SCCS) && !defined(lint) 31#if defined(LIBC_SCCS) && !defined(lint)
32static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $"; 32static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $";
33#endif /* LIBC_SCCS and not lint */ 33#endif /* LIBC_SCCS and not lint */
34 34
35#include <sys/param.h> 35#include <sys/param.h>
@@ -127,7 +127,7 @@ getcwd(char *pt,size_t size)
127 /* 127 /*
128 * Build pointer to the parent directory, allocating memory 128 * Build pointer to the parent directory, allocating memory
129 * as necessary. Max length is 3 for "../", the largest 129 * as necessary. Max length is 3 for "../", the largest
130 * possible component name, plus a trailing NULL. 130 * possible component name, plus a trailing NUL.
131 */ 131 */
132 if (bup + 3 + MAXNAMLEN + 1 >= eup) { 132 if (bup + 3 + MAXNAMLEN + 1 >= eup) {
133 char *nup; 133 char *nup;
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c
index 4a5cfe5f0..a3fe807ee 100644
--- a/openbsd-compat/getopt.c
+++ b/openbsd-compat/getopt.c
@@ -35,7 +35,7 @@
35#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) 35#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
36 36
37#if defined(LIBC_SCCS) && !defined(lint) 37#if defined(LIBC_SCCS) && !defined(lint)
38static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; 38static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $";
39#endif /* LIBC_SCCS and not lint */ 39#endif /* LIBC_SCCS and not lint */
40 40
41#include <stdio.h> 41#include <stdio.h>
@@ -66,6 +66,9 @@ BSDgetopt(nargc, nargv, ostr)
66 static char *place = EMSG; /* option letter processing */ 66 static char *place = EMSG; /* option letter processing */
67 char *oli; /* option letter list index */ 67 char *oli; /* option letter list index */
68 68
69 if (ostr == NULL)
70 return (-1);
71
69 if (BSDoptreset || !*place) { /* update scanning pointer */ 72 if (BSDoptreset || !*place) { /* update scanning pointer */
70 BSDoptreset = 0; 73 BSDoptreset = 0;
71 if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { 74 if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index d256ee448..c951050c0 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -36,7 +36,7 @@
36 36
37#include "includes.h" 37#include "includes.h"
38 38
39#ifndef HAVE_MKDTEMP 39#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
40 40
41#if defined(LIBC_SCCS) && !defined(lint) 41#if defined(LIBC_SCCS) && !defined(lint)
42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $"; 42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $";
@@ -181,4 +181,4 @@ _gettemp(path, doopen, domkdir, slen)
181 /*NOTREACHED*/ 181 /*NOTREACHED*/
182} 182}
183 183
184#endif /* !HAVE_MKDTEMP */ 184#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
diff --git a/openbsd-compat/mktemp.h b/openbsd-compat/mktemp.h
index 6a96f6fa6..505ca6a1f 100644
--- a/openbsd-compat/mktemp.h
+++ b/openbsd-compat/mktemp.h
@@ -1,13 +1,13 @@
1/* $Id: mktemp.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ 1/* $Id: mktemp.h,v 1.3 2003/01/07 04:18:33 djm Exp $ */
2 2
3#ifndef _BSD_MKTEMP_H 3#ifndef _BSD_MKTEMP_H
4#define _BSD_MKTEMP_H 4#define _BSD_MKTEMP_H
5 5
6#include "config.h" 6#include "config.h"
7#ifndef HAVE_MKDTEMP 7#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
8int mkstemps(char *path, int slen); 8int mkstemps(char *path, int slen);
9int mkstemp(char *path); 9int mkstemp(char *path);
10char *mkdtemp(char *path); 10char *mkdtemp(char *path);
11#endif /* !HAVE_MKDTEMP */ 11#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
12 12
13#endif /* _BSD_MKTEMP_H */ 13#endif /* _BSD_MKTEMP_H */
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index ae18afd34..c3e19b9cb 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */ 1/* $Id: openbsd-compat.h,v 1.19 2003/02/24 01:55:56 djm Exp $ */
2 2
3#ifndef _OPENBSD_H 3#ifndef _OPENBSD_H
4#define _OPENBSD_H 4#define _OPENBSD_H
@@ -6,6 +6,7 @@
6#include "config.h" 6#include "config.h"
7 7
8/* OpenBSD function replacements */ 8/* OpenBSD function replacements */
9#include "basename.h"
9#include "bindresvport.h" 10#include "bindresvport.h"
10#include "getcwd.h" 11#include "getcwd.h"
11#include "realpath.h" 12#include "realpath.h"
@@ -26,6 +27,7 @@
26#include "glob.h" 27#include "glob.h"
27#include "readpassphrase.h" 28#include "readpassphrase.h"
28#include "getopt.h" 29#include "getopt.h"
30#include "vis.h"
29 31
30/* Home grown routines */ 32/* Home grown routines */
31#include "bsd-arc4random.h" 33#include "bsd-arc4random.h"
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 79570a206..4abe00316 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -25,5 +25,16 @@
25 */ 25 */
26 26
27#ifdef _AIX 27#ifdef _AIX
28
29/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
30#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
31# define nanosleep(a,b) nsleep(a,b)
32#endif
33
34/* For struct timespec on AIX 4.2.x */
35#ifdef HAVE_SYS_TIMERS_H
36# include <sys/timers.h>
37#endif
38
28void aix_usrinfo(struct passwd *pw); 39void aix_usrinfo(struct passwd *pw);
29#endif /* _AIX */ 40#endif /* _AIX */
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index 1dff15c73..e5c5de62e 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -35,12 +35,14 @@
35#ifndef HAVE_SETENV 35#ifndef HAVE_SETENV
36 36
37#if defined(LIBC_SCCS) && !defined(lint) 37#if defined(LIBC_SCCS) && !defined(lint)
38static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $"; 38static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $";
39#endif /* LIBC_SCCS and not lint */ 39#endif /* LIBC_SCCS and not lint */
40 40
41#include <stdlib.h> 41#include <stdlib.h>
42#include <string.h> 42#include <string.h>
43 43
44char *__findenv(const char *name, int *offset);
45
44/* 46/*
45 * __findenv -- 47 * __findenv --
46 * Returns pointer to value associated with name, if any, else NULL. 48 * Returns pointer to value associated with name, if any, else NULL.
@@ -92,7 +94,6 @@ setenv(name, value, rewrite)
92 static int alloced; /* if allocated space before */ 94 static int alloced; /* if allocated space before */
93 register char *C; 95 register char *C;
94 int l_value, offset; 96 int l_value, offset;
95 char *__findenv();
96 97
97 if (*value == '=') /* no `=' in value */ 98 if (*value == '=') /* no `=' in value */
98 ++value; 99 ++value;
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
index e165dd13c..07af7e9c0 100644
--- a/openbsd-compat/setproctitle.c
+++ b/openbsd-compat/setproctitle.c
@@ -1,102 +1,243 @@
1/* 1/*
2 * Modified for OpenSSH by Kevin Steves 2 * Based on src/backend/utils/misc/pg_status.c from
3 * October 2000 3 * PostgreSQL Database Management System
4 *
5 * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group
6 *
7 * Portions Copyright (c) 1994, The Regents of the University of California
8 *
9 * Permission to use, copy, modify, and distribute this software and its
10 * documentation for any purpose, without fee, and without a written agreement
11 * is hereby granted, provided that the above copyright notice and this
12 * paragraph and the following two paragraphs appear in all copies.
13 *
14 * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
15 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
16 * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
17 * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
19 *
20 * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
21 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
23 * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
24 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
4 */ 25 */
5 26
6/* 27/*--------------------------------------------------------------------
7 * Copyright (c) 1994, 1995 Christopher G. Demetriou 28 * ps_status.c
8 * All rights reserved. 29 *
30 * Routines to support changing the ps display of PostgreSQL backends
31 * to contain some useful information. Mechanism differs wildly across
32 * platforms.
9 * 33 *
10 * Redistribution and use in source and binary forms, with or without 34 * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.5 2003/01/20 02:15:11 djm Exp $
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by Christopher G. Demetriou
21 * for the NetBSD Project.
22 * 4. The name of the author may not be used to endorse or promote products
23 * derived from this software without specific prior written permission
24 * 35 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 36 * Copyright 2000 by PostgreSQL Global Development Group
26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 37 * various details abducted from various places
27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 38 *--------------------------------------------------------------------
28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 */ 39 */
36 40
37#if defined(LIBC_SCCS) && !defined(lint)
38static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $";
39#endif /* LIBC_SCCS and not lint */
40
41#include "includes.h" 41#include "includes.h"
42 42
43#ifndef HAVE_SETPROCTITLE 43#ifndef HAVE_SETPROCTITLE
44 44
45#define SPT_NONE 0 45#include <unistd.h>
46#define SPT_PSTAT 1 46#ifdef HAVE_SYS_PSTAT_H
47#include <sys/pstat.h> /* for HP-UX */
48#endif
49#ifdef HAVE_PS_STRINGS
50#include <machine/vmparam.h> /* for old BSD */
51#include <sys/exec.h>
52#endif
53
54/*------
55 * Alternative ways of updating ps display:
56 *
57 * SETPROCTITLE_STRATEGY == PS_USE_PSTAT
58 * use the pstat(PSTAT_SETCMD, )
59 * (HPUX)
60 * SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
61 * assign PS_STRINGS->ps_argvstr = "string"
62 * (some BSD systems)
63 * SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
64 * assign argv[0] = "string"
65 * (some other BSD systems)
66 * SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
67 * write over the argv and environment area
68 * (most SysV-like systems)
69 * SETPROCTITLE_STRATEGY == PS_USE_NONE
70 * don't update ps display
71 * (This is the default, as it is safest.)
72 */
73
74#define PS_USE_NONE 0
75#define PS_USE_PSTAT 1
76#define PS_USE_PS_STRINGS 2
77#define PS_USE_CHANGE_ARGV 3
78#define PS_USE_CLOBBER_ARGV 4
47 79
48#ifndef SPT_TYPE 80#ifndef SETPROCTITLE_STRATEGY
49#define SPT_TYPE SPT_NONE 81# define SETPROCTITLE_STRATEGY PS_USE_NONE
50#endif 82#endif
51 83
52#if SPT_TYPE == SPT_PSTAT 84#ifndef SETPROCTITLE_PS_PADDING
53#include <sys/param.h> 85# define SETPROCTITLE_PS_PADDING ' '
54#include <sys/pstat.h> 86#endif
55#endif /* SPT_TYPE == SPT_PSTAT */ 87#endif /* HAVE_SETPROCTITLE */
56 88
57#define MAX_PROCTITLE 2048 89extern char **environ;
90
91/*
92 * argv clobbering uses existing argv space, all other methods need a buffer
93 */
94#if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV
95static char ps_buffer[256];
96static const size_t ps_buffer_size = sizeof(ps_buffer);
97#else
98static char *ps_buffer; /* will point to argv area */
99static size_t ps_buffer_size; /* space determined at run time */
100#endif
101
102/* save the original argv[] location here */
103static int save_argc;
104static char **save_argv;
58 105
59extern char *__progname; 106extern char *__progname;
60 107
108#ifndef HAVE_SETPROCTITLE
61/* 109/*
62 * Set Process Title (SPT) defines. Modeled after sendmail's 110 * Call this to update the ps status display to a fixed prefix plus an
63 * SPT type definition strategy. 111 * indication of what you're currently doing passed in the argument.
64 *
65 * SPT_TYPE:
66 *
67 * SPT_NONE: Don't set the process title. Default.
68 * SPT_PSTAT: Use pstat(PSTAT_SETCMD). HP-UX specific.
69 */ 112 */
70
71void 113void
72setproctitle(const char *fmt, ...) 114setproctitle(const char *fmt, ...)
73{ 115{
74#if SPT_TYPE != SPT_NONE 116#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
117 union pstun pst;
118#endif
119#if SETPROCTITLE_STRATEGY != PS_USE_NONE
120 ssize_t used;
75 va_list ap; 121 va_list ap;
76
77 char buf[MAX_PROCTITLE];
78 size_t used;
79 122
80#if SPT_TYPE == SPT_PSTAT 123 /* no ps display if you didn't call save_ps_display_args() */
81 union pstun pst; 124 if (save_argv == NULL)
82#endif /* SPT_TYPE == SPT_PSTAT */ 125 return;
126#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
127 /* If ps_buffer is a pointer, it might still be null */
128 if (ps_buffer == NULL)
129 return;
130#endif /* PS_USE_CLOBBER_ARGV */
131
132 /*
133 * Overwrite argv[] to point at appropriate space, if needed
134 */
135#if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
136 save_argv[0] = ps_buffer;
137 save_argv[1] = NULL;
138#endif /* PS_USE_CHANGE_ARGV */
139
140#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
141 save_argv[1] = NULL;
142#endif /* PS_USE_CLOBBER_ARGV */
143
144 /*
145 * Make fixed prefix of ps display.
146 */
83 147
84 va_start(ap, fmt); 148 va_start(ap, fmt);
85 if (fmt != NULL) { 149 if (fmt == NULL)
86 used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname); 150 snprintf(ps_buffer, ps_buffer_size, "%s", __progname);
87 if (used >= MAX_PROCTITLE) 151 else {
88 used = MAX_PROCTITLE - 1; 152 used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname);
89 (void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap); 153 if (used == -1 || used >= ps_buffer_size)
90 } else 154 used = ps_buffer_size;
91 (void)snprintf(buf, MAX_PROCTITLE, "%s", __progname); 155 vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap);
156 }
92 va_end(ap); 157 va_end(ap);
93 used = strlen(buf);
94 158
95#if SPT_TYPE == SPT_PSTAT 159#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
96 pst.pst_command = buf; 160 pst.pst_command = ps_buffer;
97 pstat(PSTAT_SETCMD, pst, used, 0, 0); 161 pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0);
98#endif /* SPT_TYPE == SPT_PSTAT */ 162#endif /* PS_USE_PSTAT */
99 163
100#endif /* SPT_TYPE != SPT_NONE */ 164#if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
165 PS_STRINGS->ps_nargvstr = 1;
166 PS_STRINGS->ps_argvstr = ps_buffer;
167#endif /* PS_USE_PS_STRINGS */
168
169#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
170 /* pad unused memory */
171 used = strlen(ps_buffer);
172 memset(ps_buffer + used, SETPROCTITLE_PS_PADDING,
173 ps_buffer_size - used);
174#endif /* PS_USE_CLOBBER_ARGV */
175
176#endif /* PS_USE_NONE */
101} 177}
178
102#endif /* HAVE_SETPROCTITLE */ 179#endif /* HAVE_SETPROCTITLE */
180
181/*
182 * Call this early in startup to save the original argc/argv values.
183 *
184 * argv[] will not be overwritten by this routine, but may be overwritten
185 * during setproctitle. Also, the physical location of the environment
186 * strings may be moved, so this should be called before any code that
187 * might try to hang onto a getenv() result.
188 */
189void
190compat_init_setproctitle(int argc, char *argv[])
191{
192#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
193 char *end_of_area = NULL;
194 char **new_environ;
195 int i;
196#endif
197
198 save_argc = argc;
199 save_argv = argv;
200
201#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
202 /*
203 * If we're going to overwrite the argv area, count the available
204 * space. Also move the environment to make additional room.
205 */
206
207 /*
208 * check for contiguous argv strings
209 */
210 for (i = 0; i < argc; i++) {
211 if (i == 0 || end_of_area + 1 == argv[i])
212 end_of_area = argv[i] + strlen(argv[i]);
213 }
214
215 /* probably can't happen? */
216 if (end_of_area == NULL) {
217 ps_buffer = NULL;
218 ps_buffer_size = 0;
219 return;
220 }
221
222 /*
223 * check for contiguous environ strings following argv
224 */
225 for (i = 0; environ[i] != NULL; i++) {
226 if (end_of_area + 1 == environ[i])
227 end_of_area = environ[i] + strlen(environ[i]);
228 }
229
230 ps_buffer = argv[0];
231 ps_buffer_size = end_of_area - argv[0] - 1;
232
233 /*
234 * Duplicate and move the environment out of the way
235 */
236 new_environ = malloc(sizeof(char *) * (i + 1));
237 for (i = 0; environ[i] != NULL; i++)
238 new_environ[i] = strdup(environ[i]);
239 new_environ[i] = NULL;
240 environ = new_environ;
241#endif /* PS_USE_CLOBBER_ARGV */
242}
243
diff --git a/openbsd-compat/setproctitle.h b/openbsd-compat/setproctitle.h
index 8261bd0ee..48d26c6ea 100644
--- a/openbsd-compat/setproctitle.h
+++ b/openbsd-compat/setproctitle.h
@@ -1,4 +1,4 @@
1/* $Id: setproctitle.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ 1/* $Id: setproctitle.h,v 1.3 2003/01/09 22:53:13 djm Exp $ */
2 2
3#ifndef _BSD_SETPROCTITLE_H 3#ifndef _BSD_SETPROCTITLE_H
4#define _BSD_SETPROCTITLE_H 4#define _BSD_SETPROCTITLE_H
@@ -7,6 +7,7 @@
7 7
8#ifndef HAVE_SETPROCTITLE 8#ifndef HAVE_SETPROCTITLE
9void setproctitle(const char *fmt, ...); 9void setproctitle(const char *fmt, ...);
10void compat_init_setproctitle(int argc, char *argv[]);
10#endif 11#endif
11 12
12#endif /* _BSD_SETPROCTITLE_H */ 13#endif /* _BSD_SETPROCTITLE_H */
diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h
index 0a58710c9..927ca04cd 100644
--- a/openbsd-compat/sys-tree.h
+++ b/openbsd-compat/sys-tree.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */ 1/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * All rights reserved. 4 * All rights reserved.
@@ -343,12 +343,13 @@ struct { \
343 RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ 343 RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
344 else \ 344 else \
345 RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ 345 RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
346 RB_AUGMENT(RB_PARENT(elm, field)); \
347 } else \ 346 } else \
348 (head)->rbh_root = (tmp); \ 347 (head)->rbh_root = (tmp); \
349 RB_LEFT(tmp, field) = (elm); \ 348 RB_LEFT(tmp, field) = (elm); \
350 RB_PARENT(elm, field) = (tmp); \ 349 RB_PARENT(elm, field) = (tmp); \
351 RB_AUGMENT(tmp); \ 350 RB_AUGMENT(tmp); \
351 if ((RB_PARENT(tmp, field))) \
352 RB_AUGMENT(RB_PARENT(tmp, field)); \
352} while (0) 353} while (0)
353 354
354#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ 355#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
@@ -362,12 +363,13 @@ struct { \
362 RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ 363 RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
363 else \ 364 else \
364 RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ 365 RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
365 RB_AUGMENT(RB_PARENT(elm, field)); \
366 } else \ 366 } else \
367 (head)->rbh_root = (tmp); \ 367 (head)->rbh_root = (tmp); \
368 RB_RIGHT(tmp, field) = (elm); \ 368 RB_RIGHT(tmp, field) = (elm); \
369 RB_PARENT(elm, field) = (tmp); \ 369 RB_PARENT(elm, field) = (tmp); \
370 RB_AUGMENT(tmp); \ 370 RB_AUGMENT(tmp); \
371 if ((RB_PARENT(tmp, field))) \
372 RB_AUGMENT(RB_PARENT(tmp, field)); \
371} while (0) 373} while (0)
372 374
373/* Generates prototypes and inline functions */ 375/* Generates prototypes and inline functions */
diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
new file mode 100644
index 000000000..fc5741390
--- /dev/null
+++ b/openbsd-compat/vis.c
@@ -0,0 +1,232 @@
1/*-
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33#include "config.h"
34#if !defined(HAVE_STRNVIS)
35
36#if defined(LIBC_SCCS) && !defined(lint)
37static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $";
38#endif /* LIBC_SCCS and not lint */
39
40#include <ctype.h>
41
42#include "vis.h"
43
44#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
45#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
46 isgraph((u_char)(c))) || \
47 ((flag & VIS_SP) == 0 && (c) == ' ') || \
48 ((flag & VIS_TAB) == 0 && (c) == '\t') || \
49 ((flag & VIS_NL) == 0 && (c) == '\n') || \
50 ((flag & VIS_SAFE) && \
51 ((c) == '\b' || (c) == '\007' || (c) == '\r')))
52
53/*
54 * vis - visually encode characters
55 */
56char *
57vis(dst, c, flag, nextc)
58 register char *dst;
59 int c, nextc;
60 register int flag;
61{
62 if (isvisible(c)) {
63 *dst++ = c;
64 if (c == '\\' && (flag & VIS_NOSLASH) == 0)
65 *dst++ = '\\';
66 *dst = '\0';
67 return (dst);
68 }
69
70 if (flag & VIS_CSTYLE) {
71 switch(c) {
72 case '\n':
73 *dst++ = '\\';
74 *dst++ = 'n';
75 goto done;
76 case '\r':
77 *dst++ = '\\';
78 *dst++ = 'r';
79 goto done;
80 case '\b':
81 *dst++ = '\\';
82 *dst++ = 'b';
83 goto done;
84 case '\a':
85 *dst++ = '\\';
86 *dst++ = 'a';
87 goto done;
88 case '\v':
89 *dst++ = '\\';
90 *dst++ = 'v';
91 goto done;
92 case '\t':
93 *dst++ = '\\';
94 *dst++ = 't';
95 goto done;
96 case '\f':
97 *dst++ = '\\';
98 *dst++ = 'f';
99 goto done;
100 case ' ':
101 *dst++ = '\\';
102 *dst++ = 's';
103 goto done;
104 case '\0':
105 *dst++ = '\\';
106 *dst++ = '0';
107 if (isoctal(nextc)) {
108 *dst++ = '0';
109 *dst++ = '0';
110 }
111 goto done;
112 }
113 }
114 if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
115 *dst++ = '\\';
116 *dst++ = ((u_char)c >> 6 & 07) + '0';
117 *dst++ = ((u_char)c >> 3 & 07) + '0';
118 *dst++ = ((u_char)c & 07) + '0';
119 goto done;
120 }
121 if ((flag & VIS_NOSLASH) == 0)
122 *dst++ = '\\';
123 if (c & 0200) {
124 c &= 0177;
125 *dst++ = 'M';
126 }
127 if (iscntrl(c)) {
128 *dst++ = '^';
129 if (c == 0177)
130 *dst++ = '?';
131 else
132 *dst++ = c + '@';
133 } else {
134 *dst++ = '-';
135 *dst++ = c;
136 }
137done:
138 *dst = '\0';
139 return (dst);
140}
141
142/*
143 * strvis, strnvis, strvisx - visually encode characters from src into dst
144 *
145 * Dst must be 4 times the size of src to account for possible
146 * expansion. The length of dst, not including the trailing NULL,
147 * is returned.
148 *
149 * Strnvis will write no more than siz-1 bytes (and will NULL terminate).
150 * The number of bytes needed to fully encode the string is returned.
151 *
152 * Strvisx encodes exactly len bytes from src into dst.
153 * This is useful for encoding a block of data.
154 */
155int
156strvis(dst, src, flag)
157 register char *dst;
158 register const char *src;
159 int flag;
160{
161 register char c;
162 char *start;
163
164 for (start = dst; (c = *src);)
165 dst = vis(dst, c, flag, *++src);
166 *dst = '\0';
167 return (dst - start);
168}
169
170int
171strnvis(dst, src, siz, flag)
172 register char *dst;
173 register const char *src;
174 size_t siz;
175 int flag;
176{
177 register char c;
178 char *start, *end;
179
180 for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
181 if (isvisible(c)) {
182 *dst++ = c;
183 if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
184 /* need space for the extra '\\' */
185 if (dst < end)
186 *dst++ = '\\';
187 else {
188 dst--;
189 break;
190 }
191 }
192 src++;
193 } else {
194 /* vis(3) requires up to 4 chars */
195 if (dst + 3 < end)
196 dst = vis(dst, c, flag, *++src);
197 else
198 break;
199 }
200 }
201 *dst = '\0';
202 if (dst >= end) {
203 char tbuf[5];
204
205 /* adjust return value for truncation */
206 while ((c = *src))
207 dst += vis(tbuf, c, flag, *++src) - tbuf;
208 }
209 return (dst - start);
210}
211
212int
213strvisx(dst, src, len, flag)
214 register char *dst;
215 register const char *src;
216 register size_t len;
217 int flag;
218{
219 register char c;
220 char *start;
221
222 for (start = dst; len > 1; len--) {
223 c = *src;
224 dst = vis(dst, c, flag, *++src);
225 }
226 if (len)
227 dst = vis(dst, *src, flag, '\0');
228 *dst = '\0';
229 return (dst - start);
230}
231
232#endif
diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h
new file mode 100644
index 000000000..5df6f3694
--- /dev/null
+++ b/openbsd-compat/vis.h
@@ -0,0 +1,91 @@
1/* $OpenBSD: vis.h,v 1.5 2002/02/16 21:27:17 millert Exp $ */
2/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
3
4/*-
5 * Copyright (c) 1990 The Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by the University of
19 * California, Berkeley and its contributors.
20 * 4. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)vis.h 5.9 (Berkeley) 4/3/91
37 */
38#include "config.h"
39#if !defined(HAVE_STRNVIS)
40
41#ifndef _VIS_H_
42#define _VIS_H_
43
44#include <sys/types.h>
45#include <limits.h>
46
47/*
48 * to select alternate encoding format
49 */
50#define VIS_OCTAL 0x01 /* use octal \ddd format */
51#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */
52
53/*
54 * to alter set of characters encoded (default is to encode all
55 * non-graphic except space, tab, and newline).
56 */
57#define VIS_SP 0x04 /* also encode space */
58#define VIS_TAB 0x08 /* also encode tab */
59#define VIS_NL 0x10 /* also encode newline */
60#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
61#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
62
63/*
64 * other
65 */
66#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
67
68/*
69 * unvis return codes
70 */
71#define UNVIS_VALID 1 /* character valid */
72#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
73#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
74#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
75#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
76
77/*
78 * unvis flags
79 */
80#define UNVIS_END 1 /* no more characters */
81
82char *vis(char *, int, int, int);
83int strvis(char *, const char *, int);
84int strnvis(char *, const char *, size_t, int);
85int strvisx(char *, const char *, size_t, int);
86int strunvis(char *, const char *);
87int unvis(char *, char, int *, int);
88
89#endif /* !_VIS_H_ */
90
91#endif /* !HAVE_STRNVIS */
diff --git a/packet.c b/packet.c
index bd347ef0f..3e2d1249d 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -564,7 +564,7 @@ set_newkeys(int mode)
564 CipherContext *cc; 564 CipherContext *cc;
565 int encrypt; 565 int encrypt;
566 566
567 debug("newkeys: mode %d", mode); 567 debug2("set_newkeys: mode %d", mode);
568 568
569 if (mode == MODE_OUT) { 569 if (mode == MODE_OUT) {
570 cc = &send_context; 570 cc = &send_context;
@@ -574,7 +574,7 @@ set_newkeys(int mode)
574 encrypt = CIPHER_DECRYPT; 574 encrypt = CIPHER_DECRYPT;
575 } 575 }
576 if (newkeys[mode] != NULL) { 576 if (newkeys[mode] != NULL) {
577 debug("newkeys: rekeying"); 577 debug("set_newkeys: rekeying");
578 cipher_cleanup(cc); 578 cipher_cleanup(cc);
579 enc = &newkeys[mode]->enc; 579 enc = &newkeys[mode]->enc;
580 mac = &newkeys[mode]->mac; 580 mac = &newkeys[mode]->mac;
@@ -840,7 +840,7 @@ packet_read_poll1(void)
840 cp = buffer_ptr(&input); 840 cp = buffer_ptr(&input);
841 len = GET_32BIT(cp); 841 len = GET_32BIT(cp);
842 if (len < 1 + 2 + 2 || len > 256 * 1024) 842 if (len < 1 + 2 + 2 || len > 256 * 1024)
843 packet_disconnect("Bad packet length %d.", len); 843 packet_disconnect("Bad packet length %u.", len);
844 padded_len = (len + 8) & ~7; 844 padded_len = (len + 8) & ~7;
845 845
846 /* Check if the packet has been entirely received. */ 846 /* Check if the packet has been entirely received. */
@@ -936,9 +936,9 @@ packet_read_poll2(u_int32_t *seqnr_p)
936 packet_length = GET_32BIT(cp); 936 packet_length = GET_32BIT(cp);
937 if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 937 if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
938 buffer_dump(&incoming_packet); 938 buffer_dump(&incoming_packet);
939 packet_disconnect("Bad packet length %d.", packet_length); 939 packet_disconnect("Bad packet length %u.", packet_length);
940 } 940 }
941 DBG(debug("input: packet len %d", packet_length+4)); 941 DBG(debug("input: packet len %u", packet_length+4));
942 buffer_consume(&input, block_size); 942 buffer_consume(&input, block_size);
943 } 943 }
944 /* we have a partial packet of block_size bytes */ 944 /* we have a partial packet of block_size bytes */
@@ -1226,6 +1226,9 @@ packet_disconnect(const char *fmt,...)
1226 vsnprintf(buf, sizeof(buf), fmt, args); 1226 vsnprintf(buf, sizeof(buf), fmt, args);
1227 va_end(args); 1227 va_end(args);
1228 1228
1229 /* Display the error locally */
1230 log("Disconnecting: %.100s", buf);
1231
1229 /* Send the disconnect message to the other side, and wait for it to get sent. */ 1232 /* Send the disconnect message to the other side, and wait for it to get sent. */
1230 if (compat20) { 1233 if (compat20) {
1231 packet_start(SSH2_MSG_DISCONNECT); 1234 packet_start(SSH2_MSG_DISCONNECT);
@@ -1245,8 +1248,6 @@ packet_disconnect(const char *fmt,...)
1245 /* Close the connection. */ 1248 /* Close the connection. */
1246 packet_close(); 1249 packet_close();
1247 1250
1248 /* Display the error locally and exit. */
1249 log("Disconnecting: %.100s", buf);
1250 fatal_cleanup(); 1251 fatal_cleanup();
1251} 1252}
1252 1253
@@ -1313,16 +1314,26 @@ packet_not_very_much_data_to_write(void)
1313 return buffer_len(&output) < 128 * 1024; 1314 return buffer_len(&output) < 128 * 1024;
1314} 1315}
1315 1316
1317static void
1318packet_set_tos(int interactive)
1319{
1320 int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
1321
1322 if (!packet_connection_is_on_socket() ||
1323 !packet_connection_is_ipv4())
1324 return;
1325 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
1326 sizeof(tos)) < 0)
1327 error("setsockopt IP_TOS %d: %.100s:",
1328 tos, strerror(errno));
1329}
1330
1316/* Informs that the current session is interactive. Sets IP flags for that. */ 1331/* Informs that the current session is interactive. Sets IP flags for that. */
1317 1332
1318void 1333void
1319packet_set_interactive(int interactive) 1334packet_set_interactive(int interactive)
1320{ 1335{
1321 static int called = 0; 1336 static int called = 0;
1322#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1323 int lowdelay = IPTOS_LOWDELAY;
1324 int throughput = IPTOS_THROUGHPUT;
1325#endif
1326 1337
1327 if (called) 1338 if (called)
1328 return; 1339 return;
@@ -1333,35 +1344,12 @@ packet_set_interactive(int interactive)
1333 1344
1334 /* Only set socket options if using a socket. */ 1345 /* Only set socket options if using a socket. */
1335 if (!packet_connection_is_on_socket()) 1346 if (!packet_connection_is_on_socket())
1336 return; 1347 if (interactive)
1337 /*
1338 * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
1339 */
1340 if (interactive) {
1341 /*
1342 * Set IP options for an interactive connection. Use
1343 * IPTOS_LOWDELAY and TCP_NODELAY.
1344 */
1345#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1346 if (packet_connection_is_ipv4()) {
1347 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
1348 &lowdelay, sizeof(lowdelay)) < 0)
1349 error("setsockopt IPTOS_LOWDELAY: %.100s",
1350 strerror(errno));
1351 }
1352#endif
1353 set_nodelay(connection_in); 1348 set_nodelay(connection_in);
1354 } else if (packet_connection_is_ipv4()) {
1355 /*
1356 * Set IP options for a non-interactive connection. Use
1357 * IPTOS_THROUGHPUT.
1358 */
1359#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) 1349#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1360 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput, 1350 packet_set_tos(interactive);
1361 sizeof(throughput)) < 0)
1362 error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
1363#endif 1351#endif
1364 } 1352
1365} 1353}
1366 1354
1367/* Returns true if the current connection is interactive. */ 1355/* Returns true if the current connection is interactive. */
diff --git a/progressmeter.c b/progressmeter.c
new file mode 100644
index 000000000..90eb97f37
--- /dev/null
+++ b/progressmeter.c
@@ -0,0 +1,282 @@
1/*
2 * Copyright (c) 1999 Theo de Raadt. All rights reserved.
3 * Copyright (c) 1999 Aaron Campbell. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26/*
27 * Parts from:
28 *
29 * Copyright (c) 1983, 1990, 1992, 1993, 1995
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 */
61
62#include "includes.h"
63RCSID("$OpenBSD: progressmeter.c,v 1.3 2003/03/17 10:38:38 markus Exp $");
64
65#ifdef HAVE_LIBGEN_H
66#include <libgen.h>
67#endif
68
69#include "atomicio.h"
70#include "progressmeter.h"
71
72/* Number of seconds before xfer considered "stalled". */
73#define STALLTIME 5
74/* alarm() interval for updating progress meter. */
75#define PROGRESSTIME 1
76
77/* Signal handler used for updating the progress meter. */
78static void update_progress_meter(int);
79
80/* Returns non-zero if we are the foreground process. */
81static int foregroundproc(void);
82
83/* Returns width of the terminal (for progress meter calculations). */
84static int get_tty_width(void);
85
86/* Visual statistics about files as they are transferred. */
87static void draw_progress_meter(void);
88
89/* Time a transfer started. */
90static struct timeval start;
91
92/* Number of bytes of current file transferred so far. */
93static volatile off_t *statbytes;
94
95/* Total size of current file. */
96static off_t totalbytes;
97
98/* Name of current file being transferred. */
99static char *curfile;
100
101/* Time of last update. */
102static struct timeval lastupdate;
103
104/* Size at the time of the last update. */
105static off_t lastsize;
106
107void
108start_progress_meter(char *file, off_t filesize, off_t *counter)
109{
110 if ((curfile = basename(file)) == NULL)
111 curfile = file;
112
113 totalbytes = filesize;
114 statbytes = counter;
115 (void) gettimeofday(&start, (struct timezone *) 0);
116 lastupdate = start;
117 lastsize = 0;
118
119 draw_progress_meter();
120 signal(SIGALRM, update_progress_meter);
121 alarm(PROGRESSTIME);
122}
123
124void
125stop_progress_meter()
126{
127 alarm(0);
128 draw_progress_meter();
129 if (foregroundproc() != 0)
130 atomicio(write, fileno(stdout), "\n", 1);
131}
132
133static void
134update_progress_meter(int ignore)
135{
136 int save_errno = errno;
137
138 draw_progress_meter();
139 signal(SIGALRM, update_progress_meter);
140 alarm(PROGRESSTIME);
141 errno = save_errno;
142}
143
144static int
145foregroundproc(void)
146{
147 static pid_t pgrp = -1;
148 int ctty_pgrp;
149
150 if (pgrp == -1)
151 pgrp = getpgrp();
152
153#ifdef HAVE_TCGETPGRP
154 return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
155 ctty_pgrp == pgrp);
156#else
157 return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
158 ctty_pgrp == pgrp));
159#endif
160}
161
162static void
163draw_progress_meter()
164{
165 static const char spaces[] = " "
166 " "
167 " "
168 " "
169 " "
170 " ";
171 static const char prefixes[] = " KMGTP";
172 struct timeval now, td, wait;
173 off_t cursize, abbrevsize, bytespersec;
174 double elapsed;
175 int ratio, remaining, i, ai, bi, nspaces;
176 char buf[512];
177
178 if (foregroundproc() == 0)
179 return;
180
181 (void) gettimeofday(&now, (struct timezone *) 0);
182 cursize = *statbytes;
183 if (totalbytes != 0) {
184 ratio = 100.0 * cursize / totalbytes;
185 ratio = MAX(ratio, 0);
186 ratio = MIN(ratio, 100);
187 } else
188 ratio = 100;
189
190 abbrevsize = cursize;
191 for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++)
192 abbrevsize >>= 10;
193
194 timersub(&now, &lastupdate, &wait);
195 if (cursize > lastsize) {
196 lastupdate = now;
197 lastsize = cursize;
198 wait.tv_sec = 0;
199 }
200 timersub(&now, &start, &td);
201 elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
202
203 bytespersec = 0;
204 if (cursize > 0) {
205 bytespersec = cursize;
206 if (elapsed > 0.0)
207 bytespersec /= elapsed;
208 }
209 for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++)
210 bytespersec >>= 10;
211
212 nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1);
213
214#ifdef HAVE_LONG_LONG_INT
215 snprintf(buf, sizeof(buf),
216 "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s",
217 curfile,
218 nspaces,
219 spaces,
220 ratio,
221 (long long)abbrevsize,
222 prefixes[ai],
223 ai == 0 ? ' ' : 'B',
224 (long long)(bytespersec / 1024),
225 (int)((bytespersec % 1024) * 10 / 1024),
226 prefixes[bi]
227 );
228#else
229 /* XXX: Handle integer overflow? */
230 snprintf(buf, sizeof(buf),
231 "\r%-45.45s%.*s%3d%% %4lu%c%c %3lu.%01d%cB/s",
232 curfile,
233 nspaces,
234 spaces,
235 ratio,
236 (u_long)abbrevsize,
237 prefixes[ai],
238 ai == 0 ? ' ' : 'B',
239 (u_long)(bytespersec / 1024),
240 (int)((bytespersec % 1024) * 10 / 1024),
241 prefixes[bi]
242 );
243#endif
244
245 if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) {
246 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
247 " --:-- ETA");
248 } else if (wait.tv_sec >= STALLTIME) {
249 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
250 " - stalled -");
251 } else {
252 if (cursize != totalbytes)
253 remaining = (int)(totalbytes / (cursize / elapsed) -
254 elapsed);
255 else
256 remaining = elapsed;
257
258 i = remaining / 3600;
259 if (i)
260 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
261 "%2d:", i);
262 else
263 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
264 " ");
265 i = remaining % 3600;
266 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
267 "%02d:%02d%s", i / 60, i % 60,
268 (cursize != totalbytes) ? " ETA" : " ");
269 }
270 atomicio(write, fileno(stdout), buf, strlen(buf));
271}
272
273static int
274get_tty_width(void)
275{
276 struct winsize winsize;
277
278 if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
279 return (winsize.ws_col ? winsize.ws_col : 80);
280 else
281 return (80);
282}
diff --git a/progressmeter.h b/progressmeter.h
new file mode 100644
index 000000000..bfb9a0b77
--- /dev/null
+++ b/progressmeter.h
@@ -0,0 +1,27 @@
1/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */
2/*
3 * Copyright (c) 2002 Nils Nordman. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26void start_progress_meter(char *, off_t, off_t *);
27void stop_progress_meter(void);
diff --git a/readconf.c b/readconf.c
index bae06be12..8b576a7ad 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -114,6 +114,7 @@ typedef enum {
114 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 114 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
115 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, 115 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
116 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 116 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
117 oEnableSSHKeysign,
117 oDeprecated 118 oDeprecated
118} OpCodes; 119} OpCodes;
119 120
@@ -185,6 +186,7 @@ static struct {
185 { "bindaddress", oBindAddress }, 186 { "bindaddress", oBindAddress },
186 { "smartcarddevice", oSmartcardDevice }, 187 { "smartcarddevice", oSmartcardDevice },
187 { "clearallforwardings", oClearAllForwardings }, 188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
188 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, 190 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
189 { NULL, oBadOption } 191 { NULL, oBadOption }
190}; 192};
@@ -266,14 +268,16 @@ parse_token(const char *cp, const char *filename, int linenum)
266 * Processes a single option line as used in the configuration files. This 268 * Processes a single option line as used in the configuration files. This
267 * only sets those values that have not already been set. 269 * only sets those values that have not already been set.
268 */ 270 */
271#define WHITESPACE " \t\r\n"
269 272
270int 273int
271process_config_line(Options *options, const char *host, 274process_config_line(Options *options, const char *host,
272 char *line, const char *filename, int linenum, 275 char *line, const char *filename, int linenum,
273 int *activep) 276 int *activep)
274{ 277{
275 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; 278 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
276 int opcode, *intptr, value; 279 int opcode, *intptr, value;
280 size_t len;
277 u_short fwd_port, fwd_host_port; 281 u_short fwd_port, fwd_host_port;
278 char sfwd_host_port[6]; 282 char sfwd_host_port[6];
279 283
@@ -486,16 +490,9 @@ parse_string:
486 490
487 case oProxyCommand: 491 case oProxyCommand:
488 charptr = &options->proxy_command; 492 charptr = &options->proxy_command;
489 string = xstrdup(""); 493 len = strspn(s, WHITESPACE "=");
490 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
491 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
492 strcat(string, " ");
493 strcat(string, arg);
494 }
495 if (*activep && *charptr == NULL) 494 if (*activep && *charptr == NULL)
496 *charptr = string; 495 *charptr = xstrdup(s + len);
497 else
498 xfree(string);
499 return 0; 496 return 0;
500 497
501 case oPort: 498 case oPort:
@@ -669,6 +666,10 @@ parse_int:
669 *intptr = value; 666 *intptr = value;
670 break; 667 break;
671 668
669 case oEnableSSHKeysign:
670 intptr = &options->enable_ssh_keysign;
671 goto parse_flag;
672
672 case oDeprecated: 673 case oDeprecated:
673 debug("%s line %d: Deprecated option \"%s\"", 674 debug("%s line %d: Deprecated option \"%s\"",
674 filename, linenum, keyword); 675 filename, linenum, keyword);
@@ -792,6 +793,7 @@ initialize_options(Options * options)
792 options->preferred_authentications = NULL; 793 options->preferred_authentications = NULL;
793 options->bind_address = NULL; 794 options->bind_address = NULL;
794 options->smartcard_device = NULL; 795 options->smartcard_device = NULL;
796 options->enable_ssh_keysign = - 1;
795 options->no_host_authentication_for_localhost = - 1; 797 options->no_host_authentication_for_localhost = - 1;
796} 798}
797 799
@@ -907,6 +909,8 @@ fill_default_options(Options * options)
907 clear_forwardings(options); 909 clear_forwardings(options);
908 if (options->no_host_authentication_for_localhost == - 1) 910 if (options->no_host_authentication_for_localhost == - 1)
909 options->no_host_authentication_for_localhost = 0; 911 options->no_host_authentication_for_localhost = 0;
912 if (options->enable_ssh_keysign == -1)
913 options->enable_ssh_keysign = 0;
910 /* options->proxy_command should not be set by default */ 914 /* options->proxy_command should not be set by default */
911 /* options->user will be set in the main program if appropriate */ 915 /* options->user will be set in the main program if appropriate */
912 /* options->hostname will be set in the main program if appropriate */ 916 /* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index 92af535d0..bc5968843 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ 1/* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -99,6 +99,8 @@ typedef struct {
99 int num_remote_forwards; 99 int num_remote_forwards;
100 Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; 100 Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
101 int clear_forwardings; 101 int clear_forwardings;
102
103 int enable_ssh_keysign;
102 int no_host_authentication_for_localhost; 104 int no_host_authentication_for_localhost;
103} Options; 105} Options;
104 106
diff --git a/readpass.c b/readpass.c
index 96b7e84b4..95ec5d873 100644
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $"); 26RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29#include "readpass.h" 29#include "readpass.h"
@@ -46,11 +46,11 @@ ssh_askpass(char *askpass, const char *msg)
46 fatal("internal error: askpass undefined"); 46 fatal("internal error: askpass undefined");
47 if (pipe(p) < 0) { 47 if (pipe(p) < 0) {
48 error("ssh_askpass: pipe: %s", strerror(errno)); 48 error("ssh_askpass: pipe: %s", strerror(errno));
49 return xstrdup(""); 49 return NULL;
50 } 50 }
51 if ((pid = fork()) < 0) { 51 if ((pid = fork()) < 0) {
52 error("ssh_askpass: fork: %s", strerror(errno)); 52 error("ssh_askpass: fork: %s", strerror(errno));
53 return xstrdup(""); 53 return NULL;
54 } 54 }
55 if (pid == 0) { 55 if (pid == 0) {
56 seteuid(getuid()); 56 seteuid(getuid());
@@ -79,6 +79,11 @@ ssh_askpass(char *askpass, const char *msg)
79 if (errno != EINTR) 79 if (errno != EINTR)
80 break; 80 break;
81 81
82 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
83 memset(buf, 0, sizeof(buf));
84 return NULL;
85 }
86
82 buf[strcspn(buf, "\r\n")] = '\0'; 87 buf[strcspn(buf, "\r\n")] = '\0';
83 pass = xstrdup(buf); 88 pass = xstrdup(buf);
84 memset(buf, 0, sizeof(buf)); 89 memset(buf, 0, sizeof(buf));
@@ -115,7 +120,10 @@ read_passphrase(const char *prompt, int flags)
115 askpass = getenv(SSH_ASKPASS_ENV); 120 askpass = getenv(SSH_ASKPASS_ENV);
116 else 121 else
117 askpass = _PATH_SSH_ASKPASS_DEFAULT; 122 askpass = _PATH_SSH_ASKPASS_DEFAULT;
118 return ssh_askpass(askpass, prompt); 123 if ((ret = ssh_askpass(askpass, prompt)) == NULL)
124 if (!(flags & RP_ALLOW_EOF))
125 return xstrdup("");
126 return ret;
119 } 127 }
120 128
121 if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { 129 if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
diff --git a/regress/Makefile b/regress/Makefile
index 26224cd7d..6e2029348 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,8 +1,8 @@
1# $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $ 1# $OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $
2 2
3REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7 3REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7
4 4
5CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub 5CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2
6 6
7LTESTS= connect \ 7LTESTS= connect \
8 proxy-connect \ 8 proxy-connect \
@@ -17,8 +17,14 @@ LTESTS= connect \
17 try-ciphers \ 17 try-ciphers \
18 yes-head \ 18 yes-head \
19 agent \ 19 agent \
20 agent-getpeereid \
21 agent-timeout \
22 agent-ptrace \
20 keyscan \ 23 keyscan \
24 keygen-change \
21 sftp \ 25 sftp \
26 sftp-cmds \
27 sftp-batch \
22 forwarding 28 forwarding
23 29
24USER!= id -un 30USER!= id -un
@@ -65,7 +71,7 @@ t7: t7.out
65 ssh-keygen -Bf t7.out > /dev/null 71 ssh-keygen -Bf t7.out > /dev/null
66 72
67.for t in ${LTESTS} 73.for t in ${LTESTS}
68REGRESSTARGETS+=t-${t} 74REGRESS_TARGETS+=t-${t}
69t-${t}: 75t-${t}:
70 sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh 76 sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
71.endfor 77.endfor
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
new file mode 100644
index 000000000..0889fe80e
--- /dev/null
+++ b/regress/agent-getpeereid.sh
@@ -0,0 +1,34 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
2# Placed in the Public Domain.
3
4tid="disallow agent attach from other uid"
5
6UNPRIV=nobody
7ASOCK=${OBJ}/agent
8SSH_AUTH_SOCK=/nonexistant
9
10trace "start agent"
11eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
12r=$?
13if [ $r -ne 0 ]; then
14 fail "could not start ssh-agent: exit code $r"
15else
16 chmod 644 ${SSH_AUTH_SOCK}
17
18 ssh-add -l > /dev/null 2>&1
19 r=$?
20 if [ $r -ne 1 ]; then
21 fail "ssh-add failed with $r != 1"
22 fi
23
24 < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
25 r=$?
26 if [ $r -lt 2 ]; then
27 fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
28 fi
29
30 trace "kill agent"
31 ${SSHAGENT} -k > /dev/null
32fi
33
34rm -f ${OBJ}/agent
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
new file mode 100644
index 000000000..9f9c99960
--- /dev/null
+++ b/regress/agent-ptrace.sh
@@ -0,0 +1,28 @@
1# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
2# Placed in the Public Domain.
3
4tid="disallow agent ptrace attach"
5
6trace "start agent"
7eval `${SSHAGENT} -s` > /dev/null
8r=$?
9if [ $r -ne 0 ]; then
10 fail "could not start ssh-agent: exit code $r"
11else
12 # ls -l ${SSH_AUTH_SOCK}
13 gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
14 quit
15EOF
16 if [ $? -ne 0 ]; then
17 fail "gdb failed: exit code $?"
18 fi
19 grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out
20 r=$?
21 rm -f ${OBJ}/gdb.out
22 if [ $r -ne 0 ]; then
23 fail "ptrace succeeded?: exit code $r"
24 fi
25
26 trace "kill agent"
27 ${SSHAGENT} -k > /dev/null
28fi
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh
new file mode 100644
index 000000000..28b1be028
--- /dev/null
+++ b/regress/agent-timeout.sh
@@ -0,0 +1,36 @@
1# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
2# Placed in the Public Domain.
3
4tid="agent timeout test"
5
6TIMEOUT=5
7
8trace "start agent"
9eval `${SSHAGENT} -s` > /dev/null
10r=$?
11if [ $r -ne 0 ]; then
12 fail "could not start ssh-agent: exit code $r"
13else
14 trace "add keys with timeout"
15 for t in rsa rsa1; do
16 ${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1
17 if [ $? -ne 0 ]; then
18 fail "ssh-add did succeed exit code 0"
19 fi
20 done
21 n=`${SSHADD} -l 2> /dev/null | wc -l`
22 trace "agent has $n keys"
23 if [ $n -ne 2 ]; then
24 fail "ssh-add -l did not return 2 keys: $n"
25 fi
26 trace "sleeping 2*${TIMEOUT} seconds"
27 sleep ${TIMEOUT}
28 sleep ${TIMEOUT}
29 ${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.'
30 if [ $? -ne 0 ]; then
31 fail "ssh-add -l still returns keys after timeout"
32 fi
33
34 trace "kill agent"
35 ${SSHAGENT} -k > /dev/null
36fi
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh
new file mode 100644
index 000000000..08d359023
--- /dev/null
+++ b/regress/keygen-change.sh
@@ -0,0 +1,23 @@
1# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
2# Placed in the Public Domain.
3
4tid="change passphrase for key"
5
6S1="secret1"
7S2="2secret"
8
9for t in rsa dsa rsa1; do
10 # generate user key for agent
11 trace "generating $t key"
12 rm -f $OBJ/$t-key
13 ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
14 if [ $? -eq 0 ]; then
15 ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
16 if [ $? -ne 0 ]; then
17 fail "ssh-keygen -p failed for $t-key"
18 fi
19 else
20 fail "ssh-keygen for $t-key failed"
21 fi
22 rm -f $OBJ/$t-key $OBJ/$t-key.pub
23done
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh
index bf1940fcc..6a36b2513 100644
--- a/regress/proxy-connect.sh
+++ b/regress/proxy-connect.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ 1# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="proxy connect" 4tid="proxy connect"
@@ -8,4 +8,11 @@ for p in 1 2; do
8 if [ $? -ne 0 ]; then 8 if [ $? -ne 0 ]; then
9 fail "ssh proxyconnect protocol $p failed" 9 fail "ssh proxyconnect protocol $p failed"
10 fi 10 fi
11 SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
12 if [ $? -ne 0 ]; then
13 fail "ssh proxyconnect protocol $p failed"
14 fi
15 if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
16 fail "bad SSH_CONNECTION"
17 fi
11done 18done
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh
new file mode 100644
index 000000000..cffacb6df
--- /dev/null
+++ b/regress/sftp-batch.sh
@@ -0,0 +1,57 @@
1# $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
2# Placed in the Public Domain.
3
4tid="sftp batchfile"
5
6DATA=/bin/ls
7COPY=${OBJ}/copy
8BATCH=${OBJ}/sftp-batch
9
10rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
11
12cat << EOF > ${BATCH}.pass.1
13 get $DATA $COPY
14 put ${COPY} ${COPY}.1
15 rm ${COPY}
16 -put ${COPY} ${COPY}.2
17EOF
18
19cat << EOF > ${BATCH}.pass.2
20 # This is a comment
21
22 # That was a blank line
23 ls
24EOF
25
26cat << EOF > ${BATCH}.fail.1
27 get $DATA $COPY
28 put ${COPY} ${COPY}.3
29 rm ${COPY}.*
30 # The next command should fail
31 put ${COPY}.3 ${COPY}.4
32EOF
33
34cat << EOF > ${BATCH}.fail.2
35 # The next command should fail
36 jajajajaja
37EOF
38
39verbose "$tid: good commands"
40${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
41 || fail "good commands failed"
42
43verbose "$tid: bad commands"
44${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
45 && fail "bad commands succeeded"
46
47verbose "$tid: comments and blanks"
48${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
49 || fail "comments & blanks failed"
50
51verbose "$tid: junk command"
52${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
53 && fail "junk command succeeded"
54
55rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
56
57
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh
new file mode 100644
index 000000000..462c6802f
--- /dev/null
+++ b/regress/sftp-cmds.sh
@@ -0,0 +1,100 @@
1# $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
2# Placed in the Public Domain.
