diff options
160 files changed, 7149 insertions, 3774 deletions
@@ -1,3 +1,504 @@ | |||
1 | 20030326 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 | ||
4 | [sftp-server.c] | ||
5 | one last fix to the tree: race fix broke stuff; pr 3169; | ||
6 | srp@srparish.net, help from djm | ||
7 | - (djm) Fix getpeerid support for 64 bit BE systems. From | ||
8 | Arnd Bergmann <arndb@de.ibm.com> | ||
9 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | ||
10 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | ||
11 | - Release 3.6p1 | ||
12 | |||
13 | 20030324 | ||
14 | - (djm) OpenBSD CVS Sync | ||
15 | - markus@cvs.openbsd.org 2003/03/23 19:02:00 | ||
16 | [monitor.c] | ||
17 | unbreak rekeying for privsep; ok millert@ | ||
18 | |||
19 | 20030320 | ||
20 | - (djm) OpenBSD CVS Sync | ||
21 | - markus@cvs.openbsd.org 2003/03/17 10:38:38 | ||
22 | [progressmeter.c] | ||
23 | don't print \n if backgrounded; from ho@ | ||
24 | - markus@cvs.openbsd.org 2003/03/17 11:43:47 | ||
25 | [version.h] | ||
26 | enter 3.6 | ||
27 | - (bal) The days of lack of int64_t support are over. Sorry kids. | ||
28 | - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' | ||
29 | - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved | ||
30 | guessing rules) | ||
31 | - (bal) Disable Privsep for Tru64 after pre-authentication due to issues | ||
32 | with SIA. Also, clean up of tru64 support patch by Chris Adams | ||
33 | <cmadams@hiwaay.net> | ||
34 | - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files | ||
35 | section. | ||
36 | |||
37 | 20030318 | ||
38 | - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] | ||
39 | add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au> | ||
40 | |||
41 | 20030317 | ||
42 | - (djm) Fix return value checks for RAND_bytes. Report from | ||
43 | Steve G <linux_4ever@yahoo.com> | ||
44 | |||
45 | 20030315 | ||
46 | - (djm) OpenBSD CVS Sync | ||
47 | - markus@cvs.openbsd.org 2003/03/13 11:42:19 | ||
48 | [authfile.c ssh-keysign.c] | ||
49 | move RSA_blinding_on to generic key load method | ||
50 | - markus@cvs.openbsd.org 2003/03/13 11:44:50 | ||
51 | [ssh-agent.c] | ||
52 | ssh-agent is similar to ssh-keysign (allows other processes to use | ||
53 | private rsa keys). however, it gets key over socket and not from | ||
54 | a file, so we have to do blinding here as well. | ||
55 | |||
56 | 20030310 | ||
57 | - (djm) OpenBSD CVS Sync | ||
58 | - markus@cvs.openbsd.org 2003/03/05 22:33:43 | ||
59 | [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] | ||
60 | [sftp-server.c ssh-add.c sshconnect2.c] | ||
61 | fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ | ||
62 | - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/ | ||
63 | CLOUSEAU | ||
64 | - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and | ||
65 | dtucker@zip.com.au | ||
66 | - (djm) AIX package builder update from dtucker@zip.com.au | ||
67 | |||
68 | 20030225 | ||
69 | - (djm) Fix some compile errors spotted by dtucker and his fabulous | ||
70 | tinderbox | ||
71 | |||
72 | 20030224 | ||
73 | - (djm) Tweak gnome-ssh-askpass2: | ||
74 | - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't | ||
75 | immediately fail if you are doing something else when it appears (e.g. | ||
76 | dragging a window) | ||
77 | - Perform server grab after we have the keyboard and/or pointer to avoid | ||
78 | races. | ||
79 | - (djm) OpenBSD CVS Sync | ||
80 | - markus@cvs.openbsd.org 2003/01/27 17:06:31 | ||
81 | [sshd.c] | ||
82 | more specific error message when /var/empty has wrong permissions; | ||
83 | bug #46, map@appgate.com; ok henning@, provos@, stevesk@ | ||
84 | - markus@cvs.openbsd.org 2003/01/28 16:11:52 | ||
85 | [scp.1] | ||
86 | document -l; pekkas@netcore.fi | ||
87 | - stevesk@cvs.openbsd.org 2003/01/28 17:24:51 | ||
88 | [scp.1] | ||
89 | remove example not pertinent with -1 addition; ok markus@ | ||
90 | - jmc@cvs.openbsd.org 2003/01/31 21:54:40 | ||
91 | [sshd.8] | ||
92 | typos; sshd(8): help and ok markus@ | ||
93 | help and ok millert@ | ||
94 | - markus@cvs.openbsd.org 2003/02/02 10:51:13 | ||
95 | [scp.c] | ||
96 | call okname() only when using system(3) for remote-remote copy; | ||
97 | fixes bugs #483, #472; ok deraadt@, mouring@ | ||
98 | - markus@cvs.openbsd.org 2003/02/02 10:56:08 | ||
99 | [kex.c] | ||
100 | add support for key exchange guesses; based on work by | ||
101 | avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@ | ||
102 | - markus@cvs.openbsd.org 2003/02/03 08:56:16 | ||
103 | [sshpty.c] | ||
104 | don't call error() for readonly /dev; from soekris list; ok mcbride, | ||
105 | henning, deraadt. | ||
106 | - markus@cvs.openbsd.org 2003/02/04 09:32:08 | ||
107 | [key.c] | ||
108 | better debug3 message | ||
109 | - markus@cvs.openbsd.org 2003/02/04 09:33:22 | ||
110 | [monitor.c monitor_wrap.c] | ||
111 | skey/bsdauth: use 0 to indicate failure instead of -1, because | ||
112 | the buffer API only supports unsigned ints. | ||
113 | - markus@cvs.openbsd.org 2003/02/05 09:02:28 | ||
114 | [readconf.c] | ||
115 | simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@ | ||
116 | - markus@cvs.openbsd.org 2003/02/06 09:26:23 | ||
117 | [session.c] | ||
118 | missing call to setproctitle() after authentication; ok provos@ | ||
119 | - markus@cvs.openbsd.org 2003/02/06 09:27:29 | ||
120 | [ssh.c ssh_config.5] | ||
121 | support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@ | ||
122 | - markus@cvs.openbsd.org 2003/02/06 09:29:18 | ||
123 | [sftp-server.c] | ||
124 | fix races in rename/symlink; from Tony Finch; ok djm@ | ||
125 | - markus@cvs.openbsd.org 2003/02/06 21:22:43 | ||
126 | [auth1.c auth2.c] | ||
127 | undo broken fix for #387, fixes #486 | ||
128 | - markus@cvs.openbsd.org 2003/02/10 11:51:47 | ||
129 | [ssh-add.1] | ||
130 | xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490 | ||
131 | - markus@cvs.openbsd.org 2003/02/12 09:33:04 | ||
132 | [key.c key.h ssh-dss.c ssh-rsa.c] | ||
133 | merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@ | ||
134 | - markus@cvs.openbsd.org 2003/02/12 21:39:50 | ||
135 | [crc32.c crc32.h] | ||
136 | replace crc32.c with a BSD licensed version; noted by David Turner | ||
137 | - markus@cvs.openbsd.org 2003/02/16 17:09:57 | ||
138 | [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] | ||
139 | split kex into client and server code, no need to link | ||
140 | server code into the client; ok provos@ | ||
141 | - markus@cvs.openbsd.org 2003/02/16 17:30:33 | ||
142 | [monitor.c monitor_wrap.c] | ||
143 | fix permitrootlogin forced-commands-only for privsep; bux #387; | ||
144 | ok provos@ | ||
145 | - markus@cvs.openbsd.org 2003/02/21 09:05:53 | ||
146 | [servconf.c] | ||
147 | print sshd_config filename in debug2 mode. | ||
148 | - mpech@cvs.openbsd.org 2003/02/21 10:34:48 | ||
149 | [auth-krb4.c] | ||
150 | ...sizeof(&adat.session) is not good here. | ||
151 | henning@, deraadt@, millert@ | ||
152 | - (djm) Add new object files to Makefile and reorder | ||
153 | - (djm) Bug #501: gai_strerror should return char*; | ||
154 | fix from dtucker@zip.com.au | ||
155 | - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter; | ||
156 | From vinschen@redhat.com | ||
157 | - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc | ||
158 | - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; | ||
159 | From vinschen@redhat.com | ||
160 | - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com | ||
161 | |||
162 | 20030211 | ||
163 | - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com | ||
164 | |||
165 | 20030206 | ||
166 | - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a | ||
167 | string service name. Suggested by markus@, review by itojun@ | ||
168 | |||
169 | 20030131 | ||
170 | - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by | ||
171 | dtucker@zip.com.au | ||
172 | |||
173 | 20030130 | ||
174 | - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au | ||
175 | |||
176 | 200301028 | ||
177 | - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au | ||
178 | and openssh-unix-dev@thewrittenword.com | ||
179 | |||
180 | 200301027 | ||
181 | - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for | ||
182 | cray. Also removed test for tcgetpgrp in configure.ac since it | ||
183 | is no longer used. | ||
184 | |||
185 | 20030124 | ||
186 | - (djm) OpenBSD CVS Sync | ||
187 | - jmc@cvs.openbsd.org 2003/01/23 08:58:47 | ||
188 | [sshd_config.5] | ||
189 | typos; ok millert@ | ||
190 | - markus@cvs.openbsd.org 2003/01/23 13:50:27 | ||
191 | [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] | ||
192 | ssh-add -c, prompt user for confirmation (using ssh-askpass) when | ||
193 | private agent key is used; with djm@; test by dugsong@, djm@; | ||
194 | ok deraadt@ | ||
195 | - markus@cvs.openbsd.org 2003/01/23 14:01:53 | ||
196 | [scp.c] | ||
197 | bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@ | ||
198 | - markus@cvs.openbsd.org 2003/01/23 14:06:15 | ||
199 | [scp.1 scp.c] | ||
200 | scp -12; Sam Smith and others; ok provos@, deraadt@ | ||
201 | - (djm) Add TIMEVAL_TO_TIMESPEC macros | ||
202 | |||
203 | 20030123 | ||
204 | - (djm) OpenBSD CVS Sync | ||
205 | - djm@cvs.openbsd.org 2003/01/23 00:03:00 | ||
206 | [auth1.c] | ||
207 | Don't log TIS auth response; "get rid of it" - markus@ | ||
208 | |||
209 | 20030122 | ||
210 | - (djm) OpenBSD CVS Sync | ||
211 | - marc@cvs.openbsd.org 2003/01/21 18:14:36 | ||
212 | [ssh-agent.1 ssh-agent.c] | ||
213 | Add a -t life option to ssh-agent that set the default lifetime. | ||
214 | The default can still be overriden by using -t in ssh-add. | ||
215 | OK markus@ | ||
216 | - (djm) Reorganise PAM & SIA password handling to eliminate some common code | ||
217 | - (djm) Sync regress with OpenBSD -current | ||
218 | |||
219 | 20030120 | ||
220 | - (djm) Fix compilation for NetBSD from dtucker@zip.com.au | ||
221 | - (tim) [progressmeter.c] make compilers without long long happy. | ||
222 | - (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when | ||
223 | using cc. (gcc already did) | ||
224 | |||
225 | 20030118 | ||
226 | - (djm) Revert fix for Bug #442 for now. | ||
227 | |||
228 | 20030117 | ||
229 | - (djm) Bug #470: Detect strnvis, not strvis in configure. | ||
230 | From d_wllms@lanl.gov | ||
231 | |||
232 | 20030116 | ||
233 | - (djm) OpenBSD CVS Sync | ||
234 | - djm@cvs.openbsd.org 2003/01/16 03:41:55 | ||
235 | [sftp-int.c] | ||
236 | explicitly use first glob result | ||
237 | |||
238 | 20030114 | ||
239 | - (djm) OpenBSD CVS Sync | ||
240 | - fgsch@cvs.openbsd.org 2003/01/10 23:23:24 | ||
241 | [sftp-int.c] | ||
242 | typo; from Nils Nordman <nino at nforced dot com>. | ||
243 | - markus@cvs.openbsd.org 2003/01/11 18:29:43 | ||
244 | [log.c] | ||
245 | set fatal_cleanups to NULL in fatal_remove_all_cleanups(); | ||
246 | dtucker@zip.com.au | ||
247 | - markus@cvs.openbsd.org 2003/01/12 16:57:02 | ||
248 | [progressmeter.c] | ||
249 | allow WARNINGS=yes; ok djm@ | ||
250 | - djm@cvs.openbsd.org 2003/01/13 11:04:04 | ||
251 | [sftp-int.c] | ||
252 | make cmds[] array static to avoid conflict with BSDI libc. | ||
253 | mindrot bug #466. Fix from mdev@idg.nl; ok markus@ | ||
254 | - djm@cvs.openbsd.org 2003/01/14 10:58:00 | ||
255 | [sftp-client.c sftp-int.c] | ||
256 | Don't try to upload or download non-regular files. Report from | ||
257 | apoloval@pantuflo.escet.urjc.es; ok markus@ | ||
258 | |||
259 | 20030113 | ||
260 | - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type | ||
261 | detection to configure.ac. Prompted by stevesk@ | ||
262 | - (djm) Bug #467: Add a --disable-strip option to turn off stripping of | ||
263 | installed binaries. From mdev@idg.nl | ||
264 | |||
265 | 20030110 | ||
266 | - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More | ||
267 | systems may be added later. | ||
268 | - (djm) OpenBSD CVS Sync | ||
269 | - djm@cvs.openbsd.org 2003/01/08 23:53:26 | ||
270 | [sftp.1 sftp.c sftp-int.c sftp-int.h] | ||
271 | Cleanup error handling for batchmode | ||
272 | Allow blank lines and comments in input | ||
273 | Ability to suppress abort on error in batchmode ("-put blah") | ||
274 | Fixes mindrot bug #452; markus@ ok | ||
275 | - fgsch@cvs.openbsd.org 2003/01/10 08:19:07 | ||
276 | [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c] | ||
277 | [progressmeter.h] | ||
278 | sftp progress meter support. | ||
279 | original diffs by Nils Nordman <nino at nforced dot com> via | ||
280 | markus@, merged to -current by me, djm@ ok. | ||
281 | - djm@cvs.openbsd.org 2003/01/10 08:48:15 | ||
282 | [sftp-client.c] | ||
283 | Simplify and avoid redundancy in packet send and receive | ||
284 | functions; ok fgs@ | ||
285 | - djm@cvs.openbsd.org 2003/01/10 10:29:35 | ||
286 | [scp.c] | ||
287 | Don't ftruncate after write error, creating sparse files of | ||
288 | incorrect length | ||
289 | mindrot bug #403, reported by rusr@cup.hp.com; ok markus@ | ||
290 | - djm@cvs.openbsd.org 2003/01/10 10:32:54 | ||
291 | [channels.c] | ||
292 | hush socket() errors, except last. Fixes mindrot bug #408; ok markus@ | ||
293 | |||
294 | 20030108 | ||
295 | - (djm) Sync openbsd-compat/ with OpenBSD -current | ||
296 | - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@ | ||
297 | - (djm) OpenBSD CVS Sync | ||
298 | - markus@cvs.openbsd.org 2003/01/01 18:08:52 | ||
299 | [channels.c] | ||
300 | move big output buffer messages to debug2 | ||
301 | - djm@cvs.openbsd.org 2003/01/06 23:51:22 | ||
302 | [sftp-client.c] | ||
303 | Fix "get -p" download to not add user-write perm. mindrot bug #426 | ||
304 | reported by gfernandez@livevault.com; ok markus@ | ||
305 | - fgsch@cvs.openbsd.org 2003/01/07 23:42:54 | ||
306 | [sftp.1] | ||
307 | add version; from Nils Nordman <nino at nforced dot com> via markus@. | ||
308 | markus@ ok | ||
309 | - (djm) Update README to reflect AIX's status as a well supported platform. | ||
310 | From dtucker@zip.com.au | ||
311 | - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch | ||
312 | by Mo DeJong. | ||
313 | - (tim) [auth.c] declare today at top of allowed_user() to keep | ||
314 | older compilers happy. | ||
315 | - (tim) [scp.c] make compilers without long long happy. | ||
316 | |||
317 | 20030107 | ||
318 | - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. | ||
319 | Based on fix from yoshfuji@linux-ipv6.org | ||
320 | - (djm) Bug #442: Check for and deny access to accounts with locked | ||
321 | passwords. Patch from dtucker@zip.com.au | ||
322 | - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes | ||
323 | Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch | ||
324 | - (djm) Fix Bug #442 for PAM case | ||
325 | - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based | ||
326 | on one by peak@argo.troja.mff.cuni.cz | ||
327 | - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate | ||
328 | nasties. Report from peak@argo.troja.mff.cuni.cz | ||
329 | - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from | ||
330 | Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au | ||
331 | - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by | ||
332 | dtucker@zip.com.au. Reorder for clarity too. | ||
333 | |||
334 | 20030103 | ||
335 | - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from | ||
336 | cjwatson@debian.org | ||
337 | - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from | ||
338 | cjwatson@debian.org | ||
339 | - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from | ||
340 | mii@ornl.gov | ||
341 | |||
342 | 20030101 | ||
343 | - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable | ||
344 | parts of pass addrlen with sockaddr * fix. | ||
345 | from Hajimu UMEMOTO <ume@FreeBSD.org> | ||
346 | |||
347 | 20021222 | ||
348 | - (bal) OpenBSD CVS Sync | ||
349 | - fgsch@cvs.openbsd.org 2002/11/15 10:03:09 | ||
350 | [authfile.c] | ||
351 | lseek(2) may return -1 when getting the public/private key lenght. | ||
352 | Simplify the code and check for errors using fstat(2). | ||
353 | |||
354 | Problem reported by Mauricio Sanchez, markus@ ok. | ||
355 | - markus@cvs.openbsd.org 2002/11/18 16:43:44 | ||
356 | [clientloop.c] | ||
357 | don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN; | ||
358 | e.g. if ssh is used for backup; report Joerg Schilling; ok millert@ | ||
359 | - markus@cvs.openbsd.org 2002/11/21 22:22:50 | ||
360 | [dh.c] | ||
361 | debug->debug2 | ||
362 | - markus@cvs.openbsd.org 2002/11/21 22:45:31 | ||
363 | [cipher.c kex.c packet.c sshconnect.c sshconnect2.c] | ||
364 | debug->debug2, unify debug messages | ||
365 | - deraadt@cvs.openbsd.org 2002/11/21 23:03:51 | ||
366 | [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c | ||
367 | sshconnect.c] | ||
368 | KNF | ||
369 | - markus@cvs.openbsd.org 2002/11/21 23:04:33 | ||
370 | [ssh.c] | ||
371 | debug->debug2 | ||
372 | - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 | ||
373 | [ssh-keysign.8] | ||
374 | typo: "the the" | ||
375 | - wcobb@cvs.openbsd.org 2002/11/26 00:45:03 | ||
376 | [scp.c ssh-keygen.c] | ||
377 | Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. | ||
378 | ok markus@ | ||
379 | - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 | ||
380 | [ssh-keygen.1] | ||
381 | remove outdated statement; ok markus@ deraadt@ | ||
382 | - stevesk@cvs.openbsd.org 2002/11/26 02:38:54 | ||
383 | [canohost.c] | ||
384 | KNF, comment and error message repair; ok markus@ | ||
385 | - markus@cvs.openbsd.org 2002/11/27 17:53:35 | ||
386 | [scp.c sftp.c ssh.c] | ||
387 | allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; | ||
388 | http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@ | ||
389 | - stevesk@cvs.openbsd.org 2002/12/04 04:36:47 | ||
390 | [session.c] | ||
391 | remove xauth entries before add; PR 2994 from janjaap@stack.nl. | ||
392 | ok markus@ | ||
393 | - markus@cvs.openbsd.org 2002/12/05 11:08:35 | ||
394 | [scp.c] | ||
395 | use roundup() similar to rcp/util.c and avoid problems with strange | ||
396 | filesystem block sizes, noted by tjr@freebsd.org; ok djm@ | ||
397 | - djm@cvs.openbsd.org 2002/12/06 05:20:02 | ||
398 | [sftp.1] | ||
399 | Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@ | ||
400 | - millert@cvs.openbsd.org 2002/12/09 16:50:30 | ||
401 | [ssh.c] | ||
402 | Avoid setting optind to 0 as GNU getopt treats that like we do optreset. | ||
403 | markus@ OK | ||
404 | - markus@cvs.openbsd.org 2002/12/10 08:56:00 | ||
405 | [session.c] | ||
406 | Make sure $SHELL points to the shell from the password file, even if shell | ||
407 | is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@ | ||
408 | - markus@cvs.openbsd.org 2002/12/10 19:26:50 | ||
409 | [packet.c] | ||
410 | move tos handling to packet_set_tos; ok provos/henning/deraadt | ||
411 | - markus@cvs.openbsd.org 2002/12/10 19:47:14 | ||
412 | [packet.c] | ||
413 | static | ||
414 | - markus@cvs.openbsd.org 2002/12/13 10:03:15 | ||
415 | [channels.c misc.c sshconnect2.c] | ||
416 | cleanup debug messages, more useful information for the client user. | ||
417 | - markus@cvs.openbsd.org 2002/12/13 15:20:52 | ||
418 | [scp.c] | ||
419 | 1) include stalling time in total time | ||
420 | 2) truncate filenames to 45 instead of 20 characters | ||
421 | 3) print rate instead of progress bar, no more stars | ||
422 | 4) scale output to tty width | ||
423 | based on a patch from Niels; ok fries@ lebel@ fgs@ millert@ | ||
424 | - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since | ||
425 | we already did s/msg_send/ssh_msg_send/ | ||
426 | |||
427 | 20021205 | ||
428 | - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org | ||
429 | |||
430 | 20021122 | ||
431 | - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by | ||
432 | advax@triumf.ca. This type of solution tested by <herb@sgi.com> | ||
433 | |||
434 | 20021113 | ||
435 | - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl | ||
436 | |||
437 | 20021111 | ||
438 | - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is | ||
439 | not world writable. | ||
440 | |||
441 | 20021109 | ||
442 | - (bal) OpenBSD CVS Sync | ||
443 | - itojun@cvs.openbsd.org 2002/10/16 14:31:48 | ||
444 | [sftp-common.c] | ||
445 | 64bit pedant. %llu is "unsigned long long". markus ok | ||
446 | - markus@cvs.openbsd.org 2002/10/23 10:32:13 | ||
447 | [packet.c] | ||
448 | use %u for u_int | ||
449 | - markus@cvs.openbsd.org 2002/10/23 10:40:16 | ||
450 | [bufaux.c] | ||
451 | %u for u_int | ||
452 | - markus@cvs.openbsd.org 2002/11/04 10:07:53 | ||
453 | [auth.c] | ||
454 | don't compare against pw_home if realpath fails for pw_home (seen | ||
455 | on AFS); ok djm@ | ||
456 | - markus@cvs.openbsd.org 2002/11/04 10:09:51 | ||
457 | [packet.c] | ||
458 | log before send disconnect; ok djm@ | ||
459 | - markus@cvs.openbsd.org 2002/11/05 19:45:20 | ||
460 | [monitor.c] | ||
461 | handle overflows for size_t larger than u_int; siw@goneko.de, bug #425 | ||
462 | - markus@cvs.openbsd.org 2002/11/05 20:10:37 | ||
463 | [sftp-client.c] | ||
464 | typo; GaryF@livevault.com | ||
465 | - markus@cvs.openbsd.org 2002/11/07 16:28:47 | ||
466 | [sshd.c] | ||
467 | log to stderr if -ie is given, bug #414, prj@po.cwru.edu | ||
468 | - markus@cvs.openbsd.org 2002/11/07 22:08:07 | ||
469 | [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] | ||
470 | we cannot use HostbasedAuthentication for enabling ssh-keysign(8), | ||
471 | because HostbasedAuthentication might be enabled based on the | ||
472 | target host and ssh-keysign(8) does not know the remote hostname | ||
473 | and not trust ssh(1) about the hostname, so we add a new option | ||
474 | EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de | ||
475 | - markus@cvs.openbsd.org 2002/11/07 22:35:38 | ||
476 | [scp.c] | ||
477 | check exit status from ssh, and exit(1) if ssh fails; bug#369; | ||
478 | binder@arago.de | ||
479 | - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c | ||
480 | ntsec now default if cygwin version beginning w/ version 56. Patch | ||
481 | by Corinna Vinschen <vinschen@redhat.com> | ||
482 | - (bal) AIX does not log login attempts for unknown users (bug #432). | ||
483 | patch by dtucker@zip.com.au | ||
484 | |||
485 | 20021021 | ||
486 | - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from | ||
487 | dtucker@zip.com.au | ||
488 | - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from | ||
489 | dirk.meyer@dinoex.sub.org | ||
490 | |||
491 | 20021015 | ||
492 | - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. | ||
493 | - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au> | ||
494 | |||
495 | 20021015 | ||
496 | - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody | ||
497 | |||
498 | 20021004 | ||
499 | - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with | ||
500 | SIA. | ||
501 | |||
1 | 20021003 | 502 | 20021003 |
2 | - (djm) OpenBSD CVS Sync | 503 | - (djm) OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2002/10/01 20:34:12 | 504 | - markus@cvs.openbsd.org 2002/10/01 20:34:12 |
@@ -7,7 +508,7 @@ | |||
7 | [version.h] | 508 | [version.h] |
8 | OpenSSH 3.5 | 509 | OpenSSH 3.5 |
9 | - (djm) Bump RPM spec version numbers | 510 | - (djm) Bump RPM spec version numbers |
10 | - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 | 511 | - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2 |
11 | 512 | ||
12 | 20020930 | 513 | 20020930 |
13 | - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, | 514 | - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, |
@@ -757,4 +1258,4 @@ | |||
757 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1258 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
758 | ok provos@ | 1259 | ok provos@ |
759 | 1260 | ||
760 | $Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $ | 1261 | $Id: ChangeLog,v 1.2633.2.9 2003/03/26 05:03:05 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index 89d02c959..b94eae158 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $ | 1 | # $Id: Makefile.in,v 1.227.2.1 2003/03/21 00:51:35 mouring Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -27,6 +27,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign | |||
27 | RAND_HELPER=$(libexecdir)/ssh-rand-helper | 27 | RAND_HELPER=$(libexecdir)/ssh-rand-helper |
28 | PRIVSEP_PATH=@PRIVSEP_PATH@ | 28 | PRIVSEP_PATH=@PRIVSEP_PATH@ |
29 | SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ | 29 | SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ |
30 | STRIP_OPT=@STRIP_OPT@ | ||
30 | 31 | ||
31 | PATHS= -DSSHDIR=\"$(sysconfdir)\" \ | 32 | PATHS= -DSSHDIR=\"$(sysconfdir)\" \ |
32 | -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ | 33 | -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ |
@@ -48,6 +49,7 @@ AR=@AR@ | |||
48 | RANLIB=@RANLIB@ | 49 | RANLIB=@RANLIB@ |
49 | INSTALL=@INSTALL@ | 50 | INSTALL=@INSTALL@ |
50 | PERL=@PERL@ | 51 | PERL=@PERL@ |
52 | SED=@SED@ | ||
51 | ENT=@ENT@ | 53 | ENT=@ENT@ |
52 | XAUTH_PATH=@XAUTH_PATH@ | 54 | XAUTH_PATH=@XAUTH_PATH@ |
53 | LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ | 55 | LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ |
@@ -56,15 +58,30 @@ EXEEXT=@EXEEXT@ | |||
56 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ | 58 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ |
57 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ | 59 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ |
58 | 60 | ||
59 | @NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) | 61 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) |
60 | 62 | ||
61 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) | 63 | LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ |
62 | 64 | cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ | |
63 | LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o | 65 | hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \ |
64 | 66 | rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ | |
65 | SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o | 67 | key.o dispatch.o kex.o mac.o uuencode.o misc.o \ |
66 | 68 | rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ | |
67 | SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o | 69 | kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \ |
70 | entropy.o | ||
71 | |||
72 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | ||
73 | sshconnect.o sshconnect1.o sshconnect2.o | ||
74 | |||
75 | SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | ||
76 | sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \ | ||
77 | auth.o auth1.o auth2.o auth-options.o session.o \ | ||
78 | auth-chall.o auth2-chall.o groupaccess.o \ | ||
79 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ | ||
80 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ | ||
81 | monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ | ||
82 | kexdhs.o kexgexs.o \ | ||
83 | auth-krb5.o auth-krb4.o \ | ||
84 | loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o | ||
68 | 85 | ||
69 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out | 86 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out |
70 | MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 | 87 | MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 |
@@ -74,23 +91,23 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out | |||
74 | CONFIGFILES_IN=sshd_config ssh_config moduli | 91 | CONFIGFILES_IN=sshd_config ssh_config moduli |
75 | 92 | ||
76 | PATHSUBS = \ | 93 | PATHSUBS = \ |
77 | -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \ | 94 | -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ |
78 | -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \ | 95 | -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ |
79 | -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \ | 96 | -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ |
80 | -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \ | 97 | -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ |
81 | -D/usr/libexec=$(libexecdir) \ | 98 | -e 's|/usr/libexec|$(libexecdir)|g' \ |
82 | -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \ | 99 | -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ |
83 | -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \ | 100 | -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ |
84 | -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \ | 101 | -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ |
85 | -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \ | 102 | -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ |
86 | -D/var/run/sshd.pid=$(piddir)/sshd.pid \ | 103 | -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ |
87 | -D/etc/ssh/moduli=$(sysconfdir)/moduli \ | 104 | -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ |
88 | -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ | 105 | -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \ |
89 | -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ | 106 | -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ |
90 | -D/var/empty=$(PRIVSEP_PATH) \ | 107 | -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ |
91 | -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ | 108 | -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' |
92 | 109 | ||
93 | FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) | 110 | FIXPATHSCMD = $(SED) $(PATHSUBS) |
94 | 111 | ||
95 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) | 112 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) |
96 | 113 | ||
@@ -116,8 +133,8 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) | |||
116 | sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) | 133 | sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) |
117 | $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) | 134 | $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) |
118 | 135 | ||
119 | scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o | 136 | scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o |
120 | $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 137 | $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
121 | 138 | ||
122 | ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o | 139 | ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o |
123 | $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 140 | $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
@@ -137,8 +154,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o | |||
137 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o | 154 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o |
138 | $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 155 | $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
139 | 156 | ||
140 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o | 157 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o |
141 | $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 158 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
142 | 159 | ||
143 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o | 160 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o |
144 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 161 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
@@ -217,19 +234,19 @@ install-files: scard-install | |||
217 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 | 234 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 |
218 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) | 235 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) |
219 | (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) | 236 | (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) |
220 | $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh | 237 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh |
221 | $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp | 238 | $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp |
222 | $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add | 239 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add |
223 | $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent | 240 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent |
224 | $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen | 241 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen |
225 | $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan | 242 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan |
226 | $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd | 243 | $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd |
227 | if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ | 244 | if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ |
228 | $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ | 245 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ |
229 | fi | 246 | fi |
230 | $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) | 247 | $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) |
231 | @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp | 248 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp |
232 | @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER) | 249 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) |
233 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 250 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
234 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 251 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
235 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 252 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
@@ -242,8 +259,8 @@ install-files: scard-install | |||
242 | if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ | 259 | if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ |
243 | $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ | 260 | $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ |
244 | fi | 261 | fi |
245 | @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 262 | $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
246 | @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 263 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
247 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 264 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
248 | -rm -f $(DESTDIR)$(bindir)/slogin | 265 | -rm -f $(DESTDIR)$(bindir)/slogin |
249 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 266 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
@@ -15,8 +15,8 @@ and Dug Song. It has a homepage at http://www.openssh.com/ | |||
15 | This port consists of the re-introduction of autoconf support, PAM | 15 | This port consists of the re-introduction of autoconf support, PAM |
16 | support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements | 16 | support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements |
17 | for OpenBSD library functions that are (regrettably) absent from other | 17 | for OpenBSD library functions that are (regrettably) absent from other |
18 | unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD | 18 | unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, |
19 | and Irix. Support for AIX, SCO, NeXT and other Unices is underway. | 19 | Irix and AIX. Support for SCO, NeXT and other Unices is underway. |
20 | This version actively tracks changes in the OpenBSD CVS repository. | 20 | This version actively tracks changes in the OpenBSD CVS repository. |
21 | 21 | ||
22 | The PAM support is now more functional than the popular packages of | 22 | The PAM support is now more functional than the popular packages of |
@@ -63,4 +63,4 @@ References - | |||
63 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 63 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
64 | [7] http://www.openssh.com/faq.html | 64 | [7] http://www.openssh.com/faq.html |
65 | 65 | ||
66 | $Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $ | 66 | $Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $ |
diff --git a/README.privsep b/README.privsep index ced943f26..e92af2c41 100644 --- a/README.privsep +++ b/README.privsep | |||
@@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system | |||
43 | configuration. PAMAuthenticationViaKbdInt does not function with | 43 | configuration. PAMAuthenticationViaKbdInt does not function with |
44 | privsep. | 44 | privsep. |
45 | 45 | ||
46 | On Compaq Tru64 Unix, only the pre-authentication part of privsep is | ||
47 | supported. Post-authentication privsep is disabled automatically (so | ||
48 | you won't see the additional process mentioned below). | ||
49 | |||
46 | Note that for a normal interactive login with a shell, enabling privsep | 50 | Note that for a normal interactive login with a shell, enabling privsep |
47 | will require 1 additional process per login session. | 51 | will require 1 additional process per login session. |
48 | 52 | ||
@@ -58,4 +62,4 @@ process 1005 is the sshd process listening for new connections. | |||
58 | process 6917 is the privileged monitor process, 6919 is the user owned | 62 | process 6917 is the privileged monitor process, 6919 is the user owned |
59 | sshd process and 6921 is the shell process. | 63 | sshd process and 6921 is the shell process. |
60 | 64 | ||
61 | $Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $ | 65 | $Id: README.privsep,v 1.10.6.1 2003/03/21 01:15:18 mouring Exp $ |
@@ -13,7 +13,7 @@ Programming: | |||
13 | - Write a test program that calls stat() to search for EGD/PRNGd socket | 13 | - Write a test program that calls stat() to search for EGD/PRNGd socket |
14 | rather than use the (non-portable) "test -S". | 14 | rather than use the (non-portable) "test -S". |
15 | 15 | ||
16 | - Replacement for setproctitle() - HP-UX support only currently | 16 | - More platforms for for setproctitle() emulation (testing needed) |
17 | 17 | ||
18 | - Handle changing passwords for the non-PAM expired password case | 18 | - Handle changing passwords for the non-PAM expired password case |
19 | 19 | ||
@@ -101,6 +101,7 @@ Clean up configure/makefiles: | |||
101 | (vinschen@redhat.com) | 101 | (vinschen@redhat.com) |
102 | 102 | ||
103 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? | 103 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? |
104 | - Do it in configure.ac | ||
104 | 105 | ||
105 | - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test | 106 | - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test |
106 | to allow people to (right/wrongfully) link against Bind directly. | 107 | to allow people to (right/wrongfully) link against Bind directly. |
@@ -133,4 +134,4 @@ PrivSep Issues: | |||
133 | - Cygwin | 134 | - Cygwin |
134 | + Privsep for Pre-auth only (no fd passing) | 135 | + Privsep for Pre-auth only (no fd passing) |
135 | 136 | ||
136 | $Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ | 137 | $Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $ |
diff --git a/acconfig.h b/acconfig.h index 3e058f3ea..b6e4b37cc 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ | 1 | /* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _CONFIG_H | 3 | #ifndef _CONFIG_H |
4 | #define _CONFIG_H | 4 | #define _CONFIG_H |
@@ -364,6 +364,19 @@ | |||
364 | /* Define if your platform needs to skip post auth file descriptor passing */ | 364 | /* Define if your platform needs to skip post auth file descriptor passing */ |
365 | #undef DISABLE_FD_PASSING | 365 | #undef DISABLE_FD_PASSING |
366 | 366 | ||
367 | /* Silly mkstemp() */ | ||
368 | #undef HAVE_STRICT_MKSTEMP | ||
369 | |||
370 | /* Setproctitle emulation */ | ||
371 | #undef SETPROCTITLE_STRATEGY | ||
372 | #undef SETPROCTITLE_PS_PADDING | ||
373 | |||
374 | /* Some systems put this outside of libc */ | ||
375 | #undef HAVE_NANOSLEEP | ||
376 | |||
377 | /* Pushing STREAMS modules incorrectly acquires a controlling TTY */ | ||
378 | #undef STREAMS_PUSH_ACQUIRES_CTTY | ||
379 | |||
367 | @BOTTOM@ | 380 | @BOTTOM@ |
368 | 381 | ||
369 | /* ******************* Shouldn't need to edit below this line ************** */ | 382 | /* ******************* Shouldn't need to edit below this line ************** */ |
diff --git a/auth-krb4.c b/auth-krb4.c index b86ce7e49..b28df469f 100644 --- a/auth-krb4.c +++ b/auth-krb4.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-krb4.c,v 1.29 2003/02/21 10:34:48 mpech Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "ssh1.h" | 29 | #include "ssh1.h" |
@@ -271,7 +271,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply) | |||
271 | reply->length = r; | 271 | reply->length = r; |
272 | 272 | ||
273 | /* Clear session key. */ | 273 | /* Clear session key. */ |
274 | memset(&adat.session, 0, sizeof(&adat.session)); | 274 | memset(&adat.session, 0, sizeof(adat.session)); |
275 | return (1); | 275 | return (1); |
276 | } | 276 | } |
277 | #endif /* KRB4 */ | 277 | #endif /* KRB4 */ |
diff --git a/auth-krb5.c b/auth-krb5.c index 512f70b78..e3e2d9751 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
@@ -107,7 +107,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) | |||
107 | if (problem) | 107 | if (problem) |
108 | goto err; | 108 | goto err; |
109 | 109 | ||
110 | problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , | 110 | problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, |
111 | KRB5_NT_SRV_HST, &server); | 111 | KRB5_NT_SRV_HST, &server); |
112 | if (problem) | 112 | if (problem) |
113 | goto err; | 113 | goto err; |
diff --git a/auth-pam.c b/auth-pam.c index 99b03f45b..fe9570f92 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -38,7 +38,7 @@ extern char *__progname; | |||
38 | 38 | ||
39 | extern int use_privsep; | 39 | extern int use_privsep; |
40 | 40 | ||
41 | RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $"); | 41 | RCSID("$Id: auth-pam.c,v 1.55 2003/01/22 04:42:26 djm Exp $"); |
42 | 42 | ||
43 | #define NEW_AUTHTOK_MSG \ | 43 | #define NEW_AUTHTOK_MSG \ |
44 | "Warning: Your password has expired, please change it now." | 44 | "Warning: Your password has expired, please change it now." |
@@ -210,14 +210,6 @@ int auth_pam_password(Authctxt *authctxt, const char *password) | |||
210 | 210 | ||
211 | do_pam_set_conv(&conv); | 211 | do_pam_set_conv(&conv); |
212 | 212 | ||
213 | /* deny if no user. */ | ||
214 | if (pw == NULL) | ||
215 | return 0; | ||
216 | if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) | ||
217 | return 0; | ||
218 | if (*password == '\0' && options.permit_empty_passwd == 0) | ||
219 | return 0; | ||
220 | |||
221 | __pampasswd = password; | 213 | __pampasswd = password; |
222 | 214 | ||
223 | pamstate = INITIAL_LOGIN; | 215 | pamstate = INITIAL_LOGIN; |
diff --git a/auth-passwd.c b/auth-passwd.c index 185db7d6d..9901d4842 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -92,33 +92,26 @@ extern char *aixloginmsg; | |||
92 | int | 92 | int |
93 | auth_password(Authctxt *authctxt, const char *password) | 93 | auth_password(Authctxt *authctxt, const char *password) |
94 | { | 94 | { |
95 | #if defined(USE_PAM) | ||
96 | if (*password == '\0' && options.permit_empty_passwd == 0) | ||
97 | return 0; | ||
98 | return auth_pam_password(authctxt, password); | ||
99 | #elif defined(HAVE_OSF_SIA) | ||
100 | if (*password == '\0' && options.permit_empty_passwd == 0) | ||
101 | return 0; | ||
102 | return auth_sia_password(authctxt, password); | ||
103 | #else | ||
104 | struct passwd * pw = authctxt->pw; | 95 | struct passwd * pw = authctxt->pw; |
96 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) | ||
105 | char *encrypted_password; | 97 | char *encrypted_password; |
106 | char *pw_password; | 98 | char *pw_password; |
107 | char *salt; | 99 | char *salt; |
108 | #if defined(__hpux) || defined(HAVE_SECUREWARE) | 100 | # if defined(__hpux) || defined(HAVE_SECUREWARE) |
109 | struct pr_passwd *spw; | 101 | struct pr_passwd *spw; |
110 | #endif /* __hpux || HAVE_SECUREWARE */ | 102 | # endif /* __hpux || HAVE_SECUREWARE */ |
111 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 103 | # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
112 | struct spwd *spw; | 104 | struct spwd *spw; |
113 | #endif | 105 | # endif |
114 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) | 106 | # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
115 | struct passwd_adjunct *spw; | 107 | struct passwd_adjunct *spw; |
116 | #endif | 108 | # endif |
117 | #ifdef WITH_AIXAUTHENTICATE | 109 | # ifdef WITH_AIXAUTHENTICATE |
118 | char *authmsg; | 110 | char *authmsg; |
119 | int authsuccess; | 111 | int authsuccess; |
120 | int reenter = 1; | 112 | int reenter = 1; |
121 | #endif | 113 | # endif |
114 | #endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */ | ||
122 | 115 | ||
123 | /* deny if no user. */ | 116 | /* deny if no user. */ |
124 | if (pw == NULL) | 117 | if (pw == NULL) |
@@ -129,15 +122,21 @@ auth_password(Authctxt *authctxt, const char *password) | |||
129 | #endif | 122 | #endif |
130 | if (*password == '\0' && options.permit_empty_passwd == 0) | 123 | if (*password == '\0' && options.permit_empty_passwd == 0) |
131 | return 0; | 124 | return 0; |
132 | #ifdef KRB5 | 125 | |
126 | #if defined(USE_PAM) | ||
127 | return auth_pam_password(authctxt, password); | ||
128 | #elif defined(HAVE_OSF_SIA) | ||
129 | return auth_sia_password(authctxt, password); | ||
130 | #else | ||
131 | # ifdef KRB5 | ||
133 | if (options.kerberos_authentication == 1) { | 132 | if (options.kerberos_authentication == 1) { |
134 | int ret = auth_krb5_password(authctxt, password); | 133 | int ret = auth_krb5_password(authctxt, password); |
135 | if (ret == 1 || ret == 0) | 134 | if (ret == 1 || ret == 0) |
136 | return ret; | 135 | return ret; |
137 | /* Fall back to ordinary passwd authentication. */ | 136 | /* Fall back to ordinary passwd authentication. */ |
138 | } | 137 | } |
139 | #endif | 138 | # endif |
140 | #ifdef HAVE_CYGWIN | 139 | # ifdef HAVE_CYGWIN |
141 | if (is_winnt) { | 140 | if (is_winnt) { |
142 | HANDLE hToken = cygwin_logon_user(pw, password); | 141 | HANDLE hToken = cygwin_logon_user(pw, password); |
143 | 142 | ||
@@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password) | |||
146 | cygwin_set_impersonation_token(hToken); | 145 | cygwin_set_impersonation_token(hToken); |
147 | return 1; | 146 | return 1; |
148 | } | 147 | } |
149 | #endif | 148 | # endif |
150 | #ifdef WITH_AIXAUTHENTICATE | 149 | # ifdef WITH_AIXAUTHENTICATE |
151 | authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); | 150 | authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); |
152 | 151 | ||
153 | if (authsuccess) | 152 | if (authsuccess) |
@@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password) | |||
158 | aixloginmsg = NULL; | 157 | aixloginmsg = NULL; |
159 | 158 | ||
160 | return(authsuccess); | 159 | return(authsuccess); |
161 | #endif | 160 | # endif |
162 | #ifdef KRB4 | 161 | # ifdef KRB4 |
163 | if (options.kerberos_authentication == 1) { | 162 | if (options.kerberos_authentication == 1) { |
164 | int ret = auth_krb4_password(authctxt, password); | 163 | int ret = auth_krb4_password(authctxt, password); |
165 | if (ret == 1 || ret == 0) | 164 | if (ret == 1 || ret == 0) |
166 | return ret; | 165 | return ret; |
167 | /* Fall back to ordinary passwd authentication. */ | 166 | /* Fall back to ordinary passwd authentication. */ |
168 | } | 167 | } |
169 | #endif | 168 | # endif |
170 | #ifdef BSD_AUTH | 169 | # ifdef BSD_AUTH |
171 | if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", | 170 | if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", |
172 | (char *)password) == 0) | 171 | (char *)password) == 0) |
173 | return 0; | 172 | return 0; |
174 | else | 173 | else |
175 | return 1; | 174 | return 1; |
176 | #endif | 175 | # endif |
177 | pw_password = pw->pw_passwd; | 176 | pw_password = pw->pw_passwd; |
178 | 177 | ||
179 | /* | 178 | /* |
180 | * Various interfaces to shadow or protected password data | 179 | * Various interfaces to shadow or protected password data |
181 | */ | 180 | */ |
182 | #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) | 181 | # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) |
183 | spw = getspnam(pw->pw_name); | 182 | spw = getspnam(pw->pw_name); |
184 | if (spw != NULL) | 183 | if (spw != NULL) |
185 | pw_password = spw->sp_pwdp; | 184 | pw_password = spw->sp_pwdp; |
186 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | 185 | # endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ |
187 | 186 | ||
188 | #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) | 187 | # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) |
189 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) | 188 | if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) |
190 | pw_password = spw->pwa_passwd; | 189 | pw_password = spw->pwa_passwd; |
191 | #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ | 190 | # endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ |
192 | 191 | ||
193 | #ifdef HAVE_SECUREWARE | 192 | # ifdef HAVE_SECUREWARE |
194 | if ((spw = getprpwnam(pw->pw_name)) != NULL) | 193 | if ((spw = getprpwnam(pw->pw_name)) != NULL) |
195 | pw_password = spw->ufld.fd_encrypt; | 194 | pw_password = spw->ufld.fd_encrypt; |
196 | #endif /* HAVE_SECUREWARE */ | 195 | # endif /* HAVE_SECUREWARE */ |
197 | 196 | ||
198 | #if defined(__hpux) && !defined(HAVE_SECUREWARE) | 197 | # if defined(__hpux) && !defined(HAVE_SECUREWARE) |
199 | if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) | 198 | if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) |
200 | pw_password = spw->ufld.fd_encrypt; | 199 | pw_password = spw->ufld.fd_encrypt; |
201 | #endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ | 200 | # endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ |
202 | 201 | ||
203 | /* Check for users with no password. */ | 202 | /* Check for users with no password. */ |
204 | if ((password[0] == '\0') && (pw_password[0] == '\0')) | 203 | if ((password[0] == '\0') && (pw_password[0] == '\0')) |
@@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password) | |||
209 | else | 208 | else |
210 | salt = "xx"; | 209 | salt = "xx"; |
211 | 210 | ||
212 | #ifdef HAVE_MD5_PASSWORDS | 211 | # ifdef HAVE_MD5_PASSWORDS |
213 | if (is_md5_salt(salt)) | 212 | if (is_md5_salt(salt)) |
214 | encrypted_password = md5_crypt(password, salt); | 213 | encrypted_password = md5_crypt(password, salt); |
215 | else | 214 | else |
216 | encrypted_password = crypt(password, salt); | 215 | encrypted_password = crypt(password, salt); |
217 | #else /* HAVE_MD5_PASSWORDS */ | 216 | # else /* HAVE_MD5_PASSWORDS */ |
218 | # if defined(__hpux) && !defined(HAVE_SECUREWARE) | 217 | # if defined(__hpux) && !defined(HAVE_SECUREWARE) |
219 | if (iscomsec()) | 218 | if (iscomsec()) |
220 | encrypted_password = bigcrypt(password, salt); | 219 | encrypted_password = bigcrypt(password, salt); |
221 | else | 220 | else |
222 | encrypted_password = crypt(password, salt); | 221 | encrypted_password = crypt(password, salt); |
223 | # else | ||
224 | # ifdef HAVE_SECUREWARE | ||
225 | encrypted_password = bigcrypt(password, salt); | ||
226 | # else | 222 | # else |
223 | # ifdef HAVE_SECUREWARE | ||
224 | encrypted_password = bigcrypt(password, salt); | ||
225 | # else | ||
227 | encrypted_password = crypt(password, salt); | 226 | encrypted_password = crypt(password, salt); |
228 | # endif /* HAVE_SECUREWARE */ | 227 | # endif /* HAVE_SECUREWARE */ |
229 | # endif /* __hpux && !defined(HAVE_SECUREWARE) */ | 228 | # endif /* __hpux && !defined(HAVE_SECUREWARE) */ |
230 | #endif /* HAVE_MD5_PASSWORDS */ | 229 | # endif /* HAVE_MD5_PASSWORDS */ |
231 | 230 | ||
232 | /* Authentication is accepted if the encrypted passwords are identical. */ | 231 | /* Authentication is accepted if the encrypted passwords are identical. */ |
233 | return (strcmp(encrypted_password, pw_password) == 0); | 232 | return (strcmp(encrypted_password, pw_password) == 0); |
diff --git a/auth-sia.c b/auth-sia.c index 58b17c16f..5c9b3f5de 100644 --- a/auth-sia.c +++ b/auth-sia.c | |||
@@ -45,27 +45,25 @@ extern ServerOptions options; | |||
45 | extern int saved_argc; | 45 | extern int saved_argc; |
46 | extern char **saved_argv; | 46 | extern char **saved_argv; |
47 | 47 | ||
48 | extern int errno; | ||
49 | |||
50 | int | 48 | int |
51 | auth_sia_password(Authctxt *authctxt, char *pass) | 49 | auth_sia_password(Authctxt *authctxt, char *pass) |
52 | { | 50 | { |
53 | int ret; | 51 | int ret; |
54 | SIAENTITY *ent = NULL; | 52 | SIAENTITY *ent = NULL; |
55 | const char *host; | 53 | const char *host; |
56 | char *user = authctxt->user; | ||
57 | 54 | ||
58 | host = get_canonical_hostname(options.verify_reverse_mapping); | 55 | host = get_canonical_hostname(options.verify_reverse_mapping); |
59 | 56 | ||
60 | if (!user || !pass || pass[0] == '\0') | 57 | if (!authctxt->user || !pass || pass[0] == '\0') |
61 | return(0); | 58 | return(0); |
62 | 59 | ||
63 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, | 60 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, |
64 | NULL) != SIASUCCESS) | 61 | NULL, 0, NULL) != SIASUCCESS) |
65 | return(0); | 62 | return(0); |
66 | 63 | ||
67 | if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { | 64 | if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { |
68 | error("Couldn't authenticate %s from %s", user, host); | 65 | error("Couldn't authenticate %s from %s", authctxt->user, |
66 | host); | ||
69 | if (ret & SIASTOP) | 67 | if (ret & SIASTOP) |
70 | sia_ses_release(&ent); | 68 | sia_ses_release(&ent); |
71 | return(0); | 69 | return(0); |
@@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass) | |||
77 | } | 75 | } |
78 | 76 | ||
79 | void | 77 | void |
80 | session_setup_sia(char *user, char *tty) | 78 | session_setup_sia(struct passwd *pw, char *tty) |
81 | { | 79 | { |
82 | struct passwd *pw; | ||
83 | SIAENTITY *ent = NULL; | 80 | SIAENTITY *ent = NULL; |
84 | const char *host; | 81 | const char *host; |
85 | 82 | ||
86 | host = get_canonical_hostname (options.verify_reverse_mapping); | 83 | host = get_canonical_hostname(options.verify_reverse_mapping); |
87 | 84 | ||
88 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, | 85 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, |
89 | NULL) != SIASUCCESS) { | 86 | 0, NULL) != SIASUCCESS) |
90 | fatal("sia_ses_init failed"); | 87 | fatal("sia_ses_init failed"); |
91 | } | ||
92 | 88 | ||
93 | if ((pw = getpwnam(user)) == NULL) { | ||
94 | sia_ses_release(&ent); | ||
95 | fatal("getpwnam: no user: %s", user); | ||
96 | } | ||
97 | if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { | 89 | if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { |
98 | sia_ses_release(&ent); | 90 | sia_ses_release(&ent); |
99 | fatal("sia_make_entity_pwd failed"); | 91 | fatal("sia_make_entity_pwd failed"); |
100 | } | 92 | } |
101 | 93 | ||
102 | ent->authtype = SIA_A_NONE; | 94 | ent->authtype = SIA_A_NONE; |
103 | if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { | 95 | if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) |
104 | fatal("Couldn't establish session for %s from %s", user, | 96 | fatal("Couldn't establish session for %s from %s", |
105 | host); | 97 | pw->pw_name, host); |
106 | } | ||
107 | |||
108 | if (setpriority(PRIO_PROCESS, 0, 0) == -1) { | ||
109 | sia_ses_release(&ent); | ||
110 | fatal("setpriority: %s", strerror (errno)); | ||
111 | } | ||
112 | 98 | ||
113 | if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { | 99 | if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) |
114 | fatal("Couldn't launch session for %s from %s", user, host); | 100 | fatal("Couldn't launch session for %s from %s", pw->pw_name, |
115 | } | 101 | host); |
116 | 102 | ||
117 | sia_ses_release(&ent); | 103 | sia_ses_release(&ent); |
118 | 104 | ||
119 | if (setreuid(geteuid(), geteuid()) < 0) { | 105 | if (setreuid(geteuid(), geteuid()) < 0) |
120 | fatal("setreuid: %s", strerror(errno)); | 106 | fatal("setreuid: %s", strerror(errno)); |
121 | } | ||
122 | } | 107 | } |
123 | 108 | ||
124 | #endif /* HAVE_OSF_SIA */ | 109 | #endif /* HAVE_OSF_SIA */ |
diff --git a/auth-sia.h b/auth-sia.h index caa584132..7aecce940 100644 --- a/auth-sia.h +++ b/auth-sia.h | |||
@@ -27,6 +27,6 @@ | |||
27 | #ifdef HAVE_OSF_SIA | 27 | #ifdef HAVE_OSF_SIA |
28 | 28 | ||
29 | int auth_sia_password(Authctxt *authctxt, char *pass); | 29 | int auth_sia_password(Authctxt *authctxt, char *pass); |
30 | void session_setup_sia(char *user, char *tty); | 30 | void session_setup_sia(struct passwd *pw, char *tty); |
31 | 31 | ||
32 | #endif /* HAVE_OSF_SIA */ | 32 | #endif /* HAVE_OSF_SIA */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -79,17 +79,20 @@ allowed_user(struct passwd * pw) | |||
79 | char *loginmsg; | 79 | char *loginmsg; |
80 | #endif /* WITH_AIXAUTHENTICATE */ | 80 | #endif /* WITH_AIXAUTHENTICATE */ |
81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | 81 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ |
82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | 82 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) |
83 | struct spwd *spw; | 83 | struct spwd *spw; |
84 | time_t today; | ||
85 | #endif | ||
84 | 86 | ||
85 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 87 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
86 | if (!pw || !pw->pw_name) | 88 | if (!pw || !pw->pw_name) |
87 | return 0; | 89 | return 0; |
88 | 90 | ||
91 | #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ | ||
92 | !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) | ||
89 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 93 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
90 | spw = getspnam(pw->pw_name); | 94 | if ((spw = getspnam(pw->pw_name)) != NULL) { |
91 | if (spw != NULL) { | 95 | today = time(NULL) / DAY; |
92 | time_t today = time(NULL) / DAY; | ||
93 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" | 96 | debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" |
94 | " sp_max %d", (int)today, (int)spw->sp_expire, | 97 | " sp_max %d", (int)today, (int)spw->sp_expire, |
95 | (int)spw->sp_lstchg, (int)spw->sp_max); | 98 | (int)spw->sp_lstchg, (int)spw->sp_max); |
@@ -116,10 +119,6 @@ allowed_user(struct passwd * pw) | |||
116 | return 0; | 119 | return 0; |
117 | } | 120 | } |
118 | } | 121 | } |
119 | #else | ||
120 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | ||
121 | if (!pw || !pw->pw_name) | ||
122 | return 0; | ||
123 | #endif | 122 | #endif |
124 | 123 | ||
125 | /* | 124 | /* |
@@ -202,7 +201,15 @@ allowed_user(struct passwd * pw) | |||
202 | } | 201 | } |
203 | 202 | ||
204 | #ifdef WITH_AIXAUTHENTICATE | 203 | #ifdef WITH_AIXAUTHENTICATE |
205 | if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { | 204 | /* |
205 | * Don't check loginrestrictions() for root account (use | ||
206 | * PermitRootLogin to control logins via ssh), or if running as | ||
207 | * non-root user (since loginrestrictions will always fail). | ||
208 | */ | ||
209 | if ((pw->pw_uid != 0) && (geteuid() == 0) && | ||
210 | loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { | ||
211 | int loginrestrict_errno = errno; | ||
212 | |||
206 | if (loginmsg && *loginmsg) { | 213 | if (loginmsg && *loginmsg) { |
207 | /* Remove embedded newlines (if any) */ | 214 | /* Remove embedded newlines (if any) */ |
208 | char *p; | 215 | char *p; |
@@ -212,9 +219,13 @@ allowed_user(struct passwd * pw) | |||
212 | } | 219 | } |
213 | /* Remove trailing newline */ | 220 | /* Remove trailing newline */ |
214 | *--p = '\0'; | 221 | *--p = '\0'; |
215 | log("Login restricted for %s: %.100s", pw->pw_name, loginmsg); | 222 | log("Login restricted for %s: %.100s", pw->pw_name, |
223 | loginmsg); | ||
216 | } | 224 | } |
217 | return 0; | 225 | /* Don't fail if /etc/nologin set */ |
226 | if (!(loginrestrict_errno == EPERM && | ||
227 | stat(_PATH_NOLOGIN, &st) == 0)) | ||
228 | return 0; | ||
218 | } | 229 | } |
219 | #endif /* WITH_AIXAUTHENTICATE */ | 230 | #endif /* WITH_AIXAUTHENTICATE */ |
220 | 231 | ||
@@ -417,6 +428,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
417 | uid_t uid = pw->pw_uid; | 428 | uid_t uid = pw->pw_uid; |
418 | char buf[MAXPATHLEN], homedir[MAXPATHLEN]; | 429 | char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
419 | char *cp; | 430 | char *cp; |
431 | int comparehome = 0; | ||
420 | struct stat st; | 432 | struct stat st; |
421 | 433 | ||
422 | if (realpath(file, buf) == NULL) { | 434 | if (realpath(file, buf) == NULL) { |
@@ -424,11 +436,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
424 | strerror(errno)); | 436 | strerror(errno)); |
425 | return -1; | 437 | return -1; |
426 | } | 438 | } |
427 | if (realpath(pw->pw_dir, homedir) == NULL) { | 439 | if (realpath(pw->pw_dir, homedir) != NULL) |
428 | snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, | 440 | comparehome = 1; |
429 | strerror(errno)); | ||
430 | return -1; | ||
431 | } | ||
432 | 441 | ||
433 | /* check the open file to avoid races */ | 442 | /* check the open file to avoid races */ |
434 | if (fstat(fileno(f), &st) < 0 || | 443 | if (fstat(fileno(f), &st) < 0 || |
@@ -457,7 +466,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
457 | } | 466 | } |
458 | 467 | ||
459 | /* If are passed the homedir then we can stop */ | 468 | /* If are passed the homedir then we can stop */ |
460 | if (strcmp(homedir, buf) == 0) { | 469 | if (comparehome && strcmp(homedir, buf) == 0) { |
461 | debug3("secure_filename: terminating check at '%s'", | 470 | debug3("secure_filename: terminating check at '%s'", |
462 | buf); | 471 | buf); |
463 | break; | 472 | break; |
@@ -487,6 +496,11 @@ getpwnamallow(const char *user) | |||
487 | if (pw == NULL) { | 496 | if (pw == NULL) { |
488 | log("Illegal user %.100s from %.100s", | 497 | log("Illegal user %.100s from %.100s", |
489 | user, get_remote_ipaddr()); | 498 | user, get_remote_ipaddr()); |
499 | #ifdef WITH_AIXAUTHENTICATE | ||
500 | loginfailed(user, | ||
501 | get_canonical_hostname(options.verify_reverse_mapping), | ||
502 | "ssh"); | ||
503 | #endif | ||
490 | return (NULL); | 504 | return (NULL); |
491 | } | 505 | } |
492 | if (!allowed_user(pw)) | 506 | if (!allowed_user(pw)) |
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -150,7 +150,7 @@ do_authloop(Authctxt *authctxt) | |||
150 | snprintf(info, sizeof(info), | 150 | snprintf(info, sizeof(info), |
151 | " tktuser %.100s", | 151 | " tktuser %.100s", |
152 | client_user); | 152 | client_user); |
153 | 153 | ||
154 | /* Send response to client */ | 154 | /* Send response to client */ |
155 | packet_start( | 155 | packet_start( |
156 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); | 156 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); |
@@ -285,7 +285,6 @@ do_authloop(Authctxt *authctxt) | |||
285 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); | 285 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); |
286 | if (options.challenge_response_authentication == 1) { | 286 | if (options.challenge_response_authentication == 1) { |
287 | char *response = packet_get_string(&dlen); | 287 | char *response = packet_get_string(&dlen); |
288 | debug("got response '%s'", response); | ||
289 | packet_check_eom(); | 288 | packet_check_eom(); |
290 | authenticated = verify_response(authctxt, response); | 289 | authenticated = verify_response(authctxt, response); |
291 | memset(response, 'r', dlen); | 290 | memset(response, 'r', dlen); |
@@ -329,8 +328,7 @@ do_authloop(Authctxt *authctxt) | |||
329 | } | 328 | } |
330 | #else | 329 | #else |
331 | /* Special handling for root */ | 330 | /* Special handling for root */ |
332 | if (!use_privsep && | 331 | if (authenticated && authctxt->pw->pw_uid == 0 && |
333 | authenticated && authctxt->pw->pw_uid == 0 && | ||
334 | !auth_root_allowed(get_authname(type))) | 332 | !auth_root_allowed(get_authname(type))) |
335 | authenticated = 0; | 333 | authenticated = 0; |
336 | #endif | 334 | #endif |
diff --git a/auth2-pam.c b/auth2-pam.c index a2daf96b7..ac28fb245 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.15 2003/01/08 01:37:03 djm Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | 5 | #include <security/pam_appl.h> |
@@ -154,8 +154,7 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) | |||
154 | 154 | ||
155 | resp = packet_get_string(&rlen); | 155 | resp = packet_get_string(&rlen); |
156 | context_pam2.responses[j].resp_retcode = PAM_SUCCESS; | 156 | context_pam2.responses[j].resp_retcode = PAM_SUCCESS; |
157 | context_pam2.responses[j].resp = xstrdup(resp); | 157 | context_pam2.responses[j].resp = resp; |
158 | xfree(resp); | ||
159 | context_pam2.num_received++; | 158 | context_pam2.num_received++; |
160 | } | 159 | } |
161 | 160 | ||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -205,8 +205,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
205 | authctxt->user); | 205 | authctxt->user); |
206 | 206 | ||
207 | /* Special handling for root */ | 207 | /* Special handling for root */ |
208 | if (!use_privsep && | 208 | if (authenticated && authctxt->pw->pw_uid == 0 && |
209 | authenticated && authctxt->pw->pw_uid == 0 && | ||
210 | !auth_root_allowed(method)) | 209 | !auth_root_allowed(method)) |
211 | authenticated = 0; | 210 | authenticated = 0; |
212 | 211 | ||
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -499,10 +499,10 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | |||
499 | 499 | ||
500 | int | 500 | int |
501 | ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | 501 | ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, |
502 | const char *comment, u_int life) | 502 | const char *comment, u_int life, u_int confirm) |
503 | { | 503 | { |
504 | Buffer msg; | 504 | Buffer msg; |
505 | int type, constrained = (life != 0); | 505 | int type, constrained = (life || confirm); |
506 | 506 | ||
507 | buffer_init(&msg); | 507 | buffer_init(&msg); |
508 | 508 | ||
@@ -532,6 +532,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
532 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); | 532 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); |
533 | buffer_put_int(&msg, life); | 533 | buffer_put_int(&msg, life); |
534 | } | 534 | } |
535 | if (confirm != 0) | ||
536 | buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); | ||
535 | } | 537 | } |
536 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 538 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
537 | buffer_free(&msg); | 539 | buffer_free(&msg); |
@@ -545,7 +547,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, | |||
545 | int | 547 | int |
546 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | 548 | ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) |
547 | { | 549 | { |
548 | return ssh_add_identity_constrained(auth, key, comment, 0); | 550 | return ssh_add_identity_constrained(auth, key, comment, 0, 0); |
549 | } | 551 | } |
550 | 552 | ||
551 | /* | 553 | /* |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */ | 1 | /* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -51,6 +51,7 @@ | |||
51 | #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 | 51 | #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 |
52 | 52 | ||
53 | #define SSH_AGENT_CONSTRAIN_LIFETIME 1 | 53 | #define SSH_AGENT_CONSTRAIN_LIFETIME 1 |
54 | #define SSH_AGENT_CONSTRAIN_CONFIRM 2 | ||
54 | 55 | ||
55 | /* extended failure messages */ | 56 | /* extended failure messages */ |
56 | #define SSH2_AGENT_FAILURE 30 | 57 | #define SSH2_AGENT_FAILURE 30 |
@@ -76,7 +77,8 @@ int ssh_get_num_identities(AuthenticationConnection *, int); | |||
76 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); | 77 | Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); |
77 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); | 78 | Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); |
78 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); | 79 | int ssh_add_identity(AuthenticationConnection *, Key *, const char *); |
79 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int); | 80 | int ssh_add_identity_constrained(AuthenticationConnection *, Key *, |
81 | const char *, u_int, u_int); | ||
80 | int ssh_remove_identity(AuthenticationConnection *, Key *); | 82 | int ssh_remove_identity(AuthenticationConnection *, Key *); |
81 | int ssh_remove_all_identities(AuthenticationConnection *, int); | 83 | int ssh_remove_all_identities(AuthenticationConnection *, int); |
82 | int ssh_lock_agent(AuthenticationConnection *, int, const char *); | 84 | int ssh_lock_agent(AuthenticationConnection *, int, const char *); |
diff --git a/authfile.c b/authfile.c index 1fa5d811a..90618efde 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
42 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
@@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) | |||
232 | { | 232 | { |
233 | Buffer buffer; | 233 | Buffer buffer; |
234 | Key *pub; | 234 | Key *pub; |
235 | struct stat st; | ||
235 | char *cp; | 236 | char *cp; |
236 | int i; | 237 | int i; |
237 | off_t len; | 238 | off_t len; |
238 | 239 | ||
239 | len = lseek(fd, (off_t) 0, SEEK_END); | 240 | if (fstat(fd, &st) < 0) { |
240 | lseek(fd, (off_t) 0, SEEK_SET); | 241 | error("fstat for key file %.200s failed: %.100s", |
242 | filename, strerror(errno)); | ||
243 | return NULL; | ||
244 | } | ||
245 | len = st.st_size; | ||
241 | 246 | ||
242 | buffer_init(&buffer); | 247 | buffer_init(&buffer); |
243 | cp = buffer_append_space(&buffer, len); | 248 | cp = buffer_append_space(&buffer, len); |
@@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, | |||
318 | CipherContext ciphercontext; | 323 | CipherContext ciphercontext; |
319 | Cipher *cipher; | 324 | Cipher *cipher; |
320 | Key *prv = NULL; | 325 | Key *prv = NULL; |
326 | struct stat st; | ||
321 | 327 | ||
322 | len = lseek(fd, (off_t) 0, SEEK_END); | 328 | if (fstat(fd, &st) < 0) { |
323 | lseek(fd, (off_t) 0, SEEK_SET); | 329 | error("fstat for key file %.200s failed: %.100s", |
330 | filename, strerror(errno)); | ||
331 | close(fd); | ||
332 | return NULL; | ||
333 | } | ||
334 | len = st.st_size; | ||
324 | 335 | ||
325 | buffer_init(&buffer); | 336 | buffer_init(&buffer); |
326 | cp = buffer_append_space(&buffer, len); | 337 | cp = buffer_append_space(&buffer, len); |
@@ -410,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, | |||
410 | rsa_generate_additional_parameters(prv->rsa); | 421 | rsa_generate_additional_parameters(prv->rsa); |
411 | 422 | ||
412 | buffer_free(&decrypted); | 423 | buffer_free(&decrypted); |
424 | |||
425 | /* enable blinding */ | ||
426 | if (RSA_blinding_on(prv->rsa, NULL) != 1) { | ||
427 | error("key_load_private_rsa1: RSA_blinding_on failed"); | ||
428 | goto fail; | ||
429 | } | ||
413 | close(fd); | 430 | close(fd); |
414 | return prv; | 431 | return prv; |
415 | 432 | ||
@@ -449,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase, | |||
449 | #ifdef DEBUG_PK | 466 | #ifdef DEBUG_PK |
450 | RSA_print_fp(stderr, prv->rsa, 8); | 467 | RSA_print_fp(stderr, prv->rsa, 8); |
451 | #endif | 468 | #endif |
469 | if (RSA_blinding_on(prv->rsa, NULL) != 1) { | ||
470 | error("key_load_private_pem: RSA_blinding_on failed"); | ||
471 | key_free(prv); | ||
472 | prv = NULL; | ||
473 | } | ||
452 | } else if (pk->type == EVP_PKEY_DSA && | 474 | } else if (pk->type == EVP_PKEY_DSA && |
453 | (type == KEY_UNSPEC||type==KEY_DSA)) { | 475 | (type == KEY_UNSPEC||type==KEY_DSA)) { |
454 | prv = key_new(KEY_UNSPEC); | 476 | prv = key_new(KEY_UNSPEC); |
diff --git a/autom4te-2.53.cache/output.0 b/autom4te-2.53.cache/output.0 index 97d453542..74f5afd76 100644 --- a/autom4te-2.53.cache/output.0 +++ b/autom4te-2.53.cache/output.0 | |||
@@ -827,6 +827,7 @@ Optional Features: | |||
827 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | 827 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) |
828 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | 828 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] |
829 | --disable-largefile omit support for large files | 829 | --disable-largefile omit support for large files |
830 | --disable-strip Disable calling strip(1) on install | ||
830 | --disable-lastlog disable use of lastlog even if detected no | 831 | --disable-lastlog disable use of lastlog even if detected no |
831 | --disable-utmp disable use of utmp even if detected no | 832 | --disable-utmp disable use of utmp even if detected no |
832 | --disable-utmpx disable use of utmpx even if detected no | 833 | --disable-utmpx disable use of utmpx even if detected no |
@@ -2719,6 +2720,45 @@ fi | |||
2719 | test -n "$PERL" && break | 2720 | test -n "$PERL" && break |
2720 | done | 2721 | done |
2721 | 2722 | ||
2723 | # Extract the first word of "sed", so it can be a program name with args. | ||
2724 | set dummy sed; ac_word=$2 | ||
2725 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | ||
2726 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | ||
2727 | if test "${ac_cv_path_SED+set}" = set; then | ||
2728 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
2729 | else | ||
2730 | case $SED in | ||
2731 | [\\/]* | ?:[\\/]*) | ||
2732 | ac_cv_path_SED="$SED" # Let the user override the test with a path. | ||
2733 | ;; | ||
2734 | *) | ||
2735 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2736 | for as_dir in $PATH | ||
2737 | do | ||
2738 | IFS=$as_save_IFS | ||
2739 | test -z "$as_dir" && as_dir=. | ||
2740 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2741 | if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2742 | ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" | ||
2743 | echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2744 | break 2 | ||
2745 | fi | ||
2746 | done | ||
2747 | done | ||
2748 | |||
2749 | ;; | ||
2750 | esac | ||
2751 | fi | ||
2752 | SED=$ac_cv_path_SED | ||
2753 | |||
2754 | if test -n "$SED"; then | ||
2755 | echo "$as_me:$LINENO: result: $SED" >&5 | ||
2756 | echo "${ECHO_T}$SED" >&6 | ||
2757 | else | ||
2758 | echo "$as_me:$LINENO: result: no" >&5 | ||
2759 | echo "${ECHO_T}no" >&6 | ||
2760 | fi | ||
2761 | |||
2722 | 2762 | ||
2723 | # Extract the first word of "ent", so it can be a program name with args. | 2763 | # Extract the first word of "ent", so it can be a program name with args. |
2724 | set dummy ent; ac_word=$2 | 2764 | set dummy ent; ac_word=$2 |
@@ -3660,8 +3700,17 @@ _ACEOF | |||
3660 | @%:@define LOGIN_NEEDS_UTMPX 1 | 3700 | @%:@define LOGIN_NEEDS_UTMPX 1 |
3661 | _ACEOF | 3701 | _ACEOF |
3662 | 3702 | ||
3703 | cat >>confdefs.h <<\_ACEOF | ||
3704 | @%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV | ||
3705 | _ACEOF | ||
3706 | |||
3707 | cat >>confdefs.h <<\_ACEOF | ||
3708 | @%:@define SETPROCTITLE_PS_PADDING '\0' | ||
3709 | _ACEOF | ||
3710 | |||
3663 | ;; | 3711 | ;; |
3664 | *-*-cygwin*) | 3712 | *-*-cygwin*) |
3713 | check_for_libcrypt_later=1 | ||
3665 | LIBS="$LIBS /usr/lib/textmode.o" | 3714 | LIBS="$LIBS /usr/lib/textmode.o" |
3666 | cat >>confdefs.h <<\_ACEOF | 3715 | cat >>confdefs.h <<\_ACEOF |
3667 | @%:@define HAVE_CYGWIN 1 | 3716 | @%:@define HAVE_CYGWIN 1 |
@@ -3782,7 +3831,7 @@ _ACEOF | |||
3782 | _ACEOF | 3831 | _ACEOF |
3783 | 3832 | ||
3784 | cat >>confdefs.h <<\_ACEOF | 3833 | cat >>confdefs.h <<\_ACEOF |
3785 | @%:@define SPT_TYPE SPT_PSTAT | 3834 | @%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3786 | _ACEOF | 3835 | _ACEOF |
3787 | 3836 | ||
3788 | LIBS="$LIBS -lsec -lsecpw" | 3837 | LIBS="$LIBS -lsec -lsecpw" |
@@ -3884,7 +3933,7 @@ _ACEOF | |||
3884 | _ACEOF | 3933 | _ACEOF |
3885 | 3934 | ||
3886 | cat >>confdefs.h <<\_ACEOF | 3935 | cat >>confdefs.h <<\_ACEOF |
3887 | @%:@define SPT_TYPE SPT_PSTAT | 3936 | @%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3888 | _ACEOF | 3937 | _ACEOF |
3889 | 3938 | ||
3890 | LIBS="$LIBS -lsec" | 3939 | LIBS="$LIBS -lsec" |
@@ -3986,7 +4035,7 @@ _ACEOF | |||
3986 | _ACEOF | 4035 | _ACEOF |
3987 | 4036 | ||
3988 | cat >>confdefs.h <<\_ACEOF | 4037 | cat >>confdefs.h <<\_ACEOF |
3989 | @%:@define SPT_TYPE SPT_PSTAT | 4038 | @%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3990 | _ACEOF | 4039 | _ACEOF |
3991 | 4040 | ||
3992 | LIBS="$LIBS -lsec" | 4041 | LIBS="$LIBS -lsec" |
@@ -4180,6 +4229,14 @@ _ACEOF | |||
4180 | @%:@define PAM_TTY_KLUDGE 1 | 4229 | @%:@define PAM_TTY_KLUDGE 1 |
4181 | _ACEOF | 4230 | _ACEOF |
4182 | 4231 | ||
4232 | cat >>confdefs.h <<\_ACEOF | ||
4233 | @%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV | ||
4234 | _ACEOF | ||
4235 | |||
4236 | cat >>confdefs.h <<\_ACEOF | ||
4237 | @%:@define SETPROCTITLE_PS_PADDING '\0' | ||
4238 | _ACEOF | ||
4239 | |||
4183 | inet6_default_4in6=yes | 4240 | inet6_default_4in6=yes |
4184 | ;; | 4241 | ;; |
4185 | mips-sony-bsd|mips-sony-newsos4) | 4242 | mips-sony-bsd|mips-sony-newsos4) |
@@ -4240,6 +4297,10 @@ _ACEOF | |||
4240 | @%:@define PAM_TTY_KLUDGE 1 | 4297 | @%:@define PAM_TTY_KLUDGE 1 |
4241 | _ACEOF | 4298 | _ACEOF |
4242 | 4299 | ||
4300 | cat >>confdefs.h <<\_ACEOF | ||
4301 | @%:@define STREAMS_PUSH_ACQUIRES_CTTY 1 | ||
4302 | _ACEOF | ||
4303 | |||
4243 | # hardwire lastlog location (can't detect it on some versions) | 4304 | # hardwire lastlog location (can't detect it on some versions) |
4244 | conf_lastlog_location="/var/adm/lastlog" | 4305 | conf_lastlog_location="/var/adm/lastlog" |
4245 | echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 | 4306 | echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 |
@@ -4504,6 +4565,9 @@ done | |||
4504 | do_sco3_extra_lib_check=yes | 4565 | do_sco3_extra_lib_check=yes |
4505 | ;; | 4566 | ;; |
4506 | *-*-sco3.2v5*) | 4567 | *-*-sco3.2v5*) |
4568 | if test -z "$GCC"; then | ||
4569 | CFLAGS="$CFLAGS -belf" | ||
4570 | fi | ||
4507 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 4571 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
4508 | LDFLAGS="$LDFLAGS -L/usr/local/lib" | 4572 | LDFLAGS="$LDFLAGS -L/usr/local/lib" |
4509 | LIBS="$LIBS -lprot -lx -ltinfo -lm" | 4573 | LIBS="$LIBS -lprot -lx -ltinfo -lm" |
@@ -4604,8 +4668,6 @@ done | |||
4604 | MANTYPE=man | 4668 | MANTYPE=man |
4605 | ;; | 4669 | ;; |
4606 | *-*-unicosmk*) | 4670 | *-*-unicosmk*) |
4607 | no_libsocket=1 | ||
4608 | no_libnsl=1 | ||
4609 | cat >>confdefs.h <<\_ACEOF | 4671 | cat >>confdefs.h <<\_ACEOF |
4610 | @%:@define USE_PIPES 1 | 4672 | @%:@define USE_PIPES 1 |
4611 | _ACEOF | 4673 | _ACEOF |
@@ -4619,8 +4681,6 @@ _ACEOF | |||
4619 | MANTYPE=cat | 4681 | MANTYPE=cat |
4620 | ;; | 4682 | ;; |
4621 | *-*-unicos*) | 4683 | *-*-unicos*) |
4622 | no_libsocket=1 | ||
4623 | no_libnsl=1 | ||
4624 | cat >>confdefs.h <<\_ACEOF | 4684 | cat >>confdefs.h <<\_ACEOF |
4625 | @%:@define USE_PIPES 1 | 4685 | @%:@define USE_PIPES 1 |
4626 | _ACEOF | 4686 | _ACEOF |
@@ -4665,12 +4725,20 @@ _ACEOF | |||
4665 | @%:@define DISABLE_LOGIN 1 | 4725 | @%:@define DISABLE_LOGIN 1 |
4666 | _ACEOF | 4726 | _ACEOF |
4667 | 4727 | ||
4728 | cat >>confdefs.h <<\_ACEOF | ||
4729 | @%:@define DISABLE_FD_PASSING 1 | ||
4730 | _ACEOF | ||
4731 | |||
4668 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | 4732 | LIBS="$LIBS -lsecurity -ldb -lm -laud" |
4669 | else | 4733 | else |
4670 | echo "$as_me:$LINENO: result: no" >&5 | 4734 | echo "$as_me:$LINENO: result: no" >&5 |
4671 | echo "${ECHO_T}no" >&6 | 4735 | echo "${ECHO_T}no" >&6 |
4672 | fi | 4736 | fi |
4673 | fi | 4737 | fi |
4738 | cat >>confdefs.h <<\_ACEOF | ||
4739 | @%:@define DISABLE_FD_PASSING 1 | ||
4740 | _ACEOF | ||
4741 | |||
4674 | ;; | 4742 | ;; |
4675 | 4743 | ||
4676 | *-*-nto-qnx) | 4744 | *-*-nto-qnx) |
@@ -4984,14 +5052,17 @@ done | |||
4984 | 5052 | ||
4985 | 5053 | ||
4986 | 5054 | ||
5055 | |||
5056 | |||
5057 | |||
4987 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ | 5058 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ |
4988 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ | 5059 | getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ |
4989 | login_cap.h maillock.h netdb.h netgroup.h \ | 5060 | login_cap.h maillock.h netdb.h netgroup.h \ |
4990 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 5061 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
4991 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 5062 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
4992 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 5063 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
4993 | sys/mman.h sys/select.h sys/stat.h \ | 5064 | sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ |
4994 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 5065 | sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ |
4995 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ | 5066 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
4996 | util.h utime.h utmp.h utmpx.h | 5067 | util.h utime.h utmp.h utmpx.h |
4997 | do | 5068 | do |
@@ -6740,17 +6811,262 @@ fi; | |||
6740 | 6811 | ||
6741 | 6812 | ||
6742 | 6813 | ||
6743 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ | 6814 | |
6744 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 6815 | |
6745 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ | 6816 | |
6746 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 6817 | |
6747 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 6818 | |
6748 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 6819 | for ac_func in \ |
6749 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ | 6820 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ |
6750 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ | 6821 | bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ |
6751 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ | 6822 | gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ |
6752 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 6823 | getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ |
6753 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty | 6824 | inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
6825 | mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ | ||
6826 | readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ | ||
6827 | setegid setenv seteuid setgroups setlogin setpcred setproctitle \ | ||
6828 | setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ | ||
6829 | snprintf socketpair strerror strlcat strlcpy strmode strnvis \ | ||
6830 | sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ | ||
6831 | |||
6832 | do | ||
6833 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
6834 | echo "$as_me:$LINENO: checking for $ac_func" >&5 | ||
6835 | echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 | ||
6836 | if eval "test \"\${$as_ac_var+set}\" = set"; then | ||
6837 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
6838 | else | ||
6839 | cat >conftest.$ac_ext <<_ACEOF | ||
6840 | #line $LINENO "configure" | ||
6841 | #include "confdefs.h" | ||
6842 | /* System header to define __stub macros and hopefully few prototypes, | ||
6843 | which can conflict with char $ac_func (); below. */ | ||
6844 | #include <assert.h> | ||
6845 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
6846 | #ifdef __cplusplus | ||
6847 | extern "C" | ||
6848 | #endif | ||
6849 | /* We use char because int might match the return type of a gcc2 | ||
6850 | builtin and then its argument prototype would still apply. */ | ||
6851 | char $ac_func (); | ||
6852 | char (*f) (); | ||
6853 | |||
6854 | #ifdef F77_DUMMY_MAIN | ||
6855 | # ifdef __cplusplus | ||
6856 | extern "C" | ||
6857 | # endif | ||
6858 | int F77_DUMMY_MAIN() { return 1; } | ||
6859 | #endif | ||
6860 | int | ||
6861 | main () | ||
6862 | { | ||
6863 | /* The GNU C library defines this for functions which it implements | ||
6864 | to always fail with ENOSYS. Some functions are actually named | ||
6865 | something starting with __ and the normal name is an alias. */ | ||
6866 | #if defined (__stub_$ac_func) || defined (__stub___$ac_func) | ||
6867 | choke me | ||
6868 | #else | ||
6869 | f = $ac_func; | ||
6870 | #endif | ||
6871 | |||
6872 | ; | ||
6873 | return 0; | ||
6874 | } | ||
6875 | _ACEOF | ||
6876 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
6877 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6878 | (eval $ac_link) 2>&5 | ||
6879 | ac_status=$? | ||
6880 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6881 | (exit $ac_status); } && | ||
6882 | { ac_try='test -s conftest$ac_exeext' | ||
6883 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6884 | (eval $ac_try) 2>&5 | ||
6885 | ac_status=$? | ||
6886 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6887 | (exit $ac_status); }; }; then | ||
6888 | eval "$as_ac_var=yes" | ||
6889 | else | ||
6890 | echo "$as_me: failed program was:" >&5 | ||
6891 | cat conftest.$ac_ext >&5 | ||
6892 | eval "$as_ac_var=no" | ||
6893 | fi | ||
6894 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
6895 | fi | ||
6896 | echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 | ||
6897 | echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 | ||
6898 | if test `eval echo '${'$as_ac_var'}'` = yes; then | ||
6899 | cat >>confdefs.h <<_ACEOF | ||
6900 | @%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
6901 | _ACEOF | ||
6902 | |||
6903 | fi | ||
6904 | done | ||
6905 | |||
6906 | |||
6907 | echo "$as_me:$LINENO: checking for library containing nanosleep" >&5 | ||
6908 | echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6 | ||
6909 | if test "${ac_cv_search_nanosleep+set}" = set; then | ||
6910 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
6911 | else | ||
6912 | ac_func_search_save_LIBS=$LIBS | ||
6913 | ac_cv_search_nanosleep=no | ||
6914 | cat >conftest.$ac_ext <<_ACEOF | ||
6915 | #line $LINENO "configure" | ||
6916 | #include "confdefs.h" | ||
6917 | |||
6918 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
6919 | #ifdef __cplusplus | ||
6920 | extern "C" | ||
6921 | #endif | ||
6922 | /* We use char because int might match the return type of a gcc2 | ||
6923 | builtin and then its argument prototype would still apply. */ | ||
6924 | char nanosleep (); | ||
6925 | #ifdef F77_DUMMY_MAIN | ||
6926 | # ifdef __cplusplus | ||
6927 | extern "C" | ||
6928 | # endif | ||
6929 | int F77_DUMMY_MAIN() { return 1; } | ||
6930 | #endif | ||
6931 | int | ||
6932 | main () | ||
6933 | { | ||
6934 | nanosleep (); | ||
6935 | ; | ||
6936 | return 0; | ||
6937 | } | ||
6938 | _ACEOF | ||
6939 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
6940 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6941 | (eval $ac_link) 2>&5 | ||
6942 | ac_status=$? | ||
6943 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6944 | (exit $ac_status); } && | ||
6945 | { ac_try='test -s conftest$ac_exeext' | ||
6946 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6947 | (eval $ac_try) 2>&5 | ||
6948 | ac_status=$? | ||
6949 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6950 | (exit $ac_status); }; }; then | ||
6951 | ac_cv_search_nanosleep="none required" | ||
6952 | else | ||
6953 | echo "$as_me: failed program was:" >&5 | ||
6954 | cat conftest.$ac_ext >&5 | ||
6955 | fi | ||
6956 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
6957 | if test "$ac_cv_search_nanosleep" = no; then | ||
6958 | for ac_lib in rt posix4; do | ||
6959 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
6960 | cat >conftest.$ac_ext <<_ACEOF | ||
6961 | #line $LINENO "configure" | ||
6962 | #include "confdefs.h" | ||
6963 | |||
6964 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
6965 | #ifdef __cplusplus | ||
6966 | extern "C" | ||
6967 | #endif | ||
6968 | /* We use char because int might match the return type of a gcc2 | ||
6969 | builtin and then its argument prototype would still apply. */ | ||
6970 | char nanosleep (); | ||
6971 | #ifdef F77_DUMMY_MAIN | ||
6972 | # ifdef __cplusplus | ||
6973 | extern "C" | ||
6974 | # endif | ||
6975 | int F77_DUMMY_MAIN() { return 1; } | ||
6976 | #endif | ||
6977 | int | ||
6978 | main () | ||
6979 | { | ||
6980 | nanosleep (); | ||
6981 | ; | ||
6982 | return 0; | ||
6983 | } | ||
6984 | _ACEOF | ||
6985 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
6986 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6987 | (eval $ac_link) 2>&5 | ||
6988 | ac_status=$? | ||
6989 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6990 | (exit $ac_status); } && | ||
6991 | { ac_try='test -s conftest$ac_exeext' | ||
6992 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6993 | (eval $ac_try) 2>&5 | ||
6994 | ac_status=$? | ||
6995 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6996 | (exit $ac_status); }; }; then | ||
6997 | ac_cv_search_nanosleep="-l$ac_lib" | ||
6998 | break | ||
6999 | else | ||
7000 | echo "$as_me: failed program was:" >&5 | ||
7001 | cat conftest.$ac_ext >&5 | ||
7002 | fi | ||
7003 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
7004 | done | ||
7005 | fi | ||
7006 | LIBS=$ac_func_search_save_LIBS | ||
7007 | fi | ||
7008 | echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5 | ||
7009 | echo "${ECHO_T}$ac_cv_search_nanosleep" >&6 | ||
7010 | if test "$ac_cv_search_nanosleep" != no; then | ||
7011 | test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS" | ||
7012 | cat >>confdefs.h <<\_ACEOF | ||
7013 | @%:@define HAVE_NANOSLEEP 1 | ||
7014 | _ACEOF | ||
7015 | |||
7016 | fi | ||
7017 | |||
7018 | |||
7019 | echo "$as_me:$LINENO: checking whether strsep is declared" >&5 | ||
7020 | echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6 | ||
7021 | if test "${ac_cv_have_decl_strsep+set}" = set; then | ||
7022 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
7023 | else | ||
7024 | cat >conftest.$ac_ext <<_ACEOF | ||
7025 | #line $LINENO "configure" | ||
7026 | #include "confdefs.h" | ||
7027 | $ac_includes_default | ||
7028 | #ifdef F77_DUMMY_MAIN | ||
7029 | # ifdef __cplusplus | ||
7030 | extern "C" | ||
7031 | # endif | ||
7032 | int F77_DUMMY_MAIN() { return 1; } | ||
7033 | #endif | ||
7034 | int | ||
7035 | main () | ||
7036 | { | ||
7037 | #ifndef strsep | ||
7038 | char *p = (char *) strsep; | ||
7039 | #endif | ||
7040 | |||
7041 | ; | ||
7042 | return 0; | ||
7043 | } | ||
7044 | _ACEOF | ||
7045 | rm -f conftest.$ac_objext | ||
7046 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
7047 | (eval $ac_compile) 2>&5 | ||
7048 | ac_status=$? | ||
7049 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7050 | (exit $ac_status); } && | ||
7051 | { ac_try='test -s conftest.$ac_objext' | ||
7052 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
7053 | (eval $ac_try) 2>&5 | ||
7054 | ac_status=$? | ||
7055 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7056 | (exit $ac_status); }; }; then | ||
7057 | ac_cv_have_decl_strsep=yes | ||
7058 | else | ||
7059 | echo "$as_me: failed program was:" >&5 | ||
7060 | cat conftest.$ac_ext >&5 | ||
7061 | ac_cv_have_decl_strsep=no | ||
7062 | fi | ||
7063 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
7064 | fi | ||
7065 | echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5 | ||
7066 | echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6 | ||
7067 | if test $ac_cv_have_decl_strsep = yes; then | ||
7068 | |||
7069 | for ac_func in strsep | ||
6754 | do | 7070 | do |
6755 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | 7071 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
6756 | echo "$as_me:$LINENO: checking for $ac_func" >&5 | 7072 | echo "$as_me:$LINENO: checking for $ac_func" >&5 |
@@ -6825,6 +7141,8 @@ _ACEOF | |||
6825 | fi | 7141 | fi |
6826 | done | 7142 | done |
6827 | 7143 | ||
7144 | fi | ||
7145 | |||
6828 | 7146 | ||
6829 | 7147 | ||
6830 | for ac_func in dirname | 7148 | for ac_func in dirname |
@@ -7975,6 +8293,65 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | |||
7975 | fi | 8293 | fi |
7976 | fi | 8294 | fi |
7977 | 8295 | ||
8296 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | ||
8297 | echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5 | ||
8298 | echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6 | ||
8299 | if test "$cross_compiling" = yes; then | ||
8300 | |||
8301 | echo "$as_me:$LINENO: result: yes" >&5 | ||
8302 | echo "${ECHO_T}yes" >&6 | ||
8303 | cat >>confdefs.h <<\_ACEOF | ||
8304 | @%:@define HAVE_STRICT_MKSTEMP 1 | ||
8305 | _ACEOF | ||
8306 | |||
8307 | |||
8308 | |||
8309 | else | ||
8310 | cat >conftest.$ac_ext <<_ACEOF | ||
8311 | #line $LINENO "configure" | ||
8312 | #include "confdefs.h" | ||
8313 | |||
8314 | #include <stdlib.h> | ||
8315 | main() { char template[]="conftest.mkstemp-test"; | ||
8316 | if (mkstemp(template) == -1) | ||
8317 | exit(1); | ||
8318 | unlink(template); exit(0); | ||
8319 | } | ||
8320 | |||
8321 | _ACEOF | ||
8322 | rm -f conftest$ac_exeext | ||
8323 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8324 | (eval $ac_link) 2>&5 | ||
8325 | ac_status=$? | ||
8326 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8327 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8328 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8329 | (eval $ac_try) 2>&5 | ||
8330 | ac_status=$? | ||
8331 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8332 | (exit $ac_status); }; }; then | ||
8333 | |||
8334 | echo "$as_me:$LINENO: result: no" >&5 | ||
8335 | echo "${ECHO_T}no" >&6 | ||
8336 | |||
8337 | else | ||
8338 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8339 | echo "$as_me: failed program was:" >&5 | ||
8340 | cat conftest.$ac_ext >&5 | ||
8341 | ( exit $ac_status ) | ||
8342 | |||
8343 | echo "$as_me:$LINENO: result: yes" >&5 | ||
8344 | echo "${ECHO_T}yes" >&6 | ||
8345 | cat >>confdefs.h <<\_ACEOF | ||
8346 | @%:@define HAVE_STRICT_MKSTEMP 1 | ||
8347 | _ACEOF | ||
8348 | |||
8349 | |||
8350 | fi | ||
8351 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8352 | fi | ||
8353 | fi | ||
8354 | |||
7978 | echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 | 8355 | echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 |
7979 | echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 | 8356 | echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 |
7980 | if test "${ac_cv_func_getpgrp_void+set}" = set; then | 8357 | if test "${ac_cv_func_getpgrp_void+set}" = set; then |
@@ -13128,12 +13505,72 @@ _ACEOF | |||
13128 | have_struct_timeval=1 | 13505 | have_struct_timeval=1 |
13129 | fi | 13506 | fi |
13130 | 13507 | ||
13131 | # If we don't have int64_t then we can't compile sftp-server. So don't | 13508 | echo "$as_me:$LINENO: checking for struct timespec" >&5 |
13132 | # even attempt to do it. | 13509 | echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6 |
13510 | if test "${ac_cv_type_struct_timespec+set}" = set; then | ||
13511 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
13512 | else | ||
13513 | cat >conftest.$ac_ext <<_ACEOF | ||
13514 | #line $LINENO "configure" | ||
13515 | #include "confdefs.h" | ||
13516 | $ac_includes_default | ||
13517 | #ifdef F77_DUMMY_MAIN | ||
13518 | # ifdef __cplusplus | ||
13519 | extern "C" | ||
13520 | # endif | ||
13521 | int F77_DUMMY_MAIN() { return 1; } | ||
13522 | #endif | ||
13523 | int | ||
13524 | main () | ||
13525 | { | ||
13526 | if ((struct timespec *) 0) | ||
13527 | return 0; | ||
13528 | if (sizeof (struct timespec)) | ||
13529 | return 0; | ||
13530 | ; | ||
13531 | return 0; | ||
13532 | } | ||
13533 | _ACEOF | ||
13534 | rm -f conftest.$ac_objext | ||
13535 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
13536 | (eval $ac_compile) 2>&5 | ||
13537 | ac_status=$? | ||
13538 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
13539 | (exit $ac_status); } && | ||
13540 | { ac_try='test -s conftest.$ac_objext' | ||
13541 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
13542 | (eval $ac_try) 2>&5 | ||
13543 | ac_status=$? | ||
13544 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
13545 | (exit $ac_status); }; }; then | ||
13546 | ac_cv_type_struct_timespec=yes | ||
13547 | else | ||
13548 | echo "$as_me: failed program was:" >&5 | ||
13549 | cat conftest.$ac_ext >&5 | ||
13550 | ac_cv_type_struct_timespec=no | ||
13551 | fi | ||
13552 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
13553 | fi | ||
13554 | echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5 | ||
13555 | echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6 | ||
13556 | if test $ac_cv_type_struct_timespec = yes; then | ||
13557 | |||
13558 | cat >>confdefs.h <<_ACEOF | ||
13559 | @%:@define HAVE_STRUCT_TIMESPEC 1 | ||
13560 | _ACEOF | ||
13561 | |||
13562 | |||
13563 | fi | ||
13564 | |||
13565 | |||
13566 | # We need int64_t or else certian parts of the compile will fail. | ||
13133 | if test "x$ac_cv_have_int64_t" = "xno" -a \ | 13567 | if test "x$ac_cv_have_int64_t" = "xno" -a \ |
13134 | "x$ac_cv_sizeof_long_int" != "x8" -a \ | 13568 | "x$ac_cv_sizeof_long_int" != "x8" -a \ |
13135 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then | 13569 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then |
13136 | NO_SFTP='#' | 13570 | echo "OpenSSH requires int64_t support. Contact your vendor or install" |
13571 | echo "an alternative compiler (I.E., GCC) before continuing." | ||
13572 | echo "" | ||
13573 | exit 1; | ||
13137 | else | 13574 | else |
13138 | if test "$cross_compiling" = yes; then | 13575 | if test "$cross_compiling" = yes; then |
13139 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | 13576 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 |
@@ -13196,7 +13633,6 @@ fi | |||
13196 | fi | 13633 | fi |
13197 | 13634 | ||
13198 | 13635 | ||
13199 | |||
13200 | # look for field 'ut_host' in header 'utmp.h' | 13636 | # look for field 'ut_host' in header 'utmp.h' |
13201 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | 13637 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` |
13202 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | 13638 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host |
@@ -15730,6 +16166,19 @@ fi | |||
15730 | 16166 | ||
15731 | fi; | 16167 | fi; |
15732 | 16168 | ||
16169 | STRIP_OPT=-s | ||
16170 | # Check whether --enable-strip or --disable-strip was given. | ||
16171 | if test "${enable_strip+set}" = set; then | ||
16172 | enableval="$enable_strip" | ||
16173 | |||
16174 | if test "x$enableval" = "xno" ; then | ||
16175 | STRIP_OPT= | ||
16176 | fi | ||
16177 | |||
16178 | |||
16179 | fi; | ||
16180 | |||
16181 | |||
15733 | if test -z "$xauth_path" ; then | 16182 | if test -z "$xauth_path" ; then |
15734 | XAUTH_PATH="undefined" | 16183 | XAUTH_PATH="undefined" |
15735 | 16184 | ||
@@ -16056,7 +16505,11 @@ else | |||
16056 | # include <paths.h> | 16505 | # include <paths.h> |
16057 | #endif | 16506 | #endif |
16058 | #ifndef _PATH_STDPATH | 16507 | #ifndef _PATH_STDPATH |
16059 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | 16508 | # ifdef _PATH_USERPATH /* Irix */ |
16509 | # define _PATH_STDPATH _PATH_USERPATH | ||
16510 | # else | ||
16511 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | ||
16512 | # endif | ||
16060 | #endif | 16513 | #endif |
16061 | #include <sys/types.h> | 16514 | #include <sys/types.h> |
16062 | #include <sys/stat.h> | 16515 | #include <sys/stat.h> |
@@ -17346,6 +17799,7 @@ s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t | |||
17346 | s,@INSTALL_DATA@,$INSTALL_DATA,;t t | 17799 | s,@INSTALL_DATA@,$INSTALL_DATA,;t t |
17347 | s,@AR@,$AR,;t t | 17800 | s,@AR@,$AR,;t t |
17348 | s,@PERL@,$PERL,;t t | 17801 | s,@PERL@,$PERL,;t t |
17802 | s,@SED@,$SED,;t t | ||
17349 | s,@ENT@,$ENT,;t t | 17803 | s,@ENT@,$ENT,;t t |
17350 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t | 17804 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t |
17351 | s,@SH@,$SH,;t t | 17805 | s,@SH@,$SH,;t t |
@@ -17372,10 +17826,10 @@ s,@PROG_UPTIME@,$PROG_UPTIME,;t t | |||
17372 | s,@PROG_IPCS@,$PROG_IPCS,;t t | 17826 | s,@PROG_IPCS@,$PROG_IPCS,;t t |
17373 | s,@PROG_TAIL@,$PROG_TAIL,;t t | 17827 | s,@PROG_TAIL@,$PROG_TAIL,;t t |
17374 | s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t | 17828 | s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t |
17375 | s,@NO_SFTP@,$NO_SFTP,;t t | ||
17376 | s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t | 17829 | s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t |
17377 | s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t | 17830 | s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t |
17378 | s,@xauth_path@,$xauth_path,;t t | 17831 | s,@xauth_path@,$xauth_path,;t t |
17832 | s,@STRIP_OPT@,$STRIP_OPT,;t t | ||
17379 | s,@XAUTH_PATH@,$XAUTH_PATH,;t t | 17833 | s,@XAUTH_PATH@,$XAUTH_PATH,;t t |
17380 | s,@NROFF@,$NROFF,;t t | 17834 | s,@NROFF@,$NROFF,;t t |
17381 | s,@MANTYPE@,$MANTYPE,;t t | 17835 | s,@MANTYPE@,$MANTYPE,;t t |
@@ -17895,12 +18349,6 @@ if test "x$PAM_MSG" = "xyes" ; then | |||
17895 | echo "" | 18349 | echo "" |
17896 | fi | 18350 | fi |
17897 | 18351 | ||
17898 | if test ! -z "$NO_SFTP"; then | ||
17899 | echo "sftp-server will be disabled. Your compiler does not " | ||
17900 | echo "support 64bit integers." | ||
17901 | echo "" | ||
17902 | fi | ||
17903 | |||
17904 | if test ! -z "$RAND_HELPER_CMDHASH" ; then | 18352 | if test ! -z "$RAND_HELPER_CMDHASH" ; then |
17905 | echo "WARNING: you are using the builtin random number collection " | 18353 | echo "WARNING: you are using the builtin random number collection " |
17906 | echo "service. Please read WARNING.RNG and request that your OS " | 18354 | echo "service. Please read WARNING.RNG and request that your OS " |
diff --git a/autom4te-2.53.cache/requests b/autom4te-2.53.cache/requests index a1d9e872f..17e72cec4 100644 --- a/autom4te-2.53.cache/requests +++ b/autom4te-2.53.cache/requests | |||
@@ -7,89 +7,89 @@ | |||
7 | '0', | 7 | '0', |
8 | 1, | 8 | 1, |
9 | [ | 9 | [ |
10 | '/usr/share/autoconf-2.53' | 10 | '/usr/share/autoconf' |
11 | ], | 11 | ], |
12 | [ | 12 | [ |
13 | '--reload-state=/usr/share/autoconf-2.53/autoconf/autoconf.m4f', | 13 | '--reload-state=/usr/share/autoconf/autoconf/autoconf.m4f', |
14 | 'aclocal.m4', | 14 | 'aclocal.m4', |
15 | 'configure.ac' | 15 | 'configure.ac' |
16 | ], | 16 | ], |
17 | { | 17 | { |
18 | 'AC_HEADER_STAT' => 1, | 18 | 'm4_pattern_forbid' => 1, |
19 | 'AC_FUNC_STRFTIME' => 1, | 19 | 'AC_TYPE_OFF_T' => 1, |
20 | 'AC_PROG_RANLIB' => 1, | 20 | 'AC_PROG_LIBTOOL' => 1, |
21 | 'AC_FUNC_WAIT3' => 1, | 21 | 'AC_FUNC_STAT' => 1, |
22 | 'AC_FUNC_SETPGRP' => 1, | ||
23 | 'AC_HEADER_TIME' => 1, | 22 | 'AC_HEADER_TIME' => 1, |
24 | 'AC_FUNC_SETVBUF_REVERSED' => 1, | 23 | 'AC_FUNC_WAIT3' => 1, |
25 | 'AC_HEADER_SYS_WAIT' => 1, | 24 | 'AC_STRUCT_TM' => 1, |