3
4# XXX - TODO:
5# - globbed operations
6# - chmod / chown / chgrp
7# - -p flag for get & put
8
9tid="sftp commands"
10
11DATA=/bin/ls
12COPY=${OBJ}/copy
13
14rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
15
16verbose "$tid: lls"
17echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
18 || fail "lls failed"
19# XXX always successful
20
21verbose "$tid: ls"
22echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
23 || fail "ls failed"
24# XXX always successful
25
26verbose "$tid: shell"
27echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
28 || fail "shell failed"
29# XXX always successful
30
31verbose "$tid: pwd"
32echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
33 || fail "pwd failed"
34# XXX always successful
35
36verbose "$tid: lpwd"
37echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
38 || fail "lpwd failed"
39# XXX always successful
40
41verbose "$tid: quit"
42echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
43 || fail "quit failed"
44# XXX always successful
45
46verbose "$tid: help"
47echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
48 || fail "help failed"
49# XXX always successful
50
51rm -f ${COPY}
52verbose "$tid: get"
53echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
54 || fail "get failed"
55cmp $DATA ${COPY} || fail "corrupted copy after get"
56
57rm -f ${COPY}
58verbose "$tid: put"
59echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
60 || fail "put failed"
61cmp $DATA ${COPY} || fail "corrupted copy after put"
62
63verbose "$tid: rename"
64echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
65 || fail "rename failed"
66test -f ${COPY}.1 || fail "missing file after rename"
67cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
68
69verbose "$tid: ln"
70echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
71test -L ${COPY}.2 || fail "missing file after ln"
72
73verbose "$tid: mkdir"
74echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
75 || fail "mkdir failed"
76test -d ${COPY}.dd || fail "missing directory after mkdir"
77
78# XXX do more here
79verbose "$tid: chdir"
80echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
81 || fail "chdir failed"
82
83verbose "$tid: rmdir"
84echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
85 || fail "rmdir failed"
86test -d ${COPY}.1 && fail "present directory after rmdir"
87
88verbose "$tid: lmkdir"
89echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
90 || fail "lmkdir failed"
91test -d ${COPY}.dd || fail "missing directory after lmkdir"
92
93# XXX do more here
94verbose "$tid: lchdir"
95echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
96 || fail "lchdir failed"
97
98rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
99
100
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh
index 84b0b471e..015ebbb8c 100644
--- a/regress/ssh-com-client.sh
+++ b/regress/ssh-com-client.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $ 1# $OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="connect with ssh.com client" 4tid="connect with ssh.com client"
@@ -15,7 +15,9 @@ VERSIONS="
15 2.3.1 15 2.3.1
16 2.4.0 16 2.4.0
17 3.0.0 17 3.0.0
18 3.1.0" 18 3.1.0
19 3.2.0
20 3.3.0"
19 21
20# 2.0.10 2.0.12 2.0.13 don't like the test setup 22# 2.0.10 2.0.12 2.0.13 don't like the test setup
21 23
diff --git a/regress/ssh-com-keygen.sh b/regress/ssh-com-keygen.sh
index 90ba2fcdc..e93dc78c9 100644
--- a/regress/ssh-com-keygen.sh
+++ b/regress/ssh-com-keygen.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $ 1# $OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh.com key import" 4tid="ssh.com key import"
@@ -18,7 +18,9 @@ VERSIONS="
18 2.3.1 18 2.3.1
19 2.4.0 19 2.4.0
20 3.0.0 20 3.0.0
21 3.1.0" 21 3.1.0
22 3.2.0
23 3.3.0"
22 24
23COMPRV=${OBJ}/comkey 25COMPRV=${OBJ}/comkey
24COMPUB=${COMPRV}.pub 26COMPUB=${COMPRV}.pub
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh
index 231efa132..f08018b84 100644
--- a/regress/ssh-com-sftp.sh
+++ b/regress/ssh-com-sftp.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $ 1# $OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="basic sftp put/get with ssh.com server" 4tid="basic sftp put/get with ssh.com server"
@@ -24,7 +24,9 @@ VERSIONS="
24 2.3.1 24 2.3.1
25 2.4.0 25 2.4.0
26 3.0.0 26 3.0.0
27 3.1.0" 27 3.1.0
28 3.2.0
29 3.3.0"
28 30
29# go for it 31# go for it
30for v in ${VERSIONS}; do 32for v in ${VERSIONS}; do
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh
index 6a199fa65..c2bd15380 100644
--- a/regress/ssh-com.sh
+++ b/regress/ssh-com.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ 1# $OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="connect to ssh.com server" 4tid="connect to ssh.com server"
@@ -14,17 +14,19 @@ VERSIONS="
14 2.1.0 14 2.1.0
15 2.2.0 15 2.2.0
16 2.3.0 16 2.3.0
17 2.3.1
18 2.4.0 17 2.4.0
19 3.0.0 18 3.0.0
20 3.1.0" 19 3.1.0
20 3.2.0
21 3.3.0"
21# 2.0.10 does not support UserConfigDirectory 22# 2.0.10 does not support UserConfigDirectory
23# 2.3.1 requires a config in $HOME/.ssh2
22 24
23SRC=`dirname ${SCRIPT}` 25SRC=`dirname ${SCRIPT}`
24 26
25# ssh.com 27# ssh.com
26cat << EOF > $OBJ/sshd2_config 28cat << EOF > $OBJ/sshd2_config
27*: 29#*:
28 # Port and ListenAdress are not used. 30 # Port and ListenAdress are not used.
29 QuietMode yes 31 QuietMode yes
30 Port 4343 32 Port 4343
diff --git a/scp.0 b/scp.0
index 8796681e6..9536d236e 100644
--- a/scp.0
+++ b/scp.0
@@ -1,17 +1,17 @@
1SCP(1) System General Commands Manual SCP(1) 1SCP(1) BSD General Commands Manual SCP(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 scp - secure copy (remote file copy program) 4 ^[[1mscp ^[[22mM-bMM-^R secure copy (remote file copy program)
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 scp [-pqrvBC46] [-F ssh_config] [-S program] [-P port] [-c cipher] 7 ^[[1mscp ^[[22m[^[[1mM-bMM-^RpqrvBC1246^[[22m] [^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[24m] [^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[24m] [^[[1mM-bMM-^RP ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher^[[24m]
8 [-i identity_file] [-o ssh_option] [[user@]host1:]file1 [...] 8 [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlimit^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[24m] [[^[[4muser@^[[24m]^[[4mhost1^[[24m:]^[[4mfile1^[[0m
9 [[user@]host2:]file2 9 [^[[4m...^[[24m] [[^[[4muser@^[[24m]^[[4mhost2^[[24m:]^[[4mfile2^[[0m
10 10
11DESCRIPTION 11^[[1mDESCRIPTION^[[0m
12 scp copies files between hosts on a network. It uses ssh(1) for data 12 ^[[1mscp ^[[22mcopies files between hosts on a network. It uses ssh(1) for data
13 transfer, and uses the same authentication and provides the same security 13 transfer, and uses the same authentication and provides the same security
14 as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if 14 as ssh(1). Unlike rcp(1), ^[[1mscp ^[[22mwill ask for passwords or passphrases if
15 they are needed for authentication. 15 they are needed for authentication.
16 16
17 Any file name may contain a host and user specification to indicate that 17 Any file name may contain a host and user specification to indicate that
@@ -20,69 +20,74 @@ DESCRIPTION
20 20
21 The options are as follows: 21 The options are as follows:
22 22
23 -c cipher 23 ^[[1mM-bMM-^Rc ^[[4m^[[22mcipher^[[0m
24 Selects the cipher to use for encrypting the data transfer. This 24 Selects the cipher to use for encrypting the data transfer. This
25 option is directly passed to ssh(1). 25 option is directly passed to ssh(1).
26 26
27 -i identity_file 27 ^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[0m
28 Selects the file from which the identity (private key) for RSA 28 Selects the file from which the identity (private key) for RSA
29 authentication is read. This option is directly passed to 29 authentication is read. This option is directly passed to
30 ssh(1). 30 ssh(1).
31 31
32 -p Preserves modification times, access times, and modes from the 32 ^[[1mM-bMM-^Rl ^[[4m^[[22mlimit^[[0m
33 Limits the used bandwidth, specified in Kbit/s.
34
35 ^[[1mM-bMM-^Rp ^[[22mPreserves modification times, access times, and modes from the
33 original file. 36 original file.
34 37
35 -r Recursively copy entire directories. 38 ^[[1mM-bMM-^Rr ^[[22mRecursively copy entire directories.
36 39
37 -v Verbose mode. Causes scp and ssh(1) to print debugging messages 40 ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1mscp ^[[22mand ssh(1) to print debugging messages
38 about their progress. This is helpful in debugging connection, 41 about their progress. This is helpful in debugging connection,
39 authentication, and configuration problems. 42 authentication, and configuration problems.
40 43
41 -B Selects batch mode (prevents asking for passwords or 44 ^[[1mM-bMM-^RB ^[[22mSelects batch mode (prevents asking for passwords or
42 passphrases). 45 passphrases).
43 46
44 -q Disables the progress meter. 47 ^[[1mM-bMM-^Rq ^[[22mDisables the progress meter.
45 48
46 -C Compression enable. Passes the -C flag to ssh(1) to enable comM-- 49 ^[[1mM-bMM-^RC ^[[22mCompression enable. Passes the ^[[1mM-bMM-^RC ^[[22mflag to ssh(1) to enable comM-bM-^@M-^P
47 pression. 50 pression.
48 51
49 -F ssh_config 52 ^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[0m
50 Specifies an alternative per-user configuration file for ssh. 53 Specifies an alternative perM-bM-^@M-^Puser configuration file for ^[[1mssh^[[22m.
51 This option is directly passed to ssh(1). 54 This option is directly passed to ssh(1).
52 55
53 -P port 56 ^[[1mM-bMM-^RP ^[[4m^[[22mport^[[0m
54 Specifies the port to connect to on the remote host. Note that 57 Specifies the port to connect to on the remote host. Note that
55 this option is written with a capital `P', because -p is already 58 this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because ^[[1mM-bMM-^Rp ^[[22mis already
56 reserved for preserving the times and modes of the file in 59 reserved for preserving the times and modes of the file in
57 rcp(1). 60 rcp(1).
58 61
59 -S program 62 ^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[0m
60 Name of program to use for the encrypted connection. The program 63 Name of ^[[4mprogram^[[24m to use for the encrypted connection. The program
61 must understand ssh(1) options. 64 must understand ssh(1) options.
62 65
63 -o ssh_option 66 ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m
64 Can be used to pass options to ssh in the format used in 67 Can be used to pass options to ^[[1mssh ^[[22min the format used in
65 ssh_config(5). This is useful for specifying options for which 68 ssh_config(5). This is useful for specifying options for which
66 there is no separate scp command-line flag. For example, forcing 69 there is no separate ^[[1mscp ^[[22mcommandM-bM-^@M-^Pline flag.
67 the use of protocol version 1 is specified using scp 70
68 -oProtocol=1. 71 ^[[1mM-bMM-^R1 ^[[22mForces ^[[1mscp ^[[22mto use protocol 1.
72
73 ^[[1mM-bMM-^R2 ^[[22mForces ^[[1mscp ^[[22mto use protocol 2.
69 74
70 -4 Forces scp to use IPv4 addresses only. 75 ^[[1mM-bMM-^R4 ^[[22mForces ^[[1mscp ^[[22mto use IPv4 addresses only.
71 76
72 -6 Forces scp to use IPv6 addresses only. 77 ^[[1mM-bMM-^R6 ^[[22mForces ^[[1mscp ^[[22mto use IPv6 addresses only.
73 78
74DIAGNOSTICS 79^[[1mDIAGNOSTICS^[[0m
75 scp exits with 0 on success or >0 if an error occurred. 80 ^[[1mscp ^[[22mexits with 0 on success or >0 if an error occurred.
76 81
77AUTHORS 82^[[1mAUTHORS^[[0m
78 Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi> 83 Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi>
79 84
80HISTORY 85^[[1mHISTORY^[[0m
81 scp is based on the rcp(1) program in BSD source code from the Regents of 86 ^[[1mscp ^[[22mis based on the rcp(1) program in BSD source code from the Regents of
82 the University of California. 87 the University of California.
83 88
84SEE ALSO 89^[[1mSEE ALSO^[[0m
85 rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 90 rcp(1), sftp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1),
86 ssh_config(5), sshd(8) 91 ssh_config(5), sshd(8)
87 92
88BSD September 25, 1999 BSD 93BSD September 25, 1999 BSD
diff --git a/scp.1 b/scp.1
index 396ab64be..89ebf7089 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $ 12.\" $OpenBSD: scp.1,v 1.26 2003/01/28 17:24:51 stevesk Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SCP 1 15.Dt SCP 1
@@ -19,12 +19,13 @@
19.Nd secure copy (remote file copy program) 19.Nd secure copy (remote file copy program)
20.Sh SYNOPSIS 20.Sh SYNOPSIS
21.Nm scp 21.Nm scp
22.Op Fl pqrvBC46 22.Op Fl pqrvBC1246
23.Op Fl F Ar ssh_config 23.Op Fl F Ar ssh_config
24.Op Fl S Ar program 24.Op Fl S Ar program
25.Op Fl P Ar port 25.Op Fl P Ar port
26.Op Fl c Ar cipher 26.Op Fl c Ar cipher
27.Op Fl i Ar identity_file 27.Op Fl i Ar identity_file
28.Op Fl l Ar limit
28.Op Fl o Ar ssh_option 29.Op Fl o Ar ssh_option
29.Sm off 30.Sm off
30.Oo 31.Oo
@@ -68,6 +69,8 @@ Selects the file from which the identity (private key) for RSA
68authentication is read. 69authentication is read.
69This option is directly passed to 70This option is directly passed to
70.Xr ssh 1 . 71.Xr ssh 1 .
72.It Fl l Ar limit
73Limits the used bandwidth, specified in Kbit/s.
71.It Fl p 74.It Fl p
72Preserves modification times, access times, and modes from the 75Preserves modification times, access times, and modes from the
73original file. 76original file.
@@ -122,9 +125,15 @@ in the format used in
122This is useful for specifying options 125This is useful for specifying options
123for which there is no separate 126for which there is no separate
124.Nm scp 127.Nm scp
125command-line flag. For example, forcing the use of protocol 128command-line flag.
126version 1 is specified using 129.It Fl 1
127.Ic scp -oProtocol=1 . 130Forces
131.Nm
132to use protocol 1.
133.It Fl 2
134Forces
135.Nm
136to use protocol 2.
128.It Fl 4 137.It Fl 4
129Forces 138Forces
130.Nm 139.Nm
diff --git a/scp.c b/scp.c
index 921ffeedc..35d4c5f71 100644
--- a/scp.c
+++ b/scp.c
@@ -75,13 +75,14 @@
75 */ 75 */
76 76
77#include "includes.h" 77#include "includes.h"
78RCSID("$OpenBSD: scp.c,v 1.91 2002/06/19 00:27:55 deraadt Exp $"); 78RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $");
79 79
80#include "xmalloc.h" 80#include "xmalloc.h"
81#include "atomicio.h" 81#include "atomicio.h"
82#include "pathnames.h" 82#include "pathnames.h"
83#include "log.h" 83#include "log.h"
84#include "misc.h" 84#include "misc.h"
85#include "progressmeter.h"
85 86
86#ifdef HAVE___PROGNAME 87#ifdef HAVE___PROGNAME
87extern char *__progname; 88extern char *__progname;
@@ -89,29 +90,13 @@ extern char *__progname;
89char *__progname; 90char *__progname;
90#endif 91#endif
91 92
92/* For progressmeter() -- number of seconds before xfer considered "stalled" */ 93void bwlimit(int);
93#define STALLTIME 5
94/* alarm() interval for updating progress meter */
95#define PROGRESSTIME 1
96
97/* Visual statistics about files as they are transferred. */
98void progressmeter(int);
99
100/* Returns width of the terminal (for progress meter calculations). */
101int getttywidth(void);
102int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc);
103 94
104/* Struct for addargs */ 95/* Struct for addargs */
105arglist args; 96arglist args;
106 97
107/* Time a transfer started. */ 98/* Bandwidth limit */
108static struct timeval start; 99off_t limitbw = 0;
109
110/* Number of bytes of current file transferred so far. */
111volatile off_t statbytes;
112
113/* Total size of current file. */
114off_t totalbytes = 0;
115 100
116/* Name of current file being transferred. */ 101/* Name of current file being transferred. */
117char *curfile; 102char *curfile;
@@ -125,6 +110,9 @@ int showprogress = 1;
125/* This is the program to execute for the secured connection. ("ssh" or -S) */ 110/* This is the program to execute for the secured connection. ("ssh" or -S) */
126char *ssh_program = _PATH_SSH_PROGRAM; 111char *ssh_program = _PATH_SSH_PROGRAM;
127 112
113/* This is used to store the pid of ssh_program */
114pid_t do_cmd_pid;
115
128/* 116/*
129 * This function executes the given command as the specified user on the 117 * This function executes the given command as the specified user on the
130 * given host. This returns < 0 if execution fails, and >= 0 otherwise. This 118 * given host. This returns < 0 if execution fails, and >= 0 otherwise. This
@@ -159,7 +147,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
159 close(reserved[1]); 147 close(reserved[1]);
160 148
161 /* For a child to execute the command on the remote host using ssh. */ 149 /* For a child to execute the command on the remote host using ssh. */
162 if (fork() == 0) { 150 do_cmd_pid = fork();
151 if (do_cmd_pid == 0) {
163 /* Child. */ 152 /* Child. */
164 close(pin[1]); 153 close(pin[1]);
165 close(pout[0]); 154 close(pout[0]);
@@ -177,6 +166,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
177 execvp(ssh_program, args.list); 166 execvp(ssh_program, args.list);
178 perror(ssh_program); 167 perror(ssh_program);
179 exit(1); 168 exit(1);
169 } else if (do_cmd_pid == -1) {
170 fatal("fork: %s", strerror(errno));
180 } 171 }
181 /* Parent. Close the other side, and return the local side. */ 172 /* Parent. Close the other side, and return the local side. */
182 close(pin[0]); 173 close(pin[0]);
@@ -219,8 +210,9 @@ main(argc, argv)
219 int argc; 210 int argc;
220 char *argv[]; 211 char *argv[];
221{ 212{
222 int ch, fflag, tflag; 213 int ch, fflag, tflag, status;
223 char *targ; 214 double speed;
215 char *targ, *endp;
224 extern char *optarg; 216 extern char *optarg;
225 extern int optind; 217 extern int optind;
226 218
@@ -233,9 +225,11 @@ main(argc, argv)
233 addargs(&args, "-oClearAllForwardings yes"); 225 addargs(&args, "-oClearAllForwardings yes");
234 226
235 fflag = tflag = 0; 227 fflag = tflag = 0;
236 while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1) 228 while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
237 switch (ch) { 229 switch (ch) {
238 /* User-visible flags. */ 230 /* User-visible flags. */
231 case '1':
232 case '2':
239 case '4': 233 case '4':
240 case '6': 234 case '6':
241 case 'C': 235 case 'C':
@@ -253,6 +247,12 @@ main(argc, argv)
253 case 'B': 247 case 'B':
254 addargs(&args, "-oBatchmode yes"); 248 addargs(&args, "-oBatchmode yes");
255 break; 249 break;
250 case 'l':
251 speed = strtod(optarg, &endp);
252 if (speed <= 0 || *endp != '\0')
253 usage();
254 limitbw = speed * 1024;
255 break;
256 case 'p': 256 case 'p':
257 pflag = 1; 257 pflag = 1;
258 break; 258 break;
@@ -317,6 +317,7 @@ main(argc, argv)
317 targetshouldbedirectory = 1; 317 targetshouldbedirectory = 1;
318 318
319 remin = remout = -1; 319 remin = remout = -1;
320 do_cmd_pid = -1;
320 /* Command to be executed on remote system using "ssh". */ 321 /* Command to be executed on remote system using "ssh". */
321 (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s", 322 (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s",
322 verbose_mode ? " -v" : "", 323 verbose_mode ? " -v" : "",
@@ -332,6 +333,22 @@ main(argc, argv)
332 if (targetshouldbedirectory) 333 if (targetshouldbedirectory)
333 verifydir(argv[argc - 1]); 334 verifydir(argv[argc - 1]);
334 } 335 }
336 /*
337 * Finally check the exit status of the ssh process, if one was forked
338 * and no error has occured yet
339 */
340 if (do_cmd_pid != -1 && errs == 0) {
341 if (remin != -1)
342 (void) close(remin);
343 if (remout != -1)
344 (void) close(remout);
345 if (waitpid(do_cmd_pid, &status, 0) == -1)
346 errs = 1;
347 else {
348 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
349 errs = 1;
350 }
351 }
335 exit(errs != 0); 352 exit(errs != 0);
336} 353}
337 354
@@ -347,14 +364,12 @@ toremote(targ, argc, argv)
347 if (*targ == 0) 364 if (*targ == 0)
348 targ = "."; 365 targ = ".";
349 366
350 if ((thost = strchr(argv[argc - 1], '@'))) { 367 if ((thost = strrchr(argv[argc - 1], '@'))) {
351 /* user@host */ 368 /* user@host */
352 *thost++ = 0; 369 *thost++ = 0;
353 tuser = argv[argc - 1]; 370 tuser = argv[argc - 1];
354 if (*tuser == '\0') 371 if (*tuser == '\0')
355 tuser = NULL; 372 tuser = NULL;
356 else if (!okname(tuser))
357 exit(1);
358 } else { 373 } else {
359 thost = argv[argc - 1]; 374 thost = argv[argc - 1];
360 tuser = NULL; 375 tuser = NULL;
@@ -368,7 +383,7 @@ toremote(targ, argc, argv)
368 *src++ = 0; 383 *src++ = 0;
369 if (*src == 0) 384 if (*src == 0)
370 src = "."; 385 src = ".";
371 host = strchr(argv[i], '@'); 386 host = strrchr(argv[i], '@');
372 len = strlen(ssh_program) + strlen(argv[i]) + 387 len = strlen(ssh_program) + strlen(argv[i]) +
373 strlen(src) + (tuser ? strlen(tuser) : 0) + 388 strlen(src) + (tuser ? strlen(tuser) : 0) +
374 strlen(thost) + strlen(targ) + 389 strlen(thost) + strlen(targ) +
@@ -380,8 +395,14 @@ toremote(targ, argc, argv)
380 suser = argv[i]; 395 suser = argv[i];
381 if (*suser == '\0') 396 if (*suser == '\0')
382 suser = pwd->pw_name; 397 suser = pwd->pw_name;
383 else if (!okname(suser)) 398 else if (!okname(suser)) {
399 xfree(bp);
384 continue; 400 continue;
401 }
402 if (tuser && !okname(tuser)) {
403 xfree(bp);
404 continue;
405 }
385 snprintf(bp, len, 406 snprintf(bp, len,
386 "%s%s %s -n " 407 "%s%s %s -n "
387 "-l %s %s %s %s '%s%s%s:%s'", 408 "-l %s %s %s %s '%s%s%s:%s'",
@@ -447,7 +468,7 @@ tolocal(argc, argv)
447 *src++ = 0; 468 *src++ = 0;
448 if (*src == 0) 469 if (*src == 0)
449 src = "."; 470 src = ".";
450 if ((host = strchr(argv[i], '@')) == NULL) { 471 if ((host = strrchr(argv[i], '@')) == NULL) {
451 host = argv[i]; 472 host = argv[i];
452 suser = NULL; 473 suser = NULL;
453 } else { 474 } else {
@@ -455,8 +476,6 @@ tolocal(argc, argv)
455 suser = argv[i]; 476 suser = argv[i];
456 if (*suser == '\0') 477 if (*suser == '\0')
457 suser = pwd->pw_name; 478 suser = pwd->pw_name;
458 else if (!okname(suser))
459 continue;
460 } 479 }
461 host = cleanhostname(host); 480 host = cleanhostname(host);
462 len = strlen(src) + CMDNEEDS + 20; 481 len = strlen(src) + CMDNEEDS + 20;
@@ -482,7 +501,7 @@ source(argc, argv)
482 struct stat stb; 501 struct stat stb;
483 static BUF buffer; 502 static BUF buffer;
484 BUF *bp; 503 BUF *bp;
485 off_t i, amt, result; 504 off_t i, amt, result, statbytes;
486 int fd, haderr, indx; 505 int fd, haderr, indx;
487 char *last, *name, buf[2048]; 506 char *last, *name, buf[2048];
488 int len; 507 int len;
@@ -547,7 +566,6 @@ syserr: run_err("%s: %s", name, strerror(errno));
547#endif 566#endif
548 if (verbose_mode) { 567 if (verbose_mode) {
549 fprintf(stderr, "Sending file modes: %s", buf); 568 fprintf(stderr, "Sending file modes: %s", buf);
550 fflush(stderr);
551 } 569 }
552 (void) atomicio(write, remout, buf, strlen(buf)); 570 (void) atomicio(write, remout, buf, strlen(buf));
553 if (response() < 0) 571 if (response() < 0)
@@ -556,10 +574,8 @@ syserr: run_err("%s: %s", name, strerror(errno));
556next: (void) close(fd); 574next: (void) close(fd);
557 continue; 575 continue;
558 } 576 }
559 if (showprogress) { 577 if (showprogress)
560 totalbytes = stb.st_size; 578 start_progress_meter(curfile, stb.st_size, &statbytes);
561 progressmeter(-1);
562 }
563 /* Keep writing after an error so that we stay sync'd up. */ 579 /* Keep writing after an error so that we stay sync'd up. */
564 for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { 580 for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
565 amt = bp->cnt; 581 amt = bp->cnt;
@@ -578,9 +594,11 @@ next: (void) close(fd);
578 haderr = result >= 0 ? EIO : errno; 594 haderr = result >= 0 ? EIO : errno;
579 statbytes += result; 595 statbytes += result;
580 } 596 }
597 if (limitbw)
598 bwlimit(amt);
581 } 599 }
582 if (showprogress) 600 if (showprogress)
583 progressmeter(1); 601 stop_progress_meter();
584 602
585 if (close(fd) < 0 && !haderr) 603 if (close(fd) < 0 && !haderr)
586 haderr = errno; 604 haderr = errno;
@@ -648,6 +666,60 @@ rsource(name, statp)
648} 666}
649 667
650void 668void
669bwlimit(int amount)
670{
671 static struct timeval bwstart, bwend;
672 static int lamt, thresh = 16384;
673 u_int64_t wait;
674 struct timespec ts, rm;
675
676 if (!timerisset(&bwstart)) {
677 gettimeofday(&bwstart, NULL);
678 return;
679 }
680
681 lamt += amount;
682 if (lamt < thresh)
683 return;
684
685 gettimeofday(&bwend, NULL);
686 timersub(&bwend, &bwstart, &bwend);
687 if (!timerisset(&bwend))
688 return;
689
690 lamt *= 8;
691 wait = (double)1000000L * lamt / limitbw;
692
693 bwstart.tv_sec = wait / 1000000L;
694 bwstart.tv_usec = wait % 1000000L;
695
696 if (timercmp(&bwstart, &bwend, >)) {
697 timersub(&bwstart, &bwend, &bwend);
698
699 /* Adjust the wait time */
700 if (bwend.tv_sec) {
701 thresh /= 2;
702 if (thresh < 2048)
703 thresh = 2048;
704 } else if (bwend.tv_usec < 100) {
705 thresh *= 2;
706 if (thresh > 32768)
707 thresh = 32768;
708 }
709
710 TIMEVAL_TO_TIMESPEC(&bwend, &ts);
711 while (nanosleep(&ts, &rm) == -1) {
712 if (errno != EINTR)
713 break;
714 ts = rm;
715 }
716 }
717
718 lamt = 0;
719 gettimeofday(&bwstart, NULL);
720}
721
722void
651sink(argc, argv) 723sink(argc, argv)
652 int argc; 724 int argc;
653 char *argv[]; 725 char *argv[];
@@ -660,7 +732,7 @@ sink(argc, argv)
660 BUF *bp; 732 BUF *bp;
661 off_t i, j; 733 off_t i, j;
662 int amt, count, exists, first, mask, mode, ofd, omode; 734 int amt, count, exists, first, mask, mode, ofd, omode;
663 off_t size; 735 off_t size, statbytes;
664 int setimes, targisdir, wrerrno = 0; 736 int setimes, targisdir, wrerrno = 0;
665 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; 737 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
666 struct timeval tv[2]; 738 struct timeval tv[2];
@@ -822,11 +894,9 @@ bad: run_err("%s: %s", np, strerror(errno));
822 cp = bp->buf; 894 cp = bp->buf;
823 wrerr = NO; 895 wrerr = NO;
824 896
825 if (showprogress) {
826 totalbytes = size;
827 progressmeter(-1);
828 }
829 statbytes = 0; 897 statbytes = 0;
898 if (showprogress)
899 start_progress_meter(curfile, size, &statbytes);
830 for (count = i = 0; i < size; i += 4096) { 900 for (count = i = 0; i < size; i += 4096) {
831 amt = 4096; 901 amt = 4096;
832 if (i + amt > size) 902 if (i + amt > size)
@@ -846,6 +916,10 @@ bad: run_err("%s: %s", np, strerror(errno));
846 cp += j; 916 cp += j;
847 statbytes += j; 917 statbytes += j;
848 } while (amt > 0); 918 } while (amt > 0);
919
920 if (limitbw)
921 bwlimit(4096);
922
849 if (count == bp->cnt) { 923 if (count == bp->cnt) {
850 /* Keep reading so we stay sync'd up. */ 924 /* Keep reading so we stay sync'd up. */
851 if (wrerr == NO) { 925 if (wrerr == NO) {
@@ -860,13 +934,13 @@ bad: run_err("%s: %s", np, strerror(errno));
860 } 934 }
861 } 935 }
862 if (showprogress) 936 if (showprogress)
863 progressmeter(1); 937 stop_progress_meter();
864 if (count != 0 && wrerr == NO && 938 if (count != 0 && wrerr == NO &&
865 (j = atomicio(write, ofd, bp->buf, count)) != count) { 939 (j = atomicio(write, ofd, bp->buf, count)) != count) {
866 wrerr = YES; 940 wrerr = YES;
867 wrerrno = j >= 0 ? EIO : errno; 941 wrerrno = j >= 0 ? EIO : errno;
868 } 942 }
869 if (ftruncate(ofd, size)) { 943 if (wrerr == NO && ftruncate(ofd, size) != 0) {
870 run_err("%s: truncate: %s", np, strerror(errno)); 944 run_err("%s: truncate: %s", np, strerror(errno));
871 wrerr = DISPLAYED; 945 wrerr = DISPLAYED;
872 } 946 }
@@ -955,8 +1029,8 @@ void
955usage(void) 1029usage(void)
956{ 1030{
957 (void) fprintf(stderr, 1031 (void) fprintf(stderr,
958 "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n" 1032 "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n"
959 " [-c cipher] [-i identity] [-o option]\n" 1033 " [-c cipher] [-i identity] [-l limit] [-o option]\n"
960 " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); 1034 " [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
961 exit(1); 1035 exit(1);
962} 1036}
@@ -1013,9 +1087,18 @@ okname(cp0)
1013 c = (int)*cp; 1087 c = (int)*cp;
1014 if (c & 0200) 1088 if (c & 0200)
1015 goto bad; 1089 goto bad;
1016 if (!isalpha(c) && !isdigit(c) && 1090 if (!isalpha(c) && !isdigit(c)) {
1017 c != '_' && c != '-' && c != '.' && c != '+') 1091 switch (c) {
1018 goto bad; 1092 case '\'':
1093 case '"':
1094 case '`':
1095 case ' ':
1096 case '#':
1097 goto bad;
1098 default:
1099 break;
1100 }
1101 }
1019 } while (*++cp); 1102 } while (*++cp);
1020 return (1); 1103 return (1);
1021 1104
@@ -1036,11 +1119,9 @@ allocbuf(bp, fd, blksize)
1036 run_err("fstat: %s", strerror(errno)); 1119 run_err("fstat: %s", strerror(errno));
1037 return (0); 1120 return (0);
1038 } 1121 }
1039 if (stb.st_blksize == 0) 1122 size = roundup(stb.st_blksize, blksize);
1123 if (size == 0)
1040 size = blksize; 1124 size = blksize;
1041 else
1042 size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
1043 stb.st_blksize;
1044#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */ 1125#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */
1045 size = blksize; 1126 size = blksize;
1046#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ 1127#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */
@@ -1066,149 +1147,3 @@ lostconn(signo)
1066 else 1147 else
1067 exit(1); 1148 exit(1);
1068} 1149}
1069
1070static void
1071updateprogressmeter(int ignore)
1072{
1073 int save_errno = errno;
1074
1075 progressmeter(0);
1076 signal(SIGALRM, updateprogressmeter);
1077 alarm(PROGRESSTIME);
1078 errno = save_errno;
1079}
1080
1081static int
1082foregroundproc(void)
1083{
1084 static pid_t pgrp = -1;
1085 int ctty_pgrp;
1086
1087 if (pgrp == -1)
1088 pgrp = getpgrp();
1089
1090#ifdef HAVE_TCGETPGRP
1091 return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
1092 ctty_pgrp == pgrp);
1093#else
1094 return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
1095 ctty_pgrp == pgrp));
1096#endif
1097}
1098
1099void
1100progressmeter(int flag)
1101{
1102 static const char prefixes[] = " KMGTP";
1103 static struct timeval lastupdate;
1104 static off_t lastsize;
1105 struct timeval now, td, wait;
1106 off_t cursize, abbrevsize;
1107 double elapsed;
1108 int ratio, barlength, i, remaining;
1109 char buf[512];
1110
1111 if (flag == -1) {
1112 (void) gettimeofday(&start, (struct timezone *) 0);
1113 lastupdate = start;
1114 lastsize = 0;
1115 }
1116 if (foregroundproc() == 0)
1117 return;
1118
1119 (void) gettimeofday(&now, (struct timezone *) 0);
1120 cursize = statbytes;
1121 if (totalbytes != 0) {
1122 ratio = 100.0 * cursize / totalbytes;
1123 ratio = MAX(ratio, 0);
1124 ratio = MIN(ratio, 100);
1125 } else
1126 ratio = 100;
1127
1128 snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio);
1129
1130 barlength = getttywidth() - 51;
1131 if (barlength > 0) {
1132 i = barlength * ratio / 100;
1133 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1134 "|%.*s%*s|", i,
1135 "*******************************************************"
1136 "*******************************************************"
1137 "*******************************************************"
1138 "*******************************************************"
1139 "*******************************************************"
1140 "*******************************************************"
1141 "*******************************************************",
1142 barlength - i, "");
1143 }
1144 i = 0;
1145 abbrevsize = cursize;
1146 while (abbrevsize >= 100000 && i < sizeof(prefixes)) {
1147 i++;
1148 abbrevsize >>= 10;
1149 }
1150 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ",
1151 (unsigned long) abbrevsize, prefixes[i],
1152 prefixes[i] == ' ' ? ' ' : 'B');
1153
1154 timersub(&now, &lastupdate, &wait);
1155 if (cursize > lastsize) {
1156 lastupdate = now;
1157 lastsize = cursize;
1158 if (wait.tv_sec >= STALLTIME) {
1159 start.tv_sec += wait.tv_sec;
1160 start.tv_usec += wait.tv_usec;
1161 }
1162 wait.tv_sec = 0;
1163 }
1164 timersub(&now, &start, &td);
1165 elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
1166
1167 if (flag != 1 &&
1168 (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) {
1169 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1170 " --:-- ETA");
1171 } else if (wait.tv_sec >= STALLTIME) {
1172 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1173 " - stalled -");
1174 } else {
1175 if (flag != 1)
1176 remaining = (int)(totalbytes / (statbytes / elapsed) -
1177 elapsed);
1178 else
1179 remaining = elapsed;
1180
1181 i = remaining / 3600;
1182 if (i)
1183 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1184 "%2d:", i);
1185 else
1186 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1187 " ");
1188 i = remaining % 3600;
1189 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1190 "%02d:%02d%s", i / 60, i % 60,
1191 (flag != 1) ? " ETA" : " ");
1192 }
1193 atomicio(write, fileno(stdout), buf, strlen(buf));
1194
1195 if (flag == -1) {
1196 mysignal(SIGALRM, updateprogressmeter);
1197 alarm(PROGRESSTIME);
1198 } else if (flag == 1) {
1199 alarm(0);
1200 atomicio(write, fileno(stdout), "\n", 1);
1201 statbytes = 0;
1202 }
1203}
1204
1205int
1206getttywidth(void)
1207{
1208 struct winsize winsize;
1209
1210 if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
1211 return (winsize.ws_col ? winsize.ws_col : 80);
1212 else
1213 return (80);
1214}
diff --git a/servconf.c b/servconf.c
index e3939df40..2510659ee 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
14 14
15#if defined(KRB4) 15#if defined(KRB4)
16#include <krb.h> 16#include <krb.h>
@@ -935,6 +935,7 @@ read_server_config(ServerOptions *options, const char *filename)
935 char line[1024]; 935 char line[1024];
936 FILE *f; 936 FILE *f;
937 937
938 debug2("read_server_config: filename %s", filename);
938 f = fopen(filename, "r"); 939 f = fopen(filename, "r");
939 if (!f) { 940 if (!f) {
940 perror(filename); 941 perror(filename);
diff --git a/session.c b/session.c
index 9074525a4..c75fea966 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); 36RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -201,6 +201,8 @@ auth_input_request_forwarding(struct passwd * pw)
201void 201void
202do_authenticated(Authctxt *authctxt) 202do_authenticated(Authctxt *authctxt)
203{ 203{
204 setproctitle("%s", authctxt->pw->pw_name);
205
204 /* 206 /*
205 * Cancel the alarm we set to limit the time taken for 207 * Cancel the alarm we set to limit the time taken for
206 * authentication. 208 * authentication.
@@ -689,7 +691,7 @@ do_pre_login(Session *s)
689 691
690 record_utmp_only(pid, s->tty, s->pw->pw_name, 692 record_utmp_only(pid, s->tty, s->pw->pw_name,
691 get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), 693 get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
692 (struct sockaddr *)&from); 694 (struct sockaddr *)&from, fromlen);
693} 695}
694#endif 696#endif
695 697
@@ -730,8 +732,8 @@ do_login(Session *s, const char *command)
730 * the address be 0.0.0.0. 732 * the address be 0.0.0.0.
731 */ 733 */
732 memset(&from, 0, sizeof(from)); 734 memset(&from, 0, sizeof(from));
735 fromlen = sizeof(from);
733 if (packet_connection_is_on_socket()) { 736 if (packet_connection_is_on_socket()) {
734 fromlen = sizeof(from);
735 if (getpeername(packet_get_connection_in(), 737 if (getpeername(packet_get_connection_in(),
736 (struct sockaddr *) & from, &fromlen) < 0) { 738 (struct sockaddr *) & from, &fromlen) < 0) {
737 debug("getpeername: %.100s", strerror(errno)); 739 debug("getpeername: %.100s", strerror(errno));
@@ -949,7 +951,7 @@ do_setup_env(Session *s, const char *shell)
949{ 951{
950 char buf[256]; 952 char buf[256];
951 u_int i, envsize; 953 u_int i, envsize;
952 char **env; 954 char **env, *laddr;
953 struct passwd *pw = s->pw; 955 struct passwd *pw = s->pw;
954 956
955 /* Initialize the environment. */ 957 /* Initialize the environment. */
@@ -969,6 +971,9 @@ do_setup_env(Session *s, const char *shell)
969 /* Set basic environment. */ 971 /* Set basic environment. */
970 child_set_env(&env, &envsize, "USER", pw->pw_name); 972 child_set_env(&env, &envsize, "USER", pw->pw_name);
971 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); 973 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
974#ifdef _AIX
975 child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
976#endif
972 child_set_env(&env, &envsize, "HOME", pw->pw_dir); 977 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
973#ifdef HAVE_LOGIN_CAP 978#ifdef HAVE_LOGIN_CAP
974 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) 979 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
@@ -1025,9 +1030,10 @@ do_setup_env(Session *s, const char *shell)
1025 get_remote_ipaddr(), get_remote_port(), get_local_port()); 1030 get_remote_ipaddr(), get_remote_port(), get_local_port());
1026 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1031 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1027 1032
1033 laddr = get_local_ipaddr(packet_get_connection_in());
1028 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1034 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1029 get_remote_ipaddr(), get_remote_port(), 1035 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
1030 get_local_ipaddr(packet_get_connection_in()), get_local_port()); 1036 xfree(laddr);
1031 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1037 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1032 1038
1033 if (s->ttyfd != -1) 1039 if (s->ttyfd != -1)
@@ -1146,8 +1152,10 @@ do_rc_files(Session *s, const char *shell)
1146 /* Add authority data to .Xauthority if appropriate. */ 1152 /* Add authority data to .Xauthority if appropriate. */
1147 if (debug_flag) { 1153 if (debug_flag) {
1148 fprintf(stderr, 1154 fprintf(stderr,
1149 "Running %.500s add " 1155 "Running %.500s remove %.100s\n",
1150 "%.100s %.100s %.100s\n", 1156 options.xauth_location, s->auth_display);
1157 fprintf(stderr,
1158 "%.500s add %.100s %.100s %.100s\n",
1151 options.xauth_location, s->auth_display, 1159 options.xauth_location, s->auth_display,
1152 s->auth_proto, s->auth_data); 1160 s->auth_proto, s->auth_data);
1153 } 1161 }
@@ -1155,6 +1163,8 @@ do_rc_files(Session *s, const char *shell)
1155 options.xauth_location); 1163 options.xauth_location);
1156 f = popen(cmd, "w"); 1164 f = popen(cmd, "w");
1157 if (f) { 1165 if (f) {
1166 fprintf(f, "remove %s\n",
1167 s->auth_display);
1158 fprintf(f, "add %s %s %s\n", 1168 fprintf(f, "add %s %s %s\n",
1159 s->auth_display, s->auth_proto, 1169 s->auth_display, s->auth_proto,
1160 s->auth_data); 1170 s->auth_data);
@@ -1187,6 +1197,7 @@ do_nologin(struct passwd *pw)
1187 while (fgets(buf, sizeof(buf), f)) 1197 while (fgets(buf, sizeof(buf), f))
1188 fputs(buf, stderr); 1198 fputs(buf, stderr);
1189 fclose(f); 1199 fclose(f);
1200 fflush(NULL);
1190 exit(254); 1201 exit(254);
1191 } 1202 }
1192} 1203}
@@ -1195,11 +1206,11 @@ do_nologin(struct passwd *pw)
1195void 1206void
1196do_setusercontext(struct passwd *pw) 1207do_setusercontext(struct passwd *pw)
1197{ 1208{
1198#ifdef HAVE_CYGWIN 1209#ifndef HAVE_CYGWIN
1199 if (is_winnt) { 1210 if (getuid() == 0 || geteuid() == 0)
1200#else /* HAVE_CYGWIN */
1201 if (getuid() == 0 || geteuid() == 0) {
1202#endif /* HAVE_CYGWIN */ 1211#endif /* HAVE_CYGWIN */
1212 {
1213
1203#ifdef HAVE_SETPCRED 1214#ifdef HAVE_SETPCRED
1204 setpcred(pw->pw_name); 1215 setpcred(pw->pw_name);
1205#endif /* HAVE_SETPCRED */ 1216#endif /* HAVE_SETPCRED */
@@ -1249,6 +1260,10 @@ do_setusercontext(struct passwd *pw)
1249 permanently_set_uid(pw); 1260 permanently_set_uid(pw);
1250#endif 1261#endif
1251 } 1262 }
1263
1264#ifdef HAVE_CYGWIN
1265 if (is_winnt)
1266#endif
1252 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1267 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
1253 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1268 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
1254} 1269}
@@ -1306,7 +1321,7 @@ do_child(Session *s, const char *command)
1306 */ 1321 */
1307 if (!options.use_login) { 1322 if (!options.use_login) {
1308#ifdef HAVE_OSF_SIA 1323#ifdef HAVE_OSF_SIA
1309 session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); 1324 session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
1310 if (!check_quietlogin(s, command)) 1325 if (!check_quietlogin(s, command))
1311 do_motd(); 1326 do_motd();
1312#else /* HAVE_OSF_SIA */ 1327#else /* HAVE_OSF_SIA */
@@ -1320,12 +1335,17 @@ do_child(Session *s, const char *command)
1320 * legal, and means /bin/sh. 1335 * legal, and means /bin/sh.
1321 */ 1336 */
1322 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 1337 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
1338
1339 /*
1340 * Make sure $SHELL points to the shell from the password file,
1341 * even if shell is overridden from login.conf
1342 */
1343 env = do_setup_env(s, shell);
1344
1323#ifdef HAVE_LOGIN_CAP 1345#ifdef HAVE_LOGIN_CAP
1324 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); 1346 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
1325#endif 1347#endif
1326 1348
1327 env = do_setup_env(s, shell);
1328
1329 /* we have to stash the hostname before we close our socket. */ 1349 /* we have to stash the hostname before we close our socket. */
1330 if (options.use_login) 1350 if (options.use_login)
1331 hostname = get_remote_name_or_ip(utmp_len, 1351 hostname = get_remote_name_or_ip(utmp_len,
@@ -1989,13 +2009,22 @@ session_tty_list(void)
1989{ 2009{
1990 static char buf[1024]; 2010 static char buf[1024];
1991 int i; 2011 int i;
2012 char *cp;
2013
1992 buf[0] = '\0'; 2014 buf[0] = '\0';
1993 for (i = 0; i < MAX_SESSIONS; i++) { 2015 for (i = 0; i < MAX_SESSIONS; i++) {
1994 Session *s = &sessions[i]; 2016 Session *s = &sessions[i];
1995 if (s->used && s->ttyfd != -1) { 2017 if (s->used && s->ttyfd != -1) {
2018
2019 if (strncmp(s->tty, "/dev/", 5) != 0) {
2020 cp = strrchr(s->tty, '/');
2021 cp = (cp == NULL) ? s->tty : cp + 1;
2022 } else
2023 cp = s->tty + 5;
2024
1996 if (buf[0] != '\0') 2025 if (buf[0] != '\0')
1997 strlcat(buf, ",", sizeof buf); 2026 strlcat(buf, ",", sizeof buf);
1998 strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); 2027 strlcat(buf, cp, sizeof buf);
1999 } 2028 }
2000 } 2029 }
2001 if (buf[0] == '\0') 2030 if (buf[0] == '\0')
diff --git a/sftp-client.c b/sftp-client.c
index f6a73f379..3b3279e65 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2001,2002 Damien Miller. All rights reserved. 2 * Copyright (c) 2001-2003 Damien Miller. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -28,7 +28,7 @@
28/* XXX: copy between two remote sites */ 28/* XXX: copy between two remote sites */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $"); 31RCSID("$OpenBSD: sftp-client.c,v 1.42 2003/03/05 22:33:43 markus Exp $");
32 32
33#include "openbsd-compat/sys-queue.h" 33#include "openbsd-compat/sys-queue.h"
34 34
@@ -38,14 +38,20 @@ RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $");
38#include "xmalloc.h" 38#include "xmalloc.h"
39#include "log.h" 39#include "log.h"
40#include "atomicio.h" 40#include "atomicio.h"
41#include "progressmeter.h"
41 42
42#include "sftp.h" 43#include "sftp.h"
43#include "sftp-common.h" 44#include "sftp-common.h"
44#include "sftp-client.h" 45#include "sftp-client.h"
45 46
47extern int showprogress;
48
46/* Minimum amount of data to read at at time */ 49/* Minimum amount of data to read at at time */
47#define MIN_READ_SIZE 512 50#define MIN_READ_SIZE 512
48 51
52/* Maximum packet size */
53#define MAX_MSG_LENGTH (256 * 1024)
54
49struct sftp_conn { 55struct sftp_conn {
50 int fd_in; 56 int fd_in;
51 int fd_out; 57 int fd_out;
@@ -58,48 +64,45 @@ struct sftp_conn {
58static void 64static void
59send_msg(int fd, Buffer *m) 65send_msg(int fd, Buffer *m)
60{ 66{
61 int mlen = buffer_len(m); 67 u_char mlen[4];
62 int len; 68
63 Buffer oqueue; 69 if (buffer_len(m) > MAX_MSG_LENGTH)
70 fatal("Outbound message too long %u", buffer_len(m));
64 71
65 buffer_init(&oqueue); 72 /* Send length first */
66 buffer_put_int(&oqueue, mlen); 73 PUT_32BIT(mlen, buffer_len(m));
67 buffer_append(&oqueue, buffer_ptr(m), mlen); 74 if (atomicio(write, fd, mlen, sizeof(mlen)) <= 0)
68 buffer_consume(m, mlen); 75 fatal("Couldn't send packet: %s", strerror(errno));
69 76
70 len = atomicio(write, fd, buffer_ptr(&oqueue), buffer_len(&oqueue)); 77 if (atomicio(write, fd, buffer_ptr(m), buffer_len(m)) <= 0)
71 if (len <= 0)
72 fatal("Couldn't send packet: %s", strerror(errno)); 78 fatal("Couldn't send packet: %s", strerror(errno));
73 79
74 buffer_free(&oqueue); 80 buffer_clear(m);
75} 81}
76 82
77static void 83static void
78get_msg(int fd, Buffer *m) 84get_msg(int fd, Buffer *m)
79{ 85{
80 u_int len, msg_len; 86 ssize_t len;
81 unsigned char buf[4096]; 87 u_int msg_len;
82 88
83 len = atomicio(read, fd, buf, 4); 89 buffer_append_space(m, 4);
90 len = atomicio(read, fd, buffer_ptr(m), 4);
84 if (len == 0) 91 if (len == 0)
85 fatal("Connection closed"); 92 fatal("Connection closed");
86 else if (len == -1) 93 else if (len == -1)
87 fatal("Couldn't read packet: %s", strerror(errno)); 94 fatal("Couldn't read packet: %s", strerror(errno));
88 95
89 msg_len = GET_32BIT(buf); 96 msg_len = buffer_get_int(m);
90 if (msg_len > 256 * 1024) 97 if (msg_len > MAX_MSG_LENGTH)
91 fatal("Received message too long %u", msg_len); 98 fatal("Received message too long %u", msg_len);
92 99
93 while (msg_len) { 100 buffer_append_space(m, msg_len);
94 len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); 101 len = atomicio(read, fd, buffer_ptr(m), msg_len);
95 if (len == 0) 102 if (len == 0)
96 fatal("Connection closed"); 103 fatal("Connection closed");
97 else if (len == -1) 104 else if (len == -1)
98 fatal("Couldn't read packet: %s", strerror(errno)); 105 fatal("Read packet: %s", strerror(errno));
99
100 msg_len -= len;
101 buffer_append(m, buf, len);
102 }
103} 106}
104 107
105static void 108static void
@@ -371,6 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
371 error("Couldn't read directory: %s", 374 error("Couldn't read directory: %s",
372 fx2txt(status)); 375 fx2txt(status));
373 do_close(conn, handle, handle_len); 376 do_close(conn, handle, handle_len);
377 xfree(handle);
374 return(status); 378 return(status);
375 } 379 }
376 } else if (type != SSH2_FXP_NAME) 380 } else if (type != SSH2_FXP_NAME)
@@ -660,7 +664,7 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
660 664
661 status = get_status(conn->fd_in, id); 665 status = get_status(conn->fd_in, id);
662 if (status != SSH2_FX_OK) 666 if (status != SSH2_FX_OK)
663 error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath, 667 error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath,
664 newpath, fx2txt(status)); 668 newpath, fx2txt(status));
665 669
666 return(status); 670 return(status);
@@ -741,6 +745,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
741 int read_error, write_errno; 745 int read_error, write_errno;
742 u_int64_t offset, size; 746 u_int64_t offset, size;
743 u_int handle_len, mode, type, id, buflen; 747 u_int handle_len, mode, type, id, buflen;
748 off_t progress_counter;
744 struct request { 749 struct request {
745 u_int id; 750 u_int id;
746 u_int len; 751 u_int len;
@@ -758,13 +763,13 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
758 763
759 /* XXX: should we preserve set[ug]id? */ 764 /* XXX: should we preserve set[ug]id? */
760 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) 765 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
761 mode = S_IWRITE | (a->perm & 0777); 766 mode = a->perm & 0777;
762 else 767 else
763 mode = 0666; 768 mode = 0666;
764 769
765 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && 770 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
766 (a->perm & S_IFDIR)) { 771 (!S_ISREG(a->perm))) {
767 error("Cannot download a directory: %s", remote_path); 772 error("Cannot download non-regular file: %s", remote_path);
768 return(-1); 773 return(-1);
769 } 774 }
770 775
@@ -793,7 +798,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
793 return(-1); 798 return(-1);
794 } 799 }
795 800
796 local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode); 801 local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
802 mode | S_IWRITE);
797 if (local_fd == -1) { 803 if (local_fd == -1) {
798 error("Couldn't open local file \"%s\" for writing: %s", 804 error("Couldn't open local file \"%s\" for writing: %s",
799 local_path, strerror(errno)); 805 local_path, strerror(errno));
@@ -805,6 +811,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
805 /* Read from remote and write to local */ 811 /* Read from remote and write to local */
806 write_error = read_error = write_errno = num_req = offset = 0; 812 write_error = read_error = write_errno = num_req = offset = 0;
807 max_req = 1; 813 max_req = 1;
814 progress_counter = 0;
815
816 if (showprogress) {
817 if (size)
818 start_progress_meter(remote_path, size,
819 &progress_counter);
820 else
821 printf("Fetching %s to %s\n", remote_path, local_path);
822 }
823
808 while (num_req > 0 || max_req > 0) { 824 while (num_req > 0 || max_req > 0) {
809 char *data; 825 char *data;
810 u_int len; 826 u_int len;
@@ -857,14 +873,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
857 (unsigned long long)req->offset + len - 1); 873 (unsigned long long)req->offset + len - 1);
858 if (len > req->len) 874 if (len > req->len)
859 fatal("Received more data than asked for " 875 fatal("Received more data than asked for "
860 "%u > %u", len, req->len); 876 "%u > %u", len, req->len);
861 if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || 877 if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
862 atomicio(write, local_fd, data, len) != len) && 878 atomicio(write, local_fd, data, len) != len) &&
863 !write_error) { 879 !write_error) {
864 write_errno = errno; 880 write_errno = errno;
865 write_error = 1; 881 write_error = 1;
866 max_req = 0; 882 max_req = 0;
867 } 883 }
884 progress_counter += len;
868 xfree(data); 885 xfree(data);
869 886
870 if (len == req->len) { 887 if (len == req->len) {
@@ -907,6 +924,9 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
907 } 924 }
908 } 925 }
909 926
927 if (showprogress && size)
928 stop_progress_meter();
929
910 /* Sanity check */ 930 /* Sanity check */
911 if (TAILQ_FIRST(&requests) != NULL) 931 if (TAILQ_FIRST(&requests) != NULL)
912 fatal("Transfer complete, but requests still in queue"); 932 fatal("Transfer complete, but requests still in queue");
@@ -930,7 +950,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
930 if (pflag && chmod(local_path, mode) == -1) 950 if (pflag && chmod(local_path, mode) == -1)
931#endif /* HAVE_FCHMOD */ 951#endif /* HAVE_FCHMOD */
932 error("Couldn't set mode on \"%s\": %s", local_path, 952 error("Couldn't set mode on \"%s\": %s", local_path,
933 strerror(errno)); 953 strerror(errno));
934 if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { 954 if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
935 struct timeval tv[2]; 955 struct timeval tv[2];
936 tv[0].tv_sec = a->atime; 956 tv[0].tv_sec = a->atime;
@@ -938,7 +958,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
938 tv[0].tv_usec = tv[1].tv_usec = 0; 958 tv[0].tv_usec = tv[1].tv_usec = 0;
939 if (utimes(local_path, tv) == -1) 959 if (utimes(local_path, tv) == -1)
940 error("Can't set times on \"%s\": %s", 960 error("Can't set times on \"%s\": %s",
941 local_path, strerror(errno)); 961 local_path, strerror(errno));
942 } 962 }
943 } 963 }
944 close(local_fd); 964 close(local_fd);
@@ -983,6 +1003,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
983 close(local_fd); 1003 close(local_fd);
984 return(-1); 1004 return(-1);
985 } 1005 }
1006 if (!S_ISREG(sb.st_mode)) {
1007 error("%s is not a regular file", local_path);
1008 close(local_fd);
1009 return(-1);
1010 }
986 stat_to_attrib(&sb, &a); 1011 stat_to_attrib(&sb, &a);
987 1012
988 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; 1013 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
@@ -1017,6 +1042,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1017 1042
1018 /* Read from local and write to remote */ 1043 /* Read from local and write to remote */
1019 offset = 0; 1044 offset = 0;
1045 if (showprogress)
1046 start_progress_meter(local_path, sb.st_size, &offset);
1047 else
1048 printf("Uploading %s to %s\n", local_path, remote_path);
1049
1020 for (;;) { 1050 for (;;) {
1021 int len; 1051 int len;
1022 1052
@@ -1047,7 +1077,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1047 buffer_put_string(&msg, data, len); 1077 buffer_put_string(&msg, data, len);
1048 send_msg(conn->fd_out, &msg); 1078 send_msg(conn->fd_out, &msg);
1049 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", 1079 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
1050 id, (unsigned long long)offset, len); 1080 id, (unsigned long long)offset, len);
1051 } else if (TAILQ_FIRST(&acks) == NULL) 1081 } else if (TAILQ_FIRST(&acks) == NULL)
1052 break; 1082 break;
1053 1083
@@ -1081,9 +1111,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1081 1111
1082 if (status != SSH2_FX_OK) { 1112 if (status != SSH2_FX_OK) {
1083 error("Couldn't write to remote file \"%s\": %s", 1113 error("Couldn't write to remote file \"%s\": %s",
1084 remote_path, fx2txt(status)); 1114 remote_path, fx2txt(status));
1085 do_close(conn, handle, handle_len); 1115 do_close(conn, handle, handle_len);
1086 close(local_fd); 1116 close(local_fd);
1117 xfree(data);
1118 xfree(ack);
1087 goto done; 1119 goto done;
1088 } 1120 }
1089 debug3("In write loop, ack for %u %u bytes at %llu", 1121 debug3("In write loop, ack for %u %u bytes at %llu",
@@ -1093,6 +1125,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1093 } 1125 }
1094 offset += len; 1126 offset += len;
1095 } 1127 }
1128 if (showprogress)
1129 stop_progress_meter();
1096 xfree(data); 1130 xfree(data);
1097 1131
1098 if (close(local_fd) == -1) { 1132 if (close(local_fd) == -1) {
diff --git a/sftp-common.c b/sftp-common.c
index 082345486..31d41385b 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $"); 27RCSID("$OpenBSD: sftp-common.c,v 1.8 2002/10/16 14:31:48 itojun Exp $");
28 28
29#include "buffer.h" 29#include "buffer.h"
30#include "bufaux.h" 30#include "bufaux.h"
@@ -208,6 +208,6 @@ ls_file(char *name, struct stat *st, int remote)
208 glen = MAX(strlen(group), 8); 208 glen = MAX(strlen(group), 8);
209 snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, 209 snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode,
210 st->st_nlink, ulen, user, glen, group, 210 st->st_nlink, ulen, user, glen, group,
211 (u_int64_t)st->st_size, tbuf, name); 211 (unsigned long long)st->st_size, tbuf, name);
212 return xstrdup(buf); 212 return xstrdup(buf);
213} 213}
diff --git a/sftp-int.c b/sftp-int.c
index 6a2012910..6987de9a3 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -25,7 +25,7 @@
25/* XXX: recursive operations */ 25/* XXX: recursive operations */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $"); 28RCSID("$OpenBSD: sftp-int.c,v 1.57 2003/03/05 22:33:43 markus Exp $");
29 29
30#include "buffer.h" 30#include "buffer.h"
31#include "xmalloc.h" 31#include "xmalloc.h"
@@ -47,6 +47,9 @@ extern size_t copy_buffer_len;
47/* Number of concurrent outstanding requests */ 47/* Number of concurrent outstanding requests */
48extern int num_requests; 48extern int num_requests;
49 49
50/* This is set to 0 if the progressmeter is not desired. */
51int showprogress = 1;
52
50/* Seperators for interactive commands */ 53/* Seperators for interactive commands */
51#define WHITESPACE " \t\r\n" 54#define WHITESPACE " \t\r\n"
52 55
@@ -73,13 +76,14 @@ extern int num_requests;
73#define I_SHELL 20 76#define I_SHELL 20
74#define I_SYMLINK 21 77#define I_SYMLINK 21
75#define I_VERSION 22 78#define I_VERSION 22
79#define I_PROGRESS 23
76 80
77struct CMD { 81struct CMD {
78 const char *c; 82 const char *c;
79 const int n; 83 const int n;
80}; 84};
81 85
82const struct CMD cmds[] = { 86static const struct CMD cmds[] = {
83 { "bye", I_QUIT }, 87 { "bye", I_QUIT },
84 { "cd", I_CHDIR }, 88 { "cd", I_CHDIR },
85 { "chdir", I_CHDIR }, 89 { "chdir", I_CHDIR },
@@ -100,6 +104,7 @@ const struct CMD cmds[] = {
100 { "ls", I_LS }, 104 { "ls", I_LS },
101 { "lumask", I_LUMASK }, 105 { "lumask", I_LUMASK },
102 { "mkdir", I_MKDIR }, 106 { "mkdir", I_MKDIR },
107 { "progress", I_PROGRESS },
103 { "put", I_PUT }, 108 { "put", I_PUT },
104 { "mput", I_PUT }, 109 { "mput", I_PUT },
105 { "pwd", I_PWD }, 110 { "pwd", I_PWD },
@@ -132,6 +137,7 @@ help(void)
132 printf("ls [path] Display remote directory listing\n"); 137 printf("ls [path] Display remote directory listing\n");
133 printf("lumask umask Set local umask to 'umask'\n"); 138 printf("lumask umask Set local umask to 'umask'\n");
134 printf("mkdir path Create remote directory\n"); 139 printf("mkdir path Create remote directory\n");
140 printf("progress Toggle display of progress meter\n");
135 printf("put local-path [remote-path] Upload file\n"); 141 printf("put local-path [remote-path] Upload file\n");
136 printf("pwd Display remote working directory\n"); 142 printf("pwd Display remote working directory\n");
137 printf("exit Quit sftp\n"); 143 printf("exit Quit sftp\n");
@@ -375,6 +381,17 @@ is_dir(char *path)
375} 381}
376 382
377static int 383static int
384is_reg(char *path)
385{
386 struct stat sb;
387
388 if (stat(path, &sb) == -1)
389 fatal("stat %s: %s", path, strerror(errno));
390
391 return(S_ISREG(sb.st_mode));
392}
393
394static int
378remote_is_dir(struct sftp_conn *conn, char *path) 395remote_is_dir(struct sftp_conn *conn, char *path)
379{ 396{
380 Attrib *a; 397 Attrib *a;
@@ -425,7 +442,6 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
425 err = -1; 442 err = -1;
426 goto out; 443 goto out;
427 } 444 }
428 printf("Fetching %s to %s\n", g.gl_pathv[0], abs_dst);
429 err = do_download(conn, g.gl_pathv[0], abs_dst, pflag); 445 err = do_download(conn, g.gl_pathv[0], abs_dst, pflag);
430 goto out; 446 goto out;
431 } 447 }
@@ -489,6 +505,12 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
489 505
490 /* Only one match, dst may be file, directory or unspecified */ 506 /* Only one match, dst may be file, directory or unspecified */
491 if (g.gl_pathv[0] && g.gl_matchc == 1) { 507 if (g.gl_pathv[0] && g.gl_matchc == 1) {
508 if (!is_reg(g.gl_pathv[0])) {
509 error("Can't upload %s: not a regular file",
510 g.gl_pathv[0]);
511 err = 1;
512 goto out;
513 }
492 if (tmp_dst) { 514 if (tmp_dst) {
493 /* If directory specified, append filename */ 515 /* If directory specified, append filename */
494 if (remote_is_dir(conn, tmp_dst)) { 516 if (remote_is_dir(conn, tmp_dst)) {
@@ -507,7 +529,6 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
507 } 529 }
508 abs_dst = make_absolute(abs_dst, pwd); 530 abs_dst = make_absolute(abs_dst, pwd);
509 } 531 }
510 printf("Uploading %s to %s\n", g.gl_pathv[0], abs_dst);
511 err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag); 532 err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag);
512 goto out; 533 goto out;
513 } 534 }
@@ -521,6 +542,11 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
521 } 542 }
522 543
523 for (i = 0; g.gl_pathv[i]; i++) { 544 for (i = 0; g.gl_pathv[i]; i++) {
545 if (!is_reg(g.gl_pathv[i])) {
546 error("skipping non-regular file %s",
547 g.gl_pathv[i]);
548 continue;
549 }
524 if (infer_path(g.gl_pathv[i], &tmp)) { 550 if (infer_path(g.gl_pathv[i], &tmp)) {
525 err = -1; 551 err = -1;
526 goto out; 552 goto out;
@@ -550,7 +576,7 @@ sdirent_comp(const void *aa, const void *bb)
550 SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; 576 SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
551 SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; 577 SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
552 578
553 return (strcmp(a->filename, b->filename)); 579 return (strcmp(a->filename, b->filename));
554} 580}
555 581
556/* sftp ls.1 replacement for directories */ 582/* sftp ls.1 replacement for directories */
@@ -563,7 +589,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
563 if ((n = do_readdir(conn, path, &d)) != 0) 589 if ((n = do_readdir(conn, path, &d)) != 0)
564 return (n); 590 return (n);
565 591
566 /* Count entries for sort */ 592 /* Count entries for sort */
567 for (n = 0; d[n] != NULL; n++) 593 for (n = 0; d[n] != NULL; n++)
568 ; 594 ;
569 595
@@ -571,7 +597,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
571 597
572 for (n = 0; d[n] != NULL; n++) { 598 for (n = 0; d[n] != NULL; n++) {
573 char *tmp, *fname; 599 char *tmp, *fname;
574 600
575 tmp = path_append(path, d[n]->filename); 601 tmp = path_append(path, d[n]->filename);
576 fname = path_strip(tmp, strip_path); 602 fname = path_strip(tmp, strip_path);
577 xfree(tmp); 603 xfree(tmp);
@@ -589,7 +615,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
589 /* XXX - multicolumn display would be nice here */ 615 /* XXX - multicolumn display would be nice here */
590 printf("%s\n", fname); 616 printf("%s\n", fname);
591 } 617 }
592 618
593 xfree(fname); 619 xfree(fname);
594 } 620 }
595 621
@@ -599,7 +625,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
599 625
600/* sftp ls.1 replacement which handles path globs */ 626/* sftp ls.1 replacement which handles path globs */
601static int 627static int
602do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, 628do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
603 int lflag) 629 int lflag)
604{ 630{
605 glob_t g; 631 glob_t g;
@@ -609,23 +635,23 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
609 635
610 memset(&g, 0, sizeof(g)); 636 memset(&g, 0, sizeof(g));
611 637
612 if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, 638 if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
613 NULL, &g)) { 639 NULL, &g)) {
614 error("Can't ls: \"%s\" not found", path); 640 error("Can't ls: \"%s\" not found", path);
615 return (-1); 641 return (-1);
616 } 642 }
617 643
618 /* 644 /*
619 * If the glob returns a single match, which is the same as the 645 * If the glob returns a single match, which is the same as the
620 * input glob, and it is a directory, then just list its contents 646 * input glob, and it is a directory, then just list its contents
621 */ 647 */
622 if (g.gl_pathc == 1 && 648 if (g.gl_pathc == 1 &&
623 strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { 649 strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
624 if ((a = do_lstat(conn, path, 1)) == NULL) { 650 if ((a = do_lstat(conn, path, 1)) == NULL) {
625 globfree(&g); 651 globfree(&g);
626 return (-1); 652 return (-1);
627 } 653 }
628 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && 654 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
629 S_ISDIR(a->perm)) { 655 S_ISDIR(a->perm)) {
630 globfree(&g); 656 globfree(&g);
631 return (do_ls_dir(conn, path, strip_path, lflag)); 657 return (do_ls_dir(conn, path, strip_path, lflag));
@@ -640,8 +666,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
640 if (lflag) { 666 if (lflag) {
641 /* 667 /*
642 * XXX: this is slow - 1 roundtrip per path 668 * XXX: this is slow - 1 roundtrip per path
643 * A solution to this is to fork glob() and 669 * A solution to this is to fork glob() and
644 * build a sftp specific version which keeps the 670 * build a sftp specific version which keeps the
645 * attribs (which currently get thrown away) 671 * attribs (which currently get thrown away)
646 * that the server returns as well as the filenames. 672 * that the server returns as well as the filenames.
647 */ 673 */
@@ -666,7 +692,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
666} 692}
667 693
668static int 694static int
669parse_args(const char **cpp, int *pflag, int *lflag, 695parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
670 unsigned long *n_arg, char **path1, char **path2) 696 unsigned long *n_arg, char **path1, char **path2)
671{ 697{
672 const char *cmd, *cp = *cpp; 698 const char *cmd, *cp = *cpp;
@@ -678,10 +704,17 @@ parse_args(const char **cpp, int *pflag, int *lflag,
678 /* Skip leading whitespace */ 704 /* Skip leading whitespace */
679 cp = cp + strspn(cp, WHITESPACE); 705 cp = cp + strspn(cp, WHITESPACE);
680 706
681 /* Ignore blank lines */ 707 /* Ignore blank lines and lines which begin with comment '#' char */
682 if (!*cp) 708 if (*cp == '\0' || *cp == '#')
683 return(-1); 709 return (0);
684 710
711 /* Check for leading '-' (disable error processing) */
712 *iflag = 0;
713 if (*cp == '-') {
714 *iflag = 1;
715 cp++;
716 }
717
685 /* Figure out which command we have */ 718 /* Figure out which command we have */
686 for (i = 0; cmds[i].c; i++) { 719 for (i = 0; cmds[i].c; i++) {
687 int cmdlen = strlen(cmds[i].c); 720 int cmdlen = strlen(cmds[i].c);
@@ -703,7 +736,7 @@ parse_args(const char **cpp, int *pflag, int *lflag,
703 cmdnum = I_SHELL; 736 cmdnum = I_SHELL;
704 } else if (cmdnum == -1) { 737 } else if (cmdnum == -1) {
705 error("Invalid command."); 738 error("Invalid command.");
706 return(-1); 739 return (-1);
707 } 740 }
708 741
709 /* Get arguments and parse flags */ 742 /* Get arguments and parse flags */
@@ -803,6 +836,7 @@ parse_args(const char **cpp, int *pflag, int *lflag,
803 case I_LPWD: 836 case I_LPWD:
804 case I_HELP: 837 case I_HELP:
805 case I_VERSION: 838 case I_VERSION:
839 case I_PROGRESS:
806 break; 840 break;
807 default: 841 default:
808 fatal("Command not implemented"); 842 fatal("Command not implemented");
@@ -813,10 +847,11 @@ parse_args(const char **cpp, int *pflag, int *lflag,
813} 847}
814 848
815static int 849static int
816parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) 850parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
851 int err_abort)
817{ 852{
818 char *path1, *path2, *tmp; 853 char *path1, *path2, *tmp;
819 int pflag, lflag, cmdnum, i; 854 int pflag, lflag, iflag, cmdnum, i;
820 unsigned long n_arg; 855 unsigned long n_arg;
821 Attrib a, *aa; 856 Attrib a, *aa;
822 char path_buf[MAXPATHLEN]; 857 char path_buf[MAXPATHLEN];
@@ -824,14 +859,22 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
824 glob_t g; 859 glob_t g;
825 860
826 path1 = path2 = NULL; 861 path1 = path2 = NULL;
827 cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg, 862 cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
828 &path1, &path2); 863 &path1, &path2);
829 864
865 if (iflag != 0)
866 err_abort = 0;
867
830 memset(&g, 0, sizeof(g)); 868 memset(&g, 0, sizeof(g));
831 869
832 /* Perform command */ 870 /* Perform command */
833 switch (cmdnum) { 871 switch (cmdnum) {
872 case 0:
873 /* Blank line */
874 break;
834 case -1: 875 case -1:
876 /* Unrecognized command */
877 err = -1;
835 break; 878 break;
836 case I_GET: 879 case I_GET:
837 err = process_get(conn, path1, path2, *pwd, pflag); 880 err = process_get(conn, path1, path2, *pwd, pflag);
@@ -853,8 +896,9 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
853 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 896 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
854 for (i = 0; g.gl_pathv[i]; i++) { 897 for (i = 0; g.gl_pathv[i]; i++) {
855 printf("Removing %s\n", g.gl_pathv[i]); 898 printf("Removing %s\n", g.gl_pathv[i]);
856 if (do_rm(conn, g.gl_pathv[i]) == -1) 899 err = do_rm(conn, g.gl_pathv[i]);
857 err = -1; 900 if (err != 0 && err_abort)
901 break;
858 } 902 }
859 break; 903 break;
860 case I_MKDIR: 904 case I_MKDIR:
@@ -900,15 +944,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
900 do_globbed_ls(conn, *pwd, *pwd, lflag); 944 do_globbed_ls(conn, *pwd, *pwd, lflag);
901 break; 945 break;
902 } 946 }
903 947
904 /* Strip pwd off beginning of non-absolute paths */ 948 /* Strip pwd off beginning of non-absolute paths */
905 tmp = NULL; 949 tmp = NULL;
906 if (*path1 != '/') 950 if (*path1 != '/')
907 tmp = *pwd; 951 tmp = *pwd;
908 952
909 path1 = make_absolute(path1, *pwd); 953 path1 = make_absolute(path1, *pwd);
910 954 err = do_globbed_ls(conn, path1, tmp, lflag);
911 do_globbed_ls(conn, path1, tmp, lflag);
912 break; 955 break;
913 case I_LCHDIR: 956 case I_LCHDIR:
914 if (chdir(path1) == -1) { 957 if (chdir(path1) == -1) {
@@ -942,62 +985,70 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
942 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 985 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
943 for (i = 0; g.gl_pathv[i]; i++) { 986 for (i = 0; g.gl_pathv[i]; i++) {
944 printf("Changing mode on %s\n", g.gl_pathv[i]); 987 printf("Changing mode on %s\n", g.gl_pathv[i]);
945 do_setstat(conn, g.gl_pathv[i], &a); 988 err = do_setstat(conn, g.gl_pathv[i], &a);
989 if (err != 0 && err_abort)
990 break;
946 } 991 }
947 break; 992 break;
948 case I_CHOWN: 993 case I_CHOWN:
949 path1 = make_absolute(path1, *pwd);
950 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
951 for (i = 0; g.gl_pathv[i]; i++) {
952 if (!(aa = do_stat(conn, g.gl_pathv[i], 0)))
953 continue;
954 if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
955 error("Can't get current ownership of "
956 "remote file \"%s\"", g.gl_pathv[i]);
957 continue;
958 }
959 printf("Changing owner on %s\n", g.gl_pathv[i]);
960 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
961 aa->uid = n_arg;
962 do_setstat(conn, g.gl_pathv[i], aa);
963 }
964 break;
965 case I_CHGRP: 994 case I_CHGRP:
966 path1 = make_absolute(path1, *pwd); 995 path1 = make_absolute(path1, *pwd);
967 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 996 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
968 for (i = 0; g.gl_pathv[i]; i++) { 997 for (i = 0; g.gl_pathv[i]; i++) {
969 if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) 998 if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
970 continue; 999 if (err != 0 && err_abort)
1000 break;
1001 else
1002 continue;
1003 }
971 if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { 1004 if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
972 error("Can't get current ownership of " 1005 error("Can't get current ownership of "
973 "remote file \"%s\"", g.gl_pathv[i]); 1006 "remote file \"%s\"", g.gl_pathv[i]);
974 continue; 1007 if (err != 0 && err_abort)
1008 break;
1009 else
1010 continue;
975 } 1011 }
976 printf("Changing group on %s\n", g.gl_pathv[i]);
977 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; 1012 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
978 aa->gid = n_arg; 1013 if (cmdnum == I_CHOWN) {
979 do_setstat(conn, g.gl_pathv[i], aa); 1014 printf("Changing owner on %s\n", g.gl_pathv[i]);
1015 aa->uid = n_arg;
1016 } else {
1017 printf("Changing group on %s\n", g.gl_pathv[i]);
1018 aa->gid = n_arg;
1019 }
1020 err = do_setstat(conn, g.gl_pathv[i], aa);
1021 if (err != 0 && err_abort)
1022 break;
980 } 1023 }
981 break; 1024 break;
982 case I_PWD: 1025 case I_PWD:
983 printf("Remote working directory: %s\n", *pwd); 1026 printf("Remote working directory: %s\n", *pwd);
984 break; 1027 break;
985 case I_LPWD: 1028 case I_LPWD:
986 if (!getcwd(path_buf, sizeof(path_buf))) 1029 if (!getcwd(path_buf, sizeof(path_buf))) {
987 error("Couldn't get local cwd: %s", 1030 error("Couldn't get local cwd: %s", strerror(errno));
988 strerror(errno)); 1031 err = -1;
989 else 1032 break;
990 printf("Local working directory: %s\n", 1033 }
991 path_buf); 1034 printf("Local working directory: %s\n", path_buf);
992 break; 1035 break;
993 case I_QUIT: 1036 case I_QUIT:
994 return(-1); 1037 /* Processed below */
1038 break;
995 case I_HELP: 1039 case I_HELP:
996 help(); 1040 help();
997 break; 1041 break;
998 case I_VERSION: 1042 case I_VERSION:
999 printf("SFTP protocol version %u\n", sftp_proto_version(conn)); 1043 printf("SFTP protocol version %u\n", sftp_proto_version(conn));
1000 break; 1044 break;
1045 case I_PROGRESS:
1046 showprogress = !showprogress;
1047 if (showprogress)
1048 printf("Progress meter enabled\n");
1049 else
1050 printf("Progress meter disabled\n");
1051 break;
1001 default: 1052 default:
1002 fatal("%d is not implemented", cmdnum); 1053 fatal("%d is not implemented", cmdnum);
1003 } 1054 }
@@ -1009,20 +1060,23 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
1009 if (path2) 1060 if (path2)
1010 xfree(path2); 1061 xfree(path2);
1011 1062
1012 /* If an error occurs in batch mode we should abort. */ 1063 /* If an unignored error occurs in batch mode we should abort. */
1013 if (infile != stdin && err > 0) 1064 if (err_abort && err != 0)
1014 return -1; 1065 return (-1);
1066 else if (cmdnum == I_QUIT)
1067 return (1);
1015 1068
1016 return(0); 1069 return (0);
1017} 1070}
1018 1071
1019void 1072int
1020interactive_loop(int fd_in, int fd_out, char *file1, char *file2) 1073interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1021{ 1074{
1022 char *pwd; 1075 char *pwd;
1023 char *dir = NULL; 1076 char *dir = NULL;
1024 char cmd[2048]; 1077 char cmd[2048];
1025 struct sftp_conn *conn; 1078 struct sftp_conn *conn;
1079 int err;
1026 1080
1027 conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); 1081 conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests);
1028 if (conn == NULL) 1082 if (conn == NULL)
@@ -1039,7 +1093,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1039 if (remote_is_dir(conn, dir) && file2 == NULL) { 1093 if (remote_is_dir(conn, dir) && file2 == NULL) {
1040 printf("Changing to: %s\n", dir); 1094 printf("Changing to: %s\n", dir);
1041 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); 1095 snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
1042 parse_dispatch_command(conn, cmd, &pwd); 1096 if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0)
1097 return (-1);
1043 } else { 1098 } else {
1044 if (file2 == NULL) 1099 if (file2 == NULL)
1045 snprintf(cmd, sizeof cmd, "get %s", dir); 1100 snprintf(cmd, sizeof cmd, "get %s", dir);
@@ -1047,12 +1102,14 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1047 snprintf(cmd, sizeof cmd, "get %s %s", dir, 1102 snprintf(cmd, sizeof cmd, "get %s %s", dir,
1048 file2); 1103 file2);
1049 1104
1050 parse_dispatch_command(conn, cmd, &pwd); 1105 err = parse_dispatch_command(conn, cmd, &pwd, 1);
1051 xfree(dir); 1106 xfree(dir);
1052 return; 1107 xfree(pwd);
1108 return (err);
1053 } 1109 }
1054 xfree(dir); 1110 xfree(dir);
1055 } 1111 }
1112
1056#if HAVE_SETVBUF 1113#if HAVE_SETVBUF
1057 setvbuf(stdout, NULL, _IOLBF, 0); 1114 setvbuf(stdout, NULL, _IOLBF, 0);
1058 setvbuf(infile, NULL, _IOLBF, 0); 1115 setvbuf(infile, NULL, _IOLBF, 0);
@@ -1061,6 +1118,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1061 setlinebuf(infile); 1118 setlinebuf(infile);
1062#endif 1119#endif
1063 1120
1121 err = 0;
1064 for (;;) { 1122 for (;;) {
1065 char *cp; 1123 char *cp;
1066 1124
@@ -1077,8 +1135,13 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1077 if (cp) 1135 if (cp)
1078 *cp = '\0'; 1136 *cp = '\0';
1079 1137
1080 if (parse_dispatch_command(conn, cmd, &pwd)) 1138 err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin);
1139 if (err != 0)
1081 break; 1140 break;
1082 } 1141 }
1083 xfree(pwd); 1142 xfree(pwd);
1143
1144 /* err == 1 signifies normal "quit" exit */
1145 return (err >= 0 ? 0 : -1);
1084} 1146}
1147
diff --git a/sftp-int.h b/sftp-int.h
index 976875812..8a04a03f6 100644
--- a/sftp-int.h
+++ b/sftp-int.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-int.h,v 1.5 2002/02/13 00:59:23 djm Exp $ */ 1/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved. 4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved.
@@ -24,4 +24,4 @@
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */ 25 */
26 26
27void interactive_loop(int, int, char *, char *); 27int interactive_loop(int, int, char *, char *);
diff --git a/sftp-server.0 b/sftp-server.0
index 9b1f67541..1519dfdfc 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -1,27 +1,27 @@
1SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) 1SFTPM-bM-^@M-^PSERVER(8) BSD System ManagerM-bM-^@M-^Ys Manual SFTPM-bM-^@M-^PSERVER(8)
2 2
3NAME 3^[[1mNAME^[[0m
4 sftp-server - SFTP server subsystem 4 ^[[1msftpM-bM-^@M-^Pserver ^[[22mM-bMM-^R SFTP server subsystem
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 sftp-server 7 ^[[1msftpM-bM-^@M-^Pserver^[[0m
8 8
9DESCRIPTION 9^[[1mDESCRIPTION^[[0m
10 sftp-server is a program that speaks the server side of SFTP protocol to 10 ^[[1msftpM-bM-^@M-^Pserver ^[[22mis a program that speaks the server side of SFTP protocol to
11 stdout and expects client requests from stdin. sftp-server is not 11 stdout and expects client requests from stdin. ^[[1msftpM-bM-^@M-^Pserver ^[[22mis not
12 intended to be called directly, but from sshd(8) using the Subsystem 12 intended to be called directly, but from sshd(8) using the ^[[1mSubsystem^[[0m
13 option. See sshd(8) for more information. 13 option. See sshd(8) for more information.
14 14
15SEE ALSO 15^[[1mSEE ALSO^[[0m
16 sftp(1), ssh(1), sshd(8) 16 sftp(1), ssh(1), sshd(8)
17 17
18 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 18 T. Ylonen and S. Lehtinen, ^[[4mSSH^[[24m ^[[4mFile^[[24m ^[[4mTransfer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^P
19 filexfer-00.txt, January 2001, work in progress material. 19 filexferM-bM-^@M-^P00.txt, January 2001, work in progress material.
20 20
21AUTHORS 21^[[1mAUTHORS^[[0m
22 Markus Friedl <markus@openbsd.org> 22 Markus Friedl <markus@openbsd.org>
23 23
24HISTORY 24^[[1mHISTORY^[[0m
25 sftp-server first appeared in OpenBSD 2.8 . 25 ^[[1msftpM-bM-^@M-^Pserver ^[[22mfirst appeared in OpenBSD 2.8 .
26 26
27BSD August 30, 2000 BSD 27BSD August 30, 2000 BSD
diff --git a/sftp-server.c b/sftp-server.c
index 84264693d..9a66b4de7 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $"); 25RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "bufaux.h" 28#include "bufaux.h"
@@ -158,7 +158,7 @@ handle_new(int use, char *name, int fd, DIR *dirp)
158 handles[i].use = use; 158 handles[i].use = use;
159 handles[i].dirp = dirp; 159 handles[i].dirp = dirp;
160 handles[i].fd = fd; 160 handles[i].fd = fd;
161 handles[i].name = name; 161 handles[i].name = xstrdup(name);
162 return i; 162 return i;
163 } 163 }
164 } 164 }
@@ -230,9 +230,11 @@ handle_close(int handle)
230 if (handle_is_ok(handle, HANDLE_FILE)) { 230 if (handle_is_ok(handle, HANDLE_FILE)) {
231 ret = close(handles[handle].fd); 231 ret = close(handles[handle].fd);
232 handles[handle].use = HANDLE_UNUSED; 232 handles[handle].use = HANDLE_UNUSED;
233 xfree(handles[handle].name);
233 } else if (handle_is_ok(handle, HANDLE_DIR)) { 234 } else if (handle_is_ok(handle, HANDLE_DIR)) {
234 ret = closedir(handles[handle].dirp); 235 ret = closedir(handles[handle].dirp);
235 handles[handle].use = HANDLE_UNUSED; 236 handles[handle].use = HANDLE_UNUSED;
237 xfree(handles[handle].name);
236 } else { 238 } else {
237 errno = ENOENT; 239 errno = ENOENT;
238 } 240 }
@@ -396,7 +398,7 @@ process_open(void)
396 if (fd < 0) { 398 if (fd < 0) {
397 status = errno_to_portable(errno); 399 status = errno_to_portable(errno);
398 } else { 400 } else {
399 handle = handle_new(HANDLE_FILE, xstrdup(name), fd, NULL); 401 handle = handle_new(HANDLE_FILE, name, fd, NULL);
400 if (handle < 0) { 402 if (handle < 0) {
401 close(fd); 403 close(fd);
402 } else { 404 } else {
@@ -681,7 +683,7 @@ process_opendir(void)
681 if (dirp == NULL) { 683 if (dirp == NULL) {
682 status = errno_to_portable(errno); 684 status = errno_to_portable(errno);
683 } else { 685 } else {
684 handle = handle_new(HANDLE_DIR, xstrdup(path), 0, dirp); 686 handle = handle_new(HANDLE_DIR, path, 0, dirp);
685 if (handle < 0) { 687 if (handle < 0) {
686 closedir(dirp); 688 closedir(dirp);
687 } else { 689 } else {
@@ -832,18 +834,32 @@ static void
832process_rename(void) 834process_rename(void)
833{ 835{
834 u_int32_t id; 836 u_int32_t id;
835 struct stat st;
836 char *oldpath, *newpath; 837 char *oldpath, *newpath;
837 int ret, status = SSH2_FX_FAILURE; 838 int status;
839 struct stat sb;
838 840
839 id = get_int(); 841 id = get_int();
840 oldpath = get_string(NULL); 842 oldpath = get_string(NULL);
841 newpath = get_string(NULL); 843 newpath = get_string(NULL);
842 TRACE("rename id %u old %s new %s", id, oldpath, newpath); 844 TRACE("rename id %u old %s new %s", id, oldpath, newpath);
843 /* fail if 'newpath' exists */ 845 status = SSH2_FX_FAILURE;
844 if (stat(newpath, &st) == -1) { 846 if (lstat(oldpath, &sb) == -1)
845 ret = rename(oldpath, newpath); 847 status = errno_to_portable(errno);
846 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; 848 else if (S_ISREG(sb.st_mode)) {
849 /* Race-free rename of regular files */
850 if (link(oldpath, newpath) == -1)
851 status = errno_to_portable(errno);
852 else if (unlink(oldpath) == -1) {
853 status = errno_to_portable(errno);
854 /* clean spare link */
855 unlink(newpath);
856 } else
857 status = SSH2_FX_OK;
858 } else if (stat(newpath, &sb) == -1) {
859 if (rename(oldpath, newpath) == -1)
860 status = errno_to_portable(errno);
861 else
862 status = SSH2_FX_OK;
847 } 863 }
848 send_status(id, status); 864 send_status(id, status);
849 xfree(oldpath); 865 xfree(oldpath);
@@ -878,19 +894,16 @@ static void
878process_symlink(void) 894process_symlink(void)
879{ 895{
880 u_int32_t id; 896 u_int32_t id;
881 struct stat st;
882 char *oldpath, *newpath; 897 char *oldpath, *newpath;
883 int ret, status = SSH2_FX_FAILURE; 898 int ret, status;
884 899
885 id = get_int(); 900 id = get_int();
886 oldpath = get_string(NULL); 901 oldpath = get_string(NULL);
887 newpath = get_string(NULL); 902 newpath = get_string(NULL);
888 TRACE("symlink id %u old %s new %s", id, oldpath, newpath); 903 TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
889 /* fail if 'newpath' exists */ 904 /* this will fail if 'newpath' exists */
890 if (stat(newpath, &st) == -1) { 905 ret = symlink(oldpath, newpath);
891 ret = symlink(oldpath, newpath); 906 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
892 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
893 }
894 send_status(id, status); 907 send_status(id, status);
895 xfree(oldpath); 908 xfree(oldpath);
896 xfree(newpath); 909 xfree(newpath);
diff --git a/sftp.0 b/sftp.0
index d0c6086ba..1680e489c 100644
--- a/sftp.0
+++ b/sftp.0
@@ -1,171 +1,180 @@
1SFTP(1) System General Commands Manual SFTP(1) 1SFTP(1) BSD General Commands Manual SFTP(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 sftp - Secure file transfer program 4 ^[[1msftp ^[[22mM-bMM-^R Secure file transfer program
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 sftp [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server] 7 ^[[1msftp ^[[22m[^[[1mM-bMM-^RvC1^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbatchfile^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[24m] [^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[24m]
8 [-B buffer_size] [-F ssh_config] [-P sftp_server path] 8 [^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[24m] [^[[1mM-bMM-^RP ^[[4m^[[22msftp_server^[[24m ^[[4mpath^[[24m]
9 [-R num_requests] [-S program] host 9 [^[[1mM-bMM-^RR ^[[4m^[[22mnum_requests^[[24m] [^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[24m] ^[[4mhost^[[0m
10 sftp [[user@]host[:file [file]]] 10 ^[[1msftp ^[[22m[[^[[4muser^[[24m@]^[[4mhost^[[24m[:^[[4mfile^[[24m [^[[4mfile^[[24m]]]
11 sftp [[user@]host[:dir[/]]] 11 ^[[1msftp ^[[22m[[^[[4muser^[[24m@]^[[4mhost^[[24m[:^[[4mdir^[[24m[^[[4m/^[[24m]]]
12 12
13DESCRIPTION 13^[[1mDESCRIPTION^[[0m
14 sftp is an interactive file transfer program, similar to ftp(1), which 14 ^[[1msftp ^[[22mis an interactive file transfer program, similar to ftp(1), which
15 performs all operations over an encrypted ssh(1) transport. It may also 15 performs all operations over an encrypted ssh(1) transport. It may also
16 use many features of ssh, such as public key authentication and compresM-- 16 use many features of ssh, such as public key authentication and compresM-bM-^@M-^P
17 sion. sftp connects and logs into the specified host, then enters an 17 sion. ^[[1msftp ^[[22mconnects and logs into the specified ^[[4mhost^[[24m, then enters an
18 interactive command mode. 18 interactive command mode.
19 19
20 The second usage format will retrieve files automatically if a non-interM-- 20 The second usage format will retrieve files automatically if a nonM-bM-^@M-^PinterM-bM-^@M-^P
21 active authentication method is used; otherwise it will do so after sucM-- 21 active authentication method is used; otherwise it will do so after sucM-bM-^@M-^P
22 cessful interactive authentication. 22 cessful interactive authentication.
23 23
24 The last usage format allows the sftp client to start in a remote direcM-- 24 The last usage format allows the sftp client to start in a remote direcM-bM-^@M-^P
25 tory. 25 tory.
26 26
27 The options are as follows: 27 The options are as follows:
28 28
29 -b batchfile 29 ^[[1mM-bMM-^Rb ^[[4m^[[22mbatchfile^[[0m
30 Batch mode reads a series of commands from an input batchfile 30 Batch mode reads a series of commands from an input ^[[4mbatchfile^[[0m
31 instead of stdin. Since it lacks user interaction it should be 31 instead of ^[[4mstdin^[[24m. Since it lacks user interaction it should be
32 used in conjunction with non-interactive authentication. sftp 32 used in conjunction with nonM-bM-^@M-^Pinteractive authentication. ^[[1msftp^[[0m
33 will abort if any of the following commands fail: get, put, 33 will abort if any of the following commands fail: ^[[1mget^[[22m, ^[[1mput^[[22m,
34 rename, ln, rm, mkdir, chdir, lchdir and lmkdir. 34 ^[[1mrename^[[22m, ^[[1mln^[[22m, ^[[1mrm^[[22m, ^[[1mmkdir^[[22m, ^[[1mchdir^[[22m, ^[[1mls^[[22m, ^[[1mlchdir^[[22m, ^[[1mchmod^[[22m, ^[[1mchown^[[22m, ^[[1mchgrp^[[22m,
35 35 ^[[1mlpwd ^[[22mand ^[[1mlmkdir^[[22m. Termination on error can be suppressed on a
36 -o ssh_option 36 command by command basis by prefixing the command with a ^[[1mM-bM-^@M-^YM-bM-^@M-^PM-bM-^@M-^Y^[[0m
37 Can be used to pass options to ssh in the format used in 37 character (For example, ^[[1mM-bM-^@M-^Prm /tmp/blah* ^[[22m).
38
39 ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m
40 Can be used to pass options to ^[[1mssh ^[[22min the format used in
38 ssh_config(5). This is useful for specifying options for which 41 ssh_config(5). This is useful for specifying options for which
39 there is no separate sftp command-line flag. For example, to 42 there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to
40 specify an alternate port use: sftp -oPort=24. 43 specify an alternate port use: ^[[1msftp M-bM-^@M-^PoPort=24^[[22m.
41 44
42 -s subsystem | sftp_server 45 ^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[0m
43 Specifies the SSH2 subsystem or the path for an sftp server on 46 Specifies the SSH2 subsystem or the path for an sftp server on
44 the remote host. A path is useful for using sftp over protocol 47 the remote host. A path is useful for using sftp over protocol
45 version 1, or when the remote sshd does not have an sftp subsysM-- 48 version 1, or when the remote ^[[1msshd ^[[22mdoes not have an sftp subsysM-bM-^@M-^P
46 tem configured. 49 tem configured.
47 50
48 -v Raise logging level. This option is also passed to ssh. 51 ^[[1mM-bMM-^Rv ^[[22mRaise logging level. This option is also passed to ssh.
49 52
50 -B buffer_size 53 ^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[0m
51 Specify the size of the buffer that sftp uses when transferring 54 Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring
52 files. Larger buffers require fewer round trips at the cost of 55 files. Larger buffers require fewer round trips at the cost of
53 higher memory consumption. The default is 32768 bytes. 56 higher memory consumption. The default is 32768 bytes.
54 57
55 -C Enables compression (via ssh's -C flag). 58 ^[[1mM-bMM-^RC ^[[22mEnables compression (via sshM-bM-^@M-^Ys ^[[1mM-bMM-^RC ^[[22mflag).
56 59
57 -F ssh_config 60 ^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[0m
58 Specifies an alternative per-user configuration file for ssh. 61 Specifies an alternative perM-bM-^@M-^Puser configuration file for ^[[1mssh^[[22m.
59 This option is directly passed to ssh(1). 62 This option is directly passed to ssh(1).
60 63
61 -P sftp_server path 64 ^[[1mM-bMM-^RP ^[[4m^[[22msftp_server^[[24m ^[[4mpath^[[0m
62 Connect directly to a local sftp-server (rather than via ssh) 65 Connect directly to a local ^[[1msftpM-bM-^@M-^Pserver ^[[22m(rather than via ^[[1mssh^[[22m)
63 This option may be useful in debugging the client and server. 66 This option may be useful in debugging the client and server.
64 67
65 -R num_requests 68 ^[[1mM-bMM-^RR ^[[4m^[[22mnum_requests^[[0m
66 Specify how many requests may be outstanding at any one time. 69 Specify how many requests may be outstanding at any one time.
67 Increasing this may slightly improve file transfer speed but will 70 Increasing this may slightly improve file transfer speed but will
68 increase memory usage. The default is 16 outstanding requests. 71 increase memory usage. The default is 16 outstanding requests.
69 72
70 -S program 73 ^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[0m
71 Name of the program to use for the encrypted connection. The 74 Name of the ^[[4mprogram^[[24m to use for the encrypted connection. The
72 program must understand ssh(1) options. 75 program must understand ssh(1) options.
73 76
74 -1 Specify the use of protocol version 1. 77 ^[[1mM-bMM-^R1 ^[[22mSpecify the use of protocol version 1.
75 78
76INTERACTIVE COMMANDS 79^[[1mINTERACTIVE COMMANDS^[[0m
77 Once in interactive mode, sftp understands a set of commands similar to 80 Once in interactive mode, ^[[1msftp ^[[22munderstands a set of commands similar to
78 those of ftp(1). Commands are case insensitive and pathnames may be 81 those of ftp(1). Commands are case insensitive and pathnames may be
79 enclosed in quotes if they contain spaces. 82 enclosed in quotes if they contain spaces.
80 83
81 bye Quit sftp. 84 ^[[1mbye ^[[22mQuit sftp.
82 85
83 cd path 86 ^[[1mcd ^[[4m^[[22mpath^[[0m
84 Change remote directory to path. 87 Change remote directory to ^[[4mpath^[[24m.
85 88
86 lcd path 89 ^[[1mlcd ^[[4m^[[22mpath^[[0m
87 Change local directory to path. 90 Change local directory to ^[[4mpath^[[24m.
88 91
89 chgrp grp path 92 ^[[1mchgrp ^[[4m^[[22mgrp^[[24m ^[[4mpath^[[0m
90 Change group of file path to grp. grp must be a numeric GID. 93 Change group of file ^[[4mpath^[[24m to ^[[4mgrp^[[24m. ^[[4mgrp^[[24m must be a numeric GID.
91 94
92 chmod mode path 95 ^[[1mchmod ^[[4m^[[22mmode^[[24m ^[[4mpath^[[0m
93 Change permissions of file path to mode. 96 Change permissions of file ^[[4mpath^[[24m to ^[[4mmode^[[24m.
94 97
95 chown own path 98 ^[[1mchown ^[[4m^[[22mown^[[24m ^[[4mpath^[[0m
96 Change owner of file path to own. own must be a numeric UID. 99 Change owner of file ^[[4mpath^[[24m to ^[[4mown^[[24m. ^[[4mown^[[24m must be a numeric UID.
97 100
98 exit Quit sftp. 101 ^[[1mexit ^[[22mQuit sftp.
99 102
100 get [flags] remote-path [local-path] 103 ^[[1mget ^[[22m[^[[4mflags^[[24m] ^[[4mremoteM-bM-^@M-^Ppath^[[24m [^[[4mlocalM-bM-^@M-^Ppath^[[24m]
101 Retrieve the remote-path and store it on the local machine. If 104 Retrieve the ^[[4mremoteM-bM-^@M-^Ppath^[[24m and store it on the local machine. If
102 the local path name is not specified, it is given the same name 105 the local path name is not specified, it is given the same name
103 it has on the remote machine. If the -P flag is specified, then 106 it has on the remote machine. If the ^[[1mM-bMM-^RP ^[[22mflag is specified, then
104 the file's full permission and access time are copied too. 107 the fileM-bM-^@M-^Ys full permission and access time are copied too.
105 108
106 help Display help text. 109 ^[[1mhelp ^[[22mDisplay help text.
107 110
108 lls [ls-options [path]] 111 ^[[1mlls ^[[22m[^[[4mlsM-bM-^@M-^Poptions^[[24m [^[[4mpath^[[24m]]
109 Display local directory listing of either path or current direcM-- 112 Display local directory listing of either ^[[4mpath^[[24m or current direcM-bM-^@M-^P
110 tory if path is not specified. 113 tory if ^[[4mpath^[[24m is not specified.
111 114
112 lmkdir path 115 ^[[1mlmkdir ^[[4m^[[22mpath^[[0m
113 Create local directory specified by path. 116 Create local directory specified by ^[[4mpath^[[24m.
114 117
115 ln oldpath newpath 118 ^[[1mln ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m
116 Create a symbolic link from oldpath to newpath. 119 Create a symbolic link from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m.
117 120
118 lpwd Print local working directory. 121 ^[[1mlpwd ^[[22mPrint local working directory.
119 122
120 ls [flags] [path] 123 ^[[1mls ^[[22m[^[[4mflags^[[24m] [^[[4mpath^[[24m]
121 Display remote directory listing of either path or current direcM-- 124 Display remote directory listing of either ^[[4mpath^[[24m or current direcM-bM-^@M-^P
122 tory if path is not specified. If the -l flag is specified, then 125 tory if ^[[4mpath^[[24m is not specified. If the ^[[1mM-bMM-^Rl ^[[22mflag is specified, then
123 display additional details including permissions and ownership 126 display additional details including permissions and ownership
124 information. 127 information.
125 128
126 lumask umask 129 ^[[1mlumask ^[[4m^[[22mumask^[[0m
127 Set local umask to umask. 130 Set local umask to ^[[4mumask^[[24m.
131
132 ^[[1mmkdir ^[[4m^[[22mpath^[[0m
133 Create remote directory specified by ^[[4mpath^[[24m.
128 134
129 mkdir path 135 ^[[1mprogress^[[0m
130 Create remote directory specified by path. 136 Toggle display of progress meter.
131 137
132 put [flags] local-path [local-path] 138 ^[[1mput ^[[22m[^[[4mflags^[[24m] ^[[4mlocalM-bM-^@M-^Ppath^[[24m [^[[4mremoteM-bM-^@M-^Ppath^[[24m]
133 Upload local-path and store it on the remote machine. If the 139 Upload ^[[4mlocalM-bM-^@M-^Ppath^[[24m and store it on the remote machine. If the
134 remote path name is not specified, it is given the same name it 140 remote path name is not specified, it is given the same name it
135 has on the local machine. If the -P flag is specified, then the 141 has on the local machine. If the ^[[1mM-bMM-^RP ^[[22mflag is specified, then the
136 file's full permission and access time are copied too. 142 fileM-bM-^@M-^Ys full permission and access time are copied too.
143
144 ^[[1mpwd ^[[22mDisplay remote working directory.
137 145
138 pwd Display remote working directory. 146 ^[[1mquit ^[[22mQuit sftp.
139 147
140 quit Quit sftp. 148 ^[[1mrename ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m
149 Rename remote file from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m.
141 150
142 rename oldpath newpath 151 ^[[1mrmdir ^[[4m^[[22mpath^[[0m
143 Rename remote file from oldpath to newpath. 152 Remove remote directory specified by ^[[4mpath^[[24m.
144 153
145 rmdir path 154 ^[[1mrm ^[[4m^[[22mpath^[[0m
146 Remove remote directory specified by path. 155 Delete remote file specified by ^[[4mpath^[[24m.
147 156
148 rm path 157 ^[[1msymlink ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m
149 Delete remote file specified by path. 158 Create a symbolic link from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m.
150 159
151 symlink oldpath newpath 160 ^[[1mversion^[[0m
152 Create a symbolic link from oldpath to newpath. 161 Display the ^[[1msftp ^[[22mprotocol version.
153 162
154 ! command 163 ! ^[[4mcommand^[[0m
155 Execute command in local shell. 164 Execute ^[[4mcommand^[[24m in local shell.
156 165
157 ! Escape to local shell. 166 ! Escape to local shell.
158 167
159 ? Synonym for help. 168 ? Synonym for help.
160 169
161AUTHORS 170^[[1mAUTHORS^[[0m
162 Damien Miller <djm@mindrot.org> 171 Damien Miller <djm@mindrot.org>
163 172
164SEE ALSO 173^[[1mSEE ALSO^[[0m
165 scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sftp-server(8), 174 scp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), ssh_config(5), sftpM-bM-^@M-^Pserver(8),
166 sshd(8) 175 sshd(8)
167 176
168 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 177 T. Ylonen and S. Lehtinen, ^[[4mSSH^[[24m ^[[4mFile^[[24m ^[[4mTransfer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^P
169 filexfer-00.txt, January 2001, work in progress material. 178 filexferM-bM-^@M-^P00.txt, January 2001, work in progress material.
170 179
171BSD February 4, 2001 BSD 180BSD February 4, 2001 BSD
diff --git a/sftp.1 b/sftp.1
index 33ceb6596..ecd4d3174 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $ 1.\" $OpenBSD: sftp.1,v 1.40 2003/01/10 08:19:07 fgsch Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -77,9 +77,16 @@ non-interactive authentication.
77will abort if any of the following 77will abort if any of the following
78commands fail: 78commands fail:
79.Ic get , put , rename , ln , 79.Ic get , put , rename , ln ,
80.Ic rm , mkdir , chdir , lchdir 80.Ic rm , mkdir , chdir , ls ,
81.Ic lchdir , chmod , chown , chgrp , lpwd
81and 82and
82.Ic lmkdir . 83.Ic lmkdir .
84Termination on error can be suppressed on a command by command basis by
85prefixing the command with a
86.Ic '-'
87character (For example,
88.Ic -rm /tmp/blah*
89).
83.It Fl o Ar ssh_option 90.It Fl o Ar ssh_option
84Can be used to pass options to 91Can be used to pass options to
85.Nm ssh 92.Nm ssh
@@ -221,10 +228,12 @@ Set local umask to
221.It Ic mkdir Ar path 228.It Ic mkdir Ar path
222Create remote directory specified by 229Create remote directory specified by
223.Ar path . 230.Ar path .
231.It Ic progress
232Toggle display of progress meter.
224.It Xo Ic put 233.It Xo Ic put
225.Op Ar flags 234.Op Ar flags
226.Ar local-path 235.Ar local-path
227.Op Ar local-path 236.Op Ar remote-path
228.Xc 237.Xc
229Upload 238Upload
230.Ar local-path 239.Ar local-path
@@ -253,6 +262,10 @@ Create a symbolic link from
253.Ar oldpath 262.Ar oldpath
254to 263to
255.Ar newpath . 264.Ar newpath .
265.It Ic version
266Display the
267.Nm
268protocol version.
256.It Ic ! Ar command 269.It Ic ! Ar command
257Execute 270Execute
258.Ar command 271.Ar command
diff --git a/sftp.c b/sftp.c
index c4055b91e..e8adcba18 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $"); 27RCSID("$OpenBSD: sftp.c,v 1.34 2003/01/10 08:19:07 fgsch Exp $");
28 28
29/* XXX: short-form remote directory listings (like 'ls -C') */ 29/* XXX: short-form remote directory listings (like 'ls -C') */
30 30
@@ -49,6 +49,8 @@ FILE* infile;
49size_t copy_buffer_len = 32768; 49size_t copy_buffer_len = 32768;
50size_t num_requests = 16; 50size_t num_requests = 16;
51 51
52extern int showprogress;
53
52static void 54static void
53connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) 55connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
54{ 56{
@@ -108,7 +110,7 @@ usage(void)
108int 110int
109main(int argc, char **argv) 111main(int argc, char **argv)
110{ 112{
111 int in, out, ch; 113 int in, out, ch, err;
112 pid_t sshpid; 114 pid_t sshpid;
113 char *host, *userhost, *cp, *file2; 115 char *host, *userhost, *cp, *file2;
114 int debug_level = 0, sshver = 2; 116 int debug_level = 0, sshver = 2;
@@ -162,6 +164,7 @@ main(int argc, char **argv)
162 fatal("%s (%s).", strerror(errno), optarg); 164 fatal("%s (%s).", strerror(errno), optarg);
163 } else 165 } else
164 fatal("Filename already specified."); 166 fatal("Filename already specified.");
167 showprogress = 0;
165 break; 168 break;
166 case 'P': 169 case 'P':
167 sftp_direct = optarg; 170 sftp_direct = optarg;
@@ -197,7 +200,7 @@ main(int argc, char **argv)
197 file1 = cp; 200 file1 = cp;
198 } 201 }
199 202
200 if ((host = strchr(userhost, '@')) == NULL) 203 if ((host = strrchr(userhost, '@')) == NULL)
201 host = userhost; 204 host = userhost;
202 else { 205 else {
203 *host++ = '\0'; 206 *host++ = '\0';
@@ -237,7 +240,7 @@ main(int argc, char **argv)
237 &sshpid); 240 &sshpid);
238 } 241 }
239 242
240 interactive_loop(in, out, file1, file2); 243 err = interactive_loop(in, out, file1, file2);
241 244
242#if !defined(USE_PIPES) 245#if !defined(USE_PIPES)
243 shutdown(in, SHUT_RDWR); 246 shutdown(in, SHUT_RDWR);
@@ -254,5 +257,5 @@ main(int argc, char **argv)
254 fatal("Couldn't wait for ssh process: %s", 257 fatal("Couldn't wait for ssh process: %s",
255 strerror(errno)); 258 strerror(errno));
256 259
257 exit(0); 260 exit(err == 0 ? 0 : 1);
258} 261}
diff --git a/ssh-add.0 b/ssh-add.0
index d5b49d35d..0e2d1bca6 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -1,54 +1,60 @@
1SSH-ADD(1) System General Commands Manual SSH-ADD(1) 1SSHM-bM-^@M-^PADD(1) BSD General Commands Manual SSHM-bM-^@M-^PADD(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-add - adds RSA or DSA identities to the authentication agent 4 ^[[1msshM-bM-^@M-^Padd ^[[22mM-bMM-^R adds RSA or DSA identities to the authentication agent
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-add [-lLdDxX] [-t life] [file ...] 7 ^[[1msshM-bM-^@M-^Padd ^[[22m[^[[1mM-bMM-^RlLdDxXc^[[22m] [^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[24m] [^[[4mfile^[[24m ^[[4m...^[[24m]
8 ssh-add -s reader 8 ^[[1msshM-bM-^@M-^Padd M-bMM-^Rs ^[[4m^[[22mreader^[[0m
9 ssh-add -e reader 9 ^[[1msshM-bM-^@M-^Padd M-bMM-^Re ^[[4m^[[22mreader^[[0m
10 10
11DESCRIPTION 11^[[1mDESCRIPTION^[[0m
12 ssh-add adds RSA or DSA identities to the authentication agent, 12 ^[[1msshM-bM-^@M-^Padd ^[[22madds RSA or DSA identities to the authentication agent,
13 ssh-agent(1). When run without arguments, it adds the files 13 sshM-bM-^@M-^Pagent(1). When run without arguments, it adds the files
14 $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. AlternaM-- 14 ^[[4m$HOME/.ssh/id_rsa^[[24m, ^[[4m$HOME/.ssh/id_dsa^[[24m and ^[[4m$HOME/.ssh/identity^[[24m. AlternaM-bM-^@M-^P
15 tive file names can be given on the command line. If any file requires a 15 tive file names can be given on the command line. If any file requires a
16 passphrase, ssh-add asks for the passphrase from the user. The 16 passphrase, ^[[1msshM-bM-^@M-^Padd ^[[22masks for the passphrase from the user. The
17 passphrase is read from the user's tty. ssh-add retries the last 17 passphrase is read from the userM-bM-^@M-^Ys tty. ^[[1msshM-bM-^@M-^Padd ^[[22mretries the last
18 passphrase if multiple identity files are given. 18 passphrase if multiple identity files are given.
19 19
20 The authentication agent must be running and must be an ancestor of the 20 The authentication agent must be running and must be an ancestor of the
21 current process for ssh-add to work. 21 current process for ^[[1msshM-bM-^@M-^Padd ^[[22mto work.
22 22
23 The options are as follows: 23 The options are as follows:
24 24
25 -l Lists fingerprints of all identities currently represented by the 25 ^[[1mM-bMM-^Rl ^[[22mLists fingerprints of all identities currently represented by the
26 agent. 26 agent.
27 27
28 -L Lists public key parameters of all identities currently repreM-- 28 ^[[1mM-bMM-^RL ^[[22mLists public key parameters of all identities currently repreM-bM-^@M-^P
29 sented by the agent. 29 sented by the agent.
30 30
31 -d Instead of adding the identity, removes the identity from the 31 ^[[1mM-bMM-^Rd ^[[22mInstead of adding the identity, removes the identity from the
32 agent. 32 agent.
33 33
34 -D Deletes all identities from the agent. 34 ^[[1mM-bMM-^RD ^[[22mDeletes all identities from the agent.
35 35
36 -x Lock the agent with a password. 36 ^[[1mM-bMM-^Rx ^[[22mLock the agent with a password.
37 37
38 -X Unlock the agent. 38 ^[[1mM-bMM-^RX ^[[22mUnlock the agent.