25 | 'AC_FUNC_LSTAT' => 1, | ||
26 | 'AC_TYPE_MODE_T' => 1, | ||
27 | 'AC_FUNC_STRTOD' => 1, | ||
28 | 'AC_CHECK_HEADERS' => 1, | ||
29 | 'AC_PROG_CXX' => 1, | ||
30 | 'AC_PATH_X' => 1, | ||
31 | 'AC_PROG_AWK' => 1, | ||
32 | 'AC_HEADER_STDC' => 1, | ||
33 | 'AC_HEADER_MAJOR' => 1, | ||
34 | 'AC_FUNC_ERROR_AT_LINE' => 1, | ||
35 | 'AC_PROG_GCC_TRADITIONAL' => 1, | ||
36 | 'AC_LIBSOURCE' => 1, | ||
37 | 'AC_STRUCT_ST_BLOCKS' => 1, | ||
38 | 'AC_TYPE_SIGNAL' => 1, | ||
26 | 'AC_TYPE_UID_T' => 1, | 39 | 'AC_TYPE_UID_T' => 1, |
27 | 'AM_CONDITIONAL' => 1, | 40 | 'AC_PROG_MAKE_SET' => 1, |
28 | 'AC_CHECK_LIB' => 1, | 41 | 'm4_pattern_allow' => 1, |
29 | 'AC_PROG_LN_S' => 1, | 42 | 'AC_DEFINE_TRACE_LITERAL' => 1, |
30 | 'AC_FUNC_MEMCMP' => 1, | 43 | 'AM_PROG_LIBTOOL' => 1, |
44 | 'AC_FUNC_STRERROR_R' => 1, | ||
45 | 'AC_PROG_CC' => 1, | ||
46 | 'AC_DECL_SYS_SIGLIST' => 1, | ||
31 | 'AC_FUNC_FORK' => 1, | 47 | 'AC_FUNC_FORK' => 1, |
32 | 'AC_FUNC_GETGROUPS' => 1, | 48 | 'AC_FUNC_VPRINTF' => 1, |
33 | 'AC_HEADER_MAJOR' => 1, | 49 | 'AC_FUNC_STRCOLL' => 1, |
34 | 'AC_FUNC_STRTOD' => 1, | 50 | 'AC_PROG_YACC' => 1, |
35 | 'AC_HEADER_DIRENT' => 1, | 51 | 'AC_INIT' => 1, |
36 | 'AC_FUNC_UTIME_NULL' => 1, | ||
37 | 'AC_CONFIG_FILES' => 1, | ||
38 | 'AC_FUNC_ALLOCA' => 1, | ||
39 | 'AC_C_CONST' => 1, | ||
40 | 'include' => 1, | ||
41 | 'AC_FUNC_OBSTACK' => 1, | ||
42 | 'AC_FUNC_LSTAT' => 1, | ||
43 | 'AC_STRUCT_TIMEZONE' => 1, | 52 | 'AC_STRUCT_TIMEZONE' => 1, |
53 | 'AC_FUNC_CHOWN' => 1, | ||
54 | 'AC_SUBST' => 1, | ||
55 | 'AC_FUNC_ALLOCA' => 1, | ||
44 | 'AC_FUNC_GETPGRP' => 1, | 56 | 'AC_FUNC_GETPGRP' => 1, |
45 | 'AC_DEFINE_TRACE_LITERAL' => 1, | 57 | 'AC_PROG_RANLIB' => 1, |
46 | 'AC_CHECK_HEADERS' => 1, | 58 | 'AC_FUNC_SETPGRP' => 1, |
47 | 'AC_TYPE_MODE_T' => 1, | 59 | 'AC_CONFIG_SUBDIRS' => 1, |
60 | 'AC_FUNC_MMAP' => 1, | ||
61 | 'AC_TYPE_SIZE_T' => 1, | ||
48 | 'AC_CHECK_TYPES' => 1, | 62 | 'AC_CHECK_TYPES' => 1, |
49 | 'AC_PROG_YACC' => 1, | 63 | 'AC_FUNC_UTIME_NULL' => 1, |
64 | 'AC_FUNC_STRFTIME' => 1, | ||
65 | 'AC_HEADER_STAT' => 1, | ||
66 | 'AC_C_INLINE' => 1, | ||
67 | 'AC_PROG_CPP' => 1, | ||
68 | 'AC_C_CONST' => 1, | ||
69 | 'AC_PROG_LEX' => 1, | ||
50 | 'AC_TYPE_PID_T' => 1, | 70 | 'AC_TYPE_PID_T' => 1, |
51 | 'AC_FUNC_STRERROR_R' => 1, | 71 | 'AC_CONFIG_FILES' => 1, |
52 | 'AC_STRUCT_ST_BLOCKS' => 1, | 72 | 'include' => 1, |
53 | 'AC_PROG_GCC_TRADITIONAL' => 1, | 73 | 'AC_FUNC_SETVBUF_REVERSED' => 1, |
54 | 'AC_TYPE_SIGNAL' => 1, | ||
55 | 'AM_PROG_LIBTOOL' => 1, | ||
56 | 'AC_FUNC_FNMATCH' => 1, | 74 | 'AC_FUNC_FNMATCH' => 1, |
57 | 'AC_PROG_CPP' => 1, | ||
58 | 'AC_FUNC_STAT' => 1, | ||
59 | 'AC_PROG_INSTALL' => 1, | 75 | 'AC_PROG_INSTALL' => 1, |
60 | 'AM_GNU_GETTEXT' => 1, | 76 | 'AM_GNU_GETTEXT' => 1, |
61 | 'AC_CONFIG_SUBDIRS' => 1, | 77 | 'AC_FUNC_OBSTACK' => 1, |
62 | 'AC_FUNC_STRCOLL' => 1, | 78 | 'AC_CHECK_LIB' => 1, |
63 | 'AC_LIBSOURCE' => 1, | 79 | 'AC_FUNC_MALLOC' => 1, |
64 | 'AC_C_INLINE' => 1, | 80 | 'AC_FUNC_GETGROUPS' => 1, |
65 | 'AC_FUNC_CHOWN' => 1, | ||
66 | 'AC_INIT' => 1, | ||
67 | 'AC_PROG_LEX' => 1, | ||
68 | 'AH_OUTPUT' => 1, | ||
69 | 'AC_HEADER_STDC' => 1, | ||
70 | 'AC_FUNC_GETLOADAVG' => 1, | 81 | 'AC_FUNC_GETLOADAVG' => 1, |
71 | 'AC_CHECK_FUNCS' => 1, | 82 | 'AH_OUTPUT' => 1, |
72 | 'AC_TYPE_SIZE_T' => 1, | 83 | 'AC_FUNC_FSEEKO' => 1, |
73 | 'AC_DECL_SYS_SIGLIST' => 1, | ||
74 | 'AC_FUNC_MKTIME' => 1, | 84 | 'AC_FUNC_MKTIME' => 1, |
75 | 'AC_PROG_MAKE_SET' => 1, | 85 | 'AM_CONDITIONAL' => 1, |
76 | 'AC_PROG_CXX' => 1, | ||
77 | 'm4_pattern_allow' => 1, | ||
78 | 'm4_include' => 1, | ||
79 | 'm4_pattern_forbid' => 1, | ||
80 | 'AC_PROG_AWK' => 1, | ||
81 | 'AC_FUNC_VPRINTF' => 1, | ||
82 | 'AC_CONFIG_HEADERS' => 1, | 86 | 'AC_CONFIG_HEADERS' => 1, |
83 | 'AC_PATH_X' => 1, | 87 | 'AC_HEADER_SYS_WAIT' => 1, |
84 | 'AC_TYPE_OFF_T' => 1, | 88 | 'AC_PROG_LN_S' => 1, |
85 | 'AC_FUNC_MALLOC' => 1, | 89 | 'AC_FUNC_MEMCMP' => 1, |
86 | 'AC_FUNC_ERROR_AT_LINE' => 1, | 90 | 'm4_include' => 1, |
87 | 'AC_FUNC_FSEEKO' => 1, | 91 | 'AC_HEADER_DIRENT' => 1, |
88 | 'AC_FUNC_MMAP' => 1, | 92 | 'AC_CHECK_FUNCS' => 1 |
89 | 'AC_STRUCT_TM' => 1, | ||
90 | 'AC_SUBST' => 1, | ||
91 | 'AC_PROG_LIBTOOL' => 1, | ||
92 | 'AC_PROG_CC' => 1 | ||
93 | } | 93 | } |
94 | ], 'Request' ) | 94 | ], 'Request' ) |
95 | ); | 95 | ); |
diff --git a/autom4te-2.53.cache/traces.0 b/autom4te-2.53.cache/traces.0 index 3fcfab66c..c928d0c58 100644 --- a/autom4te-2.53.cache/traces.0 +++ b/autom4te-2.53.cache/traces.0 | |||
@@ -91,462 +91,492 @@ m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_SCRIPT]) | |||
91 | m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA]) | 91 | m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA]) |
92 | m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR]) | 92 | m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR]) |
93 | m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL]) | 93 | m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL]) |
94 | m4trace:configure.ac:17: -1- AC_SUBST([PERL]) | 94 | m4trace:configure.ac:17: -1- AC_SUBST([SED], [$ac_cv_path_SED]) |
95 | m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) | 95 | m4trace:configure.ac:18: -1- AC_SUBST([PERL]) |
96 | m4trace:configure.ac:19: -1- AC_SUBST([ENT]) | 96 | m4trace:configure.ac:19: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) |
97 | m4trace:configure.ac:20: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 97 | m4trace:configure.ac:20: -1- AC_SUBST([ENT]) |
98 | m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 98 | m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
99 | m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 99 | m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
100 | m4trace:configure.ac:23: -1- AC_SUBST([SH], [$ac_cv_path_SH]) | 100 | m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
101 | m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) | 101 | m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH]) |
102 | m4trace:configure.ac:26: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */ | 102 | m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) |
103 | m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */ | ||
103 | #undef _FILE_OFFSET_BITS]) | 104 | #undef _FILE_OFFSET_BITS]) |
104 | m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) | 105 | m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) |
105 | m4trace:configure.ac:26: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ | 106 | m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ |
106 | #undef _LARGE_FILES]) | 107 | #undef _LARGE_FILES]) |
107 | m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) | 108 | m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) |
108 | m4trace:configure.ac:37: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) | 109 | m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) |
109 | m4trace:configure.ac:39: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) | 110 | m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) |
110 | m4trace:configure.ac:46: -1- AC_SUBST([LD]) | 111 | m4trace:configure.ac:47: -1- AC_SUBST([LD]) |
111 | m4trace:configure.ac:48: -1- AC_C_INLINE | 112 | m4trace:configure.ac:49: -1- AC_C_INLINE |
112 | m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) | 113 | m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) |
113 | m4trace:configure.ac:48: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing | 114 | m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing |
114 | if it is not supported. */ | 115 | if it is not supported. */ |
115 | #undef inline]) | 116 | #undef inline]) |
116 | m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) | 117 | m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) |
117 | m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) | 118 | m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) |
118 | m4trace:configure.ac:78: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE) | 119 | m4trace:configure.ac:79: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE) |
119 | LIBS="$LIBS -ls" | 120 | LIBS="$LIBS -ls" |
120 | ]) | 121 | ]) |
121 | m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) | 122 | m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) |
122 | m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) | 123 | m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) |
123 | m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) | 124 | m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) |
124 | m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 125 | m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
125 | m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 126 | m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
126 | m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) | 127 | m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY]) |
127 | m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 128 | m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING]) |
128 | m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 129 | m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) |
129 | m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) | 130 | m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
130 | m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 131 | m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
131 | m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) | 132 | m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) |
132 | m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT]) | 133 | m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
133 | m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) | 134 | m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) |
134 | m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) | 135 | m4trace:configure.ac:97: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT]) |
135 | m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 136 | m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
136 | m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) | 137 | m4trace:configure.ac:99: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) |
137 | m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 138 | m4trace:configure.ac:102: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
138 | m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 139 | m4trace:configure.ac:114: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) |
139 | m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 140 | m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
140 | m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 141 | m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
141 | m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 142 | m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
142 | m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 143 | m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
143 | m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 144 | m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
144 | m4trace:configure.ac:126: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | 145 | m4trace:configure.ac:127: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
146 | m4trace:configure.ac:128: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY]) | ||
147 | m4trace:configure.ac:130: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
145 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | 148 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
146 | { (exit 1); exit 1; }; }]) | 149 | { (exit 1); exit 1; }; }]) |
147 | m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ | 150 | m4trace:configure.ac:130: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
148 | #undef HAVE_LIBXNET]) | 151 | #undef HAVE_LIBXNET]) |
149 | m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) | 152 | m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
150 | m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 153 | m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
151 | m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 154 | m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
152 | m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 155 | m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
153 | m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 156 | m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
154 | m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 157 | m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
155 | m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 158 | m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY]) |
156 | m4trace:configure.ac:142: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | 159 | m4trace:configure.ac:146: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 |
157 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | 160 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
158 | { (exit 1); exit 1; }; }]) | 161 | { (exit 1); exit 1; }; }]) |
159 | m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ | 162 | m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
160 | #undef HAVE_LIBXNET]) | 163 | #undef HAVE_LIBXNET]) |
161 | m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) | 164 | m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
162 | m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 165 | m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) |
163 | m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 166 | m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
164 | m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 167 | m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
165 | m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 168 | m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
166 | m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 169 | m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
167 | m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 170 | m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
168 | m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 171 | m4trace:configure.ac:157: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY]) |
169 | m4trace:configure.ac:155: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | 172 | m4trace:configure.ac:159: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 |
170 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | 173 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
171 | { (exit 1); exit 1; }; }]) | 174 | { (exit 1); exit 1; }; }]) |
172 | m4trace:configure.ac:155: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ | 175 | m4trace:configure.ac:159: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
173 | #undef HAVE_LIBXNET]) | 176 | #undef HAVE_LIBXNET]) |
174 | m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) | 177 | m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
175 | m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | 178 | m4trace:configure.ac:165: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) |
176 | m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | 179 | m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) |
177 | m4trace:configure.ac:168: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) | 180 | m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) |
178 | m4trace:configure.ac:169: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) | 181 | m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) |
179 | m4trace:configure.ac:170: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) | 182 | m4trace:configure.ac:174: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) |
180 | m4trace:configure.ac:171: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) | 183 | m4trace:configure.ac:175: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) |
181 | m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | 184 | m4trace:configure.ac:176: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) |
182 | m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | 185 | m4trace:configure.ac:177: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) |
183 | m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) | 186 | m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) |
184 | m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | 187 | m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) |
185 | m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) | 188 | m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY]) |
186 | m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) | 189 | m4trace:configure.ac:185: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING]) |
187 | m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) | 190 | m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) |
188 | m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 191 | m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) |
189 | m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | 192 | m4trace:configure.ac:205: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) |
190 | m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 193 | m4trace:configure.ac:206: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
191 | m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 194 | m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) |
192 | m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) | 195 | m4trace:configure.ac:215: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) |
193 | m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | 196 | m4trace:configure.ac:216: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
194 | m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 197 | m4trace:configure.ac:217: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) |
195 | m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 198 | m4trace:configure.ac:218: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) |
196 | m4trace:configure.ac:227: -1- AC_CHECK_FUNCS([getpwanam]) | 199 | m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([STREAMS_PUSH_ACQUIRES_CTTY]) |
197 | m4trace:configure.ac:227: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ | 200 | m4trace:configure.ac:226: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
201 | m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | ||
202 | m4trace:configure.ac:234: -1- AC_CHECK_FUNCS([getpwanam]) | ||
203 | m4trace:configure.ac:234: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ | ||
198 | #undef HAVE_GETPWANAM]) | 204 | #undef HAVE_GETPWANAM]) |
199 | m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 205 | m4trace:configure.ac:235: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) |
200 | m4trace:configure.ac:232: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 206 | m4trace:configure.ac:239: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
201 | m4trace:configure.ac:238: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | ||
202 | m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 207 | m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
203 | m4trace:configure.ac:246: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 208 | m4trace:configure.ac:252: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
204 | m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 209 | m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
205 | m4trace:configure.ac:259: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 210 | m4trace:configure.ac:261: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
206 | m4trace:configure.ac:271: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H]) | 211 | m4trace:configure.ac:266: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
207 | m4trace:configure.ac:272: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 212 | m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H]) |
208 | m4trace:configure.ac:273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 213 | m4trace:configure.ac:279: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
209 | m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 214 | m4trace:configure.ac:280: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
210 | m4trace:configure.ac:275: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | 215 | m4trace:configure.ac:281: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
211 | m4trace:configure.ac:276: -1- AC_CHECK_FUNCS([getluid setluid]) | 216 | m4trace:configure.ac:282: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) |
212 | m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | 217 | m4trace:configure.ac:283: -1- AC_CHECK_FUNCS([getluid setluid]) |
218 | m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | ||
213 | #undef HAVE_GETLUID]) | 219 | #undef HAVE_GETLUID]) |
214 | m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ | 220 | m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ |
215 | #undef HAVE_SETLUID]) | 221 | #undef HAVE_SETLUID]) |
216 | m4trace:configure.ac:285: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 222 | m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
217 | m4trace:configure.ac:286: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 223 | m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
218 | m4trace:configure.ac:287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 224 | m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
219 | m4trace:configure.ac:288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) | 225 | m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
220 | m4trace:configure.ac:289: -1- AC_CHECK_FUNCS([getluid setluid]) | 226 | m4trace:configure.ac:299: -1- AC_CHECK_FUNCS([getluid setluid]) |
221 | m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | 227 | m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ |
222 | #undef HAVE_GETLUID]) | 228 | #undef HAVE_GETLUID]) |
223 | m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ | 229 | m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ |
224 | #undef HAVE_SETLUID]) | 230 | #undef HAVE_SETLUID]) |
225 | m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 231 | m4trace:configure.ac:303: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
226 | m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) | 232 | m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
227 | m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 233 | m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
228 | m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) | 234 | m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
229 | m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG]) | 235 | m4trace:configure.ac:312: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG]) |
230 | m4trace:configure.ac:326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) | 236 | m4trace:configure.ac:332: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) |
231 | m4trace:configure.ac:327: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) | 237 | m4trace:configure.ac:333: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) |
232 | m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 238 | m4trace:configure.ac:334: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
233 | m4trace:configure.ac:337: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) | 239 | m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
234 | m4trace:configure.ac:338: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) | 240 | m4trace:configure.ac:344: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
235 | m4trace:configure.ac:339: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) | 241 | m4trace:configure.ac:345: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) |
236 | m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) | 242 | m4trace:configure.ac:346: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) |
237 | m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ | 243 | m4trace:configure.ac:347: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) |
238 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ | 244 | m4trace:configure.ac:348: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) |
245 | m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ | ||
246 | getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ | ||
239 | login_cap.h maillock.h netdb.h netgroup.h \ | 247 | login_cap.h maillock.h netdb.h netgroup.h \ |
240 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 248 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
241 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 249 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
242 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 250 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
243 | sys/mman.h sys/select.h sys/stat.h \ | 251 | sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ |
244 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 252 | sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ |
245 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ | 253 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
246 | util.h utime.h utmp.h utmpx.h]) | 254 | util.h utime.h utmp.h utmpx.h]) |
247 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ | 255 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ |
248 | #undef HAVE_BSTRING_H]) | 256 | #undef HAVE_BSTRING_H]) |
249 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ | 257 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ |
250 | #undef HAVE_CRYPT_H]) | 258 | #undef HAVE_CRYPT_H]) |
251 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ | 259 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ |
252 | #undef HAVE_ENDIAN_H]) | 260 | #undef HAVE_ENDIAN_H]) |
253 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ | 261 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ |
254 | #undef HAVE_FLOATINGPOINT_H]) | 262 | #undef HAVE_FLOATINGPOINT_H]) |
255 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ | 263 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ |
256 | #undef HAVE_GETOPT_H]) | 264 | #undef HAVE_GETOPT_H]) |
257 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ | 265 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ |
258 | #undef HAVE_GLOB_H]) | 266 | #undef HAVE_GLOB_H]) |
259 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */ | 267 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */ |
260 | #undef HAVE_IA_H]) | 268 | #undef HAVE_IA_H]) |
261 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ | 269 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ |
262 | #undef HAVE_LASTLOG_H]) | 270 | #undef HAVE_LASTLOG_H]) |
263 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ | 271 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ |
272 | #undef HAVE_LIBGEN_H]) | ||
273 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ | ||
264 | #undef HAVE_LIMITS_H]) | 274 | #undef HAVE_LIMITS_H]) |
265 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ | 275 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ |
266 | #undef HAVE_LOGIN_H]) | 276 | #undef HAVE_LOGIN_H]) |
267 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ | 277 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ |
268 | #undef HAVE_LOGIN_CAP_H]) | 278 | #undef HAVE_LOGIN_CAP_H]) |
269 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ | 279 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ |
270 | #undef HAVE_MAILLOCK_H]) | 280 | #undef HAVE_MAILLOCK_H]) |
271 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ | 281 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ |
272 | #undef HAVE_NETDB_H]) | 282 | #undef HAVE_NETDB_H]) |
273 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ | 283 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ |
274 | #undef HAVE_NETGROUP_H]) | 284 | #undef HAVE_NETGROUP_H]) |
275 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ | 285 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ |
276 | #undef HAVE_NETINET_IN_SYSTM_H]) | 286 | #undef HAVE_NETINET_IN_SYSTM_H]) |
277 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ | 287 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ |
278 | #undef HAVE_PATHS_H]) | 288 | #undef HAVE_PATHS_H]) |
279 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ | 289 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ |
280 | #undef HAVE_PTY_H]) | 290 | #undef HAVE_PTY_H]) |
281 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ | 291 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ |
282 | #undef HAVE_READPASSPHRASE_H]) | 292 | #undef HAVE_READPASSPHRASE_H]) |
283 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ | 293 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ |
284 | #undef HAVE_RPC_TYPES_H]) | 294 | #undef HAVE_RPC_TYPES_H]) |
285 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ | 295 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ |
286 | #undef HAVE_SECURITY_PAM_APPL_H]) | 296 | #undef HAVE_SECURITY_PAM_APPL_H]) |
287 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ | 297 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ |
288 | #undef HAVE_SHADOW_H]) | 298 | #undef HAVE_SHADOW_H]) |
289 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ | 299 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ |
290 | #undef HAVE_STDDEF_H]) | 300 | #undef HAVE_STDDEF_H]) |
291 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ | 301 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ |
292 | #undef HAVE_STDINT_H]) | 302 | #undef HAVE_STDINT_H]) |
293 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ | 303 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ |
294 | #undef HAVE_STRINGS_H]) | 304 | #undef HAVE_STRINGS_H]) |
295 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ | 305 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ |
296 | #undef HAVE_SYS_BITYPES_H]) | 306 | #undef HAVE_SYS_BITYPES_H]) |
297 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ | 307 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ |
298 | #undef HAVE_SYS_BSDTTY_H]) | 308 | #undef HAVE_SYS_BSDTTY_H]) |
299 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ | 309 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ |
300 | #undef HAVE_SYS_CDEFS_H]) | 310 | #undef HAVE_SYS_CDEFS_H]) |
301 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ | 311 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ |
302 | #undef HAVE_SYS_MMAN_H]) | 312 | #undef HAVE_SYS_MMAN_H]) |
303 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ | 313 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_PSTAT_H], [/* Define to 1 if you have the <sys/pstat.h> header file. */ |
314 | #undef HAVE_SYS_PSTAT_H]) | ||
315 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ | ||
304 | #undef HAVE_SYS_SELECT_H]) | 316 | #undef HAVE_SYS_SELECT_H]) |
305 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ | 317 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ |
306 | #undef HAVE_SYS_STAT_H]) | 318 | #undef HAVE_SYS_STAT_H]) |
307 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ | 319 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ |
308 | #undef HAVE_SYS_STROPTS_H]) | 320 | #undef HAVE_SYS_STROPTS_H]) |
309 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ | 321 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ |
310 | #undef HAVE_SYS_SYSMACROS_H]) | 322 | #undef HAVE_SYS_SYSMACROS_H]) |
311 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ | 323 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ |
312 | #undef HAVE_SYS_TIME_H]) | 324 | #undef HAVE_SYS_TIME_H]) |
313 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ | 325 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIMERS_H], [/* Define to 1 if you have the <sys/timers.h> header file. */ |
326 | #undef HAVE_SYS_TIMERS_H]) | ||
327 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ | ||
314 | #undef HAVE_SYS_UN_H]) | 328 | #undef HAVE_SYS_UN_H]) |
315 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ | 329 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ |
316 | #undef HAVE_TIME_H]) | 330 | #undef HAVE_TIME_H]) |
317 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */ | 331 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */ |
318 | #undef HAVE_TMPDIR_H]) | 332 | #undef HAVE_TMPDIR_H]) |
319 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ | 333 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ |
320 | #undef HAVE_TTYENT_H]) | 334 | #undef HAVE_TTYENT_H]) |
321 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ | 335 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ |
322 | #undef HAVE_USERSEC_H]) | 336 | #undef HAVE_USERSEC_H]) |
323 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ | 337 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ |
324 | #undef HAVE_UTIL_H]) | 338 | #undef HAVE_UTIL_H]) |
325 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ | 339 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ |
326 | #undef HAVE_UTIME_H]) | 340 | #undef HAVE_UTIME_H]) |
327 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ | 341 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ |
328 | #undef HAVE_UTMP_H]) | 342 | #undef HAVE_UTMP_H]) |
329 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ | 343 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ |
330 | #undef HAVE_UTMPX_H]) | 344 | #undef HAVE_UTMPX_H]) |
331 | m4trace:configure.ac:388: -1- AC_HEADER_STDC | 345 | m4trace:configure.ac:396: -1- AC_HEADER_STDC |
332 | m4trace:configure.ac:388: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) | 346 | m4trace:configure.ac:396: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) |
333 | m4trace:configure.ac:388: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ | 347 | m4trace:configure.ac:396: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ |
334 | #undef STDC_HEADERS]) | 348 | #undef STDC_HEADERS]) |
335 | m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ | 349 | m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ |
336 | inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) | 350 | inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) |
337 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ | 351 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ |
338 | #undef HAVE_SYS_TYPES_H]) | 352 | #undef HAVE_SYS_TYPES_H]) |
339 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ | 353 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ |
340 | #undef HAVE_SYS_STAT_H]) | 354 | #undef HAVE_SYS_STAT_H]) |
341 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ | 355 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ |
342 | #undef HAVE_STDLIB_H]) | 356 | #undef HAVE_STDLIB_H]) |
343 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ | 357 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ |
344 | #undef HAVE_STRING_H]) | 358 | #undef HAVE_STRING_H]) |
345 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ | 359 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ |
346 | #undef HAVE_MEMORY_H]) | 360 | #undef HAVE_MEMORY_H]) |
347 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ | 361 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ |
348 | #undef HAVE_STRINGS_H]) | 362 | #undef HAVE_STRINGS_H]) |
349 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ | 363 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ |
350 | #undef HAVE_INTTYPES_H]) | 364 | #undef HAVE_INTTYPES_H]) |
351 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ | 365 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ |
352 | #undef HAVE_STDINT_H]) | 366 | #undef HAVE_STDINT_H]) |
353 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ | 367 | m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ |
354 | #undef HAVE_UNISTD_H]) | 368 | #undef HAVE_UNISTD_H]) |
355 | m4trace:configure.ac:391: -2- AC_CHECK_LIB([nsl], [yp_match]) | 369 | m4trace:configure.ac:399: -2- AC_CHECK_LIB([nsl], [yp_match]) |
356 | m4trace:configure.ac:391: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ | 370 | m4trace:configure.ac:399: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ |
357 | #undef HAVE_LIBNSL]) | 371 | #undef HAVE_LIBNSL]) |
358 | m4trace:configure.ac:391: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) | 372 | m4trace:configure.ac:399: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) |
359 | m4trace:configure.ac:392: -2- AC_CHECK_LIB([socket], [setsockopt]) | 373 | m4trace:configure.ac:400: -2- AC_CHECK_LIB([socket], [setsockopt]) |
360 | m4trace:configure.ac:392: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ | 374 | m4trace:configure.ac:400: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ |
361 | #undef HAVE_LIBSOCKET]) | 375 | #undef HAVE_LIBSOCKET]) |
362 | m4trace:configure.ac:392: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) | 376 | m4trace:configure.ac:400: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) |
363 | m4trace:configure.ac:397: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) | 377 | m4trace:configure.ac:405: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) |
364 | m4trace:configure.ac:402: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) | 378 | m4trace:configure.ac:410: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) |
365 | m4trace:configure.ac:444: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 | 379 | m4trace:configure.ac:452: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 |
366 | echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} | 380 | echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} |
367 | { (exit 1); exit 1; }; }]) | 381 | { (exit 1); exit 1; }; }]) |
368 | m4trace:configure.ac:444: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ | 382 | m4trace:configure.ac:452: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ |
369 | #undef HAVE_LIBZ]) | 383 | #undef HAVE_LIBZ]) |
370 | m4trace:configure.ac:444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) | 384 | m4trace:configure.ac:452: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) |
371 | m4trace:configure.ac:449: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) | 385 | m4trace:configure.ac:457: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) |
372 | m4trace:configure.ac:453: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES) | 386 | m4trace:configure.ac:461: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES) |
373 | LIBS="$LIBS -lc89"]) | 387 | LIBS="$LIBS -lc89"]) |
374 | m4trace:configure.ac:453: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES]) | 388 | m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES]) |
375 | m4trace:configure.ac:456: -1- AC_CHECK_HEADERS([libutil.h]) | 389 | m4trace:configure.ac:464: -1- AC_CHECK_HEADERS([libutil.h]) |
376 | m4trace:configure.ac:456: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ | 390 | m4trace:configure.ac:464: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ |
377 | #undef HAVE_LIBUTIL_H]) | 391 | #undef HAVE_LIBUTIL_H]) |
378 | m4trace:configure.ac:457: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) | 392 | m4trace:configure.ac:465: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) |
379 | m4trace:configure.ac:458: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) | 393 | m4trace:configure.ac:466: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) |
380 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ | 394 | m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ |
381 | #undef HAVE_LOGOUT]) | 395 | #undef HAVE_LOGOUT]) |
382 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ | 396 | m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ |
383 | #undef HAVE_UPDWTMP]) | 397 | #undef HAVE_UPDWTMP]) |
384 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ | 398 | m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ |
385 | #undef HAVE_LOGWTMP]) | 399 | #undef HAVE_LOGWTMP]) |
386 | m4trace:configure.ac:460: -1- AC_FUNC_STRFTIME | 400 | m4trace:configure.ac:468: -1- AC_FUNC_STRFTIME |
387 | m4trace:configure.ac:460: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. | 401 | m4trace:configure.ac:468: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. |
388 | AC_CHECK_LIB(intl, strftime, | 402 | AC_CHECK_LIB(intl, strftime, |
389 | [AC_DEFINE(HAVE_STRFTIME) | 403 | [AC_DEFINE(HAVE_STRFTIME) |
390 | LIBS="-lintl $LIBS"])]) | 404 | LIBS="-lintl $LIBS"])]) |
391 | m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ | 405 | m4trace:configure.ac:468: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ |
392 | #undef HAVE_STRFTIME]) | 406 | #undef HAVE_STRFTIME]) |
393 | m4trace:configure.ac:460: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) | 407 | m4trace:configure.ac:468: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) |
394 | LIBS="-lintl $LIBS"]) | 408 | LIBS="-lintl $LIBS"]) |
395 | m4trace:configure.ac:460: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) | 409 | m4trace:configure.ac:468: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) |
396 | m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) | 410 | m4trace:configure.ac:486: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) |
397 | m4trace:configure.ac:494: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) | 411 | m4trace:configure.ac:502: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) |
398 | m4trace:configure.ac:508: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) | 412 | m4trace:configure.ac:516: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) |
399 | m4trace:configure.ac:541: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) | 413 | m4trace:configure.ac:549: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) |
400 | m4trace:configure.ac:595: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) | 414 | m4trace:configure.ac:603: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) |
401 | m4trace:configure.ac:595: -1- AC_SUBST([LIBWRAP]) | 415 | m4trace:configure.ac:603: -1- AC_SUBST([LIBWRAP]) |
402 | m4trace:configure.ac:608: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \ | 416 | m4trace:configure.ac:618: -1- AC_CHECK_FUNCS([\ |
403 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 417 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ |
404 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ | 418 | bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ |
405 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 419 | gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ |
406 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 420 | getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ |
407 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 421 | inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
408 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ | 422 | mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ |
409 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ | 423 | readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ |
410 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ | 424 | setegid setenv seteuid setgroups setlogin setpcred setproctitle \ |
411 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 425 | setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ |
412 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty]) | 426 | snprintf socketpair strerror strlcat strlcpy strmode strnvis \ |
413 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ | 427 | sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ |
428 | ]) | ||
429 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ | ||
414 | #undef HAVE_ARC4RANDOM]) | 430 | #undef HAVE_ARC4RANDOM]) |
415 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ | 431 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ |
432 | #undef HAVE___B64_NTOP]) | ||
433 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ | ||
416 | #undef HAVE_B64_NTOP]) | 434 | #undef HAVE_B64_NTOP]) |
417 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ | 435 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_PTON], [/* Define to 1 if you have the \`__b64_pton' function. */ |
436 | #undef HAVE___B64_PTON]) | ||
437 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_PTON], [/* Define to 1 if you have the \`b64_pton' function. */ | ||
438 | #undef HAVE_B64_PTON]) | ||
439 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BASENAME], [/* Define to 1 if you have the \`basename' function. */ | ||
440 | #undef HAVE_BASENAME]) | ||
441 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ | ||
418 | #undef HAVE_BCOPY]) | 442 | #undef HAVE_BCOPY]) |
419 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ | 443 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ |
420 | #undef HAVE_BINDRESVPORT_SA]) | 444 | #undef HAVE_BINDRESVPORT_SA]) |
421 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ | 445 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ |
422 | #undef HAVE_CLOCK]) | 446 | #undef HAVE_CLOCK]) |
423 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ | 447 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ |
424 | #undef HAVE_FCHMOD]) | 448 | #undef HAVE_FCHMOD]) |
425 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ | 449 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ |
426 | #undef HAVE_FCHOWN]) | 450 | #undef HAVE_FCHOWN]) |
427 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ | 451 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ |
428 | #undef HAVE_FREEADDRINFO]) | 452 | #undef HAVE_FREEADDRINFO]) |
429 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ | 453 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ |
430 | #undef HAVE_FUTIMES]) | 454 | #undef HAVE_FUTIMES]) |
431 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ | 455 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ |
432 | #undef HAVE_GAI_STRERROR]) | 456 | #undef HAVE_GAI_STRERROR]) |
433 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ | 457 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ |
434 | #undef HAVE_GETADDRINFO]) | 458 | #undef HAVE_GETADDRINFO]) |
435 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ | 459 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ |
436 | #undef HAVE_GETCWD]) | 460 | #undef HAVE_GETCWD]) |
437 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ | 461 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ |
438 | #undef HAVE_GETGROUPLIST]) | 462 | #undef HAVE_GETGROUPLIST]) |
439 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ | 463 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ |
440 | #undef HAVE_GETNAMEINFO]) | 464 | #undef HAVE_GETNAMEINFO]) |
441 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ | 465 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ |
442 | #undef HAVE_GETOPT]) | 466 | #undef HAVE_GETOPT]) |
443 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */ | 467 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */ |
444 | #undef HAVE_GETPEEREID]) | 468 | #undef HAVE_GETPEEREID]) |
445 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ | 469 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ |
470 | #undef HAVE__GETPTY]) | ||
471 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ | ||
446 | #undef HAVE_GETRLIMIT]) | 472 | #undef HAVE_GETRLIMIT]) |
447 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ | 473 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ |
448 | #undef HAVE_GETRUSAGE]) | 474 | #undef HAVE_GETRUSAGE]) |
449 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ | 475 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ |
450 | #undef HAVE_GETTTYENT]) | 476 | #undef HAVE_GETTTYENT]) |
451 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ | 477 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ |
452 | #undef HAVE_GLOB]) | 478 | #undef HAVE_GLOB]) |
453 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ | 479 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ |
454 | #undef HAVE_INET_ATON]) | 480 | #undef HAVE_INET_ATON]) |
455 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ | 481 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ |
456 | #undef HAVE_INET_NTOA]) | 482 | #undef HAVE_INET_NTOA]) |
457 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ | 483 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ |
458 | #undef HAVE_INET_NTOP]) | 484 | #undef HAVE_INET_NTOP]) |
459 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ | 485 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ |
460 | #undef HAVE_INNETGR]) | 486 | #undef HAVE_INNETGR]) |
461 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ | 487 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ |
462 | #undef HAVE_LOGIN_GETCAPBOOL]) | 488 | #undef HAVE_LOGIN_GETCAPBOOL]) |
463 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ | 489 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ |
464 | #undef HAVE_MD5_CRYPT]) | 490 | #undef HAVE_MD5_CRYPT]) |
465 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ | 491 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ |
466 | #undef HAVE_MEMMOVE]) | 492 | #undef HAVE_MEMMOVE]) |
467 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ | 493 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ |
468 | #undef HAVE_MKDTEMP]) | 494 | #undef HAVE_MKDTEMP]) |
469 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ | 495 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ |
470 | #undef HAVE_MMAP]) | 496 | #undef HAVE_MMAP]) |
471 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ | 497 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ |
472 | #undef HAVE_NGETADDRINFO]) | 498 | #undef HAVE_NGETADDRINFO]) |
473 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ | 499 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NSLEEP], [/* Define to 1 if you have the \`nsleep' function. */ |
474 | #undef HAVE_OPENPTY]) | 500 | #undef HAVE_NSLEEP]) |
475 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ | 501 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ |
476 | #undef HAVE_OGETADDRINFO]) | 502 | #undef HAVE_OGETADDRINFO]) |
477 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ | 503 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ |
504 | #undef HAVE_OPENPTY]) | ||
505 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_PSTAT], [/* Define to 1 if you have the \`pstat' function. */ | ||
506 | #undef HAVE_PSTAT]) | ||
507 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ | ||
478 | #undef HAVE_READPASSPHRASE]) | 508 | #undef HAVE_READPASSPHRASE]) |
479 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ | 509 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ |
480 | #undef HAVE_REALPATH]) | 510 | #undef HAVE_REALPATH]) |
481 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ | 511 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ |
482 | #undef HAVE_RECVMSG]) | 512 | #undef HAVE_RECVMSG]) |
483 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ | 513 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ |
484 | #undef HAVE_RRESVPORT_AF]) | 514 | #undef HAVE_RRESVPORT_AF]) |
485 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ | 515 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ |
486 | #undef HAVE_SENDMSG]) | 516 | #undef HAVE_SENDMSG]) |
487 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ | 517 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ |
488 | #undef HAVE_SETDTABLESIZE]) | 518 | #undef HAVE_SETDTABLESIZE]) |
489 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ | 519 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ |
490 | #undef HAVE_SETEGID]) | 520 | #undef HAVE_SETEGID]) |
491 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ | 521 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ |
492 | #undef HAVE_SETENV]) | 522 | #undef HAVE_SETENV]) |
493 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ | 523 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ |
494 | #undef HAVE_SETEUID]) | 524 | #undef HAVE_SETEUID]) |
495 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ | 525 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ |
496 | #undef HAVE_SETGROUPS]) | 526 | #undef HAVE_SETGROUPS]) |
497 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ | 527 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ |
498 | #undef HAVE_SETLOGIN]) | 528 | #undef HAVE_SETLOGIN]) |
499 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ | 529 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ |
530 | #undef HAVE_SETPCRED]) | ||
531 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ | ||
500 | #undef HAVE_SETPROCTITLE]) | 532 | #undef HAVE_SETPROCTITLE]) |
501 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ | 533 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ |
502 | #undef HAVE_SETRESGID]) | 534 | #undef HAVE_SETRESGID]) |
503 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ | 535 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ |
504 | #undef HAVE_SETREUID]) | 536 | #undef HAVE_SETREUID]) |
505 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ | 537 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ |
506 | #undef HAVE_SETRLIMIT]) | 538 | #undef HAVE_SETRLIMIT]) |
507 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ | 539 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ |
508 | #undef HAVE_SETSID]) | 540 | #undef HAVE_SETSID]) |
509 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ | 541 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */ |
510 | #undef HAVE_SETPCRED]) | ||
511 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */ | ||
512 | #undef HAVE_SETVBUF]) | 542 | #undef HAVE_SETVBUF]) |
513 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ | 543 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ |
514 | #undef HAVE_SIGACTION]) | 544 | #undef HAVE_SIGACTION]) |
515 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ | 545 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ |
516 | #undef HAVE_SIGVEC]) | 546 | #undef HAVE_SIGVEC]) |
517 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ | 547 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ |
518 | #undef HAVE_SNPRINTF]) | 548 | #undef HAVE_SNPRINTF]) |
519 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ | 549 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ |
520 | #undef HAVE_SOCKETPAIR]) | 550 | #undef HAVE_SOCKETPAIR]) |
521 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ | 551 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ |
522 | #undef HAVE_STRERROR]) | 552 | #undef HAVE_STRERROR]) |
523 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ | 553 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ |
524 | #undef HAVE_STRLCAT]) | 554 | #undef HAVE_STRLCAT]) |
525 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ | 555 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ |
526 | #undef HAVE_STRLCPY]) | 556 | #undef HAVE_STRLCPY]) |
527 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ | 557 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ |
528 | #undef HAVE_STRMODE]) | 558 | #undef HAVE_STRMODE]) |
529 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ | 559 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRNVIS], [/* Define to 1 if you have the \`strnvis' function. */ |
530 | #undef HAVE_STRSEP]) | 560 | #undef HAVE_STRNVIS]) |
531 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ | 561 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ |
532 | #undef HAVE_SYSCONF]) | 562 | #undef HAVE_SYSCONF]) |
533 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ | 563 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ |
534 | #undef HAVE_TCGETPGRP]) | 564 | #undef HAVE_TCGETPGRP]) |
535 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ | 565 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ |
536 | #undef HAVE_TRUNCATE]) | 566 | #undef HAVE_TRUNCATE]) |
537 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ | 567 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ |
538 | #undef HAVE_UTIMES]) | 568 | #undef HAVE_UTIMES]) |
539 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ | 569 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ |
540 | #undef HAVE_VHANGUP]) | 570 | #undef HAVE_VHANGUP]) |
541 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ | 571 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ |
542 | #undef HAVE_VSNPRINTF]) | 572 | #undef HAVE_VSNPRINTF]) |
543 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ | 573 | m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ |
544 | #undef HAVE_WAITPID]) | 574 | #undef HAVE_WAITPID]) |
545 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ | 575 | m4trace:configure.ac:620: -2- AC_DEFINE_TRACE_LITERAL([HAVE_NANOSLEEP]) |
546 | #undef HAVE___B64_NTOP]) | 576 | m4trace:configure.ac:623: -1- AC_CHECK_FUNCS([strsep]) |
547 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ | 577 | m4trace:configure.ac:623: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ |
548 | #undef HAVE__GETPTY]) | 578 | #undef HAVE_STRSEP]) |
549 | m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [ | 579 | m4trace:configure.ac:660: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [ |
550 | AC_CHECK_LIB(gen, dirname,[ | 580 | AC_CHECK_LIB(gen, dirname,[ |
551 | AC_CACHE_CHECK([for broken dirname], | 581 | AC_CACHE_CHECK([for broken dirname], |
552 | ac_cv_have_broken_dirname, [ | 582 | ac_cv_have_broken_dirname, [ |
@@ -581,12 +611,12 @@ int main(int argc, char **argv) { | |||
581 | fi | 611 | fi |
582 | ]) | 612 | ]) |
583 | ]) | 613 | ]) |
584 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ | 614 | m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ |
585 | #undef HAVE_DIRNAME]) | 615 | #undef HAVE_DIRNAME]) |
586 | m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) | 616 | m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h]) |
587 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ | 617 | m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ |
588 | #undef HAVE_LIBGEN_H]) | 618 | #undef HAVE_LIBGEN_H]) |
589 | m4trace:configure.ac:645: -1- AC_CHECK_LIB([gen], [dirname], [ | 619 | m4trace:configure.ac:660: -1- AC_CHECK_LIB([gen], [dirname], [ |
590 | AC_CACHE_CHECK([for broken dirname], | 620 | AC_CACHE_CHECK([for broken dirname], |
591 | ac_cv_have_broken_dirname, [ | 621 | ac_cv_have_broken_dirname, [ |
592 | save_LIBS="$LIBS" | 622 | save_LIBS="$LIBS" |
@@ -619,287 +649,293 @@ int main(int argc, char **argv) { | |||
619 | AC_CHECK_HEADERS(libgen.h) | 649 | AC_CHECK_HEADERS(libgen.h) |
620 | fi | 650 | fi |
621 | ]) | 651 | ]) |
622 | m4trace:configure.ac:645: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) | 652 | m4trace:configure.ac:660: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) |
623 | m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) | 653 | m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h]) |
624 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ | 654 | m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ |
625 | #undef HAVE_LIBGEN_H]) | 655 | #undef HAVE_LIBGEN_H]) |
626 | m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([gettimeofday time]) | 656 | m4trace:configure.ac:663: -1- AC_CHECK_FUNCS([gettimeofday time]) |
627 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ | 657 | m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ |
628 | #undef HAVE_GETTIMEOFDAY]) | 658 | #undef HAVE_GETTIMEOFDAY]) |
629 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ | 659 | m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ |
630 | #undef HAVE_TIME]) | 660 | #undef HAVE_TIME]) |
631 | m4trace:configure.ac:650: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) | 661 | m4trace:configure.ac:665: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) |
632 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ | 662 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ |
633 | #undef HAVE_ENDUTENT]) | 663 | #undef HAVE_ENDUTENT]) |
634 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ | 664 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ |
635 | #undef HAVE_GETUTENT]) | 665 | #undef HAVE_GETUTENT]) |
636 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ | 666 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ |
637 | #undef HAVE_GETUTID]) | 667 | #undef HAVE_GETUTID]) |
638 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ | 668 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ |
639 | #undef HAVE_GETUTLINE]) | 669 | #undef HAVE_GETUTLINE]) |
640 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ | 670 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ |
641 | #undef HAVE_PUTUTLINE]) | 671 | #undef HAVE_PUTUTLINE]) |
642 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ | 672 | m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ |
643 | #undef HAVE_SETUTENT]) | 673 | #undef HAVE_SETUTENT]) |
644 | m4trace:configure.ac:651: -1- AC_CHECK_FUNCS([utmpname]) | 674 | m4trace:configure.ac:666: -1- AC_CHECK_FUNCS([utmpname]) |
645 | m4trace:configure.ac:651: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ | 675 | m4trace:configure.ac:666: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ |
646 | #undef HAVE_UTMPNAME]) | 676 | #undef HAVE_UTMPNAME]) |
647 | m4trace:configure.ac:653: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) | 677 | m4trace:configure.ac:668: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) |
648 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ | 678 | m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ |
649 | #undef HAVE_ENDUTXENT]) | 679 | #undef HAVE_ENDUTXENT]) |
650 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ | 680 | m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ |
651 | #undef HAVE_GETUTXENT]) | 681 | #undef HAVE_GETUTXENT]) |
652 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ | 682 | m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ |
653 | #undef HAVE_GETUTXID]) | 683 | #undef HAVE_GETUTXID]) |
654 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ | 684 | m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ |
655 | #undef HAVE_GETUTXLINE]) | 685 | #undef HAVE_GETUTXLINE]) |
656 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ | 686 | m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ |
657 | #undef HAVE_PUTUTXLINE]) | 687 | #undef HAVE_PUTUTXLINE]) |
658 | m4trace:configure.ac:654: -1- AC_CHECK_FUNCS([setutxent utmpxname]) | 688 | m4trace:configure.ac:669: -1- AC_CHECK_FUNCS([setutxent utmpxname]) |
659 | m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ | 689 | m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ |
660 | #undef HAVE_SETUTXENT]) | 690 | #undef HAVE_SETUTXENT]) |
661 | m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ | 691 | m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ |
662 | #undef HAVE_UTMPXNAME]) | 692 | #undef HAVE_UTMPXNAME]) |
663 | m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) | 693 | m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) |
664 | m4trace:configure.ac:659: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) | 694 | m4trace:configure.ac:674: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) |
665 | m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) | 695 | m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) |
666 | m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) | 696 | m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) |
667 | m4trace:configure.ac:664: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) | 697 | m4trace:configure.ac:679: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) |
668 | m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) | 698 | m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) |
669 | m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) | 699 | m4trace:configure.ac:695: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) |
670 | m4trace:configure.ac:683: -1- AC_FUNC_GETPGRP | 700 | m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP]) |
671 | m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) | 701 | m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP]) |
672 | m4trace:configure.ac:683: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ | 702 | m4trace:configure.ac:724: -1- AC_FUNC_GETPGRP |
703 | m4trace:configure.ac:724: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) | ||
704 | m4trace:configure.ac:724: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ | ||
673 | #undef GETPGRP_VOID]) | 705 | #undef GETPGRP_VOID]) |
674 | m4trace:configure.ac:711: -1- AC_CHECK_LIB([dl], [dlopen], [], []) | 706 | m4trace:configure.ac:752: -1- AC_CHECK_LIB([dl], [dlopen], [], []) |
675 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ | 707 | m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ |
676 | #undef HAVE_LIBDL]) | 708 | #undef HAVE_LIBDL]) |
677 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) | 709 | m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) |
678 | m4trace:configure.ac:711: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 | 710 | m4trace:configure.ac:752: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 |
679 | echo "$as_me: error: *** libpam missing" >&2;} | 711 | echo "$as_me: error: *** libpam missing" >&2;} |
680 | { (exit 1); exit 1; }; }]) | 712 | { (exit 1); exit 1; }; }]) |
681 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ | 713 | m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ |
682 | #undef HAVE_LIBPAM]) | 714 | #undef HAVE_LIBPAM]) |
683 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) | 715 | m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) |
684 | m4trace:configure.ac:711: -1- AC_CHECK_FUNCS([pam_getenvlist]) | 716 | m4trace:configure.ac:752: -1- AC_CHECK_FUNCS([pam_getenvlist]) |
685 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ | 717 | m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ |
686 | #undef HAVE_PAM_GETENVLIST]) | 718 | #undef HAVE_PAM_GETENVLIST]) |
687 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) | 719 | m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) |
688 | m4trace:configure.ac:711: -1- AC_SUBST([LIBPAM]) | 720 | m4trace:configure.ac:752: -1- AC_SUBST([LIBPAM]) |
689 | m4trace:configure.ac:729: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) | 721 | m4trace:configure.ac:770: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) |
690 | m4trace:configure.ac:735: -1- AC_CHECK_LIB([crypt], [crypt]) | 722 | m4trace:configure.ac:776: -1- AC_CHECK_LIB([crypt], [crypt]) |
691 | m4trace:configure.ac:735: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */ | 723 | m4trace:configure.ac:776: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */ |
692 | #undef HAVE_LIBCRYPT]) | 724 | #undef HAVE_LIBCRYPT]) |
693 | m4trace:configure.ac:735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT]) | 725 | m4trace:configure.ac:776: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT]) |
694 | m4trace:configure.ac:767: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) | 726 | m4trace:configure.ac:808: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) |
695 | m4trace:configure.ac:782: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) | 727 | m4trace:configure.ac:823: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) |
696 | m4trace:configure.ac:869: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) | 728 | m4trace:configure.ac:910: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) |
697 | m4trace:configure.ac:917: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) | 729 | m4trace:configure.ac:958: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) |
698 | m4trace:configure.ac:925: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) | 730 | m4trace:configure.ac:966: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) |
699 | m4trace:configure.ac:948: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) | 731 | m4trace:configure.ac:989: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) |
700 | m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) | 732 | m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) |
701 | m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) | 733 | m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) |
702 | m4trace:configure.ac:1010: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) | 734 | m4trace:configure.ac:1051: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) |
703 | m4trace:configure.ac:1021: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) | 735 | m4trace:configure.ac:1062: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) |
704 | m4trace:configure.ac:1022: -1- AC_SUBST([SSH_PRIVSEP_USER]) | 736 | m4trace:configure.ac:1063: -1- AC_SUBST([SSH_PRIVSEP_USER]) |
705 | m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) | 737 | m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) |
706 | m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS]) | 738 | m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS]) |
707 | m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) | 739 | m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) |
708 | m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT]) | 740 | m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT]) |
709 | m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) | 741 | m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) |
710 | m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP]) | 742 | m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP]) |
711 | m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) | 743 | m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) |
712 | m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG]) | 744 | m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG]) |
713 | m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) | 745 | m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) |
714 | m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT]) | 746 | m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT]) |
715 | m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) | 747 | m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) |
716 | m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS]) | 748 | m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS]) |
717 | m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) | 749 | m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) |
718 | m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR]) | 750 | m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR]) |
719 | m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) | 751 | m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) |
720 | m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W]) | 752 | m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W]) |
721 | m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) | 753 | m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) |
722 | m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO]) | 754 | m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO]) |
723 | m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) | 755 | m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) |
724 | m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST]) | 756 | m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST]) |
725 | m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) | 757 | m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) |
726 | m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG]) | 758 | m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG]) |
727 | m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) | 759 | m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) |
728 | m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF]) | 760 | m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF]) |
729 | m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) | 761 | m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) |
730 | m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT]) | 762 | m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT]) |
731 | m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) | 763 | m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) |
732 | m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME]) | 764 | m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME]) |
733 | m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) | 765 | m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) |
734 | m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS]) | 766 | m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS]) |
735 | m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) | 767 | m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) |
736 | m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL]) | 768 | m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL]) |
737 | m4trace:configure.ac:1071: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) | 769 | m4trace:configure.ac:1112: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) |
738 | m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) | 770 | m4trace:configure.ac:1121: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) |
739 | m4trace:configure.ac:1080: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ | 771 | m4trace:configure.ac:1121: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ |
740 | #undef SIZEOF_CHAR]) | 772 | #undef SIZEOF_CHAR]) |
741 | m4trace:configure.ac:1081: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) | 773 | m4trace:configure.ac:1122: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) |
742 | m4trace:configure.ac:1081: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ | 774 | m4trace:configure.ac:1122: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ |
743 | #undef SIZEOF_SHORT_INT]) | 775 | #undef SIZEOF_SHORT_INT]) |
744 | m4trace:configure.ac:1082: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) | 776 | m4trace:configure.ac:1123: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) |
745 | m4trace:configure.ac:1082: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ | 777 | m4trace:configure.ac:1123: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ |
746 | #undef SIZEOF_INT]) | 778 | #undef SIZEOF_INT]) |
747 | m4trace:configure.ac:1083: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) | 779 | m4trace:configure.ac:1124: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) |
748 | m4trace:configure.ac:1083: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ | 780 | m4trace:configure.ac:1124: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ |
749 | #undef SIZEOF_LONG_INT]) | 781 | #undef SIZEOF_LONG_INT]) |
750 | m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) | 782 | m4trace:configure.ac:1125: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) |
751 | m4trace:configure.ac:1084: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ | 783 | m4trace:configure.ac:1125: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ |
752 | #undef SIZEOF_LONG_LONG_INT]) | 784 | #undef SIZEOF_LONG_LONG_INT]) |
753 | m4trace:configure.ac:1101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) | 785 | m4trace:configure.ac:1142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) |
754 | m4trace:configure.ac:1114: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 786 | m4trace:configure.ac:1155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
755 | m4trace:configure.ac:1130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 787 | m4trace:configure.ac:1171: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
756 | m4trace:configure.ac:1151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) | 788 | m4trace:configure.ac:1192: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) |
757 | m4trace:configure.ac:1163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 789 | m4trace:configure.ac:1204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
758 | m4trace:configure.ac:1177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 790 | m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
759 | m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) | 791 | m4trace:configure.ac:1230: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) |
760 | m4trace:configure.ac:1203: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) | 792 | m4trace:configure.ac:1244: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) |
761 | m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) | 793 | m4trace:configure.ac:1259: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) |
762 | m4trace:configure.ac:1232: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) | 794 | m4trace:configure.ac:1273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) |
763 | m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 795 | m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
764 | m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 796 | m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
765 | m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) | 797 | m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) |
766 | m4trace:configure.ac:1272: -1- AC_DEFINE_TRACE_LITERAL([socklen_t]) | 798 | m4trace:configure.ac:1313: -1- AC_DEFINE_TRACE_LITERAL([socklen_t]) |
767 | m4trace:configure.ac:1272: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */ | 799 | m4trace:configure.ac:1313: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */ |
768 | #undef socklen_t]) | 800 | #undef socklen_t]) |
769 | m4trace:configure.ac:1274: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) | 801 | m4trace:configure.ac:1315: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) |
770 | m4trace:configure.ac:1274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) | 802 | m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) |
771 | m4trace:configure.ac:1274: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ | 803 | m4trace:configure.ac:1315: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ |
772 | #undef HAVE_SIG_ATOMIC_T]) | 804 | #undef HAVE_SIG_ATOMIC_T]) |
773 | m4trace:configure.ac:1287: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) | 805 | m4trace:configure.ac:1328: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) |
774 | m4trace:configure.ac:1301: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) | 806 | m4trace:configure.ac:1342: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) |
775 | m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) | 807 | m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) |
776 | m4trace:configure.ac:1340: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) | 808 | m4trace:configure.ac:1381: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) |
777 | m4trace:configure.ac:1354: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) | 809 | m4trace:configure.ac:1395: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) |
778 | m4trace:configure.ac:1368: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) | 810 | m4trace:configure.ac:1409: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) |
779 | m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) | 811 | m4trace:configure.ac:1425: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) |
780 | m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) | 812 | m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) |
781 | m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) | 813 | m4trace:configure.ac:1455: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) |
782 | m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) | 814 | m4trace:configure.ac:1471: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) |
783 | m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) | 815 | m4trace:configure.ac:1483: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) |
784 | m4trace:configure.ac:1479: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) | 816 | m4trace:configure.ac:1487: -1- AC_CHECK_TYPES([struct timespec]) |
785 | m4trace:configure.ac:1481: -1- AC_SUBST([NO_SFTP]) | 817 | m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMESPEC]) |
786 | m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) | 818 | m4trace:configure.ac:1487: -1- AH_OUTPUT([HAVE_STRUCT_TIMESPEC], [/* Define to 1 if the system has the type \`struct timespec'. */ |
787 | m4trace:configure.ac:1485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) | 819 | #undef HAVE_STRUCT_TIMESPEC]) |
788 | m4trace:configure.ac:1486: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) | 820 | m4trace:configure.ac:1524: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) |
789 | m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) | 821 | m4trace:configure.ac:1528: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) |
790 | m4trace:configure.ac:1488: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) | 822 | m4trace:configure.ac:1529: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) |
791 | m4trace:configure.ac:1489: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) | 823 | m4trace:configure.ac:1530: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) |
792 | m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) | 824 | m4trace:configure.ac:1531: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) |
793 | m4trace:configure.ac:1491: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) | 825 | m4trace:configure.ac:1532: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) |
794 | m4trace:configure.ac:1492: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) | 826 | m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) |
795 | m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) | 827 | m4trace:configure.ac:1534: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) |
796 | m4trace:configure.ac:1494: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) | 828 | m4trace:configure.ac:1535: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) |
797 | m4trace:configure.ac:1495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) | 829 | m4trace:configure.ac:1536: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) |
798 | m4trace:configure.ac:1496: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) | 830 | m4trace:configure.ac:1537: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) |
799 | m4trace:configure.ac:1497: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) | 831 | m4trace:configure.ac:1538: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) |
800 | m4trace:configure.ac:1498: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) | 832 | m4trace:configure.ac:1539: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) |
801 | m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) | 833 | m4trace:configure.ac:1540: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) |
802 | m4trace:configure.ac:1500: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) | 834 | m4trace:configure.ac:1541: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) |
803 | m4trace:configure.ac:1502: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) | 835 | m4trace:configure.ac:1542: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) |
804 | m4trace:configure.ac:1502: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ | 836 | m4trace:configure.ac:1543: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) |
837 | m4trace:configure.ac:1544: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) | ||
838 | m4trace:configure.ac:1546: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) | ||
839 | m4trace:configure.ac:1546: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ | ||
805 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE]) | 840 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE]) |
806 | m4trace:configure.ac:1517: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) | 841 | m4trace:configure.ac:1561: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) |
807 | m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) | 842 | m4trace:configure.ac:1577: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) |
808 | m4trace:configure.ac:1548: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) | 843 | m4trace:configure.ac:1592: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) |
809 | m4trace:configure.ac:1563: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) | 844 | m4trace:configure.ac:1607: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) |
810 | m4trace:configure.ac:1578: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) | 845 | m4trace:configure.ac:1622: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) |
811 | m4trace:configure.ac:1603: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) | 846 | m4trace:configure.ac:1647: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) |
812 | m4trace:configure.ac:1627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) | 847 | m4trace:configure.ac:1671: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) |
813 | m4trace:configure.ac:1638: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) | 848 | m4trace:configure.ac:1682: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) |
814 | m4trace:configure.ac:1651: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) | 849 | m4trace:configure.ac:1695: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) |
815 | m4trace:configure.ac:1664: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) | 850 | m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) |
816 | m4trace:configure.ac:1679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) | 851 | m4trace:configure.ac:1723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) |
817 | m4trace:configure.ac:1690: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) | 852 | m4trace:configure.ac:1734: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) |
818 | m4trace:configure.ac:1702: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) | 853 | m4trace:configure.ac:1746: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) |
819 | m4trace:configure.ac:1735: -1- AC_CHECK_HEADERS([sectok.h]) | 854 | m4trace:configure.ac:1779: -1- AC_CHECK_HEADERS([sectok.h]) |
820 | m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ | 855 | m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ |
821 | #undef HAVE_SECTOK_H]) | 856 | #undef HAVE_SECTOK_H]) |
822 | m4trace:configure.ac:1735: -1- AC_CHECK_LIB([sectok], [sectok_open]) | 857 | m4trace:configure.ac:1779: -1- AC_CHECK_LIB([sectok], [sectok_open]) |
823 | m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ | 858 | m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ |
824 | #undef HAVE_LIBSECTOK]) | 859 | #undef HAVE_LIBSECTOK]) |
825 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) | 860 | m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) |
826 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) | 861 | m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) |
827 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) | 862 | m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) |
828 | m4trace:configure.ac:1744: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) | 863 | m4trace:configure.ac:1788: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) |
829 | m4trace:configure.ac:1750: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) | 864 | m4trace:configure.ac:1794: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) |
830 | m4trace:configure.ac:1751: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) | 865 | m4trace:configure.ac:1795: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) |
831 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) | 866 | m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) |
832 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) | 867 | m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) |
833 | m4trace:configure.ac:1793: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) | 868 | m4trace:configure.ac:1837: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) |
834 | m4trace:configure.ac:1793: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ | 869 | m4trace:configure.ac:1837: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ |
835 | #undef HAVE_LIBRESOLV]) | 870 | #undef HAVE_LIBRESOLV]) |
836 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) | 871 | m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) |
837 | m4trace:configure.ac:1847: -1- AC_CHECK_HEADERS([krb.h]) | 872 | m4trace:configure.ac:1891: -1- AC_CHECK_HEADERS([krb.h]) |
838 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ | 873 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ |
839 | #undef HAVE_KRB_H]) | 874 | #undef HAVE_KRB_H]) |
840 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb], [main]) | 875 | m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb], [main]) |
841 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ | 876 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ |
842 | #undef HAVE_LIBKRB]) | 877 | #undef HAVE_LIBKRB]) |
843 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) | 878 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) |
844 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb4], [main]) | 879 | m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb4], [main]) |
845 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ | 880 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ |
846 | #undef HAVE_LIBKRB4]) | 881 | #undef HAVE_LIBKRB4]) |
847 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) | 882 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) |
848 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) | 883 | m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) |
849 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ | 884 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ |
850 | #undef HAVE_LIBDES]) | 885 | #undef HAVE_LIBDES]) |
851 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) | 886 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) |
852 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) | 887 | m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) |
853 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ | 888 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ |
854 | #undef HAVE_LIBDES425]) | 889 | #undef HAVE_LIBDES425]) |
855 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) | 890 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) |
856 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) | 891 | m4trace:configure.ac:1891: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) |
857 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ | 892 | m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ |
858 | #undef HAVE_LIBRESOLV]) | 893 | #undef HAVE_LIBRESOLV]) |
859 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) | 894 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) |
860 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) | 895 | m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) |
861 | m4trace:configure.ac:1873: -1- AC_DEFINE_TRACE_LITERAL([AFS]) | 896 | m4trace:configure.ac:1917: -1- AC_DEFINE_TRACE_LITERAL([AFS]) |
862 | m4trace:configure.ac:1887: -1- AC_SUBST([PRIVSEP_PATH]) | 897 | m4trace:configure.ac:1931: -1- AC_SUBST([PRIVSEP_PATH]) |
863 | m4trace:configure.ac:1907: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) | 898 | m4trace:configure.ac:1951: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) |
864 | m4trace:configure.ac:1911: -1- AC_SUBST([XAUTH_PATH]) | 899 | m4trace:configure.ac:1962: -1- AC_SUBST([STRIP_OPT]) |
865 | m4trace:configure.ac:1913: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) | 900 | m4trace:configure.ac:1966: -1- AC_SUBST([XAUTH_PATH]) |
866 | m4trace:configure.ac:1915: -1- AC_SUBST([XAUTH_PATH]) | 901 | m4trace:configure.ac:1968: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) |
867 | m4trace:configure.ac:1921: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) | 902 | m4trace:configure.ac:1970: -1- AC_SUBST([XAUTH_PATH]) |
868 | m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) | 903 | m4trace:configure.ac:1976: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) |
869 | m4trace:configure.ac:1939: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) | 904 | m4trace:configure.ac:1986: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) |
870 | m4trace:configure.ac:1957: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) | 905 | m4trace:configure.ac:1994: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) |
871 | m4trace:configure.ac:1966: -1- AC_SUBST([MANTYPE]) | 906 | m4trace:configure.ac:2012: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) |
872 | m4trace:configure.ac:1972: -1- AC_SUBST([mansubdir]) | 907 | m4trace:configure.ac:2021: -1- AC_SUBST([MANTYPE]) |
873 | m4trace:configure.ac:1984: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) | 908 | m4trace:configure.ac:2027: -1- AC_SUBST([mansubdir]) |
874 | m4trace:configure.ac:1995: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 909 | m4trace:configure.ac:2039: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) |
875 | m4trace:configure.ac:2010: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) | 910 | m4trace:configure.ac:2050: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
876 | m4trace:configure.ac:2019: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) | 911 | m4trace:configure.ac:2065: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) |
877 | m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) | 912 | m4trace:configure.ac:2074: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) |
878 | m4trace:configure.ac:2107: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) | 913 | m4trace:configure.ac:2085: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) |
879 | m4trace:configure.ac:2108: -1- AC_SUBST([user_path]) | 914 | m4trace:configure.ac:2166: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) |
880 | m4trace:configure.ac:2120: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) | 915 | m4trace:configure.ac:2167: -1- AC_SUBST([user_path]) |
881 | m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) | 916 | m4trace:configure.ac:2179: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) |
882 | m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) | 917 | m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) |
883 | m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) | 918 | m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) |
884 | m4trace:configure.ac:2168: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) | 919 | m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) |
885 | m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) | 920 | m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) |
886 | m4trace:configure.ac:2193: -1- AC_SUBST([piddir]) | 921 | m4trace:configure.ac:2251: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) |
887 | m4trace:configure.ac:2199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 922 | m4trace:configure.ac:2252: -1- AC_SUBST([piddir]) |
888 | m4trace:configure.ac:2203: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 923 | m4trace:configure.ac:2258: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
889 | m4trace:configure.ac:2207: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) | 924 | m4trace:configure.ac:2262: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
890 | m4trace:configure.ac:2211: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 925 | m4trace:configure.ac:2266: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) |
891 | m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) | 926 | m4trace:configure.ac:2270: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) |
892 | m4trace:configure.ac:2219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) | 927 | m4trace:configure.ac:2274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) |
893 | m4trace:configure.ac:2223: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) | 928 | m4trace:configure.ac:2278: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) |
894 | m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) | 929 | m4trace:configure.ac:2282: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) |
895 | m4trace:configure.ac:2237: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 930 | m4trace:configure.ac:2286: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) |
896 | m4trace:configure.ac:2299: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) | 931 | m4trace:configure.ac:2296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
897 | m4trace:configure.ac:2324: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 932 | m4trace:configure.ac:2358: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) |
898 | m4trace:configure.ac:2329: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) | 933 | m4trace:configure.ac:2383: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
899 | m4trace:configure.ac:2354: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 934 | m4trace:configure.ac:2388: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) |
900 | m4trace:configure.ac:2359: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) | 935 | m4trace:configure.ac:2413: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) |
901 | m4trace:configure.ac:2384: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) | 936 | m4trace:configure.ac:2418: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) |
902 | m4trace:configure.ac:2387: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) | 937 | m4trace:configure.ac:2443: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) |
903 | m4trace:configure.ac:2409: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) | 938 | m4trace:configure.ac:2446: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) |
904 | m4trace:configure.ac:2412: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) | 939 | m4trace:configure.ac:2468: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) |
905 | m4trace:configure.ac:2430: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) | 940 | m4trace:configure.ac:2471: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) |
941 | m4trace:configure.ac:2489: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) | ||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); | 40 | RCSID("$OpenBSD: bufaux.c,v 1.28 2002/10/23 10:40:16 markus Exp $"); |
41 | 41 | ||
42 | #include <openssl/bn.h> | 42 | #include <openssl/bn.h> |
43 | #include "bufaux.h" | 43 | #include "bufaux.h" |
@@ -225,7 +225,7 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr) | |||
225 | /* Get the length. */ | 225 | /* Get the length. */ |
226 | len = buffer_get_int(buffer); | 226 | len = buffer_get_int(buffer); |
227 | if (len > 256 * 1024) | 227 | if (len > 256 * 1024) |
228 | fatal("buffer_get_string: bad string length %d", len); | 228 | fatal("buffer_get_string: bad string length %u", len); |
229 | /* Allocate space for the string. Add one byte for a null character. */ | 229 | /* Allocate space for the string. Add one byte for a null character. */ |
230 | value = xmalloc(len + 1); | 230 | value = xmalloc(len + 1); |
231 | /* Get the string. */ | 231 | /* Get the string. */ |
diff --git a/canohost.c b/canohost.c index a457d3c52..941db23b6 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -38,7 +38,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
38 | /* Get IP address of client. */ | 38 | /* Get IP address of client. */ |
39 | fromlen = sizeof(from); | 39 | fromlen = sizeof(from); |
40 | memset(&from, 0, sizeof(from)); | 40 | memset(&from, 0, sizeof(from)); |
41 | if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { | 41 | if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) { |
42 | debug("getpeername failed: %.100s", strerror(errno)); | 42 | debug("getpeername failed: %.100s", strerror(errno)); |
43 | fatal_cleanup(); | 43 | fatal_cleanup(); |
44 | } | 44 | } |
@@ -59,11 +59,14 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
59 | memset(&from, 0, sizeof(from)); | 59 | memset(&from, 0, sizeof(from)); |
60 | 60 | ||
61 | from4->sin_family = AF_INET; | 61 | from4->sin_family = AF_INET; |
62 | fromlen = sizeof(*from4); | ||
62 | memcpy(&from4->sin_addr, &addr, sizeof(addr)); | 63 | memcpy(&from4->sin_addr, &addr, sizeof(addr)); |
63 | from4->sin_port = port; | 64 | from4->sin_port = port; |
64 | } | 65 | } |
65 | } | 66 | } |
66 | #endif | 67 | #endif |
68 | if (from.ss_family == AF_INET6) | ||
69 | fromlen = sizeof(struct sockaddr_in6); | ||
67 | 70 | ||
68 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), | 71 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), |
69 | NULL, 0, NI_NUMERICHOST) != 0) | 72 | NULL, 0, NI_NUMERICHOST) != 0) |
@@ -202,8 +205,8 @@ get_canonical_hostname(int verify_reverse_mapping) | |||
202 | } | 205 | } |
203 | 206 | ||
204 | /* | 207 | /* |
205 | * Returns the remote IP-address of socket as a string. The returned | 208 | * Returns the local/remote IP-address/hostname of socket as a string. |
206 | * string must be freed. | 209 | * The returned string must be freed. |
207 | */ | 210 | */ |
208 | static char * | 211 | static char * |
209 | get_socket_address(int socket, int remote, int flags) | 212 | get_socket_address(int socket, int remote, int flags) |
@@ -225,10 +228,15 @@ get_socket_address(int socket, int remote, int flags) | |||
225 | < 0) | 228 | < 0) |
226 | return NULL; | 229 | return NULL; |
227 | } | 230 | } |
231 | |||
232 | /* Work around Linux IPv6 weirdness */ | ||
233 | if (addr.ss_family == AF_INET6) | ||
234 | addrlen = sizeof(struct sockaddr_in6); | ||
235 | |||
228 | /* Get the address in ascii. */ | 236 | /* Get the address in ascii. */ |
229 | if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), | 237 | if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), |
230 | NULL, 0, flags) != 0) { | 238 | NULL, 0, flags) != 0) { |
231 | error("get_socket_ipaddr: getnameinfo %d failed", flags); | 239 | error("get_socket_address: getnameinfo %d failed", flags); |
232 | return NULL; | 240 | return NULL; |
233 | } | 241 | } |
234 | return xstrdup(ntop); | 242 | return xstrdup(ntop); |