39 39
40 -t life 40 ^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[0m
41 Set a maximum lifetime when adding identities to an agent. The 41 Set a maximum lifetime when adding identities to an agent. The
42 lifetime may be specified in seconds or in a time format speciM-- 42 lifetime may be specified in seconds or in a time format speciM-bM-^@M-^P
43 fied in sshd(8). 43 fied in sshd_config(5).
44 44
45 -s reader 45 ^[[1mM-bMM-^Rc ^[[22mIndicates that added identities should be subject to confirmation
46 Add key in smartcard reader. 46 before being used for authentication. Confirmation is performed
47 by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P
48 tion is signaled by a zero exit status from the SSH_ASKPASS proM-bM-^@M-^P
49 gram, rather than text entered into the requester.
47 50
48 -e reader 51 ^[[1mM-bMM-^Rs ^[[4m^[[22mreader^[[0m
49 Remove key in smartcard reader. 52 Add key in smartcard ^[[4mreader^[[24m.
50 53
51FILES 54 ^[[1mM-bMM-^Re ^[[4m^[[22mreader^[[0m
55 Remove key in smartcard ^[[4mreader^[[24m.
56
57^[[1mFILES^[[0m
52 $HOME/.ssh/identity 58 $HOME/.ssh/identity
53 Contains the protocol version 1 RSA authentication identity of 59 Contains the protocol version 1 RSA authentication identity of
54 the user. 60 the user.
@@ -62,35 +68,35 @@ FILES
62 the user. 68 the user.
63 69
64 Identity files should not be readable by anyone but the user. Note that 70 Identity files should not be readable by anyone but the user. Note that
65 ssh-add ignores identity files if they are accessible by others. 71 ^[[1msshM-bM-^@M-^Padd ^[[22mignores identity files if they are accessible by others.
66 72
67ENVIRONMENT 73^[[1mENVIRONMENT^[[0m
68 DISPLAY and SSH_ASKPASS 74 DISPLAY and SSH_ASKPASS
69 If ssh-add needs a passphrase, it will read the passphrase from 75 If ^[[1msshM-bM-^@M-^Padd ^[[22mneeds a passphrase, it will read the passphrase from
70 the current terminal if it was run from a terminal. If ssh-add 76 the current terminal if it was run from a terminal. If ^[[1msshM-bM-^@M-^Padd^[[0m
71 does not have a terminal associated with it but DISPLAY and 77 does not have a terminal associated with it but DISPLAY and
72 SSH_ASKPASS are set, it will execute the program specified by 78 SSH_ASKPASS are set, it will execute the program specified by
73 SSH_ASKPASS and open an X11 window to read the passphrase. This 79 SSH_ASKPASS and open an X11 window to read the passphrase. This
74 is particularly useful when calling ssh-add from a .Xsession or 80 is particularly useful when calling ^[[1msshM-bM-^@M-^Padd ^[[22mfrom a ^[[4m.Xsession^[[24m or
75 related script. (Note that on some machines it may be necessary 81 related script. (Note that on some machines it may be necessary
76 to redirect the input from /dev/null to make this work.) 82 to redirect the input from ^[[4m/dev/null^[[24m to make this work.)
77 83
78 SSH_AUTH_SOCK 84 SSH_AUTH_SOCK
79 Identifies the path of a unix-domain socket used to communicate 85 Identifies the path of a unixM-bM-^@M-^Pdomain socket used to communicate
80 with the agent. 86 with the agent.
81 87
82DIAGNOSTICS 88^[[1mDIAGNOSTICS^[[0m
83 Exit status is 0 on success, 1 if the specified command fails, and 2 if 89 Exit status is 0 on success, 1 if the specified command fails, and 2 if
84 ssh-add is unable to contact the authentication agent. 90 ^[[1msshM-bM-^@M-^Padd ^[[22mis unable to contact the authentication agent.
85 91
86AUTHORS 92^[[1mAUTHORS^[[0m
87 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 93 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
88 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 94 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
89 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 95 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
90 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 96 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
91 versions 1.5 and 2.0. 97 versions 1.5 and 2.0.
92 98
93SEE ALSO 99^[[1mSEE ALSO^[[0m
94 ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) 100 ssh(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), sshd(8)
95 101
96BSD September 25, 1999 BSD 102BSD September 25, 1999 BSD
diff --git a/ssh-add.1 b/ssh-add.1
index 2a34a5133..25d7333e9 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.37 2003/02/10 11:51:47 markus Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -45,7 +45,7 @@
45.Nd adds RSA or DSA identities to the authentication agent 45.Nd adds RSA or DSA identities to the authentication agent
46.Sh SYNOPSIS 46.Sh SYNOPSIS
47.Nm ssh-add 47.Nm ssh-add
48.Op Fl lLdDxX 48.Op Fl lLdDxXc
49.Op Fl t Ar life 49.Op Fl t Ar life
50.Op Ar 50.Op Ar
51.Nm ssh-add 51.Nm ssh-add
@@ -92,7 +92,15 @@ Unlock the agent.
92Set a maximum lifetime when adding identities to an agent. 92Set a maximum lifetime when adding identities to an agent.
93The lifetime may be specified in seconds or in a time format 93The lifetime may be specified in seconds or in a time format
94specified in 94specified in
95.Xr sshd 8 . 95.Xr sshd_config 5 .
96.It Fl c
97Indicates that added identities should be subject to confirmation before
98being used for authentication. Confirmation is performed by the
99.Ev SSH_ASKPASS
100program mentioned below. Successful confirmation is signaled by a zero
101exit status from the
102.Ev SSH_ASKPASS
103program, rather than text entered into the requester.
96.It Fl s Ar reader 104.It Fl s Ar reader
97Add key in smartcard 105Add key in smartcard
98.Ar reader . 106.Ar reader .
diff --git a/ssh-add.c b/ssh-add.c
index 9c729752a..9adec3094 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -70,6 +70,9 @@ static char *default_files[] = {
70/* Default lifetime (0 == forever) */ 70/* Default lifetime (0 == forever) */
71static int lifetime = 0; 71static int lifetime = 0;
72 72
73/* User has to confirm key use */
74static int confirm = 0;
75
73/* we keep a cache of one passphrases */ 76/* we keep a cache of one passphrases */
74static char *pass = NULL; 77static char *pass = NULL;
75static void 78static void
@@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename)
165 } 168 }
166 } 169 }
167 170
168 if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { 171 if (ssh_add_identity_constrained(ac, private, comment, lifetime,
172 confirm)) {
169 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 173 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
170 ret = 0; 174 ret = 0;
171 if (lifetime != 0) 175 if (lifetime != 0)
172 fprintf(stderr, 176 fprintf(stderr,
173 "Lifetime set to %d seconds\n", lifetime); 177 "Lifetime set to %d seconds\n", lifetime);
178 if (confirm != 0)
179 fprintf(stderr,
180 "The user has to confirm each use of the key\n");
174 } else if (ssh_add_identity(ac, private, comment)) { 181 } else if (ssh_add_identity(ac, private, comment)) {
175 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); 182 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
176 ret = 0; 183 ret = 0;
@@ -188,6 +195,7 @@ static int
188update_card(AuthenticationConnection *ac, int add, const char *id) 195update_card(AuthenticationConnection *ac, int add, const char *id)
189{ 196{
190 char *pin; 197 char *pin;
198 int ret = -1;
191 199
192 pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); 200 pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
193 if (pin == NULL) 201 if (pin == NULL)
@@ -196,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
196 if (ssh_update_card(ac, add, id, pin)) { 204 if (ssh_update_card(ac, add, id, pin)) {
197 fprintf(stderr, "Card %s: %s\n", 205 fprintf(stderr, "Card %s: %s\n",
198 add ? "added" : "removed", id); 206 add ? "added" : "removed", id);
199 return 0; 207 ret = 0;
200 } else { 208 } else {
201 fprintf(stderr, "Could not %s card: %s\n", 209 fprintf(stderr, "Could not %s card: %s\n",
202 add ? "add" : "remove", id); 210 add ? "add" : "remove", id);
203 return -1; 211 ret = -1;
204 } 212 }
213 xfree(pin);
214 return ret;
205} 215}
206 216
207static int 217static int
@@ -292,6 +302,7 @@ usage(void)
292 fprintf(stderr, " -x Lock agent.\n"); 302 fprintf(stderr, " -x Lock agent.\n");
293 fprintf(stderr, " -X Unlock agent.\n"); 303 fprintf(stderr, " -X Unlock agent.\n");
294 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); 304 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
305 fprintf(stderr, " -c Require confirmation to sign using identities\n");
295#ifdef SMARTCARD 306#ifdef SMARTCARD
296 fprintf(stderr, " -s reader Add key in smartcard reader.\n"); 307 fprintf(stderr, " -s reader Add key in smartcard reader.\n");
297 fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); 308 fprintf(stderr, " -e reader Remove key in smartcard reader.\n");
@@ -319,7 +330,7 @@ main(int argc, char **argv)
319 fprintf(stderr, "Could not open a connection to your authentication agent.\n"); 330 fprintf(stderr, "Could not open a connection to your authentication agent.\n");
320 exit(2); 331 exit(2);
321 } 332 }
322 while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { 333 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
323 switch (ch) { 334 switch (ch) {
324 case 'l': 335 case 'l':
325 case 'L': 336 case 'L':
@@ -333,6 +344,9 @@ main(int argc, char **argv)
333 ret = 1; 344 ret = 1;
334 goto done; 345 goto done;
335 break; 346 break;
347 case 'c':
348 confirm = 1;
349 break;
336 case 'd': 350 case 'd':
337 deleting = 1; 351 deleting = 1;
338 break; 352 break;
diff --git a/ssh-agent.0 b/ssh-agent.0
index 9a1b85645..aa7aebf03 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -1,56 +1,63 @@
1SSH-AGENT(1) System General Commands Manual SSH-AGENT(1) 1SSHM-bM-^@M-^PAGENT(1) BSD General Commands Manual SSHM-bM-^@M-^PAGENT(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-agent - authentication agent 4 ^[[1msshM-bM-^@M-^Pagent ^[[22mM-bMM-^R authentication agent
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-agent [-a bind_address] [-c | -s] [-d] [command [args ...]] 7 ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] [^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[24m] [^[[1mM-bMM-^Rd^[[22m] [^[[4mcommand^[[24m [^[[4margs^[[24m ^[[4m...^[[24m]]
8 ssh-agent [-c | -s] -k 8 ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] ^[[1mM-bMM-^Rk^[[0m
9 9
10DESCRIPTION 10^[[1mDESCRIPTION^[[0m
11 ssh-agent is a program to hold private keys used for public key authentiM-- 11 ^[[1msshM-bM-^@M-^Pagent ^[[22mis a program to hold private keys used for public key authentiM-bM-^@M-^P
12 cation (RSA, DSA). The idea is that ssh-agent is started in the beginM-- 12 cation (RSA, DSA). The idea is that ^[[1msshM-bM-^@M-^Pagent ^[[22mis started in the beginM-bM-^@M-^P
13 ning of an X-session or a login session, and all other windows or proM-- 13 ning of an XM-bM-^@M-^Psession or a login session, and all other windows or proM-bM-^@M-^P
14 grams are started as clients to the ssh-agent program. Through use of 14 grams are started as clients to the sshM-bM-^@M-^Pagent program. Through use of
15 environment variables the agent can be located and automatically used for 15 environment variables the agent can be located and automatically used for
16 authentication when logging in to other machines using ssh(1). 16 authentication when logging in to other machines using ssh(1).
17 17
18 The options are as follows: 18 The options are as follows:
19 19
20 -a bind_address 20 ^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[0m
21 Bind the agent to the unix-domain socket bind_address. The 21 Bind the agent to the unixM-bM-^@M-^Pdomain socket ^[[4mbind_address^[[24m. The
22 default is /tmp/ssh-XXXXXXXX/agent.<ppid>. 22 default is ^[[4m/tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid>^[[24m.
23 23
24 -c Generate C-shell commands on stdout. This is the default if 24 ^[[1mM-bMM-^Rc ^[[22mGenerate CM-bM-^@M-^Pshell commands on stdout. This is the default if
25 SHELL looks like it's a csh style of shell. 25 SHELL looks like itM-bM-^@M-^Ys a csh style of shell.
26 26
27 -s Generate Bourne shell commands on stdout. This is the default if 27 ^[[1mM-bMM-^Rs ^[[22mGenerate Bourne shell commands on stdout. This is the default if
28 SHELL does not look like it's a csh style of shell. 28 SHELL does not look like itM-bM-^@M-^Ys a csh style of shell.
29 29
30 -k Kill the current agent (given by the SSH_AGENT_PID environment 30 ^[[1mM-bMM-^Rk ^[[22mKill the current agent (given by the SSH_AGENT_PID environment
31 variable). 31 variable).
32 32
33 -d Debug mode. When this option is specified ssh-agent will not 33 ^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[0m
34 Set a default value for the maximum lifetime of identities added
35 to the agent. The lifetime may be specified in seconds or in a
36 time format specified in sshd(8). A lifetime specified for an
37 identity with sshM-bM-^@M-^Padd(1) overrides this value. Without this
38 option the default maximum lifetime is forever.
39
40 ^[[1mM-bMM-^Rd ^[[22mDebug mode. When this option is specified ^[[1msshM-bM-^@M-^Pagent ^[[22mwill not
34 fork. 41 fork.
35 42
36 If a commandline is given, this is executed as a subprocess of the agent. 43 If a commandline is given, this is executed as a subprocess of the agent.
37 When the command dies, so does the agent. 44 When the command dies, so does the agent.
38 45
39 The agent initially does not have any private keys. Keys are added using 46 The agent initially does not have any private keys. Keys are added using
40 ssh-add(1). When executed without arguments, ssh-add(1) adds the files 47 sshM-bM-^@M-^Padd(1). When executed without arguments, sshM-bM-^@M-^Padd(1) adds the files
41 $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. If the 48 ^[[4m$HOME/.ssh/id_rsa^[[24m, ^[[4m$HOME/.ssh/id_dsa^[[24m and ^[[4m$HOME/.ssh/identity^[[24m. If the
42 identity has a passphrase, ssh-add(1) asks for the passphrase (using a 49 identity has a passphrase, sshM-bM-^@M-^Padd(1) asks for the passphrase (using a
43 small X11 application if running under X11, or from the terminal if runM-- 50 small X11 application if running under X11, or from the terminal if runM-bM-^@M-^P
44 ning without X). It then sends the identity to the agent. Several idenM-- 51 ning without X). It then sends the identity to the agent. Several idenM-bM-^@M-^P
45 tities can be stored in the agent; the agent can automatically use any of 52 tities can be stored in the agent; the agent can automatically use any of
46 these identities. ssh-add -l displays the identities currently held by 53 these identities. ^[[1msshM-bM-^@M-^Padd M-bM-^@M-^Pl ^[[22mdisplays the identities currently held by
47 the agent. 54 the agent.
48 55
49 The idea is that the agent is run in the user's local PC, laptop, or terM-- 56 The idea is that the agent is run in the userM-bM-^@M-^Ys local PC, laptop, or terM-bM-^@M-^P
50 minal. Authentication data need not be stored on any other machine, and 57 minal. Authentication data need not be stored on any other machine, and
51 authentication passphrases never go over the network. However, the conM-- 58 authentication passphrases never go over the network. However, the conM-bM-^@M-^P
52 nection to the agent is forwarded over SSH remote logins, and the user 59 nection to the agent is forwarded over SSH remote logins, and the user
53 can thus use the privileges given by the identities anywhere in the netM-- 60 can thus use the privileges given by the identities anywhere in the netM-bM-^@M-^P
54 work in a secure way. 61 work in a secure way.
55 62
56 There are two main ways to get an agent setup: Either the agent starts a 63 There are two main ways to get an agent setup: Either the agent starts a
@@ -62,20 +69,20 @@ DESCRIPTION
62 69
63 The agent will never send a private key over its request channel. 70 The agent will never send a private key over its request channel.
64 Instead, operations that require a private key will be performed by the 71 Instead, operations that require a private key will be performed by the
65 agent, and the result will be returned to the requester. This way, priM-- 72 agent, and the result will be returned to the requester. This way, priM-bM-^@M-^P
66 vate keys are not exposed to clients using the agent. 73 vate keys are not exposed to clients using the agent.
67 74
68 A unix-domain socket is created and the name of this socket is stored in 75 A unixM-bM-^@M-^Pdomain socket is created and the name of this socket is stored in
69 the SSH_AUTH_SOCK environment variable. The socket is made accessible 76 the SSH_AUTH_SOCK environment variable. The socket is made accessible
70 only to the current user. This method is easily abused by root or 77 only to the current user. This method is easily abused by root or
71 another instance of the same user. 78 another instance of the same user.
72 79
73 The SSH_AGENT_PID environment variable holds the agent's process ID. 80 The SSH_AGENT_PID environment variable holds the agentM-bM-^@M-^Ys process ID.
74 81
75 The agent exits automatically when the command given on the command line 82 The agent exits automatically when the command given on the command line
76 terminates. 83 terminates.
77 84
78FILES 85^[[1mFILES^[[0m
79 $HOME/.ssh/identity 86 $HOME/.ssh/identity
80 Contains the protocol version 1 RSA authentication identity of 87 Contains the protocol version 1 RSA authentication identity of
81 the user. 88 the user.
@@ -88,20 +95,20 @@ FILES
88 Contains the protocol version 2 RSA authentication identity of 95 Contains the protocol version 2 RSA authentication identity of
89 the user. 96 the user.
90 97
91 /tmp/ssh-XXXXXXXX/agent.<ppid> 98 /tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid>
92 Unix-domain sockets used to contain the connection to the authenM-- 99 UnixM-bM-^@M-^Pdomain sockets used to contain the connection to the authenM-bM-^@M-^P
93 tication agent. These sockets should only be readable by the 100 tication agent. These sockets should only be readable by the
94 owner. The sockets should get automatically removed when the 101 owner. The sockets should get automatically removed when the
95 agent exits. 102 agent exits.
96 103
97AUTHORS 104^[[1mAUTHORS^[[0m
98 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 105 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
99 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 106 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
100 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 107 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
101 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 108 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
102 versions 1.5 and 2.0. 109 versions 1.5 and 2.0.
103 110
104SEE ALSO 111^[[1mSEE ALSO^[[0m
105 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 112 ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), sshd(8)
106 113
107BSD September 25, 1999 BSD 114BSD September 25, 1999 BSD
diff --git a/ssh-agent.1 b/ssh-agent.1
index 0227436c1..98f9dc80d 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -44,6 +44,7 @@
44.Nm ssh-agent 44.Nm ssh-agent
45.Op Fl a Ar bind_address 45.Op Fl a Ar bind_address
46.Op Fl c Li | Fl s 46.Op Fl c Li | Fl s
47.Op Fl t Ar life
47.Op Fl d 48.Op Fl d
48.Op Ar command Op Ar args ... 49.Op Ar command Op Ar args ...
49.Nm ssh-agent 50.Nm ssh-agent
@@ -86,6 +87,14 @@ does not look like it's a csh style of shell.
86Kill the current agent (given by the 87Kill the current agent (given by the
87.Ev SSH_AGENT_PID 88.Ev SSH_AGENT_PID
88environment variable). 89environment variable).
90.It Fl t Ar life
91Set a default value for the maximum lifetime of identities added to the agent.
92The lifetime may be specified in seconds or in a time format specified in
93.Xr sshd 8 .
94A lifetime specified for an identity with
95.Xr ssh-add 1
96overrides this value.
97Without this option the default maximum lifetime is forever.
89.It Fl d 98.It Fl d
90Debug mode. When this option is specified 99Debug mode. When this option is specified
91.Nm 100.Nm
diff --git a/ssh-agent.c b/ssh-agent.c
index cca720ee2..eb593de73 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/sys-queue.h" 37#include "openbsd-compat/sys-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -50,6 +50,8 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
50#include "authfd.h" 50#include "authfd.h"
51#include "compat.h" 51#include "compat.h"
52#include "log.h" 52#include "log.h"
53#include "readpass.h"
54#include "misc.h"
53 55
54#ifdef SMARTCARD 56#ifdef SMARTCARD
55#include "scard.h" 57#include "scard.h"
@@ -77,6 +79,7 @@ typedef struct identity {
77 Key *key; 79 Key *key;
78 char *comment; 80 char *comment;
79 u_int death; 81 u_int death;
82 u_int confirm;
80} Identity; 83} Identity;
81 84
82typedef struct { 85typedef struct {
@@ -106,6 +109,9 @@ extern char *__progname;
106char *__progname; 109char *__progname;
107#endif 110#endif
108 111
112/* Default lifetime (0 == forever) */
113static int lifetime = 0;
114
109static void 115static void
110close_socket(SocketEntry *e) 116close_socket(SocketEntry *e)
111{ 117{
@@ -159,6 +165,30 @@ lookup_identity(Key *key, int version)
159 return (NULL); 165 return (NULL);
160} 166}
161 167
168/* Check confirmation of keysign request */
169static int
170confirm_key(Identity *id)
171{
172 char *p, prompt[1024];
173 int ret = -1;
174
175 p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
176 snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
177 "Key fingerprint %s.", id->comment, p);
178 xfree(p);
179 p = read_passphrase(prompt, RP_ALLOW_EOF);
180 if (p != NULL) {
181 /*
182 * Accept empty responses and responses consisting
183 * of the word "yes" as affirmative.
184 */
185 if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
186 ret = 0;
187 xfree(p);
188 }
189 return (ret);
190}
191
162/* send list of supported public keys to 'client' */ 192/* send list of supported public keys to 'client' */
163static void 193static void
164process_request_identities(SocketEntry *e, int version) 194process_request_identities(SocketEntry *e, int version)
@@ -222,7 +252,7 @@ process_authentication_challenge1(SocketEntry *e)
222 goto failure; 252 goto failure;
223 253
224 id = lookup_identity(key, 1); 254 id = lookup_identity(key, 1);
225 if (id != NULL) { 255 if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
226 Key *private = id->key; 256 Key *private = id->key;
227 /* Decrypt the challenge using the private key. */ 257 /* Decrypt the challenge using the private key. */
228 if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) 258 if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
@@ -282,7 +312,7 @@ process_sign_request2(SocketEntry *e)
282 key = key_from_blob(blob, blen); 312 key = key_from_blob(blob, blen);
283 if (key != NULL) { 313 if (key != NULL) {
284 Identity *id = lookup_identity(key, 2); 314 Identity *id = lookup_identity(key, 2);
285 if (id != NULL) 315 if (id != NULL && (!id->confirm || confirm_key(id) == 0))
286 ok = key_sign(id->key, &signature, &slen, data, dlen); 316 ok = key_sign(id->key, &signature, &slen, data, dlen);
287 } 317 }
288 key_free(key); 318 key_free(key);
@@ -402,7 +432,7 @@ static void
402process_add_identity(SocketEntry *e, int version) 432process_add_identity(SocketEntry *e, int version)
403{ 433{
404 Idtab *tab = idtab_lookup(version); 434 Idtab *tab = idtab_lookup(version);
405 int type, success = 0, death = 0; 435 int type, success = 0, death = 0, confirm = 0;
406 char *type_name, *comment; 436 char *type_name, *comment;
407 Key *k = NULL; 437 Key *k = NULL;
408 438
@@ -453,6 +483,17 @@ process_add_identity(SocketEntry *e, int version)
453 } 483 }
454 break; 484 break;
455 } 485 }
486 /* enable blinding */
487 switch (k->type) {
488 case KEY_RSA:
489 case KEY_RSA1:
490 if (RSA_blinding_on(k->rsa, NULL) != 1) {
491 error("process_add_identity: RSA_blinding_on failed");
492 key_free(k);
493 goto send;
494 }
495 break;
496 }
456 comment = buffer_get_string(&e->request, NULL); 497 comment = buffer_get_string(&e->request, NULL);
457 if (k == NULL) { 498 if (k == NULL) {
458 xfree(comment); 499 xfree(comment);
@@ -464,15 +505,21 @@ process_add_identity(SocketEntry *e, int version)
464 case SSH_AGENT_CONSTRAIN_LIFETIME: 505 case SSH_AGENT_CONSTRAIN_LIFETIME:
465 death = time(NULL) + buffer_get_int(&e->request); 506 death = time(NULL) + buffer_get_int(&e->request);
466 break; 507 break;
508 case SSH_AGENT_CONSTRAIN_CONFIRM:
509 confirm = 1;
510 break;
467 default: 511 default:
468 break; 512 break;
469 } 513 }
470 } 514 }
515 if (lifetime && !death)
516 death = time(NULL) + lifetime;
471 if (lookup_identity(k, version) == NULL) { 517 if (lookup_identity(k, version) == NULL) {
472 Identity *id = xmalloc(sizeof(Identity)); 518 Identity *id = xmalloc(sizeof(Identity));
473 id->key = k; 519 id->key = k;
474 id->comment = comment; 520 id->comment = comment;
475 id->death = death; 521 id->death = death;
522 id->confirm = confirm;
476 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 523 TAILQ_INSERT_TAIL(&tab->idlist, id, next);
477 /* Increment the number of identities. */ 524 /* Increment the number of identities. */
478 tab->nentries++; 525 tab->nentries++;
@@ -557,6 +604,7 @@ process_add_smartcard_key (SocketEntry *e)
557 id->key = k; 604 id->key = k;
558 id->comment = xstrdup("smartcard key"); 605 id->comment = xstrdup("smartcard key");
559 id->death = 0; 606 id->death = 0;
607 id->confirm = 0;
560 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 608 TAILQ_INSERT_TAIL(&tab->idlist, id, next);
561 tab->nentries++; 609 tab->nentries++;
562 success = 1; 610 success = 1;
@@ -930,13 +978,15 @@ usage(void)
930 fprintf(stderr, " -k Kill the current agent.\n"); 978 fprintf(stderr, " -k Kill the current agent.\n");
931 fprintf(stderr, " -d Debug mode.\n"); 979 fprintf(stderr, " -d Debug mode.\n");
932 fprintf(stderr, " -a socket Bind agent socket to given name.\n"); 980 fprintf(stderr, " -a socket Bind agent socket to given name.\n");
981 fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
933 exit(1); 982 exit(1);
934} 983}
935 984
936int 985int
937main(int ac, char **av) 986main(int ac, char **av)
938{ 987{
939 int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; 988 int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
989 int sock, fd, ch, nalloc;
940 char *shell, *format, *pidstr, *agentsocket = NULL; 990 char *shell, *format, *pidstr, *agentsocket = NULL;
941 fd_set *readsetp = NULL, *writesetp = NULL; 991 fd_set *readsetp = NULL, *writesetp = NULL;
942 struct sockaddr_un sunaddr; 992 struct sockaddr_un sunaddr;
@@ -961,7 +1011,7 @@ main(int ac, char **av)
961 init_rng(); 1011 init_rng();
962 seed_rng(); 1012 seed_rng();
963 1013
964 while ((ch = getopt(ac, av, "cdksa:")) != -1) { 1014 while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
965 switch (ch) { 1015 switch (ch) {
966 case 'c': 1016 case 'c':
967 if (s_flag) 1017 if (s_flag)
@@ -984,6 +1034,12 @@ main(int ac, char **av)
984 case 'a': 1034 case 'a':
985 agentsocket = optarg; 1035 agentsocket = optarg;
986 break; 1036 break;
1037 case 't':
1038 if ((lifetime = convtime(optarg)) == -1) {
1039 fprintf(stderr, "Invalid lifetime\n");
1040 usage();
1041 }
1042 break;
987 default: 1043 default:
988 usage(); 1044 usage();
989 } 1045 }
@@ -1116,9 +1172,14 @@ main(int ac, char **av)
1116 } 1172 }
1117 1173
1118 (void)chdir("/"); 1174 (void)chdir("/");
1119 close(0); 1175 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
1120 close(1); 1176 /* XXX might close listen socket */
1121 close(2); 1177 (void)dup2(fd, STDIN_FILENO);
1178 (void)dup2(fd, STDOUT_FILENO);
1179 (void)dup2(fd, STDERR_FILENO);
1180 if (fd > 2)
1181 close(fd);
1182 }
1122 1183
1123#ifdef HAVE_SETRLIMIT 1184#ifdef HAVE_SETRLIMIT
1124 /* deny core dumps, since memory contains unencrypted private keys */ 1185 /* deny core dumps, since memory contains unencrypted private keys */
diff --git a/ssh-dss.c b/ssh-dss.c
index 9ba2584dd..6cedcc4dc 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); 26RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/evp.h> 29#include <openssl/evp.h>
@@ -34,7 +34,6 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $");
34#include "compat.h" 34#include "compat.h"
35#include "log.h" 35#include "log.h"
36#include "key.h" 36#include "key.h"
37#include "ssh-dss.h"
38 37
39#define INTBLOB_LEN 20 38#define INTBLOB_LEN 20
40#define SIGBLOB_LEN (2*INTBLOB_LEN) 39#define SIGBLOB_LEN (2*INTBLOB_LEN)
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index d3a2135b4..2e151a95c 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -1,45 +1,45 @@
1SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) 1SSHM-bM-^@M-^PKEYGEN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYGEN(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-keygen - authentication key generation, management and conversion 4 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mM-bMM-^R authentication key generation, management and conversion
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] 7 ^[[1msshM-bM-^@M-^Pkeygen ^[[22m[^[[1mM-bMM-^Rq^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m]
8 [-f output_keyfile] 8 [^[[1mM-bMM-^Rf ^[[4m^[[22moutput_keyfile^[[24m]
9 ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] 9 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rp ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mold_passphrase^[[24m] [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m]
10 ssh-keygen -i [-f input_keyfile] 10 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ri ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
11 ssh-keygen -e [-f input_keyfile] 11 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Re ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
12 ssh-keygen -y [-f input_keyfile] 12 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ry ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] 13 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rc ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m]
14 ssh-keygen -l [-f input_keyfile] 14 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rl ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
15 ssh-keygen -B [-f input_keyfile] 15 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RB ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
16 ssh-keygen -D reader 16 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RD ^[[4m^[[22mreader^[[0m
17 ssh-keygen -U reader [-f input_keyfile] 17 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RU ^[[4m^[[22mreader^[[24m [^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
18 18
19DESCRIPTION 19^[[1mDESCRIPTION^[[0m
20 ssh-keygen generates, manages and converts authentication keys for 20 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mgenerates, manages and converts authentication keys for
21 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 21 ssh(1). ^[[1msshM-bM-^@M-^Pkeygen ^[[22mcan create RSA keys for use by SSH protocol version 1
22 and RSA or DSA keys for use by SSH protocol version 2. The type of key to 22 and RSA or DSA keys for use by SSH protocol version 2. The type of key to
23 be generated is specified with the -t option. 23 be generated is specified with the ^[[1mM-bMM-^Rt ^[[22moption.
24 24
25 Normally each user wishing to use SSH with RSA or DSA authentication runs 25 Normally each user wishing to use SSH with RSA or DSA authentication runs
26 this once to create the authentication key in $HOME/.ssh/identity, 26 this once to create the authentication key in ^[[4m$HOME/.ssh/identity^[[24m,
27 $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system adminM-- 27 ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m. Additionally, the system adminM-bM-^@M-^P
28 istrator may use this to generate host keys, as seen in /etc/rc. 28 istrator may use this to generate host keys, as seen in ^[[4m/etc/rc^[[24m.
29 29
30 Normally this program generates the key and asks for a file in which to 30 Normally this program generates the key and asks for a file in which to
31 store the private key. The public key is stored in a file with the same 31 store the private key. The public key is stored in a file with the same
32 name but ``.pub'' appended. The program also asks for a passphrase. The 32 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
33 passphrase may be empty to indicate no passphrase (host keys must have an 33 passphrase may be empty to indicate no passphrase (host keys must have an
34 empty passphrase), or it may be a string of arbitrary length. A 34 empty passphrase), or it may be a string of arbitrary length. A
35 passphrase is similar to a password, except it can be a phrase with a 35 passphrase is similar to a password, except it can be a phrase with a
36 series of words, punctuation, numbers, whitespace, or any string of charM-- 36 series of words, punctuation, numbers, whitespace, or any string of charM-bM-^@M-^P
37 acters you want. Good passphrases are 10-30 characters long, are not 37 acters you want. Good passphrases are 10M-bM-^@M-^P30 characters long, are not
38 simple sentences or otherwise easily guessable (English prose has only 38 simple sentences or otherwise easily guessable (English prose has only
39 1-2 bits of entropy per character, and provides very bad passphrases), 39 1M-bM-^@M-^P2 bits of entropy per character, and provides very bad passphrases),
40 and contain a mix of upper and lowercase letters, numbers, and non- 40 and contain a mix of upper and lowercase letters, numbers, and nonM-bM-^@M-^P
41 alphanumeric characters. The passphrase can be changed later by using 41 alphanumeric characters. The passphrase can be changed later by using
42 the -p option. 42 the ^[[1mM-bMM-^Rp ^[[22moption.
43 43
44 There is no way to recover a lost passphrase. If the passphrase is lost 44 There is no way to recover a lost passphrase. If the passphrase is lost
45 or forgotten, a new key must be generated and copied to the corresponding 45 or forgotten, a new key must be generated and copied to the corresponding
@@ -47,91 +47,90 @@ DESCRIPTION
47 47
48 For RSA1 keys, there is also a comment field in the key file that is only 48 For RSA1 keys, there is also a comment field in the key file that is only
49 for convenience to the user to help identify the key. The comment can 49 for convenience to the user to help identify the key. The comment can
50 tell what the key is for, or whatever is useful. The comment is initialM-- 50 tell what the key is for, or whatever is useful. The comment is initialM-bM-^@M-^P
51 ized to ``user@host'' when the key is created, but can be changed using 51 ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the
52 the -c option. 52 ^[[1mM-bMM-^Rc ^[[22moption.
53 53
54 After a key is generated, instructions below detail where the keys should 54 After a key is generated, instructions below detail where the keys should
55 be placed to be activated. 55 be placed to be activated.
56 56
57 The options are as follows: 57 The options are as follows:
58 58
59 -b bits 59 ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m
60 Specifies the number of bits in the key to create. Minimum is 60 Specifies the number of bits in the key to create. Minimum is
61 512 bits. Generally 1024 bits is considered sufficient, and key 61 512 bits. Generally, 1024 bits is considered sufficient. The
62 sizes above that no longer improve security but make things 62 default is 1024 bits.
63 slower. The default is 1024 bits.
64 63
65 -c Requests changing the comment in the private and public key 64 ^[[1mM-bMM-^Rc ^[[22mRequests changing the comment in the private and public key
66 files. This operation is only supported for RSA1 keys. The proM-- 65 files. This operation is only supported for RSA1 keys. The proM-bM-^@M-^P
67 gram will prompt for the file containing the private keys, for 66 gram will prompt for the file containing the private keys, for
68 the passphrase if the key has one, and for the new comment. 67 the passphrase if the key has one, and for the new comment.
69 68
70 -e This option will read a private or public OpenSSH key file and 69 ^[[1mM-bMM-^Re ^[[22mThis option will read a private or public OpenSSH key file and
71 print the key in a `SECSH Public Key File Format' to stdout. 70 print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout.
72 This option allows exporting keys for use by several commercial 71 This option allows exporting keys for use by several commercial
73 SSH implementations. 72 SSH implementations.
74 73
75 -f filename 74 ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m
76 Specifies the filename of the key file. 75 Specifies the filename of the key file.
77 76
78 -i This option will read an unencrypted private (or public) key file 77 ^[[1mM-bMM-^Ri ^[[22mThis option will read an unencrypted private (or public) key file
79 in SSH2-compatible format and print an OpenSSH compatible private 78 in SSH2M-bM-^@M-^Pcompatible format and print an OpenSSH compatible private
80 (or public) key to stdout. ssh-keygen also reads the `SECSH 79 (or public) key to stdout. ^[[1msshM-bM-^@M-^Pkeygen ^[[22malso reads the M-bM-^@M-^XSECSH
81 Public Key File Format'. This option allows importing keys from 80 Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from
82 several commercial SSH implementations. 81 several commercial SSH implementations.
83 82
84 -l Show fingerprint of specified public key file. Private RSA1 keys 83 ^[[1mM-bMM-^Rl ^[[22mShow fingerprint of specified public key file. Private RSA1 keys
85 are also supported. For RSA and DSA keys ssh-keygen tries to 84 are also supported. For RSA and DSA keys ^[[1msshM-bM-^@M-^Pkeygen ^[[22mtries to
86 find the matching public key file and prints its fingerprint. 85 find the matching public key file and prints its fingerprint.
87 86
88 -p Requests changing the passphrase of a private key file instead of 87 ^[[1mM-bMM-^Rp ^[[22mRequests changing the passphrase of a private key file instead of
89 creating a new private key. The program will prompt for the file 88 creating a new private key. The program will prompt for the file
90 containing the private key, for the old passphrase, and twice for 89 containing the private key, for the old passphrase, and twice for
91 the new passphrase. 90 the new passphrase.
92 91
93 -q Silence ssh-keygen. Used by /etc/rc when creating a new key. 92 ^[[1mM-bMM-^Rq ^[[22mSilence ^[[1msshM-bM-^@M-^Pkeygen^[[22m. Used by ^[[4m/etc/rc^[[24m when creating a new key.
94 93
95 -y This option will read a private OpenSSH format file and print an 94 ^[[1mM-bMM-^Ry ^[[22mThis option will read a private OpenSSH format file and print an
96 OpenSSH public key to stdout. 95 OpenSSH public key to stdout.
97 96
98 -t type 97 ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m
99 Specifies the type of the key to create. The possible values are 98 Specifies the type of the key to create. The possible values are
100 ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM-- 99 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol
101 col version 2. 100 version 2.
102 101
103 -B Show the bubblebabble digest of specified private or public key 102 ^[[1mM-bMM-^RB ^[[22mShow the bubblebabble digest of specified private or public key
104 file. 103 file.
105 104
106 -C comment 105 ^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[0m
107 Provides the new comment. 106 Provides the new comment.
108 107
109 -D reader 108 ^[[1mM-bMM-^RD ^[[4m^[[22mreader^[[0m
110 Download the RSA public key stored in the smartcard in reader. 109 Download the RSA public key stored in the smartcard in ^[[4mreader^[[24m.
111 110
112 -N new_passphrase 111 ^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[0m
113 Provides the new passphrase. 112 Provides the new passphrase.
114 113
115 -P passphrase 114 ^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[0m
116 Provides the (old) passphrase. 115 Provides the (old) passphrase.
117 116
118 -U reader 117 ^[[1mM-bMM-^RU ^[[4m^[[22mreader^[[0m
119 Upload an existing RSA private key into the smartcard in reader. 118 Upload an existing RSA private key into the smartcard in ^[[4mreader^[[24m.
120 119
121FILES 120^[[1mFILES^[[0m
122 $HOME/.ssh/identity 121 $HOME/.ssh/identity
123 Contains the protocol version 1 RSA authentication identity of 122 Contains the protocol version 1 RSA authentication identity of
124 the user. This file should not be readable by anyone but the 123 the user. This file should not be readable by anyone but the
125 user. It is possible to specify a passphrase when generating the 124 user. It is possible to specify a passphrase when generating the
126 key; that passphrase will be used to encrypt the private part of 125 key; that passphrase will be used to encrypt the private part of
127 this file using 3DES. This file is not automatically accessed by 126 this file using 3DES. This file is not automatically accessed by
128 ssh-keygen but it is offered as the default file for the private 127 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
129 key. ssh(1) will read this file when a login attempt is made. 128 key. ssh(1) will read this file when a login attempt is made.
130 129
131 $HOME/.ssh/identity.pub 130 $HOME/.ssh/identity.pub
132 Contains the protocol version 1 RSA public key for authenticaM-- 131 Contains the protocol version 1 RSA public key for authenticaM-bM-^@M-^P
133 tion. The contents of this file should be added to 132 tion. The contents of this file should be added to
134 $HOME/.ssh/authorized_keys on all machines where the user wishes 133 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
135 to log in using RSA authentication. There is no need to keep the 134 to log in using RSA authentication. There is no need to keep the
136 contents of this file secret. 135 contents of this file secret.
137 136
@@ -141,13 +140,13 @@ FILES
141 user. It is possible to specify a passphrase when generating the 140 user. It is possible to specify a passphrase when generating the
142 key; that passphrase will be used to encrypt the private part of 141 key; that passphrase will be used to encrypt the private part of
143 this file using 3DES. This file is not automatically accessed by 142 this file using 3DES. This file is not automatically accessed by
144 ssh-keygen but it is offered as the default file for the private 143 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
145 key. ssh(1) will read this file when a login attempt is made. 144 key. ssh(1) will read this file when a login attempt is made.
146 145
147 $HOME/.ssh/id_dsa.pub 146 $HOME/.ssh/id_dsa.pub
148 Contains the protocol version 2 DSA public key for authenticaM-- 147 Contains the protocol version 2 DSA public key for authenticaM-bM-^@M-^P
149 tion. The contents of this file should be added to 148 tion. The contents of this file should be added to
150 $HOME/.ssh/authorized_keys on all machines where the user wishes 149 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
151 to log in using public key authentication. There is no need to 150 to log in using public key authentication. There is no need to
152 keep the contents of this file secret. 151 keep the contents of this file secret.
153 152
@@ -157,27 +156,27 @@ FILES
157 user. It is possible to specify a passphrase when generating the 156 user. It is possible to specify a passphrase when generating the
158 key; that passphrase will be used to encrypt the private part of 157 key; that passphrase will be used to encrypt the private part of
159 this file using 3DES. This file is not automatically accessed by 158 this file using 3DES. This file is not automatically accessed by
160 ssh-keygen but it is offered as the default file for the private 159 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
161 key. ssh(1) will read this file when a login attempt is made. 160 key. ssh(1) will read this file when a login attempt is made.
162 161
163 $HOME/.ssh/id_rsa.pub 162 $HOME/.ssh/id_rsa.pub
164 Contains the protocol version 2 RSA public key for authenticaM-- 163 Contains the protocol version 2 RSA public key for authenticaM-bM-^@M-^P
165 tion. The contents of this file should be added to 164 tion. The contents of this file should be added to
166 $HOME/.ssh/authorized_keys on all machines where the user wishes 165 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
167 to log in using public key authentication. There is no need to 166 to log in using public key authentication. There is no need to
168 keep the contents of this file secret. 167 keep the contents of this file secret.
169 168
170AUTHORS 169^[[1mAUTHORS^[[0m
171 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 170 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
172 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 171 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
173 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 172 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
174 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 173 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
175 versions 1.5 and 2.0. 174 versions 1.5 and 2.0.
176 175
177SEE ALSO 176^[[1mSEE ALSO^[[0m
178 ssh(1), ssh-add(1), ssh-agent(1), sshd(8) 177 ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshd(8)
179 178
180 J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- 179 J. Galbraith and R. Thayer, ^[[4mSECSH^[[24m ^[[4mPublic^[[24m ^[[4mKey^[[24m ^[[4mFile^[[24m ^[[4mFormat^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^P
181 secsh-publickeyfile-01.txt, March 2001, work in progress material. 180 secshM-bM-^@M-^PpublickeyfileM-bM-^@M-^P01.txt, March 2001, work in progress material.
182 181
183BSD September 25, 1999 BSD 182BSD September 25, 1999 BSD
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 35b0bb916..78fdb496a 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.54 2002/06/19 00:27:55 deraadt Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -147,8 +147,7 @@ The options are as follows:
147.It Fl b Ar bits 147.It Fl b Ar bits
148Specifies the number of bits in the key to create. 148Specifies the number of bits in the key to create.
149Minimum is 512 bits. 149Minimum is 512 bits.
150Generally 1024 bits is considered sufficient, and key sizes 150Generally, 1024 bits is considered sufficient.
151above that no longer improve security but make things slower.
152The default is 1024 bits. 151The default is 1024 bits.
153.It Fl c 152.It Fl c
154Requests changing the comment in the private and public key files. 153Requests changing the comment in the private and public key files.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 3478e3723..6a872bcfd 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -109,7 +109,6 @@ ask_filename(struct passwd *pw, const char *prompt)
109 109
110 snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); 110 snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
111 fprintf(stderr, "%s (%s): ", prompt, identity_file); 111 fprintf(stderr, "%s (%s): ", prompt, identity_file);
112 fflush(stderr);
113 if (fgets(buf, sizeof(buf), stdin) == NULL) 112 if (fgets(buf, sizeof(buf), stdin) == NULL)
114 exit(1); 113 exit(1);
115 if (strchr(buf, '\n')) 114 if (strchr(buf, '\n'))
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 05742bf66..3c3067cc9 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -1,101 +1,100 @@
1SSH-KEYSCAN(1) System General Commands Manual SSH-KEYSCAN(1) 1SSHM-bM-^@M-^PKEYSCAN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYSCAN(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-keyscan - gather ssh public keys 4 ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mM-bMM-^R gather ssh public keys
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-keyscan [-v46] [-p port] [-T timeout] [-t type] [-f file] 7 ^[[1msshM-bM-^@M-^Pkeyscan ^[[22m[^[[1mM-bMM-^Rv46^[[22m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RT ^[[4m^[[22mtimeout^[[24m] [^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mfile^[[24m]
8 [host | addrlist namelist] [...] 8 [^[[4mhost^[[24m | ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m] [^[[4m...^[[24m]
9 9
10DESCRIPTION 10^[[1mDESCRIPTION^[[0m
11 ssh-keyscan is a utility for gathering the public ssh host keys of a numM-- 11 ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mis a utility for gathering the public ssh host keys of a numM-bM-^@M-^P
12 ber of hosts. It was designed to aid in building and verifying 12 ber of hosts. It was designed to aid in building and verifying
13 ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable 13 ^[[4mssh_known_hosts^[[24m files. ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mprovides a minimal interface suitable
14 for use by shell and perl scripts. 14 for use by shell and perl scripts.
15 15
16 ssh-keyscan uses non-blocking socket I/O to contact as many hosts as posM-- 16 ^[[1msshM-bM-^@M-^Pkeyscan ^[[22muses nonM-bM-^@M-^Pblocking socket I/O to contact as many hosts as posM-bM-^@M-^P
17 sible in parallel, so it is very efficient. The keys from a domain of 17 sible in parallel, so it is very efficient. The keys from a domain of
18 1,000 hosts can be collected in tens of seconds, even when some of those 18 1,000 hosts can be collected in tens of seconds, even when some of those
19 hosts are down or do not run ssh. For scanning, one does not need login 19 hosts are down or do not run ssh. For scanning, one does not need login
20 access to the machines that are being scanned, nor does the scanning proM-- 20 access to the machines that are being scanned, nor does the scanning proM-bM-^@M-^P
21 cess involve any encryption. 21 cess involve any encryption.
22 22
23 The options are as follows: 23 The options are as follows:
24 24
25 -p port 25 ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m
26 Port to connect to on the remote host. 26 Port to connect to on the remote host.
27 27
28 -T timeout 28 ^[[1mM-bMM-^RT ^[[4m^[[22mtimeout^[[0m
29 Set the timeout for connection attempts. If timeout seconds have 29 Set the timeout for connection attempts. If ^[[4mtimeout^[[24m seconds have
30 elapsed since a connection was initiated to a host or since the 30 elapsed since a connection was initiated to a host or since the
31 last time anything was read from that host, then the connection 31 last time anything was read from that host, then the connection
32 is closed and the host in question considered unavailable. 32 is closed and the host in question considered unavailable.
33 Default is 5 seconds. 33 Default is 5 seconds.
34 34
35 -t type 35 ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m
36 Specifies the type of the key to fetch from the scanned hosts. 36 Specifies the type of the key to fetch from the scanned hosts.
37 The possible values are ``rsa1'' for protocol version 1 and 37 The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^]
38 ``rsa'' or ``dsa'' for protocol version 2. Multiple values may 38 or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol version 2. Multiple values may be speciM-bM-^@M-^P
39 be specified by separating them with commas. The default is 39 fied by separating them with commas. The default is M-bM-^@M-^\rsa1M-bM-^@M-^].
40 ``rsa1''.
41 40
42 -f filename 41 ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m
43 Read hosts or addrlist namelist pairs from this file, one per 42 Read hosts or ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m pairs from this file, one per
44 line. If - is supplied instead of a filename, ssh-keyscan will 43 line. If ^[[4mM-bM-^@M-^P^[[24m is supplied instead of a filename, ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mwill
45 read hosts or addrlist namelist pairs from the standard input. 44 read hosts or ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m pairs from the standard input.
46 45
47 -v Verbose mode. Causes ssh-keyscan to print debugging messages 46 ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto print debugging messages
48 about its progress. 47 about its progress.
49 48
50 -4 Forces ssh-keyscan to use IPv4 addresses only. 49 ^[[1mM-bMM-^R4 ^[[22mForces ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto use IPv4 addresses only.
51 50
52 -6 Forces ssh-keyscan to use IPv6 addresses only. 51 ^[[1mM-bMM-^R6 ^[[22mForces ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto use IPv6 addresses only.
53 52
54SECURITY 53^[[1mSECURITY^[[0m
55 If a ssh_known_hosts file is constructed using ssh-keyscan without veriM-- 54 If a ssh_known_hosts file is constructed using ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mwithout veriM-bM-^@M-^P
56 fying the keys, users will be vulnerable to attacks. On the other hand, 55 fying the keys, users will be vulnerable to attacks. On the other hand,
57 if the security model allows such a risk, ssh-keyscan can help in the 56 if the security model allows such a risk, ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mcan help in the
58 detection of tampered keyfiles or man in the middle attacks which have 57 detection of tampered keyfiles or man in the middle attacks which have
59 begun after the ssh_known_hosts file was created. 58 begun after the ssh_known_hosts file was created.
60 59
61EXAMPLES 60^[[1mEXAMPLES^[[0m
62 Print the rsa1 host key for machine hostname: 61 Print the ^[[4mrsa1^[[24m host key for machine ^[[4mhostname^[[24m:
63 62
64 $ ssh-keyscan hostname 63 $ sshM-bM-^@M-^Pkeyscan hostname
65 64
66 Find all hosts from the file ssh_hosts which have new or different keys 65 Find all hosts from the file ^[[4mssh_hosts^[[24m which have new or different keys
67 from those in the sorted file ssh_known_hosts: 66 from those in the sorted file ^[[4mssh_known_hosts^[[24m:
68 67
69 $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \ 68 $ sshM-bM-^@M-^Pkeyscan M-bM-^@M-^Pt rsa,dsa M-bM-^@M-^Pf ssh_hosts | \
70 sort -u - ssh_known_hosts | diff ssh_known_hosts - 69 sort M-bM-^@M-^Pu M-bM-^@M-^P ssh_known_hosts | diff ssh_known_hosts M-bM-^@M-^P
71 70
72FILES 71^[[1mFILES^[[0m
73 Input format: 72 ^[[4mInput^[[24m ^[[4mformat:^[[0m
74 73
75 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 74 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
76 75
77 Output format for rsa1 keys: 76 ^[[4mOutput^[[24m ^[[4mformat^[[24m ^[[4mfor^[[24m ^[[4mrsa1^[[24m ^[[4mkeys:^[[0m
78 77
79 host-or-namelist bits exponent modulus 78 hostM-bM-^@M-^PorM-bM-^@M-^Pnamelist bits exponent modulus
80 79
81 Output format for rsa and dsa keys: 80 ^[[4mOutput^[[24m ^[[4mformat^[[24m ^[[4mfor^[[24m ^[[4mrsa^[[24m ^[[4mand^[[24m ^[[4mdsa^[[24m ^[[4mkeys:^[[0m
82 81
83 host-or-namelist keytype base64-encoded-key 82 hostM-bM-^@M-^PorM-bM-^@M-^Pnamelist keytype base64M-bM-^@M-^PencodedM-bM-^@M-^Pkey
84 83
85 Where keytype is either ``ssh-rsa'' or ``ssh-dsa''. 84 Where ^[[4mkeytype^[[24m is either M-bM-^@M-^\sshM-bM-^@M-^PrsaM-bM-^@M-^] or M-bM-^@M-^\sshM-bM-^@M-^PdsaM-bM-^@M-^].
86 85
87 /etc/ssh/ssh_known_hosts 86 ^[[4m/etc/ssh/ssh_known_hosts^[[0m
88 87
89BUGS 88^[[1mBUGS^[[0m
90 It generates "Connection closed by remote host" messages on the consoles 89 It generates "Connection closed by remote host" messages on the consoles
91 of all the machines it scans if the server is older than version 2.9. 90 of all the machines it scans if the server is older than version 2.9.
92 This is because it opens a connection to the ssh port, reads the public 91 This is because it opens a connection to the ssh port, reads the public
93 key, and drops the connection as soon as it gets the key. 92 key, and drops the connection as soon as it gets the key.
94 93
95SEE ALSO 94^[[1mSEE ALSO^[[0m
96 ssh(1), sshd(8) 95 ssh(1), sshd(8)
97 96
98AUTHORS 97^[[1mAUTHORS^[[0m
99 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne 98 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
100 Davison <wayned@users.sourceforge.net> added support for protocol version 99 Davison <wayned@users.sourceforge.net> added support for protocol version
101 2. 100 2.
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 8c14d6d26..5b4eb82d1 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
7 */ 7 */
8 8
9#include "includes.h" 9#include "includes.h"
10RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $"); 10RCSID("$OpenBSD: ssh-keyscan.c,v 1.41 2003/02/16 17:09:57 markus Exp $");
11 11
12#include "openbsd-compat/sys-queue.h" 12#include "openbsd-compat/sys-queue.h"
13 13
@@ -354,6 +354,8 @@ keygrab_ssh2(con *c)
354 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? 354 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
355 "ssh-dss": "ssh-rsa"; 355 "ssh-dss": "ssh-rsa";
356 c->c_kex = kex_setup(myproposal); 356 c->c_kex = kex_setup(myproposal);
357 c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
358 c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
357 c->c_kex->verify_host_key = hostjump; 359 c->c_kex->verify_host_key = hostjump;
358 360
359 if (!(j = setjmp(kexjmp))) { 361 if (!(j = setjmp(kexjmp))) {
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index b5ad6627a..738fc967f 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -1,42 +1,42 @@
1SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) 1SSHM-bM-^@M-^PKEYSIGN(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHM-bM-^@M-^PKEYSIGN(8)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-keysign - ssh helper program for hostbased authentication 4 ^[[1msshM-bM-^@M-^Pkeysign ^[[22mM-bMM-^R ssh helper program for hostbased authentication
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-keysign 7 ^[[1msshM-bM-^@M-^Pkeysign^[[0m
8 8
9DESCRIPTION 9^[[1mDESCRIPTION^[[0m
10 ssh-keysign is used by ssh(1) to access the local host keys and generate 10 ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis used by ssh(1) to access the local host keys and generate
11 the digital signature required during hostbased authentication with SSH 11 the digital signature required during hostbased authentication with SSH
12 protocol version 2. 12 protocol version 2.
13 13
14 ssh-keysign is disabled by default and can only be enabled in the the 14 ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis disabled by default and can only be enabled in the global
15 global client configuration file /etc/ssh/ssh_config by setting 15 client configuration file ^[[4m/etc/ssh/ssh_config^[[24m by setting ^[[1mEnableSSHKeysign^[[0m
16 HostbasedAuthentication to ``yes''. 16 to M-bM-^@M-^\yesM-bM-^@M-^].
17 17
18 ssh-keysign is not intended to be invoked by the user, but from ssh(1). 18 ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis not intended to be invoked by the user, but from ssh(1).
19 See ssh(1) and sshd(8) for more information about hostbased authenticaM-- 19 See ssh(1) and sshd(8) for more information about hostbased authenticaM-bM-^@M-^P
20 tion. 20 tion.
21 21
22FILES 22^[[1mFILES^[[0m
23 /etc/ssh/ssh_config 23 /etc/ssh/ssh_config
24 Controls whether ssh-keysign is enabled. 24 Controls whether ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis enabled.
25 25
26 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 26 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
27 These files contain the private parts of the host keys used to 27 These files contain the private parts of the host keys used to
28 generate the digital signature. They should be owned by root, 28 generate the digital signature. They should be owned by root,
29 readable only by root, and not accessible to others. Since they 29 readable only by root, and not accessible to others. Since they
30 are readable only by root, ssh-keysign must be set-uid root if 30 are readable only by root, ^[[1msshM-bM-^@M-^Pkeysign ^[[22mmust be setM-bM-^@M-^Puid root if
31 hostbased authentication is used. 31 hostbased authentication is used.
32 32
33SEE ALSO 33^[[1mSEE ALSO^[[0m
34 ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) 34 ssh(1), sshM-bM-^@M-^Pkeygen(1), ssh_config(5), sshd(8)
35 35
36AUTHORS 36^[[1mAUTHORS^[[0m
37 Markus Friedl <markus@openbsd.org> 37 Markus Friedl <markus@openbsd.org>
38 38
39HISTORY 39^[[1mHISTORY^[[0m
40 ssh-keysign first appeared in OpenBSD 3.2. 40 ^[[1msshM-bM-^@M-^Pkeysign ^[[22mfirst appeared in OpenBSD 3.2.
41 41
42BSD May 24, 2002 BSD 42BSD May 24, 2002 BSD
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index cea4a8244..99d373406 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ 1.\" $OpenBSD: ssh-keysign.8,v 1.5 2002/11/24 21:46:24 stevesk Exp $
2.\" 2.\"
3.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -39,10 +39,10 @@ required during hostbased authentication with SSH protocol version 2.
39.Pp 39.Pp
40.Nm 40.Nm
41is disabled by default and can only be enabled in the 41is disabled by default and can only be enabled in the
42the global client configuration file 42global client configuration file
43.Pa /etc/ssh/ssh_config 43.Pa /etc/ssh/ssh_config
44by setting 44by setting
45.Cm HostbasedAuthentication 45.Cm EnableSSHKeysign
46to 46to
47.Dq yes . 47.Dq yes .
48.Pp 48.Pp
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 79aee17c0..26c8faad2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); 25RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
26 26
27#include <openssl/evp.h> 27#include <openssl/evp.h>
28#include <openssl/rand.h> 28#include <openssl/rand.h>
@@ -168,8 +168,8 @@ main(int argc, char **argv)
168 initialize_options(&options); 168 initialize_options(&options);
169 (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); 169 (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
170 fill_default_options(&options); 170 fill_default_options(&options);
171 if (options.hostbased_authentication != 1) 171 if (options.enable_ssh_keysign != 1)
172 fatal("Hostbased authentication not enabled in %s", 172 fatal("ssh-keysign not enabled in %s",
173 _PATH_HOST_CONFIG_FILE); 173 _PATH_HOST_CONFIG_FILE);
174 174
175 if (key_fd[0] == -1 && key_fd[1] == -1) 175 if (key_fd[0] == -1 && key_fd[1] == -1)
@@ -192,13 +192,6 @@ main(int argc, char **argv)
192 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, 192 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
193 NULL, NULL); 193 NULL, NULL);
194 close(key_fd[i]); 194 close(key_fd[i]);
195 if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
196 if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
197 error("RSA_blinding_on failed");
198 key_free(keys[i]);
199 keys[i] = NULL;
200 }
201 }
202 if (keys[i] != NULL) 195 if (keys[i] != NULL)
203 found = 1; 196 found = 1;
204 } 197 }
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index 86998a112..de07cd02c 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -1,49 +1,49 @@
1SSH-RAND-HELPER(8) System Manager's Manual SSH-RAND-HELPER(8) 1SSHM-bM-^@M-^PRANDM-bM-^@M-^PHELPER(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHM-bM-^@M-^PRANDM-bM-^@M-^PHELPER(8)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-rand-helper - Random number gatherer for OpenSSH 4 ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mM-bMM-^R Random number gatherer for OpenSSH
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-rand-hlper [-vxXh] [-b bytes] 7 ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phlper ^[[22m[^[[1mM-bMM-^RvxXh^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbytes^[[24m]
8 8
9DESCRIPTION 9^[[1mDESCRIPTION^[[0m
10 ssh-rand-helper is a small helper program used by ssh(1), ssh-add(1), 10 ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mis a small helper program used by ssh(1), sshM-bM-^@M-^Padd(1),
11 ssh-agent(1), ssh-keygen(1), ssh-keyscan(1) and sshd(8) to gather random 11 sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), sshM-bM-^@M-^Pkeyscan(1) and sshd(8) to gather random
12 numbers of cryptographic quality if the openssl(4) library has not been 12 numbers of cryptographic quality if the openssl(4) library has not been
13 configured to provide them itself. 13 configured to provide them itself.
14 14
15 Normally ssh-rand-helper will generate a strong random seed and provide 15 Normally ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill generate a strong random seed and provide
16 it to the calling program via standard output. If standard output is a 16 it to the calling program via standard output. If standard output is a
17 tty, ssh-rand-helper will instead print the seed in hexidecimal format 17 tty, ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill instead print the seed in hexidecimal format
18 unless told otherwise. 18 unless told otherwise.
19 19
20 ssh-rand-helper will by default gather random numbers from the system 20 ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill by default gather random numbers from the system
21 commands listed in /etc/ssh/ssh_prng_cmds. The output of each of the 21 commands listed in ^[[4m/etc/ssh/ssh_prng_cmds^[[24m. The output of each of the
22 commands listed will be hashed and used to generate a random seed for the 22 commands listed will be hashed and used to generate a random seed for the
23 calling program. ssh-rand-helper will also store seed files in 23 calling program. ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill also store seed files in
24 ~/.ssh/prng_seed between executions. 24 ^[[4m~/.ssh/prng_seed^[[24m between executions.
25 25
26 Alternately, ssh-rand-helper may be configured at build time to collect 26 Alternately, ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mmay be configured at build time to collect
27 random numbers from a EGD/PRNGd server via a unix domain or localhost tcp 27 random numbers from a EGD/PRNGd server via a unix domain or localhost tcp
28 socket. 28 socket.
29 29
30 This program is not intended to be run by the end-user, so the few comM-- 30 This program is not intended to be run by the endM-bM-^@M-^Puser, so the few comM-bM-^@M-^P
31 mandline options are for debugging purposes only. 31 mandline options are for debugging purposes only.
32 32
33 -b bytes 33 ^[[1mM-bMM-^Rb ^[[4m^[[22mbytes^[[0m
34 Specify the number of random bytes to include in the output. 34 Specify the number of random bytes to include in the output.
35 35
36 -x Output a hexidecimal instead of a binary seed. 36 ^[[1mM-bMM-^Rx ^[[22mOutput a hexidecimal instead of a binary seed.
37 37
38 -X Force output of a binary seed, even if standard output is a tty 38 ^[[1mM-bMM-^RX ^[[22mForce output of a binary seed, even if standard output is a tty
39 39
40 -v Turn on debugging message. Multiple -v options will increase the 40 ^[[1mM-bMM-^Rv ^[[22mTurn on debugging message. Multiple ^[[1mM-bMM-^Rv ^[[22moptions will increase the
41 debugging level. -h Display a summary of options. 41 debugging level. ^[[1mM-bMM-^Rh ^[[22mDisplay a summary of options.
42 42
43AUTHORS 43^[[1mAUTHORS^[[0m
44 Damien Miller <djm@mindrot.org> 44 Damien Miller <djm@mindrot.org>
45 45
46SEE ALSO 46^[[1mSEE ALSO^[[0m
47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 47 ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), sshd(8)
48 48
49BSD April 14, 2002 BSD 49BSD April 14, 2002 BSD
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index e6c52b546..68b77b208 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
39#include "pathnames.h" 39#include "pathnames.h"
40#include "log.h" 40#include "log.h"
41 41
42RCSID("$Id: ssh-rand-helper.c,v 1.8 2002/07/28 20:42:24 stevesk Exp $"); 42RCSID("$Id: ssh-rand-helper.c,v 1.10 2003/03/17 05:13:53 djm Exp $");
43 43
44/* Number of bytes we write out */ 44/* Number of bytes we write out */
45#define OUTPUT_SEED_SIZE 48 45#define OUTPUT_SEED_SIZE 48
@@ -355,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
355 case 0: 355 case 0:
356 /* timer expired */ 356 /* timer expired */
357 error_abort = 1; 357 error_abort = 1;
358 kill(pid, SIGINT);
358 break; 359 break;
359 case 1: 360 case 1:
360 /* command input */ 361 /* command input */
@@ -561,7 +562,8 @@ prng_write_seedfile(void)
561 562
562 debug("writing PRNG seed to file %.100s", filename); 563 debug("writing PRNG seed to file %.100s", filename);
563 564
564 RAND_bytes(seed, sizeof(seed)); 565 if (RAND_bytes(seed, sizeof(seed)) <= 0)
566 fatal("PRNG seed extration failed");
565 567
566 /* Don't care if the seed doesn't exist */ 568 /* Don't care if the seed doesn't exist */
567 prng_check_seedfile(filename); 569 prng_check_seedfile(filename);
@@ -848,7 +850,8 @@ main(int argc, char **argv)
848 if (!RAND_status()) 850 if (!RAND_status())
849 fatal("Not enough entropy in RNG"); 851 fatal("Not enough entropy in RNG");
850 852
851 RAND_bytes(buf, bytes); 853 if (RAND_bytes(buf, bytes) <= 0)
854 fatal("Couldn't extract entropy from PRNG");
852 855
853 if (output_hex) { 856 if (output_hex) {
854 for(ret = 0; ret < bytes; ret++) 857 for(ret = 0; ret < bytes; ret++)
diff --git a/ssh-rsa.c b/ssh-rsa.c
index d7b2918f9..efbc9e664 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); 26RCSID("$OpenBSD: ssh-rsa.c,v 1.28 2003/02/12 09:33:04 markus Exp $");
27 27
28#include <openssl/evp.h> 28#include <openssl/evp.h>
29#include <openssl/err.h> 29#include <openssl/err.h>
@@ -33,11 +33,10 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $");
33#include "buffer.h" 33#include "buffer.h"
34#include "bufaux.h" 34#include "bufaux.h"
35#include "key.h" 35#include "key.h"
36#include "ssh-rsa.h"
37#include "compat.h" 36#include "compat.h"
38#include "ssh.h" 37#include "ssh.h"
39 38
40static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *); 39static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
41 40
42/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 41/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
43int 42int
diff --git a/ssh.0 b/ssh.0
index 18136aef4..8fcd2a3d0 100644
--- a/ssh.0
+++ b/ssh.0
@@ -1,455 +1,455 @@
1SSH(1) System General Commands Manual SSH(1) 1SSH(1) BSD General Commands Manual SSH(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh - OpenSSH SSH client (remote login program) 4 ^[[1mssh ^[[22mM-bMM-^R OpenSSH SSH client (remote login program)
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh [-l login_name] hostname | user@hostname [command] 7 ^[[1mssh ^[[22m[^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m]
8 8
9 ssh [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] 9 ^[[1mssh ^[[22m[^[[1mM-bMM-^RafgknqstvxACNTX1246^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[24m]
10 [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] 10 [^[[1mM-bMM-^Re ^[[4m^[[22mescape_char^[[24m] [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] [^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[24m]
11 [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R 11 [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RR^[[0m
12 port:host:hostport] [-D port] hostname | user@hostname [command] 12 ^[[4mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m]
13 13
14DESCRIPTION 14^[[1mDESCRIPTION^[[0m
15 ssh (SSH client) is a program for logging into a remote machine and for 15 ^[[1mssh ^[[22m(SSH client) is a program for logging into a remote machine and for
16 executing commands on a remote machine. It is intended to replace rlogin 16 executing commands on a remote machine. It is intended to replace rlogin
17 and rsh, and provide secure encrypted communications between two 17 and rsh, and provide secure encrypted communications between two
18 untrusted hosts over an insecure network. X11 connections and arbitrary 18 untrusted hosts over an insecure network. X11 connections and arbitrary
19 TCP/IP ports can also be forwarded over the secure channel. 19 TCP/IP ports can also be forwarded over the secure channel.
20 20
21 ssh connects and logs into the specified hostname. The user must prove 21 ^[[1mssh ^[[22mconnects and logs into the specified ^[[4mhostname^[[24m. The user must prove
22 his/her identity to the remote machine using one of several methods 22 his/her identity to the remote machine using one of several methods
23 depending on the protocol version used: 23 depending on the protocol version used:
24 24
25 SSH protocol version 1 25 ^[[1mSSH protocol version 1^[[0m
26 26
27 First, if the machine the user logs in from is listed in /etc/hosts.equiv 27 First, if the machine the user logs in from is listed in ^[[4m/etc/hosts.equiv^[[0m
28 or /etc/shosts.equiv on the remote machine, and the user names are the 28 or ^[[4m/etc/shosts.equiv^[[24m on the remote machine, and the user names are the
29 same on both sides, the user is immediately permitted to log in. Second, 29 same on both sides, the user is immediately permitted to log in. Second,
30 if .rhosts or .shosts exists in the user's home directory on the remote 30 if ^[[4m.rhosts^[[24m or ^[[4m.shosts^[[24m exists in the userM-bM-^@M-^Ys home directory on the remote
31 machine and contains a line containing the name of the client machine and 31 machine and contains a line containing the name of the client machine and
32 the name of the user on that machine, the user is permitted to log in. 32 the name of the user on that machine, the user is permitted to log in.
33 This form of authentication alone is normally not allowed by the server 33 This form of authentication alone is normally not allowed by the server
34 because it is not secure. 34 because it is not secure.
35 35
36 The second authentication method is the rhosts or hosts.equiv method comM-- 36 The second authentication method is the ^[[4mrhosts^[[24m or ^[[4mhosts.equiv^[[24m method comM-bM-^@M-^P
37 bined with RSA-based host authentication. It means that if the login 37 bined with RSAM-bM-^@M-^Pbased host authentication. It means that if the login
38 would be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or 38 would be permitted by ^[[4m$HOME/.rhosts^[[24m, ^[[4m$HOME/.shosts^[[24m, ^[[4m/etc/hosts.equiv^[[24m, or
39 /etc/shosts.equiv, and if additionally the server can verify the client's 39 ^[[4m/etc/shosts.equiv^[[24m, and if additionally the server can verify the clientM-bM-^@M-^Ys
40 host key (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the 40 host key (see ^[[4m/etc/ssh/ssh_known_hosts^[[24m and ^[[4m$HOME/.ssh/known_hosts^[[24m in the
41 FILES section), only then login is permitted. This authentication method 41 ^[[4mFILES^[[24m section), only then login is permitted. This authentication method
42 closes security holes due to IP spoofing, DNS spoofing and routing spoofM-- 42 closes security holes due to IP spoofing, DNS spoofing and routing spoofM-bM-^@M-^P
43 ing. [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and 43 ing. [Note to the administrator: ^[[4m/etc/hosts.equiv^[[24m, ^[[4m$HOME/.rhosts^[[24m, and
44 the rlogin/rsh protocol in general, are inherently insecure and should be 44 the rlogin/rsh protocol in general, are inherently insecure and should be
45 disabled if security is desired.] 45 disabled if security is desired.]
46 46
47 As a third authentication method, ssh supports RSA based authentication. 47 As a third authentication method, ^[[1mssh ^[[22msupports RSA based authentication.
48 The scheme is based on public-key cryptography: there are cryptosystems 48 The scheme is based on publicM-bM-^@M-^Pkey cryptography: there are cryptosystems
49 where encryption and decryption are done using separate keys, and it is 49 where encryption and decryption are done using separate keys, and it is
50 not possible to derive the decryption key from the encryption key. RSA 50 not possible to derive the decryption key from the encryption key. RSA
51 is one such system. The idea is that each user creates a public/private 51 is one such system. The idea is that each user creates a public/private
52 key pair for authentication purposes. The server knows the public key, 52 key pair for authentication purposes. The server knows the public key,
53 and only the user knows the private key. The file 53 and only the user knows the private key. The file
54 $HOME/.ssh/authorized_keys lists the public keys that are permitted for 54 ^[[4m$HOME/.ssh/authorized_keys^[[24m lists the public keys that are permitted for
55 logging in. When the user logs in, the ssh program tells the server 55 logging in. When the user logs in, the ^[[1mssh ^[[22mprogram tells the server
56 which key pair it would like to use for authentication. The server 56 which key pair it would like to use for authentication. The server
57 checks if this key is permitted, and if so, sends the user (actually the 57 checks if this key is permitted, and if so, sends the user (actually the
58 ssh program running on behalf of the user) a challenge, a random number, 58 ^[[1mssh ^[[22mprogram running on behalf of the user) a challenge, a random number,
59 encrypted by the user's public key. The challenge can only be decrypted 59 encrypted by the userM-bM-^@M-^Ys public key. The challenge can only be decrypted
60 using the proper private key. The user's client then decrypts the chalM-- 60 using the proper private key. The userM-bM-^@M-^Ys client then decrypts the chalM-bM-^@M-^P
61 lenge using the private key, proving that he/she knows the private key 61 lenge using the private key, proving that he/she knows the private key
62 but without disclosing it to the server. 62 but without disclosing it to the server.
63 63
64 ssh implements the RSA authentication protocol automatically. The user 64 ^[[1mssh ^[[22mimplements the RSA authentication protocol automatically. The user
65 creates his/her RSA key pair by running ssh-keygen(1). This stores the 65 creates his/her RSA key pair by running sshM-bM-^@M-^Pkeygen(1). This stores the
66 private key in $HOME/.ssh/identity and the public key in 66 private key in ^[[4m$HOME/.ssh/identity^[[24m and the public key in
67 $HOME/.ssh/identity.pub in the user's home directory. The user should 67 ^[[4m$HOME/.ssh/identity.pub^[[24m in the userM-bM-^@M-^Ys home directory. The user should
68 then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home 68 then copy the ^[[4midentity.pub^[[24m to ^[[4m$HOME/.ssh/authorized_keys^[[24m in his/her home
69 directory on the remote machine (the authorized_keys file corresponds to 69 directory on the remote machine (the ^[[4mauthorized_keys^[[24m file corresponds to
70 the conventional $HOME/.rhosts file, and has one key per line, though the 70 the conventional ^[[4m$HOME/.rhosts^[[24m file, and has one key per line, though the
71 lines can be very long). After this, the user can log in without giving 71 lines can be very long). After this, the user can log in without giving
72 the password. RSA authentication is much more secure than rhosts authenM-- 72 the password. RSA authentication is much more secure than rhosts authenM-bM-^@M-^P
73 tication. 73 tication.
74 74
75 The most convenient way to use RSA authentication may be with an authenM-- 75 The most convenient way to use RSA authentication may be with an authenM-bM-^@M-^P
76 tication agent. See ssh-agent(1) for more information. 76 tication agent. See sshM-bM-^@M-^Pagent(1) for more information.
77 77
78 If other authentication methods fail, ssh prompts the user for a passM-- 78 If other authentication methods fail, ^[[1mssh ^[[22mprompts the user for a passM-bM-^@M-^P
79 word. The password is sent to the remote host for checking; however, 79 word. The password is sent to the remote host for checking; however,
80 since all communications are encrypted, the password cannot be seen by 80 since all communications are encrypted, the password cannot be seen by
81 someone listening on the network. 81 someone listening on the network.
82 82
83 SSH protocol version 2 83 ^[[1mSSH protocol version 2^[[0m
84 84
85 When a user connects using protocol version 2 similar authentication 85 When a user connects using protocol version 2 similar authentication
86 methods are available. Using the default values for 86 methods are available. Using the default values for
87 PreferredAuthentications, the client will try to authenticate first using 87 ^[[1mPreferredAuthentications^[[22m, the client will try to authenticate first using
88 the hostbased method; if this method fails public key authentication is 88 the hostbased method; if this method fails public key authentication is
89 attempted, and finally if this method fails keyboard-interactive and 89 attempted, and finally if this method fails keyboardM-bM-^@M-^Pinteractive and
90 password authentication are tried. 90 password authentication are tried.
91 91
92 The public key method is similar to RSA authentication described in the 92 The public key method is similar to RSA authentication described in the
93 previous section and allows the RSA or DSA algorithm to be used: The 93 previous section and allows the RSA or DSA algorithm to be used: The
94 client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to 94 client uses his private key, ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m, to
95 sign the session identifier and sends the result to the server. The 95 sign the session identifier and sends the result to the server. The
96 server checks whether the matching public key is listed in 96 server checks whether the matching public key is listed in
97 $HOME/.ssh/authorized_keys and grants access if both the key is found and 97 ^[[4m$HOME/.ssh/authorized_keys^[[24m and grants access if both the key is found and
98 the signature is correct. The session identifier is derived from a 98 the signature is correct. The session identifier is derived from a
99 shared Diffie-Hellman value and is only known to the client and the 99 shared DiffieM-bM-^@M-^PHellman value and is only known to the client and the
100 server. 100 server.
101 101
102 If public key authentication fails or is not available a password can be 102 If public key authentication fails or is not available a password can be
103 sent encrypted to the remote host for proving the user's identity. 103 sent encrypted to the remote host for proving the userM-bM-^@M-^Ys identity.
104 104
105 Additionally, ssh supports hostbased or challenge response authenticaM-- 105 Additionally, ^[[1mssh ^[[22msupports hostbased or challenge response authenticaM-bM-^@M-^P
106 tion. 106 tion.
107 107
108 Protocol 2 provides additional mechanisms for confidentiality (the trafM-- 108 Protocol 2 provides additional mechanisms for confidentiality (the trafM-bM-^@M-^P
109 fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity 109 fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
110 (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for 110 (hmacM-bM-^@M-^Pmd5, hmacM-bM-^@M-^Psha1). Note that protocol 1 lacks a strong mechanism for
111 ensuring the integrity of the connection. 111 ensuring the integrity of the connection.
112 112
113 Login session and remote execution 113 ^[[1mLogin session and remote execution^[[0m
114 114
115 When the user's identity has been accepted by the server, the server 115 When the userM-bM-^@M-^Ys identity has been accepted by the server, the server
116 either executes the given command, or logs into the machine and gives the 116 either executes the given command, or logs into the machine and gives the
117 user a normal shell on the remote machine. All communication with the 117 user a normal shell on the remote machine. All communication with the
118 remote command or shell will be automatically encrypted. 118 remote command or shell will be automatically encrypted.
119 119
120 If a pseudo-terminal has been allocated (normal login session), the user 120 If a pseudoM-bM-^@M-^Pterminal has been allocated (normal login session), the user
121 may use the escape characters noted below. 121 may use the escape characters noted below.
122 122
123 If no pseudo tty has been allocated, the session is transparent and can 123 If no pseudo tty has been allocated, the session is transparent and can
124 be used to reliably transfer binary data. On most systems, setting the 124 be used to reliably transfer binary data. On most systems, setting the
125 escape character to ``none'' will also make the session transparent even 125 escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent even if
126 if a tty is used. 126 a tty is used.
127 127
128 The session terminates when the command or shell on the remote machine 128 The session terminates when the command or shell on the remote machine
129 exits and all X11 and TCP/IP connections have been closed. The exit staM-- 129 exits and all X11 and TCP/IP connections have been closed. The exit staM-bM-^@M-^P
130 tus of the remote program is returned as the exit status of ssh. 130 tus of the remote program is returned as the exit status of ^[[1mssh^[[22m.
131 131
132 Escape Characters 132 ^[[1mEscape Characters^[[0m
133 133
134 When a pseudo terminal has been requested, ssh supports a number of funcM-- 134 When a pseudo terminal has been requested, ssh supports a number of funcM-bM-^@M-^P
135 tions through the use of an escape character. 135 tions through the use of an escape character.
136 136
137 A single tilde character can be sent as ~~ or by following the tilde by a 137 A single tilde character can be sent as ^[[1m~~ ^[[22mor by following the tilde by a
138 character other than those described below. The escape character must 138 character other than those described below. The escape character must
139 always follow a newline to be interpreted as special. The escape characM-- 139 always follow a newline to be interpreted as special. The escape characM-bM-^@M-^P
140 ter can be changed in configuration files using the EscapeChar configuraM-- 140 ter can be changed in configuration files using the ^[[1mEscapeChar ^[[22mconfiguraM-bM-^@M-^P
141 tion directive or on the command line by the -e option. 141 tion directive or on the command line by the ^[[1mM-bMM-^Re ^[[22moption.
142 142
143 The supported escapes (assuming the default `~') are: 143 The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are:
144 144
145 ~. Disconnect 145 ^[[1m~. ^[[22mDisconnect
146 146
147 ~^Z Background ssh 147 ^[[1m~^Z ^[[22mBackground ssh
148 148
149 ~# List forwarded connections 149 ^[[1m~# ^[[22mList forwarded connections
150 150
151 ~& Background ssh at logout when waiting for forwarded connection / 151 ^[[1m~& ^[[22mBackground ssh at logout when waiting for forwarded connection /
152 X11 sessions to terminate 152 X11 sessions to terminate
153 153
154 ~? Display a list of escape characters 154 ^[[1m~? ^[[22mDisplay a list of escape characters
155 155
156 ~C Open command line (only useful for adding port forwardings using 156 ^[[1m~C ^[[22mOpen command line (only useful for adding port forwardings using
157 the -L and -R options) 157 the ^[[1mM-bMM-^RL ^[[22mand ^[[1mM-bMM-^RR ^[[22moptions)
158 158
159 ~R Request rekeying of the connection (only useful for SSH protocol 159 ^[[1m~R ^[[22mRequest rekeying of the connection (only useful for SSH protocol
160 version 2 and if the peer supports it) 160 version 2 and if the peer supports it)
161 161
162 X11 and TCP forwarding 162 ^[[1mX11 and TCP forwarding^[[0m
163 163
164 If the ForwardX11 variable is set to ``yes'' (or, see the description of 164 If the ^[[1mForwardX11 ^[[22mvariable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of
165 the -X and -x options described later) and the user is using X11 (the 165 the ^[[1mM-bMM-^RX ^[[22mand ^[[1mM-bMM-^Rx ^[[22moptions described later) and the user is using X11 (the
166 DISPLAY environment variable is set), the connection to the X11 display 166 DISPLAY environment variable is set), the connection to the X11 display
167 is automatically forwarded to the remote side in such a way that any X11 167 is automatically forwarded to the remote side in such a way that any X11
168 programs started from the shell (or command) will go through the 168 programs started from the shell (or command) will go through the
169 encrypted channel, and the connection to the real X server will be made 169 encrypted channel, and the connection to the real X server will be made
170 from the local machine. The user should not manually set DISPLAY. ForM-- 170 from the local machine. The user should not manually set DISPLAY. ForM-bM-^@M-^P
171 warding of X11 connections can be configured on the command line or in 171 warding of X11 connections can be configured on the command line or in
172 configuration files. 172 configuration files.
173 173
174 The DISPLAY value set by ssh will point to the server machine, but with a 174 The DISPLAY value set by ^[[1mssh ^[[22mwill point to the server machine, but with a
175 display number greater than zero. This is normal, and happens because 175 display number greater than zero. This is normal, and happens because
176 ssh creates a ``proxy'' X server on the server machine for forwarding the 176 ^[[1mssh ^[[22mcreates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the
177 connections over the encrypted channel. 177 connections over the encrypted channel.
178 178
179 ssh will also automatically set up Xauthority data on the server machine. 179 ^[[1mssh ^[[22mwill also automatically set up Xauthority data on the server machine.
180 For this purpose, it will generate a random authorization cookie, store 180 For this purpose, it will generate a random authorization cookie, store
181 it in Xauthority on the server, and verify that any forwarded connections 181 it in Xauthority on the server, and verify that any forwarded connections
182 carry this cookie and replace it by the real cookie when the connection 182 carry this cookie and replace it by the real cookie when the connection
183 is opened. The real authentication cookie is never sent to the server 183 is opened. The real authentication cookie is never sent to the server
184 machine (and no cookies are sent in the plain). 184 machine (and no cookies are sent in the plain).
185 185
186 If the ForwardAgent variable is set to ``yes'' (or, see the description 186 If the ^[[1mForwardAgent ^[[22mvariable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of
187 of the -A and -a options described later) and the user is using an 187 the ^[[1mM-bMM-^RA ^[[22mand ^[[1mM-bMM-^Ra ^[[22moptions described later) and the user is using an authentiM-bM-^@M-^P
188 authentication agent, the connection to the agent is automatically forM-- 188 cation agent, the connection to the agent is automatically forwarded to
189 warded to the remote side. 189 the remote side.
190 190
191 Forwarding of arbitrary TCP/IP connections over the secure channel can be 191 Forwarding of arbitrary TCP/IP connections over the secure channel can be
192 specified either on the command line or in a configuration file. One 192 specified either on the command line or in a configuration file. One
193 possible application of TCP/IP forwarding is a secure connection to an 193 possible application of TCP/IP forwarding is a secure connection to an
194 electronic purse; another is going through firewalls. 194 electronic purse; another is going through firewalls.
195 195
196 Server authentication 196 ^[[1mServer authentication^[[0m
197 197
198 ssh automatically maintains and checks a database containing identificaM-- 198 ^[[1mssh ^[[22mautomatically maintains and checks a database containing identificaM-bM-^@M-^P
199 tions for all hosts it has ever been used with. Host keys are stored in 199 tions for all hosts it has ever been used with. Host keys are stored in
200 $HOME/.ssh/known_hosts in the user's home directory. Additionally, the 200 ^[[4m$HOME/.ssh/known_hosts^[[24m in the userM-bM-^@M-^Ys home directory. Additionally, the
201 file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. 201 file ^[[4m/etc/ssh/ssh_known_hosts^[[24m is automatically checked for known hosts.
202 Any new hosts are automatically added to the user's file. If a host's 202 Any new hosts are automatically added to the userM-bM-^@M-^Ys file. If a hostM-bM-^@M-^Ys
203 identification ever changes, ssh warns about this and disables password 203 identification ever changes, ^[[1mssh ^[[22mwarns about this and disables password
204 authentication to prevent a trojan horse from getting the user's passM-- 204 authentication to prevent a trojan horse from getting the userM-bM-^@M-^Ys passM-bM-^@M-^P
205 word. Another purpose of this mechanism is to prevent man-in-the-middle 205 word. Another purpose of this mechanism is to prevent manM-bM-^@M-^PinM-bM-^@M-^PtheM-bM-^@M-^Pmiddle
206 attacks which could otherwise be used to circumvent the encryption. The 206 attacks which could otherwise be used to circumvent the encryption. The
207 StrictHostKeyChecking option can be used to prevent logins to machines 207 ^[[1mStrictHostKeyChecking ^[[22moption can be used to prevent logins to machines
208 whose host key is not known or has changed. 208 whose host key is not known or has changed.
209 209
210 The options are as follows: 210 The options are as follows:
211 211
212 -a Disables forwarding of the authentication agent connection. 212 ^[[1mM-bMM-^Ra ^[[22mDisables forwarding of the authentication agent connection.
213 213
214 -A Enables forwarding of the authentication agent connection. This 214 ^[[1mM-bMM-^RA ^[[22mEnables forwarding of the authentication agent connection. This
215 can also be specified on a per-host basis in a configuration 215 can also be specified on a perM-bM-^@M-^Phost basis in a configuration
216 file. 216 file.
217 217
218 Agent forwarding should be enabled with caution. Users with the 218 Agent forwarding should be enabled with caution. Users with the
219 ability to bypass file permissions on the remote host (for the 219 ability to bypass file permissions on the remote host (for the
220 agent's Unix-domain socket) can access the local agent through 220 agentM-bM-^@M-^Ys UnixM-bM-^@M-^Pdomain socket) can access the local agent through
221 the forwarded connection. An attacker cannot obtain key material 221 the forwarded connection. An attacker cannot obtain key material
222 from the agent, however they can perform operations on the keys 222 from the agent, however they can perform operations on the keys
223 that enable them to authenticate using the identities loaded into 223 that enable them to authenticate using the identities loaded into
224 the agent. 224 the agent.
225 225
226 -b bind_address 226 ^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[0m
227 Specify the interface to transmit from on machines with multiple 227 Specify the interface to transmit from on machines with multiple
228 interfaces or aliased addresses. 228 interfaces or aliased addresses.
229 229
230 -c blowfish|3des|des 230 ^[[1mM-bMM-^Rc ^[[4m^[[22mblowfish|3des|des^[[0m
231 Selects the cipher to use for encrypting the session. 3des is 231 Selects the cipher to use for encrypting the session. ^[[4m3des^[[24m is
232 used by default. It is believed to be secure. 3des (triple-des) 232 used by default. It is believed to be secure. ^[[4m3des^[[24m (tripleM-bM-^@M-^Pdes)
233 is an encrypt-decrypt-encrypt triple with three different keys. 233 is an encryptM-bM-^@M-^PdecryptM-bM-^@M-^Pencrypt triple with three different keys.
234 blowfish is a fast block cipher, it appears very secure and is 234 ^[[4mblowfish^[[24m is a fast block cipher, it appears very secure and is
235 much faster than 3des. des is only supported in the ssh client 235 much faster than ^[[4m3des^[[24m. ^[[4mdes^[[24m is only supported in the ^[[1mssh ^[[22mclient
236 for interoperability with legacy protocol 1 implementations that 236 for interoperability with legacy protocol 1 implementations that
237 do not support the 3des cipher. Its use is strongly discouraged 237 do not support the ^[[4m3des^[[24m cipher. Its use is strongly discouraged
238 due to cryptographic weaknesses. 238 due to cryptographic weaknesses.
239 239
240 -c cipher_spec 240 ^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[0m
241 Additionally, for protocol version 2 a comma-separated list of 241 Additionally, for protocol version 2 a commaM-bM-^@M-^Pseparated list of
242 ciphers can be specified in order of preference. See Ciphers for 242 ciphers can be specified in order of preference. See ^[[1mCiphers ^[[22mfor
243 more information. 243 more information.
244 244
245 -e ch|^ch|none 245 ^[[1mM-bMM-^Re ^[[4m^[[22mch|^ch|none^[[0m
246 Sets the escape character for sessions with a pty (default: `~'). 246 Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y).
247 The escape character is only recognized at the beginning of a 247 The escape character is only recognized at the beginning of a
248 line. The escape character followed by a dot (`.') closes the 248 line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the
249 connection, followed by control-Z suspends the connection, and 249 connection, followed by controlM-bM-^@M-^PZ suspends the connection, and
250 followed by itself sends the escape character once. Setting the 250 followed by itself sends the escape character once. Setting the
251 character to ``none'' disables any escapes and makes the session 251 character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session
252 fully transparent. 252 fully transparent.
253 253
254 -f Requests ssh to go to background just before command execution. 254 ^[[1mM-bMM-^Rf ^[[22mRequests ^[[1mssh ^[[22mto go to background just before command execution.
255 This is useful if ssh is going to ask for passwords or 255 This is useful if ^[[1mssh ^[[22mis going to ask for passwords or
256 passphrases, but the user wants it in the background. This 256 passphrases, but the user wants it in the background. This
257 implies -n. The recommended way to start X11 programs at a 257 implies ^[[1mM-bMM-^Rn^[[22m. The recommended way to start X11 programs at a
258 remote site is with something like ssh -f host xterm. 258 remote site is with something like ^[[1mssh M-bM-^@M-^Pf host xterm^[[22m.
259 259
260 -g Allows remote hosts to connect to local forwarded ports. 260 ^[[1mM-bMM-^Rg ^[[22mAllows remote hosts to connect to local forwarded ports.
261 261
262 -i identity_file 262 ^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[0m
263 Selects a file from which the identity (private key) for RSA or 263 Selects a file from which the identity (private key) for RSA or
264 DSA authentication is read. The default is $HOME/.ssh/identity 264 DSA authentication is read. The default is ^[[4m$HOME/.ssh/identity^[[0m
265 for protocol version 1, and $HOME/.ssh/id_rsa and 265 for protocol version 1, and ^[[4m$HOME/.ssh/id_rsa^[[24m and
266 $HOME/.ssh/id_dsa for protocol version 2. Identity files may 266 ^[[4m$HOME/.ssh/id_dsa^[[24m for protocol version 2. Identity files may
267 also be specified on a per-host basis in the configuration file. 267 also be specified on a perM-bM-^@M-^Phost basis in the configuration file.
268 It is possible to have multiple -i options (and multiple identiM-- 268 It is possible to have multiple ^[[1mM-bMM-^Ri ^[[22moptions (and multiple identiM-bM-^@M-^P
269 ties specified in configuration files). 269 ties specified in configuration files).
270 270
271 -I smartcard_device 271 ^[[1mM-bMM-^RI ^[[4m^[[22msmartcard_device^[[0m
272 Specifies which smartcard device to use. The argument is the 272 Specifies which smartcard device to use. The argument is the
273 device ssh should use to communicate with a smartcard used for 273 device ^[[1mssh ^[[22mshould use to communicate with a smartcard used for
274 storing the user's private RSA key. 274 storing the userM-bM-^@M-^Ys private RSA key.
275 275
276 -k Disables forwarding of Kerberos tickets and AFS tokens. This may 276 ^[[1mM-bMM-^Rk ^[[22mDisables forwarding of Kerberos tickets and AFS tokens. This may
277 also be specified on a per-host basis in the configuration file. 277 also be specified on a perM-bM-^@M-^Phost basis in the configuration file.
278 278
279 -l login_name 279 ^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[0m
280 Specifies the user to log in as on the remote machine. This also 280 Specifies the user to log in as on the remote machine. This also
281 may be specified on a per-host basis in the configuration file. 281 may be specified on a perM-bM-^@M-^Phost basis in the configuration file.
282 282
283 -m mac_spec 283 ^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[0m
284 Additionally, for protocol version 2 a comma-separated list of 284 Additionally, for protocol version 2 a commaM-bM-^@M-^Pseparated list of
285 MAC (message authentication code) algorithms can be specified in 285 MAC (message authentication code) algorithms can be specified in
286 order of preference. See the MACs keyword for more information. 286 order of preference. See the ^[[1mMACs ^[[22mkeyword for more information.
287 287
288 -n Redirects stdin from /dev/null (actually, prevents reading from 288 ^[[1mM-bMM-^Rn ^[[22mRedirects stdin from ^[[4m/dev/null^[[24m (actually, prevents reading from
289 stdin). This must be used when ssh is run in the background. A 289 stdin). This must be used when ^[[1mssh ^[[22mis run in the background. A
290 common trick is to use this to run X11 programs on a remote 290 common trick is to use this to run X11 programs on a remote
291 machine. For example, ssh -n shadows.cs.hut.fi emacs & will 291 machine. For example, ^[[1mssh M-bM-^@M-^Pn shadows.cs.hut.fi emacs & ^[[22mwill
292 start an emacs on shadows.cs.hut.fi, and the X11 connection will 292 start an emacs on shadows.cs.hut.fi, and the X11 connection will
293 be automatically forwarded over an encrypted channel. The ssh 293 be automatically forwarded over an encrypted channel. The ^[[1mssh^[[0m
294 program will be put in the background. (This does not work if 294 program will be put in the background. (This does not work if
295 ssh needs to ask for a password or passphrase; see also the -f 295 ^[[1mssh ^[[22mneeds to ask for a password or passphrase; see also the ^[[1mM-bMM-^Rf^[[0m
296 option.) 296 option.)
297 297
298 -N Do not execute a remote command. This is useful for just forM-- 298 ^[[1mM-bMM-^RN ^[[22mDo not execute a remote command. This is useful for just forM-bM-^@M-^P
299 warding ports (protocol version 2 only). 299 warding ports (protocol version 2 only).
300 300
301 -o option 301 ^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[0m
302 Can be used to give options in the format used in the configuraM-- 302 Can be used to give options in the format used in the configuraM-bM-^@M-^P
303 tion file. This is useful for specifying options for which there 303 tion file. This is useful for specifying options for which there
304 is no separate command-line flag. 304 is no separate commandM-bM-^@M-^Pline flag.
305 305
306 -p port 306 ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m
307 Port to connect to on the remote host. This can be specified on 307 Port to connect to on the remote host. This can be specified on
308 a per-host basis in the configuration file. 308 a perM-bM-^@M-^Phost basis in the configuration file.
309 309
310 -q Quiet mode. Causes all warning and diagnostic messages to be 310 ^[[1mM-bMM-^Rq ^[[22mQuiet mode. Causes all warning and diagnostic messages to be
311 suppressed. 311 suppressed.
312 312
313 -s May be used to request invocation of a subsystem on the remote 313 ^[[1mM-bMM-^Rs ^[[22mMay be used to request invocation of a subsystem on the remote
314 system. Subsystems are a feature of the SSH2 protocol which 314 system. Subsystems are a feature of the SSH2 protocol which
315 facilitate the use of SSH as a secure transport for other appliM-- 315 facilitate the use of SSH as a secure transport for other appliM-bM-^@M-^P
316 cations (eg. sftp). The subsystem is specified as the remote comM-- 316 cations (eg. sftp). The subsystem is specified as the remote comM-bM-^@M-^P
317 mand. 317 mand.
318 318
319 -t Force pseudo-tty allocation. This can be used to execute arbiM-- 319 ^[[1mM-bMM-^Rt ^[[22mForce pseudoM-bM-^@M-^Ptty allocation. This can be used to execute arbiM-bM-^@M-^P
320 trary screen-based programs on a remote machine, which can be 320 trary screenM-bM-^@M-^Pbased programs on a remote machine, which can be
321 very useful, e.g., when implementing menu services. Multiple -t 321 very useful, e.g., when implementing menu services. Multiple ^[[1mM-bMM-^Rt^[[0m
322 options force tty allocation, even if ssh has no local tty. 322 options force tty allocation, even if ^[[1mssh ^[[22mhas no local tty.
323 323
324 -T Disable pseudo-tty allocation. 324 ^[[1mM-bMM-^RT ^[[22mDisable pseudoM-bM-^@M-^Ptty allocation.
325 325
326 -v Verbose mode. Causes ssh to print debugging messages about its 326 ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1mssh ^[[22mto print debugging messages about its
327 progress. This is helpful in debugging connection, authenticaM-- 327 progress. This is helpful in debugging connection, authenticaM-bM-^@M-^P
328 tion, and configuration problems. Multiple -v options increases 328 tion, and configuration problems. Multiple ^[[1mM-bMM-^Rv ^[[22moptions increases
329 the verbosity. Maximum is 3. 329 the verbosity. Maximum is 3.
330 330
331 -x Disables X11 forwarding. 331 ^[[1mM-bMM-^Rx ^[[22mDisables X11 forwarding.
332 332
333 -X Enables X11 forwarding. This can also be specified on a per-host 333 ^[[1mM-bMM-^RX ^[[22mEnables X11 forwarding. This can also be specified on a perM-bM-^@M-^Phost
334 basis in a configuration file. 334 basis in a configuration file.
335 335
336 X11 forwarding should be enabled with caution. Users with the 336 X11 forwarding should be enabled with caution. Users with the
337 ability to bypass file permissions on the remote host (for the 337 ability to bypass file permissions on the remote host (for the
338 user's X authorization database) can access the local X11 display 338 userM-bM-^@M-^Ys X authorization database) can access the local X11 display
339 through the forwarded connection. An attacker may then be able 339 through the forwarded connection. An attacker may then be able
340 to perform activities such as keystroke monitoring. 340 to perform activities such as keystroke monitoring.
341 341
342 -C Requests compression of all data (including stdin, stdout, 342 ^[[1mM-bMM-^RC ^[[22mRequests compression of all data (including stdin, stdout,
343 stderr, and data for forwarded X11 and TCP/IP connections). The 343 stderr, and data for forwarded X11 and TCP/IP connections). The
344 compression algorithm is the same used by gzip(1), and the 344 compression algorithm is the same used by gzip(1), and the
345 ``level'' can be controlled by the CompressionLevel option for 345 M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the ^[[1mCompressionLevel ^[[22moption for proM-bM-^@M-^P
346 protocol version 1. Compression is desirable on modem lines and 346 tocol version 1. Compression is desirable on modem lines and
347 other slow connections, but will only slow down things on fast 347 other slow connections, but will only slow down things on fast
348 networks. The default value can be set on a host-by-host basis 348 networks. The default value can be set on a hostM-bM-^@M-^PbyM-bM-^@M-^Phost basis
349 in the configuration files; see the Compression option. 349 in the configuration files; see the ^[[1mCompression ^[[22moption.
350 350
351 -F configfile 351 ^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[0m
352 Specifies an alternative per-user configuration file. If a conM-- 352 Specifies an alternative perM-bM-^@M-^Puser configuration file. If a conM-bM-^@M-^P
353 figuration file is given on the command line, the system-wide 353 figuration file is given on the command line, the systemM-bM-^@M-^Pwide
354 configuration file (/etc/ssh/ssh_config) will be ignored. The 354 configuration file (^[[4m/etc/ssh/ssh_config^[[24m) will be ignored. The
355 default for the per-user configuration file is $HOME/.ssh/config. 355 default for the perM-bM-^@M-^Puser configuration file is ^[[4m$HOME/.ssh/config^[[24m.
356 356
357 -L port:host:hostport 357 ^[[1mM-bMM-^RL ^[[4m^[[22mport:host:hostport^[[0m
358 Specifies that the given port on the local (client) host is to be 358 Specifies that the given port on the local (client) host is to be
359 forwarded to the given host and port on the remote side. This 359 forwarded to the given host and port on the remote side. This
360 works by allocating a socket to listen to port on the local side, 360 works by allocating a socket to listen to ^[[4mport^[[24m on the local side,
361 and whenever a connection is made to this port, the connection is 361 and whenever a connection is made to this port, the connection is
362 forwarded over the secure channel, and a connection is made to 362 forwarded over the secure channel, and a connection is made to
363 host port hostport from the remote machine. Port forwardings can 363 ^[[4mhost^[[24m port ^[[4mhostport^[[24m from the remote machine. Port forwardings can
364 also be specified in the configuration file. Only root can forM-- 364 also be specified in the configuration file. Only root can forM-bM-^@M-^P
365 ward privileged ports. IPv6 addresses can be specified with an 365 ward privileged ports. IPv6 addresses can be specified with an
366 alternative syntax: port/host/hostport 366 alternative syntax: ^[[4mport/host/hostport^[[0m
367 367
368 -R port:host:hostport 368 ^[[1mM-bMM-^RR ^[[4m^[[22mport:host:hostport^[[0m
369 Specifies that the given port on the remote (server) host is to 369 Specifies that the given port on the remote (server) host is to
370 be forwarded to the given host and port on the local side. This 370 be forwarded to the given host and port on the local side. This
371 works by allocating a socket to listen to port on the remote 371 works by allocating a socket to listen to ^[[4mport^[[24m on the remote
372 side, and whenever a connection is made to this port, the connecM-- 372 side, and whenever a connection is made to this port, the connecM-bM-^@M-^P
373 tion is forwarded over the secure channel, and a connection is 373 tion is forwarded over the secure channel, and a connection is
374 made to host port hostport from the local machine. Port forwardM-- 374 made to ^[[4mhost^[[24m port ^[[4mhostport^[[24m from the local machine. Port forwardM-bM-^@M-^P
375 ings can also be specified in the configuration file. Privileged 375 ings can also be specified in the configuration file. Privileged
376 ports can be forwarded only when logging in as root on the remote 376 ports can be forwarded only when logging in as root on the remote
377 machine. IPv6 addresses can be specified with an alternative 377 machine. IPv6 addresses can be specified with an alternative
378 syntax: port/host/hostport 378 syntax: ^[[4mport/host/hostport^[[0m
379 379
380 -D port 380 ^[[1mM-bMM-^RD ^[[4m^[[22mport^[[0m
381 Specifies a local ``dynamic'' application-level port forwarding. 381 Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] applicationM-bM-^@M-^Plevel port forwarding.
382 This works by allocating a socket to listen to port on the local 382 This works by allocating a socket to listen to ^[[4mport^[[24m on the local
383 side, and whenever a connection is made to this port, the connecM-- 383 side, and whenever a connection is made to this port, the connecM-bM-^@M-^P
384 tion is forwarded over the secure channel, and the application 384 tion is forwarded over the secure channel, and the application
385 protocol is then used to determine where to connect to from the 385 protocol is then used to determine where to connect to from the
386 remote machine. Currently the SOCKS4 protocol is supported, and 386 remote machine. Currently the SOCKS4 protocol is supported, and
387 ssh will act as a SOCKS4 server. Only root can forward priviM-- 387 ^[[1mssh ^[[22mwill act as a SOCKS4 server. Only root can forward priviM-bM-^@M-^P
388 leged ports. Dynamic port forwardings can also be specified in 388 leged ports. Dynamic port forwardings can also be specified in
389 the configuration file. 389 the configuration file.
390 390
391 -1 Forces ssh to try protocol version 1 only. 391 ^[[1mM-bMM-^R1 ^[[22mForces ^[[1mssh ^[[22mto try protocol version 1 only.
392 392
393 -2 Forces ssh to try protocol version 2 only. 393 ^[[1mM-bMM-^R2 ^[[22mForces ^[[1mssh ^[[22mto try protocol version 2 only.
394 394
395 -4 Forces ssh to use IPv4 addresses only. 395 ^[[1mM-bMM-^R4 ^[[22mForces ^[[1mssh ^[[22mto use IPv4 addresses only.
396 396
397 -6 Forces ssh to use IPv6 addresses only. 397 ^[[1mM-bMM-^R6 ^[[22mForces ^[[1mssh ^[[22mto use IPv6 addresses only.
398 398
399CONFIGURATION FILES 399^[[1mCONFIGURATION FILES^[[0m
400 ssh may additionally obtain configuration data from a per-user configuraM-- 400 ^[[1mssh ^[[22mmay additionally obtain configuration data from a perM-bM-^@M-^Puser configuraM-bM-^@M-^P
401 tion file and a system-wide configuration file. The file format and conM-- 401 tion file and a systemM-bM-^@M-^Pwide configuration file. The file format and conM-bM-^@M-^P
402 figuration options are described in ssh_config(5). 402 figuration options are described in ssh_config(5).
403 403
404ENVIRONMENT 404^[[1mENVIRONMENT^[[0m
405 ssh will normally set the following environment variables: 405 ^[[1mssh ^[[22mwill normally set the following environment variables:
406 406
407 DISPLAY 407 DISPLAY
408 The DISPLAY variable indicates the location of the X11 server. 408 The DISPLAY variable indicates the location of the X11 server.
409 It is automatically set by ssh to point to a value of the form 409 It is automatically set by ^[[1mssh ^[[22mto point to a value of the form
410 ``hostname:n'' where hostname indicates the host where the shell 410 M-bM-^@M-^\hostname:nM-bM-^@M-^] where hostname indicates the host where the shell
411 runs, and n is an integer >= 1. ssh uses this special value to 411 runs, and n is an integer >= 1. ^[[1mssh ^[[22muses this special value to
412 forward X11 connections over the secure channel. The user should 412 forward X11 connections over the secure channel. The user should
413 normally not set DISPLAY explicitly, as that will render the X11 413 normally not set DISPLAY explicitly, as that will render the X11
414 connection insecure (and will require the user to manually copy 414 connection insecure (and will require the user to manually copy
415 any required authorization cookies). 415 any required authorization cookies).
416 416
417 HOME Set to the path of the user's home directory. 417 HOME Set to the path of the userM-bM-^@M-^Ys home directory.
418 418
419 LOGNAME 419 LOGNAME
420 Synonym for USER; set for compatibility with systems that use 420 Synonym for USER; set for compatibility with systems that use
421 this variable. 421 this variable.
422 422
423 MAIL Set to the path of the user's mailbox. 423 MAIL Set to the path of the userM-bM-^@M-^Ys mailbox.
424 424
425 PATH Set to the default PATH, as specified when compiling ssh. 425 PATH Set to the default PATH, as specified when compiling ^[[1mssh^[[22m.
426 426
427 SSH_ASKPASS 427 SSH_ASKPASS
428 If ssh needs a passphrase, it will read the passphrase from the 428 If ^[[1mssh ^[[22mneeds a passphrase, it will read the passphrase from the
429 current terminal if it was run from a terminal. If ssh does not 429 current terminal if it was run from a terminal. If ^[[1mssh ^[[22mdoes not
430 have a terminal associated with it but DISPLAY and SSH_ASKPASS 430 have a terminal associated with it but DISPLAY and SSH_ASKPASS
431 are set, it will execute the program specified by SSH_ASKPASS and 431 are set, it will execute the program specified by SSH_ASKPASS and
432 open an X11 window to read the passphrase. This is particularly 432 open an X11 window to read the passphrase. This is particularly
433 useful when calling ssh from a .Xsession or related script. 433 useful when calling ^[[1mssh ^[[22mfrom a ^[[4m.Xsession^[[24m or related script.
434 (Note that on some machines it may be necessary to redirect the 434 (Note that on some machines it may be necessary to redirect the
435 input from /dev/null to make this work.) 435 input from ^[[4m/dev/null^[[24m to make this work.)
436 436
437 SSH_AUTH_SOCK 437 SSH_AUTH_SOCK
438 Identifies the path of a unix-domain socket used to communicate 438 Identifies the path of a unixM-bM-^@M-^Pdomain socket used to communicate
439 with the agent. 439 with the agent.
440 440
441 SSH_CONNECTION 441 SSH_CONNECTION
442 Identifies the client and server ends of the connection. The 442 Identifies the client and server ends of the connection. The
443 variable contains four space-separated values: client ip-address, 443 variable contains four spaceM-bM-^@M-^Pseparated values: client ipM-bM-^@M-^Paddress,
444 client port number, server ip-address and server port number. 444 client port number, server ipM-bM-^@M-^Paddress and server port number.
445 445
446 SSH_ORIGINAL_COMMAND 446 SSH_ORIGINAL_COMMAND
447 The variable contains the original command line if a forced comM-- 447 The variable contains the original command line if a forced comM-bM-^@M-^P
448 mand is executed. It can be used to extract the original arguM-- 448 mand is executed. It can be used to extract the original arguM-bM-^@M-^P
449 ments. 449 ments.
450 450
451 SSH_TTY 451 SSH_TTY
452 This is set to the name of the tty (path to the device) associM-- 452 This is set to the name of the tty (path to the device) associM-bM-^@M-^P
453 ated with the current shell or command. If the current session 453 ated with the current shell or command. If the current session
454 has no tty, this variable is not set. 454 has no tty, this variable is not set.
455 455
@@ -459,42 +459,42 @@ ENVIRONMENT
459 459
460 USER Set to the name of the user logging in. 460 USER Set to the name of the user logging in.
461 461
462 Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the 462 Additionally, ^[[1mssh ^[[22mreads ^[[4m$HOME/.ssh/environment^[[24m, and adds lines of the
463 format ``VARNAME=value'' to the environment if the file exists and if 463 format M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and if users
464 users are allowed to change their environment. See the 464 are allowed to change their environment. See the ^[[1mPermitUserEnvironment^[[0m
465 PermitUserEnvironment option in sshd_config(5). 465 option in sshd_config(5).
466 466
467FILES 467^[[1mFILES^[[0m
468 $HOME/.ssh/known_hosts 468 $HOME/.ssh/known_hosts
469 Records host keys for all hosts the user has logged into that are 469 Records host keys for all hosts the user has logged into that are
470 not in /etc/ssh/ssh_known_hosts. See sshd(8). 470 not in ^[[4m/etc/ssh/ssh_known_hosts^[[24m. See sshd(8).