@@ -314,11 +322,16 @@ get_sock_port(int sock, int local) | |||
314 | return 0; | 322 | return 0; |
315 | } | 323 | } |
316 | } else { | 324 | } else { |
317 | if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { | 325 | if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { |
318 | debug("getpeername failed: %.100s", strerror(errno)); | 326 | debug("getpeername failed: %.100s", strerror(errno)); |
319 | fatal_cleanup(); | 327 | fatal_cleanup(); |
320 | } | 328 | } |
321 | } | 329 | } |
330 | |||
331 | /* Work around Linux IPv6 weirdness */ | ||
332 | if (from.ss_family == AF_INET6) | ||
333 | fromlen = sizeof(struct sockaddr_in6); | ||
334 | |||
322 | /* Return port number. */ | 335 | /* Return port number. */ |
323 | if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, | 336 | if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, |
324 | strport, sizeof(strport), NI_NUMERICSERV) != 0) | 337 | strport, sizeof(strport), NI_NUMERICSERV) != 0) |
diff --git a/channels.c b/channels.c index 6ff9e2583..1937b0244 100644 --- a/channels.c +++ b/channels.c | |||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $"); | 42 | RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $"); |
43 | 43 | ||
44 | #include "ssh.h" | 44 | #include "ssh.h" |
45 | #include "ssh1.h" | 45 | #include "ssh1.h" |
@@ -413,13 +413,13 @@ channel_not_very_much_buffered_data(void) | |||
413 | #if 0 | 413 | #if 0 |
414 | if (!compat20 && | 414 | if (!compat20 && |
415 | buffer_len(&c->input) > packet_get_maxsize()) { | 415 | buffer_len(&c->input) > packet_get_maxsize()) { |
416 | debug("channel %d: big input buffer %d", | 416 | debug2("channel %d: big input buffer %d", |
417 | c->self, buffer_len(&c->input)); | 417 | c->self, buffer_len(&c->input)); |
418 | return 0; | 418 | return 0; |
419 | } | 419 | } |
420 | #endif | 420 | #endif |
421 | if (buffer_len(&c->output) > packet_get_maxsize()) { | 421 | if (buffer_len(&c->output) > packet_get_maxsize()) { |
422 | debug("channel %d: big output buffer %d > %d", | 422 | debug2("channel %d: big output buffer %d > %d", |
423 | c->self, buffer_len(&c->output), | 423 | c->self, buffer_len(&c->output), |
424 | packet_get_maxsize()); | 424 | packet_get_maxsize()); |
425 | return 0; | 425 | return 0; |
@@ -578,7 +578,7 @@ channel_send_open(int id) | |||
578 | log("channel_send_open: %d: bad id", id); | 578 | log("channel_send_open: %d: bad id", id); |
579 | return; | 579 | return; |
580 | } | 580 | } |
581 | debug("send channel open %d", id); | 581 | debug2("channel %d: send open", id); |
582 | packet_start(SSH2_MSG_CHANNEL_OPEN); | 582 | packet_start(SSH2_MSG_CHANNEL_OPEN); |
583 | packet_put_cstring(c->ctype); | 583 | packet_put_cstring(c->ctype); |
584 | packet_put_int(c->self); | 584 | packet_put_int(c->self); |
@@ -588,15 +588,15 @@ channel_send_open(int id) | |||
588 | } | 588 | } |
589 | 589 | ||
590 | void | 590 | void |
591 | channel_request_start(int local_id, char *service, int wantconfirm) | 591 | channel_request_start(int id, char *service, int wantconfirm) |
592 | { | 592 | { |
593 | Channel *c = channel_lookup(local_id); | 593 | Channel *c = channel_lookup(id); |
594 | 594 | ||
595 | if (c == NULL) { | 595 | if (c == NULL) { |
596 | log("channel_request_start: %d: unknown channel id", local_id); | 596 | log("channel_request_start: %d: unknown channel id", id); |
597 | return; | 597 | return; |
598 | } | 598 | } |
599 | debug("channel request %d: %s", local_id, service) ; | 599 | debug("channel %d: request %s", id, service) ; |
600 | packet_start(SSH2_MSG_CHANNEL_REQUEST); | 600 | packet_start(SSH2_MSG_CHANNEL_REQUEST); |
601 | packet_put_int(c->remote_id); | 601 | packet_put_int(c->remote_id); |
602 | packet_put_cstring(service); | 602 | packet_put_cstring(service); |
@@ -1997,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) | |||
1997 | c->remote_id = remote_id; | 1997 | c->remote_id = remote_id; |
1998 | } | 1998 | } |
1999 | if (c == NULL) { | 1999 | if (c == NULL) { |
2000 | xfree(originator_string); | ||
2000 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 2001 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
2001 | packet_put_int(remote_id); | 2002 | packet_put_int(remote_id); |
2002 | packet_send(); | 2003 | packet_send(); |
@@ -2281,7 +2282,10 @@ connect_to(const char *host, u_short port) | |||
2281 | } | 2282 | } |
2282 | sock = socket(ai->ai_family, SOCK_STREAM, 0); | 2283 | sock = socket(ai->ai_family, SOCK_STREAM, 0); |
2283 | if (sock < 0) { | 2284 | if (sock < 0) { |
2284 | error("socket: %.100s", strerror(errno)); | 2285 | if (ai->ai_next == NULL) |
2286 | error("socket: %.100s", strerror(errno)); | ||
2287 | else | ||
2288 | verbose("socket: %.100s", strerror(errno)); | ||
2285 | continue; | 2289 | continue; |
2286 | } | 2290 | } |
2287 | if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) | 2291 | if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) |
@@ -2606,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) | |||
2606 | /* Send refusal to the remote host. */ | 2610 | /* Send refusal to the remote host. */ |
2607 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 2611 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
2608 | packet_put_int(remote_id); | 2612 | packet_put_int(remote_id); |
2613 | xfree(remote_host); | ||
2609 | } else { | 2614 | } else { |
2610 | /* Send a confirmation to the remote host. */ | 2615 | /* Send a confirmation to the remote host. */ |
2611 | packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); | 2616 | packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "log.h" | 41 | #include "log.h" |
@@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
239 | cipher->name); | 239 | cipher->name); |
240 | klen = EVP_CIPHER_CTX_key_length(&cc->evp); | 240 | klen = EVP_CIPHER_CTX_key_length(&cc->evp); |
241 | if (klen > 0 && keylen != klen) { | 241 | if (klen > 0 && keylen != klen) { |
242 | debug("cipher_init: set keylen (%d -> %d)", klen, keylen); | 242 | debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); |
243 | if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) | 243 | if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) |
244 | fatal("cipher_init: set keylen failed (%d -> %d)", | 244 | fatal("cipher_init: set keylen failed (%d -> %d)", |
245 | klen, keylen); | 245 | klen, keylen); |
diff --git a/clientloop.c b/clientloop.c index 8b1976171..abfde2f3a 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,7 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $"); |
63 | 63 | ||
64 | #include "ssh.h" | 64 | #include "ssh.h" |
65 | #include "ssh1.h" | 65 | #include "ssh1.h" |
@@ -908,10 +908,16 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
908 | 908 | ||
909 | client_init_dispatch(); | 909 | client_init_dispatch(); |
910 | 910 | ||
911 | /* Set signal handlers to restore non-blocking mode. */ | 911 | /* |
912 | signal(SIGINT, signal_handler); | 912 | * Set signal handlers, (e.g. to restore non-blocking mode) |
913 | signal(SIGQUIT, signal_handler); | 913 | * but don't overwrite SIG_IGN, matches behaviour from rsh(1) |
914 | signal(SIGTERM, signal_handler); | 914 | */ |
915 | if (signal(SIGINT, SIG_IGN) != SIG_IGN) | ||
916 | signal(SIGINT, signal_handler); | ||
917 | if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) | ||
918 | signal(SIGQUIT, signal_handler); | ||
919 | if (signal(SIGTERM, SIG_IGN) != SIG_IGN) | ||
920 | signal(SIGTERM, signal_handler); | ||
915 | if (have_pty) | 921 | if (have_pty) |
916 | signal(SIGWINCH, window_change_handler); | 922 | signal(SIGWINCH, window_change_handler); |
917 | 923 | ||
diff --git a/config.guess b/config.guess index fd30ab031..e8f206123 100755 --- a/config.guess +++ b/config.guess | |||
@@ -726,6 +726,9 @@ EOF | |||
726 | CRAY*SV1:*:*:*) | 726 | CRAY*SV1:*:*:*) |
727 | echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' | 727 | echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' |
728 | exit 0 ;; | 728 | exit 0 ;; |
729 | *:UNICOS/mp:*:*) | ||
730 | echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/' | ||
731 | exit 0 ;; | ||
729 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) | 732 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) |
730 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` | 733 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` |
731 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 734 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
diff --git a/config.h.in b/config.h.in index e87309415..55149792c 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -1,5 +1,5 @@ | |||
1 | /* config.h.in. Generated from configure.ac by autoheader. */ | 1 | /* config.h.in. Generated from configure.ac by autoheader. */ |
2 | /* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ | 2 | /* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */ |
3 | 3 | ||
4 | #ifndef _CONFIG_H | 4 | #ifndef _CONFIG_H |
5 | #define _CONFIG_H | 5 | #define _CONFIG_H |
@@ -364,6 +364,19 @@ | |||
364 | /* Define if your platform needs to skip post auth file descriptor passing */ | 364 | /* Define if your platform needs to skip post auth file descriptor passing */ |
365 | #undef DISABLE_FD_PASSING | 365 | #undef DISABLE_FD_PASSING |
366 | 366 | ||
367 | /* Silly mkstemp() */ | ||
368 | #undef HAVE_STRICT_MKSTEMP | ||
369 | |||
370 | /* Setproctitle emulation */ | ||
371 | #undef SETPROCTITLE_STRATEGY | ||
372 | #undef SETPROCTITLE_PS_PADDING | ||
373 | |||
374 | /* Some systems put this outside of libc */ | ||
375 | #undef HAVE_NANOSLEEP | ||
376 | |||
377 | /* Pushing STREAMS modules incorrectly acquires a controlling TTY */ | ||
378 | #undef STREAMS_PUSH_ACQUIRES_CTTY | ||
379 | |||
367 | 380 | ||
368 | /* Define to 1 if the `getpgrp' function requires zero arguments. */ | 381 | /* Define to 1 if the `getpgrp' function requires zero arguments. */ |
369 | #undef GETPGRP_VOID | 382 | #undef GETPGRP_VOID |
@@ -374,6 +387,12 @@ | |||
374 | /* Define to 1 if you have the `b64_ntop' function. */ | 387 | /* Define to 1 if you have the `b64_ntop' function. */ |
375 | #undef HAVE_B64_NTOP | 388 | #undef HAVE_B64_NTOP |
376 | 389 | ||
390 | /* Define to 1 if you have the `b64_pton' function. */ | ||
391 | #undef HAVE_B64_PTON | ||
392 | |||
393 | /* Define to 1 if you have the `basename' function. */ | ||
394 | #undef HAVE_BASENAME | ||
395 | |||
377 | /* Define to 1 if you have the `bcopy' function. */ | 396 | /* Define to 1 if you have the `bcopy' function. */ |
378 | #undef HAVE_BCOPY | 397 | #undef HAVE_BCOPY |
379 | 398 | ||
@@ -599,6 +618,9 @@ | |||
599 | /* Define to 1 if you have the `ngetaddrinfo' function. */ | 618 | /* Define to 1 if you have the `ngetaddrinfo' function. */ |
600 | #undef HAVE_NGETADDRINFO | 619 | #undef HAVE_NGETADDRINFO |
601 | 620 | ||
621 | /* Define to 1 if you have the `nsleep' function. */ | ||
622 | #undef HAVE_NSLEEP | ||
623 | |||
602 | /* Define to 1 if you have the `ogetaddrinfo' function. */ | 624 | /* Define to 1 if you have the `ogetaddrinfo' function. */ |
603 | #undef HAVE_OGETADDRINFO | 625 | #undef HAVE_OGETADDRINFO |
604 | 626 | ||
@@ -611,6 +633,9 @@ | |||
611 | /* Define to 1 if you have the <paths.h> header file. */ | 633 | /* Define to 1 if you have the <paths.h> header file. */ |
612 | #undef HAVE_PATHS_H | 634 | #undef HAVE_PATHS_H |
613 | 635 | ||
636 | /* Define to 1 if you have the `pstat' function. */ | ||
637 | #undef HAVE_PSTAT | ||
638 | |||
614 | /* Define to 1 if you have the <pty.h> header file. */ | 639 | /* Define to 1 if you have the <pty.h> header file. */ |
615 | #undef HAVE_PTY_H | 640 | #undef HAVE_PTY_H |
616 | 641 | ||
@@ -743,12 +768,18 @@ | |||
743 | /* Define to 1 if you have the `strmode' function. */ | 768 | /* Define to 1 if you have the `strmode' function. */ |
744 | #undef HAVE_STRMODE | 769 | #undef HAVE_STRMODE |
745 | 770 | ||
771 | /* Define to 1 if you have the `strnvis' function. */ | ||
772 | #undef HAVE_STRNVIS | ||
773 | |||
746 | /* Define to 1 if you have the `strsep' function. */ | 774 | /* Define to 1 if you have the `strsep' function. */ |
747 | #undef HAVE_STRSEP | 775 | #undef HAVE_STRSEP |
748 | 776 | ||
749 | /* Define to 1 if `st_blksize' is member of `struct stat'. */ | 777 | /* Define to 1 if `st_blksize' is member of `struct stat'. */ |
750 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE | 778 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE |
751 | 779 | ||
780 | /* Define to 1 if the system has the type `struct timespec'. */ | ||
781 | #undef HAVE_STRUCT_TIMESPEC | ||
782 | |||
752 | /* Define to 1 if you have the `sysconf' function. */ | 783 | /* Define to 1 if you have the `sysconf' function. */ |
753 | #undef HAVE_SYSCONF | 784 | #undef HAVE_SYSCONF |
754 | 785 | ||
@@ -764,6 +795,9 @@ | |||
764 | /* Define to 1 if you have the <sys/mman.h> header file. */ | 795 | /* Define to 1 if you have the <sys/mman.h> header file. */ |
765 | #undef HAVE_SYS_MMAN_H | 796 | #undef HAVE_SYS_MMAN_H |
766 | 797 | ||
798 | /* Define to 1 if you have the <sys/pstat.h> header file. */ | ||
799 | #undef HAVE_SYS_PSTAT_H | ||
800 | |||
767 | /* Define to 1 if you have the <sys/select.h> header file. */ | 801 | /* Define to 1 if you have the <sys/select.h> header file. */ |
768 | #undef HAVE_SYS_SELECT_H | 802 | #undef HAVE_SYS_SELECT_H |
769 | 803 | ||
@@ -776,6 +810,9 @@ | |||
776 | /* Define to 1 if you have the <sys/sysmacros.h> header file. */ | 810 | /* Define to 1 if you have the <sys/sysmacros.h> header file. */ |
777 | #undef HAVE_SYS_SYSMACROS_H | 811 | #undef HAVE_SYS_SYSMACROS_H |
778 | 812 | ||
813 | /* Define to 1 if you have the <sys/timers.h> header file. */ | ||
814 | #undef HAVE_SYS_TIMERS_H | ||
815 | |||
779 | /* Define to 1 if you have the <sys/time.h> header file. */ | 816 | /* Define to 1 if you have the <sys/time.h> header file. */ |
780 | #undef HAVE_SYS_TIME_H | 817 | #undef HAVE_SYS_TIME_H |
781 | 818 | ||
@@ -848,6 +885,9 @@ | |||
848 | /* Define to 1 if you have the `__b64_ntop' function. */ | 885 | /* Define to 1 if you have the `__b64_ntop' function. */ |
849 | #undef HAVE___B64_NTOP | 886 | #undef HAVE___B64_NTOP |
850 | 887 | ||
888 | /* Define to 1 if you have the `__b64_pton' function. */ | ||
889 | #undef HAVE___B64_PTON | ||
890 | |||
851 | /* Define to the address where bug reports for this package should be sent. */ | 891 | /* Define to the address where bug reports for this package should be sent. */ |
852 | #undef PACKAGE_BUGREPORT | 892 | #undef PACKAGE_BUGREPORT |
853 | 893 | ||
diff --git a/config.sub b/config.sub index 9ff085efa..a0b7bb9e8 100755 --- a/config.sub +++ b/config.sub | |||
@@ -315,7 +315,7 @@ case $basic_machine in | |||
315 | | mipsisa64-* | mipsisa64el-* \ | 315 | | mipsisa64-* | mipsisa64el-* \ |
316 | | mipsisa64sb1-* | mipsisa64sb1el-* \ | 316 | | mipsisa64sb1-* | mipsisa64sb1el-* \ |
317 | | mipstx39 | mipstx39el \ | 317 | | mipstx39 | mipstx39el \ |
318 | | none-* | np1-* | ns16k-* | ns32k-* \ | 318 | | none-* | np1-* | ns16k-* | ns32k-* | nv1-* \ |
319 | | orion-* \ | 319 | | orion-* \ |
320 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | 320 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ |
321 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | 321 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ |
@@ -715,6 +715,9 @@ case $basic_machine in | |||
715 | nsr-tandem) | 715 | nsr-tandem) |
716 | basic_machine=nsr-tandem | 716 | basic_machine=nsr-tandem |
717 | ;; | 717 | ;; |
718 | nv1) | ||
719 | basic_machine=nv1-cray | ||
720 | ;; | ||
718 | op50n-* | op60c-*) | 721 | op50n-* | op60c-*) |
719 | basic_machine=hppa1.1-oki | 722 | basic_machine=hppa1.1-oki |
720 | os=-proelf | 723 | os=-proelf |
@@ -887,6 +890,10 @@ case $basic_machine in | |||
887 | basic_machine=sv1-cray | 890 | basic_machine=sv1-cray |
888 | os=-unicos | 891 | os=-unicos |
889 | ;; | 892 | ;; |
893 | sx*-nec) | ||
894 | basic_machine=sx6-nec | ||
895 | os=-sysv | ||
896 | ;; | ||
890 | symmetry) | 897 | symmetry) |
891 | basic_machine=i386-sequent | 898 | basic_machine=i386-sequent |
892 | os=-dynix | 899 | os=-dynix |
@@ -827,6 +827,7 @@ Optional Features: | |||
827 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | 827 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) |
828 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | 828 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] |
829 | --disable-largefile omit support for large files | 829 | --disable-largefile omit support for large files |
830 | --disable-strip Disable calling strip(1) on install | ||
830 | --disable-lastlog disable use of lastlog even if detected no | 831 | --disable-lastlog disable use of lastlog even if detected no |
831 | --disable-utmp disable use of utmp even if detected no | 832 | --disable-utmp disable use of utmp even if detected no |
832 | --disable-utmpx disable use of utmpx even if detected no | 833 | --disable-utmpx disable use of utmpx even if detected no |
@@ -2719,6 +2720,45 @@ fi | |||
2719 | test -n "$PERL" && break | 2720 | test -n "$PERL" && break |
2720 | done | 2721 | done |
2721 | 2722 | ||
2723 | # Extract the first word of "sed", so it can be a program name with args. | ||
2724 | set dummy sed; ac_word=$2 | ||
2725 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | ||
2726 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | ||
2727 | if test "${ac_cv_path_SED+set}" = set; then | ||
2728 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
2729 | else | ||
2730 | case $SED in | ||
2731 | [\\/]* | ?:[\\/]*) | ||
2732 | ac_cv_path_SED="$SED" # Let the user override the test with a path. | ||
2733 | ;; | ||
2734 | *) | ||
2735 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2736 | for as_dir in $PATH | ||
2737 | do | ||
2738 | IFS=$as_save_IFS | ||
2739 | test -z "$as_dir" && as_dir=. | ||
2740 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2741 | if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2742 | ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" | ||
2743 | echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2744 | break 2 | ||
2745 | fi | ||
2746 | done | ||
2747 | done | ||
2748 | |||
2749 | ;; | ||
2750 | esac | ||
2751 | fi | ||
2752 | SED=$ac_cv_path_SED | ||
2753 | |||
2754 | if test -n "$SED"; then | ||
2755 | echo "$as_me:$LINENO: result: $SED" >&5 | ||
2756 | echo "${ECHO_T}$SED" >&6 | ||
2757 | else | ||
2758 | echo "$as_me:$LINENO: result: no" >&5 | ||
2759 | echo "${ECHO_T}no" >&6 | ||
2760 | fi | ||
2761 | |||
2722 | 2762 | ||
2723 | # Extract the first word of "ent", so it can be a program name with args. | 2763 | # Extract the first word of "ent", so it can be a program name with args. |
2724 | set dummy ent; ac_word=$2 | 2764 | set dummy ent; ac_word=$2 |
@@ -3660,8 +3700,17 @@ _ACEOF | |||
3660 | #define LOGIN_NEEDS_UTMPX 1 | 3700 | #define LOGIN_NEEDS_UTMPX 1 |
3661 | _ACEOF | 3701 | _ACEOF |
3662 | 3702 | ||
3703 | cat >>confdefs.h <<\_ACEOF | ||
3704 | #define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV | ||
3705 | _ACEOF | ||
3706 | |||
3707 | cat >>confdefs.h <<\_ACEOF | ||
3708 | #define SETPROCTITLE_PS_PADDING '\0' | ||
3709 | _ACEOF | ||
3710 | |||
3663 | ;; | 3711 | ;; |
3664 | *-*-cygwin*) | 3712 | *-*-cygwin*) |
3713 | check_for_libcrypt_later=1 | ||
3665 | LIBS="$LIBS /usr/lib/textmode.o" | 3714 | LIBS="$LIBS /usr/lib/textmode.o" |
3666 | cat >>confdefs.h <<\_ACEOF | 3715 | cat >>confdefs.h <<\_ACEOF |
3667 | #define HAVE_CYGWIN 1 | 3716 | #define HAVE_CYGWIN 1 |
@@ -3782,7 +3831,7 @@ _ACEOF | |||
3782 | _ACEOF | 3831 | _ACEOF |
3783 | 3832 | ||
3784 | cat >>confdefs.h <<\_ACEOF | 3833 | cat >>confdefs.h <<\_ACEOF |
3785 | #define SPT_TYPE SPT_PSTAT | 3834 | #define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3786 | _ACEOF | 3835 | _ACEOF |
3787 | 3836 | ||
3788 | LIBS="$LIBS -lsec -lsecpw" | 3837 | LIBS="$LIBS -lsec -lsecpw" |
@@ -3884,7 +3933,7 @@ _ACEOF | |||
3884 | _ACEOF | 3933 | _ACEOF |
3885 | 3934 | ||
3886 | cat >>confdefs.h <<\_ACEOF | 3935 | cat >>confdefs.h <<\_ACEOF |
3887 | #define SPT_TYPE SPT_PSTAT | 3936 | #define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3888 | _ACEOF | 3937 | _ACEOF |
3889 | 3938 | ||
3890 | LIBS="$LIBS -lsec" | 3939 | LIBS="$LIBS -lsec" |
@@ -3986,7 +4035,7 @@ _ACEOF | |||
3986 | _ACEOF | 4035 | _ACEOF |
3987 | 4036 | ||
3988 | cat >>confdefs.h <<\_ACEOF | 4037 | cat >>confdefs.h <<\_ACEOF |
3989 | #define SPT_TYPE SPT_PSTAT | 4038 | #define SETPROCTITLE_STRATEGY PS_USE_PSTAT |
3990 | _ACEOF | 4039 | _ACEOF |
3991 | 4040 | ||
3992 | LIBS="$LIBS -lsec" | 4041 | LIBS="$LIBS -lsec" |
@@ -4180,6 +4229,14 @@ _ACEOF | |||
4180 | #define PAM_TTY_KLUDGE 1 | 4229 | #define PAM_TTY_KLUDGE 1 |
4181 | _ACEOF | 4230 | _ACEOF |
4182 | 4231 | ||
4232 | cat >>confdefs.h <<\_ACEOF | ||
4233 | #define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV | ||
4234 | _ACEOF | ||
4235 | |||
4236 | cat >>confdefs.h <<\_ACEOF | ||
4237 | #define SETPROCTITLE_PS_PADDING '\0' | ||
4238 | _ACEOF | ||
4239 | |||
4183 | inet6_default_4in6=yes | 4240 | inet6_default_4in6=yes |
4184 | ;; | 4241 | ;; |
4185 | mips-sony-bsd|mips-sony-newsos4) | 4242 | mips-sony-bsd|mips-sony-newsos4) |
@@ -4240,6 +4297,10 @@ _ACEOF | |||
4240 | #define PAM_TTY_KLUDGE 1 | 4297 | #define PAM_TTY_KLUDGE 1 |
4241 | _ACEOF | 4298 | _ACEOF |
4242 | 4299 | ||
4300 | cat >>confdefs.h <<\_ACEOF | ||
4301 | #define STREAMS_PUSH_ACQUIRES_CTTY 1 | ||
4302 | _ACEOF | ||
4303 | |||
4243 | # hardwire lastlog location (can't detect it on some versions) | 4304 | # hardwire lastlog location (can't detect it on some versions) |
4244 | conf_lastlog_location="/var/adm/lastlog" | 4305 | conf_lastlog_location="/var/adm/lastlog" |
4245 | echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 | 4306 | echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 |
@@ -4504,6 +4565,9 @@ done | |||
4504 | do_sco3_extra_lib_check=yes | 4565 | do_sco3_extra_lib_check=yes |
4505 | ;; | 4566 | ;; |
4506 | *-*-sco3.2v5*) | 4567 | *-*-sco3.2v5*) |
4568 | if test -z "$GCC"; then | ||
4569 | CFLAGS="$CFLAGS -belf" | ||
4570 | fi | ||
4507 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 4571 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
4508 | LDFLAGS="$LDFLAGS -L/usr/local/lib" | 4572 | LDFLAGS="$LDFLAGS -L/usr/local/lib" |
4509 | LIBS="$LIBS -lprot -lx -ltinfo -lm" | 4573 | LIBS="$LIBS -lprot -lx -ltinfo -lm" |
@@ -4604,8 +4668,6 @@ done | |||
4604 | MANTYPE=man | 4668 | MANTYPE=man |
4605 | ;; | 4669 | ;; |
4606 | *-*-unicosmk*) | 4670 | *-*-unicosmk*) |
4607 | no_libsocket=1 | ||
4608 | no_libnsl=1 | ||
4609 | cat >>confdefs.h <<\_ACEOF | 4671 | cat >>confdefs.h <<\_ACEOF |
4610 | #define USE_PIPES 1 | 4672 | #define USE_PIPES 1 |
4611 | _ACEOF | 4673 | _ACEOF |
@@ -4619,8 +4681,6 @@ _ACEOF | |||
4619 | MANTYPE=cat | 4681 | MANTYPE=cat |
4620 | ;; | 4682 | ;; |
4621 | *-*-unicos*) | 4683 | *-*-unicos*) |
4622 | no_libsocket=1 | ||
4623 | no_libnsl=1 | ||
4624 | cat >>confdefs.h <<\_ACEOF | 4684 | cat >>confdefs.h <<\_ACEOF |
4625 | #define USE_PIPES 1 | 4685 | #define USE_PIPES 1 |
4626 | _ACEOF | 4686 | _ACEOF |
@@ -4665,12 +4725,20 @@ _ACEOF | |||
4665 | #define DISABLE_LOGIN 1 | 4725 | #define DISABLE_LOGIN 1 |
4666 | _ACEOF | 4726 | _ACEOF |
4667 | 4727 | ||
4728 | cat >>confdefs.h <<\_ACEOF | ||
4729 | #define DISABLE_FD_PASSING 1 | ||
4730 | _ACEOF | ||
4731 | |||
4668 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | 4732 | LIBS="$LIBS -lsecurity -ldb -lm -laud" |
4669 | else | 4733 | else |
4670 | echo "$as_me:$LINENO: result: no" >&5 | 4734 | echo "$as_me:$LINENO: result: no" >&5 |
4671 | echo "${ECHO_T}no" >&6 | 4735 | echo "${ECHO_T}no" >&6 |
4672 | fi | 4736 | fi |
4673 | fi | 4737 | fi |
4738 | cat >>confdefs.h <<\_ACEOF | ||
4739 | #define DISABLE_FD_PASSING 1 | ||
4740 | _ACEOF | ||
4741 | |||
4674 | ;; | 4742 | ;; |
4675 | 4743 | ||
4676 | *-*-nto-qnx) | 4744 | *-*-nto-qnx) |
@@ -4984,14 +5052,17 @@ done | |||
4984 | 5052 | ||
4985 | 5053 | ||
4986 | 5054 | ||
5055 | |||
5056 | |||
5057 | |||
4987 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ | 5058 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ |
4988 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ | 5059 | getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ |
4989 | login_cap.h maillock.h netdb.h netgroup.h \ | 5060 | login_cap.h maillock.h netdb.h netgroup.h \ |
4990 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 5061 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
4991 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 5062 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
4992 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 5063 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
4993 | sys/mman.h sys/select.h sys/stat.h \ | 5064 | sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ |
4994 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 5065 | sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ |
4995 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ | 5066 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
4996 | util.h utime.h utmp.h utmpx.h | 5067 | util.h utime.h utmp.h utmpx.h |
4997 | do | 5068 | do |
@@ -6740,17 +6811,24 @@ fi; | |||
6740 | 6811 | ||
6741 | 6812 | ||
6742 | 6813 | ||
6743 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ | 6814 | |
6744 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 6815 | |
6745 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ | 6816 | |
6746 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 6817 | |
6747 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 6818 | |
6748 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 6819 | for ac_func in \ |
6749 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ | 6820 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ |
6750 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ | 6821 | bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ |
6751 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ | 6822 | gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ |
6752 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 6823 | getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ |
6753 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty | 6824 | inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
6825 | mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ | ||
6826 | readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ | ||
6827 | setegid setenv seteuid setgroups setlogin setpcred setproctitle \ | ||
6828 | setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ | ||
6829 | snprintf socketpair strerror strlcat strlcpy strmode strnvis \ | ||
6830 | sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ | ||
6831 | |||
6754 | do | 6832 | do |
6755 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | 6833 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
6756 | echo "$as_me:$LINENO: checking for $ac_func" >&5 | 6834 | echo "$as_me:$LINENO: checking for $ac_func" >&5 |
@@ -6826,6 +6904,246 @@ fi | |||
6826 | done | 6904 | done |
6827 | 6905 | ||
6828 | 6906 | ||
6907 | echo "$as_me:$LINENO: checking for library containing nanosleep" >&5 | ||
6908 | echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6 | ||
6909 | if test "${ac_cv_search_nanosleep+set}" = set; then | ||
6910 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
6911 | else | ||
6912 | ac_func_search_save_LIBS=$LIBS | ||
6913 | ac_cv_search_nanosleep=no | ||
6914 | cat >conftest.$ac_ext <<_ACEOF | ||
6915 | #line $LINENO "configure" | ||
6916 | #include "confdefs.h" | ||
6917 | |||
6918 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
6919 | #ifdef __cplusplus | ||
6920 | extern "C" | ||
6921 | #endif | ||
6922 | /* We use char because int might match the return type of a gcc2 | ||
6923 | builtin and then its argument prototype would still apply. */ | ||
6924 | char nanosleep (); | ||
6925 | #ifdef F77_DUMMY_MAIN | ||
6926 | # ifdef __cplusplus | ||
6927 | extern "C" | ||
6928 | # endif | ||
6929 | int F77_DUMMY_MAIN() { return 1; } | ||
6930 | #endif | ||
6931 | int | ||
6932 | main () | ||
6933 | { | ||
6934 | nanosleep (); | ||
6935 | ; | ||
6936 | return 0; | ||
6937 | } | ||
6938 | _ACEOF | ||
6939 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
6940 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6941 | (eval $ac_link) 2>&5 | ||
6942 | ac_status=$? | ||
6943 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6944 | (exit $ac_status); } && | ||
6945 | { ac_try='test -s conftest$ac_exeext' | ||
6946 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6947 | (eval $ac_try) 2>&5 | ||
6948 | ac_status=$? | ||
6949 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6950 | (exit $ac_status); }; }; then | ||
6951 | ac_cv_search_nanosleep="none required" | ||
6952 | else | ||
6953 | echo "$as_me: failed program was:" >&5 | ||
6954 | cat conftest.$ac_ext >&5 | ||
6955 | fi | ||
6956 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
6957 | if test "$ac_cv_search_nanosleep" = no; then | ||
6958 | for ac_lib in rt posix4; do | ||
6959 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
6960 | cat >conftest.$ac_ext <<_ACEOF | ||
6961 | #line $LINENO "configure" | ||
6962 | #include "confdefs.h" | ||
6963 | |||
6964 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
6965 | #ifdef __cplusplus | ||
6966 | extern "C" | ||
6967 | #endif | ||
6968 | /* We use char because int might match the return type of a gcc2 | ||
6969 | builtin and then its argument prototype would still apply. */ | ||
6970 | char nanosleep (); | ||
6971 | #ifdef F77_DUMMY_MAIN | ||
6972 | # ifdef __cplusplus | ||
6973 | extern "C" | ||
6974 | # endif | ||
6975 | int F77_DUMMY_MAIN() { return 1; } | ||
6976 | #endif | ||
6977 | int | ||
6978 | main () | ||
6979 | { | ||
6980 | nanosleep (); | ||
6981 | ; | ||
6982 | return 0; | ||
6983 | } | ||
6984 | _ACEOF | ||
6985 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
6986 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6987 | (eval $ac_link) 2>&5 | ||
6988 | ac_status=$? | ||
6989 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6990 | (exit $ac_status); } && | ||
6991 | { ac_try='test -s conftest$ac_exeext' | ||
6992 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6993 | (eval $ac_try) 2>&5 | ||
6994 | ac_status=$? | ||
6995 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6996 | (exit $ac_status); }; }; then | ||
6997 | ac_cv_search_nanosleep="-l$ac_lib" | ||
6998 | break | ||
6999 | else | ||
7000 | echo "$as_me: failed program was:" >&5 | ||
7001 | cat conftest.$ac_ext >&5 | ||
7002 | fi | ||
7003 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
7004 | done | ||
7005 | fi | ||
7006 | LIBS=$ac_func_search_save_LIBS | ||
7007 | fi | ||
7008 | echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5 | ||
7009 | echo "${ECHO_T}$ac_cv_search_nanosleep" >&6 | ||
7010 | if test "$ac_cv_search_nanosleep" != no; then | ||
7011 | test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS" | ||
7012 | cat >>confdefs.h <<\_ACEOF | ||
7013 | #define HAVE_NANOSLEEP 1 | ||
7014 | _ACEOF | ||
7015 | |||
7016 | fi | ||
7017 | |||
7018 | |||
7019 | echo "$as_me:$LINENO: checking whether strsep is declared" >&5 | ||
7020 | echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6 | ||
7021 | if test "${ac_cv_have_decl_strsep+set}" = set; then | ||
7022 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
7023 | else | ||
7024 | cat >conftest.$ac_ext <<_ACEOF | ||
7025 | #line $LINENO "configure" | ||
7026 | #include "confdefs.h" | ||
7027 | $ac_includes_default | ||
7028 | #ifdef F77_DUMMY_MAIN | ||
7029 | # ifdef __cplusplus | ||
7030 | extern "C" | ||
7031 | # endif | ||
7032 | int F77_DUMMY_MAIN() { return 1; } | ||
7033 | #endif | ||
7034 | int | ||
7035 | main () | ||
7036 | { | ||
7037 | #ifndef strsep | ||
7038 | char *p = (char *) strsep; | ||
7039 | #endif | ||
7040 | |||
7041 | ; | ||
7042 | return 0; | ||
7043 | } | ||
7044 | _ACEOF | ||
7045 | rm -f conftest.$ac_objext | ||
7046 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
7047 | (eval $ac_compile) 2>&5 | ||
7048 | ac_status=$? | ||
7049 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7050 | (exit $ac_status); } && | ||
7051 | { ac_try='test -s conftest.$ac_objext' | ||
7052 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
7053 | (eval $ac_try) 2>&5 | ||
7054 | ac_status=$? | ||
7055 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7056 | (exit $ac_status); }; }; then | ||
7057 | ac_cv_have_decl_strsep=yes | ||
7058 | else | ||
7059 | echo "$as_me: failed program was:" >&5 | ||
7060 | cat conftest.$ac_ext >&5 | ||
7061 | ac_cv_have_decl_strsep=no | ||
7062 | fi | ||
7063 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
7064 | fi | ||
7065 | echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5 | ||
7066 | echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6 | ||
7067 | if test $ac_cv_have_decl_strsep = yes; then | ||
7068 | |||
7069 | for ac_func in strsep | ||
7070 | do | ||
7071 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
7072 | echo "$as_me:$LINENO: checking for $ac_func" >&5 | ||
7073 | echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 | ||
7074 | if eval "test \"\${$as_ac_var+set}\" = set"; then | ||
7075 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
7076 | else | ||
7077 | cat >conftest.$ac_ext <<_ACEOF | ||
7078 | #line $LINENO "configure" | ||
7079 | #include "confdefs.h" | ||
7080 | /* System header to define __stub macros and hopefully few prototypes, | ||
7081 | which can conflict with char $ac_func (); below. */ | ||
7082 | #include <assert.h> | ||
7083 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
7084 | #ifdef __cplusplus | ||
7085 | extern "C" | ||
7086 | #endif | ||
7087 | /* We use char because int might match the return type of a gcc2 | ||
7088 | builtin and then its argument prototype would still apply. */ | ||
7089 | char $ac_func (); | ||
7090 | char (*f) (); | ||
7091 | |||
7092 | #ifdef F77_DUMMY_MAIN | ||
7093 | # ifdef __cplusplus | ||
7094 | extern "C" | ||
7095 | # endif | ||
7096 | int F77_DUMMY_MAIN() { return 1; } | ||
7097 | #endif | ||
7098 | int | ||
7099 | main () | ||
7100 | { | ||
7101 | /* The GNU C library defines this for functions which it implements | ||
7102 | to always fail with ENOSYS. Some functions are actually named | ||
7103 | something starting with __ and the normal name is an alias. */ | ||
7104 | #if defined (__stub_$ac_func) || defined (__stub___$ac_func) | ||
7105 | choke me | ||
7106 | #else | ||
7107 | f = $ac_func; | ||
7108 | #endif | ||
7109 | |||
7110 | ; | ||
7111 | return 0; | ||
7112 | } | ||
7113 | _ACEOF | ||
7114 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
7115 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
7116 | (eval $ac_link) 2>&5 | ||
7117 | ac_status=$? | ||
7118 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7119 | (exit $ac_status); } && | ||
7120 | { ac_try='test -s conftest$ac_exeext' | ||
7121 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
7122 | (eval $ac_try) 2>&5 | ||
7123 | ac_status=$? | ||
7124 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7125 | (exit $ac_status); }; }; then | ||
7126 | eval "$as_ac_var=yes" | ||
7127 | else | ||
7128 | echo "$as_me: failed program was:" >&5 | ||
7129 | cat conftest.$ac_ext >&5 | ||
7130 | eval "$as_ac_var=no" | ||
7131 | fi | ||
7132 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
7133 | fi | ||
7134 | echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 | ||
7135 | echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 | ||
7136 | if test `eval echo '${'$as_ac_var'}'` = yes; then | ||
7137 | cat >>confdefs.h <<_ACEOF | ||
7138 | #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
7139 | _ACEOF | ||
7140 | |||
7141 | fi | ||
7142 | done | ||
7143 | |||
7144 | fi | ||
7145 | |||
7146 | |||
6829 | 7147 | ||
6830 | for ac_func in dirname | 7148 | for ac_func in dirname |
6831 | do | 7149 | do |
@@ -7975,6 +8293,65 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | |||
7975 | fi | 8293 | fi |
7976 | fi | 8294 | fi |
7977 | 8295 | ||
8296 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | ||
8297 | echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5 | ||
8298 | echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6 | ||
8299 | if test "$cross_compiling" = yes; then | ||
8300 | |||
8301 | echo "$as_me:$LINENO: result: yes" >&5 | ||
8302 | echo "${ECHO_T}yes" >&6 | ||
8303 | cat >>confdefs.h <<\_ACEOF | ||
8304 | #define HAVE_STRICT_MKSTEMP 1 | ||
8305 | _ACEOF | ||
8306 | |||
8307 | |||
8308 | |||
8309 | else | ||
8310 | cat >conftest.$ac_ext <<_ACEOF | ||
8311 | #line $LINENO "configure" | ||
8312 | #include "confdefs.h" | ||
8313 | |||
8314 | #include <stdlib.h> | ||
8315 | main() { char template[]="conftest.mkstemp-test"; | ||
8316 | if (mkstemp(template) == -1) | ||
8317 | exit(1); | ||
8318 | unlink(template); exit(0); | ||
8319 | } | ||
8320 | |||
8321 | _ACEOF | ||
8322 | rm -f conftest$ac_exeext | ||
8323 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8324 | (eval $ac_link) 2>&5 | ||
8325 | ac_status=$? | ||
8326 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8327 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8328 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8329 | (eval $ac_try) 2>&5 | ||
8330 | ac_status=$? | ||
8331 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8332 | (exit $ac_status); }; }; then | ||
8333 | |||
8334 | echo "$as_me:$LINENO: result: no" >&5 | ||
8335 | echo "${ECHO_T}no" >&6 | ||
8336 | |||
8337 | else | ||
8338 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8339 | echo "$as_me: failed program was:" >&5 | ||
8340 | cat conftest.$ac_ext >&5 | ||
8341 | ( exit $ac_status ) | ||
8342 | |||
8343 | echo "$as_me:$LINENO: result: yes" >&5 | ||
8344 | echo "${ECHO_T}yes" >&6 | ||
8345 | cat >>confdefs.h <<\_ACEOF | ||
8346 | #define HAVE_STRICT_MKSTEMP 1 | ||
8347 | _ACEOF | ||
8348 | |||
8349 | |||
8350 | fi | ||
8351 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8352 | fi | ||
8353 | fi | ||
8354 | |||
7978 | echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 | 8355 | echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 |
7979 | echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 | 8356 | echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6 |
7980 | if test "${ac_cv_func_getpgrp_void+set}" = set; then | 8357 | if test "${ac_cv_func_getpgrp_void+set}" = set; then |
@@ -13128,12 +13505,72 @@ _ACEOF | |||
13128 | have_struct_timeval=1 | 13505 | have_struct_timeval=1 |
13129 | fi | 13506 | fi |
13130 | 13507 | ||
13131 | # If we don't have int64_t then we can't compile sftp-server. So don't | 13508 | echo "$as_me:$LINENO: checking for struct timespec" >&5 |
13132 | # even attempt to do it. | 13509 | echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6 |
13510 | if test "${ac_cv_type_struct_timespec+set}" = set; then | ||
13511 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
13512 | else | ||
13513 | cat >conftest.$ac_ext <<_ACEOF | ||
13514 | #line $LINENO "configure" | ||
13515 | #include "confdefs.h" | ||
13516 | $ac_includes_default | ||
13517 | #ifdef F77_DUMMY_MAIN | ||
13518 | # ifdef __cplusplus | ||
13519 | extern "C" | ||
13520 | # endif | ||
13521 | int F77_DUMMY_MAIN() { return 1; } | ||
13522 | #endif | ||
13523 | int | ||
13524 | main () | ||
13525 | { | ||
13526 | if ((struct timespec *) 0) | ||
13527 | return 0; | ||
13528 | if (sizeof (struct timespec)) | ||
13529 | return 0; | ||
13530 | ; | ||
13531 | return 0; | ||
13532 | } | ||
13533 | _ACEOF | ||
13534 | rm -f conftest.$ac_objext | ||
13535 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
13536 | (eval $ac_compile) 2>&5 | ||
13537 | ac_status=$? | ||
13538 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
13539 | (exit $ac_status); } && | ||
13540 | { ac_try='test -s conftest.$ac_objext' | ||
13541 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
13542 | (eval $ac_try) 2>&5 | ||
13543 | ac_status=$? | ||
13544 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
13545 | (exit $ac_status); }; }; then | ||
13546 | ac_cv_type_struct_timespec=yes | ||
13547 | else | ||
13548 | echo "$as_me: failed program was:" >&5 | ||
13549 | cat conftest.$ac_ext >&5 | ||
13550 | ac_cv_type_struct_timespec=no | ||
13551 | fi | ||
13552 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
13553 | fi | ||
13554 | echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5 | ||
13555 | echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6 | ||
13556 | if test $ac_cv_type_struct_timespec = yes; then | ||
13557 | |||
13558 | cat >>confdefs.h <<_ACEOF | ||
13559 | #define HAVE_STRUCT_TIMESPEC 1 | ||
13560 | _ACEOF | ||
13561 | |||
13562 | |||
13563 | fi | ||
13564 | |||
13565 | |||
13566 | # We need int64_t or else certian parts of the compile will fail. | ||
13133 | if test "x$ac_cv_have_int64_t" = "xno" -a \ | 13567 | if test "x$ac_cv_have_int64_t" = "xno" -a \ |
13134 | "x$ac_cv_sizeof_long_int" != "x8" -a \ | 13568 | "x$ac_cv_sizeof_long_int" != "x8" -a \ |
13135 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then | 13569 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then |
13136 | NO_SFTP='#' | 13570 | echo "OpenSSH requires int64_t support. Contact your vendor or install" |
13571 | echo "an alternative compiler (I.E., GCC) before continuing." | ||
13572 | echo "" | ||
13573 | exit 1; | ||
13137 | else | 13574 | else |
13138 | if test "$cross_compiling" = yes; then | 13575 | if test "$cross_compiling" = yes; then |
13139 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | 13576 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 |
@@ -13196,7 +13633,6 @@ fi | |||
13196 | fi | 13633 | fi |
13197 | 13634 | ||
13198 | 13635 | ||
13199 | |||
13200 | # look for field 'ut_host' in header 'utmp.h' | 13636 | # look for field 'ut_host' in header 'utmp.h' |
13201 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | 13637 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` |
13202 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | 13638 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host |
@@ -15730,6 +16166,19 @@ fi | |||
15730 | 16166 | ||
15731 | fi; | 16167 | fi; |
15732 | 16168 | ||
16169 | STRIP_OPT=-s | ||
16170 | # Check whether --enable-strip or --disable-strip was given. | ||
16171 | if test "${enable_strip+set}" = set; then | ||
16172 | enableval="$enable_strip" | ||
16173 | |||
16174 | if test "x$enableval" = "xno" ; then | ||
16175 | STRIP_OPT= | ||
16176 | fi | ||
16177 | |||
16178 | |||
16179 | fi; | ||
16180 | |||
16181 | |||
15733 | if test -z "$xauth_path" ; then | 16182 | if test -z "$xauth_path" ; then |
15734 | XAUTH_PATH="undefined" | 16183 | XAUTH_PATH="undefined" |
15735 | 16184 | ||
@@ -16056,7 +16505,11 @@ else | |||
16056 | # include <paths.h> | 16505 | # include <paths.h> |
16057 | #endif | 16506 | #endif |
16058 | #ifndef _PATH_STDPATH | 16507 | #ifndef _PATH_STDPATH |
16059 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | 16508 | # ifdef _PATH_USERPATH /* Irix */ |
16509 | # define _PATH_STDPATH _PATH_USERPATH | ||
16510 | # else | ||
16511 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | ||
16512 | # endif | ||
16060 | #endif | 16513 | #endif |
16061 | #include <sys/types.h> | 16514 | #include <sys/types.h> |
16062 | #include <sys/stat.h> | 16515 | #include <sys/stat.h> |
@@ -17346,6 +17799,7 @@ s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t | |||
17346 | s,@INSTALL_DATA@,$INSTALL_DATA,;t t | 17799 | s,@INSTALL_DATA@,$INSTALL_DATA,;t t |
17347 | s,@AR@,$AR,;t t | 17800 | s,@AR@,$AR,;t t |
17348 | s,@PERL@,$PERL,;t t | 17801 | s,@PERL@,$PERL,;t t |
17802 | s,@SED@,$SED,;t t | ||
17349 | s,@ENT@,$ENT,;t t | 17803 | s,@ENT@,$ENT,;t t |
17350 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t | 17804 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t |
17351 | s,@SH@,$SH,;t t | 17805 | s,@SH@,$SH,;t t |
@@ -17372,10 +17826,10 @@ s,@PROG_UPTIME@,$PROG_UPTIME,;t t | |||
17372 | s,@PROG_IPCS@,$PROG_IPCS,;t t | 17826 | s,@PROG_IPCS@,$PROG_IPCS,;t t |
17373 | s,@PROG_TAIL@,$PROG_TAIL,;t t | 17827 | s,@PROG_TAIL@,$PROG_TAIL,;t t |
17374 | s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t | 17828 | s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t |
17375 | s,@NO_SFTP@,$NO_SFTP,;t t | ||
17376 | s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t | 17829 | s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t |
17377 | s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t | 17830 | s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t |
17378 | s,@xauth_path@,$xauth_path,;t t | 17831 | s,@xauth_path@,$xauth_path,;t t |
17832 | s,@STRIP_OPT@,$STRIP_OPT,;t t | ||
17379 | s,@XAUTH_PATH@,$XAUTH_PATH,;t t | 17833 | s,@XAUTH_PATH@,$XAUTH_PATH,;t t |
17380 | s,@NROFF@,$NROFF,;t t | 17834 | s,@NROFF@,$NROFF,;t t |
17381 | s,@MANTYPE@,$MANTYPE,;t t | 17835 | s,@MANTYPE@,$MANTYPE,;t t |
@@ -17895,12 +18349,6 @@ if test "x$PAM_MSG" = "xyes" ; then | |||
17895 | echo "" | 18349 | echo "" |
17896 | fi | 18350 | fi |
17897 | 18351 | ||
17898 | if test ! -z "$NO_SFTP"; then | ||
17899 | echo "sftp-server will be disabled. Your compiler does not " | ||
17900 | echo "support 64bit integers." | ||
17901 | echo "" | ||
17902 | fi | ||
17903 | |||
17904 | if test ! -z "$RAND_HELPER_CMDHASH" ; then | 18352 | if test ! -z "$RAND_HELPER_CMDHASH" ; then |
17905 | echo "WARNING: you are using the builtin random number collection " | 18353 | echo "WARNING: you are using the builtin random number collection " |
17906 | echo "service. Please read WARNING.RNG and request that your OS " | 18354 | echo "service. Please read WARNING.RNG and request that your OS " |
diff --git a/configure.ac b/configure.ac index 5fe50e56b..48a98d319 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ | 1 | # $Id: configure.ac,v 1.111.2.2 2003/03/21 01:15:18 mouring Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -14,6 +14,7 @@ AC_PROG_RANLIB | |||
14 | AC_PROG_INSTALL | 14 | AC_PROG_INSTALL |
15 | AC_PATH_PROG(AR, ar) | 15 | AC_PATH_PROG(AR, ar) |
16 | AC_PATH_PROGS(PERL, perl5 perl) | 16 | AC_PATH_PROGS(PERL, perl5 perl) |
17 | AC_PATH_PROG(SED, sed) | ||
17 | AC_SUBST(PERL) | 18 | AC_SUBST(PERL) |
18 | AC_PATH_PROG(ENT, ent) | 19 | AC_PATH_PROG(ENT, ent) |
19 | AC_SUBST(ENT) | 20 | AC_SUBST(ENT) |
@@ -81,8 +82,11 @@ case "$host" in | |||
81 | dnl AIX handles lastlog as part of its login message | 82 | dnl AIX handles lastlog as part of its login message |
82 | AC_DEFINE(DISABLE_LASTLOG) | 83 | AC_DEFINE(DISABLE_LASTLOG) |
83 | AC_DEFINE(LOGIN_NEEDS_UTMPX) | 84 | AC_DEFINE(LOGIN_NEEDS_UTMPX) |
85 | AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) | ||
86 | AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') | ||
84 | ;; | 87 | ;; |
85 | *-*-cygwin*) | 88 | *-*-cygwin*) |
89 | check_for_libcrypt_later=1 | ||
86 | LIBS="$LIBS /usr/lib/textmode.o" | 90 | LIBS="$LIBS /usr/lib/textmode.o" |
87 | AC_DEFINE(HAVE_CYGWIN) | 91 | AC_DEFINE(HAVE_CYGWIN) |
88 | AC_DEFINE(USE_PIPES) | 92 | AC_DEFINE(USE_PIPES) |
@@ -121,7 +125,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
121 | AC_DEFINE(LOGIN_NEEDS_UTMPX) | 125 | AC_DEFINE(LOGIN_NEEDS_UTMPX) |
122 | AC_DEFINE(DISABLE_SHADOW) | 126 | AC_DEFINE(DISABLE_SHADOW) |
123 | AC_DEFINE(DISABLE_UTMP) | 127 | AC_DEFINE(DISABLE_UTMP) |
124 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 128 | AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) |
125 | LIBS="$LIBS -lsec -lsecpw" | 129 | LIBS="$LIBS -lsec -lsecpw" |
126 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | 130 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) |
127 | disable_ptmx_check=yes | 131 | disable_ptmx_check=yes |
@@ -137,7 +141,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
137 | AC_DEFINE(LOGIN_NEEDS_UTMPX) | 141 | AC_DEFINE(LOGIN_NEEDS_UTMPX) |
138 | AC_DEFINE(DISABLE_SHADOW) | 142 | AC_DEFINE(DISABLE_SHADOW) |
139 | AC_DEFINE(DISABLE_UTMP) | 143 | AC_DEFINE(DISABLE_UTMP) |
140 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 144 | AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) |
141 | LIBS="$LIBS -lsec" | 145 | LIBS="$LIBS -lsec" |
142 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | 146 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) |
143 | ;; | 147 | ;; |
@@ -150,7 +154,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
150 | AC_DEFINE(LOGIN_NEEDS_UTMPX) | 154 | AC_DEFINE(LOGIN_NEEDS_UTMPX) |
151 | AC_DEFINE(DISABLE_SHADOW) | 155 | AC_DEFINE(DISABLE_SHADOW) |
152 | AC_DEFINE(DISABLE_UTMP) | 156 | AC_DEFINE(DISABLE_UTMP) |
153 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 157 | AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) |
154 | LIBS="$LIBS -lsec" | 158 | LIBS="$LIBS -lsec" |
155 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | 159 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) |
156 | ;; | 160 | ;; |
@@ -177,6 +181,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
177 | check_for_libcrypt_later=1 | 181 | check_for_libcrypt_later=1 |
178 | AC_DEFINE(DONT_TRY_OTHER_AF) | 182 | AC_DEFINE(DONT_TRY_OTHER_AF) |
179 | AC_DEFINE(PAM_TTY_KLUDGE) | 183 | AC_DEFINE(PAM_TTY_KLUDGE) |
184 | AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) | ||
185 | AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') | ||
180 | inet6_default_4in6=yes | 186 | inet6_default_4in6=yes |
181 | ;; | 187 | ;; |
182 | mips-sony-bsd|mips-sony-newsos4) | 188 | mips-sony-bsd|mips-sony-newsos4) |
@@ -210,6 +216,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
210 | AC_DEFINE(LOGIN_NEEDS_UTMPX) | 216 | AC_DEFINE(LOGIN_NEEDS_UTMPX) |
211 | AC_DEFINE(LOGIN_NEEDS_TERM) | 217 | AC_DEFINE(LOGIN_NEEDS_TERM) |
212 | AC_DEFINE(PAM_TTY_KLUDGE) | 218 | AC_DEFINE(PAM_TTY_KLUDGE) |
219 | AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY) | ||
213 | # hardwire lastlog location (can't detect it on some versions) | 220 | # hardwire lastlog location (can't detect it on some versions) |
214 | conf_lastlog_location="/var/adm/lastlog" | 221 | conf_lastlog_location="/var/adm/lastlog" |
215 | AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) | 222 | AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) |
@@ -278,6 +285,9 @@ mips-sony-bsd|mips-sony-newsos4) | |||
278 | do_sco3_extra_lib_check=yes | 285 | do_sco3_extra_lib_check=yes |
279 | ;; | 286 | ;; |
280 | *-*-sco3.2v5*) | 287 | *-*-sco3.2v5*) |
288 | if test -z "$GCC"; then | ||
289 | CFLAGS="$CFLAGS -belf" | ||
290 | fi | ||
281 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 291 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
282 | LDFLAGS="$LDFLAGS -L/usr/local/lib" | 292 | LDFLAGS="$LDFLAGS -L/usr/local/lib" |
283 | LIBS="$LIBS -lprot -lx -ltinfo -lm" | 293 | LIBS="$LIBS -lprot -lx -ltinfo -lm" |
@@ -290,8 +300,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
290 | MANTYPE=man | 300 | MANTYPE=man |
291 | ;; | 301 | ;; |
292 | *-*-unicosmk*) | 302 | *-*-unicosmk*) |
293 | no_libsocket=1 | ||
294 | no_libnsl=1 | ||
295 | AC_DEFINE(USE_PIPES) | 303 | AC_DEFINE(USE_PIPES) |
296 | AC_DEFINE(DISABLE_FD_PASSING) | 304 | AC_DEFINE(DISABLE_FD_PASSING) |
297 | LDFLAGS="$LDFLAGS" | 305 | LDFLAGS="$LDFLAGS" |
@@ -299,8 +307,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
299 | MANTYPE=cat | 307 | MANTYPE=cat |
300 | ;; | 308 | ;; |
301 | *-*-unicos*) | 309 | *-*-unicos*) |
302 | no_libsocket=1 | ||
303 | no_libnsl=1 | ||
304 | AC_DEFINE(USE_PIPES) | 310 | AC_DEFINE(USE_PIPES) |
305 | AC_DEFINE(DISABLE_FD_PASSING) | 311 | AC_DEFINE(DISABLE_FD_PASSING) |
306 | AC_DEFINE(NO_SSH_LASTLOG) | 312 | AC_DEFINE(NO_SSH_LASTLOG) |
@@ -325,11 +331,13 @@ mips-sony-bsd|mips-sony-newsos4) | |||
325 | AC_MSG_RESULT(yes) | 331 | AC_MSG_RESULT(yes) |
326 | AC_DEFINE(HAVE_OSF_SIA) | 332 | AC_DEFINE(HAVE_OSF_SIA) |
327 | AC_DEFINE(DISABLE_LOGIN) | 333 | AC_DEFINE(DISABLE_LOGIN) |
334 | AC_DEFINE(DISABLE_FD_PASSING) | ||
328 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | 335 | LIBS="$LIBS -lsecurity -ldb -lm -laud" |
329 | else | 336 | else |
330 | AC_MSG_RESULT(no) | 337 | AC_MSG_RESULT(no) |
331 | fi | 338 | fi |
332 | fi | 339 | fi |
340 | AC_DEFINE(DISABLE_FD_PASSING) | ||
333 | ;; | 341 | ;; |
334 | 342 | ||
335 | *-*-nto-qnx) | 343 | *-*-nto-qnx) |
@@ -377,13 +385,13 @@ AC_ARG_WITH(libs, | |||
377 | 385 | ||
378 | # Checks for header files. | 386 | # Checks for header files. |
379 | AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ | 387 | AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ |
380 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ | 388 | getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ |
381 | login_cap.h maillock.h netdb.h netgroup.h \ | 389 | login_cap.h maillock.h netdb.h netgroup.h \ |
382 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 390 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
383 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 391 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
384 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 392 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
385 | sys/mman.h sys/select.h sys/stat.h \ | 393 | sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ |
386 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 394 | sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ |
387 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ | 395 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
388 | util.h utime.h utmp.h utmpx.h) | 396 | util.h utime.h utmp.h utmpx.h) |
389 | 397 | ||
@@ -594,18 +602,25 @@ AC_ARG_WITH(tcp-wrappers, | |||
594 | ] | 602 | ] |
595 | ) | 603 | ) |
596 | 604 | ||
597 | dnl Checks for library functions. | 605 | dnl Checks for library functions. Please keep in alphabetical order |
598 | AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ | 606 | AC_CHECK_FUNCS(\ |
599 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 607 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ |
600 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ | 608 | bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ |
601 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 609 | gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ |
602 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 610 | getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ |
603 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 611 | inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
604 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ | 612 | mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ |
605 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ | 613 | readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ |
606 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ | 614 | setegid setenv seteuid setgroups setlogin setpcred setproctitle \ |
607 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 615 | setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ |
608 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) | 616 | snprintf socketpair strerror strlcat strlcpy strmode strnvis \ |
617 | sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ | ||
618 | ) | ||
619 | |||
620 | AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) | ||
621 | |||
622 | dnl Make sure strsep prototype is defined before defining HAVE_STRSEP | ||
623 | AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) | ||
609 | 624 | ||
610 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen | 625 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen |
611 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ | 626 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ |
@@ -680,6 +695,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} | |||
680 | ) | 695 | ) |
681 | fi | 696 | fi |
682 | 697 | ||
698 | dnl see whether mkstemp() requires XXXXXX | ||
699 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | ||
700 | AC_MSG_CHECKING([for (overly) strict mkstemp]) | ||
701 | AC_TRY_RUN( | ||
702 | [ | ||
703 | #include <stdlib.h> | ||
704 | main() { char template[]="conftest.mkstemp-test"; | ||
705 | if (mkstemp(template) == -1) | ||
706 | exit(1); | ||
707 | unlink(template); exit(0); | ||
708 | } | ||
709 | ], | ||
710 | [ | ||
711 | AC_MSG_RESULT(no) | ||
712 | ], | ||
713 | [ | ||
714 | AC_MSG_RESULT(yes) | ||
715 | AC_DEFINE(HAVE_STRICT_MKSTEMP) | ||
716 | ], | ||
717 | [ | ||
718 | AC_MSG_RESULT(yes) | ||
719 | AC_DEFINE(HAVE_STRICT_MKSTEMP) | ||
720 | ] | ||
721 | ) | ||
722 | fi | ||
723 | |||
683 | AC_FUNC_GETPGRP | 724 | AC_FUNC_GETPGRP |
684 | 725 | ||
685 | # Check for PAM libs | 726 | # Check for PAM libs |
@@ -1443,12 +1484,16 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then | |||
1443 | have_struct_timeval=1 | 1484 | have_struct_timeval=1 |
1444 | fi | 1485 | fi |
1445 | 1486 | ||
1446 | # If we don't have int64_t then we can't compile sftp-server. So don't | 1487 | AC_CHECK_TYPES(struct timespec) |
1447 | # even attempt to do it. | 1488 | |
1489 | # We need int64_t or else certian parts of the compile will fail. | ||
1448 | if test "x$ac_cv_have_int64_t" = "xno" -a \ | 1490 | if test "x$ac_cv_have_int64_t" = "xno" -a \ |
1449 | "x$ac_cv_sizeof_long_int" != "x8" -a \ | 1491 | "x$ac_cv_sizeof_long_int" != "x8" -a \ |
1450 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then | 1492 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then |
1451 | NO_SFTP='#' | 1493 | echo "OpenSSH requires int64_t support. Contact your vendor or install" |
1494 | echo "an alternative compiler (I.E., GCC) before continuing." | ||
1495 | echo "" | ||
1496 | exit 1; | ||
1452 | else | 1497 | else |
1453 | dnl test snprintf (broken on SCO w/gcc) | 1498 | dnl test snprintf (broken on SCO w/gcc) |
1454 | AC_TRY_RUN( | 1499 | AC_TRY_RUN( |
@@ -1478,7 +1523,6 @@ main() { exit(0); } | |||
1478 | ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] | 1523 | ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] |
1479 | ) | 1524 | ) |
1480 | fi | 1525 | fi |
1481 | AC_SUBST(NO_SFTP) | ||
1482 | 1526 | ||
1483 | dnl Checks for structure members | 1527 | dnl Checks for structure members |
1484 | OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) | 1528 | OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) |
@@ -1906,6 +1950,17 @@ AC_ARG_WITH(xauth, | |||
1906 | ] | 1950 | ] |
1907 | ) | 1951 | ) |
1908 | 1952 | ||
1953 | STRIP_OPT=-s | ||
1954 | AC_ARG_ENABLE(strip, | ||
1955 | [ --disable-strip Disable calling strip(1) on install], | ||
1956 | [ | ||
1957 | if test "x$enableval" = "xno" ; then | ||
1958 | STRIP_OPT= | ||
1959 | fi | ||
1960 | ] | ||
1961 | ) | ||
1962 | AC_SUBST(STRIP_OPT) | ||
1963 | |||
1909 | if test -z "$xauth_path" ; then | 1964 | if test -z "$xauth_path" ; then |
1910 | XAUTH_PATH="undefined" | 1965 | XAUTH_PATH="undefined" |
1911 | AC_SUBST(XAUTH_PATH) | 1966 | AC_SUBST(XAUTH_PATH) |
@@ -2060,7 +2115,11 @@ Edit /etc/login.conf instead.]) | |||
2060 | # include <paths.h> | 2115 | # include <paths.h> |
2061 | #endif | 2116 | #endif |
2062 | #ifndef _PATH_STDPATH | 2117 | #ifndef _PATH_STDPATH |
2063 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | 2118 | # ifdef _PATH_USERPATH /* Irix */ |
2119 | # define _PATH_STDPATH _PATH_USERPATH | ||
2120 | # else | ||
2121 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | ||
2122 | # endif | ||
2064 | #endif | 2123 | #endif |
2065 | #include <sys/types.h> | 2124 | #include <sys/types.h> |
2066 | #include <sys/stat.h> | 2125 | #include <sys/stat.h> |
@@ -2498,12 +2557,6 @@ if test "x$PAM_MSG" = "xyes" ; then | |||
2498 | echo "" | 2557 | echo "" |
2499 | fi | 2558 | fi |
2500 | 2559 | ||
2501 | if test ! -z "$NO_SFTP"; then | ||
2502 | echo "sftp-server will be disabled. Your compiler does not " | ||
2503 | echo "support 64bit integers." | ||
2504 | echo "" | ||
2505 | fi | ||
2506 | |||
2507 | if test ! -z "$RAND_HELPER_CMDHASH" ; then | 2560 | if test ! -z "$RAND_HELPER_CMDHASH" ; then |
2508 | echo "WARNING: you are using the builtin random number collection " | 2561 | echo "WARNING: you are using the builtin random number collection " |
2509 | echo "service. Please read WARNING.RNG and request that your OS " | 2562 | echo "service. Please read WARNING.RNG and request that your OS " |
diff --git a/contrib/aix/README b/contrib/aix/README index 033fd0a5d..82fd8be1b 100644 --- a/contrib/aix/README +++ b/contrib/aix/README | |||
@@ -6,9 +6,15 @@ installable) openssh package. | |||
6 | 6 | ||
7 | Directions: | 7 | Directions: |
8 | 8 | ||
9 | (optional) create config.local in your build dir | ||
9 | ./configure [options] | 10 | ./configure [options] |
10 | cd contrib/aix; ./buildbff.sh | 11 | contrib/aix/buildbff.sh |
11 | 12 | ||
13 | The file config.local or the environment is read to set the following options | ||
14 | (default first): | ||
15 | PERMIT_ROOT_LOGIN=[no|yes] | ||
16 | X11_FORWARDING=[no|yes] | ||
17 | AIX_SRC=[no|yes] | ||
12 | 18 | ||
13 | Acknowledgements: | 19 | Acknowledgements: |
14 | 20 | ||
@@ -19,6 +25,8 @@ Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's | |||
19 | and for comparison with the output from this script, however no code | 25 | and for comparison with the output from this script, however no code |
20 | from lppbuild is included and it is not required for operation. | 26 | from lppbuild is included and it is not required for operation. |
21 | 27 | ||
28 | SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. | ||
29 | |||
22 | 30 | ||
23 | Other notes: | 31 | Other notes: |
24 | 32 | ||
@@ -26,8 +34,7 @@ The script treats all packages as USR packages (not ROOT+USR when | |||
26 | appropriate). It seems to work, though...... | 34 | appropriate). It seems to work, though...... |
27 | 35 | ||
28 | If there are any patches to this that have not yet been integrated they | 36 | If there are any patches to this that have not yet been integrated they |
29 | may be found at http://www.zip.com.au/~dtucker/openssh/ or | 37 | may be found at http://www.zip.com.au/~dtucker/openssh/. |
30 | http://home.usf.advantra.com.au/~dtucker/openssh/. | ||
31 | 38 | ||
32 | 39 | ||
33 | Disclaimer: | 40 | Disclaimer: |
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 5c09c6b75..3b3699660 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
@@ -11,10 +11,12 @@ | |||
11 | 11 | ||
12 | # | 12 | # |
13 | # Tunable configuration settings | 13 | # Tunable configuration settings |
14 | # create a "config.local" in your build directory to override these. | 14 | # create a "config.local" in your build directory or set |
15 | # environment variables to override these. | ||
15 | # | 16 | # |
16 | PERMIT_ROOT_LOGIN=no | 17 | [ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no |
17 | X11_FORWARDING=no | 18 | [ -z "$X11_FORWARDING" ] || X11_FORWARDING=no |
19 | [ -z "$AIX_SRC" ] || AIX_SRC=no | ||
18 | 20 | ||
19 | umask 022 | 21 | umask 022 |
20 | 22 | ||
@@ -167,6 +169,18 @@ For the full text of the license, see /usr/lpp/openssh/LICENCE | |||
167 | EOD | 169 | EOD |
168 | 170 | ||
169 | # | 171 | # |
172 | # openssh.size file allows filesystem expansion as required | ||
173 | # generate list of directories containing files | ||
174 | # then calculate disk usage for each directory and store in openssh.size | ||
175 | # | ||
176 | files=`find . -type f -print` | ||
177 | dirs=`for file in $files; do dirname $file; done | sort -u` | ||
178 | for dir in $dirs | ||
179 | do | ||
180 | du $dir | ||
181 | done > ../openssh.size | ||
182 | |||
183 | # | ||
170 | # Create postinstall script | 184 | # Create postinstall script |
171 | # | 185 | # |
172 | cat <<EOF >>../openssh.post_i | 186 | cat <<EOF >>../openssh.post_i |
@@ -245,14 +259,42 @@ else | |||
245 | fi | 259 | fi |
246 | echo | 260 | echo |
247 | 261 | ||
248 | # Add to system startup if required | 262 | # Set startup command depending on SRC support |
249 | if grep $sbindir/sshd /etc/rc.tcpip >/dev/null | 263 | if [ "$AIX_SRC" = "yes" ] |
264 | then | ||
265 | echo Creating SRC sshd subsystem. | ||
266 | rmssys -s sshd 2>&1 >/dev/null | ||
267 | mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip | ||
268 | startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\"" | ||
269 | oldstartcmd="$sbindir/sshd" | ||
270 | else | ||
271 | startupcmd="$sbindir/sshd" | ||
272 | oldstartcmd="start $sbindir/sshd \\\"$src_running\\\"" | ||
273 | fi | ||
274 | |||
275 | # If migrating to or from SRC, change previous startup command | ||
276 | # otherwise add to rc.tcpip | ||
277 | if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null | ||
250 | then | 278 | then |
251 | echo "sshd found in rc.tcpip, not adding." | 279 | if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new |
280 | then | ||
281 | chmod 0755 /etc/rc.tcpip.new | ||
282 | mv /etc/rc.tcpip /etc/rc.tcpip.old && \ | ||
283 | mv /etc/rc.tcpip.new /etc/rc.tcpip | ||
284 | else | ||
285 | echo "Updating /etc/rc.tcpip failed, please check." | ||
286 | fi | ||
252 | else | 287 | else |
253 | echo >>/etc/rc.tcpip | 288 | # Add to system startup if required |
254 | echo "echo Starting sshd" >>/etc/rc.tcpip | 289 | if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null |
255 | echo "$sbindir/sshd" >>/etc/rc.tcpip | 290 | then |
291 | echo "sshd found in rc.tcpip, not adding." | ||
292 | else | ||
293 | echo "Adding sshd to rc.tcpip" | ||
294 | echo >>/etc/rc.tcpip | ||
295 | echo "# Start sshd" >>/etc/rc.tcpip | ||
296 | echo "\$startupcmd" >>/etc/rc.tcpip | ||
297 | fi | ||
256 | fi | 298 | fi |
257 | EOF | 299 | EOF |
258 | 300 | ||
@@ -262,7 +304,7 @@ EOF | |||
262 | echo Creating liblpp.a | 304 | echo Creating liblpp.a |
263 | ( | 305 | ( |
264 | cd .. | 306 | cd .. |
265 | for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* | 307 | for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README* |
266 | do | 308 | do |
267 | ar -r liblpp.a $i | 309 | ar -r liblpp.a $i |
268 | rm $i | 310 | rm $i |
diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 78df0d16e..619493ae2 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh | |||
@@ -2,9 +2,9 @@ | |||
2 | # | 2 | # |
3 | # inventory.sh | 3 | # inventory.sh |
4 | # | 4 | # |
5 | # Originall written by Ben Lindstrom, modified by Darren Tucker to use perl | 5 | # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl |
6 | # | 6 | # |
7 | # This will produced and AIX package inventory file, which looks like: | 7 | # This will produce an AIX package inventory file, which looks like: |
8 | # | 8 | # |
9 | # /usr/local/bin: | 9 | # /usr/local/bin: |
10 | # class=apply,inventory,openssh | 10 | # class=apply,inventory,openssh |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index b7de22e8b..e70ac8f37 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,7 +17,7 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 3.5p1 | 20 | %define version 3.6p1 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 2 | 22 | %define release 2 |
23 | %else | 23 | %else |
@@ -198,7 +198,7 @@ xmkmf | |||
198 | %Install | 198 | %Install |
199 | [ %{buildroot} != "/" ] && rm -rf %{buildroot} | 199 | [ %{buildroot} != "/" ] && rm -rf %{buildroot} |
200 | 200 | ||
201 | %makeinstall | 201 | make install DESTDIR=%{buildroot} |
202 | %makeinstall -C %{askpass} \ | 202 | %makeinstall -C %{askpass} \ |
203 | BINDIR=%{_libexecdir} \ | 203 | BINDIR=%{_libexecdir} \ |
204 | MANPATH=%{_mandir} \ | 204 | MANPATH=%{_mandir} \ |
@@ -316,8 +316,16 @@ fi | |||
316 | %defattr(-,root,root) | 316 | %defattr(-,root,root) |
317 | %dir %{_sysconfdir} | 317 | %dir %{_sysconfdir} |
318 | %config %{_sysconfdir}/ssh_config | 318 | %config %{_sysconfdir}/ssh_config |
319 | %{_bindir}/* | 319 | %{_bindir}/scp |
320 | %{_bindir}/sftp | ||
321 | %{_bindir}/ssh | ||
322 | %{_bindir}/slogin | ||
323 | %{_bindir}/ssh-add | ||
324 | %attr(2755,root,nobody) %{_bindir}/ssh-agent | ||
325 | %{_bindir}/ssh-keygen | ||
326 | %{_bindir}/ssh-keyscan | ||
320 | %dir %{_libexecdir} | 327 | %dir %{_libexecdir} |
328 | %attr(4711,root,root) %{_libexecdir}/ssh-keysign | ||
321 | %{_sbindir}/ssh-host-keygen | 329 | %{_sbindir}/ssh-host-keygen |
322 | %dir %{_defaultdocdir}/%{name}-%{version} | 330 | %dir %{_defaultdocdir}/%{name}-%{version} |
323 | %{_defaultdocdir}/%{name}-%{version}/CREDITS | 331 | %{_defaultdocdir}/%{name}-%{version}/CREDITS |
@@ -328,10 +336,12 @@ fi | |||
328 | %{_defaultdocdir}/%{name}-%{version}/TODO | 336 | %{_defaultdocdir}/%{name}-%{version}/TODO |
329 | %{_defaultdocdir}/%{name}-%{version}/faq.html | 337 | %{_defaultdocdir}/%{name}-%{version}/faq.html |
330 | %{_mandir}/man1/* | 338 | %{_mandir}/man1/* |
339 | %{_mandir}/man8/ssh-keysign.8.gz | ||
340 | %{_mandir}/man5/ssh_config.5.gz | ||
331 | 341 | ||
332 | %Files server | 342 | %Files server |
333 | %defattr(-,root,root) | 343 | %defattr(-,root,root) |
334 | %dir %attr(0700,root,root) %{_var}/empty/sshd | 344 | %dir %{_var}/empty/sshd |
335 | %config %{SVIdir}/sshd | 345 | %config %{SVIdir}/sshd |
336 | %config /etc/pam.d/sshd | 346 | %config /etc/pam.d/sshd |
337 | %config %{_sysconfdir}/moduli | 347 | %config %{_sysconfdir}/moduli |
@@ -339,6 +349,7 @@ fi | |||
339 | %config %{SVIcdir}/sshd | 349 | %config %{SVIcdir}/sshd |
340 | %{_libexecdir}/sftp-server | 350 | %{_libexecdir}/sftp-server |
341 | %{_sbindir}/sshd | 351 | %{_sbindir}/sshd |
352 | %{_mandir}/man5/sshd_config.5.gz | ||
342 | %{_mandir}/man8/sftp-server.8.gz | 353 | %{_mandir}/man8/sftp-server.8.gz |
343 | %{_mandir}/man8/sshd.8.gz | 354 | %{_mandir}/man8/sshd.8.gz |
344 | 355 | ||
@@ -353,4 +364,4 @@ fi | |||
353 | * Mon Jan 01 1998 ... | 364 | * Mon Jan 01 1998 ... |
354 | Template Version: 1.31 | 365 | Template Version: 1.31 |
355 | 366 | ||
356 | $Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $ | 367 | $Id: openssh.spec,v 1.39.2.2 2003/03/21 04:52:56 tim Exp $ |
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 4df5aa969..2c6db51e5 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -378,6 +378,8 @@ then | |||
378 | # This is the sshd server system-wide configuration file. See | 378 | # This is the sshd server system-wide configuration file. See |
379 | # sshd_config(5) for more information. | 379 | # sshd_config(5) for more information. |
380 | 380 | ||
381 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||
382 | |||
381 | # The strategy used for options in the default sshd_config shipped with | 383 | # The strategy used for options in the default sshd_config shipped with |
382 | # OpenSSH is to specify options with their default value where | 384 | # OpenSSH is to specify options with their default value where |
383 | # possible, but leave them commented. Uncommented options change a | 385 | # possible, but leave them commented. Uncommented options change a |
@@ -394,7 +396,7 @@ Port $port_number | |||
394 | #HostKey ${SYSCONFDIR}/ssh_host_rsa_key | 396 | #HostKey ${SYSCONFDIR}/ssh_host_rsa_key |
395 | #HostKey ${SYSCONFDIR}/ssh_host_dsa_key | 397 | #HostKey ${SYSCONFDIR}/ssh_host_dsa_key |
396 | 398 | ||
397 | # Lifetime and size of ephemeral version 1 server ke | 399 | # Lifetime and size of ephemeral version 1 server key |
398 | #KeyRegenerationInterval 3600 | 400 | #KeyRegenerationInterval 3600 |
399 | #ServerKeyBits 768 | 401 | #ServerKeyBits 768 |
400 | 402 | ||
@@ -405,7 +407,7 @@ Port $port_number | |||
405 | 407 | ||
406 | # Authentication: | 408 | # Authentication: |
407 | 409 | ||
408 | #LoginGraceTime 600 | 410 | #LoginGraceTime 120 |
409 | #PermitRootLogin yes | 411 | #PermitRootLogin yes |
410 | # The following setting overrides permission checks on host key files | 412 | # The following setting overrides permission checks on host key files |
411 | # and directories. For security reasons set this to "yes" when running | 413 | # and directories. For security reasons set this to "yes" when running |
@@ -414,11 +416,11 @@ StrictModes no | |||
414 | 416 | ||
415 | #RSAAuthentication yes | 417 | #RSAAuthentication yes |
416 | #PubkeyAuthentication yes | 418 | #PubkeyAuthentication yes |
417 | #AuthorizedKeysFile %h/.ssh/authorized_keys | 419 | #AuthorizedKeysFile .ssh/authorized_keys |
418 | 420 | ||
419 | # rhosts authentication should not be used | 421 | # rhosts authentication should not be used |
420 | #RhostsAuthentication no | 422 | #RhostsAuthentication no |
421 | # Don't read ~/.rhosts and ~/.shosts files | 423 | # Don't read the user's ~/.rhosts and ~/.shosts files |
422 | #IgnoreRhosts yes | 424 | #IgnoreRhosts yes |
423 | # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts | 425 | # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts |
424 | #RhostsRSAAuthentication no | 426 | #RhostsRSAAuthentication no |
@@ -443,6 +445,7 @@ StrictModes no | |||
443 | #KeepAlive yes | 445 | #KeepAlive yes |
444 | #UseLogin no | 446 | #UseLogin no |
445 | UsePrivilegeSeparation $privsep_used | 447 | UsePrivilegeSeparation $privsep_used |
448 | #PermitUserEnvironment no | ||
446 | #Compression yes | 449 | #Compression yes |
447 | 450 | ||
448 | #MaxStartups 10 | 451 | #MaxStartups 10 |
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 89a412aa8..9e8eaf920 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c | |||
@@ -36,10 +36,13 @@ | |||
36 | * you don't trust your X server. We grab the keyboard always. | 36 | * you don't trust your X server. We grab the keyboard always. |
37 | */ | 37 | */ |
38 | 38 | ||
39 | #define GRAB_TRIES 16 | ||
40 | #define GRAB_WAIT 250 /* milliseconds */ | ||
41 | |||
39 | /* | 42 | /* |
40 | * Compile with: | 43 | * Compile with: |
41 | * | 44 | * |
42 | * cc `pkg-config --cflags gtk+-2.0` \ | 45 | * cc -Wall `pkg-config --cflags gtk+-2.0` \ |
43 | * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ | 46 | * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ |
44 | * `pkg-config --libs gtk+-2.0` | 47 | * `pkg-config --libs gtk+-2.0` |
45 | * | 48 | * |
@@ -48,6 +51,7 @@ | |||
48 | #include <stdlib.h> | 51 | #include <stdlib.h> |
49 | #include <stdio.h> | 52 | #include <stdio.h> |
50 | #include <string.h> | 53 | #include <string.h> |
54 | #include <unistd.h> | ||
51 | #include <X11/Xlib.h> | 55 | #include <X11/Xlib.h> |
52 | #include <gtk/gtk.h> | 56 | #include <gtk/gtk.h> |
53 | #include <gdk/gdkx.h> | 57 | #include <gdk/gdkx.h> |
@@ -84,13 +88,13 @@ passphrase_dialog(char *message) | |||
84 | { | 88 | { |
85 | const char *failed; | 89 | const char *failed; |
86 | char *passphrase, *local; | 90 | char *passphrase, *local; |
87 | char **messages; | 91 | int result, grab_tries, grab_server, grab_pointer; |
88 | int result, i, grab_server, grab_pointer; | 92 | GtkWidget *dialog, *entry; |
89 | GtkWidget *dialog, *entry, *label; | ||
90 | GdkGrabStatus status; | 93 | GdkGrabStatus status; |
91 | 94 | ||
92 | grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); | 95 | grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); |
93 | grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); | 96 | grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); |
97 | grab_tries = 0; | ||
94 | 98 | ||
95 | dialog = gtk_message_dialog_new(NULL, 0, | 99 | dialog = gtk_message_dialog_new(NULL, 0, |
96 | GTK_MESSAGE_QUESTION, | 100 | GTK_MESSAGE_QUESTION, |
@@ -117,23 +121,35 @@ passphrase_dialog(char *message) | |||
117 | 121 | ||
118 | /* Grab focus */ | 122 | /* Grab focus */ |
119 | gtk_widget_show_now(dialog); | 123 | gtk_widget_show_now(dialog); |
120 | if (grab_server) { | ||
121 | gdk_x11_grab_server(); | ||
122 | } | ||
123 | if (grab_pointer) { | 124 | if (grab_pointer) { |
124 | status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE, | 125 | for(;;) { |
125 | 0, NULL, NULL, GDK_CURRENT_TIME); | 126 | status = gdk_pointer_grab( |
126 | if (status != GDK_GRAB_SUCCESS) { | 127 | (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, |
127 | failed = "mouse"; | 128 | NULL, GDK_CURRENT_TIME); |
128 | goto nograb; | 129 | if (status == GDK_GRAB_SUCCESS) |
130 | break; | ||
131 | usleep(GRAB_WAIT * 1000); | ||
132 | if (++grab_tries > GRAB_TRIES) { | ||
133 | failed = "mouse"; | ||
134 | goto nograb; | ||
135 | } | ||
129 | } | 136 | } |
130 | } | 137 | } |
131 | status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE, | 138 | for(;;) { |
132 | GDK_CURRENT_TIME); | 139 | status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, |
133 | if (status != GDK_GRAB_SUCCESS) { | 140 | FALSE, GDK_CURRENT_TIME); |
134 | failed = "keyboard"; | 141 | if (status == GDK_GRAB_SUCCESS) |
135 | goto nograbkb; | 142 | break; |
143 | usleep(GRAB_WAIT * 1000); | ||
144 | if (++grab_tries > GRAB_TRIES) { | ||
145 | failed = "keyboard"; | ||
146 | goto nograbkb; | ||
147 | } | ||
136 | } | 148 | } |
149 | if (grab_server) { | ||
150 | gdk_x11_grab_server(); | ||
151 | } | ||
152 | |||
137 | result = gtk_dialog_run(GTK_DIALOG(dialog)); | 153 | result = gtk_dialog_run(GTK_DIALOG(dialog)); |
138 | 154 | ||
139 | /* Ungrab */ | 155 | /* Ungrab */ |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index e7005064d..f71c0b261 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 3.5p1 | 1 | %define ver 3.6p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
@@ -21,7 +21,7 @@ | |||
21 | %define scard 0 | 21 | %define scard 0 |
22 | 22 | ||
23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass | 23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass |
24 | %define gtk2 0 | 24 | %define gtk2 1 |
25 | 25 | ||
26 | # Is this build for RHL 6.x? | 26 | # Is this build for RHL 6.x? |
27 | %define build6x 0 | 27 | %define build6x 0 |
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in index e7ca2489f..48b6c5702 100755 --- a/contrib/solaris/opensshd.in +++ b/contrib/solaris/opensshd.in | |||
@@ -3,6 +3,8 @@ | |||
3 | # | 3 | # |
4 | # Stripped PRNGd out of it for the time being. | 4 | # Stripped PRNGd out of it for the time being. |
5 | 5 | ||
6 | umask 022 | ||
7 | |||
6 | CAT=/usr/bin/cat | 8 | CAT=/usr/bin/cat |
7 | KILL=/usr/bin/kill | 9 | KILL=/usr/bin/kill |
8 | 10 | ||
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 2346761f7..a1ad34a8d 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -29,7 +29,12 @@ if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then | |||
29 | fi | 29 | fi |
30 | 30 | ||
31 | if [ -z "`eval $GET_ID`" ]; then | 31 | if [ -z "`eval $GET_ID`" ]; then |
32 | echo "$0: ERROR: No identities found" | 32 | echo "$0: ERROR: No identities found" >&2 |
33 | exit 1 | ||
34 | fi | ||
35 | |||
36 | if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then | ||
37 | echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 | ||
33 | exit 1 | 38 | exit 1 |
34 | fi | 39 | fi |
35 | 40 | ||
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 3ae1dfc80..55de013dc 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 3.5p1 | 3 | Version: 3.6p1 |
4 | URL: http://www.openssh.com/ | 4 | URL: http://www.openssh.com/ |
5 | Release: 1 | 5 | Release: 1 |
6 | Source0: openssh-%{version}.tar.gz | 6 | Source0: openssh-%{version}.tar.gz |
@@ -1,114 +1,105 @@ | |||
1 | /* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */ | ||
2 | |||
1 | /* | 3 | /* |
2 | * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or | 4 | * Copyright (c) 2003 Markus Friedl. All rights reserved. |
3 | * code or tables extracted from it, as desired without restriction. | ||
4 | * | ||
5 | * First, the polynomial itself and its table of feedback terms. The | ||
6 | * polynomial is | ||
7 | * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 | ||
8 | * | ||
9 | * Note that we take it "backwards" and put the highest-order term in | ||
10 | * the lowest-order bit. The X^32 term is "implied"; the LSB is the | ||
11 | * X^31 term, etc. The X^0 term (usually shown as "+1") results in | ||
12 | * the MSB being 1 | ||
13 | * | ||
14 | * Note that the usual hardware shift register implementation, which | ||
15 | * is what we're using (we're merely optimizing it by doing eight-bit | ||
16 | * chunks at a time) shifts bits into the lowest-order term. In our | ||
17 | * implementation, that means shifting towards the right. Why do we | ||
18 | * do it this way? Because the calculated CRC must be transmitted in | ||
19 | * order from highest-order term to lowest-order term. UARTs transmit | ||
20 | * characters in order from LSB to MSB. By storing the CRC this way | ||
21 | * we hand it to the UART in the order low-byte to high-byte; the UART | ||
22 | * sends each low-bit to hight-bit; and the result is transmission bit | ||
23 | * by bit from highest- to lowest-order term without requiring any bit | ||
24 | * shuffling on our part. Reception works similarly | ||
25 | * | ||
26 | * The feedback terms table consists of 256, 32-bit entries. Notes | ||
27 | * | 5 | * |
28 | * The table can be generated at runtime if desired; code to do so | 6 | * Redistribution and use in source and binary forms, with or without |
29 | * is shown later. It might not be obvious, but the feedback | 7 | * modification, are permitted provided that the following conditions |
30 | * terms simply represent the results of eight shift/xor opera | 8 | * are met: |
31 | * tions for all combinations of data and CRC register values | 9 | * 1. Redistributions of source code must retain the above copyright |
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
32 | * | 14 | * |
33 | * The values must be right-shifted by eight bits by the "updcrc | 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
34 | * logic; the shift must be u_(bring in zeroes). On some | 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
35 | * hardware you could probably optimize the shift in assembler by | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
36 | * using byte-swap instructions | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
37 | * polynomial $edb88320 | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
38 | */ | 25 | */ |
39 | |||
40 | |||
41 | #include "includes.h" | 26 | #include "includes.h" |
42 | RCSID("$OpenBSD: crc32.c,v 1.8 2000/12/19 23:17:56 markus Exp $"); | ||
43 | |||
44 | #include "crc32.h" | 27 | #include "crc32.h" |
45 | 28 | ||
46 | static u_int crc32_tab[] = { | 29 | static const u_int32_t crc32tab[] = { |
47 | 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, | 30 | 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, |
48 | 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, | 31 | 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L, |
49 | 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, | 32 | 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L, |
50 | 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, | 33 | 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L, |
51 | 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, | 34 | 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, |
52 | 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, | 35 | 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, |
53 | 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, | 36 | 0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, |
54 | 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, | 37 | 0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L, |
55 | 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, | 38 | 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L, |
56 | 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, | 39 | 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, |
57 | 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, | 40 | 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, |
58 | 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, | 41 | 0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, |
59 | 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, | 42 | 0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L, |
60 | 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, | 43 | 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL, |
61 | 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, | 44 | 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, |
62 | 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, | 45 | 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, |
63 | 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, | 46 | 0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL, |
64 | 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, | 47 | 0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L, |
65 | 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, | 48 | 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L, |
66 | 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, | 49 | 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, |
67 | 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, | 50 | 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, |
68 | 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, | 51 | 0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, |
69 | 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, | 52 | 0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL, |
70 | 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, | 53 | 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L, |
71 | 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, | 54 | 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, |
72 | 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, | 55 | 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, |
73 | 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, | 56 | 0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, |
74 | 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, | 57 | 0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L, |
75 | 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, | 58 | 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L, |
76 | 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, | 59 | 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, |
77 | 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, | 60 | 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, |
78 | 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, | 61 | 0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, |
79 | 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, | 62 | 0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL, |
80 | 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, | 63 | 0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L, |
81 | 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, | 64 | 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, |
82 | 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, | 65 | 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, |
83 | 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, | 66 | 0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, |
84 | 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, | 67 | 0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L, |
85 | 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, | 68 | 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL, |
86 | 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, | 69 | 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, |
87 | 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, | 70 | 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, |
88 | 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, | 71 | 0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, |
89 | 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, | 72 | 0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L, |
90 | 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, | 73 | 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L, |
91 | 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, | 74 | 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, |
92 | 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, | 75 | 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, |
93 | 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, | 76 | 0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, |
94 | 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, | 77 | 0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL, |
95 | 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, | 78 | 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL, |
96 | 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, | 79 | 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, |
97 | 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, | 80 | 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, |
98 | 0x2d02ef8dL | 81 | 0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, |
82 | 0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL, | ||
83 | 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L, | ||
84 | 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, | ||
85 | 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, | ||
86 | 0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, | ||
87 | 0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL, | ||
88 | 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L, | ||
89 | 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, | ||
90 | 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, | ||
91 | 0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL, | ||
92 | 0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L, | ||
93 | 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL | ||
99 | }; | 94 | }; |
100 | 95 | ||
101 | /* Return a 32-bit CRC of the contents of the buffer. */ | 96 | u_int32_t |
102 | 97 | ssh_crc32(const u_char *buf, u_int32_t size) | |
103 | u_int | ||
104 | ssh_crc32(const u_char *s, u_int len) | ||
105 | { | 98 | { |
106 | u_int i; | 99 | u_int32_t i, crc; |
107 | u_int crc32val; | ||
108 | 100 | ||
109 | crc32val = 0; | 101 | crc = 0; |
110 | for (i = 0; i < len; i ++) { | 102 | for (i = 0; i < size; i++) |
111 | crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8); | 103 | crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8); |
112 | } | 104 | return crc; |
113 | return crc32val; | ||
114 | } | 105 | } |
@@ -1,21 +1,30 @@ | |||
1 | /* $OpenBSD: crc32.h,v 1.13 2002/03/04 17:27:39 stevesk Exp $ */ | 1 | /* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Copyright (c) 2003 Markus Friedl. All rights reserved. |
5 | * Copyright (c) 1992 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
6 | * All rights reserved | ||
7 | * Functions for computing 32-bit CRC. | ||
8 | * | 5 | * |
9 | * As far as I am concerned, the code I have written for this software | 6 | * Redistribution and use in source and binary forms, with or without |
10 | * can be used freely for any purpose. Any derived versions of this | 7 | * modification, are permitted provided that the following conditions |
11 | * software must be clearly marked as such, and if the derived work is | 8 | * are met: |
12 | * incompatible with the protocol description in the RFC file, it must be | 9 | * 1. Redistributions of source code must retain the above copyright |
13 | * called by a name other than "ssh" or "Secure Shell". | 10 | * notice, this list of conditions and the following disclaimer. |
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
14 | */ | 25 | */ |
15 | 26 | ||
16 | #ifndef CRC32_H | 27 | #ifndef SSH_CRC32_H |
17 | #define CRC32_H | 28 | #define SSH_CRC32_H |
18 | 29 | u_int32_t ssh_crc32(const u_char *, u_int32_t); | |
19 | u_int ssh_crc32(const u_char *, u_int); | 30 | #endif |
20 | |||
21 | #endif /* CRC32_H */ | ||
diff --git a/debian/changelog b/debian/changelog index e5f2004eb..532567f8d 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,20 @@ | |||
1 | openssh (1:3.6p1-1) unstable; urgency=low | ||
2 | |||
3 | * New upstream release. | ||
4 | - Workaround applied upstream for a bug in the interaction of glibc's | ||
5 | getaddrinfo() with the Linux 2.2 kernel (closes: #155814). | ||
6 | - As such, it should now be safe to remove --with-ipv4-default, so | ||
7 | starting sshd with -6 is no longer necessary (closes: #79861 and lots | ||
8 | of other merged bugs). | ||
9 | - ssh-copy-id prints usage when run without arguments (closes: #71376). | ||
10 | - scp exits 1 if ssh fails (closes: #138400). | ||
11 | - sshd writes to utmp's ut_addr_v6 field in IPv6 mode (closes: #167867). | ||
12 | - 'ssh-add -c' causes ssh-agent to ask the user each time a key is used | ||
13 | (closes: #109795). | ||
14 | * Install /etc/default/ssh non-executable (closes: #185537). | ||
15 | |||
16 | -- Colin Watson <cjwatson@debian.org> Mon, 31 Mar 2003 23:00:59 +0100 | ||
17 | |||
1 | openssh (1:3.5p1-5) unstable; urgency=low | 18 | openssh (1:3.5p1-5) unstable; urgency=low |
2 | 19 | ||
3 | * Add /etc/default/ssh (closes: #161049). | 20 | * Add /etc/default/ssh (closes: #161049). |
diff --git a/debian/rules b/debian/rules index 5b91fdde7..dcf406f24 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -19,7 +19,7 @@ build-stamp: | |||
19 | then mv version.h version.h.upstream; mv version.h.new version.h; \ | 19 | then mv version.h version.h.upstream; mv version.h.new version.h; \ |
20 | else echo "Version number change failed"; exit 1; \ | 20 | else echo "Version number change failed"; exit 1; \ |
21 | fi | 21 | fi |
22 | ./configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-ipv4-default \ | 22 | ./configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 \ |
23 | --with-privsep-path=/var/run/sshd --without-rand-helper | 23 | --with-privsep-path=/var/run/sshd --without-rand-helper |
24 | $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \ | 24 | $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \ |
25 | SSH_KEYSIGN='/usr/lib/ssh-keysign' | 25 | SSH_KEYSIGN='/usr/lib/ssh-keysign' |
@@ -70,7 +70,7 @@ install: build | |||
70 | install -m 644 debian/ssh-argv0.1 debian/tmp/usr/share/man/man1/ssh-argv0.1 | 70 | install -m 644 debian/ssh-argv0.1 debian/tmp/usr/share/man/man1/ssh-argv0.1 |
71 | 71 | ||
72 | install -o root -g root debian/init debian/tmp/etc/init.d/ssh | 72 | install -o root -g root debian/init debian/tmp/etc/init.d/ssh |
73 | install -o root -g root debian/ssh.default debian/tmp/etc/default/ssh | 73 | install -o root -g root -m 644 debian/ssh.default debian/tmp/etc/default/ssh |
74 | 74 | ||
75 | install -o root -g root -m 755 -d debian/tmp/var/run/sshd | 75 | install -o root -g root -m 755 -d debian/tmp/var/run/sshd |
76 | 76 | ||
diff --git a/debian/ssh.default b/debian/ssh.default index 15305579b..aa03c4e07 100644 --- a/debian/ssh.default +++ b/debian/ssh.default | |||
@@ -1,5 +1,4 @@ | |||
1 | #! /bin/sh | 1 | # Default settings for ssh. This file is sourced by /bin/sh from |
2 | # Default settings for ssh. This file is sourced by the shell from | ||
3 | # /etc/init.d/ssh. | 2 | # /etc/init.d/ssh. |
4 | 3 | ||
5 | # Options to pass to sshd | 4 | # Options to pass to sshd |
@@ -1,7 +1,7 @@ | |||
1 | #ifndef _DEFINES_H | 1 | #ifndef _DEFINES_H |
2 | #define _DEFINES_H | 2 | #define _DEFINES_H |
3 | 3 | ||
4 | /* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ | 4 | /* $Id: defines.h,v 1.97 2003/01/24 00:50:32 djm Exp $ */ |
5 | 5 | ||
6 | 6 | ||
7 | /* Constants */ | 7 | /* Constants */ |
@@ -370,6 +370,20 @@ struct winsize { | |||
370 | } while (0) | 370 | } while (0) |
371 | #endif | 371 | #endif |
372 | 372 | ||
373 | #ifndef TIMEVAL_TO_TIMESPEC | ||
374 | #define TIMEVAL_TO_TIMESPEC(tv, ts) { \ | ||
375 | (ts)->tv_sec = (tv)->tv_sec; \ | ||
376 | (ts)->tv_nsec = (tv)->tv_usec * 1000; \ | ||
377 | } | ||
378 | #endif | ||
379 | |||
380 | #ifndef TIMESPEC_TO_TIMEVAL | ||
381 | #define TIMESPEC_TO_TIMEVAL(tv, ts) { \ | ||
382 | (tv)->tv_sec = (ts)->tv_sec; \ | ||
383 | (tv)->tv_usec = (ts)->tv_nsec / 1000; \ | ||
384 | } | ||
385 | #endif | ||
386 | |||
373 | #ifndef __P | 387 | #ifndef __P |
374 | # define __P(x) x | 388 | # define __P(x) x |
375 | #endif | 389 | #endif |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -182,7 +182,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | |||
182 | for (i = 0; i <= n; i++) | 182 | for (i = 0; i <= n; i++) |
183 | if (BN_is_bit_set(dh_pub, i)) | 183 | if (BN_is_bit_set(dh_pub, i)) |
184 | bits_set++; | 184 | bits_set++; |
185 | debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); | 185 | debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); |
186 | 186 | ||
187 | /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ | 187 | /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ |
188 | if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) | 188 | if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) |
@@ -214,7 +214,7 @@ dh_gen_key(DH *dh, int need) | |||
214 | for (i = 0; i <= BN_num_bits(dh->priv_key); i++) | 214 | for (i = 0; i <= BN_num_bits(dh->priv_key); i++) |
215 | if (BN_is_bit_set(dh->priv_key, i)) | 215 | if (BN_is_bit_set(dh->priv_key, i)) |
216 | bits_set++; | 216 | bits_set++; |
217 | debug("dh_gen_key: priv key bits set: %d/%d", | 217 | debug2("dh_gen_key: priv key bits set: %d/%d", |
218 | bits_set, BN_num_bits(dh->priv_key)); | 218 | bits_set, BN_num_bits(dh->priv_key)); |
219 | if (tries++ > 10) | 219 | if (tries++ > 10) |
220 | fatal("dh_gen_key: too many bad keys: giving up"); | 220 | fatal("dh_gen_key: too many bad keys: giving up"); |
@@ -1,43 +1,22 @@ | |||
1 | #!/usr/bin/perl -w | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # fixpaths - substitute makefile variables into text files | 3 | # fixpaths - substitute makefile variables into text files |
4 | # Usage: fixpaths -Dsomething=somethingelse ... | ||
4 | 5 | ||
5 | 6 | die() { | |
6 | $usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n"; | 7 | echo $* |
7 | 8 | exit -1 | |
8 | if (!defined(@ARGV)) { die ("$usage"); } | ||
9 | |||
10 | # read in the command line and get some definitions | ||
11 | while ($_=$ARGV[0], /^-/) { | ||
12 | if (/^-D/) { | ||
13 | # definition | ||
14 | shift(@ARGV); | ||
15 | if ( /-D(.*)=(.*)/ ) { | ||
16 | $def{"$1"}=$2; | ||
17 | } else { | ||
18 | die ("$usage$0: error in command line arguments.\n"); | ||
19 | } | ||
20 | } else { | ||
21 | @cmd = split(//, $ARGV[0]); $opt = $cmd[1]; | ||
22 | die ("$usage$0: unknown option '-$opt'\n"); | ||
23 | } | ||
24 | } # while parsing arguments | ||
25 | |||
26 | if (!defined(%def)) { | ||
27 | die ("$0: nothing to do - no substitutions listed!\n"); | ||
28 | } | 9 | } |
29 | 10 | ||
30 | for $f (@ARGV) { | 11 | test -n "`echo $1|grep -- -D`" || \ |
12 | die $0: nothing to do - no substitutions listed! | ||
13 | |||
14 | test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \ | ||
15 | die $0: error in command line arguments. | ||
31 | 16 | ||
32 | $f =~ /(.*\/)*(.*)$/; | 17 | test -n "`echo $*|grep -- ' [^-]'`" || \ |
18 | die Usage: $0 '[-Dstring=replacement] [[infile] ...]' | ||
33 | 19 | ||
34 | open(IN, "<$f") || die ("$0: input file $f missing!\n"); | 20 | sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'` |
35 | while (<IN>) { | ||
36 | for $s (keys(%def)) { | ||
37 | s#$s#$def{$s}#; | ||
38 | } # for $s | ||
39 | print; | ||
40 | } # while <IN> | ||
41 | } # for $f | ||
42 | 21 | ||
43 | exit 0; | 22 | exit 0 |
diff --git a/hostfile.h b/hostfile.h index 1df7a22f2..e3d116581 100644 --- a/hostfile.h +++ b/hostfile.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ | 1 | /* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -19,10 +19,10 @@ typedef enum { | |||
19 | } HostStatus; | 19 | } HostStatus; |
20 | 20 | ||
21 | int hostfile_read_key(char **, u_int *, Key *); | 21 | int hostfile_read_key(char **, u_int *, Key *); |
22 | HostStatus | 22 | HostStatus check_host_in_hostfile(const char *, const char *, |
23 | check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); | 23 | Key *, Key *, int *); |
24 | int add_host_to_hostfile(const char *, const char *, Key *); | 24 | int add_host_to_hostfile(const char *, const char *, Key *); |
25 | int | 25 | int lookup_key_in_hostfile_by_type(const char *, const char *, |
26 | lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *); | 26 | int, Key *, int *); |
27 | 27 | ||
28 | #endif | 28 | #endif |
diff --git a/includes.h b/includes.h index d7b875c52..37d402ef4 100644 --- a/includes.h +++ b/includes.h | |||
@@ -157,6 +157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
157 | # include <tmpdir.h> | 157 | # include <tmpdir.h> |
158 | #endif | 158 | #endif |
159 | 159 | ||
160 | #ifdef HAVE_LIBUTIL_H | ||
161 | # include <libutil.h> /* Openpty on FreeBSD at least */ | ||
162 | #endif | ||
163 | |||
160 | #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ | 164 | #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ |
161 | 165 | ||
162 | #include "defines.h" | 166 | #include "defines.h" |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -44,11 +44,6 @@ RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); | |||
44 | 44 | ||
45 | #define KEX_COOKIE_LEN 16 | 45 | #define KEX_COOKIE_LEN 16 |
46 | 46 | ||
47 | /* Use privilege separation for sshd */ | ||
48 | int use_privsep; | ||
49 | struct monitor *pmonitor; | ||
50 | |||
51 | |||
52 | /* prototype */ | 47 | /* prototype */ |
53 | static void kex_kexinit_finish(Kex *); | 48 | static void kex_kexinit_finish(Kex *); |
54 | static void kex_choose_conf(Kex *); | 49 | static void kex_choose_conf(Kex *); |
@@ -74,7 +69,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | |||
74 | 69 | ||
75 | /* parse buffer and return algorithm proposal */ | 70 | /* parse buffer and return algorithm proposal */ |
76 | static char ** | 71 | static char ** |
77 | kex_buf2prop(Buffer *raw) | 72 | kex_buf2prop(Buffer *raw, int *first_kex_follows) |
78 | { | 73 | { |
79 | Buffer b; | 74 | Buffer b; |
80 | int i; | 75 | int i; |
@@ -94,6 +89,8 @@ kex_buf2prop(Buffer *raw) | |||
94 | } | 89 | } |
95 | /* first kex follows / reserved */ | 90 | /* first kex follows / reserved */ |
96 | i = buffer_get_char(&b); | 91 | i = buffer_get_char(&b); |
92 | if (first_kex_follows != NULL) | ||
93 | *first_kex_follows = i; | ||
97 | debug2("kex_parse_kexinit: first_kex_follows %d ", i); | 94 | debug2("kex_parse_kexinit: first_kex_follows %d ", i); |
98 | i = buffer_get_int(&b); | 95 | i = buffer_get_int(&b); |
99 | debug2("kex_parse_kexinit: reserved %d ", i); | 96 | debug2("kex_parse_kexinit: reserved %d ", i); |
@@ -135,7 +132,7 @@ kex_finish(Kex *kex) | |||
135 | /* packet_write_wait(); */ | 132 | /* packet_write_wait(); */ |
136 | debug("SSH2_MSG_NEWKEYS sent"); | 133 | debug("SSH2_MSG_NEWKEYS sent"); |