471 471
472 $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa 472 $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
473 Contains the authentication identity of the user. They are for 473 Contains the authentication identity of the user. They are for
474 protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 474 protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
475 These files contain sensitive data and should be readable by the 475 These files contain sensitive data and should be readable by the
476 user but not accessible by others (read/write/execute). Note 476 user but not accessible by others (read/write/execute). Note
477 that ssh ignores a private key file if it is accessible by othM-- 477 that ^[[1mssh ^[[22mignores a private key file if it is accessible by othM-bM-^@M-^P
478 ers. It is possible to specify a passphrase when generating the 478 ers. It is possible to specify a passphrase when generating the
479 key; the passphrase will be used to encrypt the sensitive part of 479 key; the passphrase will be used to encrypt the sensitive part of
480 this file using 3DES. 480 this file using 3DES.
481 481
482 $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub 482 $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
483 Contains the public key for authentication (public part of the 483 Contains the public key for authentication (public part of the
484 identity file in human-readable form). The contents of the 484 identity file in humanM-bM-^@M-^Preadable form). The contents of the
485 $HOME/.ssh/identity.pub file should be added to 485 ^[[4m$HOME/.ssh/identity.pub^[[24m file should be added to
486 $HOME/.ssh/authorized_keys on all machines where the user wishes 486 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
487 to log in using protocol version 1 RSA authentication. The conM-- 487 to log in using protocol version 1 RSA authentication. The conM-bM-^@M-^P
488 tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file 488 tents of the ^[[4m$HOME/.ssh/id_dsa.pub^[[24m and ^[[4m$HOME/.ssh/id_rsa.pub^[[24m file
489 should be added to $HOME/.ssh/authorized_keys on all machines 489 should be added to ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines
490 where the user wishes to log in using protocol version 2 DSA/RSA 490 where the user wishes to log in using protocol version 2 DSA/RSA
491 authentication. These files are not sensitive and can (but need 491 authentication. These files are not sensitive and can (but need
492 not) be readable by anyone. These files are never used automatiM-- 492 not) be readable by anyone. These files are never used automatiM-bM-^@M-^P
493 cally and are not necessary; they are only provided for the conM-- 493 cally and are not necessary; they are only provided for the conM-bM-^@M-^P
494 venience of the user. 494 venience of the user.
495 495
496 $HOME/.ssh/config 496 $HOME/.ssh/config
497 This is the per-user configuration file. The file format and 497 This is the perM-bM-^@M-^Puser configuration file. The file format and
498 configuration options are described in ssh_config(5). 498 configuration options are described in ssh_config(5).
499 499
500 $HOME/.ssh/authorized_keys 500 $HOME/.ssh/authorized_keys
@@ -508,17 +508,17 @@ FILES
508 /etc/ssh/ssh_known_hosts 508 /etc/ssh/ssh_known_hosts
509 Systemwide list of known host keys. This file should be prepared 509 Systemwide list of known host keys. This file should be prepared
510 by the system administrator to contain the public host keys of 510 by the system administrator to contain the public host keys of
511 all machines in the organization. This file should be world- 511 all machines in the organization. This file should be worldM-bM-^@M-^P
512 readable. This file contains public keys, one per line, in the 512 readable. This file contains public keys, one per line, in the
513 following format (fields separated by spaces): system name, pubM-- 513 following format (fields separated by spaces): system name, pubM-bM-^@M-^P
514 lic key and optional comment field. When different names are 514 lic key and optional comment field. When different names are
515 used for the same machine, all such names should be listed, sepaM-- 515 used for the same machine, all such names should be listed, sepaM-bM-^@M-^P
516 rated by commas. The format is described on the sshd(8) manual 516 rated by commas. The format is described on the sshd(8) manual
517 page. 517 page.
518 518
519 The canonical system name (as returned by name servers) is used 519 The canonical system name (as returned by name servers) is used
520 by sshd(8) to verify the client host when logging in; other names 520 by sshd(8) to verify the client host when logging in; other names
521 are needed because ssh does not convert the user-supplied name to 521 are needed because ^[[1mssh ^[[22mdoes not convert the userM-bM-^@M-^Psupplied name to
522 a canonical name before checking the key, because someone with 522 a canonical name before checking the key, because someone with
523 access to the name servers would then be able to fool host 523 access to the name servers would then be able to fool host
524 authentication. 524 authentication.
@@ -530,22 +530,22 @@ FILES
530 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, 530 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key,
531 /etc/ssh/ssh_host_rsa_key 531 /etc/ssh/ssh_host_rsa_key
532 These three files contain the private parts of the host keys and 532 These three files contain the private parts of the host keys and
533 are used for RhostsRSAAuthentication and HostbasedAuthentication. 533 are used for ^[[1mRhostsRSAAuthentication ^[[22mand ^[[1mHostbasedAuthentication^[[22m.
534 If the protocol version 1 RhostsRSAAuthentication method is used, 534 If the protocol version 1 ^[[1mRhostsRSAAuthentication ^[[22mmethod is used,
535 ssh must be setuid root, since the host key is readable only by 535 ^[[1mssh ^[[22mmust be setuid root, since the host key is readable only by
536 root. For protocol version 2, ssh uses ssh-keysign(8) to access 536 root. For protocol version 2, ^[[1mssh ^[[22muses sshM-bM-^@M-^Pkeysign(8) to access
537 the host keys for HostbasedAuthentication. This eliminates the 537 the host keys for ^[[1mHostbasedAuthentication^[[22m. This eliminates the
538 requirement that ssh be setuid root when that authentication 538 requirement that ^[[1mssh ^[[22mbe setuid root when that authentication
539 method is used. By default ssh is not setuid root. 539 method is used. By default ^[[1mssh ^[[22mis not setuid root.
540 540
541 $HOME/.rhosts 541 $HOME/.rhosts
542 This file is used in .rhosts authentication to list the host/user 542 This file is used in ^[[4m.rhosts^[[24m authentication to list the host/user
543 pairs that are permitted to log in. (Note that this file is also 543 pairs that are permitted to log in. (Note that this file is also
544 used by rlogin and rsh, which makes using this file insecure.) 544 used by rlogin and rsh, which makes using this file insecure.)
545 Each line of the file contains a host name (in the canonical form 545 Each line of the file contains a host name (in the canonical form
546 returned by name servers), and then a user name on that host, 546 returned by name servers), and then a user name on that host,
547 separated by a space. On some machines this file may need to be 547 separated by a space. On some machines this file may need to be
548 world-readable if the user's home directory is on a NFS partiM-- 548 worldM-bM-^@M-^Preadable if the userM-bM-^@M-^Ys home directory is on a NFS partiM-bM-^@M-^P
549 tion, because sshd(8) reads it as root. Additionally, this file 549 tion, because sshd(8) reads it as root. Additionally, this file
550 must be owned by the user, and must not have write permissions 550 must be owned by the user, and must not have write permissions
551 for anyone else. The recommended permission for most machines is 551 for anyone else. The recommended permission for most machines is
@@ -554,18 +554,18 @@ FILES
554 Note that by default sshd(8) will be installed so that it 554 Note that by default sshd(8) will be installed so that it
555 requires successful RSA host authentication before permitting 555 requires successful RSA host authentication before permitting
556 .rhosts authentication. If the server machine does not have the 556 .rhosts authentication. If the server machine does not have the
557 client's host key in /etc/ssh/ssh_known_hosts, it can be stored 557 clientM-bM-^@M-^Ys host key in ^[[4m/etc/ssh/ssh_known_hosts^[[24m, it can be stored
558 in $HOME/.ssh/known_hosts. The easiest way to do this is to conM-- 558 in ^[[4m$HOME/.ssh/known_hosts^[[24m. The easiest way to do this is to conM-bM-^@M-^P
559 nect back to the client from the server machine using ssh; this 559 nect back to the client from the server machine using ssh; this
560 will automatically add the host key to $HOME/.ssh/known_hosts. 560 will automatically add the host key to ^[[4m$HOME/.ssh/known_hosts^[[24m.
561 561
562 $HOME/.shosts 562 $HOME/.shosts
563 This file is used exactly the same way as .rhosts. The purpose 563 This file is used exactly the same way as ^[[4m.rhosts^[[24m. The purpose
564 for having this file is to be able to use rhosts authentication 564 for having this file is to be able to use rhosts authentication
565 with ssh without permitting login with rlogin or rsh(1). 565 with ^[[1mssh ^[[22mwithout permitting login with ^[[1mrlogin ^[[22mor rsh(1).
566 566
567 /etc/hosts.equiv 567 /etc/hosts.equiv
568 This file is used during .rhosts authentication. It contains 568 This file is used during ^[[4m.rhosts^[[24m ^[[4mauthentication.^[[24m It contains
569 canonical hosts names, one per line (the full format is described 569 canonical hosts names, one per line (the full format is described
570 on the sshd(8) manual page). If the client host is found in this 570 on the sshd(8) manual page). If the client host is found in this
571 file, login is automatically permitted provided client and server 571 file, login is automatically permitted provided client and server
@@ -574,41 +574,41 @@ FILES
574 writable by root. 574 writable by root.
575 575
576 /etc/shosts.equiv 576 /etc/shosts.equiv
577 This file is processed exactly as /etc/hosts.equiv. This file 577 This file is processed exactly as ^[[4m/etc/hosts.equiv^[[24m. This file
578 may be useful to permit logins using ssh but not using 578 may be useful to permit logins using ^[[1mssh ^[[22mbut not using
579 rsh/rlogin. 579 rsh/rlogin.
580 580
581 /etc/ssh/sshrc 581 /etc/ssh/sshrc
582 Commands in this file are executed by ssh when the user logs in 582 Commands in this file are executed by ^[[1mssh ^[[22mwhen the user logs in
583 just before the user's shell (or command) is started. See the 583 just before the userM-bM-^@M-^Ys shell (or command) is started. See the
584 sshd(8) manual page for more information. 584 sshd(8) manual page for more information.
585 585
586 $HOME/.ssh/rc 586 $HOME/.ssh/rc
587 Commands in this file are executed by ssh when the user logs in 587 Commands in this file are executed by ^[[1mssh ^[[22mwhen the user logs in
588 just before the user's shell (or command) is started. See the 588 just before the userM-bM-^@M-^Ys shell (or command) is started. See the
589 sshd(8) manual page for more information. 589 sshd(8) manual page for more information.
590 590
591 $HOME/.ssh/environment 591 $HOME/.ssh/environment
592 Contains additional definitions for environment variables, see 592 Contains additional definitions for environment variables, see
593 section ENVIRONMENT above. 593 section ^[[4mENVIRONMENT^[[24m above.
594 594
595DIAGNOSTICS 595^[[1mDIAGNOSTICS^[[0m
596 ssh exits with the exit status of the remote command or with 255 if an 596 ^[[1mssh ^[[22mexits with the exit status of the remote command or with 255 if an
597 error occurred. 597 error occurred.
598 598
599AUTHORS 599^[[1mAUTHORS^[[0m
600 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 600 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
601 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 601 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
602 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 602 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
603 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 603 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
604 versions 1.5 and 2.0. 604 versions 1.5 and 2.0.
605 605
606SEE ALSO 606^[[1mSEE ALSO^[[0m
607 rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 607 rsh(1), scp(1), sftp(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1),
608 telnet(1), ssh_config(5), ssh-keysign(8), sshd(8) 608 telnet(1), ssh_config(5), sshM-bM-^@M-^Pkeysign(8), sshd(8)
609 609
610 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH 610 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, ^[[4mSSH^[[0m
611 Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January 611 ^[[4mProtocol^[[24m ^[[4mArchitecture^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^ParchitectureM-bM-^@M-^P12.txt, January
612 2002, work in progress material. 612 2002, work in progress material.
613 613
614BSD September 25, 1999 BSD 614BSD September 25, 1999 BSD
diff --git a/ssh.c b/ssh.c
index 2c589de82..720604394 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -495,9 +495,9 @@ again:
495 av += optind; 495 av += optind;
496 496
497 if (ac > 0 && !host && **av != '-') { 497 if (ac > 0 && !host && **av != '-') {
498 if (strchr(*av, '@')) { 498 if (strrchr(*av, '@')) {
499 p = xstrdup(*av); 499 p = xstrdup(*av);
500 cp = strchr(p, '@'); 500 cp = strrchr(p, '@');
501 if (cp == NULL || cp == p) 501 if (cp == NULL || cp == p)
502 usage(); 502 usage();
503 options.user = p; 503 options.user = p;
@@ -505,12 +505,11 @@ again:
505 host = ++cp; 505 host = ++cp;
506 } else 506 } else
507 host = *av; 507 host = *av;
508 ac--, av++; 508 if (ac > 1) {
509 if (ac > 0) { 509 optind = optreset = 1;
510 optind = 0;
511 optreset = 1;
512 goto again; 510 goto again;
513 } 511 }
512 ac--, av++;
514 } 513 }
515 514
516 /* Check that we got a host name. */ 515 /* Check that we got a host name. */
@@ -602,6 +601,10 @@ again:
602 if (options.hostname != NULL) 601 if (options.hostname != NULL)
603 host = options.hostname; 602 host = options.hostname;
604 603
604 if (options.proxy_command != NULL &&
605 strcmp(options.proxy_command, "none") == 0)
606 options.proxy_command = NULL;
607
605 /* Disable rhosts authentication if not running as root. */ 608 /* Disable rhosts authentication if not running as root. */
606#ifdef HAVE_CYGWIN 609#ifdef HAVE_CYGWIN
607 /* Ignore uid if running under Windows */ 610 /* Ignore uid if running under Windows */
@@ -1026,7 +1029,7 @@ ssh_session2_setup(int id, void *arg)
1026 int interactive = 0; 1029 int interactive = 0;
1027 struct termios tio; 1030 struct termios tio;
1028 1031
1029 debug("ssh_session2_setup: id %d", id); 1032 debug2("ssh_session2_setup: id %d", id);
1030 1033
1031 if (tty_flag) { 1034 if (tty_flag) {
1032 struct winsize ws; 1035 struct winsize ws;
diff --git a/ssh_config.0 b/ssh_config.0
index a5a44da14..559705343 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -1,403 +1,400 @@
1SSH_CONFIG(5) System File Formats Manual SSH_CONFIG(5) 1SSH_CONFIG(5) BSD File Formats Manual SSH_CONFIG(5)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh_config - OpenSSH SSH client configuration files 4 ^[[1mssh_config ^[[22mM-bMM-^R OpenSSH SSH client configuration files
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 $HOME/.ssh/config 7 ^[[4m$HOME/.ssh/config^[[0m
8 /etc/ssh/ssh_config 8 ^[[4m/etc/ssh/ssh_config^[[0m
9 9
10DESCRIPTION 10^[[1mDESCRIPTION^[[0m
11 ssh obtains configuration data from the following sources in the followM-- 11 ^[[1mssh ^[[22mobtains configuration data from the following sources in the followM-bM-^@M-^P
12 ing order: 12 ing order:
13 1. command-line options 13 1. commandM-bM-^@M-^Pline options
14 2. user's configuration file ($HOME/.ssh/config) 14 2. userM-bM-^@M-^Ys configuration file (^[[4m$HOME/.ssh/config^[[24m)
15 3. system-wide configuration file (/etc/ssh/ssh_config) 15 3. systemM-bM-^@M-^Pwide configuration file (^[[4m/etc/ssh/ssh_config^[[24m)
16 16
17 For each parameter, the first obtained value will be used. The configuM-- 17 For each parameter, the first obtained value will be used. The configuM-bM-^@M-^P
18 ration files contain sections bracketed by ``Host'' specifications, and 18 ration files contain sections bracketed by M-bM-^@M-^\HostM-bM-^@M-^] specifications, and
19 that section is only applied for hosts that match one of the patterns 19 that section is only applied for hosts that match one of the patterns
20 given in the specification. The matched host name is the one given on 20 given in the specification. The matched host name is the one given on
21 the command line. 21 the command line.
22 22
23 Since the first obtained value for each parameter is used, more host-speM-- 23 Since the first obtained value for each parameter is used, more hostM-bM-^@M-^PspeM-bM-^@M-^P
24 cific declarations should be given near the beginning of the file, and 24 cific declarations should be given near the beginning of the file, and
25 general defaults at the end. 25 general defaults at the end.
26 26
27 The configuration file has the following format: 27 The configuration file has the following format:
28 28
29 Empty lines and lines starting with `#' are comments. 29 Empty lines and lines starting with M-bM-^@M-^X#M-bM-^@M-^Y are comments.
30 30
31 Otherwise a line is of the format ``keyword arguments''. Configuration 31 Otherwise a line is of the format M-bM-^@M-^\keyword argumentsM-bM-^@M-^]. Configuration
32 options may be separated by whitespace or optional whitespace and exactly 32 options may be separated by whitespace or optional whitespace and exactly
33 one `='; the latter format is useful to avoid the need to quote whitesM-- 33 one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format is useful to avoid the need to quote whitesM-bM-^@M-^P
34 pace when specifying configuration options using the ssh, scp and sftp -o 34 pace when specifying configuration options using the ^[[1mssh^[[22m, ^[[1mscp ^[[22mand ^[[1msftp M-bMM-^Ro^[[0m
35 option. 35 option.
36 36
37 The possible keywords and their meanings are as follows (note that keyM-- 37 The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P
38 words are case-insensitive and arguments are case-sensitive): 38 words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive):
39 39
40 Host Restricts the following declarations (up to the next Host keyM-- 40 ^[[1mHost ^[[22mRestricts the following declarations (up to the next ^[[1mHost ^[[22mkeyM-bM-^@M-^P
41 word) to be only for those hosts that match one of the patterns 41 word) to be only for those hosts that match one of the patterns
42 given after the keyword. `*' and `'? can be used as wildcards 42 given after the keyword. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards
43 in the patterns. A single `*' as a pattern can be used to proM-- 43 in the patterns. A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to proM-bM-^@M-^P
44 vide global defaults for all hosts. The host is the hostname 44 vide global defaults for all hosts. The host is the ^[[4mhostname^[[0m
45 argument given on the command line (i.e., the name is not conM-- 45 argument given on the command line (i.e., the name is not conM-bM-^@M-^P
46 verted to a canonicalized host name before matching). 46 verted to a canonicalized host name before matching).
47 47
48 AFSTokenPassing 48 ^[[1mAFSTokenPassing^[[0m
49 Specifies whether to pass AFS tokens to remote host. The arguM-- 49 Specifies whether to pass AFS tokens to remote host. The arguM-bM-^@M-^P
50 ment to this keyword must be ``yes'' or ``no''. This option 50 ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option applies
51 applies to protocol version 1 only. 51 to protocol version 1 only.
52 52
53 BatchMode 53 ^[[1mBatchMode^[[0m
54 If set to ``yes'', passphrase/password querying will be disabled. 54 If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled.
55 This option is useful in scripts and other batch jobs where no 55 This option is useful in scripts and other batch jobs where no
56 user is present to supply the password. The argument must be 56 user is present to supply the password. The argument must be
57 ``yes'' or ``no''. The default is ``no''. 57 M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
58 58
59 BindAddress 59 ^[[1mBindAddress^[[0m
60 Specify the interface to transmit from on machines with multiple 60 Specify the interface to transmit from on machines with multiple
61 interfaces or aliased addresses. Note that this option does not 61 interfaces or aliased addresses. Note that this option does not
62 work if UsePrivilegedPort is set to ``yes''. 62 work if ^[[1mUsePrivilegedPort ^[[22mis set to M-bM-^@M-^\yesM-bM-^@M-^].
63 63
64 ChallengeResponseAuthentication 64 ^[[1mChallengeResponseAuthentication^[[0m
65 Specifies whether to use challenge response authentication. The 65 Specifies whether to use challenge response authentication. The
66 argument to this keyword must be ``yes'' or ``no''. The default 66 argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is
67 is ``yes''. 67 M-bM-^@M-^\yesM-bM-^@M-^].
68 68
69 CheckHostIP 69 ^[[1mCheckHostIP^[[0m
70 If this flag is set to ``yes'', ssh will additionally check the 70 If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh will additionally check the
71 host IP address in the known_hosts file. This allows ssh to 71 host IP address in the ^[[4mknown_hosts^[[24m file. This allows ssh to
72 detect if a host key changed due to DNS spoofing. If the option 72 detect if a host key changed due to DNS spoofing. If the option
73 is set to ``no'', the check will not be executed. The default is 73 is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The default is
74 ``yes''. 74 M-bM-^@M-^\yesM-bM-^@M-^].
75 75
76 Cipher Specifies the cipher to use for encrypting the session in protoM-- 76 ^[[1mCipher ^[[22mSpecifies the cipher to use for encrypting the session in protoM-bM-^@M-^P
77 col version 1. Currently, ``blowfish'', ``3des'', and ``des'' 77 col version 1. Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are supM-bM-^@M-^P
78 are supported. des is only supported in the ssh client for 78 ported. ^[[4mdes^[[24m is only supported in the ^[[1mssh ^[[22mclient for interoperM-bM-^@M-^P
79 interoperability with legacy protocol 1 implementations that do 79 ability with legacy protocol 1 implementations that do not supM-bM-^@M-^P
80 not support the 3des cipher. Its use is strongly discouraged due 80 port the ^[[4m3des^[[24m cipher. Its use is strongly discouraged due to
81 to cryptographic weaknesses. The default is ``3des''. 81 cryptographic weaknesses. The default is M-bM-^@M-^\3desM-bM-^@M-^].
82 82
83 Ciphers 83 ^[[1mCiphers^[[0m
84 Specifies the ciphers allowed for protocol version 2 in order of 84 Specifies the ciphers allowed for protocol version 2 in order of
85 preference. Multiple ciphers must be comma-separated. The 85 preference. Multiple ciphers must be commaM-bM-^@M-^Pseparated. The
86 default is 86 default is
87 87
88 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 88 M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour,
89 aes192-cbc,aes256-cbc'' 89 aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y
90 90
91 ClearAllForwardings 91 ^[[1mClearAllForwardings^[[0m
92 Specifies that all local, remote and dynamic port forwardings 92 Specifies that all local, remote and dynamic port forwardings
93 specified in the configuration files or on the command line be 93 specified in the configuration files or on the command line be
94 cleared. This option is primarily useful when used from the ssh 94 cleared. This option is primarily useful when used from the ^[[1mssh^[[0m
95 command line to clear port forwardings set in configuration 95 command line to clear port forwardings set in configuration
96 files, and is automatically set by scp(1) and sftp(1). The arguM-- 96 files, and is automatically set by scp(1) and sftp(1). The arguM-bM-^@M-^P
97 ment must be ``yes'' or ``no''. The default is ``no''. 97 ment must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
98 98
99 Compression 99 ^[[1mCompression^[[0m
100 Specifies whether to use compression. The argument must be 100 Specifies whether to use compression. The argument must be M-bM-^@M-^\yesM-bM-^@M-^]
101 ``yes'' or ``no''. The default is ``no''. 101 or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
102 102
103 CompressionLevel 103 ^[[1mCompressionLevel^[[0m
104 Specifies the compression level to use if compression is enabled. 104 Specifies the compression level to use if compression is enabled.
105 The argument must be an integer from 1 (fast) to 9 (slow, best). 105 The argument must be an integer from 1 (fast) to 9 (slow, best).
106 The default level is 6, which is good for most applications. The 106 The default level is 6, which is good for most applications. The
107 meaning of the values is the same as in gzip(1). Note that this 107 meaning of the values is the same as in gzip(1). Note that this
108 option applies to protocol version 1 only. 108 option applies to protocol version 1 only.
109 109
110 ConnectionAttempts 110 ^[[1mConnectionAttempts^[[0m
111 Specifies the number of tries (one per second) to make before 111 Specifies the number of tries (one per second) to make before
112 exiting. The argument must be an integer. This may be useful in 112 exiting. The argument must be an integer. This may be useful in
113 scripts if the connection sometimes fails. The default is 1. 113 scripts if the connection sometimes fails. The default is 1.
114 114
115 DynamicForward 115 ^[[1mDynamicForward^[[0m
116 Specifies that a TCP/IP port on the local machine be forwarded 116 Specifies that a TCP/IP port on the local machine be forwarded
117 over the secure channel, and the application protocol is then 117 over the secure channel, and the application protocol is then
118 used to determine where to connect to from the remote machine. 118 used to determine where to connect to from the remote machine.
119 The argument must be a port number. Currently the SOCKS4 protoM-- 119 The argument must be a port number. Currently the SOCKS4 protoM-bM-^@M-^P
120 col is supported, and ssh will act as a SOCKS4 server. Multiple 120 col is supported, and ^[[1mssh ^[[22mwill act as a SOCKS4 server. Multiple
121 forwardings may be specified, and additional forwardings can be 121 forwardings may be specified, and additional forwardings can be
122 given on the command line. Only the superuser can forward priviM-- 122 given on the command line. Only the superuser can forward priviM-bM-^@M-^P
123 leged ports. 123 leged ports.
124 124
125 EscapeChar 125 ^[[1mEscapeChar^[[0m
126 Sets the escape character (default: `~'). The escape character 126 Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character
127 can also be set on the command line. The argument should be a 127 can also be set on the command line. The argument should be a
128 single character, `^' followed by a letter, or ``none'' to disM-- 128 single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or M-bM-^@M-^\noneM-bM-^@M-^] to disable
129 able the escape character entirely (making the connection transM-- 129 the escape character entirely (making the connection transparent
130 parent for binary data). 130 for binary data).
131 131
132 ForwardAgent 132 ^[[1mForwardAgent^[[0m
133 Specifies whether the connection to the authentication agent (if 133 Specifies whether the connection to the authentication agent (if
134 any) will be forwarded to the remote machine. The argument must 134 any) will be forwarded to the remote machine. The argument must
135 be ``yes'' or ``no''. The default is ``no''. 135 be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
136 136
137 Agent forwarding should be enabled with caution. Users with the 137 Agent forwarding should be enabled with caution. Users with the
138 ability to bypass file permissions on the remote host (for the 138 ability to bypass file permissions on the remote host (for the
139 agent's Unix-domain socket) can access the local agent through 139 agentM-bM-^@M-^Ys UnixM-bM-^@M-^Pdomain socket) can access the local agent through
140 the forwarded connection. An attacker cannot obtain key material 140 the forwarded connection. An attacker cannot obtain key material
141 from the agent, however they can perform operations on the keys 141 from the agent, however they can perform operations on the keys
142 that enable them to authenticate using the identities loaded into 142 that enable them to authenticate using the identities loaded into
143 the agent. 143 the agent.
144 144
145 ForwardX11 145 ^[[1mForwardX11^[[0m
146 Specifies whether X11 connections will be automatically rediM-- 146 Specifies whether X11 connections will be automatically rediM-bM-^@M-^P
147 rected over the secure channel and DISPLAY set. The argument 147 rected over the secure channel and DISPLAY set. The argument
148 must be ``yes'' or ``no''. The default is ``no''. 148 must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
149 149
150 X11 forwarding should be enabled with caution. Users with the 150 X11 forwarding should be enabled with caution. Users with the
151 ability to bypass file permissions on the remote host (for the 151 ability to bypass file permissions on the remote host (for the
152 user's X authorization database) can access the local X11 display 152 userM-bM-^@M-^Ys X authorization database) can access the local X11 display
153 through the forwarded connection. An attacker may then be able 153 through the forwarded connection. An attacker may then be able
154 to perform activities such as keystroke monitoring. 154 to perform activities such as keystroke monitoring.
155 155
156 GatewayPorts 156 ^[[1mGatewayPorts^[[0m
157 Specifies whether remote hosts are allowed to connect to local 157 Specifies whether remote hosts are allowed to connect to local
158 forwarded ports. By default, ssh binds local port forwardings to 158 forwarded ports. By default, ^[[1mssh ^[[22mbinds local port forwardings to
159 the loopback address. This prevents other remote hosts from conM-- 159 the loopback address. This prevents other remote hosts from conM-bM-^@M-^P
160 necting to forwarded ports. GatewayPorts can be used to specify 160 necting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be used to specify
161 that ssh should bind local port forwardings to the wildcard 161 that ^[[1mssh ^[[22mshould bind local port forwardings to the wildcard
162 address, thus allowing remote hosts to connect to forwarded 162 address, thus allowing remote hosts to connect to forwarded
163 ports. The argument must be ``yes'' or ``no''. The default is 163 ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
164 ``no''.
165 164
166 GlobalKnownHostsFile 165 ^[[1mGlobalKnownHostsFile^[[0m
167 Specifies a file to use for the global host key database instead 166 Specifies a file to use for the global host key database instead
168 of /etc/ssh/ssh_known_hosts. 167 of ^[[4m/etc/ssh/ssh_known_hosts^[[24m.
169 168
170 HostbasedAuthentication 169 ^[[1mHostbasedAuthentication^[[0m
171 Specifies whether to try rhosts based authentication with public 170 Specifies whether to try rhosts based authentication with public
172 key authentication. The argument must be ``yes'' or ``no''. The 171 key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The
173 default is ``no''. This option applies to protocol version 2 172 default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only
174 only and is similar to RhostsRSAAuthentication. 173 and is similar to ^[[1mRhostsRSAAuthentication^[[22m.
175 174
176 HostKeyAlgorithms 175 ^[[1mHostKeyAlgorithms^[[0m
177 Specifies the protocol version 2 host key algorithms that the 176 Specifies the protocol version 2 host key algorithms that the
178 client wants to use in order of preference. The default for this 177 client wants to use in order of preference. The default for this
179 option is: ``ssh-rsa,ssh-dss''. 178 option is: M-bM-^@M-^\sshM-bM-^@M-^Prsa,sshM-bM-^@M-^PdssM-bM-^@M-^].
180 179
181 HostKeyAlias 180 ^[[1mHostKeyAlias^[[0m
182 Specifies an alias that should be used instead of the real host 181 Specifies an alias that should be used instead of the real host
183 name when looking up or saving the host key in the host key 182 name when looking up or saving the host key in the host key
184 database files. This option is useful for tunneling ssh connecM-- 183 database files. This option is useful for tunneling ssh connecM-bM-^@M-^P
185 tions or for multiple servers running on a single host. 184 tions or for multiple servers running on a single host.
186 185
187 HostName 186 ^[[1mHostName^[[0m
188 Specifies the real host name to log into. This can be used to 187 Specifies the real host name to log into. This can be used to
189 specify nicknames or abbreviations for hosts. Default is the 188 specify nicknames or abbreviations for hosts. Default is the
190 name given on the command line. Numeric IP addresses are also 189 name given on the command line. Numeric IP addresses are also
191 permitted (both on the command line and in HostName specificaM-- 190 permitted (both on the command line and in ^[[1mHostName ^[[22mspecificaM-bM-^@M-^P
192 tions). 191 tions).
193 192
194 IdentityFile 193 ^[[1mIdentityFile^[[0m
195 Specifies a file from which the user's RSA or DSA authentication 194 Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication
196 identity is read. The default is $HOME/.ssh/identity for protocol 195 identity is read. The default is ^[[4m$HOME/.ssh/identity^[[24m for protocol
197 version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protoM-- 196 version 1, and ^[[4m$HOME/.ssh/id_rsa^[[24m and ^[[4m$HOME/.ssh/id_dsa^[[24m for protoM-bM-^@M-^P
198 col version 2. Additionally, any identities represented by the 197 col version 2. Additionally, any identities represented by the
199 authentication agent will be used for authentication. The file 198 authentication agent will be used for authentication. The file
200 name may use the tilde syntax to refer to a user's home direcM-- 199 name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direcM-bM-^@M-^P
201 tory. It is possible to have multiple identity files specified 200 tory. It is possible to have multiple identity files specified
202 in configuration files; all these identities will be tried in 201 in configuration files; all these identities will be tried in
203 sequence. 202 sequence.
204 203
205 KeepAlive 204 ^[[1mKeepAlive^[[0m
206 Specifies whether the system should send TCP keepalive messages 205 Specifies whether the system should send TCP keepalive messages
207 to the other side. If they are sent, death of the connection or 206 to the other side. If they are sent, death of the connection or
208 crash of one of the machines will be properly noticed. However, 207 crash of one of the machines will be properly noticed. However,
209 this means that connections will die if the route is down temM-- 208 this means that connections will die if the route is down temM-bM-^@M-^P
210 porarily, and some people find it annoying. 209 porarily, and some people find it annoying.
211 210
212 The default is ``yes'' (to send keepalives), and the client will 211 The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the client will
213 notice if the network goes down or the remote host dies. This is 212 notice if the network goes down or the remote host dies. This is
214 important in scripts, and many users want it too. 213 important in scripts, and many users want it too.
215 214
216 To disable keepalives, the value should be set to ``no''. 215 To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
217 216
218 KerberosAuthentication 217 ^[[1mKerberosAuthentication^[[0m
219 Specifies whether Kerberos authentication will be used. The 218 Specifies whether Kerberos authentication will be used. The
220 argument to this keyword must be ``yes'' or ``no''. 219 argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
221 220
222 KerberosTgtPassing 221 ^[[1mKerberosTgtPassing^[[0m
223 Specifies whether a Kerberos TGT will be forwarded to the server. 222 Specifies whether a Kerberos TGT will be forwarded to the server.
224 This will only work if the Kerberos server is actually an AFS 223 This will only work if the Kerberos server is actually an AFS
225 kaserver. The argument to this keyword must be ``yes'' or 224 kaserver. The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
226 ``no''.
227 225
228 LocalForward 226 ^[[1mLocalForward^[[0m
229 Specifies that a TCP/IP port on the local machine be forwarded 227 Specifies that a TCP/IP port on the local machine be forwarded
230 over the secure channel to the specified host and port from the 228 over the secure channel to the specified host and port from the
231 remote machine. The first argument must be a port number, and 229 remote machine. The first argument must be a port number, and
232 the second must be host:port. IPv6 addresses can be specified 230 the second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified
233 with an alternative syntax: host/port. Multiple forwardings may 231 with an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may
234 be specified, and additional forwardings can be given on the comM-- 232 be specified, and additional forwardings can be given on the comM-bM-^@M-^P
235 mand line. Only the superuser can forward privileged ports. 233 mand line. Only the superuser can forward privileged ports.
236 234
237 LogLevel 235 ^[[1mLogLevel^[[0m
238 Gives the verbosity level that is used when logging messages from 236 Gives the verbosity level that is used when logging messages from
239 ssh. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-- 237 ^[[1mssh^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P
240 BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. 238 BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
241 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 239 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
242 higher levels of verbose output. 240 higher levels of verbose output.
243 241
244 MACs Specifies the MAC (message authentication code) algorithms in 242 ^[[1mMACs ^[[22mSpecifies the MAC (message authentication code) algorithms in
245 order of preference. The MAC algorithm is used in protocol verM-- 243 order of preference. The MAC algorithm is used in protocol verM-bM-^@M-^P
246 sion 2 for data integrity protection. Multiple algorithms must 244 sion 2 for data integrity protection. Multiple algorithms must
247 be comma-separated. The default is 245 be commaM-bM-^@M-^Pseparated. The default is
248 ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. 246 M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^].
249 247
250 NoHostAuthenticationForLocalhost 248 ^[[1mNoHostAuthenticationForLocalhost^[[0m
251 This option can be used if the home directory is shared across 249 This option can be used if the home directory is shared across
252 machines. In this case localhost will refer to a different 250 machines. In this case localhost will refer to a different
253 machine on each of the machines and the user will get many warnM-- 251 machine on each of the machines and the user will get many warnM-bM-^@M-^P
254 ings about changed host keys. However, this option disables host 252 ings about changed host keys. However, this option disables host
255 authentication for localhost. The argument to this keyword must 253 authentication for localhost. The argument to this keyword must
256 be ``yes'' or ``no''. The default is to check the host key for 254 be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is to check the host key for
257 localhost. 255 localhost.
258 256
259 NumberOfPasswordPrompts 257 ^[[1mNumberOfPasswordPrompts^[[0m
260 Specifies the number of password prompts before giving up. The 258 Specifies the number of password prompts before giving up. The
261 argument to this keyword must be an integer. Default is 3. 259 argument to this keyword must be an integer. Default is 3.
262 260
263 PasswordAuthentication 261 ^[[1mPasswordAuthentication^[[0m
264 Specifies whether to use password authentication. The argument 262 Specifies whether to use password authentication. The argument
265 to this keyword must be ``yes'' or ``no''. The default is 263 to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^].
266 ``yes''.
267 264
268 Port Specifies the port number to connect on the remote host. Default 265 ^[[1mPort ^[[22mSpecifies the port number to connect on the remote host. Default
269 is 22. 266 is 22.
270 267
271 PreferredAuthentications 268 ^[[1mPreferredAuthentications^[[0m
272 Specifies the order in which the client should try protocol 2 269 Specifies the order in which the client should try protocol 2
273 authentication methods. This allows a client to prefer one method 270 authentication methods. This allows a client to prefer one method
274 (e.g. keyboard-interactive) over another method (e.g. password) 271 (e.g. ^[[1mkeyboardM-bM-^@M-^Pinteractive^[[22m) over another method (e.g. ^[[1mpassword^[[22m)
275 The default for this option is: 272 The default for this option is:
276 ``hostbased,publickey,keyboard-interactive,password''. 273 M-bM-^@M-^\hostbased,publickey,keyboardM-bM-^@M-^Pinteractive,passwordM-bM-^@M-^].
277 274
278 Protocol 275 ^[[1mProtocol^[[0m
279 Specifies the protocol versions ssh should support in order of 276 Specifies the protocol versions ^[[1mssh ^[[22mshould support in order of
280 preference. The possible values are ``1'' and ``2''. Multiple 277 preference. The possible values are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple verM-bM-^@M-^P
281 versions must be comma-separated. The default is ``2,1''. This 278 sions must be commaM-bM-^@M-^Pseparated. The default is M-bM-^@M-^\2,1M-bM-^@M-^]. This means
282 means that ssh tries version 2 and falls back to version 1 if 279 that ^[[1mssh ^[[22mtries version 2 and falls back to version 1 if version 2
283 version 2 is not available. 280 is not available.
284 281
285 ProxyCommand 282 ^[[1mProxyCommand^[[0m
286 Specifies the command to use to connect to the server. The comM-- 283 Specifies the command to use to connect to the server. The comM-bM-^@M-^P
287 mand string extends to the end of the line, and is executed with 284 mand string extends to the end of the line, and is executed with
288 /bin/sh. In the command string, `%h' will be substituted by the 285 ^[[4m/bin/sh^[[24m. In the command string, M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the
289 host name to connect and `%p' by the port. The command can be 286 host name to connect and M-bM-^@M-^X%pM-bM-^@M-^Y by the port. The command can be
290 basically anything, and should read from its standard input and 287 basically anything, and should read from its standard input and
291 write to its standard output. It should eventually connect an 288 write to its standard output. It should eventually connect an
292 sshd(8) server running on some machine, or execute sshd -i someM-- 289 sshd(8) server running on some machine, or execute ^[[1msshd M-bM-^@M-^Pi ^[[22msomeM-bM-^@M-^P
293 where. Host key management will be done using the HostName of 290 where. Host key management will be done using the HostName of
294 the host being connected (defaulting to the name typed by the 291 the host being connected (defaulting to the name typed by the
295 user). Note that CheckHostIP is not available for connects with 292 user). Setting the command to M-bM-^@M-^\noneM-bM-^@M-^] disables this option
296 a proxy command. 293 entirely. Note that ^[[1mCheckHostIP ^[[22mis not available for connects
294 with a proxy command.
297 295
298 PubkeyAuthentication 296 ^[[1mPubkeyAuthentication^[[0m
299 Specifies whether to try public key authentication. The argument 297 Specifies whether to try public key authentication. The argument
300 to this keyword must be ``yes'' or ``no''. The default is 298 to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^].
301 ``yes''. This option applies to protocol version 2 only. 299 This option applies to protocol version 2 only.
302 300
303 RemoteForward 301 ^[[1mRemoteForward^[[0m
304 Specifies that a TCP/IP port on the remote machine be forwarded 302 Specifies that a TCP/IP port on the remote machine be forwarded
305 over the secure channel to the specified host and port from the 303 over the secure channel to the specified host and port from the
306 local machine. The first argument must be a port number, and the 304 local machine. The first argument must be a port number, and the
307 second must be host:port. IPv6 addresses can be specified with 305 second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified with
308 an alternative syntax: host/port. Multiple forwardings may be 306 an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may be
309 specified, and additional forwardings can be given on the command 307 specified, and additional forwardings can be given on the command
310 line. Only the superuser can forward privileged ports. 308 line. Only the superuser can forward privileged ports.
311 309
312 RhostsAuthentication 310 ^[[1mRhostsAuthentication^[[0m
313 Specifies whether to try rhosts based authentication. Note that 311 Specifies whether to try rhosts based authentication. Note that
314 this declaration only affects the client side and has no effect 312 this declaration only affects the client side and has no effect
315 whatsoever on security. Most servers do not permit RhostsAuthenM-- 313 whatsoever on security. Most servers do not permit RhostsAuthenM-bM-^@M-^P
316 tication because it is not secure (see RhostsRSAAuthentication). 314 tication because it is not secure (see ^[[1mRhostsRSAAuthentication^[[22m).
317 The argument to this keyword must be ``yes'' or ``no''. The 315 The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default
318 default is ``no''. This option applies to protocol version 1 316 is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only and
319 only and requires ssh to be setuid root and UsePrivilegedPort to 317 requires ^[[1mssh ^[[22mto be setuid root and ^[[1mUsePrivilegedPort ^[[22mto be set to
320 be set to ``yes''. 318 M-bM-^@M-^\yesM-bM-^@M-^].
321 319
322 RhostsRSAAuthentication 320 ^[[1mRhostsRSAAuthentication^[[0m
323 Specifies whether to try rhosts based authentication with RSA 321 Specifies whether to try rhosts based authentication with RSA
324 host authentication. The argument must be ``yes'' or ``no''. 322 host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The
325 The default is ``no''. This option applies to protocol version 1 323 default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only
326 only and requires ssh to be setuid root. 324 and requires ^[[1mssh ^[[22mto be setuid root.
327 325
328 RSAAuthentication 326 ^[[1mRSAAuthentication^[[0m
329 Specifies whether to try RSA authentication. The argument to 327 Specifies whether to try RSA authentication. The argument to
330 this keyword must be ``yes'' or ``no''. RSA authentication will 328 this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. RSA authentication will only
331 only be attempted if the identity file exists, or an authenticaM-- 329 be attempted if the identity file exists, or an authentication
332 tion agent is running. The default is ``yes''. Note that this 330 agent is running. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option
333 option applies to protocol version 1 only. 331 applies to protocol version 1 only.
334 332
335 SmartcardDevice 333 ^[[1mSmartcardDevice^[[0m
336 Specifies which smartcard device to use. The argument to this 334 Specifies which smartcard device to use. The argument to this
337 keyword is the device ssh should use to communicate with a smartM-- 335 keyword is the device ^[[1mssh ^[[22mshould use to communicate with a smartM-bM-^@M-^P
338 card used for storing the user's private RSA key. By default, no 336 card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no
339 device is specified and smartcard support is not activated. 337 device is specified and smartcard support is not activated.
340 338
341 StrictHostKeyChecking 339 ^[[1mStrictHostKeyChecking^[[0m
342 If this flag is set to ``yes'', ssh will never automatically add 340 If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ^[[1mssh ^[[22mwill never automatically add
343 host keys to the $HOME/.ssh/known_hosts file, and refuses to conM-- 341 host keys to the ^[[4m$HOME/.ssh/known_hosts^[[24m file, and refuses to conM-bM-^@M-^P
344 nect to hosts whose host key has changed. This provides maximum 342 nect to hosts whose host key has changed. This provides maximum
345 protection against trojan horse attacks, however, can be annoying 343 protection against trojan horse attacks, however, can be annoying
346 when the /etc/ssh/ssh_known_hosts file is poorly maintained, or 344 when the ^[[4m/etc/ssh/ssh_known_hosts^[[24m file is poorly maintained, or
347 connections to new hosts are frequently made. This option forces 345 connections to new hosts are frequently made. This option forces
348 the user to manually add all new hosts. If this flag is set to 346 the user to manually add all new hosts. If this flag is set to
349 ``no'', ssh will automatically add new host keys to the user 347 M-bM-^@M-^\noM-bM-^@M-^], ^[[1mssh ^[[22mwill automatically add new host keys to the user known
350 known hosts files. If this flag is set to ``ask'', new host keys 348 hosts files. If this flag is set to M-bM-^@M-^\askM-bM-^@M-^], new host keys will be
351 will be added to the user known host files only after the user 349 added to the user known host files only after the user has conM-bM-^@M-^P
352 has confirmed that is what they really want to do, and ssh will 350 firmed that is what they really want to do, and ^[[1mssh ^[[22mwill refuse
353 refuse to connect to hosts whose host key has changed. The host 351 to connect to hosts whose host key has changed. The host keys of
354 keys of known hosts will be verified automatically in all cases. 352 known hosts will be verified automatically in all cases. The
355 The argument must be ``yes'', ``no'' or ``ask''. The default is 353 argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\askM-bM-^@M-^]. The default is M-bM-^@M-^\askM-bM-^@M-^].
356 ``ask''. 354
357 355 ^[[1mUsePrivilegedPort^[[0m
358 UsePrivilegedPort 356 Specifies whether to use a privileged port for outgoing connecM-bM-^@M-^P
359 Specifies whether to use a privileged port for outgoing connecM-- 357 tions. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
360 tions. The argument must be ``yes'' or ``no''. The default is 358 If set to M-bM-^@M-^\yesM-bM-^@M-^] ^[[1mssh ^[[22mmust be setuid root. Note that this option
361 ``no''. If set to ``yes'' ssh must be setuid root. Note that 359 must be set to M-bM-^@M-^\yesM-bM-^@M-^] if ^[[1mRhostsAuthentication ^[[22mand
362 this option must be set to ``yes'' if RhostsAuthentication and 360 ^[[1mRhostsRSAAuthentication ^[[22mauthentications are needed with older
363 RhostsRSAAuthentication authentications are needed with older
364 servers. 361 servers.
365 362
366 User Specifies the user to log in as. This can be useful when a difM-- 363 ^[[1mUser ^[[22mSpecifies the user to log in as. This can be useful when a difM-bM-^@M-^P
367 ferent user name is used on different machines. This saves the 364 ferent user name is used on different machines. This saves the
368 trouble of having to remember to give the user name on the comM-- 365 trouble of having to remember to give the user name on the comM-bM-^@M-^P
369 mand line. 366 mand line.
370 367
371 UserKnownHostsFile 368 ^[[1mUserKnownHostsFile^[[0m
372 Specifies a file to use for the user host key database instead of 369 Specifies a file to use for the user host key database instead of
373 $HOME/.ssh/known_hosts. 370 ^[[4m$HOME/.ssh/known_hosts^[[24m.
374 371
375 XAuthLocation 372 ^[[1mXAuthLocation^[[0m
376 Specifies the full pathname of the xauth(1) program. The default 373 Specifies the full pathname of the xauth(1) program. The default
377 is /usr/X11R6/bin/xauth. 374 is ^[[4m/usr/X11R6/bin/xauth^[[24m.
378 375
379FILES 376^[[1mFILES^[[0m
380 $HOME/.ssh/config 377 $HOME/.ssh/config
381 This is the per-user configuration file. The format of this file 378 This is the perM-bM-^@M-^Puser configuration file. The format of this file
382 is described above. This file is used by the ssh client. This 379 is described above. This file is used by the ^[[1mssh ^[[22mclient. This
383 file does not usually contain any sensitive information, but the 380 file does not usually contain any sensitive information, but the
384 recommended permissions are read/write for the user, and not 381 recommended permissions are read/write for the user, and not
385 accessible by others. 382 accessible by others.
386 383
387 /etc/ssh/ssh_config 384 /etc/ssh/ssh_config
388 Systemwide configuration file. This file provides defaults for 385 Systemwide configuration file. This file provides defaults for
389 those values that are not specified in the user's configuration 386 those values that are not specified in the userM-bM-^@M-^Ys configuration
390 file, and for those users who do not have a configuration file. 387 file, and for those users who do not have a configuration file.
391 This file must be world-readable. 388 This file must be worldM-bM-^@M-^Preadable.
392 389
393AUTHORS 390^[[1mAUTHORS^[[0m
394 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 391 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
395 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 392 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
396 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 393 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
397 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 394 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
398 versions 1.5 and 2.0. 395 versions 1.5 and 2.0.
399 396
400SEE ALSO 397^[[1mSEE ALSO^[[0m
401 ssh(1) 398 ssh(1)
402 399
403BSD September 25, 1999 BSD 400BSD September 25, 1999 BSD
diff --git a/ssh_config.5 b/ssh_config.5
index ac05a0cea..710c068c5 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -474,6 +474,9 @@ somewhere.
474Host key management will be done using the 474Host key management will be done using the
475HostName of the host being connected (defaulting to the name typed by 475HostName of the host being connected (defaulting to the name typed by
476the user). 476the user).
477Setting the command to
478.Dq none
479disables this option entirely.
477Note that 480Note that
478.Cm CheckHostIP 481.Cm CheckHostIP
479is not available for connects with a proxy command. 482is not available for connects with a proxy command.
diff --git a/sshconnect.c b/sshconnect.c
index 776d72065..dae25969a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.137 2002/11/21 23:03:51 deraadt Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -247,7 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
247 */ 247 */
248 int full_failure = 1; 248 int full_failure = 1;
249 249
250 debug("ssh_connect: needpriv %d", needpriv); 250 debug2("ssh_connect: needpriv %d", needpriv);
251 251
252 /* Get default port if port has not been set. */ 252 /* Get default port if port has not been set. */
253 if (port == 0) { 253 if (port == 0) {
@@ -649,10 +649,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
649 "%s key fingerprint is %s.\n" 649 "%s key fingerprint is %s.\n"
650 "Are you sure you want to continue connecting " 650 "Are you sure you want to continue connecting "
651 "(yes/no)? ", 651 "(yes/no)? ",
652 host, ip, 652 host, ip,
653 has_keys ? ",\nbut keys of different type are already " 653 has_keys ? ",\nbut keys of different type are already "
654 "known for this host." : ".", 654 "known for this host." : ".",
655 type, fp); 655 type, fp);
656 xfree(fp); 656 xfree(fp);
657 if (!confirm(msg)) 657 if (!confirm(msg))
658 goto fail; 658 goto fail;
diff --git a/sshconnect2.c b/sshconnect2.c
index 703d0721f..1f92f0296 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh2.h" 29#include "ssh2.h"
@@ -110,6 +110,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
110 110
111 /* start key exchange */ 111 /* start key exchange */
112 kex = kex_setup(myproposal); 112 kex = kex_setup(myproposal);
113 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
114 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
113 kex->client_version_string=client_version_string; 115 kex->client_version_string=client_version_string;
114 kex->server_version_string=server_version_string; 116 kex->server_version_string=server_version_string;
115 kex->verify_host_key=&verify_host_key_callback; 117 kex->verify_host_key=&verify_host_key_callback;
@@ -128,7 +130,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
128 packet_send(); 130 packet_send();
129 packet_write_wait(); 131 packet_write_wait();
130#endif 132#endif
131 debug("done: ssh_kex2.");
132} 133}
133 134
134/* 135/*
@@ -224,24 +225,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
224 if (options.challenge_response_authentication) 225 if (options.challenge_response_authentication)
225 options.kbd_interactive_authentication = 1; 226 options.kbd_interactive_authentication = 1;
226 227
227 debug("send SSH2_MSG_SERVICE_REQUEST");
228 packet_start(SSH2_MSG_SERVICE_REQUEST); 228 packet_start(SSH2_MSG_SERVICE_REQUEST);
229 packet_put_cstring("ssh-userauth"); 229 packet_put_cstring("ssh-userauth");
230 packet_send(); 230 packet_send();
231 debug("SSH2_MSG_SERVICE_REQUEST sent");
231 packet_write_wait(); 232 packet_write_wait();
232 type = packet_read(); 233 type = packet_read();
233 if (type != SSH2_MSG_SERVICE_ACCEPT) { 234 if (type != SSH2_MSG_SERVICE_ACCEPT)
234 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); 235 fatal("Server denied authentication request: %d", type);
235 }
236 if (packet_remaining() > 0) { 236 if (packet_remaining() > 0) {
237 char *reply = packet_get_string(NULL); 237 char *reply = packet_get_string(NULL);
238 debug("service_accept: %s", reply); 238 debug2("service_accept: %s", reply);
239 xfree(reply); 239 xfree(reply);
240 } else { 240 } else {
241 debug("buggy server: service_accept w/o service"); 241 debug2("buggy server: service_accept w/o service");
242 } 242 }
243 packet_check_eom(); 243 packet_check_eom();
244 debug("got SSH2_MSG_SERVICE_ACCEPT"); 244 debug("SSH2_MSG_SERVICE_ACCEPT received");
245 245
246 if (options.preferred_authentications == NULL) 246 if (options.preferred_authentications == NULL)
247 options.preferred_authentications = authmethods_get(); 247 options.preferred_authentications = authmethods_get();
@@ -273,7 +273,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
273 if (authctxt.agent != NULL) 273 if (authctxt.agent != NULL)
274 ssh_close_authentication_connection(authctxt.agent); 274 ssh_close_authentication_connection(authctxt.agent);
275 275
276 debug("ssh-userauth2 successful: method %s", authctxt.method->name); 276 debug("Authentication succeeded (%s).", authctxt.method->name);
277} 277}
278void 278void
279userauth(Authctxt *authctxt, char *authlist) 279userauth(Authctxt *authctxt, char *authlist)
@@ -347,7 +347,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
347 347
348 if (partial != 0) 348 if (partial != 0)
349 log("Authenticated with partial success."); 349 log("Authenticated with partial success.");
350 debug("authentications that can continue: %s", authlist); 350 debug("Authentications that can continue: %s", authlist);
351 351
352 clear_auth_state(authctxt); 352 clear_auth_state(authctxt);
353 userauth(authctxt, authlist); 353 userauth(authctxt, authlist);
@@ -379,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
379 } 379 }
380 packet_check_eom(); 380 packet_check_eom();
381 381
382 debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", 382 debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d",
383 pkalg, blen, authctxt->last_key, authctxt->last_key_hint); 383 pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
384 384
385 do { 385 do {
@@ -764,7 +764,7 @@ userauth_pubkey_agent(Authctxt *authctxt)
764 if (k == NULL) { 764 if (k == NULL) {
765 debug2("userauth_pubkey_agent: no more keys"); 765 debug2("userauth_pubkey_agent: no more keys");
766 } else { 766 } else {
767 debug("userauth_pubkey_agent: testing agent key %s", comment); 767 debug("Offering agent key: %s", comment);
768 xfree(comment); 768 xfree(comment);
769 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); 769 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
770 if (ret == 0) 770 if (ret == 0)
@@ -792,7 +792,7 @@ userauth_pubkey(Authctxt *authctxt)
792 key = options.identity_keys[idx]; 792 key = options.identity_keys[idx];
793 filename = options.identity_files[idx]; 793 filename = options.identity_files[idx];
794 if (key == NULL) { 794 if (key == NULL) {
795 debug("try privkey: %s", filename); 795 debug("Trying private key: %s", filename);
796 key = load_identity_file(filename); 796 key = load_identity_file(filename);
797 if (key != NULL) { 797 if (key != NULL) {
798 sent = sign_and_send_pubkey(authctxt, key, 798 sent = sign_and_send_pubkey(authctxt, key,
@@ -800,7 +800,7 @@ userauth_pubkey(Authctxt *authctxt)
800 key_free(key); 800 key_free(key);
801 } 801 }
802 } else if (key->type != KEY_RSA1) { 802 } else if (key->type != KEY_RSA1) {
803 debug("try pubkey: %s", filename); 803 debug("Offering public key: %s", filename);
804 sent = send_pubkey_test(authctxt, key, 804 sent = send_pubkey_test(authctxt, key,
805 identity_sign_cb, idx); 805 identity_sign_cb, idx);
806 } 806 }
@@ -906,7 +906,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
906 pid_t pid; 906 pid_t pid;
907 int to[2], from[2], status, version = 2; 907 int to[2], from[2], status, version = 2;
908 908
909 debug("ssh_keysign called"); 909 debug2("ssh_keysign called");
910 910
911 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { 911 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
912 error("ssh_keysign: no installed: %s", strerror(errno)); 912 error("ssh_keysign: no installed: %s", strerror(errno));
@@ -995,7 +995,7 @@ userauth_hostbased(Authctxt *authctxt)
995 } 995 }
996 } 996 }
997 if (!found) { 997 if (!found) {
998 debug("userauth_hostbased: no more client hostkeys"); 998 debug("No more client hostkeys for hostbased authentication.");
999 return 0; 999 return 0;
1000 } 1000 }
1001 if (key_to_blob(private, &blob, &blen) == 0) { 1001 if (key_to_blob(private, &blob, &blen) == 0) {
@@ -1014,6 +1014,7 @@ userauth_hostbased(Authctxt *authctxt)
1014 strlcpy(chost, p, len); 1014 strlcpy(chost, p, len);
1015 strlcat(chost, ".", len); 1015 strlcat(chost, ".", len);
1016 debug2("userauth_hostbased: chost %s", chost); 1016 debug2("userauth_hostbased: chost %s", chost);
1017 xfree(p);
1017 1018
1018 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 1019 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1019 authctxt->service; 1020 authctxt->service;
@@ -1109,7 +1110,6 @@ static char *preferred = NULL;
1109static Authmethod * 1110static Authmethod *
1110authmethod_get(char *authlist) 1111authmethod_get(char *authlist)
1111{ 1112{
1112
1113 char *name = NULL; 1113 char *name = NULL;
1114 u_int next; 1114 u_int next;
1115 1115
@@ -1130,7 +1130,7 @@ authmethod_get(char *authlist)
1130 1130
1131 for (;;) { 1131 for (;;) {
1132 if ((name = match_list(preferred, supported, &next)) == NULL) { 1132 if ((name = match_list(preferred, supported, &next)) == NULL) {
1133 debug("no more auth methods to try"); 1133 debug("No more authentication methods to try.");
1134 current = NULL; 1134 current = NULL;
1135 return NULL; 1135 return NULL;
1136 } 1136 }
@@ -1140,7 +1140,7 @@ authmethod_get(char *authlist)
1140 if ((current = authmethod_lookup(name)) != NULL && 1140 if ((current = authmethod_lookup(name)) != NULL &&
1141 authmethod_is_enabled(current)) { 1141 authmethod_is_enabled(current)) {
1142 debug3("authmethod_is_enabled %s", name); 1142 debug3("authmethod_is_enabled %s", name);
1143 debug("next auth method to try is %s", name); 1143 debug("Next authentication method: %s", name);
1144 return current; 1144 return current;
1145 } 1145 }
1146 } 1146 }
diff --git a/sshd.0 b/sshd.0
index 7c88c953f..658af69a6 100644
--- a/sshd.0
+++ b/sshd.0
@@ -1,33 +1,33 @@
1SSHD(8) System Manager's Manual SSHD(8) 1SSHD(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHD(8)
2 2
3NAME 3^[[1mNAME^[[0m
4 sshd - OpenSSH SSH daemon 4 ^[[1msshd ^[[22mM-bMM-^R OpenSSH SSH daemon
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 sshd [-deiqtD46] [-b bits] [-f config_file] [-g login_grace_time] 7 ^[[1msshd ^[[22m[^[[1mM-bMM-^RdeiqtD46^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mconfig_file^[[24m] [^[[1mM-bMM-^Rg ^[[4m^[[22mlogin_grace_time^[[24m]
8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] 8 [^[[1mM-bMM-^Rh ^[[4m^[[22mhost_key_file^[[24m] [^[[1mM-bMM-^Rk ^[[4m^[[22mkey_gen_time^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^Ru ^[[4m^[[22mlen^[[24m]
9 9
10DESCRIPTION 10^[[1mDESCRIPTION^[[0m
11 sshd (SSH Daemon) is the daemon program for ssh(1). Together these proM-- 11 ^[[1msshd ^[[22m(SSH Daemon) is the daemon program for ssh(1). Together these proM-bM-^@M-^P
12 grams replace rlogin and rsh, and provide secure encrypted communications 12 grams replace rlogin and rsh, and provide secure encrypted communications
13 between two untrusted hosts over an insecure network. The programs are 13 between two untrusted hosts over an insecure network. The programs are
14 intended to be as easy to install and use as possible. 14 intended to be as easy to install and use as possible.