137 | 134 | ||
138 | debug("waiting for SSH2_MSG_NEWKEYS"); | 135 | debug("expecting SSH2_MSG_NEWKEYS"); |
139 | packet_read_expect(SSH2_MSG_NEWKEYS); | 136 | packet_read_expect(SSH2_MSG_NEWKEYS); |
140 | packet_check_eom(); | 137 | packet_check_eom(); |
141 | debug("SSH2_MSG_NEWKEYS received"); | 138 | debug("SSH2_MSG_NEWKEYS received"); |
@@ -235,14 +232,10 @@ kex_kexinit_finish(Kex *kex) | |||
235 | 232 | ||
236 | kex_choose_conf(kex); | 233 | kex_choose_conf(kex); |
237 | 234 | ||
238 | switch (kex->kex_type) { | 235 | if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX && |
239 | case DH_GRP1_SHA1: | 236 | kex->kex[kex->kex_type] != NULL) { |
240 | kexdh(kex); | 237 | (kex->kex[kex->kex_type])(kex); |
241 | break; | 238 | } else { |
242 | case DH_GEX_SHA1: | ||
243 | kexgex(kex); | ||
244 | break; | ||
245 | default: | ||
246 | fatal("Unsupported key exchange %d", kex->kex_type); | 239 | fatal("Unsupported key exchange %d", kex->kex_type); |
247 | } | 240 | } |
248 | } | 241 | } |
@@ -299,9 +292,9 @@ choose_kex(Kex *k, char *client, char *server) | |||
299 | if (k->name == NULL) | 292 | if (k->name == NULL) |
300 | fatal("no kex alg"); | 293 | fatal("no kex alg"); |
301 | if (strcmp(k->name, KEX_DH1) == 0) { | 294 | if (strcmp(k->name, KEX_DH1) == 0) { |
302 | k->kex_type = DH_GRP1_SHA1; | 295 | k->kex_type = KEX_DH_GRP1_SHA1; |
303 | } else if (strcmp(k->name, KEX_DHGEX) == 0) { | 296 | } else if (strcmp(k->name, KEX_DHGEX) == 0) { |
304 | k->kex_type = DH_GEX_SHA1; | 297 | k->kex_type = KEX_DH_GEX_SHA1; |
305 | } else | 298 | } else |
306 | fatal("bad kex alg %s", k->name); | 299 | fatal("bad kex alg %s", k->name); |
307 | } | 300 | } |
@@ -317,6 +310,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server) | |||
317 | xfree(hostkeyalg); | 310 | xfree(hostkeyalg); |
318 | } | 311 | } |
319 | 312 | ||
313 | static int | ||
314 | proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) | ||
315 | { | ||
316 | static int check[] = { | ||
317 | PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1 | ||
318 | }; | ||
319 | int *idx; | ||
320 | char *p; | ||
321 | |||
322 | for (idx = &check[0]; *idx != -1; idx++) { | ||
323 | if ((p = strchr(my[*idx], ',')) != NULL) | ||
324 | *p = '\0'; | ||
325 | if ((p = strchr(peer[*idx], ',')) != NULL) | ||
326 | *p = '\0'; | ||
327 | if (strcmp(my[*idx], peer[*idx]) != 0) { | ||
328 | debug2("proposal mismatch: my %s peer %s", | ||
329 | my[*idx], peer[*idx]); | ||
330 | return (0); | ||
331 | } | ||
332 | } | ||
333 | debug2("proposals match"); | ||
334 | return (1); | ||
335 | } | ||
336 | |||
320 | static void | 337 | static void |
321 | kex_choose_conf(Kex *kex) | 338 | kex_choose_conf(Kex *kex) |
322 | { | 339 | { |
@@ -327,9 +344,10 @@ kex_choose_conf(Kex *kex) | |||
327 | int mode; | 344 | int mode; |
328 | int ctos; /* direction: if true client-to-server */ | 345 | int ctos; /* direction: if true client-to-server */ |
329 | int need; | 346 | int need; |
347 | int first_kex_follows, type; | ||
330 | 348 | ||
331 | my = kex_buf2prop(&kex->my); | 349 | my = kex_buf2prop(&kex->my, NULL); |
332 | peer = kex_buf2prop(&kex->peer); | 350 | peer = kex_buf2prop(&kex->peer, &first_kex_follows); |
333 | 351 | ||
334 | if (kex->server) { | 352 | if (kex->server) { |
335 | cprop=peer; | 353 | cprop=peer; |
@@ -373,6 +391,12 @@ kex_choose_conf(Kex *kex) | |||
373 | /* XXX need runden? */ | 391 | /* XXX need runden? */ |
374 | kex->we_need = need; | 392 | kex->we_need = need; |
375 | 393 | ||
394 | /* ignore the next message if the proposals do not match */ | ||
395 | if (first_kex_follows && !proposals_match(my, peer)) { | ||
396 | type = packet_read(); | ||
397 | debug2("skipping next packet (type %u)", type); | ||
398 | } | ||
399 | |||
376 | kex_prop_free(my); | 400 | kex_prop_free(my); |
377 | kex_prop_free(peer); | 401 | kex_prop_free(peer); |
378 | } | 402 | } |
@@ -433,7 +457,7 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) | |||
433 | for (i = 0; i < NKEYS; i++) | 457 | for (i = 0; i < NKEYS; i++) |
434 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); | 458 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); |
435 | 459 | ||
436 | debug("kex_derive_keys"); | 460 | debug2("kex_derive_keys"); |
437 | for (mode = 0; mode < MODE_MAX; mode++) { | 461 | for (mode = 0; mode < MODE_MAX; mode++) { |
438 | current_keys[mode] = kex->newkeys[mode]; | 462 | current_keys[mode] = kex->newkeys[mode]; |
439 | kex->newkeys[mode] = NULL; | 463 | kex->newkeys[mode] = NULL; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -55,8 +55,9 @@ enum kex_modes { | |||
55 | }; | 55 | }; |
56 | 56 | ||
57 | enum kex_exchange { | 57 | enum kex_exchange { |
58 | DH_GRP1_SHA1, | 58 | KEX_DH_GRP1_SHA1, |
59 | DH_GEX_SHA1 | 59 | KEX_DH_GEX_SHA1, |
60 | KEX_MAX | ||
60 | }; | 61 | }; |
61 | 62 | ||
62 | #define KEX_INIT_SENT 0x0001 | 63 | #define KEX_INIT_SENT 0x0001 |
@@ -112,6 +113,7 @@ struct Kex { | |||
112 | int (*verify_host_key)(Key *); | 113 | int (*verify_host_key)(Key *); |
113 | Key *(*load_host_key)(int); | 114 | Key *(*load_host_key)(int); |
114 | int (*host_key_index)(Key *); | 115 | int (*host_key_index)(Key *); |
116 | void (*kex[KEX_MAX])(Kex *); | ||
115 | }; | 117 | }; |
116 | 118 | ||
117 | Kex *kex_setup(char *[PROPOSAL_MAX]); | 119 | Kex *kex_setup(char *[PROPOSAL_MAX]); |
@@ -121,11 +123,20 @@ void kex_send_kexinit(Kex *); | |||
121 | void kex_input_kexinit(int, u_int32_t, void *); | 123 | void kex_input_kexinit(int, u_int32_t, void *); |
122 | void kex_derive_keys(Kex *, u_char *, BIGNUM *); | 124 | void kex_derive_keys(Kex *, u_char *, BIGNUM *); |
123 | 125 | ||
124 | void kexdh(Kex *); | ||
125 | void kexgex(Kex *); | ||
126 | |||
127 | Newkeys *kex_get_newkeys(int); | 126 | Newkeys *kex_get_newkeys(int); |
128 | 127 | ||
128 | void kexdh_client(Kex *); | ||
129 | void kexdh_server(Kex *); | ||
130 | void kexgex_client(Kex *); | ||
131 | void kexgex_server(Kex *); | ||
132 | |||
133 | u_char * | ||
134 | kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, | ||
135 | BIGNUM *, BIGNUM *, BIGNUM *); | ||
136 | u_char * | ||
137 | kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, | ||
138 | int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); | ||
139 | |||
129 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) | 140 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) |
130 | void dump_digest(char *, u_char *, int); | 141 | void dump_digest(char *, u_char *, int); |
131 | #endif | 142 | #endif |
@@ -23,23 +23,16 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $"); | 26 | RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/bn.h> | ||
30 | 29 | ||
31 | #include "xmalloc.h" | ||
32 | #include "buffer.h" | 30 | #include "buffer.h" |
33 | #include "bufaux.h" | 31 | #include "bufaux.h" |
34 | #include "key.h" | ||
35 | #include "kex.h" | ||
36 | #include "log.h" | ||
37 | #include "packet.h" | ||
38 | #include "dh.h" | ||
39 | #include "ssh2.h" | 32 | #include "ssh2.h" |
40 | #include "monitor_wrap.h" | 33 | #include "kex.h" |
41 | 34 | ||
42 | static u_char * | 35 | u_char * |
43 | kex_dh_hash( | 36 | kex_dh_hash( |
44 | char *client_version_string, | 37 | char *client_version_string, |
45 | char *server_version_string, | 38 | char *server_version_string, |
@@ -86,222 +79,3 @@ kex_dh_hash( | |||
86 | #endif | 79 | #endif |
87 | return digest; | 80 | return digest; |
88 | } | 81 | } |
89 | |||
90 | /* client */ | ||
91 | |||
92 | static void | ||
93 | kexdh_client(Kex *kex) | ||
94 | { | ||
95 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | ||
96 | DH *dh; | ||
97 | Key *server_host_key; | ||
98 | u_char *server_host_key_blob = NULL, *signature = NULL; | ||
99 | u_char *kbuf, *hash; | ||
100 | u_int klen, kout, slen, sbloblen; | ||
101 | |||
102 | /* generate and send 'e', client DH public key */ | ||
103 | dh = dh_new_group1(); | ||
104 | dh_gen_key(dh, kex->we_need * 8); | ||
105 | packet_start(SSH2_MSG_KEXDH_INIT); | ||
106 | packet_put_bignum2(dh->pub_key); | ||
107 | packet_send(); | ||
108 | |||
109 | debug("sending SSH2_MSG_KEXDH_INIT"); | ||
110 | #ifdef DEBUG_KEXDH | ||
111 | DHparams_print_fp(stderr, dh); | ||
112 | fprintf(stderr, "pub= "); | ||
113 | BN_print_fp(stderr, dh->pub_key); | ||
114 | fprintf(stderr, "\n"); | ||
115 | #endif | ||
116 | |||
117 | debug("expecting SSH2_MSG_KEXDH_REPLY"); | ||
118 | packet_read_expect(SSH2_MSG_KEXDH_REPLY); | ||
119 | |||
120 | /* key, cert */ | ||
121 | server_host_key_blob = packet_get_string(&sbloblen); | ||
122 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); | ||
123 | if (server_host_key == NULL) | ||
124 | fatal("cannot decode server_host_key_blob"); | ||
125 | if (server_host_key->type != kex->hostkey_type) | ||
126 | fatal("type mismatch for decoded server_host_key_blob"); | ||
127 | if (kex->verify_host_key == NULL) | ||
128 | fatal("cannot verify server_host_key"); | ||
129 | if (kex->verify_host_key(server_host_key) == -1) | ||
130 | fatal("server_host_key verification failed"); | ||
131 | |||
132 | /* DH paramter f, server public DH key */ | ||
133 | if ((dh_server_pub = BN_new()) == NULL) | ||
134 | fatal("dh_server_pub == NULL"); | ||
135 | packet_get_bignum2(dh_server_pub); | ||
136 | |||
137 | #ifdef DEBUG_KEXDH | ||
138 | fprintf(stderr, "dh_server_pub= "); | ||
139 | BN_print_fp(stderr, dh_server_pub); | ||
140 | fprintf(stderr, "\n"); | ||
141 | debug("bits %d", BN_num_bits(dh_server_pub)); | ||
142 | #endif | ||
143 | |||
144 | /* signed H */ | ||
145 | signature = packet_get_string(&slen); | ||
146 | packet_check_eom(); | ||
147 | |||
148 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
149 | packet_disconnect("bad server public DH value"); | ||
150 | |||
151 | klen = DH_size(dh); | ||
152 | kbuf = xmalloc(klen); | ||
153 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
154 | #ifdef DEBUG_KEXDH | ||
155 | dump_digest("shared secret", kbuf, kout); | ||
156 | #endif | ||
157 | if ((shared_secret = BN_new()) == NULL) | ||
158 | fatal("kexdh_client: BN_new failed"); | ||
159 | BN_bin2bn(kbuf, kout, shared_secret); | ||
160 | memset(kbuf, 0, klen); | ||
161 | xfree(kbuf); | ||
162 | |||
163 | /* calc and verify H */ | ||
164 | hash = kex_dh_hash( | ||
165 | kex->client_version_string, | ||
166 | kex->server_version_string, | ||
167 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
168 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
169 | server_host_key_blob, sbloblen, | ||
170 | dh->pub_key, | ||
171 | dh_server_pub, | ||
172 | shared_secret | ||
173 | ); | ||
174 | xfree(server_host_key_blob); | ||
175 | BN_clear_free(dh_server_pub); | ||
176 | DH_free(dh); | ||
177 | |||
178 | if (key_verify(server_host_key, signature, slen, hash, 20) != 1) | ||
179 | fatal("key_verify failed for server_host_key"); | ||
180 | key_free(server_host_key); | ||
181 | xfree(signature); | ||
182 | |||
183 | /* save session id */ | ||
184 | if (kex->session_id == NULL) { | ||
185 | kex->session_id_len = 20; | ||
186 | kex->session_id = xmalloc(kex->session_id_len); | ||
187 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
188 | } | ||
189 | |||
190 | kex_derive_keys(kex, hash, shared_secret); | ||
191 | BN_clear_free(shared_secret); | ||
192 | kex_finish(kex); | ||
193 | } | ||
194 | |||
195 | /* server */ | ||
196 | |||
197 | static void | ||
198 | kexdh_server(Kex *kex) | ||
199 | { | ||
200 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | ||
201 | DH *dh; | ||
202 | Key *server_host_key; | ||
203 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
204 | u_int sbloblen, klen, kout; | ||
205 | u_int slen; | ||
206 | |||
207 | /* generate server DH public key */ | ||
208 | dh = dh_new_group1(); | ||
209 | dh_gen_key(dh, kex->we_need * 8); | ||
210 | |||
211 | debug("expecting SSH2_MSG_KEXDH_INIT"); | ||
212 | packet_read_expect(SSH2_MSG_KEXDH_INIT); | ||
213 | |||
214 | if (kex->load_host_key == NULL) | ||
215 | fatal("Cannot load hostkey"); | ||
216 | server_host_key = kex->load_host_key(kex->hostkey_type); | ||
217 | if (server_host_key == NULL) | ||
218 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | ||
219 | |||
220 | /* key, cert */ | ||
221 | if ((dh_client_pub = BN_new()) == NULL) | ||
222 | fatal("dh_client_pub == NULL"); | ||
223 | packet_get_bignum2(dh_client_pub); | ||
224 | packet_check_eom(); | ||
225 | |||
226 | #ifdef DEBUG_KEXDH | ||
227 | fprintf(stderr, "dh_client_pub= "); | ||
228 | BN_print_fp(stderr, dh_client_pub); | ||
229 | fprintf(stderr, "\n"); | ||
230 | debug("bits %d", BN_num_bits(dh_client_pub)); | ||
231 | #endif | ||
232 | |||
233 | #ifdef DEBUG_KEXDH | ||
234 | DHparams_print_fp(stderr, dh); | ||
235 | fprintf(stderr, "pub= "); | ||
236 | BN_print_fp(stderr, dh->pub_key); | ||
237 | fprintf(stderr, "\n"); | ||
238 | #endif | ||
239 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
240 | packet_disconnect("bad client public DH value"); | ||
241 | |||
242 | klen = DH_size(dh); | ||
243 | kbuf = xmalloc(klen); | ||
244 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
245 | #ifdef DEBUG_KEXDH | ||
246 | dump_digest("shared secret", kbuf, kout); | ||
247 | #endif | ||
248 | if ((shared_secret = BN_new()) == NULL) | ||
249 | fatal("kexdh_server: BN_new failed"); | ||
250 | BN_bin2bn(kbuf, kout, shared_secret); | ||
251 | memset(kbuf, 0, klen); | ||
252 | xfree(kbuf); | ||
253 | |||
254 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | ||
255 | |||
256 | /* calc H */ | ||
257 | hash = kex_dh_hash( | ||
258 | kex->client_version_string, | ||
259 | kex->server_version_string, | ||
260 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
261 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
262 | server_host_key_blob, sbloblen, | ||
263 | dh_client_pub, | ||
264 | dh->pub_key, | ||
265 | shared_secret | ||
266 | ); | ||
267 | BN_clear_free(dh_client_pub); | ||
268 | |||
269 | /* save session id := H */ | ||
270 | /* XXX hashlen depends on KEX */ | ||
271 | if (kex->session_id == NULL) { | ||
272 | kex->session_id_len = 20; | ||
273 | kex->session_id = xmalloc(kex->session_id_len); | ||
274 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
275 | } | ||
276 | |||
277 | /* sign H */ | ||
278 | /* XXX hashlen depends on KEX */ | ||
279 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
280 | |||
281 | /* destroy_sensitive_data(); */ | ||
282 | |||
283 | /* send server hostkey, DH pubkey 'f' and singed H */ | ||
284 | packet_start(SSH2_MSG_KEXDH_REPLY); | ||
285 | packet_put_string(server_host_key_blob, sbloblen); | ||
286 | packet_put_bignum2(dh->pub_key); /* f */ | ||
287 | packet_put_string(signature, slen); | ||
288 | packet_send(); | ||
289 | |||
290 | xfree(signature); | ||
291 | xfree(server_host_key_blob); | ||
292 | /* have keys, free DH */ | ||
293 | DH_free(dh); | ||
294 | |||
295 | kex_derive_keys(kex, hash, shared_secret); | ||
296 | BN_clear_free(shared_secret); | ||
297 | kex_finish(kex); | ||
298 | } | ||
299 | |||
300 | void | ||
301 | kexdh(Kex *kex) | ||
302 | { | ||
303 | if (kex->server) | ||
304 | kexdh_server(kex); | ||
305 | else | ||
306 | kexdh_client(kex); | ||
307 | } | ||
diff --git a/kexdhc.c b/kexdhc.c new file mode 100644 index 000000000..fe6dc53f8 --- /dev/null +++ b/kexdhc.c | |||
@@ -0,0 +1,137 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); | ||
27 | |||
28 | #include "xmalloc.h" | ||
29 | #include "key.h" | ||
30 | #include "kex.h" | ||
31 | #include "log.h" | ||
32 | #include "packet.h" | ||
33 | #include "dh.h" | ||
34 | #include "ssh2.h" | ||
35 | |||
36 | void | ||
37 | kexdh_client(Kex *kex) | ||
38 | { | ||
39 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | ||
40 | DH *dh; | ||
41 | Key *server_host_key; | ||
42 | u_char *server_host_key_blob = NULL, *signature = NULL; | ||
43 | u_char *kbuf, *hash; | ||
44 | u_int klen, kout, slen, sbloblen; | ||
45 | |||
46 | /* generate and send 'e', client DH public key */ | ||
47 | dh = dh_new_group1(); | ||
48 | dh_gen_key(dh, kex->we_need * 8); | ||
49 | packet_start(SSH2_MSG_KEXDH_INIT); | ||
50 | packet_put_bignum2(dh->pub_key); | ||
51 | packet_send(); | ||
52 | |||
53 | debug("sending SSH2_MSG_KEXDH_INIT"); | ||
54 | #ifdef DEBUG_KEXDH | ||
55 | DHparams_print_fp(stderr, dh); | ||
56 | fprintf(stderr, "pub= "); | ||
57 | BN_print_fp(stderr, dh->pub_key); | ||
58 | fprintf(stderr, "\n"); | ||
59 | #endif | ||
60 | |||
61 | debug("expecting SSH2_MSG_KEXDH_REPLY"); | ||
62 | packet_read_expect(SSH2_MSG_KEXDH_REPLY); | ||
63 | |||
64 | /* key, cert */ | ||
65 | server_host_key_blob = packet_get_string(&sbloblen); | ||
66 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); | ||
67 | if (server_host_key == NULL) | ||
68 | fatal("cannot decode server_host_key_blob"); | ||
69 | if (server_host_key->type != kex->hostkey_type) | ||
70 | fatal("type mismatch for decoded server_host_key_blob"); | ||
71 | if (kex->verify_host_key == NULL) | ||
72 | fatal("cannot verify server_host_key"); | ||
73 | if (kex->verify_host_key(server_host_key) == -1) | ||
74 | fatal("server_host_key verification failed"); | ||
75 | |||
76 | /* DH paramter f, server public DH key */ | ||
77 | if ((dh_server_pub = BN_new()) == NULL) | ||
78 | fatal("dh_server_pub == NULL"); | ||
79 | packet_get_bignum2(dh_server_pub); | ||
80 | |||
81 | #ifdef DEBUG_KEXDH | ||
82 | fprintf(stderr, "dh_server_pub= "); | ||
83 | BN_print_fp(stderr, dh_server_pub); | ||
84 | fprintf(stderr, "\n"); | ||
85 | debug("bits %d", BN_num_bits(dh_server_pub)); | ||
86 | #endif | ||
87 | |||
88 | /* signed H */ | ||
89 | signature = packet_get_string(&slen); | ||
90 | packet_check_eom(); | ||
91 | |||
92 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
93 | packet_disconnect("bad server public DH value"); | ||
94 | |||
95 | klen = DH_size(dh); | ||
96 | kbuf = xmalloc(klen); | ||
97 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
98 | #ifdef DEBUG_KEXDH | ||
99 | dump_digest("shared secret", kbuf, kout); | ||
100 | #endif | ||
101 | if ((shared_secret = BN_new()) == NULL) | ||
102 | fatal("kexdh_client: BN_new failed"); | ||
103 | BN_bin2bn(kbuf, kout, shared_secret); | ||
104 | memset(kbuf, 0, klen); | ||
105 | xfree(kbuf); | ||
106 | |||
107 | /* calc and verify H */ | ||
108 | hash = kex_dh_hash( | ||
109 | kex->client_version_string, | ||
110 | kex->server_version_string, | ||
111 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
112 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
113 | server_host_key_blob, sbloblen, | ||
114 | dh->pub_key, | ||
115 | dh_server_pub, | ||
116 | shared_secret | ||
117 | ); | ||
118 | xfree(server_host_key_blob); | ||
119 | BN_clear_free(dh_server_pub); | ||
120 | DH_free(dh); | ||
121 | |||
122 | if (key_verify(server_host_key, signature, slen, hash, 20) != 1) | ||
123 | fatal("key_verify failed for server_host_key"); | ||
124 | key_free(server_host_key); | ||
125 | xfree(signature); | ||
126 | |||
127 | /* save session id */ | ||
128 | if (kex->session_id == NULL) { | ||
129 | kex->session_id_len = 20; | ||
130 | kex->session_id = xmalloc(kex->session_id_len); | ||
131 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
132 | } | ||
133 | |||
134 | kex_derive_keys(kex, hash, shared_secret); | ||
135 | BN_clear_free(shared_secret); | ||
136 | kex_finish(kex); | ||
137 | } | ||
diff --git a/kexdhs.c b/kexdhs.c new file mode 100644 index 000000000..f04bce825 --- /dev/null +++ b/kexdhs.c | |||
@@ -0,0 +1,138 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); | ||
27 | |||
28 | #include "xmalloc.h" | ||
29 | #include "key.h" | ||
30 | #include "kex.h" | ||
31 | #include "log.h" | ||
32 | #include "packet.h" | ||
33 | #include "dh.h" | ||
34 | #include "ssh2.h" | ||
35 | #include "monitor_wrap.h" | ||
36 | |||
37 | void | ||
38 | kexdh_server(Kex *kex) | ||
39 | { | ||
40 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | ||
41 | DH *dh; | ||
42 | Key *server_host_key; | ||
43 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
44 | u_int sbloblen, klen, kout; | ||
45 | u_int slen; | ||
46 | |||
47 | /* generate server DH public key */ | ||
48 | dh = dh_new_group1(); | ||
49 | dh_gen_key(dh, kex->we_need * 8); | ||
50 | |||
51 | debug("expecting SSH2_MSG_KEXDH_INIT"); | ||
52 | packet_read_expect(SSH2_MSG_KEXDH_INIT); | ||
53 | |||
54 | if (kex->load_host_key == NULL) | ||
55 | fatal("Cannot load hostkey"); | ||
56 | server_host_key = kex->load_host_key(kex->hostkey_type); | ||
57 | if (server_host_key == NULL) | ||
58 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | ||
59 | |||
60 | /* key, cert */ | ||
61 | if ((dh_client_pub = BN_new()) == NULL) | ||
62 | fatal("dh_client_pub == NULL"); | ||
63 | packet_get_bignum2(dh_client_pub); | ||
64 | packet_check_eom(); | ||
65 | |||
66 | #ifdef DEBUG_KEXDH | ||
67 | fprintf(stderr, "dh_client_pub= "); | ||
68 | BN_print_fp(stderr, dh_client_pub); | ||
69 | fprintf(stderr, "\n"); | ||
70 | debug("bits %d", BN_num_bits(dh_client_pub)); | ||
71 | #endif | ||
72 | |||
73 | #ifdef DEBUG_KEXDH | ||
74 | DHparams_print_fp(stderr, dh); | ||
75 | fprintf(stderr, "pub= "); | ||
76 | BN_print_fp(stderr, dh->pub_key); | ||
77 | fprintf(stderr, "\n"); | ||
78 | #endif | ||
79 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
80 | packet_disconnect("bad client public DH value"); | ||
81 | |||
82 | klen = DH_size(dh); | ||
83 | kbuf = xmalloc(klen); | ||
84 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
85 | #ifdef DEBUG_KEXDH | ||
86 | dump_digest("shared secret", kbuf, kout); | ||
87 | #endif | ||
88 | if ((shared_secret = BN_new()) == NULL) | ||
89 | fatal("kexdh_server: BN_new failed"); | ||
90 | BN_bin2bn(kbuf, kout, shared_secret); | ||
91 | memset(kbuf, 0, klen); | ||
92 | xfree(kbuf); | ||
93 | |||
94 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | ||
95 | |||
96 | /* calc H */ | ||
97 | hash = kex_dh_hash( | ||
98 | kex->client_version_string, | ||
99 | kex->server_version_string, | ||
100 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
101 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
102 | server_host_key_blob, sbloblen, | ||
103 | dh_client_pub, | ||
104 | dh->pub_key, | ||
105 | shared_secret | ||
106 | ); | ||
107 | BN_clear_free(dh_client_pub); | ||
108 | |||
109 | /* save session id := H */ | ||
110 | /* XXX hashlen depends on KEX */ | ||
111 | if (kex->session_id == NULL) { | ||
112 | kex->session_id_len = 20; | ||
113 | kex->session_id = xmalloc(kex->session_id_len); | ||
114 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
115 | } | ||
116 | |||
117 | /* sign H */ | ||
118 | /* XXX hashlen depends on KEX */ | ||
119 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
120 | |||
121 | /* destroy_sensitive_data(); */ | ||
122 | |||
123 | /* send server hostkey, DH pubkey 'f' and singed H */ | ||
124 | packet_start(SSH2_MSG_KEXDH_REPLY); | ||
125 | packet_put_string(server_host_key_blob, sbloblen); | ||
126 | packet_put_bignum2(dh->pub_key); /* f */ | ||
127 | packet_put_string(signature, slen); | ||
128 | packet_send(); | ||
129 | |||
130 | xfree(signature); | ||
131 | xfree(server_host_key_blob); | ||
132 | /* have keys, free DH */ | ||
133 | DH_free(dh); | ||
134 | |||
135 | kex_derive_keys(kex, hash, shared_secret); | ||
136 | BN_clear_free(shared_secret); | ||
137 | kex_finish(kex); | ||
138 | } | ||
@@ -24,23 +24,16 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $"); | 27 | RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); |
28 | 28 | ||
29 | #include <openssl/bn.h> | 29 | #include <openssl/evp.h> |
30 | 30 | ||
31 | #include "xmalloc.h" | ||
32 | #include "buffer.h" | 31 | #include "buffer.h" |
33 | #include "bufaux.h" | 32 | #include "bufaux.h" |
34 | #include "key.h" | ||
35 | #include "kex.h" | 33 | #include "kex.h" |
36 | #include "log.h" | ||
37 | #include "packet.h" | ||
38 | #include "dh.h" | ||
39 | #include "ssh2.h" | 34 | #include "ssh2.h" |
40 | #include "compat.h" | ||
41 | #include "monitor_wrap.h" | ||
42 | 35 | ||
43 | static u_char * | 36 | u_char * |
44 | kexgex_hash( | 37 | kexgex_hash( |
45 | char *client_version_string, | 38 | char *client_version_string, |
46 | char *server_version_string, | 39 | char *server_version_string, |
@@ -97,318 +90,3 @@ kexgex_hash( | |||
97 | #endif | 90 | #endif |
98 | return digest; | 91 | return digest; |
99 | } | 92 | } |
100 | |||
101 | /* client */ | ||
102 | |||
103 | static void | ||
104 | kexgex_client(Kex *kex) | ||
105 | { | ||
106 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | ||
107 | BIGNUM *p = NULL, *g = NULL; | ||
108 | Key *server_host_key; | ||
109 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
110 | u_int klen, kout, slen, sbloblen; | ||
111 | int min, max, nbits; | ||
112 | DH *dh; | ||
113 | |||
114 | nbits = dh_estimate(kex->we_need * 8); | ||
115 | |||
116 | if (datafellows & SSH_OLD_DHGEX) { | ||
117 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent"); | ||
118 | |||
119 | /* Old GEX request */ | ||
120 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); | ||
121 | packet_put_int(nbits); | ||
122 | min = DH_GRP_MIN; | ||
123 | max = DH_GRP_MAX; | ||
124 | } else { | ||
125 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); | ||
126 | |||
127 | /* New GEX request */ | ||
128 | min = DH_GRP_MIN; | ||
129 | max = DH_GRP_MAX; | ||
130 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); | ||
131 | packet_put_int(min); | ||
132 | packet_put_int(nbits); | ||
133 | packet_put_int(max); | ||
134 | } | ||
135 | #ifdef DEBUG_KEXDH | ||
136 | fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", | ||
137 | min, nbits, max); | ||
138 | #endif | ||
139 | packet_send(); | ||
140 | |||
141 | debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); | ||
142 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); | ||
143 | |||
144 | if ((p = BN_new()) == NULL) | ||
145 | fatal("BN_new"); | ||
146 | packet_get_bignum2(p); | ||
147 | if ((g = BN_new()) == NULL) | ||
148 | fatal("BN_new"); | ||
149 | packet_get_bignum2(g); | ||
150 | packet_check_eom(); | ||
151 | |||
152 | if (BN_num_bits(p) < min || BN_num_bits(p) > max) | ||
153 | fatal("DH_GEX group out of range: %d !< %d !< %d", | ||
154 | min, BN_num_bits(p), max); | ||
155 | |||
156 | dh = dh_new_group(g, p); | ||
157 | dh_gen_key(dh, kex->we_need * 8); | ||
158 | |||
159 | #ifdef DEBUG_KEXDH | ||
160 | DHparams_print_fp(stderr, dh); | ||
161 | fprintf(stderr, "pub= "); | ||
162 | BN_print_fp(stderr, dh->pub_key); | ||
163 | fprintf(stderr, "\n"); | ||
164 | #endif | ||
165 | |||
166 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); | ||
167 | /* generate and send 'e', client DH public key */ | ||
168 | packet_start(SSH2_MSG_KEX_DH_GEX_INIT); | ||
169 | packet_put_bignum2(dh->pub_key); | ||
170 | packet_send(); | ||
171 | |||
172 | debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); | ||
173 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY); | ||
174 | |||
175 | /* key, cert */ | ||
176 | server_host_key_blob = packet_get_string(&sbloblen); | ||
177 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); | ||
178 | if (server_host_key == NULL) | ||
179 | fatal("cannot decode server_host_key_blob"); | ||
180 | if (server_host_key->type != kex->hostkey_type) | ||
181 | fatal("type mismatch for decoded server_host_key_blob"); | ||
182 | if (kex->verify_host_key == NULL) | ||
183 | fatal("cannot verify server_host_key"); | ||
184 | if (kex->verify_host_key(server_host_key) == -1) | ||
185 | fatal("server_host_key verification failed"); | ||
186 | |||
187 | /* DH paramter f, server public DH key */ | ||
188 | if ((dh_server_pub = BN_new()) == NULL) | ||
189 | fatal("dh_server_pub == NULL"); | ||
190 | packet_get_bignum2(dh_server_pub); | ||
191 | |||
192 | #ifdef DEBUG_KEXDH | ||
193 | fprintf(stderr, "dh_server_pub= "); | ||
194 | BN_print_fp(stderr, dh_server_pub); | ||
195 | fprintf(stderr, "\n"); | ||
196 | debug("bits %d", BN_num_bits(dh_server_pub)); | ||
197 | #endif | ||
198 | |||
199 | /* signed H */ | ||
200 | signature = packet_get_string(&slen); | ||
201 | packet_check_eom(); | ||
202 | |||
203 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
204 | packet_disconnect("bad server public DH value"); | ||
205 | |||
206 | klen = DH_size(dh); | ||
207 | kbuf = xmalloc(klen); | ||
208 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
209 | #ifdef DEBUG_KEXDH | ||
210 | dump_digest("shared secret", kbuf, kout); | ||
211 | #endif | ||
212 | if ((shared_secret = BN_new()) == NULL) | ||
213 | fatal("kexgex_client: BN_new failed"); | ||
214 | BN_bin2bn(kbuf, kout, shared_secret); | ||
215 | memset(kbuf, 0, klen); | ||
216 | xfree(kbuf); | ||
217 | |||
218 | if (datafellows & SSH_OLD_DHGEX) | ||
219 | min = max = -1; | ||
220 | |||
221 | /* calc and verify H */ | ||
222 | hash = kexgex_hash( | ||
223 | kex->client_version_string, | ||
224 | kex->server_version_string, | ||
225 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
226 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
227 | server_host_key_blob, sbloblen, | ||
228 | min, nbits, max, | ||
229 | dh->p, dh->g, | ||
230 | dh->pub_key, | ||
231 | dh_server_pub, | ||
232 | shared_secret | ||
233 | ); | ||
234 | /* have keys, free DH */ | ||
235 | DH_free(dh); | ||
236 | xfree(server_host_key_blob); | ||
237 | BN_clear_free(dh_server_pub); | ||
238 | |||
239 | if (key_verify(server_host_key, signature, slen, hash, 20) != 1) | ||
240 | fatal("key_verify failed for server_host_key"); | ||
241 | key_free(server_host_key); | ||
242 | xfree(signature); | ||
243 | |||
244 | /* save session id */ | ||
245 | if (kex->session_id == NULL) { | ||
246 | kex->session_id_len = 20; | ||
247 | kex->session_id = xmalloc(kex->session_id_len); | ||
248 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
249 | } | ||
250 | kex_derive_keys(kex, hash, shared_secret); | ||
251 | BN_clear_free(shared_secret); | ||
252 | |||
253 | kex_finish(kex); | ||
254 | } | ||
255 | |||
256 | /* server */ | ||
257 | |||
258 | static void | ||
259 | kexgex_server(Kex *kex) | ||
260 | { | ||
261 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | ||
262 | Key *server_host_key; | ||
263 | DH *dh; | ||
264 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
265 | u_int sbloblen, klen, kout, slen; | ||
266 | int min = -1, max = -1, nbits = -1, type; | ||
267 | |||
268 | if (kex->load_host_key == NULL) | ||
269 | fatal("Cannot load hostkey"); | ||
270 | server_host_key = kex->load_host_key(kex->hostkey_type); | ||
271 | if (server_host_key == NULL) | ||
272 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | ||
273 | |||
274 | type = packet_read(); | ||
275 | switch (type) { | ||
276 | case SSH2_MSG_KEX_DH_GEX_REQUEST: | ||
277 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | ||
278 | min = packet_get_int(); | ||
279 | nbits = packet_get_int(); | ||
280 | max = packet_get_int(); | ||
281 | min = MAX(DH_GRP_MIN, min); | ||
282 | max = MIN(DH_GRP_MAX, max); | ||
283 | break; | ||
284 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: | ||
285 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); | ||
286 | nbits = packet_get_int(); | ||
287 | min = DH_GRP_MIN; | ||
288 | max = DH_GRP_MAX; | ||
289 | /* unused for old GEX */ | ||
290 | break; | ||
291 | default: | ||
292 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); | ||
293 | } | ||
294 | packet_check_eom(); | ||
295 | |||
296 | if (max < min || nbits < min || max < nbits) | ||
297 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | ||
298 | min, nbits, max); | ||
299 | |||
300 | /* Contact privileged parent */ | ||
301 | dh = PRIVSEP(choose_dh(min, nbits, max)); | ||
302 | if (dh == NULL) | ||
303 | packet_disconnect("Protocol error: no matching DH grp found"); | ||
304 | |||
305 | debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); | ||
306 | packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); | ||
307 | packet_put_bignum2(dh->p); | ||
308 | packet_put_bignum2(dh->g); | ||
309 | packet_send(); | ||
310 | |||
311 | /* flush */ | ||
312 | packet_write_wait(); | ||
313 | |||
314 | /* Compute our exchange value in parallel with the client */ | ||
315 | dh_gen_key(dh, kex->we_need * 8); | ||
316 | |||
317 | debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); | ||
318 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT); | ||
319 | |||
320 | /* key, cert */ | ||
321 | if ((dh_client_pub = BN_new()) == NULL) | ||
322 | fatal("dh_client_pub == NULL"); | ||
323 | packet_get_bignum2(dh_client_pub); | ||
324 | packet_check_eom(); | ||
325 | |||
326 | #ifdef DEBUG_KEXDH | ||
327 | fprintf(stderr, "dh_client_pub= "); | ||
328 | BN_print_fp(stderr, dh_client_pub); | ||
329 | fprintf(stderr, "\n"); | ||
330 | debug("bits %d", BN_num_bits(dh_client_pub)); | ||
331 | #endif | ||
332 | |||
333 | #ifdef DEBUG_KEXDH | ||
334 | DHparams_print_fp(stderr, dh); | ||
335 | fprintf(stderr, "pub= "); | ||
336 | BN_print_fp(stderr, dh->pub_key); | ||
337 | fprintf(stderr, "\n"); | ||
338 | #endif | ||
339 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
340 | packet_disconnect("bad client public DH value"); | ||
341 | |||
342 | klen = DH_size(dh); | ||
343 | kbuf = xmalloc(klen); | ||
344 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
345 | #ifdef DEBUG_KEXDH | ||
346 | dump_digest("shared secret", kbuf, kout); | ||
347 | #endif | ||
348 | if ((shared_secret = BN_new()) == NULL) | ||
349 | fatal("kexgex_server: BN_new failed"); | ||
350 | BN_bin2bn(kbuf, kout, shared_secret); | ||
351 | memset(kbuf, 0, klen); | ||
352 | xfree(kbuf); | ||
353 | |||
354 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | ||
355 | |||
356 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | ||
357 | min = max = -1; | ||
358 | |||
359 | /* calc H */ /* XXX depends on 'kex' */ | ||
360 | hash = kexgex_hash( | ||
361 | kex->client_version_string, | ||
362 | kex->server_version_string, | ||
363 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
364 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
365 | server_host_key_blob, sbloblen, | ||
366 | min, nbits, max, | ||
367 | dh->p, dh->g, | ||
368 | dh_client_pub, | ||
369 | dh->pub_key, | ||
370 | shared_secret | ||
371 | ); | ||
372 | BN_clear_free(dh_client_pub); | ||
373 | |||
374 | /* save session id := H */ | ||
375 | /* XXX hashlen depends on KEX */ | ||
376 | if (kex->session_id == NULL) { | ||
377 | kex->session_id_len = 20; | ||
378 | kex->session_id = xmalloc(kex->session_id_len); | ||
379 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
380 | } | ||
381 | |||
382 | /* sign H */ | ||
383 | /* XXX hashlen depends on KEX */ | ||
384 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
385 | |||
386 | /* destroy_sensitive_data(); */ | ||
387 | |||
388 | /* send server hostkey, DH pubkey 'f' and singed H */ | ||
389 | debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); | ||
390 | packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); | ||
391 | packet_put_string(server_host_key_blob, sbloblen); | ||
392 | packet_put_bignum2(dh->pub_key); /* f */ | ||
393 | packet_put_string(signature, slen); | ||
394 | packet_send(); | ||
395 | |||
396 | xfree(signature); | ||
397 | xfree(server_host_key_blob); | ||
398 | /* have keys, free DH */ | ||
399 | DH_free(dh); | ||
400 | |||
401 | kex_derive_keys(kex, hash, shared_secret); | ||
402 | BN_clear_free(shared_secret); | ||
403 | |||
404 | kex_finish(kex); | ||
405 | } | ||
406 | |||
407 | void | ||
408 | kexgex(Kex *kex) | ||
409 | { | ||
410 | if (kex->server) | ||
411 | kexgex_server(kex); | ||
412 | else | ||
413 | kexgex_client(kex); | ||
414 | } | ||
diff --git a/kexgexc.c b/kexgexc.c new file mode 100644 index 000000000..f14ac44ca --- /dev/null +++ b/kexgexc.c | |||
@@ -0,0 +1,189 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2000 Niels Provos. All rights reserved. | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | #include "includes.h" | ||
27 | RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); | ||
28 | |||
29 | #include "xmalloc.h" | ||
30 | #include "key.h" | ||
31 | #include "kex.h" | ||
32 | #include "log.h" | ||
33 | #include "packet.h" | ||
34 | #include "dh.h" | ||
35 | #include "ssh2.h" | ||
36 | #include "compat.h" | ||
37 | |||
38 | void | ||
39 | kexgex_client(Kex *kex) | ||
40 | { | ||
41 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | ||
42 | BIGNUM *p = NULL, *g = NULL; | ||
43 | Key *server_host_key; | ||
44 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
45 | u_int klen, kout, slen, sbloblen; | ||
46 | int min, max, nbits; | ||
47 | DH *dh; | ||
48 | |||
49 | nbits = dh_estimate(kex->we_need * 8); | ||
50 | |||
51 | if (datafellows & SSH_OLD_DHGEX) { | ||
52 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent"); | ||
53 | |||
54 | /* Old GEX request */ | ||
55 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); | ||
56 | packet_put_int(nbits); | ||
57 | min = DH_GRP_MIN; | ||
58 | max = DH_GRP_MAX; | ||
59 | } else { | ||
60 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); | ||
61 | |||
62 | /* New GEX request */ | ||
63 | min = DH_GRP_MIN; | ||
64 | max = DH_GRP_MAX; | ||
65 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); | ||
66 | packet_put_int(min); | ||
67 | packet_put_int(nbits); | ||
68 | packet_put_int(max); | ||
69 | } | ||
70 | #ifdef DEBUG_KEXDH | ||
71 | fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", | ||
72 | min, nbits, max); | ||
73 | #endif | ||
74 | packet_send(); | ||
75 | |||
76 | debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); | ||
77 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); | ||
78 | |||
79 | if ((p = BN_new()) == NULL) | ||
80 | fatal("BN_new"); | ||
81 | packet_get_bignum2(p); | ||
82 | if ((g = BN_new()) == NULL) | ||
83 | fatal("BN_new"); | ||
84 | packet_get_bignum2(g); | ||
85 | packet_check_eom(); | ||
86 | |||
87 | if (BN_num_bits(p) < min || BN_num_bits(p) > max) | ||
88 | fatal("DH_GEX group out of range: %d !< %d !< %d", | ||
89 | min, BN_num_bits(p), max); | ||
90 | |||
91 | dh = dh_new_group(g, p); | ||
92 | dh_gen_key(dh, kex->we_need * 8); | ||
93 | |||
94 | #ifdef DEBUG_KEXDH | ||
95 | DHparams_print_fp(stderr, dh); | ||
96 | fprintf(stderr, "pub= "); | ||
97 | BN_print_fp(stderr, dh->pub_key); | ||
98 | fprintf(stderr, "\n"); | ||
99 | #endif | ||
100 | |||
101 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); | ||
102 | /* generate and send 'e', client DH public key */ | ||
103 | packet_start(SSH2_MSG_KEX_DH_GEX_INIT); | ||
104 | packet_put_bignum2(dh->pub_key); | ||
105 | packet_send(); | ||
106 | |||
107 | debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); | ||
108 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY); | ||
109 | |||
110 | /* key, cert */ | ||
111 | server_host_key_blob = packet_get_string(&sbloblen); | ||
112 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); | ||
113 | if (server_host_key == NULL) | ||
114 | fatal("cannot decode server_host_key_blob"); | ||
115 | if (server_host_key->type != kex->hostkey_type) | ||
116 | fatal("type mismatch for decoded server_host_key_blob"); | ||
117 | if (kex->verify_host_key == NULL) | ||
118 | fatal("cannot verify server_host_key"); | ||
119 | if (kex->verify_host_key(server_host_key) == -1) | ||
120 | fatal("server_host_key verification failed"); | ||
121 | |||
122 | /* DH paramter f, server public DH key */ | ||
123 | if ((dh_server_pub = BN_new()) == NULL) | ||
124 | fatal("dh_server_pub == NULL"); | ||
125 | packet_get_bignum2(dh_server_pub); | ||
126 | |||
127 | #ifdef DEBUG_KEXDH | ||
128 | fprintf(stderr, "dh_server_pub= "); | ||
129 | BN_print_fp(stderr, dh_server_pub); | ||
130 | fprintf(stderr, "\n"); | ||
131 | debug("bits %d", BN_num_bits(dh_server_pub)); | ||
132 | #endif | ||
133 | |||
134 | /* signed H */ | ||
135 | signature = packet_get_string(&slen); | ||
136 | packet_check_eom(); | ||
137 | |||
138 | if (!dh_pub_is_valid(dh, dh_server_pub)) | ||
139 | packet_disconnect("bad server public DH value"); | ||
140 | |||
141 | klen = DH_size(dh); | ||
142 | kbuf = xmalloc(klen); | ||
143 | kout = DH_compute_key(kbuf, dh_server_pub, dh); | ||
144 | #ifdef DEBUG_KEXDH | ||
145 | dump_digest("shared secret", kbuf, kout); | ||
146 | #endif | ||
147 | if ((shared_secret = BN_new()) == NULL) | ||
148 | fatal("kexgex_client: BN_new failed"); | ||
149 | BN_bin2bn(kbuf, kout, shared_secret); | ||
150 | memset(kbuf, 0, klen); | ||
151 | xfree(kbuf); | ||
152 | |||
153 | if (datafellows & SSH_OLD_DHGEX) | ||
154 | min = max = -1; | ||
155 | |||
156 | /* calc and verify H */ | ||
157 | hash = kexgex_hash( | ||
158 | kex->client_version_string, | ||
159 | kex->server_version_string, | ||
160 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
161 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
162 | server_host_key_blob, sbloblen, | ||
163 | min, nbits, max, | ||
164 | dh->p, dh->g, | ||
165 | dh->pub_key, | ||
166 | dh_server_pub, | ||
167 | shared_secret | ||
168 | ); | ||
169 | /* have keys, free DH */ | ||
170 | DH_free(dh); | ||
171 | xfree(server_host_key_blob); | ||
172 | BN_clear_free(dh_server_pub); | ||
173 | |||
174 | if (key_verify(server_host_key, signature, slen, hash, 20) != 1) | ||
175 | fatal("key_verify failed for server_host_key"); | ||
176 | key_free(server_host_key); | ||
177 | xfree(signature); | ||
178 | |||
179 | /* save session id */ | ||
180 | if (kex->session_id == NULL) { | ||
181 | kex->session_id_len = 20; | ||
182 | kex->session_id = xmalloc(kex->session_id_len); | ||
183 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
184 | } | ||
185 | kex_derive_keys(kex, hash, shared_secret); | ||
186 | BN_clear_free(shared_secret); | ||
187 | |||
188 | kex_finish(kex); | ||
189 | } | ||
diff --git a/kexgexs.c b/kexgexs.c new file mode 100644 index 000000000..baebfcfb0 --- /dev/null +++ b/kexgexs.c | |||
@@ -0,0 +1,186 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2000 Niels Provos. All rights reserved. | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | #include "includes.h" | ||
27 | RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); | ||
28 | |||
29 | #include "xmalloc.h" | ||
30 | #include "key.h" | ||
31 | #include "kex.h" | ||
32 | #include "log.h" | ||
33 | #include "packet.h" | ||
34 | #include "dh.h" | ||
35 | #include "ssh2.h" | ||
36 | #include "compat.h" | ||
37 | #include "monitor_wrap.h" | ||
38 | |||
39 | void | ||
40 | kexgex_server(Kex *kex) | ||
41 | { | ||
42 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | ||
43 | Key *server_host_key; | ||
44 | DH *dh; | ||
45 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | ||
46 | u_int sbloblen, klen, kout, slen; | ||
47 | int min = -1, max = -1, nbits = -1, type; | ||
48 | |||
49 | if (kex->load_host_key == NULL) | ||
50 | fatal("Cannot load hostkey"); | ||
51 | server_host_key = kex->load_host_key(kex->hostkey_type); | ||
52 | if (server_host_key == NULL) | ||
53 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | ||
54 | |||
55 | type = packet_read(); | ||
56 | switch (type) { | ||
57 | case SSH2_MSG_KEX_DH_GEX_REQUEST: | ||
58 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | ||
59 | min = packet_get_int(); | ||
60 | nbits = packet_get_int(); | ||
61 | max = packet_get_int(); | ||
62 | min = MAX(DH_GRP_MIN, min); | ||
63 | max = MIN(DH_GRP_MAX, max); | ||
64 | break; | ||
65 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: | ||
66 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); | ||
67 | nbits = packet_get_int(); | ||
68 | min = DH_GRP_MIN; | ||
69 | max = DH_GRP_MAX; | ||
70 | /* unused for old GEX */ | ||
71 | break; | ||
72 | default: | ||
73 | fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); | ||
74 | } | ||
75 | packet_check_eom(); | ||
76 | |||
77 | if (max < min || nbits < min || max < nbits) | ||
78 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | ||
79 | min, nbits, max); | ||
80 | |||
81 | /* Contact privileged parent */ | ||
82 | dh = PRIVSEP(choose_dh(min, nbits, max)); | ||
83 | if (dh == NULL) | ||
84 | packet_disconnect("Protocol error: no matching DH grp found"); | ||
85 | |||
86 | debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); | ||
87 | packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); | ||
88 | packet_put_bignum2(dh->p); | ||
89 | packet_put_bignum2(dh->g); | ||
90 | packet_send(); | ||
91 | |||
92 | /* flush */ | ||
93 | packet_write_wait(); | ||
94 | |||
95 | /* Compute our exchange value in parallel with the client */ | ||
96 | dh_gen_key(dh, kex->we_need * 8); | ||
97 | |||
98 | debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); | ||
99 | packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT); | ||
100 | |||
101 | /* key, cert */ | ||
102 | if ((dh_client_pub = BN_new()) == NULL) | ||
103 | fatal("dh_client_pub == NULL"); | ||
104 | packet_get_bignum2(dh_client_pub); | ||
105 | packet_check_eom(); | ||
106 | |||
107 | #ifdef DEBUG_KEXDH | ||
108 | fprintf(stderr, "dh_client_pub= "); | ||
109 | BN_print_fp(stderr, dh_client_pub); | ||
110 | fprintf(stderr, "\n"); | ||
111 | debug("bits %d", BN_num_bits(dh_client_pub)); | ||
112 | #endif | ||
113 | |||
114 | #ifdef DEBUG_KEXDH | ||
115 | DHparams_print_fp(stderr, dh); | ||
116 | fprintf(stderr, "pub= "); | ||
117 | BN_print_fp(stderr, dh->pub_key); | ||
118 | fprintf(stderr, "\n"); | ||
119 | #endif | ||
120 | if (!dh_pub_is_valid(dh, dh_client_pub)) | ||
121 | packet_disconnect("bad client public DH value"); | ||
122 | |||
123 | klen = DH_size(dh); | ||
124 | kbuf = xmalloc(klen); | ||
125 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | ||
126 | #ifdef DEBUG_KEXDH | ||
127 | dump_digest("shared secret", kbuf, kout); | ||
128 | #endif | ||
129 | if ((shared_secret = BN_new()) == NULL) | ||
130 | fatal("kexgex_server: BN_new failed"); | ||
131 | BN_bin2bn(kbuf, kout, shared_secret); | ||
132 | memset(kbuf, 0, klen); | ||
133 | xfree(kbuf); | ||
134 | |||
135 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | ||
136 | |||
137 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | ||
138 | min = max = -1; | ||
139 | |||
140 | /* calc H */ /* XXX depends on 'kex' */ | ||
141 | hash = kexgex_hash( | ||
142 | kex->client_version_string, | ||
143 | kex->server_version_string, | ||
144 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
145 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
146 | server_host_key_blob, sbloblen, | ||
147 | min, nbits, max, | ||
148 | dh->p, dh->g, | ||
149 | dh_client_pub, | ||
150 | dh->pub_key, | ||
151 | shared_secret | ||
152 | ); | ||
153 | BN_clear_free(dh_client_pub); | ||
154 | |||
155 | /* save session id := H */ | ||
156 | /* XXX hashlen depends on KEX */ | ||
157 | if (kex->session_id == NULL) { | ||
158 | kex->session_id_len = 20; | ||
159 | kex->session_id = xmalloc(kex->session_id_len); | ||
160 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
161 | } | ||
162 | |||
163 | /* sign H */ | ||
164 | /* XXX hashlen depends on KEX */ | ||
165 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
166 | |||
167 | /* destroy_sensitive_data(); */ | ||
168 | |||
169 | /* send server hostkey, DH pubkey 'f' and singed H */ | ||
170 | debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); | ||
171 | packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); | ||
172 | packet_put_string(server_host_key_blob, sbloblen); | ||
173 | packet_put_bignum2(dh->pub_key); /* f */ | ||
174 | packet_put_string(signature, slen); | ||
175 | packet_send(); | ||
176 | |||
177 | xfree(signature); | ||
178 | xfree(server_host_key_blob); | ||
179 | /* have keys, free DH */ | ||
180 | DH_free(dh); | ||
181 | |||
182 | kex_derive_keys(kex, hash, shared_secret); | ||
183 | BN_clear_free(shared_secret); | ||
184 | |||
185 | kex_finish(kex); | ||
186 | } | ||
@@ -32,15 +32,13 @@ | |||
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 33 | */ |
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); | 35 | RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $"); |
36 | 36 | ||
37 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
38 | 38 | ||
39 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
40 | #include "key.h" | 40 | #include "key.h" |
41 | #include "rsa.h" | 41 | #include "rsa.h" |
42 | #include "ssh-dss.h" | ||
43 | #include "ssh-rsa.h" | ||
44 | #include "uuencode.h" | 42 | #include "uuencode.h" |
45 | #include "buffer.h" | 43 | #include "buffer.h" |
46 | #include "bufaux.h" | 44 | #include "bufaux.h" |
@@ -410,14 +408,14 @@ key_read(Key *ret, char **cpp) | |||
410 | case KEY_DSA: | 408 | case KEY_DSA: |
411 | space = strchr(cp, ' '); | 409 | space = strchr(cp, ' '); |
412 | if (space == NULL) { | 410 | if (space == NULL) { |
413 | debug3("key_read: no space"); | 411 | debug3("key_read: missing whitespace"); |
414 | return -1; | 412 | return -1; |
415 | } | 413 | } |
416 | *space = '\0'; | 414 | *space = '\0'; |
417 | type = key_type_from_name(cp); | 415 | type = key_type_from_name(cp); |
418 | *space = ' '; | 416 | *space = ' '; |
419 | if (type == KEY_UNSPEC) { | 417 | if (type == KEY_UNSPEC) { |
420 | debug3("key_read: no key found"); | 418 | debug3("key_read: missing keytype"); |
421 | return -1; | 419 | return -1; |
422 | } | 420 | } |
423 | cp = space+1; | 421 | cp = space+1; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -78,4 +78,9 @@ int key_names_valid2(const char *); | |||
78 | int key_sign(Key *, u_char **, u_int *, u_char *, u_int); | 78 | int key_sign(Key *, u_char **, u_int *, u_char *, u_int); |
79 | int key_verify(Key *, u_char *, u_int, u_char *, u_int); | 79 | int key_verify(Key *, u_char *, u_int, u_char *, u_int); |
80 | 80 | ||
81 | int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); | ||
82 | int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); | ||
83 | int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); | ||
84 | int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); | ||
85 | |||
81 | #endif | 86 | #endif |
@@ -34,7 +34,7 @@ | |||
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); | 37 | RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $"); |
38 | 38 | ||
39 | #include "log.h" | 39 | #include "log.h" |
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
@@ -234,6 +234,7 @@ fatal_remove_all_cleanups(void) | |||
234 | next_cu = cu->next; | 234 | next_cu = cu->next; |
235 | xfree(cu); | 235 | xfree(cu); |
236 | } | 236 | } |
237 | fatal_cleanups = NULL; | ||
237 | } | 238 | } |
238 | 239 | ||
239 | /* Cleanup and exit */ | 240 | /* Cleanup and exit */ |
@@ -388,11 +389,14 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
388 | } else { | 389 | } else { |
389 | vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); | 390 | vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); |
390 | } | 391 | } |
392 | /* Escape magic chars in output. */ | ||
393 | strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL); | ||
394 | |||
391 | if (log_on_stderr) { | 395 | if (log_on_stderr) { |
392 | fprintf(stderr, "%s\r\n", msgbuf); | 396 | fprintf(stderr, "%s\r\n", fmtbuf); |
393 | } else { | 397 | } else { |
394 | openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); | 398 | openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); |
395 | syslog(pri, "%.500s", msgbuf); | 399 | syslog(pri, "%.500s", fmtbuf); |
396 | closelog(); | 400 | closelog(); |
397 | } | 401 | } |
398 | } | 402 | } |
diff --git a/loginrec.c b/loginrec.c index 02c3106a3..6697ca7b0 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -163,7 +163,7 @@ | |||
163 | #include "log.h" | 163 | #include "log.h" |
164 | #include "atomicio.h" | 164 | #include "atomicio.h" |
165 | 165 | ||
166 | RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); | 166 | RCSID("$Id: loginrec.c,v 1.47 2003/03/10 00:23:07 djm Exp $"); |
167 | 167 | ||
168 | #ifdef HAVE_UTIL_H | 168 | #ifdef HAVE_UTIL_H |
169 | # include <util.h> | 169 | # include <util.h> |
@@ -609,6 +609,9 @@ void | |||
609 | construct_utmp(struct logininfo *li, | 609 | construct_utmp(struct logininfo *li, |
610 | struct utmp *ut) | 610 | struct utmp *ut) |
611 | { | 611 | { |
612 | # ifdef HAVE_ADDR_V6_IN_UTMP | ||
613 | struct sockaddr_in6 *sa6; | ||
614 | # endif | ||
612 | memset(ut, '\0', sizeof(*ut)); | 615 | memset(ut, '\0', sizeof(*ut)); |
613 | 616 | ||
614 | /* First fill out fields used for both logins and logouts */ | 617 | /* First fill out fields used for both logins and logouts */ |
@@ -661,6 +664,19 @@ construct_utmp(struct logininfo *li, | |||
661 | if (li->hostaddr.sa.sa_family == AF_INET) | 664 | if (li->hostaddr.sa.sa_family == AF_INET) |
662 | ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; | 665 | ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; |
663 | # endif | 666 | # endif |
667 | # ifdef HAVE_ADDR_V6_IN_UTMP | ||
668 | /* this is just a 128-bit IPv6 address */ | ||
669 | if (li->hostaddr.sa.sa_family == AF_INET6) { | ||
670 | sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); | ||
671 | memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); | ||
672 | if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { | ||
673 | ut->ut_addr_v6[0] = ut->ut_addr_v6[3]; | ||
674 | ut->ut_addr_v6[1] = 0; | ||
675 | ut->ut_addr_v6[2] = 0; | ||
676 | ut->ut_addr_v6[3] = 0; | ||
677 | } | ||
678 | } | ||
679 | # endif | ||
664 | } | 680 | } |
665 | #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */ | 681 | #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */ |
666 | 682 | ||
@@ -689,6 +705,9 @@ set_utmpx_time(struct logininfo *li, struct utmpx *utx) | |||
689 | void | 705 | void |
690 | construct_utmpx(struct logininfo *li, struct utmpx *utx) | 706 | construct_utmpx(struct logininfo *li, struct utmpx *utx) |
691 | { | 707 | { |
708 | # ifdef HAVE_ADDR_V6_IN_UTMP | ||
709 | struct sockaddr_in6 *sa6; | ||
710 | # endif | ||
692 | memset(utx, '\0', sizeof(*utx)); | 711 | memset(utx, '\0', sizeof(*utx)); |
693 | # ifdef HAVE_ID_IN_UTMPX | 712 | # ifdef HAVE_ID_IN_UTMPX |
694 | line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); | 713 | line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); |
@@ -725,6 +744,19 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) | |||
725 | if (li->hostaddr.sa.sa_family == AF_INET) | 744 | if (li->hostaddr.sa.sa_family == AF_INET) |
726 | utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; | 745 | utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; |
727 | # endif | 746 | # endif |
747 | # ifdef HAVE_ADDR_V6_IN_UTMP | ||
748 | /* this is just a 128-bit IPv6 address */ | ||
749 | if (li->hostaddr.sa.sa_family == AF_INET6) { | ||
750 | sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); | ||
751 | memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); | ||
752 | if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { | ||
753 | ut->ut_addr_v6[0] = ut->ut_addr_v6[3]; | ||
754 | ut->ut_addr_v6[1] = 0; | ||
755 | ut->ut_addr_v6[2] = 0; | ||
756 | ut->ut_addr_v6[3] = 0; | ||
757 | } | ||
758 | } | ||
759 | # endif | ||
728 | # ifdef HAVE_SYSLEN_IN_UTMPX | 760 | # ifdef HAVE_SYSLEN_IN_UTMPX |
729 | /* ut_syslen is the length of the utx_host string */ | 761 | /* ut_syslen is the length of the utx_host string */ |
730 | utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host)); | 762 | utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host)); |
@@ -1313,6 +1345,7 @@ syslogin_perform_login(struct logininfo *li) | |||
1313 | } | 1345 | } |
1314 | construct_utmp(li, ut); | 1346 | construct_utmp(li, ut); |
1315 | login(ut); | 1347 | login(ut); |
1348 | free(ut); | ||
1316 | 1349 | ||
1317 | return 1; | 1350 | return 1; |
1318 | } | 1351 | } |
@@ -1490,22 +1523,32 @@ int | |||
1490 | lastlog_get_entry(struct logininfo *li) | 1523 | lastlog_get_entry(struct logininfo *li) |
1491 | { | 1524 | { |
1492 | struct lastlog last; | 1525 | struct lastlog last; |
1493 | int fd; | 1526 | int fd, ret; |
1494 | 1527 | ||
1495 | if (!lastlog_openseek(li, &fd, O_RDONLY)) | 1528 | if (!lastlog_openseek(li, &fd, O_RDONLY)) |
1496 | return 0; | 1529 | return (0); |
1497 | |||
1498 | if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) { | ||
1499 | close(fd); | ||
1500 | log("lastlog_get_entry: Error reading from %s: %s", | ||
1501 | LASTLOG_FILE, strerror(errno)); | ||
1502 | return 0; | ||
1503 | } | ||
1504 | 1530 | ||
1531 | ret = atomicio(read, fd, &last, sizeof(last)); | ||
1505 | close(fd); | 1532 | close(fd); |
1506 | 1533 | ||
1507 | lastlog_populate_entry(li, &last); | 1534 | switch (ret) { |
1535 | case 0: | ||
1536 | memset(&last, '\0', sizeof(last)); | ||
1537 | /* FALLTHRU */ | ||
1538 | case sizeof(last): | ||
1539 | lastlog_populate_entry(li, &last); | ||
1540 | return (1); | ||
1541 | case -1: | ||
1542 | error("%s: Error reading from %s: %s", __func__, | ||
1543 | LASTLOG_FILE, strerror(errno)); | ||
1544 | return (0); | ||
1545 | default: | ||
1546 | error("%s: Error reading from %s: Expecting %d, got %d", | ||
1547 | __func__, LASTLOG_FILE, sizeof(last), ret); | ||
1548 | return (0); | ||
1549 | } | ||
1508 | 1550 | ||
1509 | return 1; | 1551 | /* NOTREACHED */ |
1552 | return (0); | ||
1510 | } | 1553 | } |
1511 | #endif /* USE_LASTLOG */ | 1554 | #endif /* USE_LASTLOG */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $"); | 26 | RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $"); |
27 | 27 | ||
28 | #include "misc.h" | 28 | #include "misc.h" |
29 | #include "log.h" | 29 | #include "log.h" |
@@ -105,7 +105,7 @@ set_nodelay(int fd) | |||
105 | return; | 105 | return; |
106 | } | 106 | } |
107 | opt = 1; | 107 | opt = 1; |
108 | debug("fd %d setting TCP_NODELAY", fd); | 108 | debug2("fd %d setting TCP_NODELAY", fd); |
109 | if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) | 109 | if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) |
110 | error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); | 110 | error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); |
111 | } | 111 | } |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -634,20 +634,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m) | |||
634 | u_int numprompts; | 634 | u_int numprompts; |
635 | u_int *echo_on; | 635 | u_int *echo_on; |
636 | char **prompts; | 636 | char **prompts; |
637 | int res; | 637 | u_int success; |
638 | 638 | ||
639 | res = bsdauth_query(authctxt, &name, &infotxt, &numprompts, | 639 | success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, |
640 | &prompts, &echo_on); | 640 | &prompts, &echo_on) < 0 ? 0 : 1; |
641 | 641 | ||
642 | buffer_clear(m); | 642 | buffer_clear(m); |
643 | buffer_put_int(m, res); | 643 | buffer_put_int(m, success); |
644 | if (res != -1) | 644 | if (success) |
645 | buffer_put_cstring(m, prompts[0]); | 645 | buffer_put_cstring(m, prompts[0]); |
646 | 646 | ||
647 | debug3("%s: sending challenge res: %d", __func__, res); | 647 | debug3("%s: sending challenge success: %u", __func__, success); |
648 | mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); | 648 | mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); |
649 | 649 | ||
650 | if (res != -1) { | 650 | if (success) { |
651 | xfree(name); | 651 | xfree(name); |
652 | xfree(infotxt); | 652 | xfree(infotxt); |
653 | xfree(prompts); | 653 | xfree(prompts); |
@@ -691,16 +691,16 @@ mm_answer_skeyquery(int socket, Buffer *m) | |||
691 | { | 691 | { |
692 | struct skey skey; | 692 | struct skey skey; |
693 | char challenge[1024]; | 693 | char challenge[1024]; |
694 | int res; | 694 | u_int success; |
695 | 695 | ||
696 | res = skeychallenge(&skey, authctxt->user, challenge); | 696 | success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; |
697 | 697 | ||
698 | buffer_clear(m); | 698 | buffer_clear(m); |
699 | buffer_put_int(m, res); | 699 | buffer_put_int(m, success); |
700 | if (res != -1) | 700 | if (success) |
701 | buffer_put_cstring(m, challenge); | 701 | buffer_put_cstring(m, challenge); |
702 | 702 | ||
703 | debug3("%s: sending challenge res: %d", __func__, res); | 703 | debug3("%s: sending challenge success: %u", __func__, success); |
704 | mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); | 704 | mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); |
705 | 705 | ||
706 | return (0); | 706 | return (0); |
@@ -806,8 +806,9 @@ mm_answer_keyallowed(int socket, Buffer *m) | |||
806 | fatal("%s: unknown key type %d", __func__, type); | 806 | fatal("%s: unknown key type %d", __func__, type); |
807 | break; | 807 | break; |
808 | } | 808 | } |
809 | key_free(key); | ||
810 | } | 809 | } |
810 | if (key != NULL) | ||
811 | key_free(key); | ||
811 | 812 | ||
812 | /* clear temporarily storage (used by verify) */ | 813 | /* clear temporarily storage (used by verify) */ |
813 | monitor_reset_key_state(); | 814 | monitor_reset_key_state(); |
@@ -826,6 +827,7 @@ mm_answer_keyallowed(int socket, Buffer *m) | |||
826 | 827 | ||
827 | buffer_clear(m); | 828 | buffer_clear(m); |
828 | buffer_put_int(m, allowed); | 829 | buffer_put_int(m, allowed); |
830 | buffer_put_int(m, forced_command != NULL); | ||
829 | 831 | ||
830 | mm_append_debug(m); | 832 | mm_append_debug(m); |
831 | 833 | ||
@@ -1188,6 +1190,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) | |||
1188 | } | 1190 | } |
1189 | buffer_clear(m); | 1191 | buffer_clear(m); |
1190 | buffer_put_int(m, allowed); | 1192 | buffer_put_int(m, allowed); |
1193 | buffer_put_int(m, forced_command != NULL); | ||
1191 | 1194 | ||
1192 | /* clear temporarily storage (used by generate challenge) */ | 1195 | /* clear temporarily storage (used by generate challenge) */ |
1193 | monitor_reset_key_state(); | 1196 | monitor_reset_key_state(); |
@@ -1202,8 +1205,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) | |||
1202 | key_blob = blob; | 1205 | key_blob = blob; |
1203 | key_bloblen = blen; | 1206 | key_bloblen = blen; |
1204 | key_blobtype = MM_RSAUSERKEY; | 1207 | key_blobtype = MM_RSAUSERKEY; |
1205 | key_free(key); | ||
1206 | } | 1208 | } |
1209 | if (key != NULL) | ||
1210 | key_free(key); | ||
1207 | 1211 | ||
1208 | mm_append_debug(m); | 1212 | mm_append_debug(m); |
1209 | 1213 | ||
@@ -1244,6 +1248,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m) | |||
1244 | mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); | 1248 | mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); |
1245 | 1249 | ||
1246 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | 1250 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
1251 | |||
1252 | xfree(blob); | ||
1253 | key_free(key); | ||
1247 | return (0); | 1254 | return (0); |
1248 | } | 1255 | } |
1249 | 1256 | ||
@@ -1274,6 +1281,7 @@ mm_answer_rsa_response(int socket, Buffer *m) | |||
1274 | fatal("%s: received bad response to challenge", __func__); | 1281 | fatal("%s: received bad response to challenge", __func__); |
1275 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | 1282 | success = auth_rsa_verify_response(key, ssh1_challenge, response); |
1276 | 1283 | ||
1284 | xfree(blob); | ||
1277 | key_free(key); | 1285 | key_free(key); |
1278 | xfree(response); | 1286 | xfree(response); |
1279 | 1287 | ||
@@ -1458,6 +1466,8 @@ mm_get_kex(Buffer *m) | |||
1458 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) | 1466 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) |
1459 | fatal("mm_get_get: internal error: bad session id"); | 1467 | fatal("mm_get_get: internal error: bad session id"); |
1460 | kex->we_need = buffer_get_int(m); | 1468 | kex->we_need = buffer_get_int(m); |
1469 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | ||
1470 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | ||
1461 | kex->server = 1; | 1471 | kex->server = 1; |
1462 | kex->hostkey_type = buffer_get_int(m); | 1472 | kex->hostkey_type = buffer_get_int(m); |
1463 | kex->kex_type = buffer_get_int(m); | 1473 | kex->kex_type = buffer_get_int(m); |
@@ -1551,7 +1561,7 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1551 | void * | 1561 | void * |
1552 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | 1562 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
1553 | { | 1563 | { |
1554 | size_t len = size * ncount; | 1564 | size_t len = (size_t) size * ncount; |
1555 | void *address; | 1565 | void *address; |
1556 | 1566 | ||
1557 | if (len == 0 || ncount > SIZE_T_MAX / size) | 1567 | if (len == 0 || ncount > SIZE_T_MAX / size) |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 4c53bfd13..1395a32f4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/bn.h> | 30 | #include <openssl/bn.h> |
31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); | |||
34 | #include "dh.h" | 34 | #include "dh.h" |
35 | #include "kex.h" | 35 | #include "kex.h" |
36 | #include "auth.h" | 36 | #include "auth.h" |
37 | #include "auth-options.h" | ||
37 | #include "buffer.h" | 38 | #include "buffer.h" |
38 | #include "bufaux.h" | 39 | #include "bufaux.h" |
39 | #include "packet.h" | 40 | #include "packet.h" |
@@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
312 | Buffer m; | 313 | Buffer m; |
313 | u_char *blob; | 314 | u_char *blob; |
314 | u_int len; | 315 | u_int len; |
315 | int allowed = 0; | 316 | int allowed = 0, have_forced = 0; |
316 | 317 | ||
317 | debug3("%s entering", __func__); | 318 | debug3("%s entering", __func__); |
318 | 319 | ||
@@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
334 | 335 | ||
335 | allowed = buffer_get_int(&m); | 336 | allowed = buffer_get_int(&m); |
336 | 337 | ||
338 | /* fake forced command */ | ||
339 | auth_clear_options(); | ||
340 | have_forced = buffer_get_int(&m); | ||
341 | forced_command = have_forced ? xstrdup("true") : NULL; | ||
342 | |||
337 | /* Send potential debug messages */ | 343 | /* Send potential debug messages */ |
338 | mm_send_debug(&m); | 344 | mm_send_debug(&m); |
339 | 345 | ||
@@ -714,7 +720,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, | |||
714 | u_int *numprompts, char ***prompts, u_int **echo_on) | 720 | u_int *numprompts, char ***prompts, u_int **echo_on) |
715 | { | 721 | { |
716 | Buffer m; | 722 | Buffer m; |
717 | int res; | 723 | u_int success; |
718 | char *challenge; | 724 | char *challenge; |
719 | 725 | ||
720 | debug3("%s: entering", __func__); | 726 | debug3("%s: entering", __func__); |
@@ -724,8 +730,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, | |||
724 | 730 | ||
725 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, | 731 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, |
726 | &m); | 732 | &m); |
727 | res = buffer_get_int(&m); | 733 | success = buffer_get_int(&m); |
728 | if (res == -1) { | 734 | if (success == 0) { |
729 | debug3("%s: no challenge", __func__); | 735 | debug3("%s: no challenge", __func__); |
730 | buffer_free(&m); | 736 | buffer_free(&m); |
731 | return (-1); | 737 | return (-1); |
@@ -771,7 +777,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
771 | u_int *numprompts, char ***prompts, u_int **echo_on) | 777 | u_int *numprompts, char ***prompts, u_int **echo_on) |
772 | { | 778 | { |
773 | Buffer m; | 779 | Buffer m; |
774 | int len, res; | 780 | int len; |
781 | u_int success; | ||
775 | char *p, *challenge; | 782 | char *p, *challenge; |
776 | 783 | ||
777 | debug3("%s: entering", __func__); | 784 | debug3("%s: entering", __func__); |
@@ -781,8 +788,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
781 | 788 | ||
782 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, | 789 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, |
783 | &m); | 790 | &m); |
784 | res = buffer_get_int(&m); | 791 | success = buffer_get_int(&m); |
785 | if (res == -1) { | 792 | if (success == 0) { |
786 | debug3("%s: no challenge", __func__); | 793 | debug3("%s: no challenge", __func__); |
787 | buffer_free(&m); | 794 | buffer_free(&m); |
788 | return (-1); | 795 | return (-1); |
@@ -852,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
852 | Key *key; | 859 | Key *key; |
853 | u_char *blob; | 860 | u_char *blob; |
854 | u_int blen; | 861 | u_int blen; |
855 | int allowed = 0; | 862 | int allowed = 0, have_forced = 0; |
856 | 863 | ||
857 | debug3("%s entering", __func__); | 864 | debug3("%s entering", __func__); |
858 | 865 | ||
@@ -864,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
864 | 871 | ||
865 | allowed = buffer_get_int(&m); | 872 | allowed = buffer_get_int(&m); |
866 | 873 | ||
874 | /* fake forced command */ | ||
875 | auth_clear_options(); | ||
876 | have_forced = buffer_get_int(&m); | ||
877 | forced_command = have_forced ? xstrdup("true") : NULL; | ||
878 | |||
867 | if (allowed && rkey != NULL) { | 879 | if (allowed && rkey != NULL) { |
868 | blob = buffer_get_string(&m, &blen); | 880 | blob = buffer_get_string(&m, &blen); |
869 | if ((key = key_from_blob(blob, blen)) == NULL) | 881 | if ((key = key_from_blob(blob, blen)) == NULL) |
@@ -969,7 +981,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) | |||
969 | xfree(p); | 981 | xfree(p); |
970 | } | 982 | } |
971 | buffer_free(&m); | 983 | buffer_free(&m); |
972 | return (success); | 984 | return (success); |
973 | } | 985 | } |
974 | #endif | 986 | #endif |
975 | 987 | ||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); | 25 | RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $"); |
26 | 26 | ||
27 | #include "buffer.h" | 27 | #include "buffer.h" |
28 | #include "getput.h" | 28 | #include "getput.h" |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */ | 1 | /* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 5229e7e20..8615e3633 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $ | 1 | # $Id: Makefile.in,v 1.25 2003/02/24 01:55:56 djm Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@ | |||
16 | INSTALL=@INSTALL@ | 16 | INSTALL=@INSTALL@ |
17 | LDFLAGS=-L. @LDFLAGS@ | 17 | LDFLAGS=-L. @LDFLAGS@ |
18 | 18 | ||
19 | OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o | 19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o | 21 | COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o |
22 | 22 | ||
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c index 005170b80..91a5ab0ed 100644 --- a/openbsd-compat/base64.c +++ b/openbsd-compat/base64.c | |||
@@ -44,7 +44,7 @@ | |||
44 | 44 | ||
45 | #include "includes.h" | 45 | #include "includes.h" |
46 | 46 | ||
47 | #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) | 47 | #if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) |
48 | 48 | ||
49 | #include <sys/types.h> | 49 | #include <sys/types.h> |
50 | #include <sys/param.h> | 50 | #include <sys/param.h> |
@@ -130,6 +130,7 @@ static const char Pad64 = '='; | |||
130 | characters followed by one "=" padding character. | 130 | characters followed by one "=" padding character. |
131 | */ | 131 | */ |
132 | 132 | ||
133 | #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) | ||
133 | int | 134 | int |
134 | b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) | 135 | b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) |
135 | { | 136 | { |
@@ -190,6 +191,9 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) | |||
190 | target[datalength] = '\0'; /* Returned value doesn't count \0. */ | 191 | target[datalength] = '\0'; /* Returned value doesn't count \0. */ |
191 | return (datalength); | 192 | return (datalength); |
192 | } | 193 | } |
194 | #endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ | ||
195 | |||
196 | #if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) | ||
193 | 197 | ||
194 | /* skips all whitespace anywhere. | 198 | /* skips all whitespace anywhere. |
195 | converts characters, four at a time, starting at (or after) | 199 | converts characters, four at a time, starting at (or after) |
@@ -314,4 +318,5 @@ b64_pton(char const *src, u_char *target, size_t targsize) | |||
314 | return (tarindex); | 318 | return (tarindex); |
315 | } | 319 | } |
316 | 320 | ||
317 | #endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ | 321 | #endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */ |
322 | #endif | ||
diff --git a/openbsd-compat/base64.h b/openbsd-compat/base64.h index c92e70ea0..72db3ffc7 100644 --- a/openbsd-compat/base64.h +++ b/openbsd-compat/base64.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */ | 1 | /* $Id: base64.h,v 1.4 2003/02/24 04:45:43 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _BSD_BASE64_H | 3 | #ifndef _BSD_BASE64_H |
4 | #define _BSD_BASE64_H | 4 | #define _BSD_BASE64_H |
@@ -9,10 +9,15 @@ | |||
9 | # ifndef HAVE_B64_NTOP | 9 | # ifndef HAVE_B64_NTOP |
10 | int b64_ntop(u_char const *src, size_t srclength, char *target, | 10 | int b64_ntop(u_char const *src, size_t srclength, char *target, |
11 | size_t targsize); | 11 | size_t targsize); |
12 | int b64_pton(char const *src, u_char *target, size_t targsize); | ||
13 | # endif /* !HAVE_B64_NTOP */ | 12 | # endif /* !HAVE_B64_NTOP */ |
14 | # define __b64_ntop b64_ntop | 13 | # define __b64_ntop b64_ntop |
15 | # define __b64_pton b64_pton | ||
16 | #endif /* HAVE___B64_NTOP */ | 14 | #endif /* HAVE___B64_NTOP */ |
17 | 15 | ||
16 | #ifndef HAVE___B64_PTON | ||
17 | # ifndef HAVE_B64_PTON | ||
18 | int b64_pton(char const *src, u_char *target, size_t targsize); | ||
19 | # endif /* !HAVE_B64_PTON */ | ||
20 | # define __b64_pton b64_pton | ||
21 | #endif /* HAVE___B64_PTON */ | ||
22 | |||
18 | #endif /* _BSD_BASE64_H */ | 23 | #endif /* _BSD_BASE64_H */ |
diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c new file mode 100644 index 000000000..5a3823bc5 --- /dev/null +++ b/openbsd-compat/basename.c | |||
@@ -0,0 +1,73 @@ | |||
1 | /* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> | ||
5 | * All rights reserved. | ||
6 | * | ||
7 | * Redistribution and use in source and binary forms, with or without | ||
8 | * modification, are permitted provided that the following conditions | ||
9 | * are met: | ||
10 | * 1. Redistributions of source code must retain the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer. | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in the | ||
14 | * documentation and/or other materials provided with the distribution. | ||
15 | * 3. The name of the author may not be used to endorse or promote products | ||
16 | * derived from this software without specific prior written permission. | ||
17 | * | ||
18 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | ||
19 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY | ||
20 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL | ||
21 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||
22 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||
23 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; | ||
24 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | ||
25 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR | ||
26 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | ||
27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
28 | */ | ||
29 | #include "includes.h" | ||
30 | |||
31 | #if !defined(HAVE_BASENAME) | ||
32 | |||
33 | #ifndef lint | ||
34 | static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $"; | ||
35 | #endif /* not lint */ | ||
36 | |||
37 | char * | ||
38 | basename(const char *path) | ||
39 | { | ||
40 | static char bname[MAXPATHLEN]; | ||
41 | register const char *endp, *startp; | ||
42 | |||
43 | /* Empty or NULL string gets treated as "." */ | ||
44 | if (path == NULL || *path == '\0') { | ||
45 | (void)strlcpy(bname, ".", sizeof bname); | ||
46 | return(bname); | ||
47 | } | ||
48 | |||
49 | /* Strip trailing slashes */ | ||
50 | endp = path + strlen(path) - 1; | ||
51 | while (endp > path && *endp == '/') | ||
52 | endp--; | ||
53 | |||
54 | /* All slashes become "/" */ | ||
55 | if (endp == path && *endp == '/') { | ||
56 | (void)strlcpy(bname, "/", sizeof bname); | ||
57 | return(bname); | ||
58 | } | ||
59 | |||
60 | /* Find the start of the base */ | ||
61 | startp = endp; | ||
62 | while (startp > path && *(startp - 1) != '/') | ||
63 | startp--; | ||
64 | |||
65 | if (endp - startp + 2 > sizeof(bname)) { | ||
66 | errno = ENAMETOOLONG; | ||
67 | return(NULL); | ||
68 | } | ||
69 | strlcpy(bname, startp, endp - startp + 2); | ||
70 | return(bname); | ||
71 | } | ||
72 | |||
73 | #endif /* !defined(HAVE_BASENAME) */ | ||
diff --git a/openbsd-compat/basename.h b/openbsd-compat/basename.h new file mode 100644 index 000000000..a8bd6c17c --- /dev/null +++ b/openbsd-compat/basename.h | |||
@@ -0,0 +1,12 @@ | |||
1 | /* $Id: basename.h,v 1.3 2003/02/25 03:32:16 djm Exp $ */ | ||
2 | |||
3 | #ifndef _BASENAME_H | ||
4 | #define _BASENAME_H | ||
5 | #include "config.h" | ||
6 | |||
7 | #if !defined(HAVE_BASENAME) | ||
8 | |||
9 | char *basename(const char *path); | ||
10 | |||
11 | #endif /* !defined(HAVE_BASENAME) */ | ||
12 | #endif /* _BASENAME_H */ | ||
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index ab4e1431e..dd08130d5 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c | |||
@@ -25,7 +25,7 @@ | |||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | #include "log.h" | 26 | #include "log.h" |
27 | 27 | ||
28 | RCSID("$Id: bsd-arc4random.c,v 1.5 2002/05/08 22:57:18 tim Exp $"); | 28 | RCSID("$Id: bsd-arc4random.c,v 1.6 2003/03/17 05:13:53 djm Exp $"); |
29 | 29 | ||
30 | #ifndef HAVE_ARC4RANDOM | 30 | #ifndef HAVE_ARC4RANDOM |
31 | 31 | ||
@@ -66,7 +66,7 @@ void arc4random_stir(void) | |||
66 | unsigned char rand_buf[SEED_SIZE]; | 66 | unsigned char rand_buf[SEED_SIZE]; |
67 | 67 | ||
68 | memset(&rc4, 0, sizeof(rc4)); | 68 | memset(&rc4, 0, sizeof(rc4)); |
69 | if (!RAND_bytes(rand_buf, sizeof(rand_buf))) | 69 | if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) |
70 | fatal("Couldn't obtain random bytes (error %ld)", | 70 | fatal("Couldn't obtain random bytes (error %ld)", |
71 | ERR_get_error()); | 71 | ERR_get_error()); |
72 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); | 72 | RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); |
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 8868b4364..68947c92f 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ | 2 | * $Id: bsd-cray.h,v 1.6.2.1 2003/03/21 01:07:45 mouring Exp $ |
3 | * | 3 | * |
4 | * bsd-cray.h | 4 | * bsd-cray.h |
5 | * | 5 | * |
@@ -49,6 +49,10 @@ extern char cray_tmpdir[]; /* cray tmpdir */ | |||
49 | #ifndef MAXHOSTNAMELEN | 49 | #ifndef MAXHOSTNAMELEN |
50 | #define MAXHOSTNAMELEN 64 | 50 | #define MAXHOSTNAMELEN 64 |
51 | #endif | 51 | #endif |
52 | #ifndef _CRAYT3E | ||
53 | #include <sys/ttold.h> | ||
54 | #define TIOCGPGRP (tIOC|20) | ||
55 | #endif | ||
52 | #endif | 56 | #endif |
53 | 57 | ||
54 | #endif /* _BSD_CRAY_H */ | 58 | #endif /* _BSD_CRAY_H */ |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 2396a6e6b..0fa5964bc 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -31,7 +31,7 @@ | |||
31 | 31 | ||
32 | #include "includes.h" | 32 | #include "includes.h" |
33 | 33 | ||
34 | RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $"); | 34 | RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $"); |
35 | 35 | ||
36 | #ifdef HAVE_CYGWIN | 36 | #ifdef HAVE_CYGWIN |
37 | 37 | ||
@@ -43,6 +43,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $"); | |||
43 | #define is_winnt (GetVersion() < 0x80000000) | 43 | #define is_winnt (GetVersion() < 0x80000000) |
44 | 44 | ||
45 | #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) | 45 | #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) |
46 | #define ntsec_off(c) ((c) && strstr((c),"nontsec")) | ||
46 | #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) | 47 | #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) |
47 | 48 | ||
48 | #if defined(open) && open == binary_open | 49 | #if defined(open) && open == binary_open |
@@ -74,6 +75,56 @@ int binary_pipe(int fd[2]) | |||
74 | return ret; | 75 | return ret; |
75 | } | 76 | } |
76 | 77 | ||
78 | #define HAS_CREATE_TOKEN 1 | ||
79 | #define HAS_NTSEC_BY_DEFAULT 2 | ||
80 | |||
81 | static int has_capability(int what) | ||
82 | { | ||
83 | /* has_capability() basically calls uname() and checks if | ||
84 | specific capabilities of Cygwin can be evaluated from that. | ||
85 | This simplifies the calling functions which only have to ask | ||
86 | for a capability using has_capability() instead of having | ||
87 | to figure that out by themselves. */ | ||
88 | static int inited; | ||
89 | static int has_create_token; | ||
90 | static int has_ntsec_by_default; | ||
91 | |||
92 | if (!inited) { | ||
93 | struct utsname uts; | ||
94 | char *c; | ||
95 | |||
96 | if (!uname(&uts)) { | ||
97 | int major_high = 0; | ||
98 | int major_low = 0; | ||
99 | int minor = 0; | ||
100 | int api_major_version = 0; | ||
101 | int api_minor_version = 0; | ||
102 | char *c; | ||
103 | |||
104 | sscanf(uts.release, "%d.%d.%d", &major_high, | ||
105 | &major_low, &minor); | ||
106 | c = strchr(uts.release, '('); | ||
107 | if (c) | ||
108 | sscanf(c + 1, "%d.%d", &api_major_version, | ||
109 | &api_minor_version); | ||
110 | if (major_high > 1 || | ||
111 | (major_high == 1 && (major_low > 3 || | ||
112 | (major_low == 3 && minor >= 2)))) | ||
113 | has_create_token = 1; | ||
114 | if (api_major_version > 0 || api_minor_version >= 56) | ||
115 | has_ntsec_by_default = 1; | ||
116 | inited = 1; | ||
117 | } | ||
118 | } | ||
119 | switch (what) { | ||
120 | case HAS_CREATE_TOKEN: | ||
121 | return has_create_token; | ||
122 | case HAS_NTSEC_BY_DEFAULT: | ||
123 | return has_ntsec_by_default; | ||
124 | } | ||
125 | return 0; | ||
126 | } | ||
127 | |||
77 | int check_nt_auth(int pwd_authenticated, struct passwd *pw) | 128 | int check_nt_auth(int pwd_authenticated, struct passwd *pw) |
78 | { | 129 | { |
79 | /* | 130 | /* |
@@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, struct passwd *pw) | |||
93 | return 0; | 144 | return 0; |
94 | if (is_winnt) { | 145 | if (is_winnt) { |
95 | if (has_create_token < 0) { | 146 | if (has_create_token < 0) { |
96 | struct utsname uts; | ||
97 | int major_high = 0, major_low = 0, minor = 0; | ||
98 | char *cygwin = getenv("CYGWIN"); | 147 | char *cygwin = getenv("CYGWIN"); |
99 | 148 | ||
100 | has_create_token = 0; | 149 | has_create_token = 0; |
101 | if (ntsec_on(cygwin) && !uname(&uts)) { | 150 | if (has_capability(HAS_CREATE_TOKEN) && |
102 | sscanf(uts.release, "%d.%d.%d", | 151 | (ntsec_on(cygwin) || |
103 | &major_high, &major_low, &minor); | 152 | (has_capability(HAS_NTSEC_BY_DEFAULT) && |
104 | if (major_high > 1 || | 153 | !ntsec_off(cygwin)))) |
105 | (major_high == 1 && (major_low > 3 || | 154 | has_create_token = 1; |
106 | (major_low == 3 && minor >= 2)))) | ||
107 | has_create_token = 1; | ||
108 | } | ||
109 | } | 155 | } |
110 | if (has_create_token < 1 && | 156 | if (has_create_token < 1 && |
111 | !pwd_authenticated && geteuid() != pw->pw_uid) | 157 | !pwd_authenticated && geteuid() != pw->pw_uid) |
@@ -128,7 +174,9 @@ int check_ntsec(const char *filename) | |||
128 | /* Evaluate current CYGWIN settings. */ | 174 | /* Evaluate current CYGWIN settings. */ |
129 | cygwin = getenv("CYGWIN"); | 175 | cygwin = getenv("CYGWIN"); |
130 | allow_ntea = ntea_on(cygwin); | 176 | allow_ntea = ntea_on(cygwin); |
131 | allow_ntsec = ntsec_on(cygwin); | 177 | allow_ntsec = ntsec_on(cygwin) || |
178 | (has_capability(HAS_NTSEC_BY_DEFAULT) && | ||
179 | !ntsec_off(cygwin)); | ||
132 | 180 | ||
133 | /* | 181 | /* |
134 | * `ntea' is an emulation of POSIX attributes. It doesn't support | 182 | * `ntea' is an emulation of POSIX attributes. It doesn't support |
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c index c7876823d..3f554e72a 100644 --- a/openbsd-compat/bsd-getpeereid.c +++ b/openbsd-compat/bsd-getpeereid.c | |||
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $"); | 27 | RCSID("$Id: bsd-getpeereid.c,v 1.1.4.1 2003/03/26 05:02:47 djm Exp $"); |
28 | 28 | ||
29 | #if !defined(HAVE_GETPEEREID) | 29 | #if !defined(HAVE_GETPEEREID) |
30 | 30 | ||
@@ -33,7 +33,7 @@ int | |||
33 | getpeereid(int s, uid_t *euid, gid_t *gid) | 33 | getpeereid(int s, uid_t *euid, gid_t *gid) |
34 | { | 34 | { |
35 | struct ucred cred; | 35 | struct ucred cred; |
36 | size_t len = sizeof(cred); | 36 | socklen_t len = sizeof(cred); |
37 | 37 | ||
38 | if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) | 38 | if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) |
39 | return (-1); | 39 | return (-1); |
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 1c1e43a52..b8e9996d5 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c | |||
@@ -23,15 +23,20 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | #include "xmalloc.h" | ||
26 | 27 | ||
27 | RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $"); | 28 | RCSID("$Id: bsd-misc.c,v 1.12 2003/03/18 18:21:41 tim Exp $"); |
28 | 29 | ||
30 | /* | ||
31 | * NB. duplicate __progname in case it is an alias for argv[0] | ||
32 | * Otherwise it may get clobbered by setproctitle() | ||
33 | */ | ||
29 | char *get_progname(char *argv0) | 34 | char *get_progname(char *argv0) |
30 | { | 35 | { |
31 | #ifdef HAVE___PROGNAME | 36 | #ifdef HAVE___PROGNAME |
32 | extern char *__progname; | 37 | extern char *__progname; |
33 | 38 | ||
34 | return __progname; | 39 | return xstrdup(__progname); |
35 | #else | 40 | #else |
36 | char *p; | 41 | char *p; |
37 | 42 | ||
@@ -42,7 +47,8 @@ char *get_progname(char *argv0) | |||
42 | p = argv0; | 47 | p = argv0; |
43 | else | 48 | else |
44 | p++; | 49 | p++; |
45 | return p; | 50 | |
51 | return xstrdup(p); | ||
46 | #endif | 52 | #endif |
47 | } | 53 | } |
48 | 54 | ||
@@ -129,3 +135,34 @@ setgroups(size_t size, const gid_t *list) | |||
129 | } | 135 | } |
130 | #endif | 136 | #endif |
131 | 137 | ||
138 | #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) | ||
139 | int nanosleep(const struct timespec *req, struct timespec *rem) | ||
140 | { | ||
141 | int rc, saverrno; | ||
142 | extern int errno; | ||
143 | struct timeval tstart, tstop, tremain, time2wait; | ||
144 | |||
145 | TIMESPEC_TO_TIMEVAL(&time2wait, req) | ||
146 | (void) gettimeofday(&tstart, NULL); | ||
147 | rc = select(0, NULL, NULL, NULL, &time2wait); | ||
148 | if (rc == -1) { | ||
149 | saverrno = errno; | ||
150 | (void) gettimeofday (&tstop, NULL); | ||
151 | errno = saverrno; | ||
152 | tremain.tv_sec = time2wait.tv_sec - | ||
153 | (tstop.tv_sec - tstart.tv_sec); | ||
154 | tremain.tv_usec = time2wait.tv_usec - | ||
155 | (tstop.tv_usec - tstart.tv_usec); | ||
156 | tremain.tv_sec += tremain.tv_usec / 1000000L; | ||
157 | tremain.tv_usec %= 1000000L; | ||
158 | } else { | ||
159 | tremain.tv_sec = 0; | ||
160 | tremain.tv_usec = 0; | ||
161 | } | ||
162 | TIMEVAL_TO_TIMESPEC(&tremain, rem) | ||
163 | |||
164 | return(rc); | ||
165 | } | ||
166 | |||
167 | #endif | ||
168 | |||
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 981196044..78d9ccdd4 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* $Id: bsd-misc.h,v 1.6 2002/06/13 21:34:58 mouring Exp $ */ | 25 | /* $Id: bsd-misc.h,v 1.7 2003/03/18 18:21:41 tim Exp $ */ |
26 | 26 | ||
27 | #ifndef _BSD_MISC_H | 27 | #ifndef _BSD_MISC_H |
28 | #define _BSD_MISC_H | 28 | #define _BSD_MISC_H |
@@ -80,5 +80,14 @@ int truncate (const char *path, off_t length); | |||
80 | int setgroups(size_t size, const gid_t *list); | 80 | int setgroups(size_t size, const gid_t *list); |
81 | #endif | 81 | #endif |
82 | 82 | ||
83 | #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) | ||
84 | #ifndef HAVE_STRUCT_TIMESPEC | ||
85 | struct timespec { | ||
86 | time_t tv_sec; | ||
87 | long tv_nsec; | ||
88 | }; | ||
89 | #endif | ||
90 | int nanosleep(const struct timespec *req, struct timespec *rem); | ||
91 | #endif | ||
83 | 92 | ||
84 | #endif /* _BSD_MISC_H */ | 93 | #endif /* _BSD_MISC_H */ |
diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c index 67e9eb788..bc58f30a6 100644 --- a/openbsd-compat/fake-getaddrinfo.c +++ b/openbsd-compat/fake-getaddrinfo.c | |||
@@ -12,7 +12,7 @@ | |||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | #include "ssh.h" | 13 | #include "ssh.h" |
14 | 14 | ||
15 | RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $"); | 15 | RCSID("$Id: fake-getaddrinfo.c,v 1.4.2.1 2003/03/26 05:03:06 djm Exp $"); |
16 | 16 | ||
17 | #ifndef HAVE_GAI_STRERROR | 17 | #ifndef HAVE_GAI_STRERROR |
18 | char *gai_strerror(int ecode) | 18 | char *gai_strerror(int ecode) |
@@ -67,16 +67,30 @@ int getaddrinfo(const char *hostname, const char *servname, | |||
67 | { | 67 | { |
68 | struct addrinfo *cur, *prev = NULL; | 68 | struct addrinfo *cur, *prev = NULL; |
69 | struct hostent *hp; | 69 | struct hostent *hp; |
70 | struct servent *sp; | ||
70 | struct in_addr in; | 71 | struct in_addr in; |
71 | int i, port; | 72 | int i; |
73 | long int port; | ||
74 | u_long addr; | ||
72 | 75 | ||
73 | if (servname) | 76 | port = 0; |
74 | port = htons(atoi(servname)); | 77 | if (servname != NULL) { |
75 | else | 78 | char *cp; |
76 | port = 0; | 79 | |
80 | port = strtol(servname, &cp, 10); | ||
81 | if (port > 0 && port <= 65535 && *cp == '\0') | ||
82 | port = htons(port); | ||
83 | else if ((sp = getservbyname(servname, NULL)) != NULL) | ||
84 | port = sp->s_port; | ||
85 | else | ||
86 | port = 0; | ||
87 | } | ||
77 | 88 | ||
78 | if (hints && hints->ai_flags & AI_PASSIVE) { | 89 | if (hints && hints->ai_flags & AI_PASSIVE) { |
79 | if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) | 90 | addr = htonl(0x00000000); |
91 | if (hostname && inet_aton(hostname, &in) != 0) | ||
92 | addr = in.s_addr; | ||
93 | if (NULL != (*res = malloc_ai(port, addr))) | ||
80 | return 0; | 94 | return 0; |
81 | else | 95 | else |
82 | return EAI_MEMORY; | 96 | return EAI_MEMORY; |
diff --git a/openbsd-compat/fake-getaddrinfo.h b/openbsd-compat/fake-getaddrinfo.h index afd0226e2..6943378e9 100644 --- a/openbsd-compat/fake-getaddrinfo.h +++ b/openbsd-compat/fake-getaddrinfo.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: fake-getaddrinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ | 1 | /* $Id: fake-getaddrinfo.h,v 1.4 2003/02/24 01:35:09 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _FAKE_GETADDRINFO_H | 3 | #ifndef _FAKE_GETADDRINFO_H |
4 | #define _FAKE_GETADDRINFO_H | 4 | #define _FAKE_GETADDRINFO_H |
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index 6fd8543a5..f4b98e824 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c | |||
@@ -29,7 +29,7 @@ | |||
29 | #if !defined(HAVE_GETCWD) | 29 | #if !defined(HAVE_GETCWD) |
30 | 30 | ||
31 | #if defined(LIBC_SCCS) && !defined(lint) | 31 | #if defined(LIBC_SCCS) && !defined(lint) |
32 | static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $"; | 32 | static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $"; |
33 | #endif /* LIBC_SCCS and not lint */ | 33 | #endif /* LIBC_SCCS and not lint */ |
34 | 34 | ||
35 | #include <sys/param.h> | 35 | #include <sys/param.h> |
@@ -127,7 +127,7 @@ getcwd(char *pt,size_t size) | |||
127 | /* | 127 | /* |
128 | * Build pointer to the parent directory, allocating memory | 128 | * Build pointer to the parent directory, allocating memory |
129 | * as necessary. Max length is 3 for "../", the largest | 129 | * as necessary. Max length is 3 for "../", the largest |
130 | * possible component name, plus a trailing NULL. | 130 | * possible component name, plus a trailing NUL. |
131 | */ | 131 | */ |
132 | if (bup + 3 + MAXNAMLEN + 1 >= eup) { | 132 | if (bup + 3 + MAXNAMLEN + 1 >= eup) { |
133 | char *nup; | 133 | char *nup; |
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c index 4a5cfe5f0..a3fe807ee 100644 --- a/openbsd-compat/getopt.c +++ b/openbsd-compat/getopt.c | |||
@@ -35,7 +35,7 @@ | |||
35 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | 35 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) |
36 | 36 | ||
37 | #if defined(LIBC_SCCS) && !defined(lint) | 37 | #if defined(LIBC_SCCS) && !defined(lint) |
38 | static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; | 38 | static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $"; |
39 | #endif /* LIBC_SCCS and not lint */ | 39 | #endif /* LIBC_SCCS and not lint */ |
40 | 40 | ||
41 | #include <stdio.h> | 41 | #include <stdio.h> |
@@ -66,6 +66,9 @@ BSDgetopt(nargc, nargv, ostr) | |||
66 | static char *place = EMSG; /* option letter processing */ | 66 | static char *place = EMSG; /* option letter processing */ |
67 | char *oli; /* option letter list index */ | 67 | char *oli; /* option letter list index */ |
68 | 68 | ||
69 | if (ostr == NULL) | ||
70 | return (-1); | ||
71 | |||
69 | if (BSDoptreset || !*place) { /* update scanning pointer */ | 72 | if (BSDoptreset || !*place) { /* update scanning pointer */ |
70 | BSDoptreset = 0; | 73 | BSDoptreset = 0; |
71 | if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { | 74 | if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { |
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index d256ee448..c951050c0 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c | |||
@@ -36,7 +36,7 @@ | |||
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | 38 | ||
39 | #ifndef HAVE_MKDTEMP | 39 | #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) |
40 | 40 | ||
41 | #if defined(LIBC_SCCS) && !defined(lint) | 41 | #if defined(LIBC_SCCS) && !defined(lint) |
42 | static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $"; | 42 | static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $"; |
@@ -181,4 +181,4 @@ _gettemp(path, doopen, domkdir, slen) | |||
181 | /*NOTREACHED*/ | 181 | /*NOTREACHED*/ |
182 | } | 182 | } |
183 | 183 | ||
184 | #endif /* !HAVE_MKDTEMP */ | 184 | #endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ |
diff --git a/openbsd-compat/mktemp.h b/openbsd-compat/mktemp.h index 6a96f6fa6..505ca6a1f 100644 --- a/openbsd-compat/mktemp.h +++ b/openbsd-compat/mktemp.h | |||
@@ -1,13 +1,13 @@ | |||
1 | /* $Id: mktemp.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ | 1 | /* $Id: mktemp.h,v 1.3 2003/01/07 04:18:33 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _BSD_MKTEMP_H | 3 | #ifndef _BSD_MKTEMP_H |
4 | #define _BSD_MKTEMP_H | 4 | #define _BSD_MKTEMP_H |
5 | 5 | ||
6 | #include "config.h" | 6 | #include "config.h" |
7 | #ifndef HAVE_MKDTEMP | 7 | #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) |
8 | int mkstemps(char *path, int slen); | 8 | int mkstemps(char *path, int slen); |
9 | int mkstemp(char *path); | 9 | int mkstemp(char *path); |
10 | char *mkdtemp(char *path); | 10 | char *mkdtemp(char *path); |
11 | #endif /* !HAVE_MKDTEMP */ | 11 | #endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ |
12 | 12 | ||
13 | #endif /* _BSD_MKTEMP_H */ | 13 | #endif /* _BSD_MKTEMP_H */ |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index ae18afd34..c3e19b9cb 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.19 2003/02/24 01:55:56 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _OPENBSD_H | 3 | #ifndef _OPENBSD_H |
4 | #define _OPENBSD_H | 4 | #define _OPENBSD_H |
@@ -6,6 +6,7 @@ | |||
6 | #include "config.h" | 6 | #include "config.h" |
7 | 7 | ||
8 | /* OpenBSD function replacements */ | 8 | /* OpenBSD function replacements */ |
9 | #include "basename.h" | ||
9 | #include "bindresvport.h" | 10 | #include "bindresvport.h" |
10 | #include "getcwd.h" | 11 | #include "getcwd.h" |
11 | #include "realpath.h" | 12 | #include "realpath.h" |
@@ -26,6 +27,7 @@ | |||
26 | #include "glob.h" | 27 | #include "glob.h" |
27 | #include "readpassphrase.h" | 28 | #include "readpassphrase.h" |
28 | #include "getopt.h" | 29 | #include "getopt.h" |
30 | #include "vis.h" | ||
29 | 31 | ||
30 | /* Home grown routines */ | 32 | /* Home grown routines */ |
31 | #include "bsd-arc4random.h" | 33 | #include "bsd-arc4random.h" |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 79570a206..4abe00316 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -25,5 +25,16 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #ifdef _AIX | 27 | #ifdef _AIX |
28 | |||
29 | /* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ | ||
30 | #if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) | ||
31 | # define nanosleep(a,b) nsleep(a,b) | ||
32 | #endif | ||
33 | |||
34 | /* For struct timespec on AIX 4.2.x */ | ||
35 | #ifdef HAVE_SYS_TIMERS_H | ||
36 | # include <sys/timers.h> | ||
37 | #endif | ||
38 | |||
28 | void aix_usrinfo(struct passwd *pw); | 39 | void aix_usrinfo(struct passwd *pw); |
29 | #endif /* _AIX */ | 40 | #endif /* _AIX */ |
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 1dff15c73..e5c5de62e 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c | |||
@@ -35,12 +35,14 @@ | |||
35 | #ifndef HAVE_SETENV | 35 | #ifndef HAVE_SETENV |
36 | 36 | ||
37 | #if defined(LIBC_SCCS) && !defined(lint) | 37 | #if defined(LIBC_SCCS) && !defined(lint) |
38 | static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $"; | 38 | static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $"; |
39 | #endif /* LIBC_SCCS and not lint */ | 39 | #endif /* LIBC_SCCS and not lint */ |
40 | 40 | ||
41 | #include <stdlib.h> | 41 | #include <stdlib.h> |
42 | #include <string.h> | 42 | #include <string.h> |
43 | 43 | ||
44 | char *__findenv(const char *name, int *offset); | ||
45 | |||
44 | /* | 46 | /* |
45 | * __findenv -- | 47 | * __findenv -- |
46 | * Returns pointer to value associated with name, if any, else NULL. | 48 | * Returns pointer to value associated with name, if any, else NULL. |
@@ -92,7 +94,6 @@ setenv(name, value, rewrite) | |||
92 | static int alloced; /* if allocated space before */ | 94 | static int alloced; /* if allocated space before */ |
93 | register char *C; | 95 | register char *C; |
94 | int l_value, offset; | 96 | int l_value, offset; |
95 | char *__findenv(); | ||
96 | 97 | ||
97 | if (*value == '=') /* no `=' in value */ | 98 | if (*value == '=') /* no `=' in value */ |
98 | ++value; | 99 | ++value; |
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index e165dd13c..07af7e9c0 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c | |||
@@ -1,102 +1,243 @@ | |||
1 | /* | 1 | /* |
2 | * Modified for OpenSSH by Kevin Steves | 2 | * Based on src/backend/utils/misc/pg_status.c from |
3 | * October 2000 | 3 | * PostgreSQL Database Management System |
4 | * | ||
5 | * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group | ||
6 | * | ||
7 | * Portions Copyright (c) 1994, The Regents of the University of California | ||
8 | * | ||
9 | * Permission to use, copy, modify, and distribute this software and its | ||
10 | * documentation for any purpose, without fee, and without a written agreement | ||
11 | * is hereby granted, provided that the above copyright notice and this | ||
12 | * paragraph and the following two paragraphs appear in all copies. | ||
13 | * | ||
14 | * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR | ||
15 | * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING | ||
16 | * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS | ||
17 | * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE | ||
18 | * POSSIBILITY OF SUCH DAMAGE. | ||
19 | * | ||
20 | * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, | ||
21 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY | ||
22 | * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS | ||
23 | * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO | ||
24 | * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. | ||
4 | */ | 25 | */ |
5 | 26 | ||
6 | /* | 27 | /*-------------------------------------------------------------------- |
7 | * Copyright (c) 1994, 1995 Christopher G. Demetriou | 28 | * ps_status.c |
8 | * All rights reserved. | 29 | * |
30 | * Routines to support changing the ps display of PostgreSQL backends | ||
31 | * to contain some useful information. Mechanism differs wildly across | ||
32 | * platforms. | ||
9 | * | 33 | * |
10 | * Redistribution and use in source and binary forms, with or without | 34 | * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.5 2003/01/20 02:15:11 djm Exp $ |
11 | * modification, are permitted provided that the following conditions | ||
12 | * are met: | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in the | ||
17 | * documentation and/or other materials provided with the distribution. | ||
18 | * 3. All advertising materials mentioning features or use of this software | ||
19 | * must display the following acknowledgement: | ||
20 | * This product includes software developed by Christopher G. Demetriou | ||
21 | * for the NetBSD Project. | ||
22 | * 4. The name of the author may not be used to endorse or promote products | ||
23 | * derived from this software without specific prior written permission | ||
24 | * | 35 | * |
25 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 36 | * Copyright 2000 by PostgreSQL Global Development Group |
26 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 37 | * various details abducted from various places |
27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 38 | *-------------------------------------------------------------------- |
28 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
29 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
30 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
31 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
32 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
33 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
34 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
35 | */ | 39 | */ |
36 | 40 | ||
37 | #if defined(LIBC_SCCS) && !defined(lint) | ||
38 | static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $"; | ||
39 | #endif /* LIBC_SCCS and not lint */ | ||
40 | |||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | 42 | ||
43 | #ifndef HAVE_SETPROCTITLE | 43 | #ifndef HAVE_SETPROCTITLE |
44 | 44 | ||
45 | #define SPT_NONE 0 | 45 | #include <unistd.h> |
46 | #define SPT_PSTAT 1 | 46 | #ifdef HAVE_SYS_PSTAT_H |
47 | #include <sys/pstat.h> /* for HP-UX */ | ||
48 | #endif | ||
49 | #ifdef HAVE_PS_STRINGS | ||
50 | #include <machine/vmparam.h> /* for old BSD */ | ||
51 | #include <sys/exec.h> | ||
52 | #endif | ||
53 | |||
54 | /*------ | ||
55 | * Alternative ways of updating ps display: | ||
56 | * | ||
57 | * SETPROCTITLE_STRATEGY == PS_USE_PSTAT | ||
58 | * use the pstat(PSTAT_SETCMD, ) | ||
59 | * (HPUX) | ||
60 | * SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS | ||
61 | * assign PS_STRINGS->ps_argvstr = "string" | ||
62 | * (some BSD systems) | ||
63 | * SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV | ||
64 | * assign argv[0] = "string" | ||
65 | * (some other BSD systems) | ||
66 | * SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
67 | * write over the argv and environment area | ||