15 15
16 sshd is the daemon that listens for connections from clients. It is norM-- 16 ^[[1msshd ^[[22mis the daemon that listens for connections from clients. It is norM-bM-^@M-^P
17 mally started at boot from /etc/rc. It forks a new daemon for each 17 mally started at boot from ^[[4m/etc/rc^[[24m. It forks a new daemon for each
18 incoming connection. The forked daemons handle key exchange, encryption, 18 incoming connection. The forked daemons handle key exchange, encryption,
19 authentication, command execution, and data exchange. This implementaM-- 19 authentication, command execution, and data exchange. This implementaM-bM-^@M-^P
20 tion of sshd supports both SSH protocol version 1 and 2 simultaneously. 20 tion of ^[[1msshd ^[[22msupports both SSH protocol version 1 and 2 simultaneously.
21 sshd works as follows. 21 ^[[1msshd ^[[22mworks as follows:
22 22
23 SSH protocol version 1 23 ^[[1mSSH protocol version 1^[[0m
24 24
25 Each host has a host-specific RSA key (normally 1024 bits) used to idenM-- 25 Each host has a hostM-bM-^@M-^Pspecific RSA key (normally 1024 bits) used to idenM-bM-^@M-^P
26 tify the host. Additionally, when the daemon starts, it generates a 26 tify the host. Additionally, when the daemon starts, it generates a
27 server RSA key (normally 768 bits). This key is normally regenerated 27 server RSA key (normally 768 bits). This key is normally regenerated
28 every hour if it has been used, and is never stored on disk. 28 every hour if it has been used, and is never stored on disk.
29 29
30 Whenever a client connects the daemon responds with its public host and 30 Whenever a client connects, the daemon responds with its public host and
31 server keys. The client compares the RSA host key against its own 31 server keys. The client compares the RSA host key against its own
32 database to verify that it has not changed. The client then generates a 32 database to verify that it has not changed. The client then generates a
33 256 bit random number. It encrypts this random number using both the 33 256 bit random number. It encrypts this random number using both the
@@ -35,24 +35,24 @@ DESCRIPTION
35 server. Both sides then use this random number as a session key which is 35 server. Both sides then use this random number as a session key which is
36 used to encrypt all further communications in the session. The rest of 36 used to encrypt all further communications in the session. The rest of
37 the session is encrypted using a conventional cipher, currently Blowfish 37 the session is encrypted using a conventional cipher, currently Blowfish
38 or 3DES, with 3DES being used by default. The client selects the encrypM-- 38 or 3DES, with 3DES being used by default. The client selects the encrypM-bM-^@M-^P
39 tion algorithm to use from those offered by the server. 39 tion algorithm to use from those offered by the server.
40 40
41 Next, the server and the client enter an authentication dialog. The 41 Next, the server and the client enter an authentication dialog. The
42 client tries to authenticate itself using .rhosts authentication, .rhosts 42 client tries to authenticate itself using ^[[4m.rhosts^[[24m authentication, ^[[4m.rhosts^[[0m
43 authentication combined with RSA host authentication, RSA challenge- 43 authentication combined with RSA host authentication, RSA challengeM-bM-^@M-^P
44 response authentication, or password based authentication. 44 response authentication, or password based authentication.
45 45
46 Rhosts authentication is normally disabled because it is fundamentally 46 Rhosts authentication is normally disabled because it is fundamentally
47 insecure, but can be enabled in the server configuration file if desired. 47 insecure, but can be enabled in the server configuration file if desired.
48 System security is not improved unless rshd, rlogind, and rexecd are disM-- 48 System security is not improved unless ^[[1mrshd^[[22m, ^[[1mrlogind^[[22m, and ^[[1mrexecd ^[[22mare disM-bM-^@M-^P
49 abled (thus completely disabling rlogin and rsh into the machine). 49 abled (thus completely disabling rlogin and rsh into the machine).
50 50
51 SSH protocol version 2 51 ^[[1mSSH protocol version 2^[[0m
52 52
53 Version 2 works similarly: Each host has a host-specific key (RSA or DSA) 53 Version 2 works similarly: Each host has a hostM-bM-^@M-^Pspecific key (RSA or DSA)
54 used to identify the host. However, when the daemon starts, it does not 54 used to identify the host. However, when the daemon starts, it does not
55 generate a server key. Forward security is provided through a Diffie- 55 generate a server key. Forward security is provided through a DiffieM-bM-^@M-^P
56 Hellman key agreement. This key agreement results in a shared session 56 Hellman key agreement. This key agreement results in a shared session
57 key. 57 key.
58 58
@@ -60,19 +60,19 @@ DESCRIPTION
60 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit 60 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit
61 AES. The client selects the encryption algorithm to use from those 61 AES. The client selects the encryption algorithm to use from those
62 offered by the server. Additionally, session integrity is provided 62 offered by the server. Additionally, session integrity is provided
63 through a cryptographic message authentication code (hmac-sha1 or hmac- 63 through a cryptographic message authentication code (hmacM-bM-^@M-^Psha1 or hmacM-bM-^@M-^P
64 md5). 64 md5).
65 65
66 Protocol version 2 provides a public key based user (PubkeyAuthenticaM-- 66 Protocol version 2 provides a public key based user (PubkeyAuthenticaM-bM-^@M-^P
67 tion) or client host (HostbasedAuthentication) authentication method, 67 tion) or client host (HostbasedAuthentication) authentication method,
68 conventional password authentication and challenge response based methM-- 68 conventional password authentication and challenge response based methM-bM-^@M-^P
69 ods. 69 ods.
70 70
71 Command execution and data forwarding 71 ^[[1mCommand execution and data forwarding^[[0m
72 72
73 If the client successfully authenticates itself, a dialog for preparing 73 If the client successfully authenticates itself, a dialog for preparing
74 the session is entered. At this time the client may request things like 74 the session is entered. At this time the client may request things like
75 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP 75 allocating a pseudoM-bM-^@M-^Ptty, forwarding X11 connections, forwarding TCP/IP
76 connections, or forwarding the authentication agent connection over the 76 connections, or forwarding the authentication agent connection over the
77 secure channel. 77 secure channel.
78 78
@@ -81,390 +81,390 @@ DESCRIPTION
81 data at any time, and such data is forwarded to/from the shell or command 81 data at any time, and such data is forwarded to/from the shell or command
82 on the server side, and the user terminal in the client side. 82 on the server side, and the user terminal in the client side.
83 83
84 When the user program terminates and all forwarded X11 and other connecM-- 84 When the user program terminates and all forwarded X11 and other connecM-bM-^@M-^P
85 tions have been closed, the server sends command exit status to the 85 tions have been closed, the server sends command exit status to the
86 client, and both sides exit. 86 client, and both sides exit.
87 87
88 sshd can be configured using command-line options or a configuration 88 ^[[1msshd ^[[22mcan be configured using commandM-bM-^@M-^Pline options or a configuration
89 file. Command-line options override values specified in the configuraM-- 89 file. CommandM-bM-^@M-^Pline options override values specified in the configuraM-bM-^@M-^P
90 tion file. 90 tion file.
91 91
92 sshd rereads its configuration file when it receives a hangup signal, 92 ^[[1msshd ^[[22mrereads its configuration file when it receives a hangup signal,
93 SIGHUP, by executing itself with the name it was started as, i.e., 93 SIGHUP, by executing itself with the name it was started as, i.e.,
94 /usr/sbin/sshd. 94 ^[[4m/usr/sbin/sshd^[[24m.
95 95
96 The options are as follows: 96 The options are as follows:
97 97
98 -b bits 98 ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m
99 Specifies the number of bits in the ephemeral protocol version 1 99 Specifies the number of bits in the ephemeral protocol version 1
100 server key (default 768). 100 server key (default 768).
101 101
102 -d Debug mode. The server sends verbose debug output to the system 102 ^[[1mM-bMM-^Rd ^[[22mDebug mode. The server sends verbose debug output to the system
103 log, and does not put itself in the background. The server also 103 log, and does not put itself in the background. The server also
104 will not fork and will only process one connection. This option 104 will not fork and will only process one connection. This option
105 is only intended for debugging for the server. Multiple -d 105 is only intended for debugging for the server. Multiple ^[[1mM-bMM-^Rd^[[0m
106 options increase the debugging level. Maximum is 3. 106 options increase the debugging level. Maximum is 3.
107 107
108 -e When this option is specified, sshd will send the output to the 108 ^[[1mM-bMM-^Re ^[[22mWhen this option is specified, ^[[1msshd ^[[22mwill send the output to the
109 standard error instead of the system log. 109 standard error instead of the system log.
110 110
111 -f configuration_file 111 ^[[1mM-bMM-^Rf ^[[4m^[[22mconfiguration_file^[[0m
112 Specifies the name of the configuration file. The default is 112 Specifies the name of the configuration file. The default is
113 /etc/ssh/sshd_config. sshd refuses to start if there is no conM-- 113 ^[[4m/etc/ssh/sshd_config^[[24m. ^[[1msshd ^[[22mrefuses to start if there is no conM-bM-^@M-^P
114 figuration file. 114 figuration file.
115 115
116 -g login_grace_time 116 ^[[1mM-bMM-^Rg ^[[4m^[[22mlogin_grace_time^[[0m
117 Gives the grace time for clients to authenticate themselves 117 Gives the grace time for clients to authenticate themselves
118 (default 120 seconds). If the client fails to authenticate the 118 (default 120 seconds). If the client fails to authenticate the
119 user within this many seconds, the server disconnects and exits. 119 user within this many seconds, the server disconnects and exits.
120 A value of zero indicates no limit. 120 A value of zero indicates no limit.
121 121
122 -h host_key_file 122 ^[[1mM-bMM-^Rh ^[[4m^[[22mhost_key_file^[[0m
123 Specifies a file from which a host key is read. This option must 123 Specifies a file from which a host key is read. This option must
124 be given if sshd is not run as root (as the normal host key files 124 be given if ^[[1msshd ^[[22mis not run as root (as the normal host key files
125 are normally not readable by anyone but root). The default is 125 are normally not readable by anyone but root). The default is
126 /etc/ssh/ssh_host_key for protocol version 1, and 126 ^[[4m/etc/ssh/ssh_host_key^[[24m for protocol version 1, and
127 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for proM-- 127 ^[[4m/etc/ssh/ssh_host_rsa_key^[[24m and ^[[4m/etc/ssh/ssh_host_dsa_key^[[24m for proM-bM-^@M-^P
128 tocol version 2. It is possible to have multiple host key files 128 tocol version 2. It is possible to have multiple host key files
129 for the different protocol versions and host key algorithms. 129 for the different protocol versions and host key algorithms.
130 130
131 -i Specifies that sshd is being run from inetd. sshd is normally 131 ^[[1mM-bMM-^Ri ^[[22mSpecifies that ^[[1msshd ^[[22mis being run from inetd(8). ^[[1msshd ^[[22mis normally
132 not run from inetd because it needs to generate the server key 132 not run from inetd because it needs to generate the server key
133 before it can respond to the client, and this may take tens of 133 before it can respond to the client, and this may take tens of
134 seconds. Clients would have to wait too long if the key was 134 seconds. Clients would have to wait too long if the key was
135 regenerated every time. However, with small key sizes (e.g., 135 regenerated every time. However, with small key sizes (e.g.,
136 512) using sshd from inetd may be feasible. 136 512) using ^[[1msshd ^[[22mfrom inetd may be feasible.
137 137
138 -k key_gen_time 138 ^[[1mM-bMM-^Rk ^[[4m^[[22mkey_gen_time^[[0m
139 Specifies how often the ephemeral protocol version 1 server key 139 Specifies how often the ephemeral protocol version 1 server key
140 is regenerated (default 3600 seconds, or one hour). The motivaM-- 140 is regenerated (default 3600 seconds, or one hour). The motivaM-bM-^@M-^P
141 tion for regenerating the key fairly often is that the key is not 141 tion for regenerating the key fairly often is that the key is not
142 stored anywhere, and after about an hour, it becomes impossible 142 stored anywhere, and after about an hour, it becomes impossible
143 to recover the key for decrypting intercepted communications even 143 to recover the key for decrypting intercepted communications even
144 if the machine is cracked into or physically seized. A value of 144 if the machine is cracked into or physically seized. A value of
145 zero indicates that the key will never be regenerated. 145 zero indicates that the key will never be regenerated.
146 146
147 -o option 147 ^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[0m
148 Can be used to give options in the format used in the configuraM-- 148 Can be used to give options in the format used in the configuraM-bM-^@M-^P
149 tion file. This is useful for specifying options for which there 149 tion file. This is useful for specifying options for which there
150 is no separate command-line flag. 150 is no separate commandM-bM-^@M-^Pline flag.
151 151
152 -p port 152 ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m
153 Specifies the port on which the server listens for connections 153 Specifies the port on which the server listens for connections
154 (default 22). Multiple port options are permitted. Ports speciM-- 154 (default 22). Multiple port options are permitted. Ports speciM-bM-^@M-^P
155 fied in the configuration file are ignored when a command-line 155 fied in the configuration file are ignored when a commandM-bM-^@M-^Pline
156 port is specified. 156 port is specified.
157 157
158 -q Quiet mode. Nothing is sent to the system log. Normally the 158 ^[[1mM-bMM-^Rq ^[[22mQuiet mode. Nothing is sent to the system log. Normally the
159 beginning, authentication, and termination of each connection is 159 beginning, authentication, and termination of each connection is
160 logged. 160 logged.
161 161
162 -t Test mode. Only check the validity of the configuration file and 162 ^[[1mM-bMM-^Rt ^[[22mTest mode. Only check the validity of the configuration file and
163 sanity of the keys. This is useful for updating sshd reliably as 163 sanity of the keys. This is useful for updating ^[[1msshd ^[[22mreliably as
164 configuration options may change. 164 configuration options may change.
165 165
166 -u len This option is used to specify the size of the field in the utmp 166 ^[[1mM-bMM-^Ru ^[[4m^[[22mlen^[[24m This option is used to specify the size of the field in the utmp
167 structure that holds the remote host name. If the resolved host 167 structure that holds the remote host name. If the resolved host
168 name is longer than len, the dotted decimal value will be used 168 name is longer than ^[[4mlen^[[24m, the dotted decimal value will be used
169 instead. This allows hosts with very long host names that overM-- 169 instead. This allows hosts with very long host names that overM-bM-^@M-^P
170 flow this field to still be uniquely identified. Specifying -u0 170 flow this field to still be uniquely identified. Specifying ^[[1mM-bMM-^Ru0^[[0m
171 indicates that only dotted decimal addresses should be put into 171 indicates that only dotted decimal addresses should be put into
172 the utmp file. -u0 is also be used to prevent sshd from making 172 the ^[[4mutmp^[[24m file. ^[[1mM-bMM-^Ru0 ^[[22mmay also be used to prevent ^[[1msshd ^[[22mfrom making
173 DNS requests unless the authentication mechanism or configuration 173 DNS requests unless the authentication mechanism or configuration
174 requires it. Authentication mechanisms that may require DNS 174 requires it. Authentication mechanisms that may require DNS
175 include RhostsAuthentication, RhostsRSAAuthentication, 175 include ^[[1mRhostsAuthentication^[[22m, ^[[1mRhostsRSAAuthentication^[[22m,
176 HostbasedAuthentication and using a from="pattern-list" option in 176 ^[[1mHostbasedAuthentication ^[[22mand using a ^[[1mfrom="patternM-bM-^@M-^Plist" ^[[22moption in
177 a key file. Configuration options that require DNS include using 177 a key file. Configuration options that require DNS include using
178 a USER@HOST pattern in AllowUsers or DenyUsers. 178 a USER@HOST pattern in ^[[1mAllowUsers ^[[22mor ^[[1mDenyUsers^[[22m.
179 179
180 -D When this option is specified sshd will not detach and does not 180 ^[[1mM-bMM-^RD ^[[22mWhen this option is specified ^[[1msshd ^[[22mwill not detach and does not
181 become a daemon. This allows easy monitoring of sshd. 181 become a daemon. This allows easy monitoring of ^[[1msshd^[[22m.
182 182
183 -4 Forces sshd to use IPv4 addresses only. 183 ^[[1mM-bMM-^R4 ^[[22mForces ^[[1msshd ^[[22mto use IPv4 addresses only.
184 184
185 -6 Forces sshd to use IPv6 addresses only. 185 ^[[1mM-bMM-^R6 ^[[22mForces ^[[1msshd ^[[22mto use IPv6 addresses only.
186 186
187CONFIGURATION FILE 187^[[1mCONFIGURATION FILE^[[0m
188 sshd reads configuration data from /etc/ssh/sshd_config (or the file 188 ^[[1msshd ^[[22mreads configuration data from ^[[4m/etc/ssh/sshd_config^[[24m (or the file
189 specified with -f on the command line). The file format and configuraM-- 189 specified with ^[[1mM-bMM-^Rf ^[[22mon the command line). The file format and configuraM-bM-^@M-^P
190 tion options are described in sshd_config(5). 190 tion options are described in sshd_config(5).
191 191
192LOGIN PROCESS 192^[[1mLOGIN PROCESS^[[0m
193 When a user successfully logs in, sshd does the following: 193 When a user successfully logs in, ^[[1msshd ^[[22mdoes the following:
194 194
195 1. If the login is on a tty, and no command has been specified, 195 1. If the login is on a tty, and no command has been specified,
196 prints last login time and /etc/motd (unless prevented in the 196 prints last login time and ^[[4m/etc/motd^[[24m (unless prevented in the
197 configuration file or by $HOME/.hushlogin; see the FILES secM-- 197 configuration file or by ^[[4m$HOME/.hushlogin^[[24m; see the ^[[4mFILES^[[24m secM-bM-^@M-^P
198 tion). 198 tion).
199 199
200 2. If the login is on a tty, records login time. 200 2. If the login is on a tty, records login time.
201 201
202 3. Checks /etc/nologin; if it exists, prints contents and quits 202 3. Checks ^[[4m/etc/nologin^[[24m; if it exists, prints contents and quits
203 (unless root). 203 (unless root).
204 204
205 4. Changes to run with normal user privileges. 205 4. Changes to run with normal user privileges.
206 206
207 5. Sets up basic environment. 207 5. Sets up basic environment.
208 208
209 6. Reads $HOME/.ssh/environment if it exists and users are 209 6. Reads ^[[4m$HOME/.ssh/environment^[[24m if it exists and users are
210 allowed to change their environment. See the 210 allowed to change their environment. See the
211 PermitUserEnvironment option in sshd_config(5). 211 ^[[1mPermitUserEnvironment ^[[22moption in sshd_config(5).
212 212
213 7. Changes to user's home directory. 213 7. Changes to userM-bM-^@M-^Ys home directory.
214 214
215 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc 215 8. If ^[[4m$HOME/.ssh/rc^[[24m exists, runs it; else if ^[[4m/etc/ssh/sshrc^[[0m
216 exists, runs it; otherwise runs xauth. The ``rc'' files are 216 exists, runs it; otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are
217 given the X11 authentication protocol and cookie in standard 217 given the X11 authentication protocol and cookie in standard
218 input. 218 input.
219 219
220 9. Runs user's shell or command. 220 9. Runs userM-bM-^@M-^Ys shell or command.
221 221
222AUTHORIZED_KEYS FILE FORMAT 222^[[1mAUTHORIZED_KEYS FILE FORMAT^[[0m
223 $HOME/.ssh/authorized_keys is the default file that lists the public keys 223 ^[[4m$HOME/.ssh/authorized_keys^[[24m is the default file that lists the public keys
224 that are permitted for RSA authentication in protocol version 1 and for 224 that are permitted for RSA authentication in protocol version 1 and for
225 public key authentication (PubkeyAuthentication) in protocol version 2. 225 public key authentication (PubkeyAuthentication) in protocol version 2.
226 AuthorizedKeysFile may be used to specify an alternative file. 226 ^[[1mAuthorizedKeysFile ^[[22mmay be used to specify an alternative file.
227 227
228 Each line of the file contains one key (empty lines and lines starting 228 Each line of the file contains one key (empty lines and lines starting
229 with a `#' are ignored as comments). Each RSA public key consists of the 229 with a M-bM-^@M-^X#M-bM-^@M-^Y are ignored as comments). Each RSA public key consists of the
230 following fields, separated by spaces: options, bits, exponent, modulus, 230 following fields, separated by spaces: options, bits, exponent, modulus,
231 comment. Each protocol version 2 public key consists of: options, keyM-- 231 comment. Each protocol version 2 public key consists of: options, keyM-bM-^@M-^P
232 type, base64 encoded key, comment. The options field is optional; its 232 type, base64 encoded key, comment. The options field is optional; its
233 presence is determined by whether the line starts with a number or not 233 presence is determined by whether the line starts with a number or not
234 (the options field never starts with a number). The bits, exponent, modM-- 234 (the options field never starts with a number). The bits, exponent, modM-bM-^@M-^P
235 ulus and comment fields give the RSA key for protocol version 1; the comM-- 235 ulus and comment fields give the RSA key for protocol version 1; the comM-bM-^@M-^P
236 ment field is not used for anything (but may be convenient for the user 236 ment field is not used for anything (but may be convenient for the user
237 to identify the key). For protocol version 2 the keytype is ``ssh-dss'' 237 to identify the key). For protocol version 2 the keytype is M-bM-^@M-^\sshM-bM-^@M-^PdssM-bM-^@M-^] or
238 or ``ssh-rsa''. 238 M-bM-^@M-^\sshM-bM-^@M-^PrsaM-bM-^@M-^].
239 239
240 Note that lines in this file are usually several hundred bytes long 240 Note that lines in this file are usually several hundred bytes long
241 (because of the size of the public key encoding). You don't want to type 241 (because of the size of the public key encoding). You donM-bM-^@M-^Yt want to type
242 them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub 242 them in; instead, copy the ^[[4midentity.pub^[[24m, ^[[4mid_dsa.pub^[[24m or the ^[[4mid_rsa.pub^[[0m
243 file and edit it. 243 file and edit it.
244 244
245 sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 245 ^[[1msshd ^[[22menforces a minimum RSA key modulus size for protocol 1 and protocol
246 2 keys of 768 bits. 246 2 keys of 768 bits.
247 247
248 The options (if present) consist of comma-separated option specificaM-- 248 The options (if present) consist of commaM-bM-^@M-^Pseparated option specificaM-bM-^@M-^P
249 tions. No spaces are permitted, except within double quotes. The folM-- 249 tions. No spaces are permitted, except within double quotes. The folM-bM-^@M-^P
250 lowing option specifications are supported (note that option keywords are 250 lowing option specifications are supported (note that option keywords are
251 case-insensitive): 251 caseM-bM-^@M-^Pinsensitive):
252 252
253 from="pattern-list" 253 ^[[1mfrom="patternM-bM-^@M-^Plist"^[[0m
254 Specifies that in addition to public key authentication, the 254 Specifies that in addition to public key authentication, the
255 canonical name of the remote host must be present in the comma- 255 canonical name of the remote host must be present in the commaM-bM-^@M-^P
256 separated list of patterns (`*' and `'? serve as wildcards). 256 separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? serve as wildcards).
257 The list may also contain patterns negated by prefixing them with 257 The list may also contain patterns negated by prefixing them with
258 `'!; if the canonical host name matches a negated pattern, the 258 M-bM-^@M-^XM-bM-^@M-^Y!; if the canonical host name matches a negated pattern, the
259 key is not accepted. The purpose of this option is to optionally 259 key is not accepted. The purpose of this option is to optionally
260 increase security: public key authentication by itself does not 260 increase security: public key authentication by itself does not
261 trust the network or name servers or anything (but the key); howM-- 261 trust the network or name servers or anything (but the key); howM-bM-^@M-^P
262 ever, if somebody somehow steals the key, the key permits an 262 ever, if somebody somehow steals the key, the key permits an
263 intruder to log in from anywhere in the world. This additional 263 intruder to log in from anywhere in the world. This additional
264 option makes using a stolen key more difficult (name servers 264 option makes using a stolen key more difficult (name servers
265 and/or routers would have to be compromised in addition to just 265 and/or routers would have to be compromised in addition to just
266 the key). 266 the key).
267 267
268 command="command" 268 ^[[1mcommand="command"^[[0m
269 Specifies that the command is executed whenever this key is used 269 Specifies that the command is executed whenever this key is used
270 for authentication. The command supplied by the user (if any) is 270 for authentication. The command supplied by the user (if any) is
271 ignored. The command is run on a pty if the client requests a 271 ignored. The command is run on a pty if the client requests a
272 pty; otherwise it is run without a tty. If a 8-bit clean channel 272 pty; otherwise it is run without a tty. If an 8M-bM-^@M-^Pbit clean chanM-bM-^@M-^P
273 is required, one must not request a pty or should specify no-pty. 273 nel is required, one must not request a pty or should specify
274 A quote may be included in the command by quoting it with a backM-- 274 ^[[1mnoM-bM-^@M-^Ppty^[[22m. A quote may be included in the command by quoting it
275 slash. This option might be useful to restrict certain public 275 with a backslash. This option might be useful to restrict cerM-bM-^@M-^P
276 keys to perform just a specific operation. An example might be a 276 tain public keys to perform just a specific operation. An examM-bM-^@M-^P
277 key that permits remote backups but nothing else. Note that the 277 ple might be a key that permits remote backups but nothing else.
278 client may specify TCP/IP and/or X11 forwarding unless they are 278 Note that the client may specify TCP/IP and/or X11 forwarding
279 explicitly prohibited. Note that this option applies to shell, 279 unless they are explicitly prohibited. Note that this option
280 command or subsystem execution. 280 applies to shell, command or subsystem execution.
281 281
282 environment="NAME=value" 282 ^[[1menvironment="NAME=value"^[[0m
283 Specifies that the string is to be added to the environment when 283 Specifies that the string is to be added to the environment when
284 logging in using this key. Environment variables set this way 284 logging in using this key. Environment variables set this way
285 override other default environment values. Multiple options of 285 override other default environment values. Multiple options of
286 this type are permitted. Environment processing is disabled by 286 this type are permitted. Environment processing is disabled by
287 default and is controlled via the PermitUserEnvironment option. 287 default and is controlled via the ^[[1mPermitUserEnvironment ^[[22moption.
288 This option is automatically disabled if UseLogin is enabled. 288 This option is automatically disabled if ^[[1mUseLogin ^[[22mis enabled.
289 289
290 no-port-forwarding 290 ^[[1mnoM-bM-^@M-^PportM-bM-^@M-^Pforwarding^[[0m
291 Forbids TCP/IP forwarding when this key is used for authenticaM-- 291 Forbids TCP/IP forwarding when this key is used for authenticaM-bM-^@M-^P
292 tion. Any port forward requests by the client will return an 292 tion. Any port forward requests by the client will return an
293 error. This might be used, e.g., in connection with the command 293 error. This might be used, e.g., in connection with the ^[[1mcommand^[[0m
294 option. 294 option.
295 295
296 no-X11-forwarding 296 ^[[1mnoM-bM-^@M-^PX11M-bM-^@M-^Pforwarding^[[0m
297 Forbids X11 forwarding when this key is used for authentication. 297 Forbids X11 forwarding when this key is used for authentication.
298 Any X11 forward requests by the client will return an error. 298 Any X11 forward requests by the client will return an error.
299 299
300 no-agent-forwarding 300 ^[[1mnoM-bM-^@M-^PagentM-bM-^@M-^Pforwarding^[[0m
301 Forbids authentication agent forwarding when this key is used for 301 Forbids authentication agent forwarding when this key is used for
302 authentication. 302 authentication.
303 303
304 no-pty Prevents tty allocation (a request to allocate a pty will fail). 304 ^[[1mnoM-bM-^@M-^Ppty ^[[22mPrevents tty allocation (a request to allocate a pty will fail).
305 305
306 permitopen="host:port" 306 ^[[1mpermitopen="host:port"^[[0m
307 Limit local ``ssh -L'' port forwarding such that it may only conM-- 307 Limit local M-bM-^@M-^XM-bM-^@M-^Xssh M-bM-^@M-^PLM-bM-^@M-^YM-bM-^@M-^Y port forwarding such that it may only conM-bM-^@M-^P
308 nect to the specified host and port. IPv6 addresses can be specM-- 308 nect to the specified host and port. IPv6 addresses can be specM-bM-^@M-^P
309 ified with an alternative syntax: host/port. Multiple permitopen 309 ified with an alternative syntax: ^[[4mhost/port^[[24m. Multiple ^[[1mpermitopen^[[0m
310 options may be applied separated by commas. No pattern matching 310 options may be applied separated by commas. No pattern matching
311 is performed on the specified hostnames, they must be literal 311 is performed on the specified hostnames, they must be literal
312 domains or addresses. 312 domains or addresses.
313 313
314 Examples 314 ^[[1mExamples^[[0m
315 1024 33 12121...312314325 ylo@foo.bar 315 1024 33 12121...312314325 ylo@foo.bar
316 316
317 from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula 317 from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
318 318
319 command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 319 command="dump /home",noM-bM-^@M-^Ppty,noM-bM-^@M-^PportM-bM-^@M-^Pforwarding 1024 33 23...2323
320 backup.hut.fi 320 backup.hut.fi
321 321
322 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 322 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
323 323
324SSH_KNOWN_HOSTS FILE FORMAT 324^[[1mSSH_KNOWN_HOSTS FILE FORMAT^[[0m
325 The /etc/ssh/ssh_known_hosts, and $HOME/.ssh/known_hosts files contain 325 The ^[[4m/etc/ssh/ssh_known_hosts^[[24m and ^[[4m$HOME/.ssh/known_hosts^[[24m files contain
326 host public keys for all known hosts. The global file should be prepared 326 host public keys for all known hosts. The global file should be prepared
327 by the administrator (optional), and the per-user file is maintained 327 by the administrator (optional), and the perM-bM-^@M-^Puser file is maintained
328 automatically: whenever the user connects from an unknown host its key is 328 automatically: whenever the user connects from an unknown host its key is
329 added to the per-user file. 329 added to the perM-bM-^@M-^Puser file.
330 330
331 Each line in these files contains the following fields: hostnames, bits, 331 Each line in these files contains the following fields: hostnames, bits,
332 exponent, modulus, comment. The fields are separated by spaces. 332 exponent, modulus, comment. The fields are separated by spaces.
333 333
334 Hostnames is a comma-separated list of patterns ('*' and '?' act as wildM-- 334 Hostnames is a commaM-bM-^@M-^Pseparated list of patterns (M-bM-^@M-^Y*M-bM-^@M-^Y and M-bM-^@M-^Y?M-bM-^@M-^Y act as wildM-bM-^@M-^P
335 cards); each pattern in turn is matched against the canonical host name 335 cards); each pattern in turn is matched against the canonical host name
336 (when authenticating a client) or against the user-supplied name (when 336 (when authenticating a client) or against the userM-bM-^@M-^Psupplied name (when
337 authenticating a server). A pattern may also be preceded by `'! to 337 authenticating a server). A pattern may also be preceded by M-bM-^@M-^XM-bM-^@M-^Y! to
338 indicate negation: if the host name matches a negated pattern, it is not 338 indicate negation: if the host name matches a negated pattern, it is not
339 accepted (by that line) even if it matched another pattern on the line. 339 accepted (by that line) even if it matched another pattern on the line.
340 340
341 Bits, exponent, and modulus are taken directly from the RSA host key; 341 Bits, exponent, and modulus are taken directly from the RSA host key;
342 they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub. The optional 342 they can be obtained, e.g., from ^[[4m/etc/ssh/ssh_host_key.pub^[[24m. The optional
343 comment field continues to the end of the line, and is not used. 343 comment field continues to the end of the line, and is not used.
344 344
345 Lines starting with `#' and empty lines are ignored as comments. 345 Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments.
346 346
347 When performing host authentication, authentication is accepted if any 347 When performing host authentication, authentication is accepted if any
348 matching line has the proper key. It is thus permissible (but not recomM-- 348 matching line has the proper key. It is thus permissible (but not recomM-bM-^@M-^P
349 mended) to have several lines or different host keys for the same names. 349 mended) to have several lines or different host keys for the same names.
350 This will inevitably happen when short forms of host names from different 350 This will inevitably happen when short forms of host names from different
351 domains are put in the file. It is possible that the files contain conM-- 351 domains are put in the file. It is possible that the files contain conM-bM-^@M-^P
352 flicting information; authentication is accepted if valid information can 352 flicting information; authentication is accepted if valid information can
353 be found from either file. 353 be found from either file.
354 354
355 Note that the lines in these files are typically hundreds of characters 355 Note that the lines in these files are typically hundreds of characters
356 long, and you definitely don't want to type in the host keys by hand. 356 long, and you definitely donM-bM-^@M-^Yt want to type in the host keys by hand.
357 Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub 357 Rather, generate them by a script or by taking ^[[4m/etc/ssh/ssh_host_key.pub^[[0m
358 and adding the host names at the front. 358 and adding the host names at the front.
359 359
360 Examples 360 ^[[1mExamples^[[0m
361 361
362 closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi 362 closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
363 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= 363 cvs.openbsd.org,199.185.137.3 sshM-bM-^@M-^Prsa AAAA1234.....=
364 364
365FILES 365^[[1mFILES^[[0m
366 /etc/ssh/sshd_config 366 /etc/ssh/sshd_config
367 Contains configuration data for sshd. The file format and conM-- 367 Contains configuration data for ^[[1msshd^[[22m. The file format and conM-bM-^@M-^P
368 figuration options are described in sshd_config(5). 368 figuration options are described in sshd_config(5).
369 369
370 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, 370 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key,
371 /etc/ssh/ssh_host_rsa_key 371 /etc/ssh/ssh_host_rsa_key
372 These three files contain the private parts of the host keys. 372 These three files contain the private parts of the host keys.
373 These files should only be owned by root, readable only by root, 373 These files should only be owned by root, readable only by root,
374 and not accessible to others. Note that sshd does not start if 374 and not accessible to others. Note that ^[[1msshd ^[[22mdoes not start if
375 this file is group/world-accessible. 375 this file is group/worldM-bM-^@M-^Paccessible.
376 376
377 /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, 377 /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub,
378 /etc/ssh/ssh_host_rsa_key.pub 378 /etc/ssh/ssh_host_rsa_key.pub
379 These three files contain the public parts of the host keys. 379 These three files contain the public parts of the host keys.
380 These files should be world-readable but writable only by root. 380 These files should be worldM-bM-^@M-^Preadable but writable only by root.
381 Their contents should match the respective private parts. These 381 Their contents should match the respective private parts. These
382 files are not really used for anything; they are provided for the 382 files are not really used for anything; they are provided for the
383 convenience of the user so their contents can be copied to known 383 convenience of the user so their contents can be copied to known
384 hosts files. These files are created using ssh-keygen(1). 384 hosts files. These files are created using sshM-bM-^@M-^Pkeygen(1).
385 385
386 /etc/moduli 386 /etc/moduli
387 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 387 Contains DiffieM-bM-^@M-^PHellman groups used for the "DiffieM-bM-^@M-^PHellman Group
388 Exchange". The file format is described in moduli(5). 388 Exchange". The file format is described in moduli(5).
389 389
390 /var/empty 390 /var/empty
391 chroot(2) directory used by sshd during privilege separation in 391 chroot(2) directory used by ^[[1msshd ^[[22mduring privilege separation in
392 the pre-authentication phase. The directory should not contain 392 the preM-bM-^@M-^Pauthentication phase. The directory should not contain
393 any files and must be owned by root and not group or world- 393 any files and must be owned by root and not group or worldM-bM-^@M-^P
394 writable. 394 writable.
395 395
396 /var/run/sshd.pid 396 /var/run/sshd.pid
397 Contains the process ID of the sshd listening for connections (if 397 Contains the process ID of the ^[[1msshd ^[[22mlistening for connections (if
398 there are several daemons running concurrently for different 398 there are several daemons running concurrently for different
399 ports, this contains the process ID of the one started last). 399 ports, this contains the process ID of the one started last).
400 The content of this file is not sensitive; it can be world-readM-- 400 The content of this file is not sensitive; it can be worldM-bM-^@M-^PreadM-bM-^@M-^P
401 able. 401 able.
402 402
403 $HOME/.ssh/authorized_keys 403 $HOME/.ssh/authorized_keys
404 Lists the public keys (RSA or DSA) that can be used to log into 404 Lists the public keys (RSA or DSA) that can be used to log into
405 the user's account. This file must be readable by root (which 405 the userM-bM-^@M-^Ys account. This file must be readable by root (which
406 may on some machines imply it being world-readable if the user's 406 may on some machines imply it being worldM-bM-^@M-^Preadable if the userM-bM-^@M-^Ys
407 home directory resides on an NFS volume). It is recommended that 407 home directory resides on an NFS volume). It is recommended that
408 it not be accessible by others. The format of this file is 408 it not be accessible by others. The format of this file is
409 described above. Users will place the contents of their 409 described above. Users will place the contents of their
410 identity.pub, id_dsa.pub and/or id_rsa.pub files into this file, 410 ^[[4midentity.pub^[[24m, ^[[4mid_dsa.pub^[[24m and/or ^[[4mid_rsa.pub^[[24m files into this file,
411 as described in ssh-keygen(1). 411 as described in sshM-bM-^@M-^Pkeygen(1).
412 412
413 /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts 413 /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts
414 These files are consulted when using rhosts with RSA host authenM-- 414 These files are consulted when using rhosts with RSA host authenM-bM-^@M-^P
415 tication or protocol version 2 hostbased authentication to check 415 tication or protocol version 2 hostbased authentication to check
416 the public key of the host. The key must be listed in one of 416 the public key of the host. The key must be listed in one of
417 these files to be accepted. The client uses the same files to 417 these files to be accepted. The client uses the same files to
418 verify that it is connecting to the correct remote host. These 418 verify that it is connecting to the correct remote host. These
419 files should be writable only by root/the owner. 419 files should be writable only by root/the owner.
420 /etc/ssh/ssh_known_hosts should be world-readable, and 420 ^[[4m/etc/ssh/ssh_known_hosts^[[24m should be worldM-bM-^@M-^Preadable, and
421 $HOME/.ssh/known_hosts can but need not be world-readable. 421 ^[[4m$HOME/.ssh/known_hosts^[[24m can, but need not be, worldM-bM-^@M-^Preadable.
422 422
423 /etc/nologin 423 /etc/nologin
424 If this file exists, sshd refuses to let anyone except root log 424 If this file exists, ^[[1msshd ^[[22mrefuses to let anyone except root log
425 in. The contents of the file are displayed to anyone trying to 425 in. The contents of the file are displayed to anyone trying to
426 log in, and non-root connections are refused. The file should be 426 log in, and nonM-bM-^@M-^Proot connections are refused. The file should be
427 world-readable. 427 worldM-bM-^@M-^Preadable.
428 428
429 /etc/hosts.allow, /etc/hosts.deny 429 /etc/hosts.allow, /etc/hosts.deny
430 Access controls that should be enforced by tcp-wrappers are 430 Access controls that should be enforced by tcpM-bM-^@M-^Pwrappers are
431 defined here. Further details are described in hosts_access(5). 431 defined here. Further details are described in hosts_access(5).
432 432
433 $HOME/.rhosts 433 $HOME/.rhosts
434 This file contains host-username pairs, separated by a space, one 434 This file contains hostM-bM-^@M-^Pusername pairs, separated by a space, one
435 per line. The given user on the corresponding host is permitted 435 per line. The given user on the corresponding host is permitted
436 to log in without password. The same file is used by rlogind and 436 to log in without a password. The same file is used by rlogind
437 rshd. The file must be writable only by the user; it is recomM-- 437 and rshd. The file must be writable only by the user; it is recM-bM-^@M-^P
438 mended that it not be accessible by others. 438 ommended that it not be accessible by others.
439 439
440 If is also possible to use netgroups in the file. Either host or 440 If is also possible to use netgroups in the file. Either host or
441 user name may be of the form +@groupname to specify all hosts or 441 user name may be of the form +@groupname to specify all hosts or
442 all users in the group. 442 all users in the group.
443 443
444 $HOME/.shosts 444 $HOME/.shosts
445 For ssh, this file is exactly the same as for .rhosts. However, 445 For ssh, this file is exactly the same as for ^[[4m.rhosts^[[24m. However,
446 this file is not used by rlogin and rshd, so using this permits 446 this file is not used by rlogin and rshd, so using this permits
447 access using SSH only. 447 access using SSH only.
448 448
449 /etc/hosts.equiv 449 /etc/hosts.equiv
450 This file is used during .rhosts authentication. In the simplest 450 This file is used during ^[[4m.rhosts^[[24m authentication. In the simplest
451 form, this file contains host names, one per line. Users on 451 form, this file contains host names, one per line. Users on
452 those hosts are permitted to log in without a password, provided 452 those hosts are permitted to log in without a password, provided
453 they have the same user name on both machines. The host name may 453 they have the same user name on both machines. The host name may
454 also be followed by a user name; such users are permitted to log 454 also be followed by a user name; such users are permitted to log
455 in as any user on this machine (except root). Additionally, the 455 in as ^[[4many^[[24m user on this machine (except root). Additionally, the
456 syntax ``+@group'' can be used to specify netgroups. Negated 456 syntax M-bM-^@M-^\+@groupM-bM-^@M-^] can be used to specify netgroups. Negated
457 entries start with `-'. 457 entries start with M-bM-^@M-^XM-bM-^@M-^PM-bM-^@M-^Y.
458 458
459 If the client host/user is successfully matched in this file, 459 If the client host/user is successfully matched in this file,
460 login is automatically permitted provided the client and server 460 login is automatically permitted provided the client and server
461 user names are the same. Additionally, successful RSA host 461 user names are the same. Additionally, successful RSA host
462 authentication is normally required. This file must be writable 462 authentication is normally required. This file must be writable
463 only by root; it is recommended that it be world-readable. 463 only by root; it is recommended that it be worldM-bM-^@M-^Preadable.
464 464
465 Warning: It is almost never a good idea to use user names in 465 ^[[1mWarning: It is almost never a good idea to use user names in^[[0m
466 hosts.equiv. Beware that it really means that the named user(s) 466 ^[[4mhosts.equiv^[[24m. Beware that it really means that the named user(s)
467 can log in as anybody, which includes bin, daemon, adm, and other 467 can log in as ^[[4manybody^[[24m, which includes bin, daemon, adm, and other
468 accounts that own critical binaries and directories. Using a 468 accounts that own critical binaries and directories. Using a
469 user name practically grants the user root access. The only 469 user name practically grants the user root access. The only
470 valid use for user names that I can think of is in negative 470 valid use for user names that I can think of is in negative
@@ -473,75 +473,75 @@ FILES
473 Note that this warning also applies to rsh/rlogin. 473 Note that this warning also applies to rsh/rlogin.
474 474
475 /etc/shosts.equiv 475 /etc/shosts.equiv
476 This is processed exactly as /etc/hosts.equiv. However, this 476 This is processed exactly as ^[[4m/etc/hosts.equiv^[[24m. However, this
477 file may be useful in environments that want to run both 477 file may be useful in environments that want to run both
478 rsh/rlogin and ssh. 478 rsh/rlogin and ssh.
479 479
480 $HOME/.ssh/environment 480 $HOME/.ssh/environment
481 This file is read into the environment at login (if it exists). 481 This file is read into the environment at login (if it exists).
482 It can only contain empty lines, comment lines (that start with 482 It can only contain empty lines, comment lines (that start with
483 `#'), and assignment lines of the form name=value. The file 483 M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
484 should be writable only by the user; it need not be readable by 484 should be writable only by the user; it need not be readable by
485 anyone else. Environment processing is disabled by default and 485 anyone else. Environment processing is disabled by default and
486 is controlled via the PermitUserEnvironment option. 486 is controlled via the ^[[1mPermitUserEnvironment ^[[22moption.
487 487
488 $HOME/.ssh/rc 488 $HOME/.ssh/rc
489 If this file exists, it is run with /bin/sh after reading the 489 If this file exists, it is run with ^[[4m/bin/sh^[[24m after reading the
490 environment files but before starting the user's shell or comM-- 490 environment files but before starting the userM-bM-^@M-^Ys shell or comM-bM-^@M-^P
491 mand. It must not produce any output on stdout; stderr must be 491 mand. It must not produce any output on stdout; stderr must be
492 used instead. If X11 forwarding is in use, it will receive the 492 used instead. If X11 forwarding is in use, it will receive the
493 "proto cookie" pair in its standard input (and DISPLAY in its 493 "proto cookie" pair in its standard input (and DISPLAY in its
494 environment). The script must call xauth(1) because sshd will 494 environment). The script must call xauth(1) because ^[[1msshd ^[[22mwill
495 not run xauth automatically to add X11 cookies. 495 not run xauth automatically to add X11 cookies.
496 496
497 The primary purpose of this file is to run any initialization 497 The primary purpose of this file is to run any initialization
498 routines which may be needed before the user's home directory 498 routines which may be needed before the userM-bM-^@M-^Ys home directory
499 becomes accessible; AFS is a particular example of such an enviM-- 499 becomes accessible; AFS is a particular example of such an enviM-bM-^@M-^P
500 ronment. 500 ronment.
501 501
502 This file will probably contain some initialization code followed 502 This file will probably contain some initialization code followed
503 by something similar to: 503 by something similar to:
504 504
505 if read proto cookie && [ -n "$DISPLAY" ]; then 505 if read proto cookie && [ M-bM-^@M-^Pn "$DISPLAY" ]; then
506 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 506 if [ M-bM-^@M-^Xecho $DISPLAY | cut M-bM-^@M-^Pc1M-bM-^@M-^P10M-bM-^@M-^X = M-bM-^@M-^Ylocalhost:M-bM-^@M-^Y ]; then
507 # X11UseLocalhost=yes 507 # X11UseLocalhost=yes
508 echo add unix:`echo $DISPLAY | 508 echo add unix:M-bM-^@M-^Xecho $DISPLAY |
509 cut -c11-` $proto $cookie 509 cut M-bM-^@M-^Pc11M-bM-^@M-^PM-bM-^@M-^X $proto $cookie
510 else 510 else
511 # X11UseLocalhost=no 511 # X11UseLocalhost=no
512 echo add $DISPLAY $proto $cookie 512 echo add $DISPLAY $proto $cookie
513 fi | xauth -q - 513 fi | xauth M-bM-^@M-^Pq M-bM-^@M-^P
514 fi 514 fi
515 515
516 If this file does not exist, /etc/ssh/sshrc is run, and if that 516 If this file does not exist, ^[[4m/etc/ssh/sshrc^[[24m is run, and if that
517 does not exist either, xauth is used to add the cookie. 517 does not exist either, xauth is used to add the cookie.
518 518
519 This file should be writable only by the user, and need not be 519 This file should be writable only by the user, and need not be
520 readable by anyone else. 520 readable by anyone else.
521 521
522 /etc/ssh/sshrc 522 /etc/ssh/sshrc
523 Like $HOME/.ssh/rc. This can be used to specify machine-specific 523 Like ^[[4m$HOME/.ssh/rc^[[24m. This can be used to specify machineM-bM-^@M-^Pspecific
524 login-time initializations globally. This file should be 524 loginM-bM-^@M-^Ptime initializations globally. This file should be
525 writable only by root, and should be world-readable. 525 writable only by root, and should be worldM-bM-^@M-^Preadable.
526 526
527AUTHORS 527^[[1mAUTHORS^[[0m
528 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 528 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
529 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 529 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
530 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 530 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
531 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 531 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
532 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 532 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
533 for privilege separation. 533 for privilege separation.
534 534
535SEE ALSO 535^[[1mSEE ALSO^[[0m
536 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 536 scp(1), sftp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1),
537 login.conf(5), moduli(5), sshd_config(5), sftp-server(8) 537 login.conf(5), moduli(5), sshd_config(5), sftpM-bM-^@M-^Pserver(8)
538 538
539 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH 539 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, ^[[4mSSH^[[0m
540 Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January 540 ^[[4mProtocol^[[24m ^[[4mArchitecture^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^ParchitectureM-bM-^@M-^P12.txt, January
541 2002, work in progress material. 541 2002, work in progress material.
542 542
543 M. Friedl, N. Provos, and W. A. Simpson, Diffie-Hellman Group Exchange 543 M. Friedl, N. Provos, and W. A. Simpson, ^[[4mDiffieM-bM-^@M-^PHellman^[[24m ^[[4mGroup^[[24m ^[[4mExchange^[[0m
544 for the SSH Transport Layer Protocol, draft-ietf-secsh-dh-group- 544 ^[[4mfor^[[24m ^[[4mthe^[[24m ^[[4mSSH^[[24m ^[[4mTransport^[[24m ^[[4mLayer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^PdhM-bM-^@M-^PgroupM-bM-^@M-^P
545 exchange-02.txt, January 2002, work in progress material. 545 exchangeM-bM-^@M-^P02.txt, January 2002, work in progress material.
546 546
547BSD September 25, 1999 BSD 547BSD September 25, 1999 BSD
diff --git a/sshd.8 b/sshd.8
index 22ab70e00..a99c4f162 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ 37.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -43,6 +43,7 @@
43.Nd OpenSSH SSH daemon 43.Nd OpenSSH SSH daemon
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm sshd 45.Nm sshd
46.Bk -words
46.Op Fl deiqtD46 47.Op Fl deiqtD46
47.Op Fl b Ar bits 48.Op Fl b Ar bits
48.Op Fl f Ar config_file 49.Op Fl f Ar config_file
@@ -52,6 +53,7 @@
52.Op Fl o Ar option 53.Op Fl o Ar option
53.Op Fl p Ar port 54.Op Fl p Ar port
54.Op Fl u Ar len 55.Op Fl u Ar len
56.Ek
55.Sh DESCRIPTION 57.Sh DESCRIPTION
56.Nm 58.Nm
57(SSH Daemon) is the daemon program for 59(SSH Daemon) is the daemon program for
@@ -75,7 +77,7 @@ This implementation of
75.Nm 77.Nm
76supports both SSH protocol version 1 and 2 simultaneously. 78supports both SSH protocol version 1 and 2 simultaneously.
77.Nm 79.Nm
78works as follows. 80works as follows:
79.Pp 81.Pp
80.Ss SSH protocol version 1 82.Ss SSH protocol version 1
81.Pp 83.Pp
@@ -86,7 +88,7 @@ the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and 88This key is normally regenerated every hour if it has been used, and
87is never stored on disk. 89is never stored on disk.
88.Pp 90.Pp
89Whenever a client connects the daemon responds with its public 91Whenever a client connects, the daemon responds with its public
90host and server keys. 92host and server keys.
91The client compares the 93The client compares the
92RSA host key against its own database to verify that it has not changed. 94RSA host key against its own database to verify that it has not changed.