68 | * (most SysV-like systems) | ||
69 | * SETPROCTITLE_STRATEGY == PS_USE_NONE | ||
70 | * don't update ps display | ||
71 | * (This is the default, as it is safest.) | ||
72 | */ | ||
73 | |||
74 | #define PS_USE_NONE 0 | ||
75 | #define PS_USE_PSTAT 1 | ||
76 | #define PS_USE_PS_STRINGS 2 | ||
77 | #define PS_USE_CHANGE_ARGV 3 | ||
78 | #define PS_USE_CLOBBER_ARGV 4 | ||
47 | 79 | ||
48 | #ifndef SPT_TYPE | 80 | #ifndef SETPROCTITLE_STRATEGY |
49 | #define SPT_TYPE SPT_NONE | 81 | # define SETPROCTITLE_STRATEGY PS_USE_NONE |
50 | #endif | 82 | #endif |
51 | 83 | ||
52 | #if SPT_TYPE == SPT_PSTAT | 84 | #ifndef SETPROCTITLE_PS_PADDING |
53 | #include <sys/param.h> | 85 | # define SETPROCTITLE_PS_PADDING ' ' |
54 | #include <sys/pstat.h> | 86 | #endif |
55 | #endif /* SPT_TYPE == SPT_PSTAT */ | 87 | #endif /* HAVE_SETPROCTITLE */ |
56 | 88 | ||
57 | #define MAX_PROCTITLE 2048 | 89 | extern char **environ; |
90 | |||
91 | /* | ||
92 | * argv clobbering uses existing argv space, all other methods need a buffer | ||
93 | */ | ||
94 | #if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV | ||
95 | static char ps_buffer[256]; | ||
96 | static const size_t ps_buffer_size = sizeof(ps_buffer); | ||
97 | #else | ||
98 | static char *ps_buffer; /* will point to argv area */ | ||
99 | static size_t ps_buffer_size; /* space determined at run time */ | ||
100 | #endif | ||
101 | |||
102 | /* save the original argv[] location here */ | ||
103 | static int save_argc; | ||
104 | static char **save_argv; | ||
58 | 105 | ||
59 | extern char *__progname; | 106 | extern char *__progname; |
60 | 107 | ||
108 | #ifndef HAVE_SETPROCTITLE | ||
61 | /* | 109 | /* |
62 | * Set Process Title (SPT) defines. Modeled after sendmail's | 110 | * Call this to update the ps status display to a fixed prefix plus an |
63 | * SPT type definition strategy. | 111 | * indication of what you're currently doing passed in the argument. |
64 | * | ||
65 | * SPT_TYPE: | ||
66 | * | ||
67 | * SPT_NONE: Don't set the process title. Default. | ||
68 | * SPT_PSTAT: Use pstat(PSTAT_SETCMD). HP-UX specific. | ||
69 | */ | 112 | */ |
70 | |||
71 | void | 113 | void |
72 | setproctitle(const char *fmt, ...) | 114 | setproctitle(const char *fmt, ...) |
73 | { | 115 | { |
74 | #if SPT_TYPE != SPT_NONE | 116 | #if SETPROCTITLE_STRATEGY == PS_USE_PSTAT |
117 | union pstun pst; | ||
118 | #endif | ||
119 | #if SETPROCTITLE_STRATEGY != PS_USE_NONE | ||
120 | ssize_t used; | ||
75 | va_list ap; | 121 | va_list ap; |
76 | |||
77 | char buf[MAX_PROCTITLE]; | ||
78 | size_t used; | ||
79 | 122 | ||
80 | #if SPT_TYPE == SPT_PSTAT | 123 | /* no ps display if you didn't call save_ps_display_args() */ |
81 | union pstun pst; | 124 | if (save_argv == NULL) |
82 | #endif /* SPT_TYPE == SPT_PSTAT */ | 125 | return; |
126 | #if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
127 | /* If ps_buffer is a pointer, it might still be null */ | ||
128 | if (ps_buffer == NULL) | ||
129 | return; | ||
130 | #endif /* PS_USE_CLOBBER_ARGV */ | ||
131 | |||
132 | /* | ||
133 | * Overwrite argv[] to point at appropriate space, if needed | ||
134 | */ | ||
135 | #if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV | ||
136 | save_argv[0] = ps_buffer; | ||
137 | save_argv[1] = NULL; | ||
138 | #endif /* PS_USE_CHANGE_ARGV */ | ||
139 | |||
140 | #if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
141 | save_argv[1] = NULL; | ||
142 | #endif /* PS_USE_CLOBBER_ARGV */ | ||
143 | |||
144 | /* | ||
145 | * Make fixed prefix of ps display. | ||
146 | */ | ||
83 | 147 | ||
84 | va_start(ap, fmt); | 148 | va_start(ap, fmt); |
85 | if (fmt != NULL) { | 149 | if (fmt == NULL) |
86 | used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname); | 150 | snprintf(ps_buffer, ps_buffer_size, "%s", __progname); |
87 | if (used >= MAX_PROCTITLE) | 151 | else { |
88 | used = MAX_PROCTITLE - 1; | 152 | used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname); |
89 | (void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap); | 153 | if (used == -1 || used >= ps_buffer_size) |
90 | } else | 154 | used = ps_buffer_size; |
91 | (void)snprintf(buf, MAX_PROCTITLE, "%s", __progname); | 155 | vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap); |
156 | } | ||
92 | va_end(ap); | 157 | va_end(ap); |
93 | used = strlen(buf); | ||
94 | 158 | ||
95 | #if SPT_TYPE == SPT_PSTAT | 159 | #if SETPROCTITLE_STRATEGY == PS_USE_PSTAT |
96 | pst.pst_command = buf; | 160 | pst.pst_command = ps_buffer; |
97 | pstat(PSTAT_SETCMD, pst, used, 0, 0); | 161 | pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0); |
98 | #endif /* SPT_TYPE == SPT_PSTAT */ | 162 | #endif /* PS_USE_PSTAT */ |
99 | 163 | ||
100 | #endif /* SPT_TYPE != SPT_NONE */ | 164 | #if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS |
165 | PS_STRINGS->ps_nargvstr = 1; | ||
166 | PS_STRINGS->ps_argvstr = ps_buffer; | ||
167 | #endif /* PS_USE_PS_STRINGS */ | ||
168 | |||
169 | #if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
170 | /* pad unused memory */ | ||
171 | used = strlen(ps_buffer); | ||
172 | memset(ps_buffer + used, SETPROCTITLE_PS_PADDING, | ||
173 | ps_buffer_size - used); | ||
174 | #endif /* PS_USE_CLOBBER_ARGV */ | ||
175 | |||
176 | #endif /* PS_USE_NONE */ | ||
101 | } | 177 | } |
178 | |||
102 | #endif /* HAVE_SETPROCTITLE */ | 179 | #endif /* HAVE_SETPROCTITLE */ |
180 | |||
181 | /* | ||
182 | * Call this early in startup to save the original argc/argv values. | ||
183 | * | ||
184 | * argv[] will not be overwritten by this routine, but may be overwritten | ||
185 | * during setproctitle. Also, the physical location of the environment | ||
186 | * strings may be moved, so this should be called before any code that | ||
187 | * might try to hang onto a getenv() result. | ||
188 | */ | ||
189 | void | ||
190 | compat_init_setproctitle(int argc, char *argv[]) | ||
191 | { | ||
192 | #if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
193 | char *end_of_area = NULL; | ||
194 | char **new_environ; | ||
195 | int i; | ||
196 | #endif | ||
197 | |||
198 | save_argc = argc; | ||
199 | save_argv = argv; | ||
200 | |||
201 | #if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV | ||
202 | /* | ||
203 | * If we're going to overwrite the argv area, count the available | ||
204 | * space. Also move the environment to make additional room. | ||
205 | */ | ||
206 | |||
207 | /* | ||
208 | * check for contiguous argv strings | ||
209 | */ | ||
210 | for (i = 0; i < argc; i++) { | ||
211 | if (i == 0 || end_of_area + 1 == argv[i]) | ||
212 | end_of_area = argv[i] + strlen(argv[i]); | ||
213 | } | ||
214 | |||
215 | /* probably can't happen? */ | ||
216 | if (end_of_area == NULL) { | ||
217 | ps_buffer = NULL; | ||
218 | ps_buffer_size = 0; | ||
219 | return; | ||
220 | } | ||
221 | |||
222 | /* | ||
223 | * check for contiguous environ strings following argv | ||
224 | */ | ||
225 | for (i = 0; environ[i] != NULL; i++) { | ||
226 | if (end_of_area + 1 == environ[i]) | ||
227 | end_of_area = environ[i] + strlen(environ[i]); | ||
228 | } | ||
229 | |||
230 | ps_buffer = argv[0]; | ||
231 | ps_buffer_size = end_of_area - argv[0] - 1; | ||
232 | |||
233 | /* | ||
234 | * Duplicate and move the environment out of the way | ||
235 | */ | ||
236 | new_environ = malloc(sizeof(char *) * (i + 1)); | ||
237 | for (i = 0; environ[i] != NULL; i++) | ||
238 | new_environ[i] = strdup(environ[i]); | ||
239 | new_environ[i] = NULL; | ||
240 | environ = new_environ; | ||
241 | #endif /* PS_USE_CLOBBER_ARGV */ | ||
242 | } | ||
243 | |||
diff --git a/openbsd-compat/setproctitle.h b/openbsd-compat/setproctitle.h index 8261bd0ee..48d26c6ea 100644 --- a/openbsd-compat/setproctitle.h +++ b/openbsd-compat/setproctitle.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: setproctitle.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ | 1 | /* $Id: setproctitle.h,v 1.3 2003/01/09 22:53:13 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _BSD_SETPROCTITLE_H | 3 | #ifndef _BSD_SETPROCTITLE_H |
4 | #define _BSD_SETPROCTITLE_H | 4 | #define _BSD_SETPROCTITLE_H |
@@ -7,6 +7,7 @@ | |||
7 | 7 | ||
8 | #ifndef HAVE_SETPROCTITLE | 8 | #ifndef HAVE_SETPROCTITLE |
9 | void setproctitle(const char *fmt, ...); | 9 | void setproctitle(const char *fmt, ...); |
10 | void compat_init_setproctitle(int argc, char *argv[]); | ||
10 | #endif | 11 | #endif |
11 | 12 | ||
12 | #endif /* _BSD_SETPROCTITLE_H */ | 13 | #endif /* _BSD_SETPROCTITLE_H */ |
diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h index 0a58710c9..927ca04cd 100644 --- a/openbsd-compat/sys-tree.h +++ b/openbsd-compat/sys-tree.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */ | 1 | /* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * All rights reserved. | 4 | * All rights reserved. |
@@ -343,12 +343,13 @@ struct { \ | |||
343 | RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ | 343 | RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ |
344 | else \ | 344 | else \ |
345 | RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ | 345 | RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ |
346 | RB_AUGMENT(RB_PARENT(elm, field)); \ | ||
347 | } else \ | 346 | } else \ |
348 | (head)->rbh_root = (tmp); \ | 347 | (head)->rbh_root = (tmp); \ |
349 | RB_LEFT(tmp, field) = (elm); \ | 348 | RB_LEFT(tmp, field) = (elm); \ |
350 | RB_PARENT(elm, field) = (tmp); \ | 349 | RB_PARENT(elm, field) = (tmp); \ |
351 | RB_AUGMENT(tmp); \ | 350 | RB_AUGMENT(tmp); \ |
351 | if ((RB_PARENT(tmp, field))) \ | ||
352 | RB_AUGMENT(RB_PARENT(tmp, field)); \ | ||
352 | } while (0) | 353 | } while (0) |
353 | 354 | ||
354 | #define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ | 355 | #define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ |
@@ -362,12 +363,13 @@ struct { \ | |||
362 | RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ | 363 | RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ |
363 | else \ | 364 | else \ |
364 | RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ | 365 | RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ |
365 | RB_AUGMENT(RB_PARENT(elm, field)); \ | ||
366 | } else \ | 366 | } else \ |
367 | (head)->rbh_root = (tmp); \ | 367 | (head)->rbh_root = (tmp); \ |
368 | RB_RIGHT(tmp, field) = (elm); \ | 368 | RB_RIGHT(tmp, field) = (elm); \ |
369 | RB_PARENT(elm, field) = (tmp); \ | 369 | RB_PARENT(elm, field) = (tmp); \ |
370 | RB_AUGMENT(tmp); \ | 370 | RB_AUGMENT(tmp); \ |
371 | if ((RB_PARENT(tmp, field))) \ | ||
372 | RB_AUGMENT(RB_PARENT(tmp, field)); \ | ||
371 | } while (0) | 373 | } while (0) |
372 | 374 | ||
373 | /* Generates prototypes and inline functions */ | 375 | /* Generates prototypes and inline functions */ |
diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c new file mode 100644 index 000000000..fc5741390 --- /dev/null +++ b/openbsd-compat/vis.c | |||
@@ -0,0 +1,232 @@ | |||
1 | /*- | ||
2 | * Copyright (c) 1989, 1993 | ||
3 | * The Regents of the University of California. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * 3. All advertising materials mentioning features or use of this software | ||
14 | * must display the following acknowledgement: | ||
15 | * This product includes software developed by the University of | ||
16 | * California, Berkeley and its contributors. | ||
17 | * 4. Neither the name of the University nor the names of its contributors | ||
18 | * may be used to endorse or promote products derived from this software | ||
19 | * without specific prior written permission. | ||
20 | * | ||
21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | ||
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | ||
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
31 | * SUCH DAMAGE. | ||
32 | */ | ||
33 | #include "config.h" | ||
34 | #if !defined(HAVE_STRNVIS) | ||
35 | |||
36 | #if defined(LIBC_SCCS) && !defined(lint) | ||
37 | static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $"; | ||
38 | #endif /* LIBC_SCCS and not lint */ | ||
39 | |||
40 | #include <ctype.h> | ||
41 | |||
42 | #include "vis.h" | ||
43 | |||
44 | #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') | ||
45 | #define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ | ||
46 | isgraph((u_char)(c))) || \ | ||
47 | ((flag & VIS_SP) == 0 && (c) == ' ') || \ | ||
48 | ((flag & VIS_TAB) == 0 && (c) == '\t') || \ | ||
49 | ((flag & VIS_NL) == 0 && (c) == '\n') || \ | ||
50 | ((flag & VIS_SAFE) && \ | ||
51 | ((c) == '\b' || (c) == '\007' || (c) == '\r'))) | ||
52 | |||
53 | /* | ||
54 | * vis - visually encode characters | ||
55 | */ | ||
56 | char * | ||
57 | vis(dst, c, flag, nextc) | ||
58 | register char *dst; | ||
59 | int c, nextc; | ||
60 | register int flag; | ||
61 | { | ||
62 | if (isvisible(c)) { | ||
63 | *dst++ = c; | ||
64 | if (c == '\\' && (flag & VIS_NOSLASH) == 0) | ||
65 | *dst++ = '\\'; | ||
66 | *dst = '\0'; | ||
67 | return (dst); | ||
68 | } | ||
69 | |||
70 | if (flag & VIS_CSTYLE) { | ||
71 | switch(c) { | ||
72 | case '\n': | ||
73 | *dst++ = '\\'; | ||
74 | *dst++ = 'n'; | ||
75 | goto done; | ||
76 | case '\r': | ||
77 | *dst++ = '\\'; | ||
78 | *dst++ = 'r'; | ||
79 | goto done; | ||
80 | case '\b': | ||
81 | *dst++ = '\\'; | ||
82 | *dst++ = 'b'; | ||
83 | goto done; | ||
84 | case '\a': | ||
85 | *dst++ = '\\'; | ||
86 | *dst++ = 'a'; | ||
87 | goto done; | ||
88 | case '\v': | ||
89 | *dst++ = '\\'; | ||
90 | *dst++ = 'v'; | ||
91 | goto done; | ||
92 | case '\t': | ||
93 | *dst++ = '\\'; | ||
94 | *dst++ = 't'; | ||
95 | goto done; | ||
96 | case '\f': | ||
97 | *dst++ = '\\'; | ||
98 | *dst++ = 'f'; | ||
99 | goto done; | ||
100 | case ' ': | ||
101 | *dst++ = '\\'; | ||
102 | *dst++ = 's'; | ||
103 | goto done; | ||
104 | case '\0': | ||
105 | *dst++ = '\\'; | ||
106 | *dst++ = '0'; | ||
107 | if (isoctal(nextc)) { | ||
108 | *dst++ = '0'; | ||
109 | *dst++ = '0'; | ||
110 | } | ||
111 | goto done; | ||
112 | } | ||
113 | } | ||
114 | if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) { | ||
115 | *dst++ = '\\'; | ||
116 | *dst++ = ((u_char)c >> 6 & 07) + '0'; | ||
117 | *dst++ = ((u_char)c >> 3 & 07) + '0'; | ||
118 | *dst++ = ((u_char)c & 07) + '0'; | ||
119 | goto done; | ||
120 | } | ||
121 | if ((flag & VIS_NOSLASH) == 0) | ||
122 | *dst++ = '\\'; | ||
123 | if (c & 0200) { | ||
124 | c &= 0177; | ||
125 | *dst++ = 'M'; | ||
126 | } | ||
127 | if (iscntrl(c)) { | ||
128 | *dst++ = '^'; | ||
129 | if (c == 0177) | ||
130 | *dst++ = '?'; | ||
131 | else | ||
132 | *dst++ = c + '@'; | ||
133 | } else { | ||
134 | *dst++ = '-'; | ||
135 | *dst++ = c; | ||
136 | } | ||
137 | done: | ||
138 | *dst = '\0'; | ||
139 | return (dst); | ||
140 | } | ||
141 | |||
142 | /* | ||
143 | * strvis, strnvis, strvisx - visually encode characters from src into dst | ||
144 | * | ||
145 | * Dst must be 4 times the size of src to account for possible | ||
146 | * expansion. The length of dst, not including the trailing NULL, | ||
147 | * is returned. | ||
148 | * | ||
149 | * Strnvis will write no more than siz-1 bytes (and will NULL terminate). | ||
150 | * The number of bytes needed to fully encode the string is returned. | ||
151 | * | ||
152 | * Strvisx encodes exactly len bytes from src into dst. | ||
153 | * This is useful for encoding a block of data. | ||
154 | */ | ||
155 | int | ||
156 | strvis(dst, src, flag) | ||
157 | register char *dst; | ||
158 | register const char *src; | ||
159 | int flag; | ||
160 | { | ||
161 | register char c; | ||
162 | char *start; | ||
163 | |||
164 | for (start = dst; (c = *src);) | ||
165 | dst = vis(dst, c, flag, *++src); | ||
166 | *dst = '\0'; | ||
167 | return (dst - start); | ||
168 | } | ||
169 | |||
170 | int | ||
171 | strnvis(dst, src, siz, flag) | ||
172 | register char *dst; | ||
173 | register const char *src; | ||
174 | size_t siz; | ||
175 | int flag; | ||
176 | { | ||
177 | register char c; | ||
178 | char *start, *end; | ||
179 | |||
180 | for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { | ||
181 | if (isvisible(c)) { | ||
182 | *dst++ = c; | ||
183 | if (c == '\\' && (flag & VIS_NOSLASH) == 0) { | ||
184 | /* need space for the extra '\\' */ | ||
185 | if (dst < end) | ||
186 | *dst++ = '\\'; | ||
187 | else { | ||
188 | dst--; | ||
189 | break; | ||
190 | } | ||
191 | } | ||
192 | src++; | ||
193 | } else { | ||
194 | /* vis(3) requires up to 4 chars */ | ||
195 | if (dst + 3 < end) | ||
196 | dst = vis(dst, c, flag, *++src); | ||
197 | else | ||
198 | break; | ||
199 | } | ||
200 | } | ||
201 | *dst = '\0'; | ||
202 | if (dst >= end) { | ||
203 | char tbuf[5]; | ||
204 | |||
205 | /* adjust return value for truncation */ | ||
206 | while ((c = *src)) | ||
207 | dst += vis(tbuf, c, flag, *++src) - tbuf; | ||
208 | } | ||
209 | return (dst - start); | ||
210 | } | ||
211 | |||
212 | int | ||
213 | strvisx(dst, src, len, flag) | ||
214 | register char *dst; | ||
215 | register const char *src; | ||
216 | register size_t len; | ||
217 | int flag; | ||
218 | { | ||
219 | register char c; | ||
220 | char *start; | ||
221 | |||
222 | for (start = dst; len > 1; len--) { | ||
223 | c = *src; | ||
224 | dst = vis(dst, c, flag, *++src); | ||
225 | } | ||
226 | if (len) | ||
227 | dst = vis(dst, *src, flag, '\0'); | ||
228 | *dst = '\0'; | ||
229 | return (dst - start); | ||
230 | } | ||
231 | |||
232 | #endif | ||
diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h new file mode 100644 index 000000000..5df6f3694 --- /dev/null +++ b/openbsd-compat/vis.h | |||
@@ -0,0 +1,91 @@ | |||
1 | /* $OpenBSD: vis.h,v 1.5 2002/02/16 21:27:17 millert Exp $ */ | ||
2 | /* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ | ||
3 | |||
4 | /*- | ||
5 | * Copyright (c) 1990 The Regents of the University of California. | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * 1. Redistributions of source code must retain the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer. | ||
13 | * 2. Redistributions in binary form must reproduce the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer in the | ||
15 | * documentation and/or other materials provided with the distribution. | ||
16 | * 3. All advertising materials mentioning features or use of this software | ||
17 | * must display the following acknowledgement: | ||
18 | * This product includes software developed by the University of | ||
19 | * California, Berkeley and its contributors. | ||
20 | * 4. Neither the name of the University nor the names of its contributors | ||
21 | * may be used to endorse or promote products derived from this software | ||
22 | * without specific prior written permission. | ||
23 | * | ||
24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | ||
25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | ||
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
34 | * SUCH DAMAGE. | ||
35 | * | ||
36 | * @(#)vis.h 5.9 (Berkeley) 4/3/91 | ||
37 | */ | ||
38 | #include "config.h" | ||
39 | #if !defined(HAVE_STRNVIS) | ||
40 | |||
41 | #ifndef _VIS_H_ | ||
42 | #define _VIS_H_ | ||
43 | |||
44 | #include <sys/types.h> | ||
45 | #include <limits.h> | ||
46 | |||
47 | /* | ||
48 | * to select alternate encoding format | ||
49 | */ | ||
50 | #define VIS_OCTAL 0x01 /* use octal \ddd format */ | ||
51 | #define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ | ||
52 | |||
53 | /* | ||
54 | * to alter set of characters encoded (default is to encode all | ||
55 | * non-graphic except space, tab, and newline). | ||
56 | */ | ||
57 | #define VIS_SP 0x04 /* also encode space */ | ||
58 | #define VIS_TAB 0x08 /* also encode tab */ | ||
59 | #define VIS_NL 0x10 /* also encode newline */ | ||
60 | #define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) | ||
61 | #define VIS_SAFE 0x20 /* only encode "unsafe" characters */ | ||
62 | |||
63 | /* | ||
64 | * other | ||
65 | */ | ||
66 | #define VIS_NOSLASH 0x40 /* inhibit printing '\' */ | ||
67 | |||
68 | /* | ||
69 | * unvis return codes | ||
70 | */ | ||
71 | #define UNVIS_VALID 1 /* character valid */ | ||
72 | #define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ | ||
73 | #define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ | ||
74 | #define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ | ||
75 | #define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ | ||
76 | |||
77 | /* | ||
78 | * unvis flags | ||
79 | */ | ||
80 | #define UNVIS_END 1 /* no more characters */ | ||
81 | |||
82 | char *vis(char *, int, int, int); | ||
83 | int strvis(char *, const char *, int); | ||
84 | int strnvis(char *, const char *, size_t, int); | ||
85 | int strvisx(char *, const char *, size_t, int); | ||
86 | int strunvis(char *, const char *); | ||
87 | int unvis(char *, char, int *, int); | ||
88 | |||
89 | #endif /* !_VIS_H_ */ | ||
90 | |||
91 | #endif /* !HAVE_STRNVIS */ | ||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -567,7 +567,7 @@ set_newkeys(int mode) | |||
567 | CipherContext *cc; | 567 | CipherContext *cc; |
568 | int encrypt; | 568 | int encrypt; |
569 | 569 | ||
570 | debug("newkeys: mode %d", mode); | 570 | debug2("set_newkeys: mode %d", mode); |
571 | 571 | ||
572 | if (mode == MODE_OUT) { | 572 | if (mode == MODE_OUT) { |
573 | cc = &send_context; | 573 | cc = &send_context; |
@@ -577,7 +577,7 @@ set_newkeys(int mode) | |||
577 | encrypt = CIPHER_DECRYPT; | 577 | encrypt = CIPHER_DECRYPT; |
578 | } | 578 | } |
579 | if (newkeys[mode] != NULL) { | 579 | if (newkeys[mode] != NULL) { |
580 | debug("newkeys: rekeying"); | 580 | debug("set_newkeys: rekeying"); |
581 | cipher_cleanup(cc); | 581 | cipher_cleanup(cc); |
582 | enc = &newkeys[mode]->enc; | 582 | enc = &newkeys[mode]->enc; |
583 | mac = &newkeys[mode]->mac; | 583 | mac = &newkeys[mode]->mac; |
@@ -854,7 +854,7 @@ packet_read_poll1(void) | |||
854 | cp = buffer_ptr(&input); | 854 | cp = buffer_ptr(&input); |
855 | len = GET_32BIT(cp); | 855 | len = GET_32BIT(cp); |
856 | if (len < 1 + 2 + 2 || len > 256 * 1024) | 856 | if (len < 1 + 2 + 2 || len > 256 * 1024) |
857 | packet_disconnect("Bad packet length %d.", len); | 857 | packet_disconnect("Bad packet length %u.", len); |
858 | padded_len = (len + 8) & ~7; | 858 | padded_len = (len + 8) & ~7; |
859 | 859 | ||
860 | /* Check if the packet has been entirely received. */ | 860 | /* Check if the packet has been entirely received. */ |
@@ -950,9 +950,9 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
950 | packet_length = GET_32BIT(cp); | 950 | packet_length = GET_32BIT(cp); |
951 | if (packet_length < 1 + 4 || packet_length > 256 * 1024) { | 951 | if (packet_length < 1 + 4 || packet_length > 256 * 1024) { |
952 | buffer_dump(&incoming_packet); | 952 | buffer_dump(&incoming_packet); |
953 | packet_disconnect("Bad packet length %d.", packet_length); | 953 | packet_disconnect("Bad packet length %u.", packet_length); |
954 | } | 954 | } |
955 | DBG(debug("input: packet len %d", packet_length+4)); | 955 | DBG(debug("input: packet len %u", packet_length+4)); |
956 | buffer_consume(&input, block_size); | 956 | buffer_consume(&input, block_size); |
957 | } | 957 | } |
958 | /* we have a partial packet of block_size bytes */ | 958 | /* we have a partial packet of block_size bytes */ |
@@ -1240,6 +1240,9 @@ packet_disconnect(const char *fmt,...) | |||
1240 | vsnprintf(buf, sizeof(buf), fmt, args); | 1240 | vsnprintf(buf, sizeof(buf), fmt, args); |
1241 | va_end(args); | 1241 | va_end(args); |
1242 | 1242 | ||
1243 | /* Display the error locally */ | ||
1244 | log("Disconnecting: %.100s", buf); | ||
1245 | |||
1243 | /* Send the disconnect message to the other side, and wait for it to get sent. */ | 1246 | /* Send the disconnect message to the other side, and wait for it to get sent. */ |
1244 | if (compat20) { | 1247 | if (compat20) { |
1245 | packet_start(SSH2_MSG_DISCONNECT); | 1248 | packet_start(SSH2_MSG_DISCONNECT); |
@@ -1259,8 +1262,6 @@ packet_disconnect(const char *fmt,...) | |||
1259 | /* Close the connection. */ | 1262 | /* Close the connection. */ |
1260 | packet_close(); | 1263 | packet_close(); |
1261 | 1264 | ||
1262 | /* Display the error locally and exit. */ | ||
1263 | log("Disconnecting: %.100s", buf); | ||
1264 | fatal_cleanup(); | 1265 | fatal_cleanup(); |
1265 | } | 1266 | } |
1266 | 1267 | ||
@@ -1327,16 +1328,26 @@ packet_not_very_much_data_to_write(void) | |||
1327 | return buffer_len(&output) < 128 * 1024; | 1328 | return buffer_len(&output) < 128 * 1024; |
1328 | } | 1329 | } |
1329 | 1330 | ||
1331 | static void | ||
1332 | packet_set_tos(int interactive) | ||
1333 | { | ||
1334 | int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; | ||
1335 | |||
1336 | if (!packet_connection_is_on_socket() || | ||
1337 | !packet_connection_is_ipv4()) | ||
1338 | return; | ||
1339 | if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos, | ||
1340 | sizeof(tos)) < 0) | ||
1341 | error("setsockopt IP_TOS %d: %.100s:", | ||
1342 | tos, strerror(errno)); | ||
1343 | } | ||
1344 | |||
1330 | /* Informs that the current session is interactive. Sets IP flags for that. */ | 1345 | /* Informs that the current session is interactive. Sets IP flags for that. */ |
1331 | 1346 | ||
1332 | void | 1347 | void |
1333 | packet_set_interactive(int interactive) | 1348 | packet_set_interactive(int interactive) |
1334 | { | 1349 | { |
1335 | static int called = 0; | 1350 | static int called = 0; |
1336 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) | ||
1337 | int lowdelay = IPTOS_LOWDELAY; | ||
1338 | int throughput = IPTOS_THROUGHPUT; | ||
1339 | #endif | ||
1340 | 1351 | ||
1341 | if (called) | 1352 | if (called) |
1342 | return; | 1353 | return; |
@@ -1347,35 +1358,12 @@ packet_set_interactive(int interactive) | |||
1347 | 1358 | ||
1348 | /* Only set socket options if using a socket. */ | 1359 | /* Only set socket options if using a socket. */ |
1349 | if (!packet_connection_is_on_socket()) | 1360 | if (!packet_connection_is_on_socket()) |
1350 | return; | 1361 | if (interactive) |
1351 | /* | ||
1352 | * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only | ||
1353 | */ | ||
1354 | if (interactive) { | ||
1355 | /* | ||
1356 | * Set IP options for an interactive connection. Use | ||
1357 | * IPTOS_LOWDELAY and TCP_NODELAY. | ||
1358 | */ | ||
1359 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) | ||
1360 | if (packet_connection_is_ipv4()) { | ||
1361 | if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, | ||
1362 | &lowdelay, sizeof(lowdelay)) < 0) | ||
1363 | error("setsockopt IPTOS_LOWDELAY: %.100s", | ||
1364 | strerror(errno)); | ||
1365 | } | ||
1366 | #endif | ||
1367 | set_nodelay(connection_in); | 1362 | set_nodelay(connection_in); |
1368 | } else if (packet_connection_is_ipv4()) { | ||
1369 | /* | ||
1370 | * Set IP options for a non-interactive connection. Use | ||
1371 | * IPTOS_THROUGHPUT. | ||
1372 | */ | ||
1373 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) | 1363 | #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) |
1374 | if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput, | 1364 | packet_set_tos(interactive); |
1375 | sizeof(throughput)) < 0) | ||
1376 | error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); | ||
1377 | #endif | 1365 | #endif |
1378 | } | 1366 | |
1379 | } | 1367 | } |
1380 | 1368 | ||
1381 | /* Returns true if the current connection is interactive. */ | 1369 | /* Returns true if the current connection is interactive. */ |
diff --git a/progressmeter.c b/progressmeter.c new file mode 100644 index 000000000..90eb97f37 --- /dev/null +++ b/progressmeter.c | |||
@@ -0,0 +1,282 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1999 Theo de Raadt. All rights reserved. | ||
3 | * Copyright (c) 1999 Aaron Campbell. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | /* | ||
27 | * Parts from: | ||
28 | * | ||
29 | * Copyright (c) 1983, 1990, 1992, 1993, 1995 | ||
30 | * The Regents of the University of California. All rights reserved. | ||
31 | * | ||
32 | * Redistribution and use in source and binary forms, with or without | ||
33 | * modification, are permitted provided that the following conditions | ||
34 | * are met: | ||
35 | * 1. Redistributions of source code must retain the above copyright | ||
36 | * notice, this list of conditions and the following disclaimer. | ||
37 | * 2. Redistributions in binary form must reproduce the above copyright | ||
38 | * notice, this list of conditions and the following disclaimer in the | ||
39 | * documentation and/or other materials provided with the distribution. | ||
40 | * 3. All advertising materials mentioning features or use of this software | ||
41 | * must display the following acknowledgement: | ||
42 | * This product includes software developed by the University of | ||
43 | * California, Berkeley and its contributors. | ||
44 | * 4. Neither the name of the University nor the names of its contributors | ||
45 | * may be used to endorse or promote products derived from this software | ||
46 | * without specific prior written permission. | ||
47 | * | ||
48 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | ||
49 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
50 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | ||
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
58 | * SUCH DAMAGE. | ||
59 | * | ||
60 | */ | ||
61 | |||
62 | #include "includes.h" | ||
63 | RCSID("$OpenBSD: progressmeter.c,v 1.3 2003/03/17 10:38:38 markus Exp $"); | ||
64 | |||
65 | #ifdef HAVE_LIBGEN_H | ||
66 | #include <libgen.h> | ||
67 | #endif | ||
68 | |||
69 | #include "atomicio.h" | ||
70 | #include "progressmeter.h" | ||
71 | |||
72 | /* Number of seconds before xfer considered "stalled". */ | ||
73 | #define STALLTIME 5 | ||
74 | /* alarm() interval for updating progress meter. */ | ||
75 | #define PROGRESSTIME 1 | ||
76 | |||
77 | /* Signal handler used for updating the progress meter. */ | ||
78 | static void update_progress_meter(int); | ||
79 | |||
80 | /* Returns non-zero if we are the foreground process. */ | ||
81 | static int foregroundproc(void); | ||
82 | |||
83 | /* Returns width of the terminal (for progress meter calculations). */ | ||
84 | static int get_tty_width(void); | ||
85 | |||
86 | /* Visual statistics about files as they are transferred. */ | ||
87 | static void draw_progress_meter(void); | ||
88 | |||
89 | /* Time a transfer started. */ | ||
90 | static struct timeval start; | ||
91 | |||
92 | /* Number of bytes of current file transferred so far. */ | ||
93 | static volatile off_t *statbytes; | ||
94 | |||
95 | /* Total size of current file. */ | ||
96 | static off_t totalbytes; | ||
97 | |||
98 | /* Name of current file being transferred. */ | ||
99 | static char *curfile; | ||
100 | |||
101 | /* Time of last update. */ | ||
102 | static struct timeval lastupdate; | ||
103 | |||
104 | /* Size at the time of the last update. */ | ||
105 | static off_t lastsize; | ||
106 | |||
107 | void | ||
108 | start_progress_meter(char *file, off_t filesize, off_t *counter) | ||
109 | { | ||
110 | if ((curfile = basename(file)) == NULL) | ||
111 | curfile = file; | ||
112 | |||
113 | totalbytes = filesize; | ||
114 | statbytes = counter; | ||
115 | (void) gettimeofday(&start, (struct timezone *) 0); | ||
116 | lastupdate = start; | ||
117 | lastsize = 0; | ||
118 | |||
119 | draw_progress_meter(); | ||
120 | signal(SIGALRM, update_progress_meter); | ||
121 | alarm(PROGRESSTIME); | ||
122 | } | ||
123 | |||
124 | void | ||
125 | stop_progress_meter() | ||
126 | { | ||
127 | alarm(0); | ||
128 | draw_progress_meter(); | ||
129 | if (foregroundproc() != 0) | ||
130 | atomicio(write, fileno(stdout), "\n", 1); | ||
131 | } | ||
132 | |||
133 | static void | ||
134 | update_progress_meter(int ignore) | ||
135 | { | ||
136 | int save_errno = errno; | ||
137 | |||
138 | draw_progress_meter(); | ||
139 | signal(SIGALRM, update_progress_meter); | ||
140 | alarm(PROGRESSTIME); | ||
141 | errno = save_errno; | ||
142 | } | ||
143 | |||
144 | static int | ||
145 | foregroundproc(void) | ||
146 | { | ||
147 | static pid_t pgrp = -1; | ||
148 | int ctty_pgrp; | ||
149 | |||
150 | if (pgrp == -1) | ||
151 | pgrp = getpgrp(); | ||
152 | |||
153 | #ifdef HAVE_TCGETPGRP | ||
154 | return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 && | ||
155 | ctty_pgrp == pgrp); | ||
156 | #else | ||
157 | return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && | ||
158 | ctty_pgrp == pgrp)); | ||
159 | #endif | ||
160 | } | ||
161 | |||
162 | static void | ||
163 | draw_progress_meter() | ||
164 | { | ||
165 | static const char spaces[] = " " | ||
166 | " " | ||
167 | " " | ||
168 | " " | ||
169 | " " | ||
170 | " "; | ||
171 | static const char prefixes[] = " KMGTP"; | ||
172 | struct timeval now, td, wait; | ||
173 | off_t cursize, abbrevsize, bytespersec; | ||
174 | double elapsed; | ||
175 | int ratio, remaining, i, ai, bi, nspaces; | ||
176 | char buf[512]; | ||
177 | |||
178 | if (foregroundproc() == 0) | ||
179 | return; | ||
180 | |||
181 | (void) gettimeofday(&now, (struct timezone *) 0); | ||
182 | cursize = *statbytes; | ||
183 | if (totalbytes != 0) { | ||
184 | ratio = 100.0 * cursize / totalbytes; | ||
185 | ratio = MAX(ratio, 0); | ||
186 | ratio = MIN(ratio, 100); | ||
187 | } else | ||
188 | ratio = 100; | ||
189 | |||
190 | abbrevsize = cursize; | ||
191 | for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++) | ||
192 | abbrevsize >>= 10; | ||
193 | |||
194 | timersub(&now, &lastupdate, &wait); | ||
195 | if (cursize > lastsize) { | ||
196 | lastupdate = now; | ||
197 | lastsize = cursize; | ||
198 | wait.tv_sec = 0; | ||
199 | } | ||
200 | timersub(&now, &start, &td); | ||
201 | elapsed = td.tv_sec + (td.tv_usec / 1000000.0); | ||
202 | |||
203 | bytespersec = 0; | ||
204 | if (cursize > 0) { | ||
205 | bytespersec = cursize; | ||
206 | if (elapsed > 0.0) | ||
207 | bytespersec /= elapsed; | ||
208 | } | ||
209 | for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++) | ||
210 | bytespersec >>= 10; | ||
211 | |||
212 | nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1); | ||
213 | |||
214 | #ifdef HAVE_LONG_LONG_INT | ||
215 | snprintf(buf, sizeof(buf), | ||
216 | "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", | ||
217 | curfile, | ||
218 | nspaces, | ||
219 | spaces, | ||
220 | ratio, | ||
221 | (long long)abbrevsize, | ||
222 | prefixes[ai], | ||
223 | ai == 0 ? ' ' : 'B', | ||
224 | (long long)(bytespersec / 1024), | ||
225 | (int)((bytespersec % 1024) * 10 / 1024), | ||
226 | prefixes[bi] | ||
227 | ); | ||
228 | #else | ||
229 | /* XXX: Handle integer overflow? */ | ||
230 | snprintf(buf, sizeof(buf), | ||
231 | "\r%-45.45s%.*s%3d%% %4lu%c%c %3lu.%01d%cB/s", | ||
232 | curfile, | ||
233 | nspaces, | ||
234 | spaces, | ||
235 | ratio, | ||
236 | (u_long)abbrevsize, | ||
237 | prefixes[ai], | ||
238 | ai == 0 ? ' ' : 'B', | ||
239 | (u_long)(bytespersec / 1024), | ||
240 | (int)((bytespersec % 1024) * 10 / 1024), | ||
241 | prefixes[bi] | ||
242 | ); | ||
243 | #endif | ||
244 | |||
245 | if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) { | ||
246 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
247 | " --:-- ETA"); | ||
248 | } else if (wait.tv_sec >= STALLTIME) { | ||
249 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
250 | " - stalled -"); | ||
251 | } else { | ||
252 | if (cursize != totalbytes) | ||
253 | remaining = (int)(totalbytes / (cursize / elapsed) - | ||
254 | elapsed); | ||
255 | else | ||
256 | remaining = elapsed; | ||
257 | |||
258 | i = remaining / 3600; | ||
259 | if (i) | ||
260 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
261 | "%2d:", i); | ||
262 | else | ||
263 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
264 | " "); | ||
265 | i = remaining % 3600; | ||
266 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
267 | "%02d:%02d%s", i / 60, i % 60, | ||
268 | (cursize != totalbytes) ? " ETA" : " "); | ||
269 | } | ||
270 | atomicio(write, fileno(stdout), buf, strlen(buf)); | ||
271 | } | ||
272 | |||
273 | static int | ||
274 | get_tty_width(void) | ||
275 | { | ||
276 | struct winsize winsize; | ||
277 | |||
278 | if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1) | ||
279 | return (winsize.ws_col ? winsize.ws_col : 80); | ||
280 | else | ||
281 | return (80); | ||
282 | } | ||
diff --git a/ssh-dss.h b/progressmeter.h index 94961b1e8..bfb9a0b77 100644 --- a/ssh-dss.h +++ b/progressmeter.h | |||
@@ -1,7 +1,6 @@ | |||
1 | /* $OpenBSD: ssh-dss.h,v 1.6 2002/02/24 19:14:59 markus Exp $ */ | 1 | /* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */ |
2 | |||
3 | /* | 2 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Nils Nordman. All rights reserved. |
5 | * | 4 | * |
6 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -23,10 +22,6 @@ | |||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 | */ | 24 | */ |
26 | #ifndef DSA_H | ||
27 | #define DSA_H | ||
28 | |||
29 | int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); | ||
30 | int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); | ||
31 | 25 | ||
32 | #endif | 26 | void start_progress_meter(char *, off_t, off_t *); |
27 | void stop_progress_meter(void); | ||
diff --git a/readconf.c b/readconf.c index 097d4082d..c2497638f 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -116,6 +116,7 @@ typedef enum { | |||
116 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 116 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
117 | oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, | 117 | oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, |
118 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 118 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
119 | oEnableSSHKeysign, | ||
119 | oProtocolKeepAlives, oSetupTimeOut, | 120 | oProtocolKeepAlives, oSetupTimeOut, |
120 | oDeprecated | 121 | oDeprecated |
121 | } OpCodes; | 122 | } OpCodes; |
@@ -188,6 +189,7 @@ static struct { | |||
188 | { "bindaddress", oBindAddress }, | 189 | { "bindaddress", oBindAddress }, |
189 | { "smartcarddevice", oSmartcardDevice }, | 190 | { "smartcarddevice", oSmartcardDevice }, |
190 | { "clearallforwardings", oClearAllForwardings }, | 191 | { "clearallforwardings", oClearAllForwardings }, |
192 | { "enablesshkeysign", oEnableSSHKeysign }, | ||
191 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, | 193 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
192 | { "protocolkeepalives", oProtocolKeepAlives }, | 194 | { "protocolkeepalives", oProtocolKeepAlives }, |
193 | { "setuptimeout", oSetupTimeOut }, | 195 | { "setuptimeout", oSetupTimeOut }, |
@@ -271,14 +273,16 @@ parse_token(const char *cp, const char *filename, int linenum) | |||
271 | * Processes a single option line as used in the configuration files. This | 273 | * Processes a single option line as used in the configuration files. This |
272 | * only sets those values that have not already been set. | 274 | * only sets those values that have not already been set. |
273 | */ | 275 | */ |
276 | #define WHITESPACE " \t\r\n" | ||
274 | 277 | ||
275 | int | 278 | int |
276 | process_config_line(Options *options, const char *host, | 279 | process_config_line(Options *options, const char *host, |
277 | char *line, const char *filename, int linenum, | 280 | char *line, const char *filename, int linenum, |
278 | int *activep) | 281 | int *activep) |
279 | { | 282 | { |
280 | char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; | 283 | char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; |
281 | int opcode, *intptr, value; | 284 | int opcode, *intptr, value; |
285 | size_t len; | ||
282 | u_short fwd_port, fwd_host_port; | 286 | u_short fwd_port, fwd_host_port; |
283 | char sfwd_host_port[6]; | 287 | char sfwd_host_port[6]; |
284 | 288 | ||
@@ -499,16 +503,9 @@ parse_string: | |||
499 | 503 | ||
500 | case oProxyCommand: | 504 | case oProxyCommand: |
501 | charptr = &options->proxy_command; | 505 | charptr = &options->proxy_command; |
502 | string = xstrdup(""); | 506 | len = strspn(s, WHITESPACE "="); |
503 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { | ||
504 | string = xrealloc(string, strlen(string) + strlen(arg) + 2); | ||
505 | strcat(string, " "); | ||
506 | strcat(string, arg); | ||
507 | } | ||
508 | if (*activep && *charptr == NULL) | 507 | if (*activep && *charptr == NULL) |
509 | *charptr = string; | 508 | *charptr = xstrdup(s + len); |
510 | else | ||
511 | xfree(string); | ||
512 | return 0; | 509 | return 0; |
513 | 510 | ||
514 | case oPort: | 511 | case oPort: |
@@ -682,6 +679,10 @@ parse_int: | |||
682 | *intptr = value; | 679 | *intptr = value; |
683 | break; | 680 | break; |
684 | 681 | ||
682 | case oEnableSSHKeysign: | ||
683 | intptr = &options->enable_ssh_keysign; | ||
684 | goto parse_flag; | ||
685 | |||
685 | case oDeprecated: | 686 | case oDeprecated: |
686 | debug("%s line %d: Deprecated option \"%s\"", | 687 | debug("%s line %d: Deprecated option \"%s\"", |
687 | filename, linenum, keyword); | 688 | filename, linenum, keyword); |
@@ -807,6 +808,7 @@ initialize_options(Options * options) | |||
807 | options->preferred_authentications = NULL; | 808 | options->preferred_authentications = NULL; |
808 | options->bind_address = NULL; | 809 | options->bind_address = NULL; |
809 | options->smartcard_device = NULL; | 810 | options->smartcard_device = NULL; |
811 | options->enable_ssh_keysign = - 1; | ||
810 | options->no_host_authentication_for_localhost = - 1; | 812 | options->no_host_authentication_for_localhost = - 1; |
811 | } | 813 | } |
812 | 814 | ||
@@ -930,6 +932,8 @@ fill_default_options(Options * options) | |||
930 | clear_forwardings(options); | 932 | clear_forwardings(options); |
931 | if (options->no_host_authentication_for_localhost == - 1) | 933 | if (options->no_host_authentication_for_localhost == - 1) |
932 | options->no_host_authentication_for_localhost = 0; | 934 | options->no_host_authentication_for_localhost = 0; |
935 | if (options->enable_ssh_keysign == -1) | ||
936 | options->enable_ssh_keysign = 0; | ||
933 | /* options->proxy_command should not be set by default */ | 937 | /* options->proxy_command should not be set by default */ |
934 | /* options->user will be set in the main program if appropriate */ | 938 | /* options->user will be set in the main program if appropriate */ |
935 | /* options->hostname will be set in the main program if appropriate */ | 939 | /* options->hostname will be set in the main program if appropriate */ |
diff --git a/readconf.h b/readconf.h index 9457dfe86..7b59878f8 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -101,6 +101,8 @@ typedef struct { | |||
101 | int num_remote_forwards; | 101 | int num_remote_forwards; |
102 | Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; | 102 | Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; |
103 | int clear_forwardings; | 103 | int clear_forwardings; |
104 | |||
105 | int enable_ssh_keysign; | ||
104 | int no_host_authentication_for_localhost; | 106 | int no_host_authentication_for_localhost; |
105 | } Options; | 107 | } Options; |
106 | 108 | ||
diff --git a/readpass.c b/readpass.c index 96b7e84b4..95ec5d873 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $"); | 26 | RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | #include "readpass.h" | 29 | #include "readpass.h" |
@@ -46,11 +46,11 @@ ssh_askpass(char *askpass, const char *msg) | |||
46 | fatal("internal error: askpass undefined"); | 46 | fatal("internal error: askpass undefined"); |
47 | if (pipe(p) < 0) { | 47 | if (pipe(p) < 0) { |
48 | error("ssh_askpass: pipe: %s", strerror(errno)); | 48 | error("ssh_askpass: pipe: %s", strerror(errno)); |
49 | return xstrdup(""); | 49 | return NULL; |
50 | } | 50 | } |
51 | if ((pid = fork()) < 0) { | 51 | if ((pid = fork()) < 0) { |
52 | error("ssh_askpass: fork: %s", strerror(errno)); | 52 | error("ssh_askpass: fork: %s", strerror(errno)); |
53 | return xstrdup(""); | 53 | return NULL; |
54 | } | 54 | } |
55 | if (pid == 0) { | 55 | if (pid == 0) { |
56 | seteuid(getuid()); | 56 | seteuid(getuid()); |
@@ -79,6 +79,11 @@ ssh_askpass(char *askpass, const char *msg) | |||
79 | if (errno != EINTR) | 79 | if (errno != EINTR) |
80 | break; | 80 | break; |
81 | 81 | ||
82 | if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { | ||
83 | memset(buf, 0, sizeof(buf)); | ||
84 | return NULL; | ||
85 | } | ||
86 | |||
82 | buf[strcspn(buf, "\r\n")] = '\0'; | 87 | buf[strcspn(buf, "\r\n")] = '\0'; |
83 | pass = xstrdup(buf); | 88 | pass = xstrdup(buf); |
84 | memset(buf, 0, sizeof(buf)); | 89 | memset(buf, 0, sizeof(buf)); |
@@ -115,7 +120,10 @@ read_passphrase(const char *prompt, int flags) | |||
115 | askpass = getenv(SSH_ASKPASS_ENV); | 120 | askpass = getenv(SSH_ASKPASS_ENV); |
116 | else | 121 | else |
117 | askpass = _PATH_SSH_ASKPASS_DEFAULT; | 122 | askpass = _PATH_SSH_ASKPASS_DEFAULT; |
118 | return ssh_askpass(askpass, prompt); | 123 | if ((ret = ssh_askpass(askpass, prompt)) == NULL) |
124 | if (!(flags & RP_ALLOW_EOF)) | ||
125 | return xstrdup(""); | ||
126 | return ret; | ||
119 | } | 127 | } |
120 | 128 | ||
121 | if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { | 129 | if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { |
diff --git a/regress/Makefile b/regress/Makefile index 26224cd7d..6e2029348 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,8 +1,8 @@ | |||
1 | # $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $ | 1 | # $OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $ |
2 | 2 | ||
3 | REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7 | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 |
4 | 4 | ||
5 | CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub | 5 | CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 |
6 | 6 | ||
7 | LTESTS= connect \ | 7 | LTESTS= connect \ |
8 | proxy-connect \ | 8 | proxy-connect \ |
@@ -17,8 +17,14 @@ LTESTS= connect \ | |||
17 | try-ciphers \ | 17 | try-ciphers \ |
18 | yes-head \ | 18 | yes-head \ |
19 | agent \ | 19 | agent \ |
20 | agent-getpeereid \ | ||
21 | agent-timeout \ | ||
22 | agent-ptrace \ | ||
20 | keyscan \ | 23 | keyscan \ |
24 | keygen-change \ | ||
21 | sftp \ | 25 | sftp \ |
26 | sftp-cmds \ | ||
27 | sftp-batch \ | ||
22 | forwarding | 28 | forwarding |
23 | 29 | ||
24 | USER!= id -un | 30 | USER!= id -un |
@@ -65,7 +71,7 @@ t7: t7.out | |||
65 | ssh-keygen -Bf t7.out > /dev/null | 71 | ssh-keygen -Bf t7.out > /dev/null |
66 | 72 | ||
67 | .for t in ${LTESTS} | 73 | .for t in ${LTESTS} |
68 | REGRESSTARGETS+=t-${t} | 74 | REGRESS_TARGETS+=t-${t} |
69 | t-${t}: | 75 | t-${t}: |
70 | sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh | 76 | sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh |
71 | .endfor | 77 | .endfor |
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh new file mode 100644 index 000000000..0889fe80e --- /dev/null +++ b/regress/agent-getpeereid.sh | |||
@@ -0,0 +1,34 @@ | |||
1 | # $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="disallow agent attach from other uid" | ||
5 | |||
6 | UNPRIV=nobody | ||
7 | ASOCK=${OBJ}/agent | ||
8 | SSH_AUTH_SOCK=/nonexistant | ||
9 | |||
10 | trace "start agent" | ||
11 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null | ||
12 | r=$? | ||
13 | if [ $r -ne 0 ]; then | ||
14 | fail "could not start ssh-agent: exit code $r" | ||
15 | else | ||
16 | chmod 644 ${SSH_AUTH_SOCK} | ||
17 | |||
18 | ssh-add -l > /dev/null 2>&1 | ||
19 | r=$? | ||
20 | if [ $r -ne 1 ]; then | ||
21 | fail "ssh-add failed with $r != 1" | ||
22 | fi | ||
23 | |||
24 | < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 | ||
25 | r=$? | ||
26 | if [ $r -lt 2 ]; then | ||
27 | fail "ssh-add did not fail for ${UNPRIV}: $r < 2" | ||
28 | fi | ||
29 | |||
30 | trace "kill agent" | ||
31 | ${SSHAGENT} -k > /dev/null | ||
32 | fi | ||
33 | |||
34 | rm -f ${OBJ}/agent | ||
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh new file mode 100644 index 000000000..9f9c99960 --- /dev/null +++ b/regress/agent-ptrace.sh | |||
@@ -0,0 +1,28 @@ | |||
1 | # $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="disallow agent ptrace attach" | ||
5 | |||
6 | trace "start agent" | ||
7 | eval `${SSHAGENT} -s` > /dev/null | ||
8 | r=$? | ||
9 | if [ $r -ne 0 ]; then | ||
10 | fail "could not start ssh-agent: exit code $r" | ||
11 | else | ||
12 | # ls -l ${SSH_AUTH_SOCK} | ||
13 | gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF | ||
14 | quit | ||
15 | EOF | ||
16 | if [ $? -ne 0 ]; then | ||
17 | fail "gdb failed: exit code $?" | ||
18 | fi | ||
19 | grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out | ||
20 | r=$? | ||
21 | rm -f ${OBJ}/gdb.out | ||
22 | if [ $r -ne 0 ]; then | ||
23 | fail "ptrace succeeded?: exit code $r" | ||
24 | fi | ||
25 | |||
26 | trace "kill agent" | ||
27 | ${SSHAGENT} -k > /dev/null | ||
28 | fi | ||
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh new file mode 100644 index 000000000..28b1be028 --- /dev/null +++ b/regress/agent-timeout.sh | |||
@@ -0,0 +1,36 @@ | |||
1 | # $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="agent timeout test" | ||
5 | |||
6 | TIMEOUT=5 | ||
7 | |||
8 | trace "start agent" | ||
9 | eval `${SSHAGENT} -s` > /dev/null | ||
10 | r=$? | ||
11 | if [ $r -ne 0 ]; then | ||
12 | fail "could not start ssh-agent: exit code $r" | ||
13 | else | ||
14 | trace "add keys with timeout" | ||
15 | for t in rsa rsa1; do | ||
16 | ${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1 | ||
17 | if [ $? -ne 0 ]; then | ||
18 | fail "ssh-add did succeed exit code 0" | ||
19 | fi | ||
20 | done | ||
21 | n=`${SSHADD} -l 2> /dev/null | wc -l` | ||
22 | trace "agent has $n keys" | ||
23 | if [ $n -ne 2 ]; then | ||
24 | fail "ssh-add -l did not return 2 keys: $n" | ||
25 | fi | ||
26 | trace "sleeping 2*${TIMEOUT} seconds" | ||
27 | sleep ${TIMEOUT} | ||
28 | sleep ${TIMEOUT} | ||
29 | ${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.' | ||
30 | if [ $? -ne 0 ]; then | ||
31 | fail "ssh-add -l still returns keys after timeout" | ||
32 | fi | ||
33 | |||
34 | trace "kill agent" | ||
35 | ${SSHAGENT} -k > /dev/null | ||
36 | fi | ||
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh new file mode 100644 index 000000000..08d359023 --- /dev/null +++ b/regress/keygen-change.sh | |||
@@ -0,0 +1,23 @@ | |||
1 | # $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="change passphrase for key" | ||
5 | |||
6 | S1="secret1" | ||
7 | S2="2secret" | ||
8 | |||
9 | for t in rsa dsa rsa1; do | ||
10 | # generate user key for agent | ||
11 | trace "generating $t key" | ||
12 | rm -f $OBJ/$t-key | ||
13 | ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key | ||
14 | if [ $? -eq 0 ]; then | ||
15 | ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null | ||
16 | if [ $? -ne 0 ]; then | ||
17 | fail "ssh-keygen -p failed for $t-key" | ||
18 | fi | ||
19 | else | ||
20 | fail "ssh-keygen for $t-key failed" | ||
21 | fi | ||
22 | rm -f $OBJ/$t-key $OBJ/$t-key.pub | ||
23 | done | ||
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index bf1940fcc..6a36b2513 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect" | 4 | tid="proxy connect" |
@@ -8,4 +8,11 @@ for p in 1 2; do | |||
8 | if [ $? -ne 0 ]; then | 8 | if [ $? -ne 0 ]; then |
9 | fail "ssh proxyconnect protocol $p failed" | 9 | fail "ssh proxyconnect protocol $p failed" |
10 | fi | 10 | fi |
11 | SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'` | ||
12 | if [ $? -ne 0 ]; then | ||
13 | fail "ssh proxyconnect protocol $p failed" | ||
14 | fi | ||
15 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then | ||
16 | fail "bad SSH_CONNECTION" | ||
17 | fi | ||
11 | done | 18 | done |
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh new file mode 100644 index 000000000..cffacb6df --- /dev/null +++ b/regress/sftp-batch.sh | |||
@@ -0,0 +1,57 @@ | |||
1 | # $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="sftp batchfile" | ||
5 | |||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | BATCH=${OBJ}/sftp-batch | ||
9 | |||
10 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | ||
11 | |||
12 | cat << EOF > ${BATCH}.pass.1 | ||
13 | get $DATA $COPY | ||
14 | put ${COPY} ${COPY}.1 | ||
15 | rm ${COPY} | ||
16 | -put ${COPY} ${COPY}.2 | ||
17 | EOF | ||
18 | |||
19 | cat << EOF > ${BATCH}.pass.2 | ||
20 | # This is a comment | ||
21 | |||
22 | # That was a blank line | ||
23 | ls | ||
24 | EOF | ||
25 | |||
26 | cat << EOF > ${BATCH}.fail.1 | ||
27 | get $DATA $COPY | ||
28 | put ${COPY} ${COPY}.3 | ||
29 | rm ${COPY}.* | ||
30 | # The next command should fail | ||
31 | put ${COPY}.3 ${COPY}.4 | ||
32 | EOF | ||
33 | |||
34 | cat << EOF > ${BATCH}.fail.2 | ||
35 | # The next command should fail | ||
36 | jajajajaja | ||
37 | EOF | ||
38 | |||
39 | verbose "$tid: good commands" | ||
40 | ${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
41 | || fail "good commands failed" | ||
42 | |||
43 | verbose "$tid: bad commands" | ||
44 | ${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
45 | && fail "bad commands succeeded" | ||
46 | |||
47 | verbose "$tid: comments and blanks" | ||
48 | ${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
49 | || fail "comments & blanks failed" | ||
50 | |||
51 | verbose "$tid: junk command" | ||
52 | ${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
53 | && fail "junk command succeeded" | ||
54 | |||
55 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | ||
56 | |||
57 | |||
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh new file mode 100644 index 000000000..462c6802f --- /dev/null +++ b/regress/sftp-cmds.sh | |||
@@ -0,0 +1,100 @@ | |||
1 | # $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | # XXX - TODO: | ||
5 | # - globbed operations | ||
6 | # - chmod / chown / chgrp | ||
7 | # - -p flag for get & put | ||
8 | |||
9 | tid="sftp commands" | ||
10 | |||
11 | DATA=/bin/ls | ||
12 | COPY=${OBJ}/copy | ||
13 | |||
14 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | ||
15 | |||
16 | verbose "$tid: lls" | ||
17 | echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
18 | || fail "lls failed" | ||
19 | # XXX always successful | ||
20 | |||
21 | verbose "$tid: ls" | ||
22 | echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
23 | || fail "ls failed" | ||
24 | # XXX always successful | ||
25 | |||
26 | verbose "$tid: shell" | ||
27 | echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
28 | || fail "shell failed" | ||
29 | # XXX always successful | ||
30 | |||
31 | verbose "$tid: pwd" | ||
32 | echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
33 | || fail "pwd failed" | ||
34 | # XXX always successful | ||
35 | |||
36 | verbose "$tid: lpwd" | ||
37 | echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
38 | || fail "lpwd failed" | ||
39 | # XXX always successful | ||
40 | |||
41 | verbose "$tid: quit" | ||
42 | echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
43 | || fail "quit failed" | ||
44 | # XXX always successful | ||
45 | |||
46 | verbose "$tid: help" | ||
47 | echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
48 | || fail "help failed" | ||
49 | # XXX always successful | ||
50 | |||
51 | rm -f ${COPY} | ||
52 | verbose "$tid: get" | ||
53 | echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
54 | || fail "get failed" | ||
55 | cmp $DATA ${COPY} || fail "corrupted copy after get" | ||
56 | |||
57 | rm -f ${COPY} | ||
58 | verbose "$tid: put" | ||
59 | echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
60 | || fail "put failed" | ||
61 | cmp $DATA ${COPY} || fail "corrupted copy after put" | ||
62 | |||
63 | verbose "$tid: rename" | ||
64 | echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
65 | || fail "rename failed" | ||
66 | test -f ${COPY}.1 || fail "missing file after rename" | ||
67 | cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename" | ||
68 | |||
69 | verbose "$tid: ln" | ||
70 | echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed" | ||
71 | test -L ${COPY}.2 || fail "missing file after ln" | ||
72 | |||
73 | verbose "$tid: mkdir" | ||
74 | echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
75 | || fail "mkdir failed" | ||
76 | test -d ${COPY}.dd || fail "missing directory after mkdir" | ||
77 | |||
78 | # XXX do more here | ||
79 | verbose "$tid: chdir" | ||
80 | echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
81 | || fail "chdir failed" | ||
82 | |||
83 | verbose "$tid: rmdir" | ||
84 | echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
85 | || fail "rmdir failed" | ||
86 | test -d ${COPY}.1 && fail "present directory after rmdir" | ||
87 | |||
88 | verbose "$tid: lmkdir" | ||
89 | echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
90 | || fail "lmkdir failed" | ||
91 | test -d ${COPY}.dd || fail "missing directory after lmkdir" | ||
92 | |||
93 | # XXX do more here | ||
94 | verbose "$tid: lchdir" | ||
95 | echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ | ||
96 | || fail "lchdir failed" | ||
97 | |||
98 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | ||
99 | |||
100 | |||
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh index 84b0b471e..015ebbb8c 100644 --- a/regress/ssh-com-client.sh +++ b/regress/ssh-com-client.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $ | 1 | # $OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect with ssh.com client" | 4 | tid="connect with ssh.com client" |
@@ -15,7 +15,9 @@ VERSIONS=" | |||
15 | 2.3.1 | 15 | 2.3.1 |
16 | 2.4.0 | 16 | 2.4.0 |
17 | 3.0.0 | 17 | 3.0.0 |
18 | 3.1.0" | 18 | 3.1.0 |
19 | 3.2.0 | ||
20 | 3.3.0" | ||
19 | 21 | ||
20 | # 2.0.10 2.0.12 2.0.13 don't like the test setup | 22 | # 2.0.10 2.0.12 2.0.13 don't like the test setup |
21 | 23 | ||
diff --git a/regress/ssh-com-keygen.sh b/regress/ssh-com-keygen.sh index 90ba2fcdc..e93dc78c9 100644 --- a/regress/ssh-com-keygen.sh +++ b/regress/ssh-com-keygen.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $ | 1 | # $OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="ssh.com key import" | 4 | tid="ssh.com key import" |
@@ -18,7 +18,9 @@ VERSIONS=" | |||
18 | 2.3.1 | 18 | 2.3.1 |
19 | 2.4.0 | 19 | 2.4.0 |
20 | 3.0.0 | 20 | 3.0.0 |
21 | 3.1.0" | 21 | 3.1.0 |
22 | 3.2.0 | ||
23 | 3.3.0" | ||
22 | 24 | ||
23 | COMPRV=${OBJ}/comkey | 25 | COMPRV=${OBJ}/comkey |
24 | COMPUB=${COMPRV}.pub | 26 | COMPUB=${COMPRV}.pub |
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh index 231efa132..f08018b84 100644 --- a/regress/ssh-com-sftp.sh +++ b/regress/ssh-com-sftp.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $ | 1 | # $OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="basic sftp put/get with ssh.com server" | 4 | tid="basic sftp put/get with ssh.com server" |
@@ -24,7 +24,9 @@ VERSIONS=" | |||
24 | 2.3.1 | 24 | 2.3.1 |
25 | 2.4.0 | 25 | 2.4.0 |
26 | 3.0.0 | 26 | 3.0.0 |
27 | 3.1.0" | 27 | 3.1.0 |
28 | 3.2.0 | ||
29 | 3.3.0" | ||
28 | 30 | ||
29 | # go for it | 31 | # go for it |
30 | for v in ${VERSIONS}; do | 32 | for v in ${VERSIONS}; do |
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh index 6a199fa65..c2bd15380 100644 --- a/regress/ssh-com.sh +++ b/regress/ssh-com.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect to ssh.com server" | 4 | tid="connect to ssh.com server" |
@@ -14,17 +14,19 @@ VERSIONS=" | |||
14 | 2.1.0 | 14 | 2.1.0 |
15 | 2.2.0 | 15 | 2.2.0 |
16 | 2.3.0 | 16 | 2.3.0 |
17 | 2.3.1 | ||
18 | 2.4.0 | 17 | 2.4.0 |
19 | 3.0.0 | 18 | 3.0.0 |
20 | 3.1.0" | 19 | 3.1.0 |
20 | 3.2.0 | ||
21 | 3.3.0" | ||
21 | # 2.0.10 does not support UserConfigDirectory | 22 | # 2.0.10 does not support UserConfigDirectory |
23 | # 2.3.1 requires a config in $HOME/.ssh2 | ||
22 | 24 | ||
23 | SRC=`dirname ${SCRIPT}` | 25 | SRC=`dirname ${SCRIPT}` |
24 | 26 | ||
25 | # ssh.com | 27 | # ssh.com |
26 | cat << EOF > $OBJ/sshd2_config | 28 | cat << EOF > $OBJ/sshd2_config |
27 | *: | 29 | #*: |
28 | # Port and ListenAdress are not used. | 30 | # Port and ListenAdress are not used. |
29 | QuietMode yes | 31 | QuietMode yes |
30 | Port 4343 | 32 | Port 4343 |
@@ -1,17 +1,17 @@ | |||
1 | SCP(1) System General Commands Manual SCP(1) | 1 | SCP(1) BSD General Commands Manual SCP(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | scp - secure copy (remote file copy program) | 4 | ^[[1mscp ^[[22mM-bMM-^R secure copy (remote file copy program) |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | scp [-pqrvBC46] [-F ssh_config] [-S program] [-P port] [-c cipher] | 7 | ^[[1mscp ^[[22m[^[[1mM-bMM-^RpqrvBC1246^[[22m] [^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[24m] [^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[24m] [^[[1mM-bMM-^RP ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher^[[24m] |
8 | [-i identity_file] [-o ssh_option] [[user@]host1:]file1 [...] | 8 | [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlimit^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[24m] [[^[[4muser@^[[24m]^[[4mhost1^[[24m:]^[[4mfile1^[[0m |
9 | [[user@]host2:]file2 | 9 | [^[[4m...^[[24m] [[^[[4muser@^[[24m]^[[4mhost2^[[24m:]^[[4mfile2^[[0m |
10 | 10 | ||
11 | DESCRIPTION | 11 | ^[[1mDESCRIPTION^[[0m |
12 | scp copies files between hosts on a network. It uses ssh(1) for data | 12 | ^[[1mscp ^[[22mcopies files between hosts on a network. It uses ssh(1) for data |
13 | transfer, and uses the same authentication and provides the same security | 13 | transfer, and uses the same authentication and provides the same security |
14 | as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if | 14 | as ssh(1). Unlike rcp(1), ^[[1mscp ^[[22mwill ask for passwords or passphrases if |
15 | they are needed for authentication. | 15 | they are needed for authentication. |
16 | 16 | ||
17 | Any file name may contain a host and user specification to indicate that | 17 | Any file name may contain a host and user specification to indicate that |
@@ -20,69 +20,74 @@ DESCRIPTION | |||
20 | 20 | ||
21 | The options are as follows: | 21 | The options are as follows: |
22 | 22 | ||
23 | -c cipher | 23 | ^[[1mM-bMM-^Rc ^[[4m^[[22mcipher^[[0m |
24 | Selects the cipher to use for encrypting the data transfer. This | 24 | Selects the cipher to use for encrypting the data transfer. This |
25 | option is directly passed to ssh(1). | 25 | option is directly passed to ssh(1). |
26 | 26 | ||
27 | -i identity_file | 27 | ^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[0m |
28 | Selects the file from which the identity (private key) for RSA | 28 | Selects the file from which the identity (private key) for RSA |
29 | authentication is read. This option is directly passed to | 29 | authentication is read. This option is directly passed to |
30 | ssh(1). | 30 | ssh(1). |
31 | 31 | ||
32 | -p Preserves modification times, access times, and modes from the | 32 | ^[[1mM-bMM-^Rl ^[[4m^[[22mlimit^[[0m |
33 | Limits the used bandwidth, specified in Kbit/s. | ||
34 | |||
35 | ^[[1mM-bMM-^Rp ^[[22mPreserves modification times, access times, and modes from the | ||
33 | original file. | 36 | original file. |
34 | 37 | ||
35 | -r Recursively copy entire directories. | 38 | ^[[1mM-bMM-^Rr ^[[22mRecursively copy entire directories. |
36 | 39 | ||
37 | -v Verbose mode. Causes scp and ssh(1) to print debugging messages | 40 | ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1mscp ^[[22mand ssh(1) to print debugging messages |
38 | about their progress. This is helpful in debugging connection, | 41 | about their progress. This is helpful in debugging connection, |
39 | authentication, and configuration problems. | 42 | authentication, and configuration problems. |
40 | 43 | ||
41 | -B Selects batch mode (prevents asking for passwords or | 44 | ^[[1mM-bMM-^RB ^[[22mSelects batch mode (prevents asking for passwords or |
42 | passphrases). | 45 | passphrases). |
43 | 46 | ||
44 | -q Disables the progress meter. | 47 | ^[[1mM-bMM-^Rq ^[[22mDisables the progress meter. |
45 | 48 | ||
46 | -C Compression enable. Passes the -C flag to ssh(1) to enable comM-- | 49 | ^[[1mM-bMM-^RC ^[[22mCompression enable. Passes the ^[[1mM-bMM-^RC ^[[22mflag to ssh(1) to enable comM-bM-^@M-^P |
47 | pression. | 50 | pression. |
48 | 51 | ||
49 | -F ssh_config | 52 | ^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[0m |
50 | Specifies an alternative per-user configuration file for ssh. | 53 | Specifies an alternative perM-bM-^@M-^Puser configuration file for ^[[1mssh^[[22m. |
51 | This option is directly passed to ssh(1). | 54 | This option is directly passed to ssh(1). |
52 | 55 | ||
53 | -P port | 56 | ^[[1mM-bMM-^RP ^[[4m^[[22mport^[[0m |
54 | Specifies the port to connect to on the remote host. Note that | 57 | Specifies the port to connect to on the remote host. Note that |
55 | this option is written with a capital `P', because -p is already | 58 | this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because ^[[1mM-bMM-^Rp ^[[22mis already |
56 | reserved for preserving the times and modes of the file in | 59 | reserved for preserving the times and modes of the file in |
57 | rcp(1). | 60 | rcp(1). |
58 | 61 | ||
59 | -S program | 62 | ^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[0m |
60 | Name of program to use for the encrypted connection. The program | 63 | Name of ^[[4mprogram^[[24m to use for the encrypted connection. The program |
61 | must understand ssh(1) options. | 64 | must understand ssh(1) options. |
62 | 65 | ||
63 | -o ssh_option | 66 | ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m |
64 | Can be used to pass options to ssh in the format used in | 67 | Can be used to pass options to ^[[1mssh ^[[22min the format used in |
65 | ssh_config(5). This is useful for specifying options for which | 68 | ssh_config(5). This is useful for specifying options for which |
66 | there is no separate scp command-line flag. For example, forcing | 69 | there is no separate ^[[1mscp ^[[22mcommandM-bM-^@M-^Pline flag. |
67 | the use of protocol version 1 is specified using scp | 70 | |
68 | -oProtocol=1. | 71 | ^[[1mM-bMM-^R1 ^[[22mForces ^[[1mscp ^[[22mto use protocol 1. |
72 | |||
73 | ^[[1mM-bMM-^R2 ^[[22mForces ^[[1mscp ^[[22mto use protocol 2. | ||
69 | 74 | ||
70 | -4 Forces scp to use IPv4 addresses only. | 75 | ^[[1mM-bMM-^R4 ^[[22mForces ^[[1mscp ^[[22mto use IPv4 addresses only. |
71 | 76 | ||
72 | -6 Forces scp to use IPv6 addresses only. | 77 | ^[[1mM-bMM-^R6 ^[[22mForces ^[[1mscp ^[[22mto use IPv6 addresses only. |
73 | 78 | ||
74 | DIAGNOSTICS | 79 | ^[[1mDIAGNOSTICS^[[0m |
75 | scp exits with 0 on success or >0 if an error occurred. | 80 | ^[[1mscp ^[[22mexits with 0 on success or >0 if an error occurred. |
76 | 81 | ||
77 | AUTHORS | 82 | ^[[1mAUTHORS^[[0m |
78 | Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi> | 83 | Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi> |
79 | 84 | ||
80 | HISTORY | 85 | ^[[1mHISTORY^[[0m |
81 | scp is based on the rcp(1) program in BSD source code from the Regents of | 86 | ^[[1mscp ^[[22mis based on the rcp(1) program in BSD source code from the Regents of |
82 | the University of California. | 87 | the University of California. |
83 | 88 | ||
84 | SEE ALSO | 89 | ^[[1mSEE ALSO^[[0m |
85 | rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 90 | rcp(1), sftp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), |
86 | ssh_config(5), sshd(8) | 91 | ssh_config(5), sshd(8) |
87 | 92 | ||
88 | BSD September 25, 1999 BSD | 93 | BSD September 25, 1999 BSD |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.26 2003/01/28 17:24:51 stevesk Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -25,6 +25,7 @@ | |||
25 | .Op Fl P Ar port | 25 | .Op Fl P Ar port |
26 | .Op Fl c Ar cipher | 26 | .Op Fl c Ar cipher |
27 | .Op Fl i Ar identity_file | 27 | .Op Fl i Ar identity_file |
28 | .Op Fl l Ar limit | ||
28 | .Op Fl o Ar ssh_option | 29 | .Op Fl o Ar ssh_option |
29 | .Sm off | 30 | .Sm off |
30 | .Oo | 31 | .Oo |
@@ -68,6 +69,8 @@ Selects the file from which the identity (private key) for RSA | |||
68 | authentication is read. | 69 | authentication is read. |
69 | This option is directly passed to | 70 | This option is directly passed to |
70 | .Xr ssh 1 . | 71 | .Xr ssh 1 . |
72 | .It Fl l Ar limit | ||
73 | Limits the used bandwidth, specified in Kbit/s. | ||
71 | .It Fl p | 74 | .It Fl p |
72 | Preserves modification times, access times, and modes from the | 75 | Preserves modification times, access times, and modes from the |
73 | original file. | 76 | original file. |
@@ -122,17 +125,15 @@ in the format used in | |||
122 | This is useful for specifying options | 125 | This is useful for specifying options |
123 | for which there is no separate | 126 | for which there is no separate |
124 | .Nm scp | 127 | .Nm scp |
125 | command-line flag. For example, forcing the use of protocol | 128 | command-line flag. |
126 | version 1 is specified using | ||
127 | .Ic scp -oProtocol=1 . | ||
128 | .It Fl 1 | 129 | .It Fl 1 |
129 | Forces | 130 | Forces |
130 | .Nm | 131 | .Nm |
131 | to try protocol version 1 only. | 132 | to use protocol 1. |
132 | .It Fl 2 | 133 | .It Fl 2 |
133 | Forces | 134 | Forces |
134 | .Nm | 135 | .Nm |
135 | to try protocol version 2 only. | 136 | to use protocol 2. |
136 | .It Fl 4 | 137 | .It Fl 4 |
137 | Forces | 138 | Forces |
138 | .Nm | 139 | .Nm |
@@ -75,13 +75,14 @@ | |||
75 | */ | 75 | */ |
76 | 76 | ||
77 | #include "includes.h" | 77 | #include "includes.h" |
78 | RCSID("$OpenBSD: scp.c,v 1.91 2002/06/19 00:27:55 deraadt Exp $"); | 78 | RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $"); |
79 | 79 | ||
80 | #include "xmalloc.h" | 80 | #include "xmalloc.h" |
81 | #include "atomicio.h" | 81 | #include "atomicio.h" |
82 | #include "pathnames.h" | 82 | #include "pathnames.h" |
83 | #include "log.h" | 83 | #include "log.h" |
84 | #include "misc.h" | 84 | #include "misc.h" |
85 | #include "progressmeter.h" | ||
85 | 86 | ||
86 | #ifdef HAVE___PROGNAME | 87 | #ifdef HAVE___PROGNAME |
87 | extern char *__progname; | 88 | extern char *__progname; |
@@ -89,29 +90,13 @@ extern char *__progname; | |||
89 | char *__progname; | 90 | char *__progname; |
90 | #endif | 91 | #endif |
91 | 92 | ||
92 | /* For progressmeter() -- number of seconds before xfer considered "stalled" */ | 93 | void bwlimit(int); |
93 | #define STALLTIME 5 | ||
94 | /* alarm() interval for updating progress meter */ | ||
95 | #define PROGRESSTIME 1 | ||
96 | |||
97 | /* Visual statistics about files as they are transferred. */ | ||
98 | void progressmeter(int); | ||
99 | |||
100 | /* Returns width of the terminal (for progress meter calculations). */ | ||
101 | int getttywidth(void); | ||
102 | int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc); | ||
103 | 94 | ||
104 | /* Struct for addargs */ | 95 | /* Struct for addargs */ |
105 | arglist args; | 96 | arglist args; |
106 | 97 | ||
107 | /* Time a transfer started. */ | 98 | /* Bandwidth limit */ |
108 | static struct timeval start; | 99 | off_t limitbw = 0; |
109 | |||
110 | /* Number of bytes of current file transferred so far. */ | ||
111 | volatile off_t statbytes; | ||
112 | |||
113 | /* Total size of current file. */ | ||
114 | off_t totalbytes = 0; | ||
115 | 100 | ||
116 | /* Name of current file being transferred. */ | 101 | /* Name of current file being transferred. */ |
117 | char *curfile; | 102 | char *curfile; |
@@ -125,6 +110,9 @@ int showprogress = 1; | |||
125 | /* This is the program to execute for the secured connection. ("ssh" or -S) */ | 110 | /* This is the program to execute for the secured connection. ("ssh" or -S) */ |
126 | char *ssh_program = _PATH_SSH_PROGRAM; | 111 | char *ssh_program = _PATH_SSH_PROGRAM; |
127 | 112 | ||
113 | /* This is used to store the pid of ssh_program */ | ||
114 | pid_t do_cmd_pid; | ||
115 | |||
128 | /* | 116 | /* |
129 | * This function executes the given command as the specified user on the | 117 | * This function executes the given command as the specified user on the |
130 | * given host. This returns < 0 if execution fails, and >= 0 otherwise. This | 118 | * given host. This returns < 0 if execution fails, and >= 0 otherwise. This |
@@ -159,7 +147,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) | |||
159 | close(reserved[1]); | 147 | close(reserved[1]); |
160 | 148 | ||
161 | /* For a child to execute the command on the remote host using ssh. */ | 149 | /* For a child to execute the command on the remote host using ssh. */ |
162 | if (fork() == 0) { | 150 | do_cmd_pid = fork(); |
151 | if (do_cmd_pid == 0) { | ||
163 | /* Child. */ | 152 | /* Child. */ |
164 | close(pin[1]); | 153 | close(pin[1]); |
165 | close(pout[0]); | 154 | close(pout[0]); |
@@ -177,6 +166,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) | |||
177 | execvp(ssh_program, args.list); | 166 | execvp(ssh_program, args.list); |
178 | perror(ssh_program); | 167 | perror(ssh_program); |
179 | exit(1); | 168 | exit(1); |
169 | } else if (do_cmd_pid == -1) { | ||
170 | fatal("fork: %s", strerror(errno)); | ||
180 | } | 171 | } |
181 | /* Parent. Close the other side, and return the local side. */ | 172 | /* Parent. Close the other side, and return the local side. */ |
182 | close(pin[0]); | 173 | close(pin[0]); |
@@ -219,8 +210,9 @@ main(argc, argv) | |||
219 | int argc; | 210 | int argc; |
220 | char *argv[]; | 211 | char *argv[]; |
221 | { | 212 | { |
222 | int ch, fflag, tflag; | 213 | int ch, fflag, tflag, status; |
223 | char *targ; | 214 | double speed; |
215 | char *targ, *endp; | ||
224 | extern char *optarg; | 216 | extern char *optarg; |
225 | extern int optind; | 217 | extern int optind; |
226 | 218 | ||
@@ -233,7 +225,7 @@ main(argc, argv) | |||
233 | addargs(&args, "-oClearAllForwardings yes"); | 225 | addargs(&args, "-oClearAllForwardings yes"); |
234 | 226 | ||
235 | fflag = tflag = 0; | 227 | fflag = tflag = 0; |
236 | while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q1246S:o:F:")) != -1) | 228 | while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) |
237 | switch (ch) { | 229 | switch (ch) { |
238 | /* User-visible flags. */ | 230 | /* User-visible flags. */ |
239 | case '1': | 231 | case '1': |
@@ -255,6 +247,12 @@ main(argc, argv) | |||
255 | case 'B': | 247 | case 'B': |
256 | addargs(&args, "-oBatchmode yes"); | 248 | addargs(&args, "-oBatchmode yes"); |
257 | break; | 249 | break; |
250 | case 'l': | ||
251 | speed = strtod(optarg, &endp); | ||
252 | if (speed <= 0 || *endp != '\0') | ||
253 | usage(); | ||
254 | limitbw = speed * 1024; | ||
255 | break; | ||
258 | case 'p': | 256 | case 'p': |
259 | pflag = 1; | 257 | pflag = 1; |
260 | break; | 258 | break; |
@@ -319,6 +317,7 @@ main(argc, argv) | |||
319 | targetshouldbedirectory = 1; | 317 | targetshouldbedirectory = 1; |
320 | 318 | ||
321 | remin = remout = -1; | 319 | remin = remout = -1; |
320 | do_cmd_pid = -1; | ||
322 | /* Command to be executed on remote system using "ssh". */ | 321 | /* Command to be executed on remote system using "ssh". */ |
323 | (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s", | 322 | (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s", |
324 | verbose_mode ? " -v" : "", | 323 | verbose_mode ? " -v" : "", |
@@ -334,6 +333,22 @@ main(argc, argv) | |||
334 | if (targetshouldbedirectory) | 333 | if (targetshouldbedirectory) |
335 | verifydir(argv[argc - 1]); | 334 | verifydir(argv[argc - 1]); |
336 | } | 335 | } |
336 | /* | ||
337 | * Finally check the exit status of the ssh process, if one was forked | ||
338 | * and no error has occured yet | ||
339 | */ | ||
340 | if (do_cmd_pid != -1 && errs == 0) { | ||
341 | if (remin != -1) | ||
342 | (void) close(remin); | ||
343 | if (remout != -1) | ||
344 | (void) close(remout); | ||
345 | if (waitpid(do_cmd_pid, &status, 0) == -1) | ||
346 | errs = 1; | ||
347 | else { | ||
348 | if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) | ||
349 | errs = 1; | ||
350 | } | ||
351 | } | ||
337 | exit(errs != 0); | 352 | exit(errs != 0); |
338 | } | 353 | } |
339 | 354 | ||
@@ -349,14 +364,12 @@ toremote(targ, argc, argv) | |||
349 | if (*targ == 0) | 364 | if (*targ == 0) |
350 | targ = "."; | 365 | targ = "."; |
351 | 366 | ||
352 | if ((thost = strchr(argv[argc - 1], '@'))) { | 367 | if ((thost = strrchr(argv[argc - 1], '@'))) { |
353 | /* user@host */ | 368 | /* user@host */ |
354 | *thost++ = 0; | 369 | *thost++ = 0; |
355 | tuser = argv[argc - 1]; | 370 | tuser = argv[argc - 1]; |
356 | if (*tuser == '\0') | 371 | if (*tuser == '\0') |
357 | tuser = NULL; | 372 | tuser = NULL; |
358 | else if (!okname(tuser)) | ||
359 | exit(1); | ||
360 | } else { | 373 | } else { |
361 | thost = argv[argc - 1]; | 374 | thost = argv[argc - 1]; |
362 | tuser = NULL; | 375 | tuser = NULL; |
@@ -370,7 +383,7 @@ toremote(targ, argc, argv) | |||
370 | *src++ = 0; | 383 | *src++ = 0; |
371 | if (*src == 0) | 384 | if (*src == 0) |
372 | src = "."; | 385 | src = "."; |
373 | host = strchr(argv[i], '@'); | 386 | host = strrchr(argv[i], '@'); |
374 | len = strlen(ssh_program) + strlen(argv[i]) + | 387 | len = strlen(ssh_program) + strlen(argv[i]) + |
375 | strlen(src) + (tuser ? strlen(tuser) : 0) + | 388 | strlen(src) + (tuser ? strlen(tuser) : 0) + |
376 | strlen(thost) + strlen(targ) + | 389 | strlen(thost) + strlen(targ) + |
@@ -382,8 +395,14 @@ toremote(targ, argc, argv) | |||
382 | suser = argv[i]; | 395 | suser = argv[i]; |
383 | if (*suser == '\0') | 396 | if (*suser == '\0') |
384 | suser = pwd->pw_name; | 397 | suser = pwd->pw_name; |
385 | else if (!okname(suser)) | 398 | else if (!okname(suser)) { |
399 | xfree(bp); | ||
386 | continue; | 400 | continue; |
401 | } | ||
402 | if (tuser && !okname(tuser)) { | ||
403 | xfree(bp); | ||
404 | continue; | ||
405 | } | ||
387 | snprintf(bp, len, | 406 | snprintf(bp, len, |
388 | "%s%s %s -n " | 407 | "%s%s %s -n " |
389 | "-l %s %s %s %s '%s%s%s:%s'", | 408 | "-l %s %s %s %s '%s%s%s:%s'", |
@@ -449,7 +468,7 @@ tolocal(argc, argv) | |||
449 | *src++ = 0; | 468 | *src++ = 0; |
450 | if (*src == 0) | 469 | if (*src == 0) |
451 | src = "."; | 470 | src = "."; |
452 | if ((host = strchr(argv[i], '@')) == NULL) { | 471 | if ((host = strrchr(argv[i], '@')) == NULL) { |
453 | host = argv[i]; | 472 | host = argv[i]; |
454 | suser = NULL; | 473 | suser = NULL; |
455 | } else { | 474 | } else { |
@@ -457,8 +476,6 @@ tolocal(argc, argv) | |||
457 | suser = argv[i]; | 476 | suser = argv[i]; |
458 | if (*suser == '\0') | 477 | if (*suser == '\0') |
459 | suser = pwd->pw_name; | 478 | suser = pwd->pw_name; |
460 | else if (!okname(suser)) | ||
461 | continue; | ||
462 | } | 479 | } |
463 | host = cleanhostname(host); | 480 | host = cleanhostname(host); |
464 | len = strlen(src) + CMDNEEDS + 20; | 481 | len = strlen(src) + CMDNEEDS + 20; |
@@ -484,7 +501,7 @@ source(argc, argv) | |||
484 | struct stat stb; | 501 | struct stat stb; |
485 | static BUF buffer; | 502 | static BUF buffer; |
486 | BUF *bp; | 503 | BUF *bp; |
487 | off_t i, amt, result; | 504 | off_t i, amt, result, statbytes; |
488 | int fd, haderr, indx; | 505 | int fd, haderr, indx; |
489 | char *last, *name, buf[2048]; | 506 | char *last, *name, buf[2048]; |
490 | int len; | 507 | int len; |
@@ -549,7 +566,6 @@ syserr: run_err("%s: %s", name, strerror(errno)); | |||
549 | #endif | 566 | #endif |
550 | if (verbose_mode) { | 567 | if (verbose_mode) { |
551 | fprintf(stderr, "Sending file modes: %s", buf); | 568 | fprintf(stderr, "Sending file modes: %s", buf); |
552 | fflush(stderr); | ||
553 | } | 569 | } |
554 | (void) atomicio(write, remout, buf, strlen(buf)); | 570 | (void) atomicio(write, remout, buf, strlen(buf)); |
555 | if (response() < 0) | 571 | if (response() < 0) |
@@ -558,10 +574,8 @@ syserr: run_err("%s: %s", name, strerror(errno)); | |||
558 | next: (void) close(fd); | 574 | next: (void) close(fd); |
559 | continue; | 575 | continue; |
560 | } | 576 | } |
561 | if (showprogress) { | 577 | if (showprogress) |
562 | totalbytes = stb.st_size; | 578 | start_progress_meter(curfile, stb.st_size, &statbytes); |
563 | progressmeter(-1); | ||
564 | } | ||
565 | /* Keep writing after an error so that we stay sync'd up. */ | 579 | /* Keep writing after an error so that we stay sync'd up. */ |
566 | for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { | 580 | for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { |
567 | amt = bp->cnt; | 581 | amt = bp->cnt; |
@@ -580,9 +594,11 @@ next: (void) close(fd); | |||
580 | haderr = result >= 0 ? EIO : errno; | 594 | haderr = result >= 0 ? EIO : errno; |
581 | statbytes += result; | 595 | statbytes += result; |
582 | } | 596 | } |
597 | if (limitbw) | ||
598 | bwlimit(amt); | ||
583 | } | 599 | } |
584 | if (showprogress) | 600 | if (showprogress) |
585 | progressmeter(1); | 601 | stop_progress_meter(); |
586 | 602 | ||
587 | if (close(fd) < 0 && !haderr) | 603 | if (close(fd) < 0 && !haderr) |
588 | haderr = errno; | 604 | haderr = errno; |
@@ -650,6 +666,60 @@ rsource(name, statp) | |||
650 | } | 666 | } |
651 | 667 | ||
652 | void | 668 | void |
669 | bwlimit(int amount) | ||
670 | { | ||
671 | static struct timeval bwstart, bwend; | ||
672 | static int lamt, thresh = 16384; | ||
673 | u_int64_t wait; | ||
674 | struct timespec ts, rm; | ||
675 | |||
676 | if (!timerisset(&bwstart)) { | ||
677 | gettimeofday(&bwstart, NULL); | ||
678 | return; | ||
679 | } | ||
680 | |||
681 | lamt += amount; | ||
682 | if (lamt < thresh) | ||
683 | return; | ||
684 | |||
685 | gettimeofday(&bwend, NULL); | ||
686 | timersub(&bwend, &bwstart, &bwend); | ||
687 | if (!timerisset(&bwend)) | ||
688 | return; | ||
689 | |||
690 | lamt *= 8; | ||
691 | wait = (double)1000000L * lamt / limitbw; | ||
692 | |||
693 | bwstart.tv_sec = wait / 1000000L; | ||
694 | bwstart.tv_usec = wait % 1000000L; | ||
695 | |||
696 | if (timercmp(&bwstart, &bwend, >)) { | ||
697 | timersub(&bwstart, &bwend, &bwend); | ||
698 | |||
699 | /* Adjust the wait time */ | ||
700 | if (bwend.tv_sec) { | ||
701 | thresh /= 2; | ||
702 | if (thresh < 2048) | ||
703 | thresh = 2048; | ||
704 | } else if (bwend.tv_usec < 100) { | ||
705 | thresh *= 2; | ||
706 | if (thresh > 32768) | ||
707 | thresh = 32768; | ||
708 | } | ||
709 | |||
710 | TIMEVAL_TO_TIMESPEC(&bwend, &ts); | ||
711 | while (nanosleep(&ts, &rm) == -1) { | ||
712 | if (errno != EINTR) | ||
713 | break; | ||
714 | ts = rm; | ||
715 | } | ||
716 | } | ||
717 | |||
718 | lamt = 0; | ||
719 | gettimeofday(&bwstart, NULL); | ||
720 | } | ||
721 | |||
722 | void | ||
653 | sink(argc, argv) | 723 | sink(argc, argv) |
654 | int argc; | 724 | int argc; |
655 | char *argv[]; | 725 | char *argv[]; |
@@ -662,7 +732,7 @@ sink(argc, argv) | |||
662 | BUF *bp; | 732 | BUF *bp; |
663 | off_t i, j; | 733 | off_t i, j; |
664 | int amt, count, exists, first, mask, mode, ofd, omode; | 734 | int amt, count, exists, first, mask, mode, ofd, omode; |
665 | off_t size; | 735 | off_t size, statbytes; |
666 | int setimes, targisdir, wrerrno = 0; | 736 | int setimes, targisdir, wrerrno = 0; |
667 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; | 737 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; |
668 | struct timeval tv[2]; | 738 | struct timeval tv[2]; |
@@ -824,11 +894,9 @@ bad: run_err("%s: %s", np, strerror(errno)); | |||
824 | cp = bp->buf; | 894 | cp = bp->buf; |
825 | wrerr = NO; | 895 | wrerr = NO; |
826 | 896 | ||
827 | if (showprogress) { | ||
828 | totalbytes = size; | ||
829 | progressmeter(-1); | ||
830 | } | ||
831 | statbytes = 0; | 897 | statbytes = 0; |
898 | if (showprogress) | ||
899 | start_progress_meter(curfile, size, &statbytes); | ||
832 | for (count = i = 0; i < size; i += 4096) { | 900 | for (count = i = 0; i < size; i += 4096) { |
833 | amt = 4096; | 901 | amt = 4096; |
834 | if (i + amt > size) | 902 | if (i + amt > size) |
@@ -848,6 +916,10 @@ bad: run_err("%s: %s", np, strerror(errno)); | |||
848 | cp += j; | 916 | cp += j; |
849 | statbytes += j; | 917 | statbytes += j; |
850 | } while (amt > 0); | 918 | } while (amt > 0); |
919 | |||
920 | if (limitbw) | ||
921 | bwlimit(4096); | ||
922 | |||
851 | if (count == bp->cnt) { | 923 | if (count == bp->cnt) { |
852 | /* Keep reading so we stay sync'd up. */ | 924 | /* Keep reading so we stay sync'd up. */ |
853 | if (wrerr == NO) { | 925 | if (wrerr == NO) { |
@@ -862,13 +934,13 @@ bad: run_err("%s: %s", np, strerror(errno)); | |||
862 | } | 934 | } |
863 | } | 935 | } |
864 | if (showprogress) | 936 | if (showprogress) |
865 | progressmeter(1); | 937 | stop_progress_meter(); |
866 | if (count != 0 && wrerr == NO && | 938 | if (count != 0 && wrerr == NO && |
867 | (j = atomicio(write, ofd, bp->buf, count)) != count) { | 939 | (j = atomicio(write, ofd, bp->buf, count)) != count) { |
868 | wrerr = YES; | 940 | wrerr = YES; |
869 | wrerrno = j >= 0 ? EIO : errno; | 941 | wrerrno = j >= 0 ? EIO : errno; |
870 | } | 942 | } |
871 | if (ftruncate(ofd, size)) { | 943 | if (wrerr == NO && ftruncate(ofd, size) != 0) { |
872 | run_err("%s: truncate: %s", np, strerror(errno)); | 944 | run_err("%s: truncate: %s", np, strerror(errno)); |
873 | wrerr = DISPLAYED; | 945 | wrerr = DISPLAYED; |
874 | } | 946 | } |
@@ -957,8 +1029,8 @@ void | |||
957 | usage(void) | 1029 | usage(void) |
958 | { | 1030 | { |
959 | (void) fprintf(stderr, | 1031 | (void) fprintf(stderr, |
960 | "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n" | 1032 | "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" |
961 | " [-c cipher] [-i identity] [-o option]\n" | 1033 | " [-c cipher] [-i identity] [-l limit] [-o option]\n" |
962 | " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); | 1034 | " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); |
963 | exit(1); | 1035 | exit(1); |
964 | } | 1036 | } |
@@ -1015,9 +1087,18 @@ okname(cp0) | |||
1015 | c = (int)*cp; | 1087 | c = (int)*cp; |
1016 | if (c & 0200) | 1088 | if (c & 0200) |
1017 | goto bad; | 1089 | goto bad; |
1018 | if (!isalpha(c) && !isdigit(c) && | 1090 | if (!isalpha(c) && !isdigit(c)) { |
1019 | c != '_' && c != '-' && c != '.' && c != '+') | 1091 | switch (c) { |
1020 | goto bad; | 1092 | case '\'': |
1093 | case '"': | ||
1094 | case '`': | ||
1095 | case ' ': | ||
1096 | case '#': | ||
1097 | goto bad; | ||
1098 | default: | ||
1099 | break; | ||
1100 | } | ||
1101 | } | ||
1021 | } while (*++cp); | 1102 | } while (*++cp); |
1022 | return (1); | 1103 | return (1); |
1023 | 1104 | ||
@@ -1038,11 +1119,9 @@ allocbuf(bp, fd, blksize) | |||
1038 | run_err("fstat: %s", strerror(errno)); | 1119 | run_err("fstat: %s", strerror(errno)); |
1039 | return (0); | 1120 | return (0); |
1040 | } | 1121 | } |
1041 | if (stb.st_blksize == 0) | 1122 | size = roundup(stb.st_blksize, blksize); |
1123 | if (size == 0) | ||
1042 | size = blksize; | 1124 | size = blksize; |
1043 | else | ||
1044 | size = blksize + (stb.st_blksize - blksize % stb.st_blksize) % | ||
1045 | stb.st_blksize; | ||
1046 | #else /* HAVE_STRUCT_STAT_ST_BLKSIZE */ | 1125 | #else /* HAVE_STRUCT_STAT_ST_BLKSIZE */ |
1047 | size = blksize; | 1126 | size = blksize; |
1048 | #endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ | 1127 | #endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ |
@@ -1068,149 +1147,3 @@ lostconn(signo) | |||
1068 | else | 1147 | else |
1069 | exit(1); | 1148 | exit(1); |
1070 | } | 1149 | } |
1071 | |||
1072 | static void | ||
1073 | updateprogressmeter(int ignore) | ||
1074 | { | ||
1075 | int save_errno = errno; | ||
1076 | |||
1077 | progressmeter(0); | ||
1078 | signal(SIGALRM, updateprogressmeter); | ||
1079 | alarm(PROGRESSTIME); | ||
1080 | errno = save_errno; | ||
1081 | } | ||
1082 | |||
1083 | static int | ||
1084 | foregroundproc(void) | ||
1085 | { | ||
1086 | static pid_t pgrp = -1; | ||
1087 | int ctty_pgrp; | ||
1088 | |||
1089 | if (pgrp == -1) | ||
1090 | pgrp = getpgrp(); | ||
1091 | |||
1092 | #ifdef HAVE_TCGETPGRP | ||
1093 | return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 && | ||
1094 | ctty_pgrp == pgrp); | ||
1095 | #else | ||
1096 | return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && | ||
1097 | ctty_pgrp == pgrp)); | ||
1098 | #endif | ||
1099 | } | ||
1100 | |||
1101 | void | ||
1102 | progressmeter(int flag) | ||
1103 | { | ||
1104 | static const char prefixes[] = " KMGTP"; | ||
1105 | static struct timeval lastupdate; | ||
1106 | static off_t lastsize; | ||
1107 | struct timeval now, td, wait; | ||
1108 | off_t cursize, abbrevsize; | ||
1109 | double elapsed; | ||
1110 | int ratio, barlength, i, remaining; | ||
1111 | char buf[512]; | ||
1112 | |||
1113 | if (flag == -1) { | ||
1114 | (void) gettimeofday(&start, (struct timezone *) 0); | ||
1115 | lastupdate = start; | ||
1116 | lastsize = 0; | ||
1117 | } | ||
1118 | if (foregroundproc() == 0) | ||
1119 | return; | ||
1120 | |||
1121 | (void) gettimeofday(&now, (struct timezone *) 0); | ||
1122 | cursize = statbytes; | ||
1123 | if (totalbytes != 0) { | ||
1124 | ratio = 100.0 * cursize / totalbytes; | ||
1125 | ratio = MAX(ratio, 0); | ||
1126 | ratio = MIN(ratio, 100); | ||
1127 | } else | ||
1128 | ratio = 100; | ||
1129 | |||
1130 | snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio); | ||
1131 | |||
1132 | barlength = getttywidth() - 51; | ||
1133 | if (barlength > 0) { | ||
1134 | i = barlength * ratio / 100; | ||
1135 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1136 | "|%.*s%*s|", i, | ||
1137 | "*******************************************************" | ||
1138 | "*******************************************************" | ||
1139 | "*******************************************************" | ||
1140 | "*******************************************************" | ||
1141 | "*******************************************************" | ||
1142 | "*******************************************************" | ||
1143 | "*******************************************************", | ||
1144 | barlength - i, ""); | ||
1145 | } | ||
1146 | i = 0; | ||
1147 | abbrevsize = cursize; | ||
1148 | while (abbrevsize >= 100000 && i < sizeof(prefixes)) { | ||
1149 | i++; | ||
1150 | abbrevsize >>= 10; | ||
1151 | } | ||
1152 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ", | ||
1153 | (unsigned long) abbrevsize, prefixes[i], | ||
1154 | prefixes[i] == ' ' ? ' ' : 'B'); | ||
1155 | |||
1156 | timersub(&now, &lastupdate, &wait); | ||
1157 | if (cursize > lastsize) { | ||
1158 | lastupdate = now; | ||
1159 | lastsize = cursize; | ||
1160 | if (wait.tv_sec >= STALLTIME) { | ||
1161 | start.tv_sec += wait.tv_sec; | ||
1162 | start.tv_usec += wait.tv_usec; | ||
1163 | } | ||
1164 | wait.tv_sec = 0; | ||
1165 | } | ||
1166 | timersub(&now, &start, &td); | ||
1167 | elapsed = td.tv_sec + (td.tv_usec / 1000000.0); | ||
1168 | |||
1169 | if (flag != 1 && | ||
1170 | (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) { | ||
1171 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1172 | " --:-- ETA"); | ||
1173 | } else if (wait.tv_sec >= STALLTIME) { | ||
1174 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1175 | " - stalled -"); | ||
1176 | } else { | ||
1177 | if (flag != 1) | ||
1178 | remaining = (int)(totalbytes / (statbytes / elapsed) - | ||
1179 | elapsed); | ||
1180 | else | ||
1181 | remaining = elapsed; | ||
1182 | |||
1183 | i = remaining / 3600; | ||
1184 | if (i) | ||
1185 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1186 | "%2d:", i); | ||
1187 | else | ||
1188 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1189 | " "); | ||
1190 | i = remaining % 3600; | ||
1191 | snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), | ||
1192 | "%02d:%02d%s", i / 60, i % 60, | ||
1193 | (flag != 1) ? " ETA" : " "); | ||
1194 | } | ||
1195 | atomicio(write, fileno(stdout), buf, strlen(buf)); | ||
1196 | |||
1197 | if (flag == -1) { | ||
1198 | mysignal(SIGALRM, updateprogressmeter); | ||
1199 | alarm(PROGRESSTIME); | ||
1200 | } else if (flag == 1) { | ||
1201 | alarm(0); | ||
1202 | atomicio(write, fileno(stdout), "\n", 1); | ||
1203 | statbytes = 0; | ||
1204 | } | ||
1205 | } | ||
1206 | |||
1207 | int | ||
1208 | getttywidth(void) | ||
1209 | { | ||
1210 | struct winsize winsize; | ||
1211 | |||
1212 | if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1) | ||
1213 | return (winsize.ws_col ? winsize.ws_col : 80); | ||
1214 | else | ||
1215 | return (80); | ||
1216 | } | ||
diff --git a/servconf.c b/servconf.c index e3939df40..2510659ee 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -935,6 +935,7 @@ read_server_config(ServerOptions *options, const char *filename) | |||
935 | char line[1024]; | 935 | char line[1024]; |
936 | FILE *f; | 936 | FILE *f; |
937 | 937 | ||
938 | debug2("read_server_config: filename %s", filename); | ||
938 | f = fopen(filename, "r"); | 939 | f = fopen(filename, "r"); |
939 | if (!f) { | 940 | if (!f) { |
940 | perror(filename); | 941 | perror(filename); |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -201,6 +201,8 @@ auth_input_request_forwarding(struct passwd * pw) | |||
201 | void | 201 | void |
202 | do_authenticated(Authctxt *authctxt) | 202 | do_authenticated(Authctxt *authctxt) |
203 | { | 203 | { |
204 | setproctitle("%s", authctxt->pw->pw_name); | ||
205 | |||
204 | /* | 206 | /* |
205 | * Cancel the alarm we set to limit the time taken for | 207 | * Cancel the alarm we set to limit the time taken for |
206 | * authentication. | 208 | * authentication. |
@@ -689,7 +691,7 @@ do_pre_login(Session *s) | |||
689 | 691 | ||
690 | record_utmp_only(pid, s->tty, s->pw->pw_name, | 692 | record_utmp_only(pid, s->tty, s->pw->pw_name, |
691 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), | 693 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), |
692 | (struct sockaddr *)&from); | 694 | (struct sockaddr *)&from, fromlen); |
693 | } | 695 | } |
694 | #endif | 696 | #endif |
695 | 697 | ||
@@ -730,8 +732,8 @@ do_login(Session *s, const char *command) | |||
730 | * the address be 0.0.0.0. | 732 | * the address be 0.0.0.0. |
731 | */ | 733 | */ |
732 | memset(&from, 0, sizeof(from)); | 734 | memset(&from, 0, sizeof(from)); |
735 | fromlen = sizeof(from); | ||
733 | if (packet_connection_is_on_socket()) { | 736 | if (packet_connection_is_on_socket()) { |
734 | fromlen = sizeof(from); | ||
735 | if (getpeername(packet_get_connection_in(), | 737 | if (getpeername(packet_get_connection_in(), |
736 | (struct sockaddr *) & from, &fromlen) < 0) { | 738 | (struct sockaddr *) & from, &fromlen) < 0) { |
737 | debug("getpeername: %.100s", strerror(errno)); | 739 | debug("getpeername: %.100s", strerror(errno)); |
@@ -949,7 +951,7 @@ do_setup_env(Session *s, const char *shell) | |||
949 | { | 951 | { |
950 | char buf[256]; | 952 | char buf[256]; |
951 | u_int i, envsize; | 953 | u_int i, envsize; |
952 | char **env; | 954 | char **env, *laddr; |
953 | struct passwd *pw = s->pw; | 955 | struct passwd *pw = s->pw; |
954 | 956 | ||
955 | /* Initialize the environment. */ | 957 | /* Initialize the environment. */ |
@@ -969,6 +971,9 @@ do_setup_env(Session *s, const char *shell) | |||
969 | /* Set basic environment. */ | 971 | /* Set basic environment. */ |
970 | child_set_env(&env, &envsize, "USER", pw->pw_name); | 972 | child_set_env(&env, &envsize, "USER", pw->pw_name); |
971 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); | 973 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
974 | #ifdef _AIX | ||
975 | child_set_env(&env, &envsize, "LOGIN", pw->pw_name); | ||
976 | #endif | ||
972 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); | 977 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
973 | #ifdef HAVE_LOGIN_CAP | 978 | #ifdef HAVE_LOGIN_CAP |
974 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) | 979 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
@@ -1025,9 +1030,10 @@ do_setup_env(Session *s, const char *shell) | |||
1025 | get_remote_ipaddr(), get_remote_port(), get_local_port()); | 1030 | get_remote_ipaddr(), get_remote_port(), get_local_port()); |
1026 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); | 1031 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); |
1027 | 1032 | ||
1033 | laddr = get_local_ipaddr(packet_get_connection_in()); | ||
1028 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", | 1034 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", |
1029 | get_remote_ipaddr(), get_remote_port(), | 1035 | get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); |
1030 | get_local_ipaddr(packet_get_connection_in()), get_local_port()); | 1036 | xfree(laddr); |
1031 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); | 1037 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); |
1032 | 1038 | ||
1033 | if (s->ttyfd != -1) | 1039 | if (s->ttyfd != -1) |
@@ -1146,8 +1152,10 @@ do_rc_files(Session *s, const char *shell) | |||
1146 | /* Add authority data to .Xauthority if appropriate. */ | 1152 | /* Add authority data to .Xauthority if appropriate. */ |
1147 | if (debug_flag) { | 1153 | if (debug_flag) { |
1148 | fprintf(stderr, | 1154 | fprintf(stderr, |
1149 | "Running %.500s add " | 1155 | "Running %.500s remove %.100s\n", |
1150 | "%.100s %.100s %.100s\n", | 1156 | options.xauth_location, s->auth_display); |
1157 | fprintf(stderr, | ||
1158 | "%.500s add %.100s %.100s %.100s\n", | ||
1151 | options.xauth_location, s->auth_display, | 1159 | options.xauth_location, s->auth_display, |
1152 | s->auth_proto, s->auth_data); | 1160 | s->auth_proto, s->auth_data); |
1153 | } | 1161 | } |
@@ -1155,6 +1163,8 @@ do_rc_files(Session *s, const char *shell) | |||
1155 | options.xauth_location); | 1163 | options.xauth_location); |
1156 | f = popen(cmd, "w"); | 1164 | f = popen(cmd, "w"); |
1157 | if (f) { | 1165 | if (f) { |
1166 | fprintf(f, "remove %s\n", | ||
1167 | s->auth_display); | ||
1158 | fprintf(f, "add %s %s %s\n", | 1168 | fprintf(f, "add %s %s %s\n", |
1159 | s->auth_display, s->auth_proto, | 1169 | s->auth_display, s->auth_proto, |
1160 | s->auth_data); | 1170 | s->auth_data); |
@@ -1187,6 +1197,7 @@ do_nologin(struct passwd *pw) | |||
1187 | while (fgets(buf, sizeof(buf), f)) | 1197 | while (fgets(buf, sizeof(buf), f)) |
1188 | fputs(buf, stderr); | 1198 | fputs(buf, stderr); |
1189 | fclose(f); | 1199 | fclose(f); |
1200 | fflush(NULL); | ||
1190 | exit(254); | 1201 | exit(254); |
1191 | } | 1202 | } |
1192 | } | 1203 | } |
@@ -1195,11 +1206,11 @@ do_nologin(struct passwd *pw) | |||
1195 | void | 1206 | void |
1196 | do_setusercontext(struct passwd *pw) | 1207 | do_setusercontext(struct passwd *pw) |
1197 | { | 1208 | { |
1198 | #ifdef HAVE_CYGWIN | 1209 | #ifndef HAVE_CYGWIN |
1199 | if (is_winnt) { | 1210 | if (getuid() == 0 || geteuid() == 0) |
1200 | #else /* HAVE_CYGWIN */ | ||
1201 | if (getuid() == 0 || geteuid() == 0) { | ||
1202 | #endif /* HAVE_CYGWIN */ | 1211 | #endif /* HAVE_CYGWIN */ |
1212 | { | ||
1213 | |||
1203 | #ifdef HAVE_SETPCRED | 1214 | #ifdef HAVE_SETPCRED |
1204 | setpcred(pw->pw_name); | 1215 | setpcred(pw->pw_name); |
1205 | #endif /* HAVE_SETPCRED */ | 1216 | #endif /* HAVE_SETPCRED */ |
@@ -1249,6 +1260,10 @@ do_setusercontext(struct passwd *pw) | |||
1249 | permanently_set_uid(pw); | 1260 | permanently_set_uid(pw); |
1250 | #endif | 1261 | #endif |
1251 | } | 1262 | } |
1263 | |||
1264 | #ifdef HAVE_CYGWIN | ||
1265 | if (is_winnt) | ||
1266 | #endif | ||
1252 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1267 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
1253 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | 1268 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
1254 | } | 1269 | } |
@@ -1306,7 +1321,7 @@ do_child(Session *s, const char *command) | |||
1306 | */ | 1321 | */ |
1307 | if (!options.use_login) { | 1322 | if (!options.use_login) { |
1308 | #ifdef HAVE_OSF_SIA | 1323 | #ifdef HAVE_OSF_SIA |
1309 | session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); | 1324 | session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); |
1310 | if (!check_quietlogin(s, command)) | 1325 | if (!check_quietlogin(s, command)) |
1311 | do_motd(); | 1326 | do_motd(); |
1312 | #else /* HAVE_OSF_SIA */ | 1327 | #else /* HAVE_OSF_SIA */ |
@@ -1320,12 +1335,17 @@ do_child(Session *s, const char *command) | |||
1320 | * legal, and means /bin/sh. | 1335 | * legal, and means /bin/sh. |
1321 | */ | 1336 | */ |
1322 | shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; | 1337 | shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; |
1338 | |||
1339 | /* | ||
1340 | * Make sure $SHELL points to the shell from the password file, | ||
1341 | * even if shell is overridden from login.conf | ||
1342 | */ | ||
1343 | env = do_setup_env(s, shell); | ||
1344 | |||
1323 | #ifdef HAVE_LOGIN_CAP | 1345 | #ifdef HAVE_LOGIN_CAP |
1324 | shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); | 1346 | shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
1325 | #endif | 1347 | #endif |
1326 | 1348 | ||
1327 | env = do_setup_env(s, shell); | ||
1328 | |||
1329 | /* we have to stash the hostname before we close our socket. */ | 1349 | /* we have to stash the hostname before we close our socket. */ |
1330 | if (options.use_login) | 1350 | if (options.use_login) |
1331 | hostname = get_remote_name_or_ip(utmp_len, | 1351 | hostname = get_remote_name_or_ip(utmp_len, |
@@ -1989,13 +2009,22 @@ session_tty_list(void) | |||
1989 | { | 2009 | { |
1990 | static char buf[1024]; | 2010 | static char buf[1024]; |
1991 | int i; | 2011 | int i; |
2012 | char *cp; | ||
2013 | |||
1992 | buf[0] = '\0'; | 2014 | buf[0] = '\0'; |
1993 | for (i = 0; i < MAX_SESSIONS; i++) { | 2015 | for (i = 0; i < MAX_SESSIONS; i++) { |
1994 | Session *s = &sessions[i]; | 2016 | Session *s = &sessions[i]; |
1995 | if (s->used && s->ttyfd != -1) { | 2017 | if (s->used && s->ttyfd != -1) { |
2018 | |||
2019 | if (strncmp(s->tty, "/dev/", 5) != 0) { | ||
2020 | cp = strrchr(s->tty, '/'); | ||
2021 | cp = (cp == NULL) ? s->tty : cp + 1; | ||
2022 | } else | ||
2023 | cp = s->tty + 5; | ||
2024 | |||
1996 | if (buf[0] != '\0') | 2025 | if (buf[0] != '\0') |
1997 | strlcat(buf, ",", sizeof buf); | 2026 | strlcat(buf, ",", sizeof buf); |
1998 | strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); | 2027 | strlcat(buf, cp, sizeof buf); |
1999 | } | 2028 | } |
2000 | } | 2029 | } |
2001 | if (buf[0] == '\0') | 2030 | if (buf[0] == '\0') |
diff --git a/sftp-client.c b/sftp-client.c index f6a73f379..3b3279e65 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. | 2 | * Copyright (c) 2001-2003 Damien Miller. All rights reserved. |
3 | * | 3 | * |
4 | * Redistribution and use in source and binary forms, with or without | 4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions | 5 | * modification, are permitted provided that the following conditions |
@@ -28,7 +28,7 @@ | |||
28 | /* XXX: copy between two remote sites */ | 28 | /* XXX: copy between two remote sites */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $"); | 31 | RCSID("$OpenBSD: sftp-client.c,v 1.42 2003/03/05 22:33:43 markus Exp $"); |
32 | 32 | ||
33 | #include "openbsd-compat/sys-queue.h" | 33 | #include "openbsd-compat/sys-queue.h" |
34 | 34 | ||
@@ -38,14 +38,20 @@ RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $"); | |||
38 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
39 | #include "log.h" | 39 | #include "log.h" |
40 | #include "atomicio.h" | 40 | #include "atomicio.h" |
41 | #include "progressmeter.h" | ||
41 | 42 | ||
42 | #include "sftp.h" | 43 | #include "sftp.h" |
43 | #include "sftp-common.h" | 44 | #include "sftp-common.h" |
44 | #include "sftp-client.h" | 45 | #include "sftp-client.h" |
45 | 46 | ||
47 | extern int showprogress; | ||
48 | |||
46 | /* Minimum amount of data to read at at time */ | 49 | /* Minimum amount of data to read at at time */ |
47 | #define MIN_READ_SIZE 512 | 50 | #define MIN_READ_SIZE 512 |
48 | 51 | ||
52 | /* Maximum packet size */ | ||
53 | #define MAX_MSG_LENGTH (256 * 1024) | ||
54 | |||
49 | struct sftp_conn { | 55 | struct sftp_conn { |
50 | int fd_in; | 56 | int fd_in; |
51 | int fd_out; | 57 | int fd_out; |
@@ -58,48 +64,45 @@ struct sftp_conn { | |||
58 | static void | 64 | static void |
59 | send_msg(int fd, Buffer *m) | 65 | send_msg(int fd, Buffer *m) |
60 | { | 66 | { |
61 | int mlen = buffer_len(m); | 67 | u_char mlen[4]; |
62 | int len; | 68 | |
63 | Buffer oqueue; | 69 | if (buffer_len(m) > MAX_MSG_LENGTH) |
70 | fatal("Outbound message too long %u", buffer_len(m)); | ||
64 | 71 | ||
65 | buffer_init(&oqueue); | 72 | /* Send length first */ |
66 | buffer_put_int(&oqueue, mlen); | 73 | PUT_32BIT(mlen, buffer_len(m)); |
67 | buffer_append(&oqueue, buffer_ptr(m), mlen); | 74 | if (atomicio(write, fd, mlen, sizeof(mlen)) <= 0) |
68 | buffer_consume(m, mlen); | 75 | fatal("Couldn't send packet: %s", strerror(errno)); |
69 | 76 | ||
70 | len = atomicio(write, fd, buffer_ptr(&oqueue), buffer_len(&oqueue)); | 77 | if (atomicio(write, fd, buffer_ptr(m), buffer_len(m)) <= 0) |
71 | if (len <= 0) | ||
72 | fatal("Couldn't send packet: %s", strerror(errno)); | 78 | fatal("Couldn't send packet: %s", strerror(errno)); |
73 | 79 | ||
74 | buffer_free(&oqueue); | 80 | buffer_clear(m); |
75 | } | 81 | } |
76 | 82 | ||
77 | static void | 83 | static void |
78 | get_msg(int fd, Buffer *m) | 84 | get_msg(int fd, Buffer *m) |
79 | { | 85 | { |
80 | u_int len, msg_len; | 86 | ssize_t len; |
81 | unsigned char buf[4096]; | 87 | u_int msg_len; |
82 | 88 | ||
83 | len = atomicio(read, fd, buf, 4); | 89 | buffer_append_space(m, 4); |
90 | len = atomicio(read, fd, buffer_ptr(m), 4); | ||
84 | if (len == 0) | 91 | if (len == 0) |
85 | fatal("Connection closed"); | 92 | fatal("Connection closed"); |
86 | else if (len == -1) | 93 | else if (len == -1) |
87 | fatal("Couldn't read packet: %s", strerror(errno)); | 94 | fatal("Couldn't read packet: %s", strerror(errno)); |
88 | 95 | ||
89 | msg_len = GET_32BIT(buf); | 96 | msg_len = buffer_get_int(m); |
90 | if (msg_len > 256 * 1024) | 97 | if (msg_len > MAX_MSG_LENGTH) |
91 | fatal("Received message too long %u", msg_len); | 98 | fatal("Received message too long %u", msg_len); |
92 | 99 | ||
93 | while (msg_len) { | 100 | buffer_append_space(m, msg_len); |
94 | len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); | 101 | len = atomicio(read, fd, buffer_ptr(m), msg_len); |
95 | if (len == 0) | 102 | if (len == 0) |
96 | fatal("Connection closed"); | 103 | fatal("Connection closed"); |
97 | else if (len == -1) | 104 | else if (len == -1) |
98 | fatal("Couldn't read packet: %s", strerror(errno)); | 105 | fatal("Read packet: %s", strerror(errno)); |
99 | |||
100 | msg_len -= len; | ||
101 | buffer_append(m, buf, len); | ||
102 | } | ||
103 | } | 106 | } |
104 | 107 | ||
105 | static void | 108 | static void |
@@ -371,6 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
371 | error("Couldn't read directory: %s", | 374 | error("Couldn't read directory: %s", |
372 | fx2txt(status)); | 375 | fx2txt(status)); |
373 | do_close(conn, handle, handle_len); | 376 | do_close(conn, handle, handle_len); |
377 | xfree(handle); | ||
374 | return(status); | 378 | return(status); |
375 | } | 379 | } |
376 | } else if (type != SSH2_FXP_NAME) | 380 | } else if (type != SSH2_FXP_NAME) |
@@ -660,7 +664,7 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) | |||
660 | 664 | ||
661 | status = get_status(conn->fd_in, id); | 665 | status = get_status(conn->fd_in, id); |
662 | if (status != SSH2_FX_OK) | 666 | if (status != SSH2_FX_OK) |
663 | error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath, | 667 | error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath, |
664 | newpath, fx2txt(status)); | 668 | newpath, fx2txt(status)); |
665 | 669 | ||
666 | return(status); | 670 | return(status); |
@@ -741,6 +745,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
741 | int read_error, write_errno; | 745 | int read_error, write_errno; |
742 | u_int64_t offset, size; | 746 | u_int64_t offset, size; |
743 | u_int handle_len, mode, type, id, buflen; | 747 | u_int handle_len, mode, type, id, buflen; |
748 | off_t progress_counter; | ||
744 | struct request { | 749 | struct request { |
745 | u_int id; | 750 | u_int id; |
746 | u_int len; | 751 | u_int len; |
@@ -758,13 +763,13 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
758 | 763 | ||
759 | /* XXX: should we preserve set[ug]id? */ | 764 | /* XXX: should we preserve set[ug]id? */ |
760 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | 765 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) |
761 | mode = S_IWRITE | (a->perm & 0777); | 766 | mode = a->perm & 0777; |
762 | else | 767 | else |
763 | mode = 0666; | 768 | mode = 0666; |
764 | 769 | ||
765 | if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && | 770 | if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && |
766 | (a->perm & S_IFDIR)) { | 771 | (!S_ISREG(a->perm))) { |
767 | error("Cannot download a directory: %s", remote_path); | 772 | error("Cannot download non-regular file: %s", remote_path); |
768 | return(-1); | 773 | return(-1); |
769 | } | 774 | } |
770 | 775 | ||
@@ -793,7 +798,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
793 | return(-1); | 798 | return(-1); |
794 | } | 799 | } |
795 | 800 | ||
796 | local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode); | 801 | local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, |
802 | mode | S_IWRITE); | ||
797 | if (local_fd == -1) { | 803 | if (local_fd == -1) { |
798 | error("Couldn't open local file \"%s\" for writing: %s", | 804 | error("Couldn't open local file \"%s\" for writing: %s", |
799 | local_path, strerror(errno)); | 805 | local_path, strerror(errno)); |
@@ -805,6 +811,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
805 | /* Read from remote and write to local */ | 811 | /* Read from remote and write to local */ |
806 | write_error = read_error = write_errno = num_req = offset = 0; | 812 | write_error = read_error = write_errno = num_req = offset = 0; |
807 | max_req = 1; | 813 | max_req = 1; |
814 | progress_counter = 0; | ||
815 | |||
816 | if (showprogress) { | ||
817 | if (size) | ||
818 | start_progress_meter(remote_path, size, | ||
819 | &progress_counter); | ||
820 | else | ||
821 | printf("Fetching %s to %s\n", remote_path, local_path); | ||
822 | } | ||
823 | |||
808 | while (num_req > 0 || max_req > 0) { | 824 | while (num_req > 0 || max_req > 0) { |
809 | char *data; | 825 | char *data; |
810 | u_int len; | 826 | u_int len; |
@@ -857,14 +873,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
857 | (unsigned long long)req->offset + len - 1); | 873 | (unsigned long long)req->offset + len - 1); |
858 | if (len > req->len) | 874 | if (len > req->len) |
859 | fatal("Received more data than asked for " | 875 | fatal("Received more data than asked for " |
860 | "%u > %u", len, req->len); | 876 | "%u > %u", len, req->len); |
861 | if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || | 877 | if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || |
862 | atomicio(write, local_fd, data, len) != len) && | 878 | atomicio(write, local_fd, data, len) != len) && |
863 | !write_error) { | 879 | !write_error) { |
864 | write_errno = errno; | 880 | write_errno = errno; |
865 | write_error = 1; | 881 | write_error = 1; |
866 | max_req = 0; | 882 | max_req = 0; |
867 | } | 883 | } |
884 | progress_counter += len; | ||
868 | xfree(data); | 885 | xfree(data); |
869 | 886 | ||
870 | if (len == req->len) { | 887 | if (len == req->len) { |
@@ -907,6 +924,9 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
907 | } | 924 | } |
908 | } | 925 | } |
909 | 926 | ||
927 | if (showprogress && size) | ||
928 | stop_progress_meter(); | ||
929 | |||
910 | /* Sanity check */ | 930 | /* Sanity check */ |
911 | if (TAILQ_FIRST(&requests) != NULL) | 931 | if (TAILQ_FIRST(&requests) != NULL) |
912 | fatal("Transfer complete, but requests still in queue"); | 932 | fatal("Transfer complete, but requests still in queue"); |
@@ -930,7 +950,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
930 | if (pflag && chmod(local_path, mode) == -1) | 950 | if (pflag && chmod(local_path, mode) == -1) |
931 | #endif /* HAVE_FCHMOD */ | 951 | #endif /* HAVE_FCHMOD */ |
932 | error("Couldn't set mode on \"%s\": %s", local_path, | 952 | error("Couldn't set mode on \"%s\": %s", local_path, |
933 | strerror(errno)); | 953 | strerror(errno)); |
934 | if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { | 954 | if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { |
935 | struct timeval tv[2]; | 955 | struct timeval tv[2]; |
936 | tv[0].tv_sec = a->atime; | 956 | tv[0].tv_sec = a->atime; |
@@ -938,7 +958,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
938 | tv[0].tv_usec = tv[1].tv_usec = 0; | 958 | tv[0].tv_usec = tv[1].tv_usec = 0; |
939 | if (utimes(local_path, tv) == -1) | 959 | if (utimes(local_path, tv) == -1) |
940 | error("Can't set times on \"%s\": %s", | 960 | error("Can't set times on \"%s\": %s", |
941 | local_path, strerror(errno)); | 961 | local_path, strerror(errno)); |
942 | } | 962 | } |
943 | } | 963 | } |
944 | close(local_fd); | 964 | close(local_fd); |
@@ -983,6 +1003,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
983 | close(local_fd); | 1003 | close(local_fd); |
984 | return(-1); | 1004 | return(-1); |
985 | } | 1005 | } |
1006 | if (!S_ISREG(sb.st_mode)) { | ||
1007 | error("%s is not a regular file", local_path); | ||
1008 | close(local_fd); | ||
1009 | return(-1); | ||
1010 | } | ||
986 | stat_to_attrib(&sb, &a); | 1011 | stat_to_attrib(&sb, &a); |
987 | 1012 | ||
988 | a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; | 1013 | a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; |
@@ -1017,6 +1042,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1017 | 1042 | ||
1018 | /* Read from local and write to remote */ | 1043 | /* Read from local and write to remote */ |
1019 | offset = 0; | 1044 | offset = 0; |
1045 | if (showprogress) | ||
1046 | start_progress_meter(local_path, sb.st_size, &offset); | ||
1047 | else | ||
1048 | printf("Uploading %s to %s\n", local_path, remote_path); | ||
1049 | |||
1020 | for (;;) { | 1050 | for (;;) { |
1021 | int len; | 1051 | int len; |
1022 | 1052 | ||
@@ -1047,7 +1077,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1047 | buffer_put_string(&msg, data, len); | 1077 | buffer_put_string(&msg, data, len); |
1048 | send_msg(conn->fd_out, &msg); | 1078 | send_msg(conn->fd_out, &msg); |
1049 | debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", | 1079 | debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", |
1050 | id, (unsigned long long)offset, len); | 1080 | id, (unsigned long long)offset, len); |
1051 | } else if (TAILQ_FIRST(&acks) == NULL) | 1081 | } else if (TAILQ_FIRST(&acks) == NULL) |
1052 | break; | 1082 | break; |
1053 | 1083 | ||
@@ -1081,9 +1111,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1081 | 1111 | ||
1082 | if (status != SSH2_FX_OK) { | 1112 | if (status != SSH2_FX_OK) { |
1083 | error("Couldn't write to remote file \"%s\": %s", | 1113 | error("Couldn't write to remote file \"%s\": %s", |
1084 | remote_path, fx2txt(status)); | 1114 | remote_path, fx2txt(status)); |
1085 | do_close(conn, handle, handle_len); | 1115 | do_close(conn, handle, handle_len); |
1086 | close(local_fd); | 1116 | close(local_fd); |
1117 | xfree(data); | ||
1118 | xfree(ack); | ||
1087 | goto done; | 1119 | goto done; |
1088 | } | 1120 | } |
1089 | debug3("In write loop, ack for %u %u bytes at %llu", | 1121 | debug3("In write loop, ack for %u %u bytes at %llu", |
@@ -1093,6 +1125,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1093 | } | 1125 | } |
1094 | offset += len; | 1126 | offset += len; |
1095 | } | 1127 | } |
1128 | if (showprogress) | ||
1129 | stop_progress_meter(); | ||
1096 | xfree(data); | 1130 | xfree(data); |
1097 | 1131 | ||
1098 | if (close(local_fd) == -1) { | 1132 | if (close(local_fd) == -1) { |
diff --git a/sftp-common.c b/sftp-common.c index 082345486..31d41385b 100644 --- a/sftp-common.c +++ b/sftp-common.c | |||
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $"); | 27 | RCSID("$OpenBSD: sftp-common.c,v 1.8 2002/10/16 14:31:48 itojun Exp $"); |
28 | 28 | ||
29 | #include "buffer.h" | 29 | #include "buffer.h" |
30 | #include "bufaux.h" | 30 | #include "bufaux.h" |
@@ -208,6 +208,6 @@ ls_file(char *name, struct stat *st, int remote) | |||
208 | glen = MAX(strlen(group), 8); | 208 | glen = MAX(strlen(group), 8); |
209 | snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, | 209 | snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, |
210 | st->st_nlink, ulen, user, glen, group, | 210 | st->st_nlink, ulen, user, glen, group, |
211 | (u_int64_t)st->st_size, tbuf, name); | 211 | (unsigned long long)st->st_size, tbuf, name); |
212 | return xstrdup(buf); | 212 | return xstrdup(buf); |
213 | } | 213 | } |
diff --git a/sftp-int.c b/sftp-int.c index 6a2012910..6987de9a3 100644 --- a/sftp-int.c +++ b/sftp-int.c | |||
@@ -25,7 +25,7 @@ | |||
25 | /* XXX: recursive operations */ | 25 | /* XXX: recursive operations */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $"); | 28 | RCSID("$OpenBSD: sftp-int.c,v 1.57 2003/03/05 22:33:43 markus Exp $"); |
29 | 29 | ||
30 | #include "buffer.h" | 30 | #include "buffer.h" |
31 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
@@ -47,6 +47,9 @@ extern size_t copy_buffer_len; | |||
47 | /* Number of concurrent outstanding requests */ | 47 | /* Number of concurrent outstanding requests */ |
48 | extern int num_requests; | 48 | extern int num_requests; |
49 | 49 | ||
50 | /* This is set to 0 if the progressmeter is not desired. */ | ||
51 | int showprogress = 1; | ||
52 | |||
50 | /* Seperators for interactive commands */ | 53 | /* Seperators for interactive commands */ |
51 | #define WHITESPACE " \t\r\n" | 54 | #define WHITESPACE " \t\r\n" |
52 | 55 | ||
@@ -73,13 +76,14 @@ extern int num_requests; | |||
73 | #define I_SHELL 20 | 76 | #define I_SHELL 20 |
74 | #define I_SYMLINK 21 | 77 | #define I_SYMLINK 21 |
75 | #define I_VERSION 22 | 78 | #define I_VERSION 22 |
79 | #define I_PROGRESS 23 | ||
76 | 80 | ||
77 | struct CMD { | 81 | struct CMD { |
78 | const char *c; | 82 | const char *c; |
79 | const int n; | 83 | const int n; |
80 | }; | 84 | }; |
81 | 85 | ||
82 | const struct CMD cmds[] = { | 86 | static const struct CMD cmds[] = { |
83 | { "bye", I_QUIT }, | 87 | { "bye", I_QUIT }, |
84 | { "cd", I_CHDIR }, | 88 | { "cd", I_CHDIR }, |
85 | { "chdir", I_CHDIR }, | 89 | { "chdir", I_CHDIR }, |
@@ -100,6 +104,7 @@ const struct CMD cmds[] = { | |||
100 | { "ls", I_LS }, | 104 | { "ls", I_LS }, |
101 | { "lumask", I_LUMASK }, | 105 | { "lumask", I_LUMASK }, |
102 | { "mkdir", I_MKDIR }, | 106 | { "mkdir", I_MKDIR }, |
107 | { "progress", I_PROGRESS }, | ||
103 | { "put", I_PUT }, | 108 | { "put", I_PUT }, |
104 | { "mput", I_PUT }, | 109 | { "mput", I_PUT }, |
105 | { "pwd", I_PWD }, | 110 | { "pwd", I_PWD }, |
@@ -132,6 +137,7 @@ help(void) | |||
132 | printf("ls [path] Display remote directory listing\n"); | 137 | printf("ls [path] Display remote directory listing\n"); |
133 | printf("lumask umask Set local umask to 'umask'\n"); | 138 | printf("lumask umask Set local umask to 'umask'\n"); |
134 | printf("mkdir path Create remote directory\n"); | 139 | printf("mkdir path Create remote directory\n"); |
140 | printf("progress Toggle display of progress meter\n"); | ||
135 | printf("put local-path [remote-path] Upload file\n"); | 141 | printf("put local-path [remote-path] Upload file\n"); |
136 | printf("pwd Display remote working directory\n"); | 142 | printf("pwd Display remote working directory\n"); |
137 | printf("exit Quit sftp\n"); | 143 | printf("exit Quit sftp\n"); |
@@ -375,6 +381,17 @@ is_dir(char *path) | |||
375 | } | 381 | } |
376 | 382 | ||
377 | static int | 383 | static int |
384 | is_reg(char *path) | ||
385 | { | ||
386 | struct stat sb; | ||
387 | |||
388 | if (stat(path, &sb) == -1) | ||
389 | fatal("stat %s: %s", path, strerror(errno)); | ||
390 | |||
391 | return(S_ISREG(sb.st_mode)); | ||
392 | } | ||
393 | |||
394 | static int | ||
378 | remote_is_dir(struct sftp_conn *conn, char *path) | 395 | remote_is_dir(struct sftp_conn *conn, char *path) |
379 | { | 396 | { |
380 | Attrib *a; | 397 | Attrib *a; |
@@ -425,7 +442,6 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
425 | err = -1; | 442 | err = -1; |
426 | goto out; | 443 | goto out; |
427 | } | 444 | } |
428 | printf("Fetching %s to %s\n", g.gl_pathv[0], abs_dst); | ||
429 | err = do_download(conn, g.gl_pathv[0], abs_dst, pflag); | 445 | err = do_download(conn, g.gl_pathv[0], abs_dst, pflag); |
430 | goto out; | 446 | goto out; |
431 | } | 447 | } |
@@ -489,6 +505,12 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
489 | 505 | ||
490 | /* Only one match, dst may be file, directory or unspecified */ | 506 | /* Only one match, dst may be file, directory or unspecified */ |
491 | if (g.gl_pathv[0] && g.gl_matchc == 1) { | 507 | if (g.gl_pathv[0] && g.gl_matchc == 1) { |
508 | if (!is_reg(g.gl_pathv[0])) { | ||
509 | error("Can't upload %s: not a regular file", | ||
510 | g.gl_pathv[0]); | ||
511 | err = 1; | ||
512 | goto out; | ||
513 | } | ||
492 | if (tmp_dst) { | 514 | if (tmp_dst) { |
493 | /* If directory specified, append filename */ | 515 | /* If directory specified, append filename */ |
494 | if (remote_is_dir(conn, tmp_dst)) { | 516 | if (remote_is_dir(conn, tmp_dst)) { |
@@ -507,7 +529,6 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
507 | } | 529 | } |
508 | abs_dst = make_absolute(abs_dst, pwd); | 530 | abs_dst = make_absolute(abs_dst, pwd); |
509 | } | 531 | } |
510 | printf("Uploading %s to %s\n", g.gl_pathv[0], abs_dst); | ||
511 | err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag); | 532 | err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag); |
512 | goto out; | 533 | goto out; |
513 | } | 534 | } |
@@ -521,6 +542,11 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
521 | } | 542 | } |
522 | 543 | ||
523 | for (i = 0; g.gl_pathv[i]; i++) { | 544 | for (i = 0; g.gl_pathv[i]; i++) { |
545 | if (!is_reg(g.gl_pathv[i])) { | ||
546 | error("skipping non-regular file %s", | ||
547 | g.gl_pathv[i]); | ||
548 | continue; | ||
549 | } | ||
524 | if (infer_path(g.gl_pathv[i], &tmp)) { | 550 | if (infer_path(g.gl_pathv[i], &tmp)) { |
525 | err = -1; | 551 | err = -1; |
526 | goto out; | 552 | goto out; |
@@ -550,7 +576,7 @@ sdirent_comp(const void *aa, const void *bb) | |||
550 | SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; | 576 | SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; |
551 | SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; | 577 | SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; |
552 | 578 | ||
553 | return (strcmp(a->filename, b->filename)); | 579 | return (strcmp(a->filename, b->filename)); |
554 | } | 580 | } |
555 | 581 | ||
556 | /* sftp ls.1 replacement for directories */ | 582 | /* sftp ls.1 replacement for directories */ |
@@ -563,7 +589,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
563 | if ((n = do_readdir(conn, path, &d)) != 0) | 589 | if ((n = do_readdir(conn, path, &d)) != 0) |
564 | return (n); | 590 | return (n); |
565 | 591 | ||
566 | /* Count entries for sort */ | 592 | /* Count entries for sort */ |
567 | for (n = 0; d[n] != NULL; n++) | 593 | for (n = 0; d[n] != NULL; n++) |
568 | ; | 594 | ; |
569 | 595 | ||
@@ -571,7 +597,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
571 | 597 | ||
572 | for (n = 0; d[n] != NULL; n++) { | 598 | for (n = 0; d[n] != NULL; n++) { |
573 | char *tmp, *fname; | 599 | char *tmp, *fname; |
574 | 600 | ||
575 | tmp = path_append(path, d[n]->filename); | 601 | tmp = path_append(path, d[n]->filename); |
576 | fname = path_strip(tmp, strip_path); | 602 | fname = path_strip(tmp, strip_path); |
577 | xfree(tmp); | 603 | xfree(tmp); |
@@ -589,7 +615,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
589 | /* XXX - multicolumn display would be nice here */ | 615 | /* XXX - multicolumn display would be nice here */ |
590 | printf("%s\n", fname); | 616 | printf("%s\n", fname); |
591 | } | 617 | } |
592 | 618 | ||
593 | xfree(fname); | 619 | xfree(fname); |
594 | } | 620 | } |
595 | 621 | ||
@@ -599,7 +625,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
599 | 625 | ||
600 | /* sftp ls.1 replacement which handles path globs */ | 626 | /* sftp ls.1 replacement which handles path globs */ |
601 | static int | 627 | static int |
602 | do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | 628 | do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, |
603 | int lflag) | 629 | int lflag) |
604 | { | 630 | { |
605 | glob_t g; | 631 | glob_t g; |
@@ -609,23 +635,23 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
609 | 635 | ||
610 | memset(&g, 0, sizeof(g)); | 636 | memset(&g, 0, sizeof(g)); |
611 | 637 | ||
612 | if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, | 638 | if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, |
613 | NULL, &g)) { | 639 | NULL, &g)) { |
614 | error("Can't ls: \"%s\" not found", path); | 640 | error("Can't ls: \"%s\" not found", path); |
615 | return (-1); | 641 | return (-1); |
616 | } | 642 | } |
617 | 643 | ||
618 | /* | 644 | /* |
619 | * If the glob returns a single match, which is the same as the | 645 | * If the glob returns a single match, which is the same as the |
620 | * input glob, and it is a directory, then just list its contents | 646 | * input glob, and it is a directory, then just list its contents |
621 | */ | 647 | */ |
622 | if (g.gl_pathc == 1 && | 648 | if (g.gl_pathc == 1 && |
623 | strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { | 649 | strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { |
624 | if ((a = do_lstat(conn, path, 1)) == NULL) { | 650 | if ((a = do_lstat(conn, path, 1)) == NULL) { |
625 | globfree(&g); | 651 | globfree(&g); |
626 | return (-1); | 652 | return (-1); |
627 | } | 653 | } |
628 | if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && | 654 | if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && |
629 | S_ISDIR(a->perm)) { | 655 | S_ISDIR(a->perm)) { |
630 | globfree(&g); | 656 | globfree(&g); |
631 | return (do_ls_dir(conn, path, strip_path, lflag)); | 657 | return (do_ls_dir(conn, path, strip_path, lflag)); |
@@ -640,8 +666,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
640 | if (lflag) { | 666 | if (lflag) { |
641 | /* | 667 | /* |
642 | * XXX: this is slow - 1 roundtrip per path | 668 | * XXX: this is slow - 1 roundtrip per path |
643 | * A solution to this is to fork glob() and | 669 | * A solution to this is to fork glob() and |
644 | * build a sftp specific version which keeps the | 670 | * build a sftp specific version which keeps the |
645 | * attribs (which currently get thrown away) | 671 | * attribs (which currently get thrown away) |
646 | * that the server returns as well as the filenames. | 672 | * that the server returns as well as the filenames. |
647 | */ | 673 | */ |
@@ -666,7 +692,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
666 | } | 692 | } |
667 | 693 | ||
668 | static int | 694 | static int |
669 | parse_args(const char **cpp, int *pflag, int *lflag, | 695 | parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, |
670 | unsigned long *n_arg, char **path1, char **path2) | 696 | unsigned long *n_arg, char **path1, char **path2) |
671 | { | 697 | { |
672 | const char *cmd, *cp = *cpp; | 698 | const char *cmd, *cp = *cpp; |
@@ -678,10 +704,17 @@ parse_args(const char **cpp, int *pflag, int *lflag, | |||
678 | /* Skip leading whitespace */ | 704 | /* Skip leading whitespace */ |
679 | cp = cp + strspn(cp, WHITESPACE); | 705 | cp = cp + strspn(cp, WHITESPACE); |
680 | 706 | ||
681 | /* Ignore blank lines */ | 707 | /* Ignore blank lines and lines which begin with comment '#' char */ |
682 | if (!*cp) | 708 | if (*cp == '\0' || *cp == '#') |
683 | return(-1); | 709 | return (0); |
684 | 710 | ||
711 | /* Check for leading '-' (disable error processing) */ | ||
712 | *iflag = 0; | ||
713 | if (*cp == '-') { | ||
714 | *iflag = 1; | ||
715 | cp++; | ||
716 | } | ||
717 | |||
685 | /* Figure out which command we have */ | 718 | /* Figure out which command we have */ |
686 | for (i = 0; cmds[i].c; i++) { | 719 | for (i = 0; cmds[i].c; i++) { |
687 | int cmdlen = strlen(cmds[i].c); | 720 | int cmdlen = strlen(cmds[i].c); |
@@ -703,7 +736,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, | |||
703 | cmdnum = I_SHELL; | 736 | cmdnum = I_SHELL; |
704 | } else if (cmdnum == -1) { | 737 | } else if (cmdnum == -1) { |
705 | error("Invalid command."); | 738 | error("Invalid command."); |
706 | return(-1); | 739 | return (-1); |
707 | } | 740 | } |
708 | 741 | ||
709 | /* Get arguments and parse flags */ | 742 | /* Get arguments and parse flags */ |
@@ -803,6 +836,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, | |||
803 | case I_LPWD: | 836 | case I_LPWD: |
804 | case I_HELP: | 837 | case I_HELP: |
805 | case I_VERSION: | 838 | case I_VERSION: |
839 | case I_PROGRESS: | ||
806 | break; | 840 | break; |
807 | default: | 841 | default: |
808 | fatal("Command not implemented"); | 842 | fatal("Command not implemented"); |
@@ -813,10 +847,11 @@ parse_args(const char **cpp, int *pflag, int *lflag, | |||
813 | } | 847 | } |
814 | 848 | ||
815 | static int | 849 | static int |
816 | parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | 850 | parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, |
851 | int err_abort) | ||
817 | { | 852 | { |
818 | char *path1, *path2, *tmp; | 853 | char *path1, *path2, *tmp; |
819 | int pflag, lflag, cmdnum, i; | 854 | int pflag, lflag, iflag, cmdnum, i; |
820 | unsigned long n_arg; | 855 | unsigned long n_arg; |
821 | Attrib a, *aa; | 856 | Attrib a, *aa; |
822 | char path_buf[MAXPATHLEN]; | 857 | char path_buf[MAXPATHLEN]; |
@@ -824,14 +859,22 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
824 | glob_t g; | 859 | glob_t g; |
825 | 860 | ||
826 | path1 = path2 = NULL; | 861 | path1 = path2 = NULL; |
827 | cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg, | 862 | cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg, |
828 | &path1, &path2); | 863 | &path1, &path2); |
829 | 864 | ||
865 | if (iflag != 0) | ||
866 | err_abort = 0; | ||
867 | |||
830 | memset(&g, 0, sizeof(g)); | 868 | memset(&g, 0, sizeof(g)); |
831 | 869 | ||
832 | /* Perform command */ | 870 | /* Perform command */ |
833 | switch (cmdnum) { | 871 | switch (cmdnum) { |
872 | case 0: | ||
873 | /* Blank line */ | ||
874 | break; | ||
834 | case -1: | 875 | case -1: |
876 | /* Unrecognized command */ | ||
877 | err = -1; | ||
835 | break; | 878 | break; |
836 | case I_GET: | 879 | case I_GET: |
837 | err = process_get(conn, path1, path2, *pwd, pflag); | 880 | err = process_get(conn, path1, path2, *pwd, pflag); |
@@ -853,8 +896,9 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
853 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 896 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
854 | for (i = 0; g.gl_pathv[i]; i++) { | 897 | for (i = 0; g.gl_pathv[i]; i++) { |
855 | printf("Removing %s\n", g.gl_pathv[i]); | 898 | printf("Removing %s\n", g.gl_pathv[i]); |
856 | if (do_rm(conn, g.gl_pathv[i]) == -1) | 899 | err = do_rm(conn, g.gl_pathv[i]); |
857 | err = -1; | 900 | if (err != 0 && err_abort) |
901 | break; | ||
858 | } | 902 | } |
859 | break; | 903 | break; |
860 | case I_MKDIR: | 904 | case I_MKDIR: |
@@ -900,15 +944,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
900 | do_globbed_ls(conn, *pwd, *pwd, lflag); | 944 | do_globbed_ls(conn, *pwd, *pwd, lflag); |
901 | break; | 945 | break; |
902 | } | 946 | } |
903 | 947 | ||
904 | /* Strip pwd off beginning of non-absolute paths */ | 948 | /* Strip pwd off beginning of non-absolute paths */ |
905 | tmp = NULL; | 949 | tmp = NULL; |
906 | if (*path1 != '/') | 950 | if (*path1 != '/') |
907 | tmp = *pwd; | 951 | tmp = *pwd; |
908 | 952 | ||
909 | path1 = make_absolute(path1, *pwd); | 953 | path1 = make_absolute(path1, *pwd); |
910 | 954 | err = do_globbed_ls(conn, path1, tmp, lflag); | |
911 | do_globbed_ls(conn, path1, tmp, lflag); | ||
912 | break; | 955 | break; |
913 | case I_LCHDIR: | 956 | case I_LCHDIR: |
914 | if (chdir(path1) == -1) { | 957 | if (chdir(path1) == -1) { |
@@ -942,62 +985,70 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
942 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 985 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
943 | for (i = 0; g.gl_pathv[i]; i++) { | 986 | for (i = 0; g.gl_pathv[i]; i++) { |
944 | printf("Changing mode on %s\n", g.gl_pathv[i]); | 987 | printf("Changing mode on %s\n", g.gl_pathv[i]); |
945 | do_setstat(conn, g.gl_pathv[i], &a); | 988 | err = do_setstat(conn, g.gl_pathv[i], &a); |
989 | if (err != 0 && err_abort) | ||
990 | break; | ||
946 | } | 991 | } |
947 | break; | 992 | break; |
948 | case I_CHOWN: | 993 | case I_CHOWN: |
949 | path1 = make_absolute(path1, *pwd); | ||
950 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | ||
951 | for (i = 0; g.gl_pathv[i]; i++) { | ||
952 | if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) | ||
953 | continue; | ||
954 | if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { | ||
955 | error("Can't get current ownership of " | ||
956 | "remote file \"%s\"", g.gl_pathv[i]); | ||
957 | continue; | ||
958 | } | ||
959 | printf("Changing owner on %s\n", g.gl_pathv[i]); | ||
960 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; | ||
961 | aa->uid = n_arg; | ||
962 | do_setstat(conn, g.gl_pathv[i], aa); | ||
963 | } | ||
964 | break; | ||
965 | case I_CHGRP: | 994 | case I_CHGRP: |
966 | path1 = make_absolute(path1, *pwd); | 995 | path1 = make_absolute(path1, *pwd); |
967 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 996 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
968 | for (i = 0; g.gl_pathv[i]; i++) { | 997 | for (i = 0; g.gl_pathv[i]; i++) { |
969 | if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) | 998 | if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { |
970 | continue; | 999 | if (err != 0 && err_abort) |
1000 | break; | ||
1001 | else | ||
1002 | continue; | ||
1003 | } | ||
971 | if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { | 1004 | if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { |
972 | error("Can't get current ownership of " | 1005 | error("Can't get current ownership of " |
973 | "remote file \"%s\"", g.gl_pathv[i]); | 1006 | "remote file \"%s\"", g.gl_pathv[i]); |
974 | continue; | 1007 | if (err != 0 && err_abort) |
1008 | break; | ||
1009 | else | ||
1010 | continue; | ||
975 | } | 1011 | } |
976 | printf("Changing group on %s\n", g.gl_pathv[i]); | ||
977 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; | 1012 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; |
978 | aa->gid = n_arg; | 1013 | if (cmdnum == I_CHOWN) { |
979 | do_setstat(conn, g.gl_pathv[i], aa); | 1014 | printf("Changing owner on %s\n", g.gl_pathv[i]); |
1015 | aa->uid = n_arg; | ||
1016 | } else { | ||
1017 | printf("Changing group on %s\n", g.gl_pathv[i]); | ||
1018 | aa->gid = n_arg; | ||
1019 | } | ||
1020 | err = do_setstat(conn, g.gl_pathv[i], aa); | ||
1021 | if (err != 0 && err_abort) | ||
1022 | break; | ||
980 | } | 1023 | } |
981 | break; | 1024 | break; |
982 | case I_PWD: | 1025 | case I_PWD: |
983 | printf("Remote working directory: %s\n", *pwd); | 1026 | printf("Remote working directory: %s\n", *pwd); |
984 | break; | 1027 | break; |
985 | case I_LPWD: | 1028 | case I_LPWD: |
986 | if (!getcwd(path_buf, sizeof(path_buf))) | 1029 | if (!getcwd(path_buf, sizeof(path_buf))) { |
987 | error("Couldn't get local cwd: %s", | 1030 | error("Couldn't get local cwd: %s", strerror(errno)); |
988 | strerror(errno)); | 1031 | err = -1; |
989 | else | 1032 | break; |
990 | printf("Local working directory: %s\n", | 1033 | } |
991 | path_buf); | 1034 | printf("Local working directory: %s\n", path_buf); |
992 | break; | 1035 | break; |
993 | case I_QUIT: | 1036 | case I_QUIT: |
994 | return(-1); | 1037 | /* Processed below */ |
1038 | break; | ||
995 | case I_HELP: | 1039 | case I_HELP: |
996 | help(); | 1040 | help(); |
997 | break; | 1041 | break; |
998 | case I_VERSION: | 1042 | case I_VERSION: |
999 | printf("SFTP protocol version %u\n", sftp_proto_version(conn)); | 1043 | printf("SFTP protocol version %u\n", sftp_proto_version(conn)); |
1000 | break; | 1044 | break; |
1045 | case I_PROGRESS: | ||
1046 | showprogress = !showprogress; | ||
1047 | if (showprogress) | ||
1048 | printf("Progress meter enabled\n"); | ||
1049 | else | ||
1050 | printf("Progress meter disabled\n"); | ||
1051 | break; | ||
1001 | default: | 1052 | default: |
1002 | fatal("%d is not implemented", cmdnum); | 1053 | fatal("%d is not implemented", cmdnum); |
1003 | } | 1054 | } |
@@ -1009,20 +1060,23 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
1009 | if (path2) | 1060 | if (path2) |
1010 | xfree(path2); | 1061 | xfree(path2); |
1011 | 1062 | ||
1012 | /* If an error occurs in batch mode we should abort. */ | 1063 | /* If an unignored error occurs in batch mode we should abort. */ |
1013 | if (infile != stdin && err > 0) | 1064 | if (err_abort && err != 0) |
1014 | return -1; | 1065 | return (-1); |
1066 | else if (cmdnum == I_QUIT) | ||
1067 | return (1); | ||
1015 | 1068 | ||
1016 | return(0); | 1069 | return (0); |
1017 | } | 1070 | } |
1018 | 1071 | ||
1019 | void | 1072 | int |
1020 | interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | 1073 | interactive_loop(int fd_in, int fd_out, char *file1, char *file2) |
1021 | { | 1074 | { |
1022 | char *pwd; | 1075 | char *pwd; |
1023 | char *dir = NULL; | 1076 | char *dir = NULL; |
1024 | char cmd[2048]; | 1077 | char cmd[2048]; |
1025 | struct sftp_conn *conn; | 1078 | struct sftp_conn *conn; |
1079 | int err; | ||
1026 | 1080 | ||
1027 | conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); | 1081 | conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); |
1028 | if (conn == NULL) | 1082 | if (conn == NULL) |
@@ -1039,7 +1093,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1039 | if (remote_is_dir(conn, dir) && file2 == NULL) { | 1093 | if (remote_is_dir(conn, dir) && file2 == NULL) { |
1040 | printf("Changing to: %s\n", dir); | 1094 | printf("Changing to: %s\n", dir); |
1041 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); | 1095 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); |
1042 | parse_dispatch_command(conn, cmd, &pwd); | 1096 | if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) |
1097 | return (-1); | ||
1043 | } else { | 1098 | } else { |
1044 | if (file2 == NULL) | 1099 | if (file2 == NULL) |
1045 | snprintf(cmd, sizeof cmd, "get %s", dir); | 1100 | snprintf(cmd, sizeof cmd, "get %s", dir); |
@@ -1047,12 +1102,14 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1047 | snprintf(cmd, sizeof cmd, "get %s %s", dir, | 1102 | snprintf(cmd, sizeof cmd, "get %s %s", dir, |
1048 | file2); | 1103 | file2); |
1049 | 1104 | ||
1050 | parse_dispatch_command(conn, cmd, &pwd); | 1105 | err = parse_dispatch_command(conn, cmd, &pwd, 1); |
1051 | xfree(dir); | 1106 | xfree(dir); |
1052 | return; | 1107 | xfree(pwd); |
1108 | return (err); | ||
1053 | } | 1109 | } |
1054 | xfree(dir); | 1110 | xfree(dir); |
1055 | } | 1111 | } |
1112 | |||
1056 | #if HAVE_SETVBUF | 1113 | #if HAVE_SETVBUF |
1057 | setvbuf(stdout, NULL, _IOLBF, 0); | 1114 | setvbuf(stdout, NULL, _IOLBF, 0); |
1058 | setvbuf(infile, NULL, _IOLBF, 0); | 1115 | setvbuf(infile, NULL, _IOLBF, 0); |
@@ -1061,6 +1118,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1061 | setlinebuf(infile); | 1118 | setlinebuf(infile); |
1062 | #endif | 1119 | #endif |
1063 | 1120 | ||
1121 | err = 0; | ||
1064 | for (;;) { | 1122 | for (;;) { |
1065 | char *cp; | 1123 | char *cp; |
1066 | 1124 | ||
@@ -1077,8 +1135,13 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1077 | if (cp) | 1135 | if (cp) |
1078 | *cp = '\0'; | 1136 | *cp = '\0'; |
1079 | 1137 | ||
1080 | if (parse_dispatch_command(conn, cmd, &pwd)) | 1138 | err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin); |
1139 | if (err != 0) | ||
1081 | break; | 1140 | break; |
1082 | } | 1141 | } |
1083 | xfree(pwd); | 1142 | xfree(pwd); |
1143 | |||
1144 | /* err == 1 signifies normal "quit" exit */ | ||
1145 | return (err >= 0 ? 0 : -1); | ||
1084 | } | 1146 | } |
1147 | |||
diff --git a/sftp-int.h b/sftp-int.h index 976875812..8a04a03f6 100644 --- a/sftp-int.h +++ b/sftp-int.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-int.h,v 1.5 2002/02/13 00:59:23 djm Exp $ */ | 1 | /* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. |
@@ -24,4 +24,4 @@ | |||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 | */ | 25 | */ |
26 | 26 | ||
27 | void interactive_loop(int, int, char *, char *); | 27 | int interactive_loop(int, int, char *, char *); |
diff --git a/sftp-server.0 b/sftp-server.0 index 9b1f67541..1519dfdfc 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -1,27 +1,27 @@ | |||
1 | SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) | 1 | SFTPM-bM-^@M-^PSERVER(8) BSD System ManagerM-bM-^@M-^Ys Manual SFTPM-bM-^@M-^PSERVER(8) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | sftp-server - SFTP server subsystem | 4 | ^[[1msftpM-bM-^@M-^Pserver ^[[22mM-bMM-^R SFTP server subsystem |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | sftp-server | 7 | ^[[1msftpM-bM-^@M-^Pserver^[[0m |
8 | 8 | ||
9 | DESCRIPTION | 9 | ^[[1mDESCRIPTION^[[0m |
10 | sftp-server is a program that speaks the server side of SFTP protocol to | 10 | ^[[1msftpM-bM-^@M-^Pserver ^[[22mis a program that speaks the server side of SFTP protocol to |
11 | stdout and expects client requests from stdin. sftp-server is not | 11 | stdout and expects client requests from stdin. ^[[1msftpM-bM-^@M-^Pserver ^[[22mis not |
12 | intended to be called directly, but from sshd(8) using the Subsystem | 12 | intended to be called directly, but from sshd(8) using the ^[[1mSubsystem^[[0m |
13 | option. See sshd(8) for more information. | 13 | option. See sshd(8) for more information. |
14 | 14 | ||
15 | SEE ALSO | 15 | ^[[1mSEE ALSO^[[0m |
16 | sftp(1), ssh(1), sshd(8) | 16 | sftp(1), ssh(1), sshd(8) |
17 | 17 | ||
18 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 18 | T. Ylonen and S. Lehtinen, ^[[4mSSH^[[24m ^[[4mFile^[[24m ^[[4mTransfer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^P |
19 | filexfer-00.txt, January 2001, work in progress material. | 19 | filexferM-bM-^@M-^P00.txt, January 2001, work in progress material. |
20 | 20 | ||
21 | AUTHORS | 21 | ^[[1mAUTHORS^[[0m |
22 | Markus Friedl <markus@openbsd.org> | 22 | Markus Friedl <markus@openbsd.org> |
23 | 23 | ||
24 | HISTORY | 24 | ^[[1mHISTORY^[[0m |
25 | sftp-server first appeared in OpenBSD 2.8 . | 25 | ^[[1msftpM-bM-^@M-^Pserver ^[[22mfirst appeared in OpenBSD 2.8 . |
26 | 26 | ||
27 | BSD August 30, 2000 BSD | 27 | BSD August 30, 2000 BSD |
diff --git a/sftp-server.c b/sftp-server.c index 84264693d..9a66b4de7 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $"); | 25 | RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $"); |
26 | 26 | ||
27 | #include "buffer.h" | 27 | #include "buffer.h" |
28 | #include "bufaux.h" | 28 | #include "bufaux.h" |
@@ -158,7 +158,7 @@ handle_new(int use, char *name, int fd, DIR *dirp) | |||
158 | handles[i].use = use; | 158 | handles[i].use = use; |
159 | handles[i].dirp = dirp; | 159 | handles[i].dirp = dirp; |
160 | handles[i].fd = fd; | 160 | handles[i].fd = fd; |
161 | handles[i].name = name; | 161 | handles[i].name = xstrdup(name); |
162 | return i; | 162 | return i; |
163 | } | 163 | } |
164 | } | 164 | } |
@@ -230,9 +230,11 @@ handle_close(int handle) | |||
230 | if (handle_is_ok(handle, HANDLE_FILE)) { | 230 | if (handle_is_ok(handle, HANDLE_FILE)) { |
231 | ret = close(handles[handle].fd); | 231 | ret = close(handles[handle].fd); |
232 | handles[handle].use = HANDLE_UNUSED; | 232 | handles[handle].use = HANDLE_UNUSED; |
233 | xfree(handles[handle].name); | ||
233 | } else if (handle_is_ok(handle, HANDLE_DIR)) { | 234 | } else if (handle_is_ok(handle, HANDLE_DIR)) { |
234 | ret = closedir(handles[handle].dirp); | 235 | ret = closedir(handles[handle].dirp); |
235 | handles[handle].use = HANDLE_UNUSED; | 236 | handles[handle].use = HANDLE_UNUSED; |
237 | xfree(handles[handle].name); | ||
236 | } else { | 238 | } else { |
237 | errno = ENOENT; | 239 | errno = ENOENT; |
238 | } | 240 | } |
@@ -396,7 +398,7 @@ process_open(void) | |||
396 | if (fd < 0) { | 398 | if (fd < 0) { |
397 | status = errno_to_portable(errno); | 399 | status = errno_to_portable(errno); |
398 | } else { | 400 | } else { |
399 | handle = handle_new(HANDLE_FILE, xstrdup(name), fd, NULL); | 401 | handle = handle_new(HANDLE_FILE, name, fd, NULL); |
400 | if (handle < 0) { | 402 | if (handle < 0) { |
401 | close(fd); | 403 | close(fd); |
402 | } else { | 404 | } else { |
@@ -681,7 +683,7 @@ process_opendir(void) | |||
681 | if (dirp == NULL) { | 683 | if (dirp == NULL) { |
682 | status = errno_to_portable(errno); | 684 | status = errno_to_portable(errno); |
683 | } else { | 685 | } else { |
684 | handle = handle_new(HANDLE_DIR, xstrdup(path), 0, dirp); | 686 | handle = handle_new(HANDLE_DIR, path, 0, dirp); |
685 | if (handle < 0) { | 687 | if (handle < 0) { |
686 | closedir(dirp); | 688 | closedir(dirp); |
687 | } else { | 689 | } else { |
@@ -832,18 +834,32 @@ static void | |||
832 | process_rename(void) | 834 | process_rename(void) |
833 | { | 835 | { |
834 | u_int32_t id; | 836 | u_int32_t id; |
835 | struct stat st; | ||
836 | char *oldpath, *newpath; | 837 | char *oldpath, *newpath; |
837 | int ret, status = SSH2_FX_FAILURE; | 838 | int status; |
839 | struct stat sb; | ||
838 | 840 | ||
839 | id = get_int(); | 841 | id = get_int(); |
840 | oldpath = get_string(NULL); | 842 | oldpath = get_string(NULL); |
841 | newpath = get_string(NULL); | 843 | newpath = get_string(NULL); |
842 | TRACE("rename id %u old %s new %s", id, oldpath, newpath); | 844 | TRACE("rename id %u old %s new %s", id, oldpath, newpath); |
843 | /* fail if 'newpath' exists */ | 845 | status = SSH2_FX_FAILURE; |
844 | if (stat(newpath, &st) == -1) { | 846 | if (lstat(oldpath, &sb) == -1) |
845 | ret = rename(oldpath, newpath); | 847 | status = errno_to_portable(errno); |
846 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 848 | else if (S_ISREG(sb.st_mode)) { |
849 | /* Race-free rename of regular files */ | ||
850 | if (link(oldpath, newpath) == -1) | ||
851 | status = errno_to_portable(errno); | ||
852 | else if (unlink(oldpath) == -1) { | ||
853 | status = errno_to_portable(errno); | ||
854 | /* clean spare link */ | ||
855 | unlink(newpath); | ||
856 | } else | ||
857 | status = SSH2_FX_OK; | ||
858 | } else if (stat(newpath, &sb) == -1) { | ||
859 | if (rename(oldpath, newpath) == -1) | ||
860 | status = errno_to_portable(errno); | ||
861 | else | ||
862 | status = SSH2_FX_OK; | ||
847 | } | 863 | } |
848 | send_status(id, status); | 864 | send_status(id, status); |
849 | xfree(oldpath); | 865 | xfree(oldpath); |
@@ -878,19 +894,16 @@ static void | |||
878 | process_symlink(void) | 894 | process_symlink(void) |
879 | { | 895 | { |
880 | u_int32_t id; | 896 | u_int32_t id; |
881 | struct stat st; | ||
882 | char *oldpath, *newpath; | 897 | char *oldpath, *newpath; |
883 | int ret, status = SSH2_FX_FAILURE; | 898 | int ret, status; |
884 | 899 | ||
885 | id = get_int(); | 900 | id = get_int(); |
886 | oldpath = get_string(NULL); | 901 | oldpath = get_string(NULL); |
887 | newpath = get_string(NULL); | 902 | newpath = get_string(NULL); |
888 | TRACE("symlink id %u old %s new %s", id, oldpath, newpath); | 903 | TRACE("symlink id %u old %s new %s", id, oldpath, newpath); |
889 | /* fail if 'newpath' exists */ | 904 | /* this will fail if 'newpath' exists */ |
890 | if (stat(newpath, &st) == -1) { | 905 | ret = symlink(oldpath, newpath); |
891 | ret = symlink(oldpath, newpath); | 906 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
892 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | ||
893 | } | ||
894 | send_status(id, status); | 907 | send_status(id, status); |
895 | xfree(oldpath); | 908 | xfree(oldpath); |
896 | xfree(newpath); | 909 | xfree(newpath); |
@@ -1,171 +1,180 @@ | |||
1 | SFTP(1) System General Commands Manual SFTP(1) | 1 | SFTP(1) BSD General Commands Manual SFTP(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | sftp - Secure file transfer program | 4 | ^[[1msftp ^[[22mM-bMM-^R Secure file transfer program |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | sftp [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server] | 7 | ^[[1msftp ^[[22m[^[[1mM-bMM-^RvC1^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbatchfile^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[24m] [^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[24m] |
8 | [-B buffer_size] [-F ssh_config] [-P sftp_server path] | 8 | [^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[24m] [^[[1mM-bMM-^RP ^[[4m^[[22msftp_server^[[24m ^[[4mpath^[[24m] |
9 | [-R num_requests] [-S program] host | 9 | [^[[1mM-bMM-^RR ^[[4m^[[22mnum_requests^[[24m] [^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[24m] ^[[4mhost^[[0m |
10 | sftp [[user@]host[:file [file]]] | 10 | ^[[1msftp ^[[22m[[^[[4muser^[[24m@]^[[4mhost^[[24m[:^[[4mfile^[[24m [^[[4mfile^[[24m]]] |
11 | sftp [[user@]host[:dir[/]]] | 11 | ^[[1msftp ^[[22m[[^[[4muser^[[24m@]^[[4mhost^[[24m[:^[[4mdir^[[24m[^[[4m/^[[24m]]] |
12 | 12 | ||
13 | DESCRIPTION | 13 | ^[[1mDESCRIPTION^[[0m |
14 | sftp is an interactive file transfer program, similar to ftp(1), which | 14 | ^[[1msftp ^[[22mis an interactive file transfer program, similar to ftp(1), which |
15 | performs all operations over an encrypted ssh(1) transport. It may also | 15 | performs all operations over an encrypted ssh(1) transport. It may also |
16 | use many features of ssh, such as public key authentication and compresM-- | 16 | use many features of ssh, such as public key authentication and compresM-bM-^@M-^P |
17 | sion. sftp connects and logs into the specified host, then enters an | 17 | sion. ^[[1msftp ^[[22mconnects and logs into the specified ^[[4mhost^[[24m, then enters an |
18 | interactive command mode. | 18 | interactive command mode. |
19 | 19 | ||
20 | The second usage format will retrieve files automatically if a non-interM-- | 20 | The second usage format will retrieve files automatically if a nonM-bM-^@M-^PinterM-bM-^@M-^P |
21 | active authentication method is used; otherwise it will do so after sucM-- | 21 | active authentication method is used; otherwise it will do so after sucM-bM-^@M-^P |
22 | cessful interactive authentication. | 22 | cessful interactive authentication. |
23 | 23 | ||
24 | The last usage format allows the sftp client to start in a remote direcM-- | 24 | The last usage format allows the sftp client to start in a remote direcM-bM-^@M-^P |
25 | tory. | 25 | tory. |
26 | 26 | ||
27 | The options are as follows: | 27 | The options are as follows: |
28 | 28 | ||
29 | -b batchfile | 29 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbatchfile^[[0m |
30 | Batch mode reads a series of commands from an input batchfile | 30 | Batch mode reads a series of commands from an input ^[[4mbatchfile^[[0m |
31 | instead of stdin. Since it lacks user interaction it should be | 31 | instead of ^[[4mstdin^[[24m. Since it lacks user interaction it should be |
32 | used in conjunction with non-interactive authentication. sftp | 32 | used in conjunction with nonM-bM-^@M-^Pinteractive authentication. ^[[1msftp^[[0m |
33 | will abort if any of the following commands fail: get, put, | 33 | will abort if any of the following commands fail: ^[[1mget^[[22m, ^[[1mput^[[22m, |
34 | rename, ln, rm, mkdir, chdir, lchdir and lmkdir. | 34 | ^[[1mrename^[[22m, ^[[1mln^[[22m, ^[[1mrm^[[22m, ^[[1mmkdir^[[22m, ^[[1mchdir^[[22m, ^[[1mls^[[22m, ^[[1mlchdir^[[22m, ^[[1mchmod^[[22m, ^[[1mchown^[[22m, ^[[1mchgrp^[[22m, |
35 | 35 | ^[[1mlpwd ^[[22mand ^[[1mlmkdir^[[22m. Termination on error can be suppressed on a | |
36 | -o ssh_option | 36 | command by command basis by prefixing the command with a ^[[1mM-bM-^@M-^YM-bM-^@M-^PM-bM-^@M-^Y^[[0m |
37 | Can be used to pass options to ssh in the format used in | 37 | character (For example, ^[[1mM-bM-^@M-^Prm /tmp/blah* ^[[22m). |
38 | |||
39 | ^[[1mM-bMM-^Ro ^[[4m^[[22mssh_option^[[0m | ||
40 | Can be used to pass options to ^[[1mssh ^[[22min the format used in | ||
38 | ssh_config(5). This is useful for specifying options for which | 41 | ssh_config(5). This is useful for specifying options for which |
39 | there is no separate sftp command-line flag. For example, to | 42 | there is no separate ^[[1msftp ^[[22mcommandM-bM-^@M-^Pline flag. For example, to |
40 | specify an alternate port use: sftp -oPort=24. | 43 | specify an alternate port use: ^[[1msftp M-bM-^@M-^PoPort=24^[[22m. |
41 | 44 | ||
42 | -s subsystem | sftp_server | 45 | ^[[1mM-bMM-^Rs ^[[4m^[[22msubsystem^[[24m | ^[[4msftp_server^[[0m |
43 | Specifies the SSH2 subsystem or the path for an sftp server on | 46 | Specifies the SSH2 subsystem or the path for an sftp server on |
44 | the remote host. A path is useful for using sftp over protocol | 47 | the remote host. A path is useful for using sftp over protocol |
45 | version 1, or when the remote sshd does not have an sftp subsysM-- | 48 | version 1, or when the remote ^[[1msshd ^[[22mdoes not have an sftp subsysM-bM-^@M-^P |
46 | tem configured. | 49 | tem configured. |
47 | 50 | ||
48 | -v Raise logging level. This option is also passed to ssh. | 51 | ^[[1mM-bMM-^Rv ^[[22mRaise logging level. This option is also passed to ssh. |
49 | 52 | ||
50 | -B buffer_size | 53 | ^[[1mM-bMM-^RB ^[[4m^[[22mbuffer_size^[[0m |
51 | Specify the size of the buffer that sftp uses when transferring | 54 | Specify the size of the buffer that ^[[1msftp ^[[22muses when transferring |
52 | files. Larger buffers require fewer round trips at the cost of | 55 | files. Larger buffers require fewer round trips at the cost of |
53 | higher memory consumption. The default is 32768 bytes. | 56 | higher memory consumption. The default is 32768 bytes. |
54 | 57 | ||
55 | -C Enables compression (via ssh's -C flag). | 58 | ^[[1mM-bMM-^RC ^[[22mEnables compression (via sshM-bM-^@M-^Ys ^[[1mM-bMM-^RC ^[[22mflag). |
56 | 59 | ||
57 | -F ssh_config | 60 | ^[[1mM-bMM-^RF ^[[4m^[[22mssh_config^[[0m |
58 | Specifies an alternative per-user configuration file for ssh. | 61 | Specifies an alternative perM-bM-^@M-^Puser configuration file for ^[[1mssh^[[22m. |
59 | This option is directly passed to ssh(1). | 62 | This option is directly passed to ssh(1). |
60 | 63 | ||
61 | -P sftp_server path | 64 | ^[[1mM-bMM-^RP ^[[4m^[[22msftp_server^[[24m ^[[4mpath^[[0m |
62 | Connect directly to a local sftp-server (rather than via ssh) | 65 | Connect directly to a local ^[[1msftpM-bM-^@M-^Pserver ^[[22m(rather than via ^[[1mssh^[[22m) |
63 | This option may be useful in debugging the client and server. | 66 | This option may be useful in debugging the client and server. |
64 | 67 | ||
65 | -R num_requests | 68 | ^[[1mM-bMM-^RR ^[[4m^[[22mnum_requests^[[0m |
66 | Specify how many requests may be outstanding at any one time. | 69 | Specify how many requests may be outstanding at any one time. |
67 | Increasing this may slightly improve file transfer speed but will | 70 | Increasing this may slightly improve file transfer speed but will |
68 | increase memory usage. The default is 16 outstanding requests. | 71 | increase memory usage. The default is 16 outstanding requests. |
69 | 72 | ||
70 | -S program | 73 | ^[[1mM-bMM-^RS ^[[4m^[[22mprogram^[[0m |
71 | Name of the program to use for the encrypted connection. The | 74 | Name of the ^[[4mprogram^[[24m to use for the encrypted connection. The |
72 | program must understand ssh(1) options. | 75 | program must understand ssh(1) options. |
73 | 76 | ||
74 | -1 Specify the use of protocol version 1. | 77 | ^[[1mM-bMM-^R1 ^[[22mSpecify the use of protocol version 1. |
75 | 78 | ||
76 | INTERACTIVE COMMANDS | 79 | ^[[1mINTERACTIVE COMMANDS^[[0m |
77 | Once in interactive mode, sftp understands a set of commands similar to | 80 | Once in interactive mode, ^[[1msftp ^[[22munderstands a set of commands similar to |
78 | those of ftp(1). Commands are case insensitive and pathnames may be | 81 | those of ftp(1). Commands are case insensitive and pathnames may be |
79 | enclosed in quotes if they contain spaces. | 82 | enclosed in quotes if they contain spaces. |
80 | 83 | ||
81 | bye Quit sftp. | 84 | ^[[1mbye ^[[22mQuit sftp. |
82 | 85 | ||
83 | cd path | 86 | ^[[1mcd ^[[4m^[[22mpath^[[0m |
84 | Change remote directory to path. | 87 | Change remote directory to ^[[4mpath^[[24m. |
85 | 88 | ||
86 | lcd path | 89 | ^[[1mlcd ^[[4m^[[22mpath^[[0m |
87 | Change local directory to path. | 90 | Change local directory to ^[[4mpath^[[24m. |
88 | 91 | ||
89 | chgrp grp path | 92 | ^[[1mchgrp ^[[4m^[[22mgrp^[[24m ^[[4mpath^[[0m |
90 | Change group of file path to grp. grp must be a numeric GID. | 93 | Change group of file ^[[4mpath^[[24m to ^[[4mgrp^[[24m. ^[[4mgrp^[[24m must be a numeric GID. |
91 | 94 | ||
92 | chmod mode path | 95 | ^[[1mchmod ^[[4m^[[22mmode^[[24m ^[[4mpath^[[0m |
93 | Change permissions of file path to mode. | 96 | Change permissions of file ^[[4mpath^[[24m to ^[[4mmode^[[24m. |
94 | 97 | ||
95 | chown own path | 98 | ^[[1mchown ^[[4m^[[22mown^[[24m ^[[4mpath^[[0m |
96 | Change owner of file path to own. own must be a numeric UID. | 99 | Change owner of file ^[[4mpath^[[24m to ^[[4mown^[[24m. ^[[4mown^[[24m must be a numeric UID. |
97 | 100 | ||
98 | exit Quit sftp. | 101 | ^[[1mexit ^[[22mQuit sftp. |
99 | 102 | ||
100 | get [flags] remote-path [local-path] | 103 | ^[[1mget ^[[22m[^[[4mflags^[[24m] ^[[4mremoteM-bM-^@M-^Ppath^[[24m [^[[4mlocalM-bM-^@M-^Ppath^[[24m] |
101 | Retrieve the remote-path and store it on the local machine. If | 104 | Retrieve the ^[[4mremoteM-bM-^@M-^Ppath^[[24m and store it on the local machine. If |
102 | the local path name is not specified, it is given the same name | 105 | the local path name is not specified, it is given the same name |
103 | it has on the remote machine. If the -P flag is specified, then | 106 | it has on the remote machine. If the ^[[1mM-bMM-^RP ^[[22mflag is specified, then |
104 | the file's full permission and access time are copied too. | 107 | the fileM-bM-^@M-^Ys full permission and access time are copied too. |
105 | 108 | ||
106 | help Display help text. | 109 | ^[[1mhelp ^[[22mDisplay help text. |
107 | 110 | ||
108 | lls [ls-options [path]] | 111 | ^[[1mlls ^[[22m[^[[4mlsM-bM-^@M-^Poptions^[[24m [^[[4mpath^[[24m]] |
109 | Display local directory listing of either path or current direcM-- | 112 | Display local directory listing of either ^[[4mpath^[[24m or current direcM-bM-^@M-^P |
110 | tory if path is not specified. | 113 | tory if ^[[4mpath^[[24m is not specified. |
111 | 114 | ||
112 | lmkdir path | 115 | ^[[1mlmkdir ^[[4m^[[22mpath^[[0m |
113 | Create local directory specified by path. | 116 | Create local directory specified by ^[[4mpath^[[24m. |
114 | 117 | ||
115 | ln oldpath newpath | 118 | ^[[1mln ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m |
116 | Create a symbolic link from oldpath to newpath. | 119 | Create a symbolic link from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m. |
117 | 120 | ||
118 | lpwd Print local working directory. | 121 | ^[[1mlpwd ^[[22mPrint local working directory. |
119 | 122 | ||
120 | ls [flags] [path] | 123 | ^[[1mls ^[[22m[^[[4mflags^[[24m] [^[[4mpath^[[24m] |
121 | Display remote directory listing of either path or current direcM-- | 124 | Display remote directory listing of either ^[[4mpath^[[24m or current direcM-bM-^@M-^P |
122 | tory if path is not specified. If the -l flag is specified, then | 125 | tory if ^[[4mpath^[[24m is not specified. If the ^[[1mM-bMM-^Rl ^[[22mflag is specified, then |
123 | display additional details including permissions and ownership | 126 | display additional details including permissions and ownership |
124 | information. | 127 | information. |
125 | 128 | ||
126 | lumask umask | 129 | ^[[1mlumask ^[[4m^[[22mumask^[[0m |
127 | Set local umask to umask. | 130 | Set local umask to ^[[4mumask^[[24m. |
131 | |||
132 | ^[[1mmkdir ^[[4m^[[22mpath^[[0m | ||
133 | Create remote directory specified by ^[[4mpath^[[24m. | ||
128 | 134 | ||
129 | mkdir path | 135 | ^[[1mprogress^[[0m |
130 | Create remote directory specified by path. | 136 | Toggle display of progress meter. |
131 | 137 | ||
132 | put [flags] local-path [local-path] | 138 | ^[[1mput ^[[22m[^[[4mflags^[[24m] ^[[4mlocalM-bM-^@M-^Ppath^[[24m [^[[4mremoteM-bM-^@M-^Ppath^[[24m] |
133 | Upload local-path and store it on the remote machine. If the | 139 | Upload ^[[4mlocalM-bM-^@M-^Ppath^[[24m and store it on the remote machine. If the |
134 | remote path name is not specified, it is given the same name it | 140 | remote path name is not specified, it is given the same name it |
135 | has on the local machine. If the -P flag is specified, then the | 141 | has on the local machine. If the ^[[1mM-bMM-^RP ^[[22mflag is specified, then the |
136 | file's full permission and access time are copied too. | 142 | fileM-bM-^@M-^Ys full permission and access time are copied too. |
143 | |||
144 | ^[[1mpwd ^[[22mDisplay remote working directory. | ||
137 | 145 | ||
138 | pwd Display remote working directory. | 146 | ^[[1mquit ^[[22mQuit sftp. |
139 | 147 | ||
140 | quit Quit sftp. | 148 | ^[[1mrename ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m |
149 | Rename remote file from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m. | ||
141 | 150 | ||
142 | rename oldpath newpath | 151 | ^[[1mrmdir ^[[4m^[[22mpath^[[0m |
143 | Rename remote file from oldpath to newpath. | 152 | Remove remote directory specified by ^[[4mpath^[[24m. |
144 | 153 | ||
145 | rmdir path | 154 | ^[[1mrm ^[[4m^[[22mpath^[[0m |
146 | Remove remote directory specified by path. | 155 | Delete remote file specified by ^[[4mpath^[[24m. |
147 | 156 | ||
148 | rm path | 157 | ^[[1msymlink ^[[4m^[[22moldpath^[[24m ^[[4mnewpath^[[0m |
149 | Delete remote file specified by path. | 158 | Create a symbolic link from ^[[4moldpath^[[24m to ^[[4mnewpath^[[24m. |
150 | 159 | ||
151 | symlink oldpath newpath | 160 | ^[[1mversion^[[0m |
152 | Create a symbolic link from oldpath to newpath. | 161 | Display the ^[[1msftp ^[[22mprotocol version. |
153 | 162 | ||
154 | ! command | 163 | ! ^[[4mcommand^[[0m |
155 | Execute command in local shell. | 164 | Execute ^[[4mcommand^[[24m in local shell. |
156 | 165 | ||
157 | ! Escape to local shell. | 166 | ! Escape to local shell. |
158 | 167 | ||
159 | ? Synonym for help. | 168 | ? Synonym for help. |
160 | 169 | ||
161 | AUTHORS | 170 | ^[[1mAUTHORS^[[0m |
162 | Damien Miller <djm@mindrot.org> | 171 | Damien Miller <djm@mindrot.org> |
163 | 172 | ||
164 | SEE ALSO | 173 | ^[[1mSEE ALSO^[[0m |
165 | scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sftp-server(8), | 174 | scp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), ssh_config(5), sftpM-bM-^@M-^Pserver(8), |
166 | sshd(8) | 175 | sshd(8) |
167 | 176 | ||
168 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 177 | T. Ylonen and S. Lehtinen, ^[[4mSSH^[[24m ^[[4mFile^[[24m ^[[4mTransfer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^P |
169 | filexfer-00.txt, January 2001, work in progress material. | 178 | filexferM-bM-^@M-^P00.txt, January 2001, work in progress material. |
170 | 179 | ||
171 | BSD February 4, 2001 BSD | 180 | BSD February 4, 2001 BSD |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.40 2003/01/10 08:19:07 fgsch Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -77,9 +77,16 @@ non-interactive authentication. | |||
77 | will abort if any of the following | 77 | will abort if any of the following |
78 | commands fail: | 78 | commands fail: |
79 | .Ic get , put , rename , ln , | 79 | .Ic get , put , rename , ln , |
80 | .Ic rm , mkdir , chdir , lchdir | 80 | .Ic rm , mkdir , chdir , ls , |
81 | .Ic lchdir , chmod , chown , chgrp , lpwd | ||
81 | and | 82 | and |
82 | .Ic lmkdir . | 83 | .Ic lmkdir . |
84 | Termination on error can be suppressed on a command by command basis by | ||
85 | prefixing the command with a | ||
86 | .Ic '-' | ||
87 | character (For example, | ||
88 | .Ic -rm /tmp/blah* | ||
89 | ). | ||
83 | .It Fl o Ar ssh_option | 90 | .It Fl o Ar ssh_option |
84 | Can be used to pass options to | 91 | Can be used to pass options to |
85 | .Nm ssh | 92 | .Nm ssh |
@@ -221,10 +228,12 @@ Set local umask to | |||
221 | .It Ic mkdir Ar path | 228 | .It Ic mkdir Ar path |
222 | Create remote directory specified by | 229 | Create remote directory specified by |
223 | .Ar path . | 230 | .Ar path . |
231 | .It Ic progress | ||
232 | Toggle display of progress meter. | ||
224 | .It Xo Ic put | 233 | .It Xo Ic put |
225 | .Op Ar flags | 234 | .Op Ar flags |
226 | .Ar local-path | 235 | .Ar local-path |
227 | .Op Ar local-path | 236 | .Op Ar remote-path |
228 | .Xc | 237 | .Xc |
229 | Upload | 238 | Upload |
230 | .Ar local-path | 239 | .Ar local-path |
@@ -253,6 +262,10 @@ Create a symbolic link from | |||
253 | .Ar oldpath | 262 | .Ar oldpath |
254 | to | 263 | to |
255 | .Ar newpath . | 264 | .Ar newpath . |
265 | .It Ic version | ||
266 | Display the | ||
267 | .Nm | ||
268 | protocol version. | ||
256 | .It Ic ! Ar command | 269 | .It Ic ! Ar command |
257 | Execute | 270 | Execute |
258 | .Ar command | 271 | .Ar command |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $"); | 27 | RCSID("$OpenBSD: sftp.c,v 1.34 2003/01/10 08:19:07 fgsch Exp $"); |
28 | 28 | ||
29 | /* XXX: short-form remote directory listings (like 'ls -C') */ | 29 | /* XXX: short-form remote directory listings (like 'ls -C') */ |
30 | 30 | ||
@@ -49,6 +49,8 @@ FILE* infile; | |||
49 | size_t copy_buffer_len = 32768; | 49 | size_t copy_buffer_len = 32768; |
50 | size_t num_requests = 16; | 50 | size_t num_requests = 16; |
51 | 51 | ||
52 | extern int showprogress; | ||
53 | |||
52 | static void | 54 | static void |
53 | connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) | 55 | connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) |
54 | { | 56 | { |
@@ -108,7 +110,7 @@ usage(void) | |||
108 | int | 110 | int |
109 | main(int argc, char **argv) | 111 | main(int argc, char **argv) |
110 | { | 112 | { |
111 | int in, out, ch; | 113 | int in, out, ch, err; |
112 | pid_t sshpid; | 114 | pid_t sshpid; |
113 | char *host, *userhost, *cp, *file2; | 115 | char *host, *userhost, *cp, *file2; |
114 | int debug_level = 0, sshver = 2; | 116 | int debug_level = 0, sshver = 2; |
@@ -162,6 +164,7 @@ main(int argc, char **argv) | |||
162 | fatal("%s (%s).", strerror(errno), optarg); | 164 | fatal("%s (%s).", strerror(errno), optarg); |
163 | } else | 165 | } else |
164 | fatal("Filename already specified."); | 166 | fatal("Filename already specified."); |
167 | showprogress = 0; | ||
165 | break; | 168 | break; |
166 | case 'P': | 169 | case 'P': |
167 | sftp_direct = optarg; | 170 | sftp_direct = optarg; |
@@ -197,7 +200,7 @@ main(int argc, char **argv) | |||
197 | file1 = cp; | 200 | file1 = cp; |
198 | } | 201 | } |
199 | 202 | ||
200 | if ((host = strchr(userhost, '@')) == NULL) | 203 | if ((host = strrchr(userhost, '@')) == NULL) |
201 | host = userhost; | 204 | host = userhost; |
202 | else { | 205 | else { |
203 | *host++ = '\0'; | 206 | *host++ = '\0'; |
@@ -237,7 +240,7 @@ main(int argc, char **argv) | |||
237 | &sshpid); | 240 | &sshpid); |
238 | } | 241 | } |
239 | 242 | ||
240 | interactive_loop(in, out, file1, file2); | 243 | err = interactive_loop(in, out, file1, file2); |
241 | 244 | ||
242 | #if !defined(USE_PIPES) | 245 | #if !defined(USE_PIPES) |
243 | shutdown(in, SHUT_RDWR); | 246 | shutdown(in, SHUT_RDWR); |
@@ -254,5 +257,5 @@ main(int argc, char **argv) | |||
254 | fatal("Couldn't wait for ssh process: %s", | 257 | fatal("Couldn't wait for ssh process: %s", |
255 | strerror(errno)); | 258 | strerror(errno)); |
256 | 259 | ||
257 | exit(0); | 260 | exit(err == 0 ? 0 : 1); |
258 | } | 261 | } |
@@ -1,54 +1,60 @@ | |||
1 | SSH-ADD(1) System General Commands Manual SSH-ADD(1) | 1 | SSHM-bM-^@M-^PADD(1) BSD General Commands Manual SSHM-bM-^@M-^PADD(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-add - adds RSA or DSA identities to the authentication agent | 4 | ^[[1msshM-bM-^@M-^Padd ^[[22mM-bMM-^R adds RSA or DSA identities to the authentication agent |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-add [-lLdDxX] [-t life] [file ...] | 7 | ^[[1msshM-bM-^@M-^Padd ^[[22m[^[[1mM-bMM-^RlLdDxXc^[[22m] [^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[24m] [^[[4mfile^[[24m ^[[4m...^[[24m] |
8 | ssh-add -s reader | 8 | ^[[1msshM-bM-^@M-^Padd M-bMM-^Rs ^[[4m^[[22mreader^[[0m |
9 | ssh-add -e reader | 9 | ^[[1msshM-bM-^@M-^Padd M-bMM-^Re ^[[4m^[[22mreader^[[0m |
10 | 10 | ||
11 | DESCRIPTION | 11 | ^[[1mDESCRIPTION^[[0m |
12 | ssh-add adds RSA or DSA identities to the authentication agent, | 12 | ^[[1msshM-bM-^@M-^Padd ^[[22madds RSA or DSA identities to the authentication agent, |
13 | ssh-agent(1). When run without arguments, it adds the files | 13 | sshM-bM-^@M-^Pagent(1). When run without arguments, it adds the files |
14 | $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. AlternaM-- | 14 | ^[[4m$HOME/.ssh/id_rsa^[[24m, ^[[4m$HOME/.ssh/id_dsa^[[24m and ^[[4m$HOME/.ssh/identity^[[24m. AlternaM-bM-^@M-^P |
15 | tive file names can be given on the command line. If any file requires a | 15 | tive file names can be given on the command line. If any file requires a |
16 | passphrase, ssh-add asks for the passphrase from the user. The | 16 | passphrase, ^[[1msshM-bM-^@M-^Padd ^[[22masks for the passphrase from the user. The |
17 | passphrase is read from the user's tty. ssh-add retries the last | 17 | passphrase is read from the userM-bM-^@M-^Ys tty. ^[[1msshM-bM-^@M-^Padd ^[[22mretries the last |
18 | passphrase if multiple identity files are given. | 18 | passphrase if multiple identity files are given. |
19 | 19 | ||
20 | The authentication agent must be running and must be an ancestor of the | 20 | The authentication agent must be running and must be an ancestor of the |
21 | current process for ssh-add to work. | 21 | current process for ^[[1msshM-bM-^@M-^Padd ^[[22mto work. |
22 | 22 | ||
23 | The options are as follows: | 23 | The options are as follows: |
24 | 24 | ||
25 | -l Lists fingerprints of all identities currently represented by the | 25 | ^[[1mM-bMM-^Rl ^[[22mLists fingerprints of all identities currently represented by the |
26 | agent. | 26 | agent. |
27 | 27 | ||
28 | -L Lists public key parameters of all identities currently repreM-- | 28 | ^[[1mM-bMM-^RL ^[[22mLists public key parameters of all identities currently repreM-bM-^@M-^P |
29 | sented by the agent. | 29 | sented by the agent. |
30 | 30 | ||
31 | -d Instead of adding the identity, removes the identity from the | 31 | ^[[1mM-bMM-^Rd ^[[22mInstead of adding the identity, removes the identity from the |
32 | agent. | 32 | agent. |
33 | 33 | ||
34 | -D Deletes all identities from the agent. | 34 | ^[[1mM-bMM-^RD ^[[22mDeletes all identities from the agent. |
35 | 35 | ||
36 | -x Lock the agent with a password. | 36 | ^[[1mM-bMM-^Rx ^[[22mLock the agent with a password. |
37 | 37 | ||
38 | -X Unlock the agent. | 38 | ^[[1mM-bMM-^RX ^[[22mUnlock the agent. |
39 | 39 | ||
40 | -t life | 40 | ^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[0m |
41 | Set a maximum lifetime when adding identities to an agent. The | 41 | Set a maximum lifetime when adding identities to an agent. The |
42 | lifetime may be specified in seconds or in a time format speciM-- | 42 | lifetime may be specified in seconds or in a time format speciM-bM-^@M-^P |
43 | fied in sshd(8). | 43 | fied in sshd_config(5). |
44 | 44 | ||
45 | -s reader | 45 | ^[[1mM-bMM-^Rc ^[[22mIndicates that added identities should be subject to confirmation |
46 | Add key in smartcard reader. | 46 | before being used for authentication. Confirmation is performed |
47 | by the SSH_ASKPASS program mentioned below. Successful confirmaM-bM-^@M-^P | ||
48 | tion is signaled by a zero exit status from the SSH_ASKPASS proM-bM-^@M-^P | ||
49 | gram, rather than text entered into the requester. | ||
47 | 50 | ||
48 | -e reader | 51 | ^[[1mM-bMM-^Rs ^[[4m^[[22mreader^[[0m |
49 | Remove key in smartcard reader. | 52 | Add key in smartcard ^[[4mreader^[[24m. |
50 | 53 | ||
51 | FILES | 54 | ^[[1mM-bMM-^Re ^[[4m^[[22mreader^[[0m |
55 | Remove key in smartcard ^[[4mreader^[[24m. | ||
56 | |||
57 | ^[[1mFILES^[[0m | ||
52 | $HOME/.ssh/identity | 58 | $HOME/.ssh/identity |
53 | Contains the protocol version 1 RSA authentication identity of | 59 | Contains the protocol version 1 RSA authentication identity of |
54 | the user. | 60 | the user. |
@@ -62,35 +68,35 @@ FILES | |||
62 | the user. | 68 | the user. |
63 | 69 | ||
64 | Identity files should not be readable by anyone but the user. Note that | 70 | Identity files should not be readable by anyone but the user. Note that |
65 | ssh-add ignores identity files if they are accessible by others. | 71 | ^[[1msshM-bM-^@M-^Padd ^[[22mignores identity files if they are accessible by others. |
66 | 72 | ||
67 | ENVIRONMENT | 73 | ^[[1mENVIRONMENT^[[0m |
68 | DISPLAY and SSH_ASKPASS | 74 | DISPLAY and SSH_ASKPASS |
69 | If ssh-add needs a passphrase, it will read the passphrase from | 75 | If ^[[1msshM-bM-^@M-^Padd ^[[22mneeds a passphrase, it will read the passphrase from |
70 | the current terminal if it was run from a terminal. If ssh-add | 76 | the current terminal if it was run from a terminal. If ^[[1msshM-bM-^@M-^Padd^[[0m |
71 | does not have a terminal associated with it but DISPLAY and | 77 | does not have a terminal associated with it but DISPLAY and |
72 | SSH_ASKPASS are set, it will execute the program specified by | 78 | SSH_ASKPASS are set, it will execute the program specified by |
73 | SSH_ASKPASS and open an X11 window to read the passphrase. This | 79 | SSH_ASKPASS and open an X11 window to read the passphrase. This |
74 | is particularly useful when calling ssh-add from a .Xsession or | 80 | is particularly useful when calling ^[[1msshM-bM-^@M-^Padd ^[[22mfrom a ^[[4m.Xsession^[[24m or |
75 | related script. (Note that on some machines it may be necessary | 81 | related script. (Note that on some machines it may be necessary |
76 | to redirect the input from /dev/null to make this work.) | 82 | to redirect the input from ^[[4m/dev/null^[[24m to make this work.) |
77 | 83 | ||
78 | SSH_AUTH_SOCK | 84 | SSH_AUTH_SOCK |
79 | Identifies the path of a unix-domain socket used to communicate | 85 | Identifies the path of a unixM-bM-^@M-^Pdomain socket used to communicate |
80 | with the agent. | 86 | with the agent. |
81 | 87 | ||
82 | DIAGNOSTICS | 88 | ^[[1mDIAGNOSTICS^[[0m |
83 | Exit status is 0 on success, 1 if the specified command fails, and 2 if | 89 | Exit status is 0 on success, 1 if the specified command fails, and 2 if |
84 | ssh-add is unable to contact the authentication agent. | 90 | ^[[1msshM-bM-^@M-^Padd ^[[22mis unable to contact the authentication agent. |
85 | 91 | ||
86 | AUTHORS | 92 | ^[[1mAUTHORS^[[0m |
87 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 93 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
88 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 94 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
89 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 95 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
90 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 96 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
91 | versions 1.5 and 2.0. | 97 | versions 1.5 and 2.0. |
92 | 98 | ||
93 | SEE ALSO | 99 | ^[[1mSEE ALSO^[[0m |
94 | ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8) | 100 | ssh(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), sshd(8) |
95 | 101 | ||
96 | BSD September 25, 1999 BSD | 102 | BSD September 25, 1999 BSD |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.37 2003/02/10 11:51:47 markus Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -45,7 +45,7 @@ | |||
45 | .Nd adds RSA or DSA identities to the authentication agent | 45 | .Nd adds RSA or DSA identities to the authentication agent |
46 | .Sh SYNOPSIS | 46 | .Sh SYNOPSIS |
47 | .Nm ssh-add | 47 | .Nm ssh-add |
48 | .Op Fl lLdDxX | 48 | .Op Fl lLdDxXc |
49 | .Op Fl t Ar life | 49 | .Op Fl t Ar life |
50 | .Op Ar | 50 | .Op Ar |
51 | .Nm ssh-add | 51 | .Nm ssh-add |
@@ -92,7 +92,15 @@ Unlock the agent. | |||
92 | Set a maximum lifetime when adding identities to an agent. | 92 | Set a maximum lifetime when adding identities to an agent. |
93 | The lifetime may be specified in seconds or in a time format | 93 | The lifetime may be specified in seconds or in a time format |
94 | specified in | 94 | specified in |
95 | .Xr sshd 8 . | 95 | .Xr sshd_config 5 . |
96 | .It Fl c | ||
97 | Indicates that added identities should be subject to confirmation before | ||
98 | being used for authentication. Confirmation is performed by the | ||
99 | .Ev SSH_ASKPASS | ||
100 | program mentioned below. Successful confirmation is signaled by a zero | ||
101 | exit status from the | ||
102 | .Ev SSH_ASKPASS | ||
103 | program, rather than text entered into the requester. | ||
96 | .It Fl s Ar reader | 104 | .It Fl s Ar reader |
97 | Add key in smartcard | 105 | Add key in smartcard |
98 | .Ar reader . | 106 | .Ar reader . |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -70,6 +70,9 @@ static char *default_files[] = { | |||
70 | /* Default lifetime (0 == forever) */ | 70 | /* Default lifetime (0 == forever) */ |
71 | static int lifetime = 0; | 71 | static int lifetime = 0; |
72 | 72 | ||
73 | /* User has to confirm key use */ | ||
74 | static int confirm = 0; | ||
75 | |||
73 | /* we keep a cache of one passphrases */ | 76 | /* we keep a cache of one passphrases */ |
74 | static char *pass = NULL; | 77 | static char *pass = NULL; |
75 | static void | 78 | static void |
@@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
165 | } | 168 | } |
166 | } | 169 | } |
167 | 170 | ||
168 | if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { | 171 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
172 | confirm)) { | ||
169 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 173 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
170 | ret = 0; | 174 | ret = 0; |
171 | if (lifetime != 0) | 175 | if (lifetime != 0) |
172 | fprintf(stderr, | 176 | fprintf(stderr, |
173 | "Lifetime set to %d seconds\n", lifetime); | 177 | "Lifetime set to %d seconds\n", lifetime); |
178 | if (confirm != 0) | ||
179 | fprintf(stderr, | ||
180 | "The user has to confirm each use of the key\n"); | ||
174 | } else if (ssh_add_identity(ac, private, comment)) { | 181 | } else if (ssh_add_identity(ac, private, comment)) { |
175 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); | 182 | fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); |
176 | ret = 0; | 183 | ret = 0; |
@@ -188,6 +195,7 @@ static int | |||
188 | update_card(AuthenticationConnection *ac, int add, const char *id) | 195 | update_card(AuthenticationConnection *ac, int add, const char *id) |
189 | { | 196 | { |
190 | char *pin; | 197 | char *pin; |
198 | int ret = -1; | ||
191 | 199 | ||
192 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | 200 | pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); |
193 | if (pin == NULL) | 201 | if (pin == NULL) |
@@ -196,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
196 | if (ssh_update_card(ac, add, id, pin)) { | 204 | if (ssh_update_card(ac, add, id, pin)) { |
197 | fprintf(stderr, "Card %s: %s\n", | 205 | fprintf(stderr, "Card %s: %s\n", |
198 | add ? "added" : "removed", id); | 206 | add ? "added" : "removed", id); |
199 | return 0; | 207 | ret = 0; |
200 | } else { | 208 | } else { |
201 | fprintf(stderr, "Could not %s card: %s\n", | 209 | fprintf(stderr, "Could not %s card: %s\n", |
202 | add ? "add" : "remove", id); | 210 | add ? "add" : "remove", id); |
203 | return -1; | 211 | ret = -1; |
204 | } | 212 | } |
213 | xfree(pin); | ||
214 | return ret; | ||
205 | } | 215 | } |
206 | 216 | ||
207 | static int | 217 | static int |
@@ -292,6 +302,7 @@ usage(void) | |||
292 | fprintf(stderr, " -x Lock agent.\n"); | 302 | fprintf(stderr, " -x Lock agent.\n"); |
293 | fprintf(stderr, " -X Unlock agent.\n"); | 303 | fprintf(stderr, " -X Unlock agent.\n"); |
294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 304 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
305 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | ||
295 | #ifdef SMARTCARD | 306 | #ifdef SMARTCARD |
296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 307 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); |
297 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); | 308 | fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); |
@@ -319,7 +330,7 @@ main(int argc, char **argv) | |||
319 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); | 330 | fprintf(stderr, "Could not open a connection to your authentication agent.\n"); |
320 | exit(2); | 331 | exit(2); |
321 | } | 332 | } |
322 | while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { | 333 | while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { |
323 | switch (ch) { | 334 | switch (ch) { |
324 | case 'l': | 335 | case 'l': |
325 | case 'L': | 336 | case 'L': |
@@ -333,6 +344,9 @@ main(int argc, char **argv) | |||
333 | ret = 1; | 344 | ret = 1; |
334 | goto done; | 345 | goto done; |
335 | break; | 346 | break; |
347 | case 'c': | ||
348 | confirm = 1; | ||
349 | break; | ||
336 | case 'd': | 350 | case 'd': |
337 | deleting = 1; | 351 | deleting = 1; |
338 | break; | 352 | break; |
diff --git a/ssh-agent.0 b/ssh-agent.0 index 9a1b85645..aa7aebf03 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -1,56 +1,63 @@ | |||
1 | SSH-AGENT(1) System General Commands Manual SSH-AGENT(1) | 1 | SSHM-bM-^@M-^PAGENT(1) BSD General Commands Manual SSHM-bM-^@M-^PAGENT(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-agent - authentication agent | 4 | ^[[1msshM-bM-^@M-^Pagent ^[[22mM-bMM-^R authentication agent |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-agent [-a bind_address] [-c | -s] [-d] [command [args ...]] | 7 | ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] [^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[24m] [^[[1mM-bMM-^Rd^[[22m] [^[[4mcommand^[[24m [^[[4margs^[[24m ^[[4m...^[[24m]] |
8 | ssh-agent [-c | -s] -k | 8 | ^[[1msshM-bM-^@M-^Pagent ^[[22m[^[[1mM-bMM-^Rc ^[[22m| ^[[1mM-bMM-^Rs^[[22m] ^[[1mM-bMM-^Rk^[[0m |
9 | 9 | ||
10 | DESCRIPTION | 10 | ^[[1mDESCRIPTION^[[0m |
11 | ssh-agent is a program to hold private keys used for public key authentiM-- | 11 | ^[[1msshM-bM-^@M-^Pagent ^[[22mis a program to hold private keys used for public key authentiM-bM-^@M-^P |
12 | cation (RSA, DSA). The idea is that ssh-agent is started in the beginM-- | 12 | cation (RSA, DSA). The idea is that ^[[1msshM-bM-^@M-^Pagent ^[[22mis started in the beginM-bM-^@M-^P |
13 | ning of an X-session or a login session, and all other windows or proM-- | 13 | ning of an XM-bM-^@M-^Psession or a login session, and all other windows or proM-bM-^@M-^P |
14 | grams are started as clients to the ssh-agent program. Through use of | 14 | grams are started as clients to the sshM-bM-^@M-^Pagent program. Through use of |
15 | environment variables the agent can be located and automatically used for | 15 | environment variables the agent can be located and automatically used for |
16 | authentication when logging in to other machines using ssh(1). | 16 | authentication when logging in to other machines using ssh(1). |
17 | 17 | ||
18 | The options are as follows: | 18 | The options are as follows: |
19 | 19 | ||
20 | -a bind_address | 20 | ^[[1mM-bMM-^Ra ^[[4m^[[22mbind_address^[[0m |
21 | Bind the agent to the unix-domain socket bind_address. The | 21 | Bind the agent to the unixM-bM-^@M-^Pdomain socket ^[[4mbind_address^[[24m. The |
22 | default is /tmp/ssh-XXXXXXXX/agent.<ppid>. | 22 | default is ^[[4m/tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid>^[[24m. |
23 | 23 | ||
24 | -c Generate C-shell commands on stdout. This is the default if | 24 | ^[[1mM-bMM-^Rc ^[[22mGenerate CM-bM-^@M-^Pshell commands on stdout. This is the default if |
25 | SHELL looks like it's a csh style of shell. | 25 | SHELL looks like itM-bM-^@M-^Ys a csh style of shell. |
26 | 26 | ||
27 | -s Generate Bourne shell commands on stdout. This is the default if | 27 | ^[[1mM-bMM-^Rs ^[[22mGenerate Bourne shell commands on stdout. This is the default if |
28 | SHELL does not look like it's a csh style of shell. | 28 | SHELL does not look like itM-bM-^@M-^Ys a csh style of shell. |
29 | 29 | ||
30 | -k Kill the current agent (given by the SSH_AGENT_PID environment | 30 | ^[[1mM-bMM-^Rk ^[[22mKill the current agent (given by the SSH_AGENT_PID environment |
31 | variable). | 31 | variable). |
32 | 32 | ||
33 | -d Debug mode. When this option is specified ssh-agent will not | 33 | ^[[1mM-bMM-^Rt ^[[4m^[[22mlife^[[0m |
34 | Set a default value for the maximum lifetime of identities added | ||
35 | to the agent. The lifetime may be specified in seconds or in a | ||
36 | time format specified in sshd(8). A lifetime specified for an | ||
37 | identity with sshM-bM-^@M-^Padd(1) overrides this value. Without this | ||
38 | option the default maximum lifetime is forever. | ||
39 | |||
40 | ^[[1mM-bMM-^Rd ^[[22mDebug mode. When this option is specified ^[[1msshM-bM-^@M-^Pagent ^[[22mwill not | ||
34 | fork. | 41 | fork. |
35 | 42 | ||
36 | If a commandline is given, this is executed as a subprocess of the agent. | 43 | If a commandline is given, this is executed as a subprocess of the agent. |
37 | When the command dies, so does the agent. | 44 | When the command dies, so does the agent. |
38 | 45 | ||
39 | The agent initially does not have any private keys. Keys are added using | 46 | The agent initially does not have any private keys. Keys are added using |
40 | ssh-add(1). When executed without arguments, ssh-add(1) adds the files | 47 | sshM-bM-^@M-^Padd(1). When executed without arguments, sshM-bM-^@M-^Padd(1) adds the files |
41 | $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. If the | 48 | ^[[4m$HOME/.ssh/id_rsa^[[24m, ^[[4m$HOME/.ssh/id_dsa^[[24m and ^[[4m$HOME/.ssh/identity^[[24m. If the |
42 | identity has a passphrase, ssh-add(1) asks for the passphrase (using a | 49 | identity has a passphrase, sshM-bM-^@M-^Padd(1) asks for the passphrase (using a |
43 | small X11 application if running under X11, or from the terminal if runM-- | 50 | small X11 application if running under X11, or from the terminal if runM-bM-^@M-^P |
44 | ning without X). It then sends the identity to the agent. Several idenM-- | 51 | ning without X). It then sends the identity to the agent. Several idenM-bM-^@M-^P |
45 | tities can be stored in the agent; the agent can automatically use any of | 52 | tities can be stored in the agent; the agent can automatically use any of |
46 | these identities. ssh-add -l displays the identities currently held by | 53 | these identities. ^[[1msshM-bM-^@M-^Padd M-bM-^@M-^Pl ^[[22mdisplays the identities currently held by |
47 | the agent. | 54 | the agent. |
48 | 55 | ||
49 | The idea is that the agent is run in the user's local PC, laptop, or terM-- | 56 | The idea is that the agent is run in the userM-bM-^@M-^Ys local PC, laptop, or terM-bM-^@M-^P |
50 | minal. Authentication data need not be stored on any other machine, and | 57 | minal. Authentication data need not be stored on any other machine, and |
51 | authentication passphrases never go over the network. However, the conM-- | 58 | authentication passphrases never go over the network. However, the conM-bM-^@M-^P |
52 | nection to the agent is forwarded over SSH remote logins, and the user | 59 | nection to the agent is forwarded over SSH remote logins, and the user |
53 | can thus use the privileges given by the identities anywhere in the netM-- | 60 | can thus use the privileges given by the identities anywhere in the netM-bM-^@M-^P |
54 | work in a secure way. | 61 | work in a secure way. |
55 | 62 | ||
56 | There are two main ways to get an agent setup: Either the agent starts a | 63 | There are two main ways to get an agent setup: Either the agent starts a |
@@ -62,20 +69,20 @@ DESCRIPTION | |||
62 | 69 | ||
63 | The agent will never send a private key over its request channel. | 70 | The agent will never send a private key over its request channel. |
64 | Instead, operations that require a private key will be performed by the | 71 | Instead, operations that require a private key will be performed by the |
65 | agent, and the result will be returned to the requester. This way, priM-- | 72 | agent, and the result will be returned to the requester. This way, priM-bM-^@M-^P |
66 | vate keys are not exposed to clients using the agent. | 73 | vate keys are not exposed to clients using the agent. |
67 | 74 | ||
68 | A unix-domain socket is created and the name of this socket is stored in | 75 | A unixM-bM-^@M-^Pdomain socket is created and the name of this socket is stored in |
69 | the SSH_AUTH_SOCK environment variable. The socket is made accessible | 76 | the SSH_AUTH_SOCK environment variable. The socket is made accessible |
70 | only to the current user. This method is easily abused by root or | 77 | only to the current user. This method is easily abused by root or |
71 | another instance of the same user. | 78 | another instance of the same user. |
72 | 79 | ||
73 | The SSH_AGENT_PID environment variable holds the agent's process ID. | 80 | The SSH_AGENT_PID environment variable holds the agentM-bM-^@M-^Ys process ID. |
74 | 81 | ||
75 | The agent exits automatically when the command given on the command line | 82 | The agent exits automatically when the command given on the command line |
76 | terminates. | 83 | terminates. |
77 | 84 | ||
78 | FILES | 85 | ^[[1mFILES^[[0m |
79 | $HOME/.ssh/identity | 86 | $HOME/.ssh/identity |
80 | Contains the protocol version 1 RSA authentication identity of | 87 | Contains the protocol version 1 RSA authentication identity of |
81 | the user. | 88 | the user. |
@@ -88,20 +95,20 @@ FILES | |||
88 | Contains the protocol version 2 RSA authentication identity of | 95 | Contains the protocol version 2 RSA authentication identity of |
89 | the user. | 96 | the user. |
90 | 97 | ||
91 | /tmp/ssh-XXXXXXXX/agent.<ppid> | 98 | /tmp/sshM-bM-^@M-^PXXXXXXXX/agent.<ppid> |
92 | Unix-domain sockets used to contain the connection to the authenM-- | 99 | UnixM-bM-^@M-^Pdomain sockets used to contain the connection to the authenM-bM-^@M-^P |
93 | tication agent. These sockets should only be readable by the | 100 | tication agent. These sockets should only be readable by the |
94 | owner. The sockets should get automatically removed when the | 101 | owner. The sockets should get automatically removed when the |
95 | agent exits. | 102 | agent exits. |
96 | 103 | ||
97 | AUTHORS | 104 | ^[[1mAUTHORS^[[0m |
98 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 105 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
99 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 106 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
100 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 107 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
101 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 108 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
102 | versions 1.5 and 2.0. | 109 | versions 1.5 and 2.0. |
103 | 110 | ||
104 | SEE ALSO | 111 | ^[[1mSEE ALSO^[[0m |
105 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | 112 | ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), sshd(8) |
106 | 113 | ||
107 | BSD September 25, 1999 BSD | 114 | BSD September 25, 1999 BSD |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 0227436c1..98f9dc80d 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -44,6 +44,7 @@ | |||
44 | .Nm ssh-agent | 44 | .Nm ssh-agent |
45 | .Op Fl a Ar bind_address | 45 | .Op Fl a Ar bind_address |
46 | .Op Fl c Li | Fl s | 46 | .Op Fl c Li | Fl s |
47 | .Op Fl t Ar life | ||
47 | .Op Fl d | 48 | .Op Fl d |
48 | .Op Ar command Op Ar args ... | 49 | .Op Ar command Op Ar args ... |
49 | .Nm ssh-agent | 50 | .Nm ssh-agent |
@@ -86,6 +87,14 @@ does not look like it's a csh style of shell. | |||
86 | Kill the current agent (given by the | 87 | Kill the current agent (given by the |
87 | .Ev SSH_AGENT_PID | 88 | .Ev SSH_AGENT_PID |
88 | environment variable). | 89 | environment variable). |
90 | .It Fl t Ar life | ||
91 | Set a default value for the maximum lifetime of identities added to the agent. | ||
92 | The lifetime may be specified in seconds or in a time format specified in | ||
93 | .Xr sshd 8 . | ||
94 | A lifetime specified for an identity with | ||
95 | .Xr ssh-add 1 | ||
96 | overrides this value. | ||
97 | Without this option the default maximum lifetime is forever. | ||
89 | .It Fl d | 98 | .It Fl d |
90 | Debug mode. When this option is specified | 99 | Debug mode. When this option is specified |
91 | .Nm | 100 | .Nm |
diff --git a/ssh-agent.c b/ssh-agent.c index cca720ee2..eb593de73 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -35,7 +35,7 @@ | |||
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | #include "openbsd-compat/sys-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
38 | RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
@@ -50,6 +50,8 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); | |||
50 | #include "authfd.h" | 50 | #include "authfd.h" |
51 | #include "compat.h" | 51 | #include "compat.h" |
52 | #include "log.h" | 52 | #include "log.h" |
53 | #include "readpass.h" | ||
54 | #include "misc.h" | ||
53 | 55 | ||
54 | #ifdef SMARTCARD | 56 | #ifdef SMARTCARD |
55 | #include "scard.h" | 57 | #include "scard.h" |
@@ -77,6 +79,7 @@ typedef struct identity { | |||
77 | Key *key; | 79 | Key *key; |
78 | char *comment; | 80 | char *comment; |
79 | u_int death; | 81 | u_int death; |
82 | u_int confirm; | ||
80 | } Identity; | 83 | } Identity; |
81 | 84 | ||
82 | typedef struct { | 85 | typedef struct { |
@@ -106,6 +109,9 @@ extern char *__progname; | |||
106 | char *__progname; | 109 | char *__progname; |
107 | #endif | 110 | #endif |
108 | 111 | ||
112 | /* Default lifetime (0 == forever) */ | ||
113 | static int lifetime = 0; | ||
114 | |||
109 | static void | 115 | static void |
110 | close_socket(SocketEntry *e) | 116 | close_socket(SocketEntry *e) |
111 | { | 117 | { |
@@ -159,6 +165,30 @@ lookup_identity(Key *key, int version) | |||
159 | return (NULL); | 165 | return (NULL); |
160 | } | 166 | } |
161 | 167 | ||
168 | /* Check confirmation of keysign request */ | ||
169 | static int | ||
170 | confirm_key(Identity *id) | ||
171 | { | ||
172 | char *p, prompt[1024]; | ||
173 | int ret = -1; | ||
174 | |||
175 | p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); | ||
176 | snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" | ||
177 | "Key fingerprint %s.", id->comment, p); | ||
178 | xfree(p); | ||
179 | p = read_passphrase(prompt, RP_ALLOW_EOF); | ||
180 | if (p != NULL) { | ||
181 | /* | ||
182 | * Accept empty responses and responses consisting | ||
183 | * of the word "yes" as affirmative. | ||
184 | */ | ||
185 | if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) | ||
186 | ret = 0; | ||
187 | xfree(p); | ||
188 | } | ||
189 | return (ret); | ||
190 | } | ||
191 | |||
162 | /* send list of supported public keys to 'client' */ | 192 | /* send list of supported public keys to 'client' */ |
163 | static void | 193 | static void |
164 | process_request_identities(SocketEntry *e, int version) | 194 | process_request_identities(SocketEntry *e, int version) |
@@ -222,7 +252,7 @@ process_authentication_challenge1(SocketEntry *e) | |||
222 | goto failure; | 252 | goto failure; |
223 | 253 | ||
224 | id = lookup_identity(key, 1); | 254 | id = lookup_identity(key, 1); |
225 | if (id != NULL) { | 255 | if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { |
226 | Key *private = id->key; | 256 | Key *private = id->key; |
227 | /* Decrypt the challenge using the private key. */ | 257 | /* Decrypt the challenge using the private key. */ |
228 | if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) | 258 | if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) |
@@ -282,7 +312,7 @@ process_sign_request2(SocketEntry *e) | |||
282 | key = key_from_blob(blob, blen); | 312 | key = key_from_blob(blob, blen); |
283 | if (key != NULL) { | 313 | if (key != NULL) { |
284 | Identity *id = lookup_identity(key, 2); | 314 | Identity *id = lookup_identity(key, 2); |
285 | if (id != NULL) | 315 | if (id != NULL && (!id->confirm || confirm_key(id) == 0)) |
286 | ok = key_sign(id->key, &signature, &slen, data, dlen); | 316 | ok = key_sign(id->key, &signature, &slen, data, dlen); |
287 | } | 317 | } |
288 | key_free(key); | 318 | key_free(key); |
@@ -402,7 +432,7 @@ static void | |||
402 | process_add_identity(SocketEntry *e, int version) | 432 | process_add_identity(SocketEntry *e, int version) |
403 | { | 433 | { |
404 | Idtab *tab = idtab_lookup(version); | 434 | Idtab *tab = idtab_lookup(version); |
405 | int type, success = 0, death = 0; | 435 | int type, success = 0, death = 0, confirm = 0; |
406 | char *type_name, *comment; | 436 | char *type_name, *comment; |
407 | Key *k = NULL; | 437 | Key *k = NULL; |
408 | 438 | ||
@@ -453,6 +483,17 @@ process_add_identity(SocketEntry *e, int version) | |||
453 | } | 483 | } |
454 | break; | 484 | break; |
455 | } | 485 | } |
486 | /* enable blinding */ | ||
487 | switch (k->type) { | ||
488 | case KEY_RSA: | ||
489 | case KEY_RSA1: | ||
490 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | ||
491 | error("process_add_identity: RSA_blinding_on failed"); | ||
492 | key_free(k); | ||
493 | goto send; | ||
494 | } | ||
495 | break; | ||
496 | } | ||
456 | comment = buffer_get_string(&e->request, NULL); | 497 | comment = buffer_get_string(&e->request, NULL); |
457 | if (k == NULL) { | 498 | if (k == NULL) { |
458 | xfree(comment); | 499 | xfree(comment); |
@@ -464,15 +505,21 @@ process_add_identity(SocketEntry *e, int version) | |||
464 | case SSH_AGENT_CONSTRAIN_LIFETIME: | 505 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
465 | death = time(NULL) + buffer_get_int(&e->request); | 506 | death = time(NULL) + buffer_get_int(&e->request); |
466 | break; | 507 | break; |
508 | case SSH_AGENT_CONSTRAIN_CONFIRM: | ||
509 | confirm = 1; | ||
510 | break; | ||
467 | default: | 511 | default: |
468 | break; | 512 | break; |
469 | } | 513 | } |
470 | } | 514 | } |
515 | if (lifetime && !death) | ||
516 | death = time(NULL) + lifetime; | ||
471 | if (lookup_identity(k, version) == NULL) { | 517 | if (lookup_identity(k, version) == NULL) { |
472 | Identity *id = xmalloc(sizeof(Identity)); | 518 | Identity *id = xmalloc(sizeof(Identity)); |
473 | id->key = k; | 519 | id->key = k; |
474 | id->comment = comment; | 520 | id->comment = comment; |
475 | id->death = death; | 521 | id->death = death; |
522 | id->confirm = confirm; | ||
476 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | 523 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); |
477 | /* Increment the number of identities. */ | 524 | /* Increment the number of identities. */ |
478 | tab->nentries++; | 525 | tab->nentries++; |
@@ -557,6 +604,7 @@ process_add_smartcard_key (SocketEntry *e) | |||
557 | id->key = k; | 604 | id->key = k; |
558 | id->comment = xstrdup("smartcard key"); | 605 | id->comment = xstrdup("smartcard key"); |
559 | id->death = 0; | 606 | id->death = 0; |
607 | id->confirm = 0; | ||
560 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); | 608 | TAILQ_INSERT_TAIL(&tab->idlist, id, next); |
561 | tab->nentries++; | 609 | tab->nentries++; |
562 | success = 1; | 610 | success = 1; |
@@ -930,13 +978,15 @@ usage(void) | |||
930 | fprintf(stderr, " -k Kill the current agent.\n"); | 978 | fprintf(stderr, " -k Kill the current agent.\n"); |
931 | fprintf(stderr, " -d Debug mode.\n"); | 979 | fprintf(stderr, " -d Debug mode.\n"); |
932 | fprintf(stderr, " -a socket Bind agent socket to given name.\n"); | 980 | fprintf(stderr, " -a socket Bind agent socket to given name.\n"); |
981 | fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); | ||
933 | exit(1); | 982 | exit(1); |
934 | } | 983 | } |
935 | 984 | ||
936 | int | 985 | int |
937 | main(int ac, char **av) | 986 | main(int ac, char **av) |
938 | { | 987 | { |
939 | int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; | 988 | int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; |
989 | int sock, fd, ch, nalloc; | ||
940 | char *shell, *format, *pidstr, *agentsocket = NULL; | 990 | char *shell, *format, *pidstr, *agentsocket = NULL; |
941 | fd_set *readsetp = NULL, *writesetp = NULL; | 991 | fd_set *readsetp = NULL, *writesetp = NULL; |
942 | struct sockaddr_un sunaddr; | 992 | struct sockaddr_un sunaddr; |
@@ -961,7 +1011,7 @@ main(int ac, char **av) | |||
961 | init_rng(); | 1011 | init_rng(); |
962 | seed_rng(); | 1012 | seed_rng(); |
963 | 1013 | ||
964 | while ((ch = getopt(ac, av, "cdksa:")) != -1) { | 1014 | while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { |
965 | switch (ch) { | 1015 | switch (ch) { |
966 | case 'c': | 1016 | case 'c': |
967 | if (s_flag) | 1017 | if (s_flag) |
@@ -984,6 +1034,12 @@ main(int ac, char **av) | |||
984 | case 'a': | 1034 | case 'a': |
985 | agentsocket = optarg; | 1035 | agentsocket = optarg; |
986 | break; | 1036 | break; |
1037 | case 't': | ||
1038 | if ((lifetime = convtime(optarg)) == -1) { | ||
1039 | fprintf(stderr, "Invalid lifetime\n"); | ||
1040 | usage(); | ||
1041 | } | ||
1042 | break; | ||
987 | default: | 1043 | default: |
988 | usage(); | 1044 | usage(); |
989 | } | 1045 | } |
@@ -1116,9 +1172,14 @@ main(int ac, char **av) | |||
1116 | } | 1172 | } |
1117 | 1173 | ||
1118 | (void)chdir("/"); | 1174 | (void)chdir("/"); |
1119 | close(0); | 1175 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { |
1120 | close(1); | 1176 | /* XXX might close listen socket */ |
1121 | close(2); | 1177 | (void)dup2(fd, STDIN_FILENO); |
1178 | (void)dup2(fd, STDOUT_FILENO); | ||
1179 | (void)dup2(fd, STDERR_FILENO); | ||
1180 | if (fd > 2) | ||
1181 | close(fd); | ||
1182 | } | ||
1122 | 1183 | ||
1123 | #ifdef HAVE_SETRLIMIT | 1184 | #ifdef HAVE_SETRLIMIT |
1124 | /* deny core dumps, since memory contains unencrypted private keys */ | 1185 | /* deny core dumps, since memory contains unencrypted private keys */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
@@ -34,7 +34,6 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); | |||
34 | #include "compat.h" | 34 | #include "compat.h" |
35 | #include "log.h" | 35 | #include "log.h" |
36 | #include "key.h" | 36 | #include "key.h" |
37 | #include "ssh-dss.h" | ||
38 | 37 | ||
39 | #define INTBLOB_LEN 20 | 38 | #define INTBLOB_LEN 20 |
40 | #define SIGBLOB_LEN (2*INTBLOB_LEN) | 39 | #define SIGBLOB_LEN (2*INTBLOB_LEN) |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index d3a2135b4..2e151a95c 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -1,45 +1,45 @@ | |||
1 | SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) | 1 | SSHM-bM-^@M-^PKEYGEN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYGEN(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-keygen - authentication key generation, management and conversion | 4 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mM-bMM-^R authentication key generation, management and conversion |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] | 7 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22m[^[[1mM-bMM-^Rq^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] |
8 | [-f output_keyfile] | 8 | [^[[1mM-bMM-^Rf ^[[4m^[[22moutput_keyfile^[[24m] |
9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | 9 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rp ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mold_passphrase^[[24m] [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m] |
10 | ssh-keygen -i [-f input_keyfile] | 10 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ri ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
11 | ssh-keygen -e [-f input_keyfile] | 11 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Re ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
12 | ssh-keygen -y [-f input_keyfile] | 12 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ry ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | 13 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rc ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m] |