@@ -119,7 +121,7 @@ System security is not improved unless
119.Nm rshd , 121.Nm rshd ,
120.Nm rlogind , 122.Nm rlogind ,
121and 123and
122.Xr rexecd 124.Nm rexecd
123are disabled (thus completely disabling 125are disabled (thus completely disabling
124.Xr rlogin 126.Xr rlogin
125and 127and
@@ -189,7 +191,9 @@ The server sends verbose debug output to the system
189log, and does not put itself in the background. 191log, and does not put itself in the background.
190The server also will not fork and will only process one connection. 192The server also will not fork and will only process one connection.
191This option is only intended for debugging for the server. 193This option is only intended for debugging for the server.
192Multiple -d options increase the debugging level. 194Multiple
195.Fl d
196options increase the debugging level.
193Maximum is 3. 197Maximum is 3.
194.It Fl e 198.It Fl e
195When this option is specified, 199When this option is specified,
@@ -225,7 +229,8 @@ the different protocol versions and host key algorithms.
225.It Fl i 229.It Fl i
226Specifies that 230Specifies that
227.Nm 231.Nm
228is being run from inetd. 232is being run from
233.Xr inetd 8 .
229.Nm 234.Nm
230is normally not run 235is normally not run
231from inetd because it needs to generate the server key before it can 236from inetd because it needs to generate the server key before it can
@@ -282,7 +287,7 @@ should be put into the
282.Pa utmp 287.Pa utmp
283file. 288file.
284.Fl u0 289.Fl u0
285is also be used to prevent 290may also be used to prevent
286.Nm 291.Nm
287from making DNS requests unless the authentication 292from making DNS requests unless the authentication
288mechanism or configuration requires it. 293mechanism or configuration requires it.
@@ -446,7 +451,7 @@ authentication.
446The command supplied by the user (if any) is ignored. 451The command supplied by the user (if any) is ignored.
447The command is run on a pty if the client requests a pty; 452The command is run on a pty if the client requests a pty;
448otherwise it is run without a tty. 453otherwise it is run without a tty.
449If a 8-bit clean channel is required, 454If an 8-bit clean channel is required,
450one must not request a pty or should specify 455one must not request a pty or should specify
451.Cm no-pty . 456.Cm no-pty .
452A quote may be included in the command by quoting it with a backslash. 457A quote may be included in the command by quoting it with a backslash.
@@ -506,7 +511,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu
506permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 511permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
507.Sh SSH_KNOWN_HOSTS FILE FORMAT 512.Sh SSH_KNOWN_HOSTS FILE FORMAT
508The 513The
509.Pa /etc/ssh/ssh_known_hosts , 514.Pa /etc/ssh/ssh_known_hosts
510and 515and
511.Pa $HOME/.ssh/known_hosts 516.Pa $HOME/.ssh/known_hosts
512files contain host public keys for all known hosts. 517files contain host public keys for all known hosts.
@@ -627,7 +632,7 @@ These files should be writable only by root/the owner.
627.Pa /etc/ssh/ssh_known_hosts 632.Pa /etc/ssh/ssh_known_hosts
628should be world-readable, and 633should be world-readable, and
629.Pa $HOME/.ssh/known_hosts 634.Pa $HOME/.ssh/known_hosts
630can but need not be world-readable. 635can, but need not be, world-readable.
631.It Pa /etc/nologin 636.It Pa /etc/nologin
632If this file exists, 637If this file exists,
633.Nm 638.Nm
@@ -644,7 +649,7 @@ Further details are described in
644This file contains host-username pairs, separated by a space, one per 649This file contains host-username pairs, separated by a space, one per
645line. 650line.
646The given user on the corresponding host is permitted to log in 651The given user on the corresponding host is permitted to log in
647without password. 652without a password.
648The same file is used by rlogind and rshd. 653The same file is used by rlogind and rshd.
649The file must 654The file must
650be writable only by the user; it is recommended that it not be 655be writable only by the user; it is recommended that it not be
@@ -713,7 +718,9 @@ controlled via the
713.Cm PermitUserEnvironment 718.Cm PermitUserEnvironment
714option. 719option.
715.It Pa $HOME/.ssh/rc 720.It Pa $HOME/.ssh/rc
716If this file exists, it is run with /bin/sh after reading the 721If this file exists, it is run with
722.Pa /bin/sh
723after reading the
717environment files but before starting the user's shell or command. 724environment files but before starting the user's shell or command.
718It must not produce any output on stdout; stderr must be used 725It must not produce any output on stdout; stderr must be used
719instead. 726instead.
diff --git a/sshd.c b/sshd.c
index f8bd7ce54..0f2b2a3ce 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -202,8 +202,8 @@ int *startup_pipes = NULL;
202int startup_pipe; /* in child */ 202int startup_pipe; /* in child */
203 203
204/* variables used for privilege separation */ 204/* variables used for privilege separation */
205extern struct monitor *pmonitor; 205int use_privsep;
206extern int use_privsep; 206struct monitor *pmonitor;
207 207
208/* Prototypes for various functions defined later in this file. */ 208/* Prototypes for various functions defined later in this file. */
209void destroy_sensitive_data(void); 209void destroy_sensitive_data(void);
@@ -827,9 +827,17 @@ main(int ac, char **av)
827 __progname = get_progname(av[0]); 827 __progname = get_progname(av[0]);
828 init_rng(); 828 init_rng();
829 829
830 /* Save argv. */ 830 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
831 saved_argc = ac; 831 saved_argc = ac;
832 saved_argv = av; 832 saved_argv = av;
833 saved_argv = xmalloc(sizeof(*saved_argv) * ac);
834 for (i = 0; i < ac; i++)
835 saved_argv[i] = xstrdup(av[i]);
836
837#ifndef HAVE_SETPROCTITLE
838 /* Prepare for later setproctitle emulation */
839 compat_init_setproctitle(ac, av);
840#endif
833 841
834 /* Initialize configuration options to their default values. */ 842 /* Initialize configuration options to their default values. */
835 initialize_server_options(&options); 843 initialize_server_options(&options);
@@ -944,7 +952,7 @@ main(int ac, char **av)
944 SYSLOG_LEVEL_INFO : options.log_level, 952 SYSLOG_LEVEL_INFO : options.log_level,
945 options.log_facility == SYSLOG_FACILITY_NOT_SET ? 953 options.log_facility == SYSLOG_FACILITY_NOT_SET ?
946 SYSLOG_FACILITY_AUTH : options.log_facility, 954 SYSLOG_FACILITY_AUTH : options.log_facility,
947 !inetd_flag); 955 log_stderr || !inetd_flag);
948 956
949#ifdef _UNICOS 957#ifdef _UNICOS
950 /* Cray can define user privs drop all prives now! 958 /* Cray can define user privs drop all prives now!
@@ -1058,8 +1066,8 @@ main(int ac, char **av)
1058#else 1066#else
1059 if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) 1067 if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
1060#endif 1068#endif
1061 fatal("Bad owner or mode for %s", 1069 fatal("%s must be owned by root and not group or "
1062 _PATH_PRIVSEP_CHROOT_DIR); 1070 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
1063 } 1071 }
1064 1072
1065 /* Configuration looks good, so exit if in test mode. */ 1073 /* Configuration looks good, so exit if in test mode. */
@@ -1392,8 +1400,12 @@ main(int ac, char **av)
1392 * setlogin() affects the entire process group. We don't 1400 * setlogin() affects the entire process group. We don't
1393 * want the child to be able to affect the parent. 1401 * want the child to be able to affect the parent.
1394 */ 1402 */
1395#if 0 1403#if !defined(STREAMS_PUSH_ACQUIRES_CTTY)
1396 /* XXX: this breaks Solaris */ 1404 /*
1405 * If setsid is called on Solaris, sshd will acquire the controlling
1406 * terminal while pushing STREAMS modules. This will prevent the
1407 * shell from acquiring it later.
1408 */
1397 if (!debug_flag && !inetd_flag && setsid() < 0) 1409 if (!debug_flag && !inetd_flag && setsid() < 0)
1398 error("setsid: %.100s", strerror(errno)); 1410 error("setsid: %.100s", strerror(errno));
1399#endif 1411#endif
@@ -1806,6 +1818,8 @@ do_ssh2_kex(void)
1806 1818
1807 /* start key exchange */ 1819 /* start key exchange */
1808 kex = kex_setup(myproposal); 1820 kex = kex_setup(myproposal);
1821 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1822 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1809 kex->server = 1; 1823 kex->server = 1;
1810 kex->client_version_string=client_version_string; 1824 kex->client_version_string=client_version_string;
1811 kex->server_version_string=server_version_string; 1825 kex->server_version_string=server_version_string;
diff --git a/sshd_config.0 b/sshd_config.0
index a4e31be0f..e234efdb4 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -1,445 +1,444 @@
1SSHD_CONFIG(5) System File Formats Manual SSHD_CONFIG(5) 1SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5)
2 2
3NAME 3^[[1mNAME^[[0m
4 sshd_config - OpenSSH SSH daemon configuration file 4 ^[[1msshd_config ^[[22mM-bMM-^R OpenSSH SSH daemon configuration file
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 /etc/ssh/sshd_config 7 ^[[4m/etc/ssh/sshd_config^[[0m
8 8
9DESCRIPTION 9^[[1mDESCRIPTION^[[0m
10 sshd reads configuration data from /etc/ssh/sshd_config (or the file 10 ^[[1msshd ^[[22mreads configuration data from ^[[4m/etc/ssh/sshd_config^[[24m (or the file
11 specified with -f on the command line). The file contains keyword-arguM-- 11 specified with ^[[1mM-bMM-^Rf ^[[22mon the command line). The file contains keywordM-bM-^@M-^ParguM-bM-^@M-^P
12 ment pairs, one per line. Lines starting with `#' and empty lines are 12 ment pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are
13 interpreted as comments. 13 interpreted as comments.
14 14
15 The possible keywords and their meanings are as follows (note that keyM-- 15 The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P
16 words are case-insensitive and arguments are case-sensitive): 16 words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive):
17 17
18 AFSTokenPassing 18 ^[[1mAFSTokenPassing^[[0m
19 Specifies whether an AFS token may be forwarded to the server. 19 Specifies whether an AFS token may be forwarded to the server.
20 Default is ``no''. 20 Default is M-bM-^@M-^\noM-bM-^@M-^].
21 21
22 AllowGroups 22 ^[[1mAllowGroups^[[0m
23 This keyword can be followed by a list of group name patterns, 23 This keyword can be followed by a list of group name patterns,
24 separated by spaces. If specified, login is allowed only for 24 separated by spaces. If specified, login is allowed only for
25 users whose primary group or supplementary group list matches one 25 users whose primary group or supplementary group list matches one
26 of the patterns. `*' and `'? can be used as wildcards in the 26 of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the
27 patterns. Only group names are valid; a numerical group ID is 27 patterns. Only group names are valid; a numerical group ID is
28 not recognized. By default, login is allowed for all groups. 28 not recognized. By default, login is allowed for all groups.
29 29
30 AllowTcpForwarding 30 ^[[1mAllowTcpForwarding^[[0m
31 Specifies whether TCP forwarding is permitted. The default is 31 Specifies whether TCP forwarding is permitted. The default is
32 ``yes''. Note that disabling TCP forwarding does not improve 32 M-bM-^@M-^\yesM-bM-^@M-^]. Note that disabling TCP forwarding does not improve secuM-bM-^@M-^P
33 security unless users are also denied shell access, as they can 33 rity unless users are also denied shell access, as they can
34 always install their own forwarders. 34 always install their own forwarders.
35 35
36 AllowUsers 36 ^[[1mAllowUsers^[[0m
37 This keyword can be followed by a list of user name patterns, 37 This keyword can be followed by a list of user name patterns,
38 separated by spaces. If specified, login is allowed only for 38 separated by spaces. If specified, login is allowed only for
39 users names that match one of the patterns. `*' and `'? can be 39 user names that match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be
40 used as wildcards in the patterns. Only user names are valid; a 40 used as wildcards in the patterns. Only user names are valid; a
41 numerical user ID is not recognized. By default, login is 41 numerical user ID is not recognized. By default, login is
42 allowed for all users. If the pattern takes the form USER@HOST 42 allowed for all users. If the pattern takes the form USER@HOST
43 then USER and HOST are separately checked, restricting logins to 43 then USER and HOST are separately checked, restricting logins to
44 particular users from particular hosts. 44 particular users from particular hosts.
45 45
46 AuthorizedKeysFile 46 ^[[1mAuthorizedKeysFile^[[0m
47 Specifies the file that contains the public keys that can be used 47 Specifies the file that contains the public keys that can be used
48 for user authentication. AuthorizedKeysFile may contain tokens 48 for user authentication. ^[[1mAuthorizedKeysFile ^[[22mmay contain tokens
49 of the form %T which are substituted during connection set-up. 49 of the form %T which are substituted during connection setM-bM-^@M-^Pup.
50 The following tokens are defined: %% is replaced by a literal 50 The following tokens are defined: %% is replaced by a literal
51 '%', %h is replaced by the home directory of the user being 51 M-bM-^@M-^Y%M-bM-^@M-^Y, %h is replaced by the home directory of the user being
52 authenticated and %u is replaced by the username of that user. 52 authenticated and %u is replaced by the username of that user.
53 After expansion, AuthorizedKeysFile is taken to be an absolute 53 After expansion, ^[[1mAuthorizedKeysFile ^[[22mis taken to be an absolute
54 path or one relative to the user's home directory. The default 54 path or one relative to the userM-bM-^@M-^Ys home directory. The default
55 is ``.ssh/authorized_keys''. 55 is M-bM-^@M-^\.ssh/authorized_keysM-bM-^@M-^].
56 56
57 Banner In some jurisdictions, sending a warning message before authentiM-- 57 ^[[1mBanner ^[[22mIn some jurisdictions, sending a warning message before authentiM-bM-^@M-^P
58 cation may be relevant for getting legal protection. The conM-- 58 cation may be relevant for getting legal protection. The conM-bM-^@M-^P
59 tents of the specified file are sent to the remote user before 59 tents of the specified file are sent to the remote user before
60 authentication is allowed. This option is only available for 60 authentication is allowed. This option is only available for
61 protocol version 2. By default, no banner is displayed. 61 protocol version 2. By default, no banner is displayed.
62 62
63 ChallengeResponseAuthentication 63 ^[[1mChallengeResponseAuthentication^[[0m
64 Specifies whether challenge response authentication is allowed. 64 Specifies whether challenge response authentication is allowed.
65 All authentication styles from login.conf(5) are supported. The 65 All authentication styles from login.conf(5) are supported. The
66 default is ``yes''. 66 default is M-bM-^@M-^\yesM-bM-^@M-^].
67 67
68 Ciphers 68 ^[[1mCiphers^[[0m
69 Specifies the ciphers allowed for protocol version 2. Multiple 69 Specifies the ciphers allowed for protocol version 2. Multiple
70 ciphers must be comma-separated. The default is 70 ciphers must be commaM-bM-^@M-^Pseparated. The default is
71 71
72 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 72 M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour,
73 aes192-cbc,aes256-cbc'' 73 aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y
74 74
75 ClientAliveInterval 75 ^[[1mClientAliveInterval^[[0m
76 Sets a timeout interval in seconds after which if no data has 76 Sets a timeout interval in seconds after which if no data has
77 been received from the client, sshd will send a message through 77 been received from the client, ^[[1msshd ^[[22mwill send a message through
78 the encrypted channel to request a response from the client. The 78 the encrypted channel to request a response from the client. The
79 default is 0, indicating that these messages will not be sent to 79 default is 0, indicating that these messages will not be sent to
80 the client. This option applies to protocol version 2 only. 80 the client. This option applies to protocol version 2 only.
81 81
82 ClientAliveCountMax 82 ^[[1mClientAliveCountMax^[[0m
83 Sets the number of client alive messages (see above) which may be 83 Sets the number of client alive messages (see above) which may be
84 sent without sshd receiving any messages back from the client. If 84 sent without ^[[1msshd ^[[22mreceiving any messages back from the client. If
85 this threshold is reached while client alive messages are being 85 this threshold is reached while client alive messages are being
86 sent, sshd will disconnect the client, terminating the session. 86 sent, ^[[1msshd ^[[22mwill disconnect the client, terminating the session.
87 It is important to note that the use of client alive messages is 87 It is important to note that the use of client alive messages is
88 very different from KeepAlive (below). The client alive messages 88 very different from ^[[1mKeepAlive ^[[22m(below). The client alive messages
89 are sent through the encrypted channel and therefore will not be 89 are sent through the encrypted channel and therefore will not be
90 spoofable. The TCP keepalive option enabled by KeepAlive is 90 spoofable. The TCP keepalive option enabled by ^[[1mKeepAlive ^[[22mis
91 spoofable. The client alive mechanism is valuable when the client 91 spoofable. The client alive mechanism is valuable when the client
92 or server depend on knowing when a connection has become inacM-- 92 or server depend on knowing when a connection has become inacM-bM-^@M-^P
93 tive. 93 tive.
94 94
95 The default value is 3. If ClientAliveInterval (above) is set to 95 The default value is 3. If ^[[1mClientAliveInterval ^[[22m(above) is set to
96 15, and ClientAliveCountMax is left at the default, unresponsive 96 15, and ^[[1mClientAliveCountMax ^[[22mis left at the default, unresponsive
97 ssh clients will be disconnected after approximately 45 seconds. 97 ssh clients will be disconnected after approximately 45 seconds.
98 98
99 Compression 99 ^[[1mCompression^[[0m
100 Specifies whether compression is allowed. The argument must be 100 Specifies whether compression is allowed. The argument must be
101 ``yes'' or ``no''. The default is ``yes''. 101 M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^].
102 102
103 DenyGroups 103 ^[[1mDenyGroups^[[0m
104 This keyword can be followed by a list of group name patterns, 104 This keyword can be followed by a list of group name patterns,
105 separated by spaces. Login is disallowed for users whose primary 105 separated by spaces. Login is disallowed for users whose primary
106 group or supplementary group list matches one of the patterns. 106 group or supplementary group list matches one of the patterns.
107 `*' and `'? can be used as wildcards in the patterns. Only 107 M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the patterns. Only
108 group names are valid; a numerical group ID is not recognized. 108 group names are valid; a numerical group ID is not recognized.
109 By default, login is allowed for all groups. 109 By default, login is allowed for all groups.
110 110
111 DenyUsers 111 ^[[1mDenyUsers^[[0m
112 This keyword can be followed by a list of user name patterns, 112 This keyword can be followed by a list of user name patterns,
113 separated by spaces. Login is disallowed for user names that 113 separated by spaces. Login is disallowed for user names that
114 match one of the patterns. `*' and `'? can be used as wildcards 114 match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards
115 in the patterns. Only user names are valid; a numerical user ID 115 in the patterns. Only user names are valid; a numerical user ID
116 is not recognized. By default, login is allowed for all users. 116 is not recognized. By default, login is allowed for all users.
117 If the pattern takes the form USER@HOST then USER and HOST are 117 If the pattern takes the form USER@HOST then USER and HOST are
118 separately checked, restricting logins to particular users from 118 separately checked, restricting logins to particular users from
119 particular hosts. 119 particular hosts.
120 120
121 GatewayPorts 121 ^[[1mGatewayPorts^[[0m
122 Specifies whether remote hosts are allowed to connect to ports 122 Specifies whether remote hosts are allowed to connect to ports
123 forwarded for the client. By default, sshd binds remote port 123 forwarded for the client. By default, ^[[1msshd ^[[22mbinds remote port
124 forwardings to the loopback address. This prevents other remote 124 forwardings to the loopback address. This prevents other remote
125 hosts from connecting to forwarded ports. GatewayPorts can be 125 hosts from connecting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be
126 used to specify that sshd should bind remote port forwardings to 126 used to specify that ^[[1msshd ^[[22mshould bind remote port forwardings to
127 the wildcard address, thus allowing remote hosts to connect to 127 the wildcard address, thus allowing remote hosts to connect to
128 forwarded ports. The argument must be ``yes'' or ``no''. The 128 forwarded ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The
129 default is ``no''. 129 default is M-bM-^@M-^\noM-bM-^@M-^].
130 130
131 HostbasedAuthentication 131 ^[[1mHostbasedAuthentication^[[0m
132 Specifies whether rhosts or /etc/hosts.equiv authentication 132 Specifies whether rhosts or /etc/hosts.equiv authentication
133 together with successful public key client host authentication is 133 together with successful public key client host authentication is
134 allowed (hostbased authentication). This option is similar to 134 allowed (hostbased authentication). This option is similar to
135 RhostsRSAAuthentication and applies to protocol version 2 only. 135 ^[[1mRhostsRSAAuthentication ^[[22mand applies to protocol version 2 only.
136 The default is ``no''. 136 The default is M-bM-^@M-^\noM-bM-^@M-^].
137 137
138 HostKey 138 ^[[1mHostKey^[[0m
139 Specifies a file containing a private host key used by SSH. The 139 Specifies a file containing a private host key used by SSH. The
140 default is /etc/ssh/ssh_host_key for protocol version 1, and 140 default is ^[[4m/etc/ssh/ssh_host_key^[[24m for protocol version 1, and
141 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for proM-- 141 ^[[4m/etc/ssh/ssh_host_rsa_key^[[24m and ^[[4m/etc/ssh/ssh_host_dsa_key^[[24m for proM-bM-^@M-^P
142 tocol version 2. Note that sshd will refuse to use a file if it 142 tocol version 2. Note that ^[[1msshd ^[[22mwill refuse to use a file if it
143 is group/world-accessible. It is possible to have multiple host 143 is group/worldM-bM-^@M-^Paccessible. It is possible to have multiple host
144 key files. ``rsa1'' keys are used for version 1 and ``dsa'' or 144 key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^]
145 ``rsa'' are used for version 2 of the SSH protocol. 145 are used for version 2 of the SSH protocol.
146 146
147 IgnoreRhosts 147 ^[[1mIgnoreRhosts^[[0m
148 Specifies that .rhosts and .shosts files will not be used in 148 Specifies that ^[[4m.rhosts^[[24m and ^[[4m.shosts^[[24m files will not be used in
149 RhostsAuthentication, RhostsRSAAuthentication or 149 ^[[1mRhostsAuthentication^[[22m, ^[[1mRhostsRSAAuthentication ^[[22mor
150 HostbasedAuthentication. 150 ^[[1mHostbasedAuthentication^[[22m.
151 151
152 /etc/hosts.equiv and /etc/shosts.equiv are still used. The 152 ^[[4m/etc/hosts.equiv^[[24m and ^[[4m/etc/shosts.equiv^[[24m are still used. The
153 default is ``yes''. 153 default is M-bM-^@M-^\yesM-bM-^@M-^].
154 154
155 IgnoreUserKnownHosts 155 ^[[1mIgnoreUserKnownHosts^[[0m
156 Specifies whether sshd should ignore the user's 156 Specifies whether ^[[1msshd ^[[22mshould ignore the userM-bM-^@M-^Ys
157 $HOME/.ssh/known_hosts during RhostsRSAAuthentication or 157 ^[[4m$HOME/.ssh/known_hosts^[[24m during ^[[1mRhostsRSAAuthentication ^[[22mor
158 HostbasedAuthentication. The default is ``no''. 158 ^[[1mHostbasedAuthentication^[[22m. The default is M-bM-^@M-^\noM-bM-^@M-^].
159 159
160 KeepAlive 160 ^[[1mKeepAlive^[[0m
161 Specifies whether the system should send TCP keepalive messages 161 Specifies whether the system should send TCP keepalive messages
162 to the other side. If they are sent, death of the connection or 162 to the other side. If they are sent, death of the connection or
163 crash of one of the machines will be properly noticed. However, 163 crash of one of the machines will be properly noticed. However,
164 this means that connections will die if the route is down temM-- 164 this means that connections will die if the route is down temM-bM-^@M-^P
165 porarily, and some people find it annoying. On the other hand, 165 porarily, and some people find it annoying. On the other hand,
166 if keepalives are not sent, sessions may hang indefinitely on the 166 if keepalives are not sent, sessions may hang indefinitely on the
167 server, leaving ``ghost'' users and consuming server resources. 167 server, leaving M-bM-^@M-^\ghostM-bM-^@M-^] users and consuming server resources.
168 168
169 The default is ``yes'' (to send keepalives), and the server will 169 The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the server will
170 notice if the network goes down or the client host crashes. This 170 notice if the network goes down or the client host crashes. This
171 avoids infinitely hanging sessions. 171 avoids infinitely hanging sessions.
172 172
173 To disable keepalives, the value should be set to ``no''. 173 To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
174 174
175 KerberosAuthentication 175 ^[[1mKerberosAuthentication^[[0m
176 Specifies whether Kerberos authentication is allowed. This can 176 Specifies whether Kerberos authentication is allowed. This can
177 be in the form of a Kerberos ticket, or if PasswordAuthentication 177 be in the form of a Kerberos ticket, or if ^[[1mPasswordAuthentication^[[0m
178 is yes, the password provided by the user will be validated 178 is yes, the password provided by the user will be validated
179 through the Kerberos KDC. To use this option, the server needs a 179 through the Kerberos KDC. To use this option, the server needs a
180 Kerberos servtab which allows the verification of the KDC's idenM-- 180 Kerberos servtab which allows the verification of the KDCM-bM-^@M-^Ys idenM-bM-^@M-^P
181 tity. Default is ``no''. 181 tity. Default is M-bM-^@M-^\noM-bM-^@M-^].
182 182
183 KerberosOrLocalPasswd 183 ^[[1mKerberosOrLocalPasswd^[[0m
184 If set then if password authentication through Kerberos fails 184 If set then if password authentication through Kerberos fails
185 then the password will be validated via any additional local 185 then the password will be validated via any additional local
186 mechanism such as /etc/passwd. Default is ``yes''. 186 mechanism such as ^[[4m/etc/passwd^[[24m. Default is M-bM-^@M-^\yesM-bM-^@M-^].
187 187
188 KerberosTgtPassing 188 ^[[1mKerberosTgtPassing^[[0m
189 Specifies whether a Kerberos TGT may be forwarded to the server. 189 Specifies whether a Kerberos TGT may be forwarded to the server.
190 Default is ``no'', as this only works when the Kerberos KDC is 190 Default is M-bM-^@M-^\noM-bM-^@M-^], as this only works when the Kerberos KDC is
191 actually an AFS kaserver. 191 actually an AFS kaserver.
192 192
193 KerberosTicketCleanup 193 ^[[1mKerberosTicketCleanup^[[0m
194 Specifies whether to automatically destroy the user's ticket 194 Specifies whether to automatically destroy the userM-bM-^@M-^Ys ticket
195 cache file on logout. Default is ``yes''. 195 cache file on logout. Default is M-bM-^@M-^\yesM-bM-^@M-^].
196 196
197 KeyRegenerationInterval 197 ^[[1mKeyRegenerationInterval^[[0m
198 In protocol version 1, the ephemeral server key is automatically 198 In protocol version 1, the ephemeral server key is automatically
199 regenerated after this many seconds (if it has been used). The 199 regenerated after this many seconds (if it has been used). The
200 purpose of regeneration is to prevent decrypting captured sesM-- 200 purpose of regeneration is to prevent decrypting captured sesM-bM-^@M-^P
201 sions by later breaking into the machine and stealing the keys. 201 sions by later breaking into the machine and stealing the keys.
202 The key is never stored anywhere. If the value is 0, the key is 202 The key is never stored anywhere. If the value is 0, the key is
203 never regenerated. The default is 3600 (seconds). 203 never regenerated. The default is 3600 (seconds).
204 204
205 ListenAddress 205 ^[[1mListenAddress^[[0m
206 Specifies the local addresses sshd should listen on. The followM-- 206 Specifies the local addresses ^[[1msshd ^[[22mshould listen on. The followM-bM-^@M-^P
207 ing forms may be used: 207 ing forms may be used:
208 208
209 ListenAddress host|IPv4_addr|IPv6_addr 209 ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m|^[[4mIPv6_addr^[[0m
210 ListenAddress host|IPv4_addr:port 210 ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m:^[[4mport^[[0m
211 ListenAddress [host|IPv6_addr]:port 211 ^[[1mListenAddress ^[[22m[^[[4mhost^[[24m|^[[4mIPv6_addr^[[24m]:^[[4mport^[[0m
212 212
213 If port is not specified, sshd will listen on the address and all 213 If ^[[4mport^[[24m is not specified, ^[[1msshd ^[[22mwill listen on the address and all
214 prior Port options specified. The default is to listen on all 214 prior ^[[1mPort ^[[22moptions specified. The default is to listen on all
215 local addresses. Multiple ListenAddress options are permitted. 215 local addresses. Multiple ^[[1mListenAddress ^[[22moptions are permitted.
216 Additionally, any Port options must precede this option for non 216 Additionally, any ^[[1mPort ^[[22moptions must precede this option for non
217 port qualified addresses. 217 port qualified addresses.
218 218
219 LoginGraceTime 219 ^[[1mLoginGraceTime^[[0m
220 The server disconnects after this time if the user has not sucM-- 220 The server disconnects after this time if the user has not sucM-bM-^@M-^P
221 cessfully logged in. If the value is 0, there is no time limit. 221 cessfully logged in. If the value is 0, there is no time limit.
222 The default is 120 seconds. 222 The default is 120 seconds.
223 223
224 LogLevel 224 ^[[1mLogLevel^[[0m
225 Gives the verbosity level that is used when logging messages from 225 Gives the verbosity level that is used when logging messages from
226 sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-- 226 ^[[1msshd^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P
227 BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. 227 BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
228 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 228 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
229 higher levels of debugging output. Logging with a DEBUG level 229 higher levels of debugging output. Logging with a DEBUG level
230 violates the privacy of users and is not recommended. 230 violates the privacy of users and is not recommended.
231 231
232 MACs Specifies the available MAC (message authentication code) algoM-- 232 ^[[1mMACs ^[[22mSpecifies the available MAC (message authentication code) algoM-bM-^@M-^P
233 rithms. The MAC algorithm is used in protocol version 2 for data 233 rithms. The MAC algorithm is used in protocol version 2 for data
234 integrity protection. Multiple algorithms must be comma-sepaM-- 234 integrity protection. Multiple algorithms must be commaM-bM-^@M-^PsepaM-bM-^@M-^P
235 rated. The default is 235 rated. The default is
236 ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. 236 M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^].
237 237
238 MaxStartups 238 ^[[1mMaxStartups^[[0m
239 Specifies the maximum number of concurrent unauthenticated conM-- 239 Specifies the maximum number of concurrent unauthenticated conM-bM-^@M-^P
240 nections to the sshd daemon. Additional connections will be 240 nections to the ^[[1msshd ^[[22mdaemon. Additional connections will be
241 dropped until authentication succeeds or the LoginGraceTime 241 dropped until authentication succeeds or the ^[[1mLoginGraceTime^[[0m
242 expires for a connection. The default is 10. 242 expires for a connection. The default is 10.
243 243
244 Alternatively, random early drop can be enabled by specifying the 244 Alternatively, random early drop can be enabled by specifying the
245 three colon separated values ``start:rate:full'' (e.g., 245 three colon separated values M-bM-^@M-^\start:rate:fullM-bM-^@M-^] (e.g.,
246 "10:30:60"). sshd will refuse connection attempts with a probaM-- 246 "10:30:60"). ^[[1msshd ^[[22mwill refuse connection attempts with a probaM-bM-^@M-^P
247 bility of ``rate/100'' (30%) if there are currently ``start'' 247 bility of M-bM-^@M-^\rate/100M-bM-^@M-^] (30%) if there are currently M-bM-^@M-^\startM-bM-^@M-^] (10)
248 (10) unauthenticated connections. The probability increases linM-- 248 unauthenticated connections. The probability increases linearly
249 early and all connection attempts are refused if the number of 249 and all connection attempts are refused if the number of unauM-bM-^@M-^P
250 unauthenticated connections reaches ``full'' (60). 250 thenticated connections reaches M-bM-^@M-^\fullM-bM-^@M-^] (60).
251 251
252 PAMAuthenticationViaKbdInt 252 ^[[1mPAMAuthenticationViaKbdInt^[[0m
253 Specifies whether PAM challenge response authentication is 253 Specifies whether PAM challenge response authentication is
254 allowed. This allows the use of most PAM challenge response 254 allowed. This allows the use of most PAM challenge response
255 authentication modules, but it will allow password authentication 255 authentication modules, but it will allow password authentication
256 regardless of whether PasswordAuthentication is enabled. 256 regardless of whether ^[[1mPasswordAuthentication ^[[22mis enabled.
257 257
258 PasswordAuthentication 258 ^[[1mPasswordAuthentication^[[0m
259 Specifies whether password authentication is allowed. The 259 Specifies whether password authentication is allowed. The
260 default is ``yes''. 260 default is M-bM-^@M-^\yesM-bM-^@M-^].
261 261
262 PermitEmptyPasswords 262 ^[[1mPermitEmptyPasswords^[[0m
263 When password authentication is allowed, it specifies whether the 263 When password authentication is allowed, it specifies whether the
264 server allows login to accounts with empty password strings. The 264 server allows login to accounts with empty password strings. The
265 default is ``no''. 265 default is M-bM-^@M-^\noM-bM-^@M-^].
266 266
267 PermitRootLogin 267 ^[[1mPermitRootLogin^[[0m
268 Specifies whether root can login using ssh(1). The argument must 268 Specifies whether root can login using ssh(1). The argument must
269 be ``yes'', ``without-password'', ``forced-commands-only'' or 269 be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^], M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
270 ``no''. The default is ``yes''. 270 The default is M-bM-^@M-^\yesM-bM-^@M-^].
271 271
272 If this option is set to ``without-password'' password authentiM-- 272 If this option is set to M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^] password authenticaM-bM-^@M-^P
273 cation is disabled for root. 273 tion is disabled for root.
274 274
275 If this option is set to ``forced-commands-only'' root login with 275 If this option is set to M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] root login with
276 public key authentication will be allowed, but only if the 276 public key authentication will be allowed, but only if the
277 command option has been specified (which may be useful for taking 277 ^[[4mcommand^[[24m option has been specified (which may be useful for taking
278 remote backups even if root login is normally not allowed). All 278 remote backups even if root login is normally not allowed). All
279 other authentication methods are disabled for root. 279 other authentication methods are disabled for root.
280 280
281 If this option is set to ``no'' root is not allowed to login. 281 If this option is set to M-bM-^@M-^\noM-bM-^@M-^] root is not allowed to login.
282 282
283 PermitUserEnvironment 283 ^[[1mPermitUserEnvironment^[[0m
284 Specifies whether ~/.ssh/environment and environment= options in 284 Specifies whether ^[[4m~/.ssh/environment^[[24m and ^[[1menvironment= ^[[22moptions in
285 ~/.ssh/authorized_keys are processed by sshd. The default is 285 ^[[4m~/.ssh/authorized_keys^[[24m are processed by ^[[1msshd^[[22m. The default is
286 ``no''. Enabling environment processing may enable users to 286 M-bM-^@M-^\noM-bM-^@M-^]. Enabling environment processing may enable users to bypass
287 bypass access restrictions in some configurations using mechaM-- 287 access restrictions in some configurations using mechanisms such
288 nisms such as LD_PRELOAD. 288 as LD_PRELOAD.
289 289
290 PidFile 290 ^[[1mPidFile^[[0m
291 Specifies the file that contains the process ID of the sshd daeM-- 291 Specifies the file that contains the process ID of the ^[[1msshd ^[[22mdaeM-bM-^@M-^P
292 mon. The default is /var/run/sshd.pid. 292 mon. The default is ^[[4m/var/run/sshd.pid^[[24m.
293 293
294 Port Specifies the port number that sshd listens on. The default is 294 ^[[1mPort ^[[22mSpecifies the port number that ^[[1msshd ^[[22mlistens on. The default is
295 22. Multiple options of this type are permitted. See also 295 22. Multiple options of this type are permitted. See also
296 ListenAddress. 296 ^[[1mListenAddress^[[22m.
297 297
298 PrintLastLog 298 ^[[1mPrintLastLog^[[0m
299 Specifies whether sshd should print the date and time when the 299 Specifies whether ^[[1msshd ^[[22mshould print the date and time when the
300 user last logged in. The default is ``yes''. 300 user last logged in. The default is M-bM-^@M-^\yesM-bM-^@M-^].
301 301
302 PrintMotd 302 ^[[1mPrintMotd^[[0m
303 Specifies whether sshd should print /etc/motd when a user logs in 303 Specifies whether ^[[1msshd ^[[22mshould print ^[[4m/etc/motd^[[24m when a user logs in
304 interactively. (On some systems it is also printed by the shell, 304 interactively. (On some systems it is also printed by the shell,
305 /etc/profile, or equivalent.) The default is ``yes''. 305 ^[[4m/etc/profile^[[24m, or equivalent.) The default is M-bM-^@M-^\yesM-bM-^@M-^].
306 306
307 Protocol 307 ^[[1mProtocol^[[0m
308 Specifies the protocol versions sshd supports. The possible valM-- 308 Specifies the protocol versions ^[[1msshd ^[[22msupports. The possible valM-bM-^@M-^P
309 ues are ``1'' and ``2''. Multiple versions must be comma-sepaM-- 309 ues are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple versions must be commaM-bM-^@M-^Pseparated.
310 rated. The default is ``2,1''. Note that the order of the proM-- 310 The default is M-bM-^@M-^\2,1M-bM-^@M-^]. Note that the order of the protocol list
311 tocol list does not indicate preference, because the client 311 does not indicate preference, because the client selects among
312 selects among multiple protocol versions offered by the server. 312 multiple protocol versions offered by the server. Specifying
313 Specifying ``2,1'' is identical to ``1,2''. 313 M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^].
314 314
315 PubkeyAuthentication 315 ^[[1mPubkeyAuthentication^[[0m
316 Specifies whether public key authentication is allowed. The 316 Specifies whether public key authentication is allowed. The
317 default is ``yes''. Note that this option applies to protocol 317 default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option applies to protocol verM-bM-^@M-^P
318 version 2 only. 318 sion 2 only.
319 319
320 RhostsAuthentication 320 ^[[1mRhostsAuthentication^[[0m
321 Specifies whether authentication using rhosts or /etc/hosts.equiv 321 Specifies whether authentication using rhosts or /etc/hosts.equiv
322 files is sufficient. Normally, this method should not be permitM-- 322 files is sufficient. Normally, this method should not be permitM-bM-^@M-^P
323 ted because it is insecure. RhostsRSAAuthentication should be 323 ted because it is insecure. ^[[1mRhostsRSAAuthentication ^[[22mshould be
324 used instead, because it performs RSA-based host authentication 324 used instead, because it performs RSAM-bM-^@M-^Pbased host authentication
325 in addition to normal rhosts or /etc/hosts.equiv authentication. 325 in addition to normal rhosts or /etc/hosts.equiv authentication.
326 The default is ``no''. This option applies to protocol version 1 326 The default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1
327 only. 327 only.
328 328
329 RhostsRSAAuthentication 329 ^[[1mRhostsRSAAuthentication^[[0m
330 Specifies whether rhosts or /etc/hosts.equiv authentication 330 Specifies whether rhosts or /etc/hosts.equiv authentication
331 together with successful RSA host authentication is allowed. The 331 together with successful RSA host authentication is allowed. The
332 default is ``no''. This option applies to protocol version 1 332 default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only.
333 only.
334 333
335 RSAAuthentication 334 ^[[1mRSAAuthentication^[[0m
336 Specifies whether pure RSA authentication is allowed. The 335 Specifies whether pure RSA authentication is allowed. The
337 default is ``yes''. This option applies to protocol version 1 336 default is M-bM-^@M-^\yesM-bM-^@M-^]. This option applies to protocol version 1
338 only. 337 only.
339 338
340 ServerKeyBits 339 ^[[1mServerKeyBits^[[0m
341 Defines the number of bits in the ephemeral protocol version 1 340 Defines the number of bits in the ephemeral protocol version 1
342 server key. The minimum value is 512, and the default is 768. 341 server key. The minimum value is 512, and the default is 768.
343 342
344 StrictModes 343 ^[[1mStrictModes^[[0m
345 Specifies whether sshd should check file modes and ownership of 344 Specifies whether ^[[1msshd ^[[22mshould check file modes and ownership of
346 the user's files and home directory before accepting login. This 345 the userM-bM-^@M-^Ys files and home directory before accepting login. This
347 is normally desirable because novices sometimes accidentally 346 is normally desirable because novices sometimes accidentally
348 leave their directory or files world-writable. The default is 347 leave their directory or files worldM-bM-^@M-^Pwritable. The default is
349 ``yes''. 348 M-bM-^@M-^\yesM-bM-^@M-^].
350 349
351 Subsystem 350 ^[[1mSubsystem^[[0m
352 Configures an external subsystem (e.g., file transfer daemon). 351 Configures an external subsystem (e.g., file transfer daemon).
353 Arguments should be a subsystem name and a command to execute 352 Arguments should be a subsystem name and a command to execute
354 upon subsystem request. The command sftp-server(8) implements 353 upon subsystem request. The command sftpM-bM-^@M-^Pserver(8) implements
355 the ``sftp'' file transfer subsystem. By default no subsystems 354 the M-bM-^@M-^\sftpM-bM-^@M-^] file transfer subsystem. By default no subsystems are
356 are defined. Note that this option applies to protocol version 2 355 defined. Note that this option applies to protocol version 2
357 only. 356 only.
358 357
359 SyslogFacility 358 ^[[1mSyslogFacility^[[0m
360 Gives the facility code that is used when logging messages from 359 Gives the facility code that is used when logging messages from
361 sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, 360 ^[[1msshd^[[22m. The possible values are: DAEMON, USER, AUTH, LOCAL0,
362 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The 361 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
363 default is AUTH. 362 default is AUTH.
364 363
365 UseLogin 364 ^[[1mUseLogin^[[0m
366 Specifies whether login(1) is used for interactive login sesM-- 365 Specifies whether login(1) is used for interactive login sesM-bM-^@M-^P
367 sions. The default is ``no''. Note that login(1) is never used 366 sions. The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that login(1) is never used
368 for remote command execution. Note also, that if this is 367 for remote command execution. Note also, that if this is
369 enabled, X11Forwarding will be disabled because login(1) does not 368 enabled, ^[[1mX11Forwarding ^[[22mwill be disabled because login(1) does not
370 know how to handle xauth(1) cookies. If UsePrivilegeSeparation 369 know how to handle xauth(1) cookies. If ^[[1mUsePrivilegeSeparation^[[0m
371 is specified, it will be disabled after authentication. 370 is specified, it will be disabled after authentication.
372 371
373 UsePrivilegeSeparation 372 ^[[1mUsePrivilegeSeparation^[[0m
374 Specifies whether sshd separates privileges by creating an 373 Specifies whether ^[[1msshd ^[[22mseparates privileges by creating an
375 unprivileged child process to deal with incoming network traffic. 374 unprivileged child process to deal with incoming network traffic.
376 After successful authentication, another process will be created 375 After successful authentication, another process will be created
377 that has the privilege of the authenticated user. The goal of 376 that has the privilege of the authenticated user. The goal of
378 privilege separation is to prevent privilege escalation by conM-- 377 privilege separation is to prevent privilege escalation by conM-bM-^@M-^P
379 taining any corruption within the unprivileged processes. The 378 taining any corruption within the unprivileged processes. The
380 default is ``yes''. 379 default is M-bM-^@M-^\yesM-bM-^@M-^].
381 380
382 VerifyReverseMapping 381 ^[[1mVerifyReverseMapping^[[0m
383 Specifies whether sshd should try to verify the remote host name 382 Specifies whether ^[[1msshd ^[[22mshould try to verify the remote host name
384 and check that the resolved host name for the remote IP address 383 and check that the resolved host name for the remote IP address
385 maps back to the very same IP address. The default is ``no''. 384 maps back to the very same IP address. The default is M-bM-^@M-^\noM-bM-^@M-^].
386 385
387 X11DisplayOffset 386 ^[[1mX11DisplayOffset^[[0m
388 Specifies the first display number available for sshd's X11 forM-- 387 Specifies the first display number available for ^[[1msshd^[[22mM-bM-^@M-^Ys X11 forM-bM-^@M-^P
389 warding. This prevents sshd from interfering with real X11 388 warding. This prevents ^[[1msshd ^[[22mfrom interfering with real X11
390 servers. The default is 10. 389 servers. The default is 10.
391 390
392 X11Forwarding 391 ^[[1mX11Forwarding^[[0m
393 Specifies whether X11 forwarding is permitted. The argument must 392 Specifies whether X11 forwarding is permitted. The argument must
394 be ``yes'' or ``no''. The default is ``no''. 393 be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
395 394
396 When X11 forwarding is enabled, there may be additional exposure 395 When X11 forwarding is enabled, there may be additional exposure
397 to the server and to client displays if the sshd proxy display is 396 to the server and to client displays if the ^[[1msshd ^[[22mproxy display is
398 configured to listen on the wildcard address (see X11UseLocalhost 397 configured to listen on the wildcard address (see ^[[1mX11UseLocalhost^[[0m
399 below), however this is not the default. Additionally, the 398 below), however this is not the default. Additionally, the
400 authentication spoofing and authentication data verification and 399 authentication spoofing and authentication data verification and
401 substitution occur on the client side. The security risk of 400 substitution occur on the client side. The security risk of
402 using X11 forwarding is that the client's X11 display server may 401 using X11 forwarding is that the clientM-bM-^@M-^Ys X11 display server may
403 be exposed to attack when the ssh client requests forwarding (see 402 be exposed to attack when the ssh client requests forwarding (see
404 the warnings for ForwardX11 in ssh_config(5) ). A system adminisM-- 403 the warnings for ^[[1mForwardX11 ^[[22min ssh_config(5) ). A system adminisM-bM-^@M-^P
405 trator may have a stance in which they want to protect clients 404 trator may have a stance in which they want to protect clients
406 that may expose themselves to attack by unwittingly requesting 405 that may expose themselves to attack by unwittingly requesting
407 X11 forwarding, which can warrant a ``no'' setting. 406 X11 forwarding, which can warrant a M-bM-^@M-^\noM-bM-^@M-^] setting.
408 407
409 Note that disabling X11 forwarding does not prevent users from 408 Note that disabling X11 forwarding does not prevent users from
410 forwarding X11 traffic, as users can always install their own 409 forwarding X11 traffic, as users can always install their own
411 forwarders. X11 forwarding is automatically disabled if UseLogin 410 forwarders. X11 forwarding is automatically disabled if ^[[1mUseLogin^[[0m
412 is enabled. 411 is enabled.
413 412
414 X11UseLocalhost 413 ^[[1mX11UseLocalhost^[[0m
415 Specifies whether sshd should bind the X11 forwarding server to 414 Specifies whether ^[[1msshd ^[[22mshould bind the X11 forwarding server to
416 the loopback address or to the wildcard address. By default, 415 the loopback address or to the wildcard address. By default,
417 sshd binds the forwarding server to the loopback address and sets 416 ^[[1msshd ^[[22mbinds the forwarding server to the loopback address and sets
418 the hostname part of the DISPLAY environment variable to 417 the hostname part of the DISPLAY environment variable to
419 ``localhost''. This prevents remote hosts from connecting to the 418 M-bM-^@M-^\localhostM-bM-^@M-^]. This prevents remote hosts from connecting to the
420 proxy display. However, some older X11 clients may not function 419 proxy display. However, some older X11 clients may not function
421 with this configuration. X11UseLocalhost may be set to ``no'' to 420 with this configuration. ^[[1mX11UseLocalhost ^[[22mmay be set to M-bM-^@M-^\noM-bM-^@M-^] to
422 specify that the forwarding server should be bound to the wildM-- 421 specify that the forwarding server should be bound to the wildM-bM-^@M-^P
423 card address. The argument must be ``yes'' or ``no''. The 422 card address. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default
424 default is ``yes''. 423 is M-bM-^@M-^\yesM-bM-^@M-^].
425 424
426 XAuthLocation 425 ^[[1mXAuthLocation^[[0m
427 Specifies the full pathname of the xauth(1) program. The default 426 Specifies the full pathname of the xauth(1) program. The default
428 is /usr/X11R6/bin/xauth. 427 is ^[[4m/usr/X11R6/bin/xauth^[[24m.
429 428
430 Time Formats 429 ^[[1mTime Formats^[[0m
431 430
432 sshd command-line arguments and configuration file options that specify 431 ^[[1msshd ^[[22mcommandM-bM-^@M-^Pline arguments and configuration file options that specify
433 time may be expressed using a sequence of the form: time[qualifier], 432 time may be expressed using a sequence of the form: ^[[4mtime^[[24m[^[[4mqualifier^[[24m],
434 where time is a positive integer value and qualifier is one of the folM-- 433 where ^[[4mtime^[[24m is a positive integer value and ^[[4mqualifier^[[24m is one of the folM-bM-^@M-^P
435 lowing: 434 lowing:
436 435
437 <none> seconds 436 ^[[1m<none> ^[[22mseconds
438 s | S seconds 437 ^[[1ms ^[[22m| ^[[1mS ^[[22mseconds
439 m | M minutes 438 ^[[1mm ^[[22m| ^[[1mM ^[[22mminutes
440 h | H hours 439 ^[[1mh ^[[22m| ^[[1mH ^[[22mhours
441 d | D days 440 ^[[1md ^[[22m| ^[[1mD ^[[22mdays
442 w | W weeks 441 ^[[1mw ^[[22m| ^[[1mW ^[[22mweeks
443 442
444 Each member of the sequence is added together to calculate the total time 443 Each member of the sequence is added together to calculate the total time
445 value. 444 value.
@@ -450,21 +449,21 @@ DESCRIPTION
450 10m 10 minutes 449 10m 10 minutes
451 1h30m 1 hour 30 minutes (90 minutes) 450 1h30m 1 hour 30 minutes (90 minutes)
452 451
453FILES 452^[[1mFILES^[[0m
454 /etc/ssh/sshd_config 453 /etc/ssh/sshd_config
455 Contains configuration data for sshd. This file should be 454 Contains configuration data for ^[[1msshd^[[22m. This file should be
456 writable by root only, but it is recommended (though not necesM-- 455 writable by root only, but it is recommended (though not necesM-bM-^@M-^P
457 sary) that it be world-readable. 456 sary) that it be worldM-bM-^@M-^Preadable.
458 457
459AUTHORS 458^[[1mAUTHORS^[[0m
460 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 459 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
461 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 460 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
462 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 461 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
463 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 462 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
464 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 463 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
465 for privilege separation. 464 for privilege separation.
466 465
467SEE ALSO 466^[[1mSEE ALSO^[[0m
468 sshd(8) 467 sshd(8)
469 468
470BSD September 25, 1999 BSD 469BSD September 25, 1999 BSD
diff --git a/sshd_config.5 b/sshd_config.5
index 0944ba076..23ac0e96d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -89,7 +89,7 @@ own forwarders.
89.It Cm AllowUsers 89.It Cm AllowUsers
90This keyword can be followed by a list of user name patterns, separated 90This keyword can be followed by a list of user name patterns, separated
91by spaces. 91by spaces.
92If specified, login is allowed only for users names that 92If specified, login is allowed only for user names that
93match one of the patterns. 93match one of the patterns.
94.Ql \&* 94.Ql \&*
95and 95and
diff --git a/sshlogin.c b/sshlogin.c
index 4cd1c0059..12555d635 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -70,7 +70,7 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
70 struct logininfo *li; 70 struct logininfo *li;
71 71
72 li = login_alloc_entry(pid, user, host, ttyname); 72 li = login_alloc_entry(pid, user, host, ttyname);
73 login_set_addr(li, addr, sizeof(struct sockaddr)); 73 login_set_addr(li, addr, addrlen);
74 login_login(li); 74 login_login(li);
75 login_free_entry(li); 75 login_free_entry(li);
76} 76}
@@ -78,12 +78,12 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
78#ifdef LOGIN_NEEDS_UTMPX 78#ifdef LOGIN_NEEDS_UTMPX
79void 79void
80record_utmp_only(pid_t pid, const char *ttyname, const char *user, 80record_utmp_only(pid_t pid, const char *ttyname, const char *user,
81 const char *host, struct sockaddr * addr) 81 const char *host, struct sockaddr * addr, socklen_t addrlen)
82{ 82{
83 struct logininfo *li; 83 struct logininfo *li;
84 84
85 li = login_alloc_entry(pid, user, host, ttyname); 85 li = login_alloc_entry(pid, user, host, ttyname);
86 login_set_addr(li, addr, sizeof(struct sockaddr)); 86 login_set_addr(li, addr, addrlen);
87 login_utmp_only(li); 87 login_utmp_only(li);
88 login_free_entry(li); 88 login_free_entry(li);
89} 89}
diff --git a/sshlogin.h b/sshlogin.h
index 287c0d9f6..1c8bfad32 100644
--- a/sshlogin.h
+++ b/sshlogin.h
@@ -22,7 +22,7 @@ u_long get_last_login_time(uid_t, const char *, char *, u_int);
22 22
23#ifdef LOGIN_NEEDS_UTMPX 23#ifdef LOGIN_NEEDS_UTMPX
24void record_utmp_only(pid_t, const char *, const char *, const char *, 24void record_utmp_only(pid_t, const char *, const char *, const char *,
25 struct sockaddr *); 25 struct sockaddr *, socklen_t);
26#endif 26#endif
27 27
28#endif 28#endif
diff --git a/sshpty.c b/sshpty.c
index 28d0e310c..d28947f62 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $"); 15RCSID("$OpenBSD: sshpty.c,v 1.8 2003/02/03 08:56:16 markus Exp $");
16 16
17#ifdef HAVE_UTIL_H 17#ifdef HAVE_UTIL_H
18# include <util.h> 18# include <util.h>
@@ -394,7 +394,7 @@ pty_setowner(struct passwd *pw, const char *ttyname)
394 if (chown(ttyname, pw->pw_uid, gid) < 0) { 394 if (chown(ttyname, pw->pw_uid, gid) < 0) {
395 if (errno == EROFS && 395 if (errno == EROFS &&
396 (st.st_uid == pw->pw_uid || st.st_uid == 0)) 396 (st.st_uid == pw->pw_uid || st.st_uid == 0))
397 error("chown(%.100s, %u, %u) failed: %.100s", 397 debug("chown(%.100s, %u, %u) failed: %.100s",
398 ttyname, (u_int)pw->pw_uid, (u_int)gid, 398 ttyname, (u_int)pw->pw_uid, (u_int)gid,
399 strerror(errno)); 399 strerror(errno));
400 else 400 else
@@ -408,7 +408,7 @@ pty_setowner(struct passwd *pw, const char *ttyname)
408 if (chmod(ttyname, mode) < 0) { 408 if (chmod(ttyname, mode) < 0) {
409 if (errno == EROFS && 409 if (errno == EROFS &&
410 (st.st_mode & (S_IRGRP | S_IROTH)) == 0) 410 (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
411 error("chmod(%.100s, 0%o) failed: %.100s", 411 debug("chmod(%.100s, 0%o) failed: %.100s",
412 ttyname, mode, strerror(errno)); 412 ttyname, mode, strerror(errno));
413 else 413 else
414 fatal("chmod(%.100s, 0%o) failed: %.100s", 414 fatal("chmod(%.100s, 0%o) failed: %.100s",
diff --git a/version.h b/version.h
index 1f1129924..380e35907 100644
--- a/version.h
+++ b/version.h
@@ -1,4 +1,3 @@
1/* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */ 1/* $OpenBSD: version.h,v 1.36 2003/03/17 11:43:47 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_3.5p1" 3#define SSH_VERSION "OpenSSH_3.6p1"
4
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 09:17:04 +0000