14 | ssh-keygen -l [-f input_keyfile] | 14 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rl ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
15 | ssh-keygen -B [-f input_keyfile] | 15 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RB ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
16 | ssh-keygen -D reader | 16 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RD ^[[4m^[[22mreader^[[0m |
17 | ssh-keygen -U reader [-f input_keyfile] | 17 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RU ^[[4m^[[22mreader^[[24m [^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
18 | 18 | ||
19 | DESCRIPTION | 19 | ^[[1mDESCRIPTION^[[0m |
20 | ssh-keygen generates, manages and converts authentication keys for | 20 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mgenerates, manages and converts authentication keys for |
21 | ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 | 21 | ssh(1). ^[[1msshM-bM-^@M-^Pkeygen ^[[22mcan create RSA keys for use by SSH protocol version 1 |
22 | and RSA or DSA keys for use by SSH protocol version 2. The type of key to | 22 | and RSA or DSA keys for use by SSH protocol version 2. The type of key to |
23 | be generated is specified with the -t option. | 23 | be generated is specified with the ^[[1mM-bMM-^Rt ^[[22moption. |
24 | 24 | ||
25 | Normally each user wishing to use SSH with RSA or DSA authentication runs | 25 | Normally each user wishing to use SSH with RSA or DSA authentication runs |
26 | this once to create the authentication key in $HOME/.ssh/identity, | 26 | this once to create the authentication key in ^[[4m$HOME/.ssh/identity^[[24m, |
27 | $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system adminM-- | 27 | ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m. Additionally, the system adminM-bM-^@M-^P |
28 | istrator may use this to generate host keys, as seen in /etc/rc. | 28 | istrator may use this to generate host keys, as seen in ^[[4m/etc/rc^[[24m. |
29 | 29 | ||
30 | Normally this program generates the key and asks for a file in which to | 30 | Normally this program generates the key and asks for a file in which to |
31 | store the private key. The public key is stored in a file with the same | 31 | store the private key. The public key is stored in a file with the same |
32 | name but ``.pub'' appended. The program also asks for a passphrase. The | 32 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The |
33 | passphrase may be empty to indicate no passphrase (host keys must have an | 33 | passphrase may be empty to indicate no passphrase (host keys must have an |
34 | empty passphrase), or it may be a string of arbitrary length. A | 34 | empty passphrase), or it may be a string of arbitrary length. A |
35 | passphrase is similar to a password, except it can be a phrase with a | 35 | passphrase is similar to a password, except it can be a phrase with a |
36 | series of words, punctuation, numbers, whitespace, or any string of charM-- | 36 | series of words, punctuation, numbers, whitespace, or any string of charM-bM-^@M-^P |
37 | acters you want. Good passphrases are 10-30 characters long, are not | 37 | acters you want. Good passphrases are 10M-bM-^@M-^P30 characters long, are not |
38 | simple sentences or otherwise easily guessable (English prose has only | 38 | simple sentences or otherwise easily guessable (English prose has only |
39 | 1-2 bits of entropy per character, and provides very bad passphrases), | 39 | 1M-bM-^@M-^P2 bits of entropy per character, and provides very bad passphrases), |
40 | and contain a mix of upper and lowercase letters, numbers, and non- | 40 | and contain a mix of upper and lowercase letters, numbers, and nonM-bM-^@M-^P |
41 | alphanumeric characters. The passphrase can be changed later by using | 41 | alphanumeric characters. The passphrase can be changed later by using |
42 | the -p option. | 42 | the ^[[1mM-bMM-^Rp ^[[22moption. |
43 | 43 | ||
44 | There is no way to recover a lost passphrase. If the passphrase is lost | 44 | There is no way to recover a lost passphrase. If the passphrase is lost |
45 | or forgotten, a new key must be generated and copied to the corresponding | 45 | or forgotten, a new key must be generated and copied to the corresponding |
@@ -47,91 +47,90 @@ DESCRIPTION | |||
47 | 47 | ||
48 | For RSA1 keys, there is also a comment field in the key file that is only | 48 | For RSA1 keys, there is also a comment field in the key file that is only |
49 | for convenience to the user to help identify the key. The comment can | 49 | for convenience to the user to help identify the key. The comment can |
50 | tell what the key is for, or whatever is useful. The comment is initialM-- | 50 | tell what the key is for, or whatever is useful. The comment is initialM-bM-^@M-^P |
51 | ized to ``user@host'' when the key is created, but can be changed using | 51 | ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the |
52 | the -c option. | 52 | ^[[1mM-bMM-^Rc ^[[22moption. |
53 | 53 | ||
54 | After a key is generated, instructions below detail where the keys should | 54 | After a key is generated, instructions below detail where the keys should |
55 | be placed to be activated. | 55 | be placed to be activated. |
56 | 56 | ||
57 | The options are as follows: | 57 | The options are as follows: |
58 | 58 | ||
59 | -b bits | 59 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m |
60 | Specifies the number of bits in the key to create. Minimum is | 60 | Specifies the number of bits in the key to create. Minimum is |
61 | 512 bits. Generally 1024 bits is considered sufficient, and key | 61 | 512 bits. Generally, 1024 bits is considered sufficient. The |
62 | sizes above that no longer improve security but make things | 62 | default is 1024 bits. |
63 | slower. The default is 1024 bits. | ||
64 | 63 | ||
65 | -c Requests changing the comment in the private and public key | 64 | ^[[1mM-bMM-^Rc ^[[22mRequests changing the comment in the private and public key |
66 | files. This operation is only supported for RSA1 keys. The proM-- | 65 | files. This operation is only supported for RSA1 keys. The proM-bM-^@M-^P |
67 | gram will prompt for the file containing the private keys, for | 66 | gram will prompt for the file containing the private keys, for |
68 | the passphrase if the key has one, and for the new comment. | 67 | the passphrase if the key has one, and for the new comment. |
69 | 68 | ||
70 | -e This option will read a private or public OpenSSH key file and | 69 | ^[[1mM-bMM-^Re ^[[22mThis option will read a private or public OpenSSH key file and |
71 | print the key in a `SECSH Public Key File Format' to stdout. | 70 | print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout. |
72 | This option allows exporting keys for use by several commercial | 71 | This option allows exporting keys for use by several commercial |
73 | SSH implementations. | 72 | SSH implementations. |
74 | 73 | ||
75 | -f filename | 74 | ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m |
76 | Specifies the filename of the key file. | 75 | Specifies the filename of the key file. |
77 | 76 | ||
78 | -i This option will read an unencrypted private (or public) key file | 77 | ^[[1mM-bMM-^Ri ^[[22mThis option will read an unencrypted private (or public) key file |
79 | in SSH2-compatible format and print an OpenSSH compatible private | 78 | in SSH2M-bM-^@M-^Pcompatible format and print an OpenSSH compatible private |
80 | (or public) key to stdout. ssh-keygen also reads the `SECSH | 79 | (or public) key to stdout. ^[[1msshM-bM-^@M-^Pkeygen ^[[22malso reads the M-bM-^@M-^XSECSH |
81 | Public Key File Format'. This option allows importing keys from | 80 | Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from |
82 | several commercial SSH implementations. | 81 | several commercial SSH implementations. |
83 | 82 | ||
84 | -l Show fingerprint of specified public key file. Private RSA1 keys | 83 | ^[[1mM-bMM-^Rl ^[[22mShow fingerprint of specified public key file. Private RSA1 keys |
85 | are also supported. For RSA and DSA keys ssh-keygen tries to | 84 | are also supported. For RSA and DSA keys ^[[1msshM-bM-^@M-^Pkeygen ^[[22mtries to |
86 | find the matching public key file and prints its fingerprint. | 85 | find the matching public key file and prints its fingerprint. |
87 | 86 | ||
88 | -p Requests changing the passphrase of a private key file instead of | 87 | ^[[1mM-bMM-^Rp ^[[22mRequests changing the passphrase of a private key file instead of |
89 | creating a new private key. The program will prompt for the file | 88 | creating a new private key. The program will prompt for the file |
90 | containing the private key, for the old passphrase, and twice for | 89 | containing the private key, for the old passphrase, and twice for |
91 | the new passphrase. | 90 | the new passphrase. |
92 | 91 | ||
93 | -q Silence ssh-keygen. Used by /etc/rc when creating a new key. | 92 | ^[[1mM-bMM-^Rq ^[[22mSilence ^[[1msshM-bM-^@M-^Pkeygen^[[22m. Used by ^[[4m/etc/rc^[[24m when creating a new key. |
94 | 93 | ||
95 | -y This option will read a private OpenSSH format file and print an | 94 | ^[[1mM-bMM-^Ry ^[[22mThis option will read a private OpenSSH format file and print an |
96 | OpenSSH public key to stdout. | 95 | OpenSSH public key to stdout. |
97 | 96 | ||
98 | -t type | 97 | ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m |
99 | Specifies the type of the key to create. The possible values are | 98 | Specifies the type of the key to create. The possible values are |
100 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM-- | 99 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol |
101 | col version 2. | 100 | version 2. |
102 | 101 | ||
103 | -B Show the bubblebabble digest of specified private or public key | 102 | ^[[1mM-bMM-^RB ^[[22mShow the bubblebabble digest of specified private or public key |
104 | file. | 103 | file. |
105 | 104 | ||
106 | -C comment | 105 | ^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[0m |
107 | Provides the new comment. | 106 | Provides the new comment. |
108 | 107 | ||
109 | -D reader | 108 | ^[[1mM-bMM-^RD ^[[4m^[[22mreader^[[0m |
110 | Download the RSA public key stored in the smartcard in reader. | 109 | Download the RSA public key stored in the smartcard in ^[[4mreader^[[24m. |
111 | 110 | ||
112 | -N new_passphrase | 111 | ^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[0m |
113 | Provides the new passphrase. | 112 | Provides the new passphrase. |
114 | 113 | ||
115 | -P passphrase | 114 | ^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[0m |
116 | Provides the (old) passphrase. | 115 | Provides the (old) passphrase. |
117 | 116 | ||
118 | -U reader | 117 | ^[[1mM-bMM-^RU ^[[4m^[[22mreader^[[0m |
119 | Upload an existing RSA private key into the smartcard in reader. | 118 | Upload an existing RSA private key into the smartcard in ^[[4mreader^[[24m. |
120 | 119 | ||
121 | FILES | 120 | ^[[1mFILES^[[0m |
122 | $HOME/.ssh/identity | 121 | $HOME/.ssh/identity |
123 | Contains the protocol version 1 RSA authentication identity of | 122 | Contains the protocol version 1 RSA authentication identity of |
124 | the user. This file should not be readable by anyone but the | 123 | the user. This file should not be readable by anyone but the |
125 | user. It is possible to specify a passphrase when generating the | 124 | user. It is possible to specify a passphrase when generating the |
126 | key; that passphrase will be used to encrypt the private part of | 125 | key; that passphrase will be used to encrypt the private part of |
127 | this file using 3DES. This file is not automatically accessed by | 126 | this file using 3DES. This file is not automatically accessed by |
128 | ssh-keygen but it is offered as the default file for the private | 127 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
129 | key. ssh(1) will read this file when a login attempt is made. | 128 | key. ssh(1) will read this file when a login attempt is made. |
130 | 129 | ||
131 | $HOME/.ssh/identity.pub | 130 | $HOME/.ssh/identity.pub |
132 | Contains the protocol version 1 RSA public key for authenticaM-- | 131 | Contains the protocol version 1 RSA public key for authenticaM-bM-^@M-^P |
133 | tion. The contents of this file should be added to | 132 | tion. The contents of this file should be added to |
134 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 133 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
135 | to log in using RSA authentication. There is no need to keep the | 134 | to log in using RSA authentication. There is no need to keep the |
136 | contents of this file secret. | 135 | contents of this file secret. |
137 | 136 | ||
@@ -141,13 +140,13 @@ FILES | |||
141 | user. It is possible to specify a passphrase when generating the | 140 | user. It is possible to specify a passphrase when generating the |
142 | key; that passphrase will be used to encrypt the private part of | 141 | key; that passphrase will be used to encrypt the private part of |
143 | this file using 3DES. This file is not automatically accessed by | 142 | this file using 3DES. This file is not automatically accessed by |
144 | ssh-keygen but it is offered as the default file for the private | 143 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
145 | key. ssh(1) will read this file when a login attempt is made. | 144 | key. ssh(1) will read this file when a login attempt is made. |
146 | 145 | ||
147 | $HOME/.ssh/id_dsa.pub | 146 | $HOME/.ssh/id_dsa.pub |
148 | Contains the protocol version 2 DSA public key for authenticaM-- | 147 | Contains the protocol version 2 DSA public key for authenticaM-bM-^@M-^P |
149 | tion. The contents of this file should be added to | 148 | tion. The contents of this file should be added to |
150 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 149 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
151 | to log in using public key authentication. There is no need to | 150 | to log in using public key authentication. There is no need to |
152 | keep the contents of this file secret. | 151 | keep the contents of this file secret. |
153 | 152 | ||
@@ -157,27 +156,27 @@ FILES | |||
157 | user. It is possible to specify a passphrase when generating the | 156 | user. It is possible to specify a passphrase when generating the |
158 | key; that passphrase will be used to encrypt the private part of | 157 | key; that passphrase will be used to encrypt the private part of |
159 | this file using 3DES. This file is not automatically accessed by | 158 | this file using 3DES. This file is not automatically accessed by |
160 | ssh-keygen but it is offered as the default file for the private | 159 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
161 | key. ssh(1) will read this file when a login attempt is made. | 160 | key. ssh(1) will read this file when a login attempt is made. |
162 | 161 | ||
163 | $HOME/.ssh/id_rsa.pub | 162 | $HOME/.ssh/id_rsa.pub |
164 | Contains the protocol version 2 RSA public key for authenticaM-- | 163 | Contains the protocol version 2 RSA public key for authenticaM-bM-^@M-^P |
165 | tion. The contents of this file should be added to | 164 | tion. The contents of this file should be added to |
166 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 165 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
167 | to log in using public key authentication. There is no need to | 166 | to log in using public key authentication. There is no need to |
168 | keep the contents of this file secret. | 167 | keep the contents of this file secret. |
169 | 168 | ||
170 | AUTHORS | 169 | ^[[1mAUTHORS^[[0m |
171 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 170 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
172 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 171 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
173 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 172 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
174 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 173 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
175 | versions 1.5 and 2.0. | 174 | versions 1.5 and 2.0. |
176 | 175 | ||
177 | SEE ALSO | 176 | ^[[1mSEE ALSO^[[0m |
178 | ssh(1), ssh-add(1), ssh-agent(1), sshd(8) | 177 | ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshd(8) |
179 | 178 | ||
180 | J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- | 179 | J. Galbraith and R. Thayer, ^[[4mSECSH^[[24m ^[[4mPublic^[[24m ^[[4mKey^[[24m ^[[4mFile^[[24m ^[[4mFormat^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^P |
181 | secsh-publickeyfile-01.txt, March 2001, work in progress material. | 180 | secshM-bM-^@M-^PpublickeyfileM-bM-^@M-^P01.txt, March 2001, work in progress material. |
182 | 181 | ||
183 | BSD September 25, 1999 BSD | 182 | BSD September 25, 1999 BSD |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 35b0bb916..78fdb496a 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.54 2002/06/19 00:27:55 deraadt Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -147,8 +147,7 @@ The options are as follows: | |||
147 | .It Fl b Ar bits | 147 | .It Fl b Ar bits |
148 | Specifies the number of bits in the key to create. | 148 | Specifies the number of bits in the key to create. |
149 | Minimum is 512 bits. | 149 | Minimum is 512 bits. |
150 | Generally 1024 bits is considered sufficient, and key sizes | 150 | Generally, 1024 bits is considered sufficient. |
151 | above that no longer improve security but make things slower. | ||
152 | The default is 1024 bits. | 151 | The default is 1024 bits. |
153 | .It Fl c | 152 | .It Fl c |
154 | Requests changing the comment in the private and public key files. | 153 | Requests changing the comment in the private and public key files. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 3478e3723..6a872bcfd 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -109,7 +109,6 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
109 | 109 | ||
110 | snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); | 110 | snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); |
111 | fprintf(stderr, "%s (%s): ", prompt, identity_file); | 111 | fprintf(stderr, "%s (%s): ", prompt, identity_file); |
112 | fflush(stderr); | ||
113 | if (fgets(buf, sizeof(buf), stdin) == NULL) | 112 | if (fgets(buf, sizeof(buf), stdin) == NULL) |
114 | exit(1); | 113 | exit(1); |
115 | if (strchr(buf, '\n')) | 114 | if (strchr(buf, '\n')) |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 05742bf66..3c3067cc9 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -1,101 +1,100 @@ | |||
1 | SSH-KEYSCAN(1) System General Commands Manual SSH-KEYSCAN(1) | 1 | SSHM-bM-^@M-^PKEYSCAN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYSCAN(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-keyscan - gather ssh public keys | 4 | ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mM-bMM-^R gather ssh public keys |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-keyscan [-v46] [-p port] [-T timeout] [-t type] [-f file] | 7 | ^[[1msshM-bM-^@M-^Pkeyscan ^[[22m[^[[1mM-bMM-^Rv46^[[22m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RT ^[[4m^[[22mtimeout^[[24m] [^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mfile^[[24m] |
8 | [host | addrlist namelist] [...] | 8 | [^[[4mhost^[[24m | ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m] [^[[4m...^[[24m] |
9 | 9 | ||
10 | DESCRIPTION | 10 | ^[[1mDESCRIPTION^[[0m |
11 | ssh-keyscan is a utility for gathering the public ssh host keys of a numM-- | 11 | ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mis a utility for gathering the public ssh host keys of a numM-bM-^@M-^P |
12 | ber of hosts. It was designed to aid in building and verifying | 12 | ber of hosts. It was designed to aid in building and verifying |
13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable | 13 | ^[[4mssh_known_hosts^[[24m files. ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mprovides a minimal interface suitable |
14 | for use by shell and perl scripts. | 14 | for use by shell and perl scripts. |
15 | 15 | ||
16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as posM-- | 16 | ^[[1msshM-bM-^@M-^Pkeyscan ^[[22muses nonM-bM-^@M-^Pblocking socket I/O to contact as many hosts as posM-bM-^@M-^P |
17 | sible in parallel, so it is very efficient. The keys from a domain of | 17 | sible in parallel, so it is very efficient. The keys from a domain of |
18 | 1,000 hosts can be collected in tens of seconds, even when some of those | 18 | 1,000 hosts can be collected in tens of seconds, even when some of those |
19 | hosts are down or do not run ssh. For scanning, one does not need login | 19 | hosts are down or do not run ssh. For scanning, one does not need login |
20 | access to the machines that are being scanned, nor does the scanning proM-- | 20 | access to the machines that are being scanned, nor does the scanning proM-bM-^@M-^P |
21 | cess involve any encryption. | 21 | cess involve any encryption. |
22 | 22 | ||
23 | The options are as follows: | 23 | The options are as follows: |
24 | 24 | ||
25 | -p port | 25 | ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m |
26 | Port to connect to on the remote host. | 26 | Port to connect to on the remote host. |
27 | 27 | ||
28 | -T timeout | 28 | ^[[1mM-bMM-^RT ^[[4m^[[22mtimeout^[[0m |
29 | Set the timeout for connection attempts. If timeout seconds have | 29 | Set the timeout for connection attempts. If ^[[4mtimeout^[[24m seconds have |
30 | elapsed since a connection was initiated to a host or since the | 30 | elapsed since a connection was initiated to a host or since the |
31 | last time anything was read from that host, then the connection | 31 | last time anything was read from that host, then the connection |
32 | is closed and the host in question considered unavailable. | 32 | is closed and the host in question considered unavailable. |
33 | Default is 5 seconds. | 33 | Default is 5 seconds. |
34 | 34 | ||
35 | -t type | 35 | ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m |
36 | Specifies the type of the key to fetch from the scanned hosts. | 36 | Specifies the type of the key to fetch from the scanned hosts. |
37 | The possible values are ``rsa1'' for protocol version 1 and | 37 | The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] |
38 | ``rsa'' or ``dsa'' for protocol version 2. Multiple values may | 38 | or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol version 2. Multiple values may be speciM-bM-^@M-^P |
39 | be specified by separating them with commas. The default is | 39 | fied by separating them with commas. The default is M-bM-^@M-^\rsa1M-bM-^@M-^]. |
40 | ``rsa1''. | ||
41 | 40 | ||
42 | -f filename | 41 | ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m |
43 | Read hosts or addrlist namelist pairs from this file, one per | 42 | Read hosts or ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m pairs from this file, one per |
44 | line. If - is supplied instead of a filename, ssh-keyscan will | 43 | line. If ^[[4mM-bM-^@M-^P^[[24m is supplied instead of a filename, ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mwill |
45 | read hosts or addrlist namelist pairs from the standard input. | 44 | read hosts or ^[[4maddrlist^[[24m ^[[4mnamelist^[[24m pairs from the standard input. |
46 | 45 | ||
47 | -v Verbose mode. Causes ssh-keyscan to print debugging messages | 46 | ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto print debugging messages |
48 | about its progress. | 47 | about its progress. |
49 | 48 | ||
50 | -4 Forces ssh-keyscan to use IPv4 addresses only. | 49 | ^[[1mM-bMM-^R4 ^[[22mForces ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto use IPv4 addresses only. |
51 | 50 | ||
52 | -6 Forces ssh-keyscan to use IPv6 addresses only. | 51 | ^[[1mM-bMM-^R6 ^[[22mForces ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mto use IPv6 addresses only. |
53 | 52 | ||
54 | SECURITY | 53 | ^[[1mSECURITY^[[0m |
55 | If a ssh_known_hosts file is constructed using ssh-keyscan without veriM-- | 54 | If a ssh_known_hosts file is constructed using ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mwithout veriM-bM-^@M-^P |
56 | fying the keys, users will be vulnerable to attacks. On the other hand, | 55 | fying the keys, users will be vulnerable to attacks. On the other hand, |
57 | if the security model allows such a risk, ssh-keyscan can help in the | 56 | if the security model allows such a risk, ^[[1msshM-bM-^@M-^Pkeyscan ^[[22mcan help in the |
58 | detection of tampered keyfiles or man in the middle attacks which have | 57 | detection of tampered keyfiles or man in the middle attacks which have |
59 | begun after the ssh_known_hosts file was created. | 58 | begun after the ssh_known_hosts file was created. |
60 | 59 | ||
61 | EXAMPLES | 60 | ^[[1mEXAMPLES^[[0m |
62 | Print the rsa1 host key for machine hostname: | 61 | Print the ^[[4mrsa1^[[24m host key for machine ^[[4mhostname^[[24m: |
63 | 62 | ||
64 | $ ssh-keyscan hostname | 63 | $ sshM-bM-^@M-^Pkeyscan hostname |
65 | 64 | ||
66 | Find all hosts from the file ssh_hosts which have new or different keys | 65 | Find all hosts from the file ^[[4mssh_hosts^[[24m which have new or different keys |
67 | from those in the sorted file ssh_known_hosts: | 66 | from those in the sorted file ^[[4mssh_known_hosts^[[24m: |
68 | 67 | ||
69 | $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \ | 68 | $ sshM-bM-^@M-^Pkeyscan M-bM-^@M-^Pt rsa,dsa M-bM-^@M-^Pf ssh_hosts | \ |
70 | sort -u - ssh_known_hosts | diff ssh_known_hosts - | 69 | sort M-bM-^@M-^Pu M-bM-^@M-^P ssh_known_hosts | diff ssh_known_hosts M-bM-^@M-^P |
71 | 70 | ||
72 | FILES | 71 | ^[[1mFILES^[[0m |
73 | Input format: | 72 | ^[[4mInput^[[24m ^[[4mformat:^[[0m |
74 | 73 | ||
75 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 | 74 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 |
76 | 75 | ||
77 | Output format for rsa1 keys: | 76 | ^[[4mOutput^[[24m ^[[4mformat^[[24m ^[[4mfor^[[24m ^[[4mrsa1^[[24m ^[[4mkeys:^[[0m |
78 | 77 | ||
79 | host-or-namelist bits exponent modulus | 78 | hostM-bM-^@M-^PorM-bM-^@M-^Pnamelist bits exponent modulus |
80 | 79 | ||
81 | Output format for rsa and dsa keys: | 80 | ^[[4mOutput^[[24m ^[[4mformat^[[24m ^[[4mfor^[[24m ^[[4mrsa^[[24m ^[[4mand^[[24m ^[[4mdsa^[[24m ^[[4mkeys:^[[0m |
82 | 81 | ||
83 | host-or-namelist keytype base64-encoded-key | 82 | hostM-bM-^@M-^PorM-bM-^@M-^Pnamelist keytype base64M-bM-^@M-^PencodedM-bM-^@M-^Pkey |
84 | 83 | ||
85 | Where keytype is either ``ssh-rsa'' or ``ssh-dsa''. | 84 | Where ^[[4mkeytype^[[24m is either M-bM-^@M-^\sshM-bM-^@M-^PrsaM-bM-^@M-^] or M-bM-^@M-^\sshM-bM-^@M-^PdsaM-bM-^@M-^]. |
86 | 85 | ||
87 | /etc/ssh/ssh_known_hosts | 86 | ^[[4m/etc/ssh/ssh_known_hosts^[[0m |
88 | 87 | ||
89 | BUGS | 88 | ^[[1mBUGS^[[0m |
90 | It generates "Connection closed by remote host" messages on the consoles | 89 | It generates "Connection closed by remote host" messages on the consoles |
91 | of all the machines it scans if the server is older than version 2.9. | 90 | of all the machines it scans if the server is older than version 2.9. |
92 | This is because it opens a connection to the ssh port, reads the public | 91 | This is because it opens a connection to the ssh port, reads the public |
93 | key, and drops the connection as soon as it gets the key. | 92 | key, and drops the connection as soon as it gets the key. |
94 | 93 | ||
95 | SEE ALSO | 94 | ^[[1mSEE ALSO^[[0m |
96 | ssh(1), sshd(8) | 95 | ssh(1), sshd(8) |
97 | 96 | ||
98 | AUTHORS | 97 | ^[[1mAUTHORS^[[0m |
99 | David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne | 98 | David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne |
100 | Davison <wayned@users.sourceforge.net> added support for protocol version | 99 | Davison <wayned@users.sourceforge.net> added support for protocol version |
101 | 2. | 100 | 2. |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 788953705..07e1a5cd5 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -7,7 +7,7 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $"); | 10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.41 2003/02/16 17:09:57 markus Exp $"); |
11 | 11 | ||
12 | #include "openbsd-compat/sys-queue.h" | 12 | #include "openbsd-compat/sys-queue.h" |
13 | 13 | ||
@@ -354,6 +354,8 @@ keygrab_ssh2(con *c) | |||
354 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? | 354 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? |
355 | "ssh-dss": "ssh-rsa"; | 355 | "ssh-dss": "ssh-rsa"; |
356 | c->c_kex = kex_setup(myproposal); | 356 | c->c_kex = kex_setup(myproposal); |
357 | c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | ||
358 | c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | ||
357 | c->c_kex->verify_host_key = hostjump; | 359 | c->c_kex->verify_host_key = hostjump; |
358 | 360 | ||
359 | if (!(j = setjmp(kexjmp))) { | 361 | if (!(j = setjmp(kexjmp))) { |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index b5ad6627a..738fc967f 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -1,42 +1,42 @@ | |||
1 | SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) | 1 | SSHM-bM-^@M-^PKEYSIGN(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHM-bM-^@M-^PKEYSIGN(8) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-keysign - ssh helper program for hostbased authentication | 4 | ^[[1msshM-bM-^@M-^Pkeysign ^[[22mM-bMM-^R ssh helper program for hostbased authentication |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-keysign | 7 | ^[[1msshM-bM-^@M-^Pkeysign^[[0m |
8 | 8 | ||
9 | DESCRIPTION | 9 | ^[[1mDESCRIPTION^[[0m |
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | 10 | ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis used by ssh(1) to access the local host keys and generate |
11 | the digital signature required during hostbased authentication with SSH | 11 | the digital signature required during hostbased authentication with SSH |
12 | protocol version 2. | 12 | protocol version 2. |
13 | 13 | ||
14 | ssh-keysign is disabled by default and can only be enabled in the the | 14 | ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis disabled by default and can only be enabled in the global |
15 | global client configuration file /etc/ssh/ssh_config by setting | 15 | client configuration file ^[[4m/etc/ssh/ssh_config^[[24m by setting ^[[1mEnableSSHKeysign^[[0m |
16 | HostbasedAuthentication to ``yes''. | 16 | to M-bM-^@M-^\yesM-bM-^@M-^]. |
17 | 17 | ||
18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | 18 | ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis not intended to be invoked by the user, but from ssh(1). |
19 | See ssh(1) and sshd(8) for more information about hostbased authenticaM-- | 19 | See ssh(1) and sshd(8) for more information about hostbased authenticaM-bM-^@M-^P |
20 | tion. | 20 | tion. |
21 | 21 | ||
22 | FILES | 22 | ^[[1mFILES^[[0m |
23 | /etc/ssh/ssh_config | 23 | /etc/ssh/ssh_config |
24 | Controls whether ssh-keysign is enabled. | 24 | Controls whether ^[[1msshM-bM-^@M-^Pkeysign ^[[22mis enabled. |
25 | 25 | ||
26 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key | 26 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
27 | These files contain the private parts of the host keys used to | 27 | These files contain the private parts of the host keys used to |
28 | generate the digital signature. They should be owned by root, | 28 | generate the digital signature. They should be owned by root, |
29 | readable only by root, and not accessible to others. Since they | 29 | readable only by root, and not accessible to others. Since they |
30 | are readable only by root, ssh-keysign must be set-uid root if | 30 | are readable only by root, ^[[1msshM-bM-^@M-^Pkeysign ^[[22mmust be setM-bM-^@M-^Puid root if |
31 | hostbased authentication is used. | 31 | hostbased authentication is used. |
32 | 32 | ||
33 | SEE ALSO | 33 | ^[[1mSEE ALSO^[[0m |
34 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) | 34 | ssh(1), sshM-bM-^@M-^Pkeygen(1), ssh_config(5), sshd(8) |
35 | 35 | ||
36 | AUTHORS | 36 | ^[[1mAUTHORS^[[0m |
37 | Markus Friedl <markus@openbsd.org> | 37 | Markus Friedl <markus@openbsd.org> |
38 | 38 | ||
39 | HISTORY | 39 | ^[[1mHISTORY^[[0m |
40 | ssh-keysign first appeared in OpenBSD 3.2. | 40 | ^[[1msshM-bM-^@M-^Pkeysign ^[[22mfirst appeared in OpenBSD 3.2. |
41 | 41 | ||
42 | BSD May 24, 2002 BSD | 42 | BSD May 24, 2002 BSD |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index cea4a8244..99d373406 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.5 2002/11/24 21:46:24 stevesk Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -39,10 +39,10 @@ required during hostbased authentication with SSH protocol version 2. | |||
39 | .Pp | 39 | .Pp |
40 | .Nm | 40 | .Nm |
41 | is disabled by default and can only be enabled in the | 41 | is disabled by default and can only be enabled in the |
42 | the global client configuration file | 42 | global client configuration file |
43 | .Pa /etc/ssh/ssh_config | 43 | .Pa /etc/ssh/ssh_config |
44 | by setting | 44 | by setting |
45 | .Cm HostbasedAuthentication | 45 | .Cm EnableSSHKeysign |
46 | to | 46 | to |
47 | .Dq yes . | 47 | .Dq yes . |
48 | .Pp | 48 | .Pp |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 79aee17c0..26c8faad2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
@@ -168,8 +168,8 @@ main(int argc, char **argv) | |||
168 | initialize_options(&options); | 168 | initialize_options(&options); |
169 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | 169 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); |
170 | fill_default_options(&options); | 170 | fill_default_options(&options); |
171 | if (options.hostbased_authentication != 1) | 171 | if (options.enable_ssh_keysign != 1) |
172 | fatal("Hostbased authentication not enabled in %s", | 172 | fatal("ssh-keysign not enabled in %s", |
173 | _PATH_HOST_CONFIG_FILE); | 173 | _PATH_HOST_CONFIG_FILE); |
174 | 174 | ||
175 | if (key_fd[0] == -1 && key_fd[1] == -1) | 175 | if (key_fd[0] == -1 && key_fd[1] == -1) |
@@ -192,13 +192,6 @@ main(int argc, char **argv) | |||
192 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, | 192 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
193 | NULL, NULL); | 193 | NULL, NULL); |
194 | close(key_fd[i]); | 194 | close(key_fd[i]); |
195 | if (keys[i] != NULL && keys[i]->type == KEY_RSA) { | ||
196 | if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { | ||
197 | error("RSA_blinding_on failed"); | ||
198 | key_free(keys[i]); | ||
199 | keys[i] = NULL; | ||
200 | } | ||
201 | } | ||
202 | if (keys[i] != NULL) | 195 | if (keys[i] != NULL) |
203 | found = 1; | 196 | found = 1; |
204 | } | 197 | } |
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0 index 86998a112..de07cd02c 100644 --- a/ssh-rand-helper.0 +++ b/ssh-rand-helper.0 | |||
@@ -1,49 +1,49 @@ | |||
1 | SSH-RAND-HELPER(8) System Manager's Manual SSH-RAND-HELPER(8) | 1 | SSHM-bM-^@M-^PRANDM-bM-^@M-^PHELPER(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHM-bM-^@M-^PRANDM-bM-^@M-^PHELPER(8) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh-rand-helper - Random number gatherer for OpenSSH | 4 | ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mM-bMM-^R Random number gatherer for OpenSSH |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh-rand-hlper [-vxXh] [-b bytes] | 7 | ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phlper ^[[22m[^[[1mM-bMM-^RvxXh^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbytes^[[24m] |
8 | 8 | ||
9 | DESCRIPTION | 9 | ^[[1mDESCRIPTION^[[0m |
10 | ssh-rand-helper is a small helper program used by ssh(1), ssh-add(1), | 10 | ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mis a small helper program used by ssh(1), sshM-bM-^@M-^Padd(1), |
11 | ssh-agent(1), ssh-keygen(1), ssh-keyscan(1) and sshd(8) to gather random | 11 | sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), sshM-bM-^@M-^Pkeyscan(1) and sshd(8) to gather random |
12 | numbers of cryptographic quality if the openssl(4) library has not been | 12 | numbers of cryptographic quality if the openssl(4) library has not been |
13 | configured to provide them itself. | 13 | configured to provide them itself. |
14 | 14 | ||
15 | Normally ssh-rand-helper will generate a strong random seed and provide | 15 | Normally ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill generate a strong random seed and provide |
16 | it to the calling program via standard output. If standard output is a | 16 | it to the calling program via standard output. If standard output is a |
17 | tty, ssh-rand-helper will instead print the seed in hexidecimal format | 17 | tty, ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill instead print the seed in hexidecimal format |
18 | unless told otherwise. | 18 | unless told otherwise. |
19 | 19 | ||
20 | ssh-rand-helper will by default gather random numbers from the system | 20 | ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill by default gather random numbers from the system |
21 | commands listed in /etc/ssh/ssh_prng_cmds. The output of each of the | 21 | commands listed in ^[[4m/etc/ssh/ssh_prng_cmds^[[24m. The output of each of the |
22 | commands listed will be hashed and used to generate a random seed for the | 22 | commands listed will be hashed and used to generate a random seed for the |
23 | calling program. ssh-rand-helper will also store seed files in | 23 | calling program. ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mwill also store seed files in |
24 | ~/.ssh/prng_seed between executions. | 24 | ^[[4m~/.ssh/prng_seed^[[24m between executions. |
25 | 25 | ||
26 | Alternately, ssh-rand-helper may be configured at build time to collect | 26 | Alternately, ^[[1msshM-bM-^@M-^PrandM-bM-^@M-^Phelper ^[[22mmay be configured at build time to collect |
27 | random numbers from a EGD/PRNGd server via a unix domain or localhost tcp | 27 | random numbers from a EGD/PRNGd server via a unix domain or localhost tcp |
28 | socket. | 28 | socket. |
29 | 29 | ||
30 | This program is not intended to be run by the end-user, so the few comM-- | 30 | This program is not intended to be run by the endM-bM-^@M-^Puser, so the few comM-bM-^@M-^P |
31 | mandline options are for debugging purposes only. | 31 | mandline options are for debugging purposes only. |
32 | 32 | ||
33 | -b bytes | 33 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbytes^[[0m |
34 | Specify the number of random bytes to include in the output. | 34 | Specify the number of random bytes to include in the output. |
35 | 35 | ||
36 | -x Output a hexidecimal instead of a binary seed. | 36 | ^[[1mM-bMM-^Rx ^[[22mOutput a hexidecimal instead of a binary seed. |
37 | 37 | ||
38 | -X Force output of a binary seed, even if standard output is a tty | 38 | ^[[1mM-bMM-^RX ^[[22mForce output of a binary seed, even if standard output is a tty |
39 | 39 | ||
40 | -v Turn on debugging message. Multiple -v options will increase the | 40 | ^[[1mM-bMM-^Rv ^[[22mTurn on debugging message. Multiple ^[[1mM-bMM-^Rv ^[[22moptions will increase the |
41 | debugging level. -h Display a summary of options. | 41 | debugging level. ^[[1mM-bMM-^Rh ^[[22mDisplay a summary of options. |
42 | 42 | ||
43 | AUTHORS | 43 | ^[[1mAUTHORS^[[0m |
44 | Damien Miller <djm@mindrot.org> | 44 | Damien Miller <djm@mindrot.org> |
45 | 45 | ||
46 | SEE ALSO | 46 | ^[[1mSEE ALSO^[[0m |
47 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | 47 | ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pkeygen(1), sshd(8) |
48 | 48 | ||
49 | BSD April 14, 2002 BSD | 49 | BSD April 14, 2002 BSD |
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index e6c52b546..68b77b208 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
40 | #include "log.h" | 40 | #include "log.h" |
41 | 41 | ||
42 | RCSID("$Id: ssh-rand-helper.c,v 1.8 2002/07/28 20:42:24 stevesk Exp $"); | 42 | RCSID("$Id: ssh-rand-helper.c,v 1.10 2003/03/17 05:13:53 djm Exp $"); |
43 | 43 | ||
44 | /* Number of bytes we write out */ | 44 | /* Number of bytes we write out */ |
45 | #define OUTPUT_SEED_SIZE 48 | 45 | #define OUTPUT_SEED_SIZE 48 |
@@ -355,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) | |||
355 | case 0: | 355 | case 0: |
356 | /* timer expired */ | 356 | /* timer expired */ |
357 | error_abort = 1; | 357 | error_abort = 1; |
358 | kill(pid, SIGINT); | ||
358 | break; | 359 | break; |
359 | case 1: | 360 | case 1: |
360 | /* command input */ | 361 | /* command input */ |
@@ -561,7 +562,8 @@ prng_write_seedfile(void) | |||
561 | 562 | ||
562 | debug("writing PRNG seed to file %.100s", filename); | 563 | debug("writing PRNG seed to file %.100s", filename); |
563 | 564 | ||
564 | RAND_bytes(seed, sizeof(seed)); | 565 | if (RAND_bytes(seed, sizeof(seed)) <= 0) |
566 | fatal("PRNG seed extration failed"); | ||
565 | 567 | ||
566 | /* Don't care if the seed doesn't exist */ | 568 | /* Don't care if the seed doesn't exist */ |
567 | prng_check_seedfile(filename); | 569 | prng_check_seedfile(filename); |
@@ -848,7 +850,8 @@ main(int argc, char **argv) | |||
848 | if (!RAND_status()) | 850 | if (!RAND_status()) |
849 | fatal("Not enough entropy in RNG"); | 851 | fatal("Not enough entropy in RNG"); |
850 | 852 | ||
851 | RAND_bytes(buf, bytes); | 853 | if (RAND_bytes(buf, bytes) <= 0) |
854 | fatal("Couldn't extract entropy from PRNG"); | ||
852 | 855 | ||
853 | if (output_hex) { | 856 | if (output_hex) { |
854 | for(ret = 0; ret < bytes; ret++) | 857 | for(ret = 0; ret < bytes; ret++) |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.28 2003/02/12 09:33:04 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -33,11 +33,10 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); | |||
33 | #include "buffer.h" | 33 | #include "buffer.h" |
34 | #include "bufaux.h" | 34 | #include "bufaux.h" |
35 | #include "key.h" | 35 | #include "key.h" |
36 | #include "ssh-rsa.h" | ||
37 | #include "compat.h" | 36 | #include "compat.h" |
38 | #include "ssh.h" | 37 | #include "ssh.h" |
39 | 38 | ||
40 | static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *); | 39 | static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
41 | 40 | ||
42 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 41 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
43 | int | 42 | int |
diff --git a/ssh-rsa.h b/ssh-rsa.h deleted file mode 100644 index 7177a3f92..000000000 --- a/ssh-rsa.h +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | /* $OpenBSD: ssh-rsa.h,v 1.6 2002/02/24 19:14:59 markus Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | #ifndef SSH_RSA_H | ||
27 | #define SSH_RSA_H | ||
28 | |||
29 | int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); | ||
30 | int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); | ||
31 | |||
32 | #endif | ||
@@ -1,455 +1,455 @@ | |||
1 | SSH(1) System General Commands Manual SSH(1) | 1 | SSH(1) BSD General Commands Manual SSH(1) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh - OpenSSH SSH client (remote login program) | 4 | ^[[1mssh ^[[22mM-bMM-^R OpenSSH SSH client (remote login program) |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | ssh [-l login_name] hostname | user@hostname [command] | 7 | ^[[1mssh ^[[22m[^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m] |
8 | 8 | ||
9 | ssh [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] | 9 | ^[[1mssh ^[[22m[^[[1mM-bMM-^RafgknqstvxACNTX1246^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[24m] [^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[24m] |
10 | [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] | 10 | [^[[1mM-bMM-^Re ^[[4m^[[22mescape_char^[[24m] [^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[24m] [^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[24m] [^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[24m] |
11 | [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R | 11 | [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[24m] [^[[1mM-bMM-^RL ^[[4m^[[22mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RR^[[0m |
12 | port:host:hostport] [-D port] hostname | user@hostname [command] | 12 | ^[[4mport^[[24m:^[[4mhost^[[24m:^[[4mhostport^[[24m] [^[[1mM-bMM-^RD ^[[4m^[[22mport^[[24m] ^[[4mhostname^[[24m | ^[[4muser@hostname^[[24m [^[[4mcommand^[[24m] |
13 | 13 | ||
14 | DESCRIPTION | 14 | ^[[1mDESCRIPTION^[[0m |
15 | ssh (SSH client) is a program for logging into a remote machine and for | 15 | ^[[1mssh ^[[22m(SSH client) is a program for logging into a remote machine and for |
16 | executing commands on a remote machine. It is intended to replace rlogin | 16 | executing commands on a remote machine. It is intended to replace rlogin |
17 | and rsh, and provide secure encrypted communications between two | 17 | and rsh, and provide secure encrypted communications between two |
18 | untrusted hosts over an insecure network. X11 connections and arbitrary | 18 | untrusted hosts over an insecure network. X11 connections and arbitrary |
19 | TCP/IP ports can also be forwarded over the secure channel. | 19 | TCP/IP ports can also be forwarded over the secure channel. |
20 | 20 | ||
21 | ssh connects and logs into the specified hostname. The user must prove | 21 | ^[[1mssh ^[[22mconnects and logs into the specified ^[[4mhostname^[[24m. The user must prove |
22 | his/her identity to the remote machine using one of several methods | 22 | his/her identity to the remote machine using one of several methods |
23 | depending on the protocol version used: | 23 | depending on the protocol version used: |
24 | 24 | ||
25 | SSH protocol version 1 | 25 | ^[[1mSSH protocol version 1^[[0m |
26 | 26 | ||
27 | First, if the machine the user logs in from is listed in /etc/hosts.equiv | 27 | First, if the machine the user logs in from is listed in ^[[4m/etc/hosts.equiv^[[0m |
28 | or /etc/shosts.equiv on the remote machine, and the user names are the | 28 | or ^[[4m/etc/shosts.equiv^[[24m on the remote machine, and the user names are the |
29 | same on both sides, the user is immediately permitted to log in. Second, | 29 | same on both sides, the user is immediately permitted to log in. Second, |
30 | if .rhosts or .shosts exists in the user's home directory on the remote | 30 | if ^[[4m.rhosts^[[24m or ^[[4m.shosts^[[24m exists in the userM-bM-^@M-^Ys home directory on the remote |
31 | machine and contains a line containing the name of the client machine and | 31 | machine and contains a line containing the name of the client machine and |
32 | the name of the user on that machine, the user is permitted to log in. | 32 | the name of the user on that machine, the user is permitted to log in. |
33 | This form of authentication alone is normally not allowed by the server | 33 | This form of authentication alone is normally not allowed by the server |
34 | because it is not secure. | 34 | because it is not secure. |
35 | 35 | ||
36 | The second authentication method is the rhosts or hosts.equiv method comM-- | 36 | The second authentication method is the ^[[4mrhosts^[[24m or ^[[4mhosts.equiv^[[24m method comM-bM-^@M-^P |
37 | bined with RSA-based host authentication. It means that if the login | 37 | bined with RSAM-bM-^@M-^Pbased host authentication. It means that if the login |
38 | would be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or | 38 | would be permitted by ^[[4m$HOME/.rhosts^[[24m, ^[[4m$HOME/.shosts^[[24m, ^[[4m/etc/hosts.equiv^[[24m, or |
39 | /etc/shosts.equiv, and if additionally the server can verify the client's | 39 | ^[[4m/etc/shosts.equiv^[[24m, and if additionally the server can verify the clientM-bM-^@M-^Ys |
40 | host key (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the | 40 | host key (see ^[[4m/etc/ssh/ssh_known_hosts^[[24m and ^[[4m$HOME/.ssh/known_hosts^[[24m in the |
41 | FILES section), only then login is permitted. This authentication method | 41 | ^[[4mFILES^[[24m section), only then login is permitted. This authentication method |
42 | closes security holes due to IP spoofing, DNS spoofing and routing spoofM-- | 42 | closes security holes due to IP spoofing, DNS spoofing and routing spoofM-bM-^@M-^P |
43 | ing. [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and | 43 | ing. [Note to the administrator: ^[[4m/etc/hosts.equiv^[[24m, ^[[4m$HOME/.rhosts^[[24m, and |
44 | the rlogin/rsh protocol in general, are inherently insecure and should be | 44 | the rlogin/rsh protocol in general, are inherently insecure and should be |
45 | disabled if security is desired.] | 45 | disabled if security is desired.] |
46 | 46 | ||
47 | As a third authentication method, ssh supports RSA based authentication. | 47 | As a third authentication method, ^[[1mssh ^[[22msupports RSA based authentication. |
48 | The scheme is based on public-key cryptography: there are cryptosystems | 48 | The scheme is based on publicM-bM-^@M-^Pkey cryptography: there are cryptosystems |
49 | where encryption and decryption are done using separate keys, and it is | 49 | where encryption and decryption are done using separate keys, and it is |
50 | not possible to derive the decryption key from the encryption key. RSA | 50 | not possible to derive the decryption key from the encryption key. RSA |
51 | is one such system. The idea is that each user creates a public/private | 51 | is one such system. The idea is that each user creates a public/private |
52 | key pair for authentication purposes. The server knows the public key, | 52 | key pair for authentication purposes. The server knows the public key, |
53 | and only the user knows the private key. The file | 53 | and only the user knows the private key. The file |
54 | $HOME/.ssh/authorized_keys lists the public keys that are permitted for | 54 | ^[[4m$HOME/.ssh/authorized_keys^[[24m lists the public keys that are permitted for |
55 | logging in. When the user logs in, the ssh program tells the server | 55 | logging in. When the user logs in, the ^[[1mssh ^[[22mprogram tells the server |
56 | which key pair it would like to use for authentication. The server | 56 | which key pair it would like to use for authentication. The server |
57 | checks if this key is permitted, and if so, sends the user (actually the | 57 | checks if this key is permitted, and if so, sends the user (actually the |
58 | ssh program running on behalf of the user) a challenge, a random number, | 58 | ^[[1mssh ^[[22mprogram running on behalf of the user) a challenge, a random number, |
59 | encrypted by the user's public key. The challenge can only be decrypted | 59 | encrypted by the userM-bM-^@M-^Ys public key. The challenge can only be decrypted |
60 | using the proper private key. The user's client then decrypts the chalM-- | 60 | using the proper private key. The userM-bM-^@M-^Ys client then decrypts the chalM-bM-^@M-^P |
61 | lenge using the private key, proving that he/she knows the private key | 61 | lenge using the private key, proving that he/she knows the private key |
62 | but without disclosing it to the server. | 62 | but without disclosing it to the server. |
63 | 63 | ||
64 | ssh implements the RSA authentication protocol automatically. The user | 64 | ^[[1mssh ^[[22mimplements the RSA authentication protocol automatically. The user |
65 | creates his/her RSA key pair by running ssh-keygen(1). This stores the | 65 | creates his/her RSA key pair by running sshM-bM-^@M-^Pkeygen(1). This stores the |
66 | private key in $HOME/.ssh/identity and the public key in | 66 | private key in ^[[4m$HOME/.ssh/identity^[[24m and the public key in |
67 | $HOME/.ssh/identity.pub in the user's home directory. The user should | 67 | ^[[4m$HOME/.ssh/identity.pub^[[24m in the userM-bM-^@M-^Ys home directory. The user should |
68 | then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home | 68 | then copy the ^[[4midentity.pub^[[24m to ^[[4m$HOME/.ssh/authorized_keys^[[24m in his/her home |
69 | directory on the remote machine (the authorized_keys file corresponds to | 69 | directory on the remote machine (the ^[[4mauthorized_keys^[[24m file corresponds to |
70 | the conventional $HOME/.rhosts file, and has one key per line, though the | 70 | the conventional ^[[4m$HOME/.rhosts^[[24m file, and has one key per line, though the |
71 | lines can be very long). After this, the user can log in without giving | 71 | lines can be very long). After this, the user can log in without giving |
72 | the password. RSA authentication is much more secure than rhosts authenM-- | 72 | the password. RSA authentication is much more secure than rhosts authenM-bM-^@M-^P |
73 | tication. | 73 | tication. |
74 | 74 | ||
75 | The most convenient way to use RSA authentication may be with an authenM-- | 75 | The most convenient way to use RSA authentication may be with an authenM-bM-^@M-^P |
76 | tication agent. See ssh-agent(1) for more information. | 76 | tication agent. See sshM-bM-^@M-^Pagent(1) for more information. |
77 | 77 | ||
78 | If other authentication methods fail, ssh prompts the user for a passM-- | 78 | If other authentication methods fail, ^[[1mssh ^[[22mprompts the user for a passM-bM-^@M-^P |
79 | word. The password is sent to the remote host for checking; however, | 79 | word. The password is sent to the remote host for checking; however, |
80 | since all communications are encrypted, the password cannot be seen by | 80 | since all communications are encrypted, the password cannot be seen by |
81 | someone listening on the network. | 81 | someone listening on the network. |
82 | 82 | ||
83 | SSH protocol version 2 | 83 | ^[[1mSSH protocol version 2^[[0m |
84 | 84 | ||
85 | When a user connects using protocol version 2 similar authentication | 85 | When a user connects using protocol version 2 similar authentication |
86 | methods are available. Using the default values for | 86 | methods are available. Using the default values for |
87 | PreferredAuthentications, the client will try to authenticate first using | 87 | ^[[1mPreferredAuthentications^[[22m, the client will try to authenticate first using |
88 | the hostbased method; if this method fails public key authentication is | 88 | the hostbased method; if this method fails public key authentication is |
89 | attempted, and finally if this method fails keyboard-interactive and | 89 | attempted, and finally if this method fails keyboardM-bM-^@M-^Pinteractive and |
90 | password authentication are tried. | 90 | password authentication are tried. |
91 | 91 | ||
92 | The public key method is similar to RSA authentication described in the | 92 | The public key method is similar to RSA authentication described in the |
93 | previous section and allows the RSA or DSA algorithm to be used: The | 93 | previous section and allows the RSA or DSA algorithm to be used: The |
94 | client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to | 94 | client uses his private key, ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m, to |
95 | sign the session identifier and sends the result to the server. The | 95 | sign the session identifier and sends the result to the server. The |
96 | server checks whether the matching public key is listed in | 96 | server checks whether the matching public key is listed in |
97 | $HOME/.ssh/authorized_keys and grants access if both the key is found and | 97 | ^[[4m$HOME/.ssh/authorized_keys^[[24m and grants access if both the key is found and |
98 | the signature is correct. The session identifier is derived from a | 98 | the signature is correct. The session identifier is derived from a |
99 | shared Diffie-Hellman value and is only known to the client and the | 99 | shared DiffieM-bM-^@M-^PHellman value and is only known to the client and the |
100 | server. | 100 | server. |
101 | 101 | ||
102 | If public key authentication fails or is not available a password can be | 102 | If public key authentication fails or is not available a password can be |
103 | sent encrypted to the remote host for proving the user's identity. | 103 | sent encrypted to the remote host for proving the userM-bM-^@M-^Ys identity. |
104 | 104 | ||
105 | Additionally, ssh supports hostbased or challenge response authenticaM-- | 105 | Additionally, ^[[1mssh ^[[22msupports hostbased or challenge response authenticaM-bM-^@M-^P |
106 | tion. | 106 | tion. |
107 | 107 | ||
108 | Protocol 2 provides additional mechanisms for confidentiality (the trafM-- | 108 | Protocol 2 provides additional mechanisms for confidentiality (the trafM-bM-^@M-^P |
109 | fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity | 109 | fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity |
110 | (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for | 110 | (hmacM-bM-^@M-^Pmd5, hmacM-bM-^@M-^Psha1). Note that protocol 1 lacks a strong mechanism for |
111 | ensuring the integrity of the connection. | 111 | ensuring the integrity of the connection. |
112 | 112 | ||
113 | Login session and remote execution | 113 | ^[[1mLogin session and remote execution^[[0m |
114 | 114 | ||
115 | When the user's identity has been accepted by the server, the server | 115 | When the userM-bM-^@M-^Ys identity has been accepted by the server, the server |
116 | either executes the given command, or logs into the machine and gives the | 116 | either executes the given command, or logs into the machine and gives the |
117 | user a normal shell on the remote machine. All communication with the | 117 | user a normal shell on the remote machine. All communication with the |
118 | remote command or shell will be automatically encrypted. | 118 | remote command or shell will be automatically encrypted. |
119 | 119 | ||
120 | If a pseudo-terminal has been allocated (normal login session), the user | 120 | If a pseudoM-bM-^@M-^Pterminal has been allocated (normal login session), the user |
121 | may use the escape characters noted below. | 121 | may use the escape characters noted below. |
122 | 122 | ||
123 | If no pseudo tty has been allocated, the session is transparent and can | 123 | If no pseudo tty has been allocated, the session is transparent and can |
124 | be used to reliably transfer binary data. On most systems, setting the | 124 | be used to reliably transfer binary data. On most systems, setting the |
125 | escape character to ``none'' will also make the session transparent even | 125 | escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent even if |
126 | if a tty is used. | 126 | a tty is used. |
127 | 127 | ||
128 | The session terminates when the command or shell on the remote machine | 128 | The session terminates when the command or shell on the remote machine |
129 | exits and all X11 and TCP/IP connections have been closed. The exit staM-- | 129 | exits and all X11 and TCP/IP connections have been closed. The exit staM-bM-^@M-^P |
130 | tus of the remote program is returned as the exit status of ssh. | 130 | tus of the remote program is returned as the exit status of ^[[1mssh^[[22m. |
131 | 131 | ||
132 | Escape Characters | 132 | ^[[1mEscape Characters^[[0m |
133 | 133 | ||
134 | When a pseudo terminal has been requested, ssh supports a number of funcM-- | 134 | When a pseudo terminal has been requested, ssh supports a number of funcM-bM-^@M-^P |
135 | tions through the use of an escape character. | 135 | tions through the use of an escape character. |
136 | 136 | ||
137 | A single tilde character can be sent as ~~ or by following the tilde by a | 137 | A single tilde character can be sent as ^[[1m~~ ^[[22mor by following the tilde by a |
138 | character other than those described below. The escape character must | 138 | character other than those described below. The escape character must |
139 | always follow a newline to be interpreted as special. The escape characM-- | 139 | always follow a newline to be interpreted as special. The escape characM-bM-^@M-^P |
140 | ter can be changed in configuration files using the EscapeChar configuraM-- | 140 | ter can be changed in configuration files using the ^[[1mEscapeChar ^[[22mconfiguraM-bM-^@M-^P |
141 | tion directive or on the command line by the -e option. | 141 | tion directive or on the command line by the ^[[1mM-bMM-^Re ^[[22moption. |
142 | 142 | ||
143 | The supported escapes (assuming the default `~') are: | 143 | The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are: |
144 | 144 | ||
145 | ~. Disconnect | 145 | ^[[1m~. ^[[22mDisconnect |
146 | 146 | ||
147 | ~^Z Background ssh | 147 | ^[[1m~^Z ^[[22mBackground ssh |
148 | 148 | ||
149 | ~# List forwarded connections | 149 | ^[[1m~# ^[[22mList forwarded connections |
150 | 150 | ||
151 | ~& Background ssh at logout when waiting for forwarded connection / | 151 | ^[[1m~& ^[[22mBackground ssh at logout when waiting for forwarded connection / |
152 | X11 sessions to terminate | 152 | X11 sessions to terminate |
153 | 153 | ||
154 | ~? Display a list of escape characters | 154 | ^[[1m~? ^[[22mDisplay a list of escape characters |
155 | 155 | ||
156 | ~C Open command line (only useful for adding port forwardings using | 156 | ^[[1m~C ^[[22mOpen command line (only useful for adding port forwardings using |
157 | the -L and -R options) | 157 | the ^[[1mM-bMM-^RL ^[[22mand ^[[1mM-bMM-^RR ^[[22moptions) |
158 | 158 | ||
159 | ~R Request rekeying of the connection (only useful for SSH protocol | 159 | ^[[1m~R ^[[22mRequest rekeying of the connection (only useful for SSH protocol |
160 | version 2 and if the peer supports it) | 160 | version 2 and if the peer supports it) |
161 | 161 | ||
162 | X11 and TCP forwarding | 162 | ^[[1mX11 and TCP forwarding^[[0m |
163 | 163 | ||
164 | If the ForwardX11 variable is set to ``yes'' (or, see the description of | 164 | If the ^[[1mForwardX11 ^[[22mvariable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of |
165 | the -X and -x options described later) and the user is using X11 (the | 165 | the ^[[1mM-bMM-^RX ^[[22mand ^[[1mM-bMM-^Rx ^[[22moptions described later) and the user is using X11 (the |
166 | DISPLAY environment variable is set), the connection to the X11 display | 166 | DISPLAY environment variable is set), the connection to the X11 display |
167 | is automatically forwarded to the remote side in such a way that any X11 | 167 | is automatically forwarded to the remote side in such a way that any X11 |
168 | programs started from the shell (or command) will go through the | 168 | programs started from the shell (or command) will go through the |
169 | encrypted channel, and the connection to the real X server will be made | 169 | encrypted channel, and the connection to the real X server will be made |
170 | from the local machine. The user should not manually set DISPLAY. ForM-- | 170 | from the local machine. The user should not manually set DISPLAY. ForM-bM-^@M-^P |
171 | warding of X11 connections can be configured on the command line or in | 171 | warding of X11 connections can be configured on the command line or in |
172 | configuration files. | 172 | configuration files. |
173 | 173 | ||
174 | The DISPLAY value set by ssh will point to the server machine, but with a | 174 | The DISPLAY value set by ^[[1mssh ^[[22mwill point to the server machine, but with a |
175 | display number greater than zero. This is normal, and happens because | 175 | display number greater than zero. This is normal, and happens because |
176 | ssh creates a ``proxy'' X server on the server machine for forwarding the | 176 | ^[[1mssh ^[[22mcreates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the |
177 | connections over the encrypted channel. | 177 | connections over the encrypted channel. |
178 | 178 | ||
179 | ssh will also automatically set up Xauthority data on the server machine. | 179 | ^[[1mssh ^[[22mwill also automatically set up Xauthority data on the server machine. |
180 | For this purpose, it will generate a random authorization cookie, store | 180 | For this purpose, it will generate a random authorization cookie, store |
181 | it in Xauthority on the server, and verify that any forwarded connections | 181 | it in Xauthority on the server, and verify that any forwarded connections |
182 | carry this cookie and replace it by the real cookie when the connection | 182 | carry this cookie and replace it by the real cookie when the connection |
183 | is opened. The real authentication cookie is never sent to the server | 183 | is opened. The real authentication cookie is never sent to the server |
184 | machine (and no cookies are sent in the plain). | 184 | machine (and no cookies are sent in the plain). |
185 | 185 | ||
186 | If the ForwardAgent variable is set to ``yes'' (or, see the description | 186 | If the ^[[1mForwardAgent ^[[22mvariable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of |
187 | of the -A and -a options described later) and the user is using an | 187 | the ^[[1mM-bMM-^RA ^[[22mand ^[[1mM-bMM-^Ra ^[[22moptions described later) and the user is using an authentiM-bM-^@M-^P |
188 | authentication agent, the connection to the agent is automatically forM-- | 188 | cation agent, the connection to the agent is automatically forwarded to |
189 | warded to the remote side. | 189 | the remote side. |
190 | 190 | ||
191 | Forwarding of arbitrary TCP/IP connections over the secure channel can be | 191 | Forwarding of arbitrary TCP/IP connections over the secure channel can be |
192 | specified either on the command line or in a configuration file. One | 192 | specified either on the command line or in a configuration file. One |
193 | possible application of TCP/IP forwarding is a secure connection to an | 193 | possible application of TCP/IP forwarding is a secure connection to an |
194 | electronic purse; another is going through firewalls. | 194 | electronic purse; another is going through firewalls. |
195 | 195 | ||
196 | Server authentication | 196 | ^[[1mServer authentication^[[0m |
197 | 197 | ||
198 | ssh automatically maintains and checks a database containing identificaM-- | 198 | ^[[1mssh ^[[22mautomatically maintains and checks a database containing identificaM-bM-^@M-^P |
199 | tions for all hosts it has ever been used with. Host keys are stored in | 199 | tions for all hosts it has ever been used with. Host keys are stored in |
200 | $HOME/.ssh/known_hosts in the user's home directory. Additionally, the | 200 | ^[[4m$HOME/.ssh/known_hosts^[[24m in the userM-bM-^@M-^Ys home directory. Additionally, the |
201 | file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. | 201 | file ^[[4m/etc/ssh/ssh_known_hosts^[[24m is automatically checked for known hosts. |
202 | Any new hosts are automatically added to the user's file. If a host's | 202 | Any new hosts are automatically added to the userM-bM-^@M-^Ys file. If a hostM-bM-^@M-^Ys |
203 | identification ever changes, ssh warns about this and disables password | 203 | identification ever changes, ^[[1mssh ^[[22mwarns about this and disables password |
204 | authentication to prevent a trojan horse from getting the user's passM-- | 204 | authentication to prevent a trojan horse from getting the userM-bM-^@M-^Ys passM-bM-^@M-^P |
205 | word. Another purpose of this mechanism is to prevent man-in-the-middle | 205 | word. Another purpose of this mechanism is to prevent manM-bM-^@M-^PinM-bM-^@M-^PtheM-bM-^@M-^Pmiddle |
206 | attacks which could otherwise be used to circumvent the encryption. The | 206 | attacks which could otherwise be used to circumvent the encryption. The |
207 | StrictHostKeyChecking option can be used to prevent logins to machines | 207 | ^[[1mStrictHostKeyChecking ^[[22moption can be used to prevent logins to machines |
208 | whose host key is not known or has changed. | 208 | whose host key is not known or has changed. |
209 | 209 | ||
210 | The options are as follows: | 210 | The options are as follows: |
211 | 211 | ||
212 | -a Disables forwarding of the authentication agent connection. | 212 | ^[[1mM-bMM-^Ra ^[[22mDisables forwarding of the authentication agent connection. |
213 | 213 | ||
214 | -A Enables forwarding of the authentication agent connection. This | 214 | ^[[1mM-bMM-^RA ^[[22mEnables forwarding of the authentication agent connection. This |
215 | can also be specified on a per-host basis in a configuration | 215 | can also be specified on a perM-bM-^@M-^Phost basis in a configuration |
216 | file. | 216 | file. |
217 | 217 | ||
218 | Agent forwarding should be enabled with caution. Users with the | 218 | Agent forwarding should be enabled with caution. Users with the |
219 | ability to bypass file permissions on the remote host (for the | 219 | ability to bypass file permissions on the remote host (for the |
220 | agent's Unix-domain socket) can access the local agent through | 220 | agentM-bM-^@M-^Ys UnixM-bM-^@M-^Pdomain socket) can access the local agent through |
221 | the forwarded connection. An attacker cannot obtain key material | 221 | the forwarded connection. An attacker cannot obtain key material |
222 | from the agent, however they can perform operations on the keys | 222 | from the agent, however they can perform operations on the keys |
223 | that enable them to authenticate using the identities loaded into | 223 | that enable them to authenticate using the identities loaded into |
224 | the agent. | 224 | the agent. |
225 | 225 | ||
226 | -b bind_address | 226 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbind_address^[[0m |
227 | Specify the interface to transmit from on machines with multiple | 227 | Specify the interface to transmit from on machines with multiple |
228 | interfaces or aliased addresses. | 228 | interfaces or aliased addresses. |
229 | 229 | ||
230 | -c blowfish|3des|des | 230 | ^[[1mM-bMM-^Rc ^[[4m^[[22mblowfish|3des|des^[[0m |
231 | Selects the cipher to use for encrypting the session. 3des is | 231 | Selects the cipher to use for encrypting the session. ^[[4m3des^[[24m is |
232 | used by default. It is believed to be secure. 3des (triple-des) | 232 | used by default. It is believed to be secure. ^[[4m3des^[[24m (tripleM-bM-^@M-^Pdes) |
233 | is an encrypt-decrypt-encrypt triple with three different keys. | 233 | is an encryptM-bM-^@M-^PdecryptM-bM-^@M-^Pencrypt triple with three different keys. |
234 | blowfish is a fast block cipher, it appears very secure and is | 234 | ^[[4mblowfish^[[24m is a fast block cipher, it appears very secure and is |
235 | much faster than 3des. des is only supported in the ssh client | 235 | much faster than ^[[4m3des^[[24m. ^[[4mdes^[[24m is only supported in the ^[[1mssh ^[[22mclient |
236 | for interoperability with legacy protocol 1 implementations that | 236 | for interoperability with legacy protocol 1 implementations that |
237 | do not support the 3des cipher. Its use is strongly discouraged | 237 | do not support the ^[[4m3des^[[24m cipher. Its use is strongly discouraged |
238 | due to cryptographic weaknesses. | 238 | due to cryptographic weaknesses. |
239 | 239 | ||
240 | -c cipher_spec | 240 | ^[[1mM-bMM-^Rc ^[[4m^[[22mcipher_spec^[[0m |
241 | Additionally, for protocol version 2 a comma-separated list of | 241 | Additionally, for protocol version 2 a commaM-bM-^@M-^Pseparated list of |
242 | ciphers can be specified in order of preference. See Ciphers for | 242 | ciphers can be specified in order of preference. See ^[[1mCiphers ^[[22mfor |
243 | more information. | 243 | more information. |
244 | 244 | ||
245 | -e ch|^ch|none | 245 | ^[[1mM-bMM-^Re ^[[4m^[[22mch|^ch|none^[[0m |
246 | Sets the escape character for sessions with a pty (default: `~'). | 246 | Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y). |
247 | The escape character is only recognized at the beginning of a | 247 | The escape character is only recognized at the beginning of a |
248 | line. The escape character followed by a dot (`.') closes the | 248 | line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the |
249 | connection, followed by control-Z suspends the connection, and | 249 | connection, followed by controlM-bM-^@M-^PZ suspends the connection, and |
250 | followed by itself sends the escape character once. Setting the | 250 | followed by itself sends the escape character once. Setting the |
251 | character to ``none'' disables any escapes and makes the session | 251 | character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session |
252 | fully transparent. | 252 | fully transparent. |
253 | 253 | ||
254 | -f Requests ssh to go to background just before command execution. | 254 | ^[[1mM-bMM-^Rf ^[[22mRequests ^[[1mssh ^[[22mto go to background just before command execution. |
255 | This is useful if ssh is going to ask for passwords or | 255 | This is useful if ^[[1mssh ^[[22mis going to ask for passwords or |
256 | passphrases, but the user wants it in the background. This | 256 | passphrases, but the user wants it in the background. This |
257 | implies -n. The recommended way to start X11 programs at a | 257 | implies ^[[1mM-bMM-^Rn^[[22m. The recommended way to start X11 programs at a |
258 | remote site is with something like ssh -f host xterm. | 258 | remote site is with something like ^[[1mssh M-bM-^@M-^Pf host xterm^[[22m. |
259 | 259 | ||
260 | -g Allows remote hosts to connect to local forwarded ports. | 260 | ^[[1mM-bMM-^Rg ^[[22mAllows remote hosts to connect to local forwarded ports. |
261 | 261 | ||
262 | -i identity_file | 262 | ^[[1mM-bMM-^Ri ^[[4m^[[22midentity_file^[[0m |
263 | Selects a file from which the identity (private key) for RSA or | 263 | Selects a file from which the identity (private key) for RSA or |
264 | DSA authentication is read. The default is $HOME/.ssh/identity | 264 | DSA authentication is read. The default is ^[[4m$HOME/.ssh/identity^[[0m |
265 | for protocol version 1, and $HOME/.ssh/id_rsa and | 265 | for protocol version 1, and ^[[4m$HOME/.ssh/id_rsa^[[24m and |
266 | $HOME/.ssh/id_dsa for protocol version 2. Identity files may | 266 | ^[[4m$HOME/.ssh/id_dsa^[[24m for protocol version 2. Identity files may |
267 | also be specified on a per-host basis in the configuration file. | 267 | also be specified on a perM-bM-^@M-^Phost basis in the configuration file. |
268 | It is possible to have multiple -i options (and multiple identiM-- | 268 | It is possible to have multiple ^[[1mM-bMM-^Ri ^[[22moptions (and multiple identiM-bM-^@M-^P |
269 | ties specified in configuration files). | 269 | ties specified in configuration files). |
270 | 270 | ||
271 | -I smartcard_device | 271 | ^[[1mM-bMM-^RI ^[[4m^[[22msmartcard_device^[[0m |
272 | Specifies which smartcard device to use. The argument is the | 272 | Specifies which smartcard device to use. The argument is the |
273 | device ssh should use to communicate with a smartcard used for | 273 | device ^[[1mssh ^[[22mshould use to communicate with a smartcard used for |
274 | storing the user's private RSA key. | 274 | storing the userM-bM-^@M-^Ys private RSA key. |
275 | 275 | ||
276 | -k Disables forwarding of Kerberos tickets and AFS tokens. This may | 276 | ^[[1mM-bMM-^Rk ^[[22mDisables forwarding of Kerberos tickets and AFS tokens. This may |
277 | also be specified on a per-host basis in the configuration file. | 277 | also be specified on a perM-bM-^@M-^Phost basis in the configuration file. |
278 | 278 | ||
279 | -l login_name | 279 | ^[[1mM-bMM-^Rl ^[[4m^[[22mlogin_name^[[0m |
280 | Specifies the user to log in as on the remote machine. This also | 280 | Specifies the user to log in as on the remote machine. This also |
281 | may be specified on a per-host basis in the configuration file. | 281 | may be specified on a perM-bM-^@M-^Phost basis in the configuration file. |
282 | 282 | ||
283 | -m mac_spec | 283 | ^[[1mM-bMM-^Rm ^[[4m^[[22mmac_spec^[[0m |
284 | Additionally, for protocol version 2 a comma-separated list of | 284 | Additionally, for protocol version 2 a commaM-bM-^@M-^Pseparated list of |
285 | MAC (message authentication code) algorithms can be specified in | 285 | MAC (message authentication code) algorithms can be specified in |
286 | order of preference. See the MACs keyword for more information. | 286 | order of preference. See the ^[[1mMACs ^[[22mkeyword for more information. |
287 | 287 | ||
288 | -n Redirects stdin from /dev/null (actually, prevents reading from | 288 | ^[[1mM-bMM-^Rn ^[[22mRedirects stdin from ^[[4m/dev/null^[[24m (actually, prevents reading from |
289 | stdin). This must be used when ssh is run in the background. A | 289 | stdin). This must be used when ^[[1mssh ^[[22mis run in the background. A |
290 | common trick is to use this to run X11 programs on a remote | 290 | common trick is to use this to run X11 programs on a remote |
291 | machine. For example, ssh -n shadows.cs.hut.fi emacs & will | 291 | machine. For example, ^[[1mssh M-bM-^@M-^Pn shadows.cs.hut.fi emacs & ^[[22mwill |
292 | start an emacs on shadows.cs.hut.fi, and the X11 connection will | 292 | start an emacs on shadows.cs.hut.fi, and the X11 connection will |
293 | be automatically forwarded over an encrypted channel. The ssh | 293 | be automatically forwarded over an encrypted channel. The ^[[1mssh^[[0m |
294 | program will be put in the background. (This does not work if | 294 | program will be put in the background. (This does not work if |
295 | ssh needs to ask for a password or passphrase; see also the -f | 295 | ^[[1mssh ^[[22mneeds to ask for a password or passphrase; see also the ^[[1mM-bMM-^Rf^[[0m |
296 | option.) | 296 | option.) |
297 | 297 | ||
298 | -N Do not execute a remote command. This is useful for just forM-- | 298 | ^[[1mM-bMM-^RN ^[[22mDo not execute a remote command. This is useful for just forM-bM-^@M-^P |
299 | warding ports (protocol version 2 only). | 299 | warding ports (protocol version 2 only). |
300 | 300 | ||
301 | -o option | 301 | ^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[0m |
302 | Can be used to give options in the format used in the configuraM-- | 302 | Can be used to give options in the format used in the configuraM-bM-^@M-^P |
303 | tion file. This is useful for specifying options for which there | 303 | tion file. This is useful for specifying options for which there |
304 | is no separate command-line flag. | 304 | is no separate commandM-bM-^@M-^Pline flag. |
305 | 305 | ||
306 | -p port | 306 | ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m |
307 | Port to connect to on the remote host. This can be specified on | 307 | Port to connect to on the remote host. This can be specified on |
308 | a per-host basis in the configuration file. | 308 | a perM-bM-^@M-^Phost basis in the configuration file. |
309 | 309 | ||
310 | -q Quiet mode. Causes all warning and diagnostic messages to be | 310 | ^[[1mM-bMM-^Rq ^[[22mQuiet mode. Causes all warning and diagnostic messages to be |
311 | suppressed. | 311 | suppressed. |
312 | 312 | ||
313 | -s May be used to request invocation of a subsystem on the remote | 313 | ^[[1mM-bMM-^Rs ^[[22mMay be used to request invocation of a subsystem on the remote |
314 | system. Subsystems are a feature of the SSH2 protocol which | 314 | system. Subsystems are a feature of the SSH2 protocol which |
315 | facilitate the use of SSH as a secure transport for other appliM-- | 315 | facilitate the use of SSH as a secure transport for other appliM-bM-^@M-^P |
316 | cations (eg. sftp). The subsystem is specified as the remote comM-- | 316 | cations (eg. sftp). The subsystem is specified as the remote comM-bM-^@M-^P |
317 | mand. | 317 | mand. |
318 | 318 | ||
319 | -t Force pseudo-tty allocation. This can be used to execute arbiM-- | 319 | ^[[1mM-bMM-^Rt ^[[22mForce pseudoM-bM-^@M-^Ptty allocation. This can be used to execute arbiM-bM-^@M-^P |
320 | trary screen-based programs on a remote machine, which can be | 320 | trary screenM-bM-^@M-^Pbased programs on a remote machine, which can be |
321 | very useful, e.g., when implementing menu services. Multiple -t | 321 | very useful, e.g., when implementing menu services. Multiple ^[[1mM-bMM-^Rt^[[0m |
322 | options force tty allocation, even if ssh has no local tty. | 322 | options force tty allocation, even if ^[[1mssh ^[[22mhas no local tty. |
323 | 323 | ||
324 | -T Disable pseudo-tty allocation. | 324 | ^[[1mM-bMM-^RT ^[[22mDisable pseudoM-bM-^@M-^Ptty allocation. |
325 | 325 | ||
326 | -v Verbose mode. Causes ssh to print debugging messages about its | 326 | ^[[1mM-bMM-^Rv ^[[22mVerbose mode. Causes ^[[1mssh ^[[22mto print debugging messages about its |
327 | progress. This is helpful in debugging connection, authenticaM-- | 327 | progress. This is helpful in debugging connection, authenticaM-bM-^@M-^P |
328 | tion, and configuration problems. Multiple -v options increases | 328 | tion, and configuration problems. Multiple ^[[1mM-bMM-^Rv ^[[22moptions increases |
329 | the verbosity. Maximum is 3. | 329 | the verbosity. Maximum is 3. |
330 | 330 | ||
331 | -x Disables X11 forwarding. | 331 | ^[[1mM-bMM-^Rx ^[[22mDisables X11 forwarding. |
332 | 332 | ||
333 | -X Enables X11 forwarding. This can also be specified on a per-host | 333 | ^[[1mM-bMM-^RX ^[[22mEnables X11 forwarding. This can also be specified on a perM-bM-^@M-^Phost |
334 | basis in a configuration file. | 334 | basis in a configuration file. |
335 | 335 | ||
336 | X11 forwarding should be enabled with caution. Users with the | 336 | X11 forwarding should be enabled with caution. Users with the |
337 | ability to bypass file permissions on the remote host (for the | 337 | ability to bypass file permissions on the remote host (for the |
338 | user's X authorization database) can access the local X11 display | 338 | userM-bM-^@M-^Ys X authorization database) can access the local X11 display |
339 | through the forwarded connection. An attacker may then be able | 339 | through the forwarded connection. An attacker may then be able |
340 | to perform activities such as keystroke monitoring. | 340 | to perform activities such as keystroke monitoring. |
341 | 341 | ||
342 | -C Requests compression of all data (including stdin, stdout, | 342 | ^[[1mM-bMM-^RC ^[[22mRequests compression of all data (including stdin, stdout, |
343 | stderr, and data for forwarded X11 and TCP/IP connections). The | 343 | stderr, and data for forwarded X11 and TCP/IP connections). The |
344 | compression algorithm is the same used by gzip(1), and the | 344 | compression algorithm is the same used by gzip(1), and the |
345 | ``level'' can be controlled by the CompressionLevel option for | 345 | M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the ^[[1mCompressionLevel ^[[22moption for proM-bM-^@M-^P |
346 | protocol version 1. Compression is desirable on modem lines and | 346 | tocol version 1. Compression is desirable on modem lines and |
347 | other slow connections, but will only slow down things on fast | 347 | other slow connections, but will only slow down things on fast |
348 | networks. The default value can be set on a host-by-host basis | 348 | networks. The default value can be set on a hostM-bM-^@M-^PbyM-bM-^@M-^Phost basis |
349 | in the configuration files; see the Compression option. | 349 | in the configuration files; see the ^[[1mCompression ^[[22moption. |
350 | 350 | ||
351 | -F configfile | 351 | ^[[1mM-bMM-^RF ^[[4m^[[22mconfigfile^[[0m |
352 | Specifies an alternative per-user configuration file. If a conM-- | 352 | Specifies an alternative perM-bM-^@M-^Puser configuration file. If a conM-bM-^@M-^P |
353 | figuration file is given on the command line, the system-wide | 353 | figuration file is given on the command line, the systemM-bM-^@M-^Pwide |
354 | configuration file (/etc/ssh/ssh_config) will be ignored. The | 354 | configuration file (^[[4m/etc/ssh/ssh_config^[[24m) will be ignored. The |
355 | default for the per-user configuration file is $HOME/.ssh/config. | 355 | default for the perM-bM-^@M-^Puser configuration file is ^[[4m$HOME/.ssh/config^[[24m. |
356 | 356 | ||
357 | -L port:host:hostport | 357 | ^[[1mM-bMM-^RL ^[[4m^[[22mport:host:hostport^[[0m |
358 | Specifies that the given port on the local (client) host is to be | 358 | Specifies that the given port on the local (client) host is to be |
359 | forwarded to the given host and port on the remote side. This | 359 | forwarded to the given host and port on the remote side. This |
360 | works by allocating a socket to listen to port on the local side, | 360 | works by allocating a socket to listen to ^[[4mport^[[24m on the local side, |
361 | and whenever a connection is made to this port, the connection is | 361 | and whenever a connection is made to this port, the connection is |
362 | forwarded over the secure channel, and a connection is made to | 362 | forwarded over the secure channel, and a connection is made to |
363 | host port hostport from the remote machine. Port forwardings can | 363 | ^[[4mhost^[[24m port ^[[4mhostport^[[24m from the remote machine. Port forwardings can |
364 | also be specified in the configuration file. Only root can forM-- | 364 | also be specified in the configuration file. Only root can forM-bM-^@M-^P |
365 | ward privileged ports. IPv6 addresses can be specified with an | 365 | ward privileged ports. IPv6 addresses can be specified with an |
366 | alternative syntax: port/host/hostport | 366 | alternative syntax: ^[[4mport/host/hostport^[[0m |
367 | 367 | ||
368 | -R port:host:hostport | 368 | ^[[1mM-bMM-^RR ^[[4m^[[22mport:host:hostport^[[0m |
369 | Specifies that the given port on the remote (server) host is to | 369 | Specifies that the given port on the remote (server) host is to |
370 | be forwarded to the given host and port on the local side. This | 370 | be forwarded to the given host and port on the local side. This |
371 | works by allocating a socket to listen to port on the remote | 371 | works by allocating a socket to listen to ^[[4mport^[[24m on the remote |
372 | side, and whenever a connection is made to this port, the connecM-- | 372 | side, and whenever a connection is made to this port, the connecM-bM-^@M-^P |
373 | tion is forwarded over the secure channel, and a connection is | 373 | tion is forwarded over the secure channel, and a connection is |
374 | made to host port hostport from the local machine. Port forwardM-- | 374 | made to ^[[4mhost^[[24m port ^[[4mhostport^[[24m from the local machine. Port forwardM-bM-^@M-^P |
375 | ings can also be specified in the configuration file. Privileged | 375 | ings can also be specified in the configuration file. Privileged |
376 | ports can be forwarded only when logging in as root on the remote | 376 | ports can be forwarded only when logging in as root on the remote |
377 | machine. IPv6 addresses can be specified with an alternative | 377 | machine. IPv6 addresses can be specified with an alternative |
378 | syntax: port/host/hostport | 378 | syntax: ^[[4mport/host/hostport^[[0m |
379 | 379 | ||
380 | -D port | 380 | ^[[1mM-bMM-^RD ^[[4m^[[22mport^[[0m |
381 | Specifies a local ``dynamic'' application-level port forwarding. | 381 | Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] applicationM-bM-^@M-^Plevel port forwarding. |
382 | This works by allocating a socket to listen to port on the local | 382 | This works by allocating a socket to listen to ^[[4mport^[[24m on the local |
383 | side, and whenever a connection is made to this port, the connecM-- | 383 | side, and whenever a connection is made to this port, the connecM-bM-^@M-^P |
384 | tion is forwarded over the secure channel, and the application | 384 | tion is forwarded over the secure channel, and the application |
385 | protocol is then used to determine where to connect to from the | 385 | protocol is then used to determine where to connect to from the |
386 | remote machine. Currently the SOCKS4 protocol is supported, and | 386 | remote machine. Currently the SOCKS4 protocol is supported, and |
387 | ssh will act as a SOCKS4 server. Only root can forward priviM-- | 387 | ^[[1mssh ^[[22mwill act as a SOCKS4 server. Only root can forward priviM-bM-^@M-^P |
388 | leged ports. Dynamic port forwardings can also be specified in | 388 | leged ports. Dynamic port forwardings can also be specified in |
389 | the configuration file. | 389 | the configuration file. |
390 | 390 | ||
391 | -1 Forces ssh to try protocol version 1 only. | 391 | ^[[1mM-bMM-^R1 ^[[22mForces ^[[1mssh ^[[22mto try protocol version 1 only. |
392 | 392 | ||
393 | -2 Forces ssh to try protocol version 2 only. | 393 | ^[[1mM-bMM-^R2 ^[[22mForces ^[[1mssh ^[[22mto try protocol version 2 only. |
394 | 394 | ||
395 | -4 Forces ssh to use IPv4 addresses only. | 395 | ^[[1mM-bMM-^R4 ^[[22mForces ^[[1mssh ^[[22mto use IPv4 addresses only. |
396 | 396 | ||
397 | -6 Forces ssh to use IPv6 addresses only. | 397 | ^[[1mM-bMM-^R6 ^[[22mForces ^[[1mssh ^[[22mto use IPv6 addresses only. |
398 | 398 | ||
399 | CONFIGURATION FILES | 399 | ^[[1mCONFIGURATION FILES^[[0m |
400 | ssh may additionally obtain configuration data from a per-user configuraM-- | 400 | ^[[1mssh ^[[22mmay additionally obtain configuration data from a perM-bM-^@M-^Puser configuraM-bM-^@M-^P |
401 | tion file and a system-wide configuration file. The file format and conM-- | 401 | tion file and a systemM-bM-^@M-^Pwide configuration file. The file format and conM-bM-^@M-^P |
402 | figuration options are described in ssh_config(5). | 402 | figuration options are described in ssh_config(5). |
403 | 403 | ||
404 | ENVIRONMENT | 404 | ^[[1mENVIRONMENT^[[0m |
405 | ssh will normally set the following environment variables: | 405 | ^[[1mssh ^[[22mwill normally set the following environment variables: |
406 | 406 | ||
407 | DISPLAY | 407 | DISPLAY |
408 | The DISPLAY variable indicates the location of the X11 server. | 408 | The DISPLAY variable indicates the location of the X11 server. |
409 | It is automatically set by ssh to point to a value of the form | 409 | It is automatically set by ^[[1mssh ^[[22mto point to a value of the form |
410 | ``hostname:n'' where hostname indicates the host where the shell | 410 | M-bM-^@M-^\hostname:nM-bM-^@M-^] where hostname indicates the host where the shell |
411 | runs, and n is an integer >= 1. ssh uses this special value to | 411 | runs, and n is an integer >= 1. ^[[1mssh ^[[22muses this special value to |
412 | forward X11 connections over the secure channel. The user should | 412 | forward X11 connections over the secure channel. The user should |
413 | normally not set DISPLAY explicitly, as that will render the X11 | 413 | normally not set DISPLAY explicitly, as that will render the X11 |
414 | connection insecure (and will require the user to manually copy | 414 | connection insecure (and will require the user to manually copy |
415 | any required authorization cookies). | 415 | any required authorization cookies). |
416 | 416 | ||
417 | HOME Set to the path of the user's home directory. | 417 | HOME Set to the path of the userM-bM-^@M-^Ys home directory. |
418 | 418 | ||
419 | LOGNAME | 419 | LOGNAME |
420 | Synonym for USER; set for compatibility with systems that use | 420 | Synonym for USER; set for compatibility with systems that use |
421 | this variable. | 421 | this variable. |
422 | 422 | ||
423 | MAIL Set to the path of the user's mailbox. | 423 | MAIL Set to the path of the userM-bM-^@M-^Ys mailbox. |
424 | 424 | ||
425 | PATH Set to the default PATH, as specified when compiling ssh. | 425 | PATH Set to the default PATH, as specified when compiling ^[[1mssh^[[22m. |
426 | 426 | ||
427 | SSH_ASKPASS | 427 | SSH_ASKPASS |
428 | If ssh needs a passphrase, it will read the passphrase from the | 428 | If ^[[1mssh ^[[22mneeds a passphrase, it will read the passphrase from the |
429 | current terminal if it was run from a terminal. If ssh does not | 429 | current terminal if it was run from a terminal. If ^[[1mssh ^[[22mdoes not |
430 | have a terminal associated with it but DISPLAY and SSH_ASKPASS | 430 | have a terminal associated with it but DISPLAY and SSH_ASKPASS |
431 | are set, it will execute the program specified by SSH_ASKPASS and | 431 | are set, it will execute the program specified by SSH_ASKPASS and |
432 | open an X11 window to read the passphrase. This is particularly | 432 | open an X11 window to read the passphrase. This is particularly |
433 | useful when calling ssh from a .Xsession or related script. | 433 | useful when calling ^[[1mssh ^[[22mfrom a ^[[4m.Xsession^[[24m or related script. |
434 | (Note that on some machines it may be necessary to redirect the | 434 | (Note that on some machines it may be necessary to redirect the |
435 | input from /dev/null to make this work.) | 435 | input from ^[[4m/dev/null^[[24m to make this work.) |
436 | 436 | ||
437 | SSH_AUTH_SOCK | 437 | SSH_AUTH_SOCK |
438 | Identifies the path of a unix-domain socket used to communicate | 438 | Identifies the path of a unixM-bM-^@M-^Pdomain socket used to communicate |
439 | with the agent. | 439 | with the agent. |
440 | 440 | ||
441 | SSH_CONNECTION | 441 | SSH_CONNECTION |
442 | Identifies the client and server ends of the connection. The | 442 | Identifies the client and server ends of the connection. The |
443 | variable contains four space-separated values: client ip-address, | 443 | variable contains four spaceM-bM-^@M-^Pseparated values: client ipM-bM-^@M-^Paddress, |
444 | client port number, server ip-address and server port number. | 444 | client port number, server ipM-bM-^@M-^Paddress and server port number. |
445 | 445 | ||
446 | SSH_ORIGINAL_COMMAND | 446 | SSH_ORIGINAL_COMMAND |
447 | The variable contains the original command line if a forced comM-- | 447 | The variable contains the original command line if a forced comM-bM-^@M-^P |
448 | mand is executed. It can be used to extract the original arguM-- | 448 | mand is executed. It can be used to extract the original arguM-bM-^@M-^P |
449 | ments. | 449 | ments. |
450 | 450 | ||
451 | SSH_TTY | 451 | SSH_TTY |
452 | This is set to the name of the tty (path to the device) associM-- | 452 | This is set to the name of the tty (path to the device) associM-bM-^@M-^P |
453 | ated with the current shell or command. If the current session | 453 | ated with the current shell or command. If the current session |
454 | has no tty, this variable is not set. | 454 | has no tty, this variable is not set. |
455 | 455 | ||
@@ -459,42 +459,42 @@ ENVIRONMENT | |||
459 | 459 | ||
460 | USER Set to the name of the user logging in. | 460 | USER Set to the name of the user logging in. |
461 | 461 | ||
462 | Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the | 462 | Additionally, ^[[1mssh ^[[22mreads ^[[4m$HOME/.ssh/environment^[[24m, and adds lines of the |
463 | format ``VARNAME=value'' to the environment if the file exists and if | 463 | format M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and if users |
464 | users are allowed to change their environment. See the | 464 | are allowed to change their environment. See the ^[[1mPermitUserEnvironment^[[0m |
465 | PermitUserEnvironment option in sshd_config(5). | 465 | option in sshd_config(5). |
466 | 466 | ||
467 | FILES | 467 | ^[[1mFILES^[[0m |
468 | $HOME/.ssh/known_hosts | 468 | $HOME/.ssh/known_hosts |
469 | Records host keys for all hosts the user has logged into that are | 469 | Records host keys for all hosts the user has logged into that are |
470 | not in /etc/ssh/ssh_known_hosts. See sshd(8). | 470 | not in ^[[4m/etc/ssh/ssh_known_hosts^[[24m. See sshd(8). |
471 | 471 | ||
472 | $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa | 472 | $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
473 | Contains the authentication identity of the user. They are for | 473 | Contains the authentication identity of the user. They are for |
474 | protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. | 474 | protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. |
475 | These files contain sensitive data and should be readable by the | 475 | These files contain sensitive data and should be readable by the |
476 | user but not accessible by others (read/write/execute). Note | 476 | user but not accessible by others (read/write/execute). Note |
477 | that ssh ignores a private key file if it is accessible by othM-- | 477 | that ^[[1mssh ^[[22mignores a private key file if it is accessible by othM-bM-^@M-^P |
478 | ers. It is possible to specify a passphrase when generating the | 478 | ers. It is possible to specify a passphrase when generating the |
479 | key; the passphrase will be used to encrypt the sensitive part of | 479 | key; the passphrase will be used to encrypt the sensitive part of |
480 | this file using 3DES. | 480 | this file using 3DES. |
481 | 481 | ||
482 | $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub | 482 | $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub |
483 | Contains the public key for authentication (public part of the | 483 | Contains the public key for authentication (public part of the |
484 | identity file in human-readable form). The contents of the | 484 | identity file in humanM-bM-^@M-^Preadable form). The contents of the |
485 | $HOME/.ssh/identity.pub file should be added to | 485 | ^[[4m$HOME/.ssh/identity.pub^[[24m file should be added to |
486 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 486 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
487 | to log in using protocol version 1 RSA authentication. The conM-- | 487 | to log in using protocol version 1 RSA authentication. The conM-bM-^@M-^P |
488 | tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file | 488 | tents of the ^[[4m$HOME/.ssh/id_dsa.pub^[[24m and ^[[4m$HOME/.ssh/id_rsa.pub^[[24m file |
489 | should be added to $HOME/.ssh/authorized_keys on all machines | 489 | should be added to ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines |
490 | where the user wishes to log in using protocol version 2 DSA/RSA | 490 | where the user wishes to log in using protocol version 2 DSA/RSA |
491 | authentication. These files are not sensitive and can (but need | 491 | authentication. These files are not sensitive and can (but need |
492 | not) be readable by anyone. These files are never used automatiM-- | 492 | not) be readable by anyone. These files are never used automatiM-bM-^@M-^P |
493 | cally and are not necessary; they are only provided for the conM-- | 493 | cally and are not necessary; they are only provided for the conM-bM-^@M-^P |
494 | venience of the user. | 494 | venience of the user. |
495 | 495 | ||
496 | $HOME/.ssh/config | 496 | $HOME/.ssh/config |
497 | This is the per-user configuration file. The file format and | 497 | This is the perM-bM-^@M-^Puser configuration file. The file format and |
498 | configuration options are described in ssh_config(5). | 498 | configuration options are described in ssh_config(5). |
499 | 499 | ||
500 | $HOME/.ssh/authorized_keys | 500 | $HOME/.ssh/authorized_keys |
@@ -508,17 +508,17 @@ FILES | |||
508 | /etc/ssh/ssh_known_hosts | 508 | /etc/ssh/ssh_known_hosts |
509 | Systemwide list of known host keys. This file should be prepared | 509 | Systemwide list of known host keys. This file should be prepared |
510 | by the system administrator to contain the public host keys of | 510 | by the system administrator to contain the public host keys of |
511 | all machines in the organization. This file should be world- | 511 | all machines in the organization. This file should be worldM-bM-^@M-^P |
512 | readable. This file contains public keys, one per line, in the | 512 | readable. This file contains public keys, one per line, in the |
513 | following format (fields separated by spaces): system name, pubM-- | 513 | following format (fields separated by spaces): system name, pubM-bM-^@M-^P |
514 | lic key and optional comment field. When different names are | 514 | lic key and optional comment field. When different names are |
515 | used for the same machine, all such names should be listed, sepaM-- | 515 | used for the same machine, all such names should be listed, sepaM-bM-^@M-^P |
516 | rated by commas. The format is described on the sshd(8) manual | 516 | rated by commas. The format is described on the sshd(8) manual |
517 | page. | 517 | page. |
518 | 518 | ||
519 | The canonical system name (as returned by name servers) is used | 519 | The canonical system name (as returned by name servers) is used |
520 | by sshd(8) to verify the client host when logging in; other names | 520 | by sshd(8) to verify the client host when logging in; other names |
521 | are needed because ssh does not convert the user-supplied name to | 521 | are needed because ^[[1mssh ^[[22mdoes not convert the userM-bM-^@M-^Psupplied name to |
522 | a canonical name before checking the key, because someone with | 522 | a canonical name before checking the key, because someone with |
523 | access to the name servers would then be able to fool host | 523 | access to the name servers would then be able to fool host |
524 | authentication. | 524 | authentication. |
@@ -530,22 +530,22 @@ FILES | |||
530 | /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, | 530 | /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, |
531 | /etc/ssh/ssh_host_rsa_key | 531 | /etc/ssh/ssh_host_rsa_key |
532 | These three files contain the private parts of the host keys and | 532 | These three files contain the private parts of the host keys and |
533 | are used for RhostsRSAAuthentication and HostbasedAuthentication. | 533 | are used for ^[[1mRhostsRSAAuthentication ^[[22mand ^[[1mHostbasedAuthentication^[[22m. |
534 | If the protocol version 1 RhostsRSAAuthentication method is used, | 534 | If the protocol version 1 ^[[1mRhostsRSAAuthentication ^[[22mmethod is used, |
535 | ssh must be setuid root, since the host key is readable only by | 535 | ^[[1mssh ^[[22mmust be setuid root, since the host key is readable only by |
536 | root. For protocol version 2, ssh uses ssh-keysign(8) to access | 536 | root. For protocol version 2, ^[[1mssh ^[[22muses sshM-bM-^@M-^Pkeysign(8) to access |
537 | the host keys for HostbasedAuthentication. This eliminates the | 537 | the host keys for ^[[1mHostbasedAuthentication^[[22m. This eliminates the |
538 | requirement that ssh be setuid root when that authentication | 538 | requirement that ^[[1mssh ^[[22mbe setuid root when that authentication |
539 | method is used. By default ssh is not setuid root. | 539 | method is used. By default ^[[1mssh ^[[22mis not setuid root. |
540 | 540 | ||
541 | $HOME/.rhosts | 541 | $HOME/.rhosts |
542 | This file is used in .rhosts authentication to list the host/user | 542 | This file is used in ^[[4m.rhosts^[[24m authentication to list the host/user |
543 | pairs that are permitted to log in. (Note that this file is also | 543 | pairs that are permitted to log in. (Note that this file is also |
544 | used by rlogin and rsh, which makes using this file insecure.) | 544 | used by rlogin and rsh, which makes using this file insecure.) |
545 | Each line of the file contains a host name (in the canonical form | 545 | Each line of the file contains a host name (in the canonical form |
546 | returned by name servers), and then a user name on that host, | 546 | returned by name servers), and then a user name on that host, |
547 | separated by a space. On some machines this file may need to be | 547 | separated by a space. On some machines this file may need to be |
548 | world-readable if the user's home directory is on a NFS partiM-- | 548 | worldM-bM-^@M-^Preadable if the userM-bM-^@M-^Ys home directory is on a NFS partiM-bM-^@M-^P |
549 | tion, because sshd(8) reads it as root. Additionally, this file | 549 | tion, because sshd(8) reads it as root. Additionally, this file |
550 | must be owned by the user, and must not have write permissions | 550 | must be owned by the user, and must not have write permissions |
551 | for anyone else. The recommended permission for most machines is | 551 | for anyone else. The recommended permission for most machines is |
@@ -554,18 +554,18 @@ FILES | |||
554 | Note that by default sshd(8) will be installed so that it | 554 | Note that by default sshd(8) will be installed so that it |
555 | requires successful RSA host authentication before permitting | 555 | requires successful RSA host authentication before permitting |
556 | .rhosts authentication. If the server machine does not have the | 556 | .rhosts authentication. If the server machine does not have the |
557 | client's host key in /etc/ssh/ssh_known_hosts, it can be stored | 557 | clientM-bM-^@M-^Ys host key in ^[[4m/etc/ssh/ssh_known_hosts^[[24m, it can be stored |
558 | in $HOME/.ssh/known_hosts. The easiest way to do this is to conM-- | 558 | in ^[[4m$HOME/.ssh/known_hosts^[[24m. The easiest way to do this is to conM-bM-^@M-^P |
559 | nect back to the client from the server machine using ssh; this | 559 | nect back to the client from the server machine using ssh; this |
560 | will automatically add the host key to $HOME/.ssh/known_hosts. | 560 | will automatically add the host key to ^[[4m$HOME/.ssh/known_hosts^[[24m. |
561 | 561 | ||
562 | $HOME/.shosts | 562 | $HOME/.shosts |
563 | This file is used exactly the same way as .rhosts. The purpose | 563 | This file is used exactly the same way as ^[[4m.rhosts^[[24m. The purpose |
564 | for having this file is to be able to use rhosts authentication | 564 | for having this file is to be able to use rhosts authentication |
565 | with ssh without permitting login with rlogin or rsh(1). | 565 | with ^[[1mssh ^[[22mwithout permitting login with ^[[1mrlogin ^[[22mor rsh(1). |
566 | 566 | ||
567 | /etc/hosts.equiv | 567 | /etc/hosts.equiv |
568 | This file is used during .rhosts authentication. It contains | 568 | This file is used during ^[[4m.rhosts^[[24m ^[[4mauthentication.^[[24m It contains |
569 | canonical hosts names, one per line (the full format is described | 569 | canonical hosts names, one per line (the full format is described |
570 | on the sshd(8) manual page). If the client host is found in this | 570 | on the sshd(8) manual page). If the client host is found in this |
571 | file, login is automatically permitted provided client and server | 571 | file, login is automatically permitted provided client and server |
@@ -574,41 +574,41 @@ FILES | |||
574 | writable by root. | 574 | writable by root. |
575 | 575 | ||
576 | /etc/shosts.equiv | 576 | /etc/shosts.equiv |
577 | This file is processed exactly as /etc/hosts.equiv. This file | 577 | This file is processed exactly as ^[[4m/etc/hosts.equiv^[[24m. This file |
578 | may be useful to permit logins using ssh but not using | 578 | may be useful to permit logins using ^[[1mssh ^[[22mbut not using |
579 | rsh/rlogin. | 579 | rsh/rlogin. |
580 | 580 | ||
581 | /etc/ssh/sshrc | 581 | /etc/ssh/sshrc |
582 | Commands in this file are executed by ssh when the user logs in | 582 | Commands in this file are executed by ^[[1mssh ^[[22mwhen the user logs in |
583 | just before the user's shell (or command) is started. See the | 583 | just before the userM-bM-^@M-^Ys shell (or command) is started. See the |
584 | sshd(8) manual page for more information. | 584 | sshd(8) manual page for more information. |
585 | 585 | ||
586 | $HOME/.ssh/rc | 586 | $HOME/.ssh/rc |
587 | Commands in this file are executed by ssh when the user logs in | 587 | Commands in this file are executed by ^[[1mssh ^[[22mwhen the user logs in |
588 | just before the user's shell (or command) is started. See the | 588 | just before the userM-bM-^@M-^Ys shell (or command) is started. See the |
589 | sshd(8) manual page for more information. | 589 | sshd(8) manual page for more information. |
590 | 590 | ||
591 | $HOME/.ssh/environment | 591 | $HOME/.ssh/environment |
592 | Contains additional definitions for environment variables, see | 592 | Contains additional definitions for environment variables, see |
593 | section ENVIRONMENT above. | 593 | section ^[[4mENVIRONMENT^[[24m above. |
594 | 594 | ||
595 | DIAGNOSTICS | 595 | ^[[1mDIAGNOSTICS^[[0m |
596 | ssh exits with the exit status of the remote command or with 255 if an | 596 | ^[[1mssh ^[[22mexits with the exit status of the remote command or with 255 if an |
597 | error occurred. | 597 | error occurred. |
598 | 598 | ||
599 | AUTHORS | 599 | ^[[1mAUTHORS^[[0m |
600 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 600 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
601 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 601 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
602 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 602 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
603 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 603 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
604 | versions 1.5 and 2.0. | 604 | versions 1.5 and 2.0. |
605 | 605 | ||
606 | SEE ALSO | 606 | ^[[1mSEE ALSO^[[0m |
607 | rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 607 | rsh(1), scp(1), sftp(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), |
608 | telnet(1), ssh_config(5), ssh-keysign(8), sshd(8) | 608 | telnet(1), ssh_config(5), sshM-bM-^@M-^Pkeysign(8), sshd(8) |
609 | 609 | ||
610 | T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH | 610 | T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, ^[[4mSSH^[[0m |
611 | Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January | 611 | ^[[4mProtocol^[[24m ^[[4mArchitecture^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^ParchitectureM-bM-^@M-^P12.txt, January |
612 | 2002, work in progress material. | 612 | 2002, work in progress material. |
613 | 613 | ||
614 | BSD September 25, 1999 BSD | 614 | BSD September 25, 1999 BSD |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -500,9 +500,9 @@ again: | |||
500 | av += optind; | 500 | av += optind; |
501 | 501 | ||
502 | if (ac > 0 && !host && **av != '-') { | 502 | if (ac > 0 && !host && **av != '-') { |
503 | if (strchr(*av, '@')) { | 503 | if (strrchr(*av, '@')) { |
504 | p = xstrdup(*av); | 504 | p = xstrdup(*av); |
505 | cp = strchr(p, '@'); | 505 | cp = strrchr(p, '@'); |
506 | if (cp == NULL || cp == p) | 506 | if (cp == NULL || cp == p) |
507 | usage(); | 507 | usage(); |
508 | options.user = p; | 508 | options.user = p; |
@@ -510,12 +510,11 @@ again: | |||
510 | host = ++cp; | 510 | host = ++cp; |
511 | } else | 511 | } else |
512 | host = *av; | 512 | host = *av; |
513 | ac--, av++; | 513 | if (ac > 1) { |
514 | if (ac > 0) { | 514 | optind = optreset = 1; |
515 | optind = 0; | ||
516 | optreset = 1; | ||
517 | goto again; | 515 | goto again; |
518 | } | 516 | } |
517 | ac--, av++; | ||
519 | } | 518 | } |
520 | 519 | ||
521 | /* Check that we got a host name. */ | 520 | /* Check that we got a host name. */ |
@@ -607,6 +606,10 @@ again: | |||
607 | if (options.hostname != NULL) | 606 | if (options.hostname != NULL) |
608 | host = options.hostname; | 607 | host = options.hostname; |
609 | 608 | ||
609 | if (options.proxy_command != NULL && | ||
610 | strcmp(options.proxy_command, "none") == 0) | ||
611 | options.proxy_command = NULL; | ||
612 | |||
610 | /* Disable rhosts authentication if not running as root. */ | 613 | /* Disable rhosts authentication if not running as root. */ |
611 | #ifdef HAVE_CYGWIN | 614 | #ifdef HAVE_CYGWIN |
612 | /* Ignore uid if running under Windows */ | 615 | /* Ignore uid if running under Windows */ |
@@ -1031,7 +1034,7 @@ ssh_session2_setup(int id, void *arg) | |||
1031 | int interactive = 0; | 1034 | int interactive = 0; |
1032 | struct termios tio; | 1035 | struct termios tio; |
1033 | 1036 | ||
1034 | debug("ssh_session2_setup: id %d", id); | 1037 | debug2("ssh_session2_setup: id %d", id); |
1035 | 1038 | ||
1036 | if (tty_flag) { | 1039 | if (tty_flag) { |
1037 | struct winsize ws; | 1040 | struct winsize ws; |
diff --git a/ssh_config.0 b/ssh_config.0 index a5a44da14..559705343 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -1,403 +1,400 @@ | |||
1 | SSH_CONFIG(5) System File Formats Manual SSH_CONFIG(5) | 1 | SSH_CONFIG(5) BSD File Formats Manual SSH_CONFIG(5) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | ssh_config - OpenSSH SSH client configuration files | 4 | ^[[1mssh_config ^[[22mM-bMM-^R OpenSSH SSH client configuration files |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | $HOME/.ssh/config | 7 | ^[[4m$HOME/.ssh/config^[[0m |
8 | /etc/ssh/ssh_config | 8 | ^[[4m/etc/ssh/ssh_config^[[0m |
9 | 9 | ||
10 | DESCRIPTION | 10 | ^[[1mDESCRIPTION^[[0m |
11 | ssh obtains configuration data from the following sources in the followM-- | 11 | ^[[1mssh ^[[22mobtains configuration data from the following sources in the followM-bM-^@M-^P |
12 | ing order: | 12 | ing order: |
13 | 1. command-line options | 13 | 1. commandM-bM-^@M-^Pline options |
14 | 2. user's configuration file ($HOME/.ssh/config) | 14 | 2. userM-bM-^@M-^Ys configuration file (^[[4m$HOME/.ssh/config^[[24m) |
15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | 15 | 3. systemM-bM-^@M-^Pwide configuration file (^[[4m/etc/ssh/ssh_config^[[24m) |
16 | 16 | ||
17 | For each parameter, the first obtained value will be used. The configuM-- | 17 | For each parameter, the first obtained value will be used. The configuM-bM-^@M-^P |
18 | ration files contain sections bracketed by ``Host'' specifications, and | 18 | ration files contain sections bracketed by M-bM-^@M-^\HostM-bM-^@M-^] specifications, and |
19 | that section is only applied for hosts that match one of the patterns | 19 | that section is only applied for hosts that match one of the patterns |
20 | given in the specification. The matched host name is the one given on | 20 | given in the specification. The matched host name is the one given on |
21 | the command line. | 21 | the command line. |
22 | 22 | ||
23 | Since the first obtained value for each parameter is used, more host-speM-- | 23 | Since the first obtained value for each parameter is used, more hostM-bM-^@M-^PspeM-bM-^@M-^P |
24 | cific declarations should be given near the beginning of the file, and | 24 | cific declarations should be given near the beginning of the file, and |
25 | general defaults at the end. | 25 | general defaults at the end. |
26 | 26 | ||
27 | The configuration file has the following format: | 27 | The configuration file has the following format: |
28 | 28 | ||
29 | Empty lines and lines starting with `#' are comments. | 29 | Empty lines and lines starting with M-bM-^@M-^X#M-bM-^@M-^Y are comments. |
30 | 30 | ||
31 | Otherwise a line is of the format ``keyword arguments''. Configuration | 31 | Otherwise a line is of the format M-bM-^@M-^\keyword argumentsM-bM-^@M-^]. Configuration |
32 | options may be separated by whitespace or optional whitespace and exactly | 32 | options may be separated by whitespace or optional whitespace and exactly |
33 | one `='; the latter format is useful to avoid the need to quote whitesM-- | 33 | one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format is useful to avoid the need to quote whitesM-bM-^@M-^P |
34 | pace when specifying configuration options using the ssh, scp and sftp -o | 34 | pace when specifying configuration options using the ^[[1mssh^[[22m, ^[[1mscp ^[[22mand ^[[1msftp M-bMM-^Ro^[[0m |
35 | option. | 35 | option. |
36 | 36 | ||
37 | The possible keywords and their meanings are as follows (note that keyM-- | 37 | The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P |
38 | words are case-insensitive and arguments are case-sensitive): | 38 | words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive): |
39 | 39 | ||
40 | Host Restricts the following declarations (up to the next Host keyM-- | 40 | ^[[1mHost ^[[22mRestricts the following declarations (up to the next ^[[1mHost ^[[22mkeyM-bM-^@M-^P |
41 | word) to be only for those hosts that match one of the patterns | 41 | word) to be only for those hosts that match one of the patterns |
42 | given after the keyword. `*' and `'? can be used as wildcards | 42 | given after the keyword. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards |
43 | in the patterns. A single `*' as a pattern can be used to proM-- | 43 | in the patterns. A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to proM-bM-^@M-^P |
44 | vide global defaults for all hosts. The host is the hostname | 44 | vide global defaults for all hosts. The host is the ^[[4mhostname^[[0m |
45 | argument given on the command line (i.e., the name is not conM-- | 45 | argument given on the command line (i.e., the name is not conM-bM-^@M-^P |
46 | verted to a canonicalized host name before matching). | 46 | verted to a canonicalized host name before matching). |
47 | 47 | ||
48 | AFSTokenPassing | 48 | ^[[1mAFSTokenPassing^[[0m |
49 | Specifies whether to pass AFS tokens to remote host. The arguM-- | 49 | Specifies whether to pass AFS tokens to remote host. The arguM-bM-^@M-^P |
50 | ment to this keyword must be ``yes'' or ``no''. This option | 50 | ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option applies |
51 | applies to protocol version 1 only. | 51 | to protocol version 1 only. |
52 | 52 | ||
53 | BatchMode | 53 | ^[[1mBatchMode^[[0m |
54 | If set to ``yes'', passphrase/password querying will be disabled. | 54 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. |
55 | This option is useful in scripts and other batch jobs where no | 55 | This option is useful in scripts and other batch jobs where no |
56 | user is present to supply the password. The argument must be | 56 | user is present to supply the password. The argument must be |
57 | ``yes'' or ``no''. The default is ``no''. | 57 | M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
58 | 58 | ||
59 | BindAddress | 59 | ^[[1mBindAddress^[[0m |
60 | Specify the interface to transmit from on machines with multiple | 60 | Specify the interface to transmit from on machines with multiple |
61 | interfaces or aliased addresses. Note that this option does not | 61 | interfaces or aliased addresses. Note that this option does not |
62 | work if UsePrivilegedPort is set to ``yes''. | 62 | work if ^[[1mUsePrivilegedPort ^[[22mis set to M-bM-^@M-^\yesM-bM-^@M-^]. |
63 | 63 | ||
64 | ChallengeResponseAuthentication | 64 | ^[[1mChallengeResponseAuthentication^[[0m |
65 | Specifies whether to use challenge response authentication. The | 65 | Specifies whether to use challenge response authentication. The |
66 | argument to this keyword must be ``yes'' or ``no''. The default | 66 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is |
67 | is ``yes''. | 67 | M-bM-^@M-^\yesM-bM-^@M-^]. |
68 | 68 | ||
69 | CheckHostIP | 69 | ^[[1mCheckHostIP^[[0m |
70 | If this flag is set to ``yes'', ssh will additionally check the | 70 | If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh will additionally check the |
71 | host IP address in the known_hosts file. This allows ssh to | 71 | host IP address in the ^[[4mknown_hosts^[[24m file. This allows ssh to |
72 | detect if a host key changed due to DNS spoofing. If the option | 72 | detect if a host key changed due to DNS spoofing. If the option |
73 | is set to ``no'', the check will not be executed. The default is | 73 | is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The default is |
74 | ``yes''. | 74 | M-bM-^@M-^\yesM-bM-^@M-^]. |
75 | 75 | ||
76 | Cipher Specifies the cipher to use for encrypting the session in protoM-- | 76 | ^[[1mCipher ^[[22mSpecifies the cipher to use for encrypting the session in protoM-bM-^@M-^P |
77 | col version 1. Currently, ``blowfish'', ``3des'', and ``des'' | 77 | col version 1. Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are supM-bM-^@M-^P |
78 | are supported. des is only supported in the ssh client for | 78 | ported. ^[[4mdes^[[24m is only supported in the ^[[1mssh ^[[22mclient for interoperM-bM-^@M-^P |
79 | interoperability with legacy protocol 1 implementations that do | 79 | ability with legacy protocol 1 implementations that do not supM-bM-^@M-^P |
80 | not support the 3des cipher. Its use is strongly discouraged due | 80 | port the ^[[4m3des^[[24m cipher. Its use is strongly discouraged due to |
81 | to cryptographic weaknesses. The default is ``3des''. | 81 | cryptographic weaknesses. The default is M-bM-^@M-^\3desM-bM-^@M-^]. |
82 | 82 | ||
83 | Ciphers | 83 | ^[[1mCiphers^[[0m |
84 | Specifies the ciphers allowed for protocol version 2 in order of | 84 | Specifies the ciphers allowed for protocol version 2 in order of |
85 | preference. Multiple ciphers must be comma-separated. The | 85 | preference. Multiple ciphers must be commaM-bM-^@M-^Pseparated. The |
86 | default is | 86 | default is |
87 | 87 | ||
88 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | 88 | M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour, |
89 | aes192-cbc,aes256-cbc'' | 89 | aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y |
90 | 90 | ||
91 | ClearAllForwardings | 91 | ^[[1mClearAllForwardings^[[0m |
92 | Specifies that all local, remote and dynamic port forwardings | 92 | Specifies that all local, remote and dynamic port forwardings |
93 | specified in the configuration files or on the command line be | 93 | specified in the configuration files or on the command line be |
94 | cleared. This option is primarily useful when used from the ssh | 94 | cleared. This option is primarily useful when used from the ^[[1mssh^[[0m |
95 | command line to clear port forwardings set in configuration | 95 | command line to clear port forwardings set in configuration |
96 | files, and is automatically set by scp(1) and sftp(1). The arguM-- | 96 | files, and is automatically set by scp(1) and sftp(1). The arguM-bM-^@M-^P |
97 | ment must be ``yes'' or ``no''. The default is ``no''. | 97 | ment must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
98 | 98 | ||
99 | Compression | 99 | ^[[1mCompression^[[0m |
100 | Specifies whether to use compression. The argument must be | 100 | Specifies whether to use compression. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] |
101 | ``yes'' or ``no''. The default is ``no''. | 101 | or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
102 | 102 | ||
103 | CompressionLevel | 103 | ^[[1mCompressionLevel^[[0m |
104 | Specifies the compression level to use if compression is enabled. | 104 | Specifies the compression level to use if compression is enabled. |
105 | The argument must be an integer from 1 (fast) to 9 (slow, best). | 105 | The argument must be an integer from 1 (fast) to 9 (slow, best). |
106 | The default level is 6, which is good for most applications. The | 106 | The default level is 6, which is good for most applications. The |
107 | meaning of the values is the same as in gzip(1). Note that this | 107 | meaning of the values is the same as in gzip(1). Note that this |
108 | option applies to protocol version 1 only. | 108 | option applies to protocol version 1 only. |
109 | 109 | ||
110 | ConnectionAttempts | 110 | ^[[1mConnectionAttempts^[[0m |
111 | Specifies the number of tries (one per second) to make before | 111 | Specifies the number of tries (one per second) to make before |
112 | exiting. The argument must be an integer. This may be useful in | 112 | exiting. The argument must be an integer. This may be useful in |
113 | scripts if the connection sometimes fails. The default is 1. | 113 | scripts if the connection sometimes fails. The default is 1. |
114 | 114 | ||
115 | DynamicForward | 115 | ^[[1mDynamicForward^[[0m |
116 | Specifies that a TCP/IP port on the local machine be forwarded | 116 | Specifies that a TCP/IP port on the local machine be forwarded |
117 | over the secure channel, and the application protocol is then | 117 | over the secure channel, and the application protocol is then |
118 | used to determine where to connect to from the remote machine. | 118 | used to determine where to connect to from the remote machine. |
119 | The argument must be a port number. Currently the SOCKS4 protoM-- | 119 | The argument must be a port number. Currently the SOCKS4 protoM-bM-^@M-^P |
120 | col is supported, and ssh will act as a SOCKS4 server. Multiple | 120 | col is supported, and ^[[1mssh ^[[22mwill act as a SOCKS4 server. Multiple |
121 | forwardings may be specified, and additional forwardings can be | 121 | forwardings may be specified, and additional forwardings can be |
122 | given on the command line. Only the superuser can forward priviM-- | 122 | given on the command line. Only the superuser can forward priviM-bM-^@M-^P |
123 | leged ports. | 123 | leged ports. |
124 | 124 | ||
125 | EscapeChar | 125 | ^[[1mEscapeChar^[[0m |
126 | Sets the escape character (default: `~'). The escape character | 126 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character |
127 | can also be set on the command line. The argument should be a | 127 | can also be set on the command line. The argument should be a |
128 | single character, `^' followed by a letter, or ``none'' to disM-- | 128 | single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or M-bM-^@M-^\noneM-bM-^@M-^] to disable |
129 | able the escape character entirely (making the connection transM-- | 129 | the escape character entirely (making the connection transparent |
130 | parent for binary data). | 130 | for binary data). |
131 | 131 | ||
132 | ForwardAgent | 132 | ^[[1mForwardAgent^[[0m |
133 | Specifies whether the connection to the authentication agent (if | 133 | Specifies whether the connection to the authentication agent (if |
134 | any) will be forwarded to the remote machine. The argument must | 134 | any) will be forwarded to the remote machine. The argument must |
135 | be ``yes'' or ``no''. The default is ``no''. | 135 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
136 | 136 | ||
137 | Agent forwarding should be enabled with caution. Users with the | 137 | Agent forwarding should be enabled with caution. Users with the |
138 | ability to bypass file permissions on the remote host (for the | 138 | ability to bypass file permissions on the remote host (for the |
139 | agent's Unix-domain socket) can access the local agent through | 139 | agentM-bM-^@M-^Ys UnixM-bM-^@M-^Pdomain socket) can access the local agent through |
140 | the forwarded connection. An attacker cannot obtain key material | 140 | the forwarded connection. An attacker cannot obtain key material |
141 | from the agent, however they can perform operations on the keys | 141 | from the agent, however they can perform operations on the keys |
142 | that enable them to authenticate using the identities loaded into | 142 | that enable them to authenticate using the identities loaded into |
143 | the agent. | 143 | the agent. |
144 | 144 | ||
145 | ForwardX11 | 145 | ^[[1mForwardX11^[[0m |
146 | Specifies whether X11 connections will be automatically rediM-- | 146 | Specifies whether X11 connections will be automatically rediM-bM-^@M-^P |
147 | rected over the secure channel and DISPLAY set. The argument | 147 | rected over the secure channel and DISPLAY set. The argument |
148 | must be ``yes'' or ``no''. The default is ``no''. | 148 | must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
149 | 149 | ||
150 | X11 forwarding should be enabled with caution. Users with the | 150 | X11 forwarding should be enabled with caution. Users with the |
151 | ability to bypass file permissions on the remote host (for the | 151 | ability to bypass file permissions on the remote host (for the |
152 | user's X authorization database) can access the local X11 display | 152 | userM-bM-^@M-^Ys X authorization database) can access the local X11 display |
153 | through the forwarded connection. An attacker may then be able | 153 | through the forwarded connection. An attacker may then be able |
154 | to perform activities such as keystroke monitoring. | 154 | to perform activities such as keystroke monitoring. |
155 | 155 | ||
156 | GatewayPorts | 156 | ^[[1mGatewayPorts^[[0m |
157 | Specifies whether remote hosts are allowed to connect to local | 157 | Specifies whether remote hosts are allowed to connect to local |
158 | forwarded ports. By default, ssh binds local port forwardings to | 158 | forwarded ports. By default, ^[[1mssh ^[[22mbinds local port forwardings to |
159 | the loopback address. This prevents other remote hosts from conM-- | 159 | the loopback address. This prevents other remote hosts from conM-bM-^@M-^P |
160 | necting to forwarded ports. GatewayPorts can be used to specify | 160 | necting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be used to specify |
161 | that ssh should bind local port forwardings to the wildcard | 161 | that ^[[1mssh ^[[22mshould bind local port forwardings to the wildcard |
162 | address, thus allowing remote hosts to connect to forwarded | 162 | address, thus allowing remote hosts to connect to forwarded |
163 | ports. The argument must be ``yes'' or ``no''. The default is | 163 | ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
164 | ``no''. | ||
165 | 164 | ||
166 | GlobalKnownHostsFile | 165 | ^[[1mGlobalKnownHostsFile^[[0m |
167 | Specifies a file to use for the global host key database instead | 166 | Specifies a file to use for the global host key database instead |
168 | of /etc/ssh/ssh_known_hosts. | 167 | of ^[[4m/etc/ssh/ssh_known_hosts^[[24m. |
169 | 168 | ||
170 | HostbasedAuthentication | 169 | ^[[1mHostbasedAuthentication^[[0m |
171 | Specifies whether to try rhosts based authentication with public | 170 | Specifies whether to try rhosts based authentication with public |
172 | key authentication. The argument must be ``yes'' or ``no''. The | 171 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
173 | default is ``no''. This option applies to protocol version 2 | 172 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only |
174 | only and is similar to RhostsRSAAuthentication. | 173 | and is similar to ^[[1mRhostsRSAAuthentication^[[22m. |
175 | 174 | ||
176 | HostKeyAlgorithms | 175 | ^[[1mHostKeyAlgorithms^[[0m |
177 | Specifies the protocol version 2 host key algorithms that the | 176 | Specifies the protocol version 2 host key algorithms that the |
178 | client wants to use in order of preference. The default for this | 177 | client wants to use in order of preference. The default for this |
179 | option is: ``ssh-rsa,ssh-dss''. | 178 | option is: M-bM-^@M-^\sshM-bM-^@M-^Prsa,sshM-bM-^@M-^PdssM-bM-^@M-^]. |
180 | 179 | ||
181 | HostKeyAlias | 180 | ^[[1mHostKeyAlias^[[0m |
182 | Specifies an alias that should be used instead of the real host | 181 | Specifies an alias that should be used instead of the real host |
183 | name when looking up or saving the host key in the host key | 182 | name when looking up or saving the host key in the host key |
184 | database files. This option is useful for tunneling ssh connecM-- | 183 | database files. This option is useful for tunneling ssh connecM-bM-^@M-^P |
185 | tions or for multiple servers running on a single host. | 184 | tions or for multiple servers running on a single host. |
186 | 185 | ||
187 | HostName | 186 | ^[[1mHostName^[[0m |
188 | Specifies the real host name to log into. This can be used to | 187 | Specifies the real host name to log into. This can be used to |
189 | specify nicknames or abbreviations for hosts. Default is the | 188 | specify nicknames or abbreviations for hosts. Default is the |
190 | name given on the command line. Numeric IP addresses are also | 189 | name given on the command line. Numeric IP addresses are also |
191 | permitted (both on the command line and in HostName specificaM-- | 190 | permitted (both on the command line and in ^[[1mHostName ^[[22mspecificaM-bM-^@M-^P |
192 | tions). | 191 | tions). |
193 | 192 | ||
194 | IdentityFile | 193 | ^[[1mIdentityFile^[[0m |
195 | Specifies a file from which the user's RSA or DSA authentication | 194 | Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication |
196 | identity is read. The default is $HOME/.ssh/identity for protocol | 195 | identity is read. The default is ^[[4m$HOME/.ssh/identity^[[24m for protocol |
197 | version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protoM-- | 196 | version 1, and ^[[4m$HOME/.ssh/id_rsa^[[24m and ^[[4m$HOME/.ssh/id_dsa^[[24m for protoM-bM-^@M-^P |
198 | col version 2. Additionally, any identities represented by the | 197 | col version 2. Additionally, any identities represented by the |
199 | authentication agent will be used for authentication. The file | 198 | authentication agent will be used for authentication. The file |
200 | name may use the tilde syntax to refer to a user's home direcM-- | 199 | name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direcM-bM-^@M-^P |
201 | tory. It is possible to have multiple identity files specified | 200 | tory. It is possible to have multiple identity files specified |
202 | in configuration files; all these identities will be tried in | 201 | in configuration files; all these identities will be tried in |
203 | sequence. | 202 | sequence. |
204 | 203 | ||
205 | KeepAlive | 204 | ^[[1mKeepAlive^[[0m |
206 | Specifies whether the system should send TCP keepalive messages | 205 | Specifies whether the system should send TCP keepalive messages |
207 | to the other side. If they are sent, death of the connection or | 206 | to the other side. If they are sent, death of the connection or |
208 | crash of one of the machines will be properly noticed. However, | 207 | crash of one of the machines will be properly noticed. However, |
209 | this means that connections will die if the route is down temM-- | 208 | this means that connections will die if the route is down temM-bM-^@M-^P |
210 | porarily, and some people find it annoying. | 209 | porarily, and some people find it annoying. |
211 | 210 | ||
212 | The default is ``yes'' (to send keepalives), and the client will | 211 | The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the client will |
213 | notice if the network goes down or the remote host dies. This is | 212 | notice if the network goes down or the remote host dies. This is |
214 | important in scripts, and many users want it too. | 213 | important in scripts, and many users want it too. |
215 | 214 | ||
216 | To disable keepalives, the value should be set to ``no''. | 215 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. |
217 | 216 | ||
218 | KerberosAuthentication | 217 | ^[[1mKerberosAuthentication^[[0m |
219 | Specifies whether Kerberos authentication will be used. The | 218 | Specifies whether Kerberos authentication will be used. The |
220 | argument to this keyword must be ``yes'' or ``no''. | 219 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. |
221 | 220 | ||
222 | KerberosTgtPassing | 221 | ^[[1mKerberosTgtPassing^[[0m |
223 | Specifies whether a Kerberos TGT will be forwarded to the server. | 222 | Specifies whether a Kerberos TGT will be forwarded to the server. |
224 | This will only work if the Kerberos server is actually an AFS | 223 | This will only work if the Kerberos server is actually an AFS |
225 | kaserver. The argument to this keyword must be ``yes'' or | 224 | kaserver. The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. |
226 | ``no''. | ||
227 | 225 | ||
228 | LocalForward | 226 | ^[[1mLocalForward^[[0m |
229 | Specifies that a TCP/IP port on the local machine be forwarded | 227 | Specifies that a TCP/IP port on the local machine be forwarded |
230 | over the secure channel to the specified host and port from the | 228 | over the secure channel to the specified host and port from the |
231 | remote machine. The first argument must be a port number, and | 229 | remote machine. The first argument must be a port number, and |
232 | the second must be host:port. IPv6 addresses can be specified | 230 | the second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified |
233 | with an alternative syntax: host/port. Multiple forwardings may | 231 | with an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may |
234 | be specified, and additional forwardings can be given on the comM-- | 232 | be specified, and additional forwardings can be given on the comM-bM-^@M-^P |
235 | mand line. Only the superuser can forward privileged ports. | 233 | mand line. Only the superuser can forward privileged ports. |
236 | 234 | ||
237 | LogLevel | 235 | ^[[1mLogLevel^[[0m |
238 | Gives the verbosity level that is used when logging messages from | 236 | Gives the verbosity level that is used when logging messages from |
239 | ssh. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-- | 237 | ^[[1mssh^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P |
240 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. | 238 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. |
241 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | 239 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify |
242 | higher levels of verbose output. | 240 | higher levels of verbose output. |
243 | 241 | ||
244 | MACs Specifies the MAC (message authentication code) algorithms in | 242 | ^[[1mMACs ^[[22mSpecifies the MAC (message authentication code) algorithms in |
245 | order of preference. The MAC algorithm is used in protocol verM-- | 243 | order of preference. The MAC algorithm is used in protocol verM-bM-^@M-^P |
246 | sion 2 for data integrity protection. Multiple algorithms must | 244 | sion 2 for data integrity protection. Multiple algorithms must |
247 | be comma-separated. The default is | 245 | be commaM-bM-^@M-^Pseparated. The default is |
248 | ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. | 246 | M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^]. |
249 | 247 | ||
250 | NoHostAuthenticationForLocalhost | 248 | ^[[1mNoHostAuthenticationForLocalhost^[[0m |
251 | This option can be used if the home directory is shared across | 249 | This option can be used if the home directory is shared across |
252 | machines. In this case localhost will refer to a different | 250 | machines. In this case localhost will refer to a different |
253 | machine on each of the machines and the user will get many warnM-- | 251 | machine on each of the machines and the user will get many warnM-bM-^@M-^P |
254 | ings about changed host keys. However, this option disables host | 252 | ings about changed host keys. However, this option disables host |
255 | authentication for localhost. The argument to this keyword must | 253 | authentication for localhost. The argument to this keyword must |
256 | be ``yes'' or ``no''. The default is to check the host key for | 254 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is to check the host key for |
257 | localhost. | 255 | localhost. |
258 | 256 | ||
259 | NumberOfPasswordPrompts | 257 | ^[[1mNumberOfPasswordPrompts^[[0m |
260 | Specifies the number of password prompts before giving up. The | 258 | Specifies the number of password prompts before giving up. The |
261 | argument to this keyword must be an integer. Default is 3. | 259 | argument to this keyword must be an integer. Default is 3. |
262 | 260 | ||
263 | PasswordAuthentication | 261 | ^[[1mPasswordAuthentication^[[0m |
264 | Specifies whether to use password authentication. The argument | 262 | Specifies whether to use password authentication. The argument |
265 | to this keyword must be ``yes'' or ``no''. The default is | 263 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
266 | ``yes''. | ||
267 | 264 | ||
268 | Port Specifies the port number to connect on the remote host. Default | 265 | ^[[1mPort ^[[22mSpecifies the port number to connect on the remote host. Default |
269 | is 22. | 266 | is 22. |
270 | 267 | ||
271 | PreferredAuthentications | 268 | ^[[1mPreferredAuthentications^[[0m |
272 | Specifies the order in which the client should try protocol 2 | 269 | Specifies the order in which the client should try protocol 2 |
273 | authentication methods. This allows a client to prefer one method | 270 | authentication methods. This allows a client to prefer one method |
274 | (e.g. keyboard-interactive) over another method (e.g. password) | 271 | (e.g. ^[[1mkeyboardM-bM-^@M-^Pinteractive^[[22m) over another method (e.g. ^[[1mpassword^[[22m) |
275 | The default for this option is: | 272 | The default for this option is: |
276 | ``hostbased,publickey,keyboard-interactive,password''. | 273 | M-bM-^@M-^\hostbased,publickey,keyboardM-bM-^@M-^Pinteractive,passwordM-bM-^@M-^]. |
277 | 274 | ||
278 | Protocol | 275 | ^[[1mProtocol^[[0m |
279 | Specifies the protocol versions ssh should support in order of | 276 | Specifies the protocol versions ^[[1mssh ^[[22mshould support in order of |
280 | preference. The possible values are ``1'' and ``2''. Multiple | 277 | preference. The possible values are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple verM-bM-^@M-^P |
281 | versions must be comma-separated. The default is ``2,1''. This | 278 | sions must be commaM-bM-^@M-^Pseparated. The default is M-bM-^@M-^\2,1M-bM-^@M-^]. This means |
282 | means that ssh tries version 2 and falls back to version 1 if | 279 | that ^[[1mssh ^[[22mtries version 2 and falls back to version 1 if version 2 |
283 | version 2 is not available. | 280 | is not available. |
284 | 281 | ||
285 | ProxyCommand | 282 | ^[[1mProxyCommand^[[0m |
286 | Specifies the command to use to connect to the server. The comM-- | 283 | Specifies the command to use to connect to the server. The comM-bM-^@M-^P |
287 | mand string extends to the end of the line, and is executed with | 284 | mand string extends to the end of the line, and is executed with |
288 | /bin/sh. In the command string, `%h' will be substituted by the | 285 | ^[[4m/bin/sh^[[24m. In the command string, M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the |
289 | host name to connect and `%p' by the port. The command can be | 286 | host name to connect and M-bM-^@M-^X%pM-bM-^@M-^Y by the port. The command can be |
290 | basically anything, and should read from its standard input and | 287 | basically anything, and should read from its standard input and |
291 | write to its standard output. It should eventually connect an | 288 | write to its standard output. It should eventually connect an |
292 | sshd(8) server running on some machine, or execute sshd -i someM-- | 289 | sshd(8) server running on some machine, or execute ^[[1msshd M-bM-^@M-^Pi ^[[22msomeM-bM-^@M-^P |
293 | where. Host key management will be done using the HostName of | 290 | where. Host key management will be done using the HostName of |
294 | the host being connected (defaulting to the name typed by the | 291 | the host being connected (defaulting to the name typed by the |
295 | user). Note that CheckHostIP is not available for connects with | 292 | user). Setting the command to M-bM-^@M-^\noneM-bM-^@M-^] disables this option |
296 | a proxy command. | 293 | entirely. Note that ^[[1mCheckHostIP ^[[22mis not available for connects |
294 | with a proxy command. | ||
297 | 295 | ||
298 | PubkeyAuthentication | 296 | ^[[1mPubkeyAuthentication^[[0m |
299 | Specifies whether to try public key authentication. The argument | 297 | Specifies whether to try public key authentication. The argument |
300 | to this keyword must be ``yes'' or ``no''. The default is | 298 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
301 | ``yes''. This option applies to protocol version 2 only. | 299 | This option applies to protocol version 2 only. |
302 | 300 | ||
303 | RemoteForward | 301 | ^[[1mRemoteForward^[[0m |
304 | Specifies that a TCP/IP port on the remote machine be forwarded | 302 | Specifies that a TCP/IP port on the remote machine be forwarded |
305 | over the secure channel to the specified host and port from the | 303 | over the secure channel to the specified host and port from the |
306 | local machine. The first argument must be a port number, and the | 304 | local machine. The first argument must be a port number, and the |
307 | second must be host:port. IPv6 addresses can be specified with | 305 | second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified with |
308 | an alternative syntax: host/port. Multiple forwardings may be | 306 | an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may be |
309 | specified, and additional forwardings can be given on the command | 307 | specified, and additional forwardings can be given on the command |
310 | line. Only the superuser can forward privileged ports. | 308 | line. Only the superuser can forward privileged ports. |
311 | 309 | ||
312 | RhostsAuthentication | 310 | ^[[1mRhostsAuthentication^[[0m |
313 | Specifies whether to try rhosts based authentication. Note that | 311 | Specifies whether to try rhosts based authentication. Note that |
314 | this declaration only affects the client side and has no effect | 312 | this declaration only affects the client side and has no effect |
315 | whatsoever on security. Most servers do not permit RhostsAuthenM-- | 313 | whatsoever on security. Most servers do not permit RhostsAuthenM-bM-^@M-^P |
316 | tication because it is not secure (see RhostsRSAAuthentication). | 314 | tication because it is not secure (see ^[[1mRhostsRSAAuthentication^[[22m). |
317 | The argument to this keyword must be ``yes'' or ``no''. The | 315 | The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default |
318 | default is ``no''. This option applies to protocol version 1 | 316 | is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only and |
319 | only and requires ssh to be setuid root and UsePrivilegedPort to | 317 | requires ^[[1mssh ^[[22mto be setuid root and ^[[1mUsePrivilegedPort ^[[22mto be set to |
320 | be set to ``yes''. | 318 | M-bM-^@M-^\yesM-bM-^@M-^]. |
321 | 319 | ||
322 | RhostsRSAAuthentication | 320 | ^[[1mRhostsRSAAuthentication^[[0m |
323 | Specifies whether to try rhosts based authentication with RSA | 321 | Specifies whether to try rhosts based authentication with RSA |
324 | host authentication. The argument must be ``yes'' or ``no''. | 322 | host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
325 | The default is ``no''. This option applies to protocol version 1 | 323 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only |
326 | only and requires ssh to be setuid root. | 324 | and requires ^[[1mssh ^[[22mto be setuid root. |
327 | 325 | ||
328 | RSAAuthentication | 326 | ^[[1mRSAAuthentication^[[0m |
329 | Specifies whether to try RSA authentication. The argument to | 327 | Specifies whether to try RSA authentication. The argument to |
330 | this keyword must be ``yes'' or ``no''. RSA authentication will | 328 | this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. RSA authentication will only |
331 | only be attempted if the identity file exists, or an authenticaM-- | 329 | be attempted if the identity file exists, or an authentication |
332 | tion agent is running. The default is ``yes''. Note that this | 330 | agent is running. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option |
333 | option applies to protocol version 1 only. | 331 | applies to protocol version 1 only. |
334 | 332 | ||
335 | SmartcardDevice | 333 | ^[[1mSmartcardDevice^[[0m |
336 | Specifies which smartcard device to use. The argument to this | 334 | Specifies which smartcard device to use. The argument to this |
337 | keyword is the device ssh should use to communicate with a smartM-- | 335 | keyword is the device ^[[1mssh ^[[22mshould use to communicate with a smartM-bM-^@M-^P |
338 | card used for storing the user's private RSA key. By default, no | 336 | card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no |
339 | device is specified and smartcard support is not activated. | 337 | device is specified and smartcard support is not activated. |
340 | 338 | ||
341 | StrictHostKeyChecking | 339 | ^[[1mStrictHostKeyChecking^[[0m |
342 | If this flag is set to ``yes'', ssh will never automatically add | 340 | If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ^[[1mssh ^[[22mwill never automatically add |
343 | host keys to the $HOME/.ssh/known_hosts file, and refuses to conM-- | 341 | host keys to the ^[[4m$HOME/.ssh/known_hosts^[[24m file, and refuses to conM-bM-^@M-^P |
344 | nect to hosts whose host key has changed. This provides maximum | 342 | nect to hosts whose host key has changed. This provides maximum |
345 | protection against trojan horse attacks, however, can be annoying | 343 | protection against trojan horse attacks, however, can be annoying |
346 | when the /etc/ssh/ssh_known_hosts file is poorly maintained, or | 344 | when the ^[[4m/etc/ssh/ssh_known_hosts^[[24m file is poorly maintained, or |
347 | connections to new hosts are frequently made. This option forces | 345 | connections to new hosts are frequently made. This option forces |
348 | the user to manually add all new hosts. If this flag is set to | 346 | the user to manually add all new hosts. If this flag is set to |
349 | ``no'', ssh will automatically add new host keys to the user | 347 | M-bM-^@M-^\noM-bM-^@M-^], ^[[1mssh ^[[22mwill automatically add new host keys to the user known |
350 | known hosts files. If this flag is set to ``ask'', new host keys | 348 | hosts files. If this flag is set to M-bM-^@M-^\askM-bM-^@M-^], new host keys will be |
351 | will be added to the user known host files only after the user | 349 | added to the user known host files only after the user has conM-bM-^@M-^P |
352 | has confirmed that is what they really want to do, and ssh will | 350 | firmed that is what they really want to do, and ^[[1mssh ^[[22mwill refuse |
353 | refuse to connect to hosts whose host key has changed. The host | 351 | to connect to hosts whose host key has changed. The host keys of |
354 | keys of known hosts will be verified automatically in all cases. | 352 | known hosts will be verified automatically in all cases. The |
355 | The argument must be ``yes'', ``no'' or ``ask''. The default is | 353 | argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\askM-bM-^@M-^]. The default is M-bM-^@M-^\askM-bM-^@M-^]. |
356 | ``ask''. | 354 | |
357 | 355 | ^[[1mUsePrivilegedPort^[[0m | |
358 | UsePrivilegedPort | 356 | Specifies whether to use a privileged port for outgoing connecM-bM-^@M-^P |
359 | Specifies whether to use a privileged port for outgoing connecM-- | 357 | tions. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
360 | tions. The argument must be ``yes'' or ``no''. The default is | 358 | If set to M-bM-^@M-^\yesM-bM-^@M-^] ^[[1mssh ^[[22mmust be setuid root. Note that this option |
361 | ``no''. If set to ``yes'' ssh must be setuid root. Note that | 359 | must be set to M-bM-^@M-^\yesM-bM-^@M-^] if ^[[1mRhostsAuthentication ^[[22mand |
362 | this option must be set to ``yes'' if RhostsAuthentication and | 360 | ^[[1mRhostsRSAAuthentication ^[[22mauthentications are needed with older |
363 | RhostsRSAAuthentication authentications are needed with older | ||
364 | servers. | 361 | servers. |
365 | 362 | ||
366 | User Specifies the user to log in as. This can be useful when a difM-- | 363 | ^[[1mUser ^[[22mSpecifies the user to log in as. This can be useful when a difM-bM-^@M-^P |
367 | ferent user name is used on different machines. This saves the | 364 | ferent user name is used on different machines. This saves the |
368 | trouble of having to remember to give the user name on the comM-- | 365 | trouble of having to remember to give the user name on the comM-bM-^@M-^P |
369 | mand line. | 366 | mand line. |
370 | 367 | ||
371 | UserKnownHostsFile | 368 | ^[[1mUserKnownHostsFile^[[0m |
372 | Specifies a file to use for the user host key database instead of | 369 | Specifies a file to use for the user host key database instead of |
373 | $HOME/.ssh/known_hosts. | 370 | ^[[4m$HOME/.ssh/known_hosts^[[24m. |
374 | 371 | ||
375 | XAuthLocation | 372 | ^[[1mXAuthLocation^[[0m |
376 | Specifies the full pathname of the xauth(1) program. The default | 373 | Specifies the full pathname of the xauth(1) program. The default |
377 | is /usr/X11R6/bin/xauth. | 374 | is ^[[4m/usr/X11R6/bin/xauth^[[24m. |
378 | 375 | ||
379 | FILES | 376 | ^[[1mFILES^[[0m |
380 | $HOME/.ssh/config | 377 | $HOME/.ssh/config |
381 | This is the per-user configuration file. The format of this file | 378 | This is the perM-bM-^@M-^Puser configuration file. The format of this file |
382 | is described above. This file is used by the ssh client. This | 379 | is described above. This file is used by the ^[[1mssh ^[[22mclient. This |
383 | file does not usually contain any sensitive information, but the | 380 | file does not usually contain any sensitive information, but the |
384 | recommended permissions are read/write for the user, and not | 381 | recommended permissions are read/write for the user, and not |
385 | accessible by others. | 382 | accessible by others. |
386 | 383 | ||
387 | /etc/ssh/ssh_config | 384 | /etc/ssh/ssh_config |
388 | Systemwide configuration file. This file provides defaults for | 385 | Systemwide configuration file. This file provides defaults for |
389 | those values that are not specified in the user's configuration | 386 | those values that are not specified in the userM-bM-^@M-^Ys configuration |
390 | file, and for those users who do not have a configuration file. | 387 | file, and for those users who do not have a configuration file. |
391 | This file must be world-readable. | 388 | This file must be worldM-bM-^@M-^Preadable. |
392 | 389 | ||
393 | AUTHORS | 390 | ^[[1mAUTHORS^[[0m |
394 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 391 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
395 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 392 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
396 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 393 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
397 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 394 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
398 | versions 1.5 and 2.0. | 395 | versions 1.5 and 2.0. |
399 | 396 | ||
400 | SEE ALSO | 397 | ^[[1mSEE ALSO^[[0m |
401 | ssh(1) | 398 | ssh(1) |
402 | 399 | ||
403 | BSD September 25, 1999 BSD | 400 | BSD September 25, 1999 BSD |
diff --git a/ssh_config.5 b/ssh_config.5 index 67fa0845c..20bba1502 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -493,6 +493,9 @@ somewhere. | |||
493 | Host key management will be done using the | 493 | Host key management will be done using the |
494 | HostName of the host being connected (defaulting to the name typed by | 494 | HostName of the host being connected (defaulting to the name typed by |
495 | the user). | 495 | the user). |
496 | Setting the command to | ||
497 | .Dq none | ||
498 | disables this option entirely. | ||
496 | Note that | 499 | Note that |
497 | .Cm CheckHostIP | 500 | .Cm CheckHostIP |
498 | is not available for connects with a proxy command. | 501 | is not available for connects with a proxy command. |
diff --git a/sshconnect.c b/sshconnect.c index 95e0f6d77..013a896b7 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.137 2002/11/21 23:03:51 deraadt Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -254,7 +254,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
254 | */ | 254 | */ |
255 | int full_failure = 1; | 255 | int full_failure = 1; |
256 | 256 | ||
257 | debug("ssh_connect: needpriv %d", needpriv); | 257 | debug2("ssh_connect: needpriv %d", needpriv); |
258 | 258 | ||
259 | /* Get default port if port has not been set. */ | 259 | /* Get default port if port has not been set. */ |
260 | if (port == 0) { | 260 | if (port == 0) { |
@@ -681,10 +681,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
681 | "%s key fingerprint is %s.\n" | 681 | "%s key fingerprint is %s.\n" |
682 | "Are you sure you want to continue connecting " | 682 | "Are you sure you want to continue connecting " |
683 | "(yes/no)? ", | 683 | "(yes/no)? ", |
684 | host, ip, | 684 | host, ip, |
685 | has_keys ? ",\nbut keys of different type are already " | 685 | has_keys ? ",\nbut keys of different type are already " |
686 | "known for this host." : ".", | 686 | "known for this host." : ".", |
687 | type, fp); | 687 | type, fp); |
688 | xfree(fp); | 688 | xfree(fp); |
689 | if (!confirm(msg)) | 689 | if (!confirm(msg)) |
690 | goto fail; | 690 | goto fail; |
diff --git a/sshconnect2.c b/sshconnect2.c index 703d0721f..1f92f0296 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
@@ -110,6 +110,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
110 | 110 | ||
111 | /* start key exchange */ | 111 | /* start key exchange */ |
112 | kex = kex_setup(myproposal); | 112 | kex = kex_setup(myproposal); |
113 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | ||
114 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | ||
113 | kex->client_version_string=client_version_string; | 115 | kex->client_version_string=client_version_string; |
114 | kex->server_version_string=server_version_string; | 116 | kex->server_version_string=server_version_string; |
115 | kex->verify_host_key=&verify_host_key_callback; | 117 | kex->verify_host_key=&verify_host_key_callback; |
@@ -128,7 +130,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
128 | packet_send(); | 130 | packet_send(); |
129 | packet_write_wait(); | 131 | packet_write_wait(); |
130 | #endif | 132 | #endif |
131 | debug("done: ssh_kex2."); | ||
132 | } | 133 | } |
133 | 134 | ||
134 | /* | 135 | /* |
@@ -224,24 +225,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
224 | if (options.challenge_response_authentication) | 225 | if (options.challenge_response_authentication) |
225 | options.kbd_interactive_authentication = 1; | 226 | options.kbd_interactive_authentication = 1; |
226 | 227 | ||
227 | debug("send SSH2_MSG_SERVICE_REQUEST"); | ||
228 | packet_start(SSH2_MSG_SERVICE_REQUEST); | 228 | packet_start(SSH2_MSG_SERVICE_REQUEST); |
229 | packet_put_cstring("ssh-userauth"); | 229 | packet_put_cstring("ssh-userauth"); |
230 | packet_send(); | 230 | packet_send(); |
231 | debug("SSH2_MSG_SERVICE_REQUEST sent"); | ||
231 | packet_write_wait(); | 232 | packet_write_wait(); |
232 | type = packet_read(); | 233 | type = packet_read(); |
233 | if (type != SSH2_MSG_SERVICE_ACCEPT) { | 234 | if (type != SSH2_MSG_SERVICE_ACCEPT) |
234 | fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); | 235 | fatal("Server denied authentication request: %d", type); |
235 | } | ||
236 | if (packet_remaining() > 0) { | 236 | if (packet_remaining() > 0) { |
237 | char *reply = packet_get_string(NULL); | 237 | char *reply = packet_get_string(NULL); |
238 | debug("service_accept: %s", reply); | 238 | debug2("service_accept: %s", reply); |
239 | xfree(reply); | 239 | xfree(reply); |
240 | } else { | 240 | } else { |
241 | debug("buggy server: service_accept w/o service"); | 241 | debug2("buggy server: service_accept w/o service"); |
242 | } | 242 | } |
243 | packet_check_eom(); | 243 | packet_check_eom(); |
244 | debug("got SSH2_MSG_SERVICE_ACCEPT"); | 244 | debug("SSH2_MSG_SERVICE_ACCEPT received"); |
245 | 245 | ||
246 | if (options.preferred_authentications == NULL) | 246 | if (options.preferred_authentications == NULL) |
247 | options.preferred_authentications = authmethods_get(); | 247 | options.preferred_authentications = authmethods_get(); |
@@ -273,7 +273,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
273 | if (authctxt.agent != NULL) | 273 | if (authctxt.agent != NULL) |
274 | ssh_close_authentication_connection(authctxt.agent); | 274 | ssh_close_authentication_connection(authctxt.agent); |
275 | 275 | ||
276 | debug("ssh-userauth2 successful: method %s", authctxt.method->name); | 276 | debug("Authentication succeeded (%s).", authctxt.method->name); |
277 | } | 277 | } |
278 | void | 278 | void |
279 | userauth(Authctxt *authctxt, char *authlist) | 279 | userauth(Authctxt *authctxt, char *authlist) |
@@ -347,7 +347,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
347 | 347 | ||
348 | if (partial != 0) | 348 | if (partial != 0) |
349 | log("Authenticated with partial success."); | 349 | log("Authenticated with partial success."); |
350 | debug("authentications that can continue: %s", authlist); | 350 | debug("Authentications that can continue: %s", authlist); |
351 | 351 | ||
352 | clear_auth_state(authctxt); | 352 | clear_auth_state(authctxt); |
353 | userauth(authctxt, authlist); | 353 | userauth(authctxt, authlist); |
@@ -379,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
379 | } | 379 | } |
380 | packet_check_eom(); | 380 | packet_check_eom(); |
381 | 381 | ||
382 | debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", | 382 | debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d", |
383 | pkalg, blen, authctxt->last_key, authctxt->last_key_hint); | 383 | pkalg, blen, authctxt->last_key, authctxt->last_key_hint); |
384 | 384 | ||
385 | do { | 385 | do { |
@@ -764,7 +764,7 @@ userauth_pubkey_agent(Authctxt *authctxt) | |||
764 | if (k == NULL) { | 764 | if (k == NULL) { |
765 | debug2("userauth_pubkey_agent: no more keys"); | 765 | debug2("userauth_pubkey_agent: no more keys"); |
766 | } else { | 766 | } else { |
767 | debug("userauth_pubkey_agent: testing agent key %s", comment); | 767 | debug("Offering agent key: %s", comment); |
768 | xfree(comment); | 768 | xfree(comment); |
769 | ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); | 769 | ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); |
770 | if (ret == 0) | 770 | if (ret == 0) |
@@ -792,7 +792,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
792 | key = options.identity_keys[idx]; | 792 | key = options.identity_keys[idx]; |
793 | filename = options.identity_files[idx]; | 793 | filename = options.identity_files[idx]; |
794 | if (key == NULL) { | 794 | if (key == NULL) { |
795 | debug("try privkey: %s", filename); | 795 | debug("Trying private key: %s", filename); |
796 | key = load_identity_file(filename); | 796 | key = load_identity_file(filename); |
797 | if (key != NULL) { | 797 | if (key != NULL) { |
798 | sent = sign_and_send_pubkey(authctxt, key, | 798 | sent = sign_and_send_pubkey(authctxt, key, |
@@ -800,7 +800,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
800 | key_free(key); | 800 | key_free(key); |
801 | } | 801 | } |
802 | } else if (key->type != KEY_RSA1) { | 802 | } else if (key->type != KEY_RSA1) { |
803 | debug("try pubkey: %s", filename); | 803 | debug("Offering public key: %s", filename); |
804 | sent = send_pubkey_test(authctxt, key, | 804 | sent = send_pubkey_test(authctxt, key, |
805 | identity_sign_cb, idx); | 805 | identity_sign_cb, idx); |
806 | } | 806 | } |
@@ -906,7 +906,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, | |||
906 | pid_t pid; | 906 | pid_t pid; |
907 | int to[2], from[2], status, version = 2; | 907 | int to[2], from[2], status, version = 2; |
908 | 908 | ||
909 | debug("ssh_keysign called"); | 909 | debug2("ssh_keysign called"); |
910 | 910 | ||
911 | if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { | 911 | if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { |
912 | error("ssh_keysign: no installed: %s", strerror(errno)); | 912 | error("ssh_keysign: no installed: %s", strerror(errno)); |
@@ -995,7 +995,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
995 | } | 995 | } |
996 | } | 996 | } |
997 | if (!found) { | 997 | if (!found) { |
998 | debug("userauth_hostbased: no more client hostkeys"); | 998 | debug("No more client hostkeys for hostbased authentication."); |
999 | return 0; | 999 | return 0; |
1000 | } | 1000 | } |
1001 | if (key_to_blob(private, &blob, &blen) == 0) { | 1001 | if (key_to_blob(private, &blob, &blen) == 0) { |
@@ -1014,6 +1014,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
1014 | strlcpy(chost, p, len); | 1014 | strlcpy(chost, p, len); |
1015 | strlcat(chost, ".", len); | 1015 | strlcat(chost, ".", len); |
1016 | debug2("userauth_hostbased: chost %s", chost); | 1016 | debug2("userauth_hostbased: chost %s", chost); |
1017 | xfree(p); | ||
1017 | 1018 | ||
1018 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 1019 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
1019 | authctxt->service; | 1020 | authctxt->service; |
@@ -1109,7 +1110,6 @@ static char *preferred = NULL; | |||
1109 | static Authmethod * | 1110 | static Authmethod * |
1110 | authmethod_get(char *authlist) | 1111 | authmethod_get(char *authlist) |
1111 | { | 1112 | { |
1112 | |||
1113 | char *name = NULL; | 1113 | char *name = NULL; |
1114 | u_int next; | 1114 | u_int next; |
1115 | 1115 | ||
@@ -1130,7 +1130,7 @@ authmethod_get(char *authlist) | |||
1130 | 1130 | ||
1131 | for (;;) { | 1131 | for (;;) { |
1132 | if ((name = match_list(preferred, supported, &next)) == NULL) { | 1132 | if ((name = match_list(preferred, supported, &next)) == NULL) { |
1133 | debug("no more auth methods to try"); | 1133 | debug("No more authentication methods to try."); |
1134 | current = NULL; | 1134 | current = NULL; |
1135 | return NULL; | 1135 | return NULL; |
1136 | } | 1136 | } |
@@ -1140,7 +1140,7 @@ authmethod_get(char *authlist) | |||
1140 | if ((current = authmethod_lookup(name)) != NULL && | 1140 | if ((current = authmethod_lookup(name)) != NULL && |
1141 | authmethod_is_enabled(current)) { | 1141 | authmethod_is_enabled(current)) { |
1142 | debug3("authmethod_is_enabled %s", name); | 1142 | debug3("authmethod_is_enabled %s", name); |
1143 | debug("next auth method to try is %s", name); | 1143 | debug("Next authentication method: %s", name); |
1144 | return current; | 1144 | return current; |
1145 | } | 1145 | } |
1146 | } | 1146 | } |
@@ -1,33 +1,33 @@ | |||
1 | SSHD(8) System Manager's Manual SSHD(8) | 1 | SSHD(8) BSD System ManagerM-bM-^@M-^Ys Manual SSHD(8) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | sshd - OpenSSH SSH daemon | 4 | ^[[1msshd ^[[22mM-bMM-^R OpenSSH SSH daemon |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | sshd [-deiqtD46] [-b bits] [-f config_file] [-g login_grace_time] | 7 | ^[[1msshd ^[[22m[^[[1mM-bMM-^RdeiqtD46^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mconfig_file^[[24m] [^[[1mM-bMM-^Rg ^[[4m^[[22mlogin_grace_time^[[24m] |
8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 8 | [^[[1mM-bMM-^Rh ^[[4m^[[22mhost_key_file^[[24m] [^[[1mM-bMM-^Rk ^[[4m^[[22mkey_gen_time^[[24m] [^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[24m] [^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[24m] [^[[1mM-bMM-^Ru ^[[4m^[[22mlen^[[24m] |
9 | 9 | ||
10 | DESCRIPTION | 10 | ^[[1mDESCRIPTION^[[0m |
11 | sshd (SSH Daemon) is the daemon program for ssh(1). Together these proM-- | 11 | ^[[1msshd ^[[22m(SSH Daemon) is the daemon program for ssh(1). Together these proM-bM-^@M-^P |
12 | grams replace rlogin and rsh, and provide secure encrypted communications | 12 | grams replace rlogin and rsh, and provide secure encrypted communications |
13 | between two untrusted hosts over an insecure network. The programs are | 13 | between two untrusted hosts over an insecure network. The programs are |
14 | intended to be as easy to install and use as possible. | 14 | intended to be as easy to install and use as possible. |
15 | 15 | ||
16 | sshd is the daemon that listens for connections from clients. It is norM-- | 16 | ^[[1msshd ^[[22mis the daemon that listens for connections from clients. It is norM-bM-^@M-^P |
17 | mally started at boot from /etc/rc. It forks a new daemon for each | 17 | mally started at boot from ^[[4m/etc/rc^[[24m. It forks a new daemon for each |
18 | incoming connection. The forked daemons handle key exchange, encryption, | 18 | incoming connection. The forked daemons handle key exchange, encryption, |
19 | authentication, command execution, and data exchange. This implementaM-- | 19 | authentication, command execution, and data exchange. This implementaM-bM-^@M-^P |
20 | tion of sshd supports both SSH protocol version 1 and 2 simultaneously. | 20 | tion of ^[[1msshd ^[[22msupports both SSH protocol version 1 and 2 simultaneously. |
21 | sshd works as follows. | 21 | ^[[1msshd ^[[22mworks as follows: |
22 | 22 | ||
23 | SSH protocol version 1 | 23 | ^[[1mSSH protocol version 1^[[0m |
24 | 24 | ||
25 | Each host has a host-specific RSA key (normally 1024 bits) used to idenM-- | 25 | Each host has a hostM-bM-^@M-^Pspecific RSA key (normally 1024 bits) used to idenM-bM-^@M-^P |
26 | tify the host. Additionally, when the daemon starts, it generates a | 26 | tify the host. Additionally, when the daemon starts, it generates a |
27 | server RSA key (normally 768 bits). This key is normally regenerated | 27 | server RSA key (normally 768 bits). This key is normally regenerated |
28 | every hour if it has been used, and is never stored on disk. | 28 | every hour if it has been used, and is never stored on disk. |
29 | 29 | ||
30 | Whenever a client connects the daemon responds with its public host and | 30 | Whenever a client connects, the daemon responds with its public host and |
31 | server keys. The client compares the RSA host key against its own | 31 | server keys. The client compares the RSA host key against its own |
32 | database to verify that it has not changed. The client then generates a | 32 | database to verify that it has not changed. The client then generates a |
33 | 256 bit random number. It encrypts this random number using both the | 33 | 256 bit random number. It encrypts this random number using both the |
@@ -35,24 +35,24 @@ DESCRIPTION | |||
35 | server. Both sides then use this random number as a session key which is | 35 | server. Both sides then use this random number as a session key which is |
36 | used to encrypt all further communications in the session. The rest of | 36 | used to encrypt all further communications in the session. The rest of |
37 | the session is encrypted using a conventional cipher, currently Blowfish | 37 | the session is encrypted using a conventional cipher, currently Blowfish |
38 | or 3DES, with 3DES being used by default. The client selects the encrypM-- | 38 | or 3DES, with 3DES being used by default. The client selects the encrypM-bM-^@M-^P |
39 | tion algorithm to use from those offered by the server. | 39 | tion algorithm to use from those offered by the server. |
40 | 40 | ||
41 | Next, the server and the client enter an authentication dialog. The | 41 | Next, the server and the client enter an authentication dialog. The |
42 | client tries to authenticate itself using .rhosts authentication, .rhosts | 42 | client tries to authenticate itself using ^[[4m.rhosts^[[24m authentication, ^[[4m.rhosts^[[0m |
43 | authentication combined with RSA host authentication, RSA challenge- | 43 | authentication combined with RSA host authentication, RSA challengeM-bM-^@M-^P |
44 | response authentication, or password based authentication. | 44 | response authentication, or password based authentication. |
45 | 45 | ||
46 | Rhosts authentication is normally disabled because it is fundamentally | 46 | Rhosts authentication is normally disabled because it is fundamentally |
47 | insecure, but can be enabled in the server configuration file if desired. | 47 | insecure, but can be enabled in the server configuration file if desired. |
48 | System security is not improved unless rshd, rlogind, and rexecd are disM-- | 48 | System security is not improved unless ^[[1mrshd^[[22m, ^[[1mrlogind^[[22m, and ^[[1mrexecd ^[[22mare disM-bM-^@M-^P |
49 | abled (thus completely disabling rlogin and rsh into the machine). | 49 | abled (thus completely disabling rlogin and rsh into the machine). |
50 | 50 | ||
51 | SSH protocol version 2 | 51 | ^[[1mSSH protocol version 2^[[0m |
52 | 52 | ||
53 | Version 2 works similarly: Each host has a host-specific key (RSA or DSA) | 53 | Version 2 works similarly: Each host has a hostM-bM-^@M-^Pspecific key (RSA or DSA) |
54 | used to identify the host. However, when the daemon starts, it does not | 54 | used to identify the host. However, when the daemon starts, it does not |
55 | generate a server key. Forward security is provided through a Diffie- | 55 | generate a server key. Forward security is provided through a DiffieM-bM-^@M-^P |
56 | Hellman key agreement. This key agreement results in a shared session | 56 | Hellman key agreement. This key agreement results in a shared session |
57 | key. | 57 | key. |
58 | 58 | ||
@@ -60,19 +60,19 @@ DESCRIPTION | |||
60 | 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit | 60 | 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit |
61 | AES. The client selects the encryption algorithm to use from those | 61 | AES. The client selects the encryption algorithm to use from those |
62 | offered by the server. Additionally, session integrity is provided | 62 | offered by the server. Additionally, session integrity is provided |
63 | through a cryptographic message authentication code (hmac-sha1 or hmac- | 63 | through a cryptographic message authentication code (hmacM-bM-^@M-^Psha1 or hmacM-bM-^@M-^P |
64 | md5). | 64 | md5). |
65 | 65 | ||
66 | Protocol version 2 provides a public key based user (PubkeyAuthenticaM-- | 66 | Protocol version 2 provides a public key based user (PubkeyAuthenticaM-bM-^@M-^P |
67 | tion) or client host (HostbasedAuthentication) authentication method, | 67 | tion) or client host (HostbasedAuthentication) authentication method, |
68 | conventional password authentication and challenge response based methM-- | 68 | conventional password authentication and challenge response based methM-bM-^@M-^P |
69 | ods. | 69 | ods. |
70 | 70 | ||
71 | Command execution and data forwarding | 71 | ^[[1mCommand execution and data forwarding^[[0m |
72 | 72 | ||
73 | If the client successfully authenticates itself, a dialog for preparing | 73 | If the client successfully authenticates itself, a dialog for preparing |
74 | the session is entered. At this time the client may request things like | 74 | the session is entered. At this time the client may request things like |
75 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP | 75 | allocating a pseudoM-bM-^@M-^Ptty, forwarding X11 connections, forwarding TCP/IP |
76 | connections, or forwarding the authentication agent connection over the | 76 | connections, or forwarding the authentication agent connection over the |
77 | secure channel. | 77 | secure channel. |
78 | 78 | ||
@@ -81,390 +81,390 @@ DESCRIPTION | |||
81 | data at any time, and such data is forwarded to/from the shell or command | 81 | data at any time, and such data is forwarded to/from the shell or command |
82 | on the server side, and the user terminal in the client side. | 82 | on the server side, and the user terminal in the client side. |
83 | 83 | ||
84 | When the user program terminates and all forwarded X11 and other connecM-- | 84 | When the user program terminates and all forwarded X11 and other connecM-bM-^@M-^P |
85 | tions have been closed, the server sends command exit status to the | 85 | tions have been closed, the server sends command exit status to the |
86 | client, and both sides exit. | 86 | client, and both sides exit. |
87 | 87 | ||
88 | sshd can be configured using command-line options or a configuration | 88 | ^[[1msshd ^[[22mcan be configured using commandM-bM-^@M-^Pline options or a configuration |
89 | file. Command-line options override values specified in the configuraM-- | 89 | file. CommandM-bM-^@M-^Pline options override values specified in the configuraM-bM-^@M-^P |
90 | tion file. | 90 | tion file. |
91 | 91 | ||
92 | sshd rereads its configuration file when it receives a hangup signal, | 92 | ^[[1msshd ^[[22mrereads its configuration file when it receives a hangup signal, |
93 | SIGHUP, by executing itself with the name it was started as, i.e., | 93 | SIGHUP, by executing itself with the name it was started as, i.e., |
94 | /usr/sbin/sshd. | 94 | ^[[4m/usr/sbin/sshd^[[24m. |
95 | 95 | ||
96 | The options are as follows: | 96 | The options are as follows: |
97 | 97 | ||
98 | -b bits | 98 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m |
99 | Specifies the number of bits in the ephemeral protocol version 1 | 99 | Specifies the number of bits in the ephemeral protocol version 1 |
100 | server key (default 768). | 100 | server key (default 768). |
101 | 101 | ||
102 | -d Debug mode. The server sends verbose debug output to the system | 102 | ^[[1mM-bMM-^Rd ^[[22mDebug mode. The server sends verbose debug output to the system |
103 | log, and does not put itself in the background. The server also | 103 | log, and does not put itself in the background. The server also |
104 | will not fork and will only process one connection. This option | 104 | will not fork and will only process one connection. This option |
105 | is only intended for debugging for the server. Multiple -d | 105 | is only intended for debugging for the server. Multiple ^[[1mM-bMM-^Rd^[[0m |
106 | options increase the debugging level. Maximum is 3. | 106 | options increase the debugging level. Maximum is 3. |
107 | 107 | ||
108 | -e When this option is specified, sshd will send the output to the | 108 | ^[[1mM-bMM-^Re ^[[22mWhen this option is specified, ^[[1msshd ^[[22mwill send the output to the |
109 | standard error instead of the system log. | 109 | standard error instead of the system log. |
110 | 110 | ||
111 | -f configuration_file | 111 | ^[[1mM-bMM-^Rf ^[[4m^[[22mconfiguration_file^[[0m |
112 | Specifies the name of the configuration file. The default is | 112 | Specifies the name of the configuration file. The default is |
113 | /etc/ssh/sshd_config. sshd refuses to start if there is no conM-- | 113 | ^[[4m/etc/ssh/sshd_config^[[24m. ^[[1msshd ^[[22mrefuses to start if there is no conM-bM-^@M-^P |
114 | figuration file. | 114 | figuration file. |
115 | 115 | ||
116 | -g login_grace_time | 116 | ^[[1mM-bMM-^Rg ^[[4m^[[22mlogin_grace_time^[[0m |
117 | Gives the grace time for clients to authenticate themselves | 117 | Gives the grace time for clients to authenticate themselves |
118 | (default 120 seconds). If the client fails to authenticate the | 118 | (default 120 seconds). If the client fails to authenticate the |
119 | user within this many seconds, the server disconnects and exits. | 119 | user within this many seconds, the server disconnects and exits. |
120 | A value of zero indicates no limit. | 120 | A value of zero indicates no limit. |
121 | 121 | ||
122 | -h host_key_file | 122 | ^[[1mM-bMM-^Rh ^[[4m^[[22mhost_key_file^[[0m |
123 | Specifies a file from which a host key is read. This option must | 123 | Specifies a file from which a host key is read. This option must |
124 | be given if sshd is not run as root (as the normal host key files | 124 | be given if ^[[1msshd ^[[22mis not run as root (as the normal host key files |
125 | are normally not readable by anyone but root). The default is | 125 | are normally not readable by anyone but root). The default is |
126 | /etc/ssh/ssh_host_key for protocol version 1, and | 126 | ^[[4m/etc/ssh/ssh_host_key^[[24m for protocol version 1, and |
127 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for proM-- | 127 | ^[[4m/etc/ssh/ssh_host_rsa_key^[[24m and ^[[4m/etc/ssh/ssh_host_dsa_key^[[24m for proM-bM-^@M-^P |
128 | tocol version 2. It is possible to have multiple host key files | 128 | tocol version 2. It is possible to have multiple host key files |
129 | for the different protocol versions and host key algorithms. | 129 | for the different protocol versions and host key algorithms. |
130 | 130 | ||
131 | -i Specifies that sshd is being run from inetd. sshd is normally | 131 | ^[[1mM-bMM-^Ri ^[[22mSpecifies that ^[[1msshd ^[[22mis being run from inetd(8). ^[[1msshd ^[[22mis normally |
132 | not run from inetd because it needs to generate the server key | 132 | not run from inetd because it needs to generate the server key |
133 | before it can respond to the client, and this may take tens of | 133 | before it can respond to the client, and this may take tens of |
134 | seconds. Clients would have to wait too long if the key was | 134 | seconds. Clients would have to wait too long if the key was |
135 | regenerated every time. However, with small key sizes (e.g., | 135 | regenerated every time. However, with small key sizes (e.g., |
136 | 512) using sshd from inetd may be feasible. | 136 | 512) using ^[[1msshd ^[[22mfrom inetd may be feasible. |
137 | 137 | ||
138 | -k key_gen_time | 138 | ^[[1mM-bMM-^Rk ^[[4m^[[22mkey_gen_time^[[0m |
139 | Specifies how often the ephemeral protocol version 1 server key | 139 | Specifies how often the ephemeral protocol version 1 server key |
140 | is regenerated (default 3600 seconds, or one hour). The motivaM-- | 140 | is regenerated (default 3600 seconds, or one hour). The motivaM-bM-^@M-^P |
141 | tion for regenerating the key fairly often is that the key is not | 141 | tion for regenerating the key fairly often is that the key is not |
142 | stored anywhere, and after about an hour, it becomes impossible | 142 | stored anywhere, and after about an hour, it becomes impossible |
143 | to recover the key for decrypting intercepted communications even | 143 | to recover the key for decrypting intercepted communications even |
144 | if the machine is cracked into or physically seized. A value of | 144 | if the machine is cracked into or physically seized. A value of |
145 | zero indicates that the key will never be regenerated. | 145 | zero indicates that the key will never be regenerated. |
146 | 146 | ||
147 | -o option | 147 | ^[[1mM-bMM-^Ro ^[[4m^[[22moption^[[0m |
148 | Can be used to give options in the format used in the configuraM-- | 148 | Can be used to give options in the format used in the configuraM-bM-^@M-^P |
149 | tion file. This is useful for specifying options for which there | 149 | tion file. This is useful for specifying options for which there |
150 | is no separate command-line flag. | 150 | is no separate commandM-bM-^@M-^Pline flag. |
151 | 151 | ||
152 | -p port | 152 | ^[[1mM-bMM-^Rp ^[[4m^[[22mport^[[0m |
153 | Specifies the port on which the server listens for connections | 153 | Specifies the port on which the server listens for connections |
154 | (default 22). Multiple port options are permitted. Ports speciM-- | 154 | (default 22). Multiple port options are permitted. Ports speciM-bM-^@M-^P |
155 | fied in the configuration file are ignored when a command-line | 155 | fied in the configuration file are ignored when a commandM-bM-^@M-^Pline |
156 | port is specified. | 156 | port is specified. |
157 | 157 | ||
158 | -q Quiet mode. Nothing is sent to the system log. Normally the | 158 | ^[[1mM-bMM-^Rq ^[[22mQuiet mode. Nothing is sent to the system log. Normally the |
159 | beginning, authentication, and termination of each connection is | 159 | beginning, authentication, and termination of each connection is |
160 | logged. | 160 | logged. |
161 | 161 | ||
162 | -t Test mode. Only check the validity of the configuration file and | 162 | ^[[1mM-bMM-^Rt ^[[22mTest mode. Only check the validity of the configuration file and |
163 | sanity of the keys. This is useful for updating sshd reliably as | 163 | sanity of the keys. This is useful for updating ^[[1msshd ^[[22mreliably as |
164 | configuration options may change. | 164 | configuration options may change. |
165 | 165 | ||
166 | -u len This option is used to specify the size of the field in the utmp | 166 | ^[[1mM-bMM-^Ru ^[[4m^[[22mlen^[[24m This option is used to specify the size of the field in the utmp |
167 | structure that holds the remote host name. If the resolved host | 167 | structure that holds the remote host name. If the resolved host |
168 | name is longer than len, the dotted decimal value will be used | 168 | name is longer than ^[[4mlen^[[24m, the dotted decimal value will be used |
169 | instead. This allows hosts with very long host names that overM-- | 169 | instead. This allows hosts with very long host names that overM-bM-^@M-^P |
170 | flow this field to still be uniquely identified. Specifying -u0 | 170 | flow this field to still be uniquely identified. Specifying ^[[1mM-bMM-^Ru0^[[0m |
171 | indicates that only dotted decimal addresses should be put into | 171 | indicates that only dotted decimal addresses should be put into |
172 | the utmp file. -u0 is also be used to prevent sshd from making | 172 | the ^[[4mutmp^[[24m file. ^[[1mM-bMM-^Ru0 ^[[22mmay also be used to prevent ^[[1msshd ^[[22mfrom making |
173 | DNS requests unless the authentication mechanism or configuration | 173 | DNS requests unless the authentication mechanism or configuration |
174 | requires it. Authentication mechanisms that may require DNS | 174 | requires it. Authentication mechanisms that may require DNS |
175 | include RhostsAuthentication, RhostsRSAAuthentication, | 175 | include ^[[1mRhostsAuthentication^[[22m, ^[[1mRhostsRSAAuthentication^[[22m, |
176 | HostbasedAuthentication and using a from="pattern-list" option in | 176 | ^[[1mHostbasedAuthentication ^[[22mand using a ^[[1mfrom="patternM-bM-^@M-^Plist" ^[[22moption in |
177 | a key file. Configuration options that require DNS include using | 177 | a key file. Configuration options that require DNS include using |
178 | a USER@HOST pattern in AllowUsers or DenyUsers. | 178 | a USER@HOST pattern in ^[[1mAllowUsers ^[[22mor ^[[1mDenyUsers^[[22m. |
179 | 179 | ||
180 | -D When this option is specified sshd will not detach and does not | 180 | ^[[1mM-bMM-^RD ^[[22mWhen this option is specified ^[[1msshd ^[[22mwill not detach and does not |
181 | become a daemon. This allows easy monitoring of sshd. | 181 | become a daemon. This allows easy monitoring of ^[[1msshd^[[22m. |
182 | 182 | ||
183 | -4 Forces sshd to use IPv4 addresses only. | 183 | ^[[1mM-bMM-^R4 ^[[22mForces ^[[1msshd ^[[22mto use IPv4 addresses only. |
184 | 184 | ||
185 | -6 Forces sshd to use IPv6 addresses only. | 185 | ^[[1mM-bMM-^R6 ^[[22mForces ^[[1msshd ^[[22mto use IPv6 addresses only. |
186 | 186 | ||
187 | CONFIGURATION FILE | 187 | ^[[1mCONFIGURATION FILE^[[0m |
188 | sshd reads configuration data from /etc/ssh/sshd_config (or the file | 188 | ^[[1msshd ^[[22mreads configuration data from ^[[4m/etc/ssh/sshd_config^[[24m (or the file |
189 | specified with -f on the command line). The file format and configuraM-- | 189 | specified with ^[[1mM-bMM-^Rf ^[[22mon the command line). The file format and configuraM-bM-^@M-^P |
190 | tion options are described in sshd_config(5). | 190 | tion options are described in sshd_config(5). |
191 | 191 | ||
192 | LOGIN PROCESS | 192 | ^[[1mLOGIN PROCESS^[[0m |
193 | When a user successfully logs in, sshd does the following: | 193 | When a user successfully logs in, ^[[1msshd ^[[22mdoes the following: |
194 | 194 | ||
195 | 1. If the login is on a tty, and no command has been specified, | 195 | 1. If the login is on a tty, and no command has been specified, |
196 | prints last login time and /etc/motd (unless prevented in the | 196 | prints last login time and ^[[4m/etc/motd^[[24m (unless prevented in the |
197 | configuration file or by $HOME/.hushlogin; see the FILES secM-- | 197 | configuration file or by ^[[4m$HOME/.hushlogin^[[24m; see the ^[[4mFILES^[[24m secM-bM-^@M-^P |
198 | tion). | 198 | tion). |
199 | 199 | ||
200 | 2. If the login is on a tty, records login time. | 200 | 2. If the login is on a tty, records login time. |
201 | 201 | ||
202 | 3. Checks /etc/nologin; if it exists, prints contents and quits | 202 | 3. Checks ^[[4m/etc/nologin^[[24m; if it exists, prints contents and quits |
203 | (unless root). | 203 | (unless root). |
204 | 204 | ||
205 | 4. Changes to run with normal user privileges. | 205 | 4. Changes to run with normal user privileges. |
206 | 206 | ||
207 | 5. Sets up basic environment. | 207 | 5. Sets up basic environment. |
208 | 208 | ||
209 | 6. Reads $HOME/.ssh/environment if it exists and users are | 209 | 6. Reads ^[[4m$HOME/.ssh/environment^[[24m if it exists and users are |
210 | allowed to change their environment. See the | 210 | allowed to change their environment. See the |
211 | PermitUserEnvironment option in sshd_config(5). | 211 | ^[[1mPermitUserEnvironment ^[[22moption in sshd_config(5). |
212 | 212 | ||
213 | 7. Changes to user's home directory. | 213 | 7. Changes to userM-bM-^@M-^Ys home directory. |
214 | 214 | ||
215 | 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc | 215 | 8. If ^[[4m$HOME/.ssh/rc^[[24m exists, runs it; else if ^[[4m/etc/ssh/sshrc^[[0m |
216 | exists, runs it; otherwise runs xauth. The ``rc'' files are | 216 | exists, runs it; otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are |
217 | given the X11 authentication protocol and cookie in standard | 217 | given the X11 authentication protocol and cookie in standard |
218 | input. | 218 | input. |
219 | 219 | ||
220 | 9. Runs user's shell or command. | 220 | 9. Runs userM-bM-^@M-^Ys shell or command. |
221 | 221 | ||
222 | AUTHORIZED_KEYS FILE FORMAT | 222 | ^[[1mAUTHORIZED_KEYS FILE FORMAT^[[0m |
223 | $HOME/.ssh/authorized_keys is the default file that lists the public keys | 223 | ^[[4m$HOME/.ssh/authorized_keys^[[24m is the default file that lists the public keys |
224 | that are permitted for RSA authentication in protocol version 1 and for | 224 | that are permitted for RSA authentication in protocol version 1 and for |
225 | public key authentication (PubkeyAuthentication) in protocol version 2. | 225 | public key authentication (PubkeyAuthentication) in protocol version 2. |
226 | AuthorizedKeysFile may be used to specify an alternative file. | 226 | ^[[1mAuthorizedKeysFile ^[[22mmay be used to specify an alternative file. |
227 | 227 | ||
228 | Each line of the file contains one key (empty lines and lines starting | 228 | Each line of the file contains one key (empty lines and lines starting |
229 | with a `#' are ignored as comments). Each RSA public key consists of the | 229 | with a M-bM-^@M-^X#M-bM-^@M-^Y are ignored as comments). Each RSA public key consists of the |
230 | following fields, separated by spaces: options, bits, exponent, modulus, | 230 | following fields, separated by spaces: options, bits, exponent, modulus, |
231 | comment. Each protocol version 2 public key consists of: options, keyM-- | 231 | comment. Each protocol version 2 public key consists of: options, keyM-bM-^@M-^P |
232 | type, base64 encoded key, comment. The options field is optional; its | 232 | type, base64 encoded key, comment. The options field is optional; its |
233 | presence is determined by whether the line starts with a number or not | 233 | presence is determined by whether the line starts with a number or not |
234 | (the options field never starts with a number). The bits, exponent, modM-- | 234 | (the options field never starts with a number). The bits, exponent, modM-bM-^@M-^P |
235 | ulus and comment fields give the RSA key for protocol version 1; the comM-- | 235 | ulus and comment fields give the RSA key for protocol version 1; the comM-bM-^@M-^P |
236 | ment field is not used for anything (but may be convenient for the user | 236 | ment field is not used for anything (but may be convenient for the user |
237 | to identify the key). For protocol version 2 the keytype is ``ssh-dss'' | 237 | to identify the key). For protocol version 2 the keytype is M-bM-^@M-^\sshM-bM-^@M-^PdssM-bM-^@M-^] or |
238 | or ``ssh-rsa''. | 238 | M-bM-^@M-^\sshM-bM-^@M-^PrsaM-bM-^@M-^]. |
239 | 239 | ||
240 | Note that lines in this file are usually several hundred bytes long | 240 | Note that lines in this file are usually several hundred bytes long |
241 | (because of the size of the public key encoding). You don't want to type | 241 | (because of the size of the public key encoding). You donM-bM-^@M-^Yt want to type |
242 | them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub | 242 | them in; instead, copy the ^[[4midentity.pub^[[24m, ^[[4mid_dsa.pub^[[24m or the ^[[4mid_rsa.pub^[[0m |
243 | file and edit it. | 243 | file and edit it. |
244 | 244 | ||
245 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol | 245 | ^[[1msshd ^[[22menforces a minimum RSA key modulus size for protocol 1 and protocol |
246 | 2 keys of 768 bits. | 246 | 2 keys of 768 bits. |
247 | 247 | ||
248 | The options (if present) consist of comma-separated option specificaM-- | 248 | The options (if present) consist of commaM-bM-^@M-^Pseparated option specificaM-bM-^@M-^P |
249 | tions. No spaces are permitted, except within double quotes. The folM-- | 249 | tions. No spaces are permitted, except within double quotes. The folM-bM-^@M-^P |
250 | lowing option specifications are supported (note that option keywords are | 250 | lowing option specifications are supported (note that option keywords are |
251 | case-insensitive): | 251 | caseM-bM-^@M-^Pinsensitive): |
252 | 252 | ||
253 | from="pattern-list" | 253 | ^[[1mfrom="patternM-bM-^@M-^Plist"^[[0m |
254 | Specifies that in addition to public key authentication, the | 254 | Specifies that in addition to public key authentication, the |
255 | canonical name of the remote host must be present in the comma- | 255 | canonical name of the remote host must be present in the commaM-bM-^@M-^P |
256 | separated list of patterns (`*' and `'? serve as wildcards). | 256 | separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? serve as wildcards). |
257 | The list may also contain patterns negated by prefixing them with | 257 | The list may also contain patterns negated by prefixing them with |
258 | `'!; if the canonical host name matches a negated pattern, the | 258 | M-bM-^@M-^XM-bM-^@M-^Y!; if the canonical host name matches a negated pattern, the |
259 | key is not accepted. The purpose of this option is to optionally | 259 | key is not accepted. The purpose of this option is to optionally |
260 | increase security: public key authentication by itself does not | 260 | increase security: public key authentication by itself does not |
261 | trust the network or name servers or anything (but the key); howM-- | 261 | trust the network or name servers or anything (but the key); howM-bM-^@M-^P |
262 | ever, if somebody somehow steals the key, the key permits an | 262 | ever, if somebody somehow steals the key, the key permits an |
263 | intruder to log in from anywhere in the world. This additional | 263 | intruder to log in from anywhere in the world. This additional |
264 | option makes using a stolen key more difficult (name servers | 264 | option makes using a stolen key more difficult (name servers |
265 | and/or routers would have to be compromised in addition to just | 265 | and/or routers would have to be compromised in addition to just |
266 | the key). | 266 | the key). |
267 | 267 | ||
268 | command="command" | 268 | ^[[1mcommand="command"^[[0m |
269 | Specifies that the command is executed whenever this key is used | 269 | Specifies that the command is executed whenever this key is used |
270 | for authentication. The command supplied by the user (if any) is | 270 | for authentication. The command supplied by the user (if any) is |
271 | ignored. The command is run on a pty if the client requests a | 271 | ignored. The command is run on a pty if the client requests a |
272 | pty; otherwise it is run without a tty. If a 8-bit clean channel | 272 | pty; otherwise it is run without a tty. If an 8M-bM-^@M-^Pbit clean chanM-bM-^@M-^P |
273 | is required, one must not request a pty or should specify no-pty. | 273 | nel is required, one must not request a pty or should specify |
274 | A quote may be included in the command by quoting it with a backM-- | 274 | ^[[1mnoM-bM-^@M-^Ppty^[[22m. A quote may be included in the command by quoting it |
275 | slash. This option might be useful to restrict certain public | 275 | with a backslash. This option might be useful to restrict cerM-bM-^@M-^P |
276 | keys to perform just a specific operation. An example might be a | 276 | tain public keys to perform just a specific operation. An examM-bM-^@M-^P |
277 | key that permits remote backups but nothing else. Note that the | 277 | ple might be a key that permits remote backups but nothing else. |
278 | client may specify TCP/IP and/or X11 forwarding unless they are | 278 | Note that the client may specify TCP/IP and/or X11 forwarding |
279 | explicitly prohibited. Note that this option applies to shell, | 279 | unless they are explicitly prohibited. Note that this option |
280 | command or subsystem execution. | 280 | applies to shell, command or subsystem execution. |
281 | 281 | ||
282 | environment="NAME=value" | 282 | ^[[1menvironment="NAME=value"^[[0m |
283 | Specifies that the string is to be added to the environment when | 283 | Specifies that the string is to be added to the environment when |
284 | logging in using this key. Environment variables set this way | 284 | logging in using this key. Environment variables set this way |
285 | override other default environment values. Multiple options of | 285 | override other default environment values. Multiple options of |
286 | this type are permitted. Environment processing is disabled by | 286 | this type are permitted. Environment processing is disabled by |
287 | default and is controlled via the PermitUserEnvironment option. | 287 | default and is controlled via the ^[[1mPermitUserEnvironment ^[[22moption. |
288 | This option is automatically disabled if UseLogin is enabled. | 288 | This option is automatically disabled if ^[[1mUseLogin ^[[22mis enabled. |
289 | 289 | ||
290 | no-port-forwarding | 290 | ^[[1mnoM-bM-^@M-^PportM-bM-^@M-^Pforwarding^[[0m |
291 | Forbids TCP/IP forwarding when this key is used for authenticaM-- | 291 | Forbids TCP/IP forwarding when this key is used for authenticaM-bM-^@M-^P |
292 | tion. Any port forward requests by the client will return an | 292 | tion. Any port forward requests by the client will return an |
293 | error. This might be used, e.g., in connection with the command | 293 | error. This might be used, e.g., in connection with the ^[[1mcommand^[[0m |
294 | option. | 294 | option. |
295 | 295 | ||
296 | no-X11-forwarding | 296 | ^[[1mnoM-bM-^@M-^PX11M-bM-^@M-^Pforwarding^[[0m |
297 | Forbids X11 forwarding when this key is used for authentication. | 297 | Forbids X11 forwarding when this key is used for authentication. |
298 | Any X11 forward requests by the client will return an error. | 298 | Any X11 forward requests by the client will return an error. |
299 | 299 | ||
300 | no-agent-forwarding | 300 | ^[[1mnoM-bM-^@M-^PagentM-bM-^@M-^Pforwarding^[[0m |
301 | Forbids authentication agent forwarding when this key is used for | 301 | Forbids authentication agent forwarding when this key is used for |
302 | authentication. | 302 | authentication. |
303 | 303 | ||
304 | no-pty Prevents tty allocation (a request to allocate a pty will fail). | 304 | ^[[1mnoM-bM-^@M-^Ppty ^[[22mPrevents tty allocation (a request to allocate a pty will fail). |
305 | 305 | ||
306 | permitopen="host:port" | 306 | ^[[1mpermitopen="host:port"^[[0m |
307 | Limit local ``ssh -L'' port forwarding such that it may only conM-- | 307 | Limit local M-bM-^@M-^XM-bM-^@M-^Xssh M-bM-^@M-^PLM-bM-^@M-^YM-bM-^@M-^Y port forwarding such that it may only conM-bM-^@M-^P |
308 | nect to the specified host and port. IPv6 addresses can be specM-- | 308 | nect to the specified host and port. IPv6 addresses can be specM-bM-^@M-^P |
309 | ified with an alternative syntax: host/port. Multiple permitopen | 309 | ified with an alternative syntax: ^[[4mhost/port^[[24m. Multiple ^[[1mpermitopen^[[0m |
310 | options may be applied separated by commas. No pattern matching | 310 | options may be applied separated by commas. No pattern matching |
311 | is performed on the specified hostnames, they must be literal | 311 | is performed on the specified hostnames, they must be literal |
312 | domains or addresses. | 312 | domains or addresses. |
313 | 313 | ||
314 | Examples | 314 | ^[[1mExamples^[[0m |
315 | 1024 33 12121...312314325 ylo@foo.bar | 315 | 1024 33 12121...312314325 ylo@foo.bar |
316 | 316 | ||
317 | from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula | 317 | from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula |
318 | 318 | ||
319 | command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 | 319 | command="dump /home",noM-bM-^@M-^Ppty,noM-bM-^@M-^PportM-bM-^@M-^Pforwarding 1024 33 23...2323 |
320 | backup.hut.fi | 320 | backup.hut.fi |
321 | 321 | ||
322 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | 322 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 |
323 | 323 | ||
324 | SSH_KNOWN_HOSTS FILE FORMAT | 324 | ^[[1mSSH_KNOWN_HOSTS FILE FORMAT^[[0m |
325 | The /etc/ssh/ssh_known_hosts, and $HOME/.ssh/known_hosts files contain | 325 | The ^[[4m/etc/ssh/ssh_known_hosts^[[24m and ^[[4m$HOME/.ssh/known_hosts^[[24m files contain |
326 | host public keys for all known hosts. The global file should be prepared | 326 | host public keys for all known hosts. The global file should be prepared |
327 | by the administrator (optional), and the per-user file is maintained | 327 | by the administrator (optional), and the perM-bM-^@M-^Puser file is maintained |
328 | automatically: whenever the user connects from an unknown host its key is | 328 | automatically: whenever the user connects from an unknown host its key is |
329 | added to the per-user file. | 329 | added to the perM-bM-^@M-^Puser file. |
330 | 330 | ||
331 | Each line in these files contains the following fields: hostnames, bits, | 331 | Each line in these files contains the following fields: hostnames, bits, |
332 | exponent, modulus, comment. The fields are separated by spaces. | 332 | exponent, modulus, comment. The fields are separated by spaces. |
333 | 333 | ||
334 | Hostnames is a comma-separated list of patterns ('*' and '?' act as wildM-- | 334 | Hostnames is a commaM-bM-^@M-^Pseparated list of patterns (M-bM-^@M-^Y*M-bM-^@M-^Y and M-bM-^@M-^Y?M-bM-^@M-^Y act as wildM-bM-^@M-^P |
335 | cards); each pattern in turn is matched against the canonical host name | 335 | cards); each pattern in turn is matched against the canonical host name |
336 | (when authenticating a client) or against the user-supplied name (when | 336 | (when authenticating a client) or against the userM-bM-^@M-^Psupplied name (when |
337 | authenticating a server). A pattern may also be preceded by `'! to | 337 | authenticating a server). A pattern may also be preceded by M-bM-^@M-^XM-bM-^@M-^Y! to |
338 | indicate negation: if the host name matches a negated pattern, it is not | 338 | indicate negation: if the host name matches a negated pattern, it is not |
339 | accepted (by that line) even if it matched another pattern on the line. | 339 | accepted (by that line) even if it matched another pattern on the line. |
340 | 340 | ||
341 | Bits, exponent, and modulus are taken directly from the RSA host key; | 341 | Bits, exponent, and modulus are taken directly from the RSA host key; |
342 | they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub. The optional | 342 | they can be obtained, e.g., from ^[[4m/etc/ssh/ssh_host_key.pub^[[24m. The optional |
343 | comment field continues to the end of the line, and is not used. | 343 | comment field continues to the end of the line, and is not used. |
344 | 344 | ||
345 | Lines starting with `#' and empty lines are ignored as comments. | 345 | Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. |
346 | 346 | ||
347 | When performing host authentication, authentication is accepted if any | 347 | When performing host authentication, authentication is accepted if any |
348 | matching line has the proper key. It is thus permissible (but not recomM-- | 348 | matching line has the proper key. It is thus permissible (but not recomM-bM-^@M-^P |
349 | mended) to have several lines or different host keys for the same names. | 349 | mended) to have several lines or different host keys for the same names. |
350 | This will inevitably happen when short forms of host names from different | 350 | This will inevitably happen when short forms of host names from different |
351 | domains are put in the file. It is possible that the files contain conM-- | 351 | domains are put in the file. It is possible that the files contain conM-bM-^@M-^P |
352 | flicting information; authentication is accepted if valid information can | 352 | flicting information; authentication is accepted if valid information can |
353 | be found from either file. | 353 | be found from either file. |
354 | 354 | ||
355 | Note that the lines in these files are typically hundreds of characters | 355 | Note that the lines in these files are typically hundreds of characters |
356 | long, and you definitely don't want to type in the host keys by hand. | 356 | long, and you definitely donM-bM-^@M-^Yt want to type in the host keys by hand. |
357 | Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub | 357 | Rather, generate them by a script or by taking ^[[4m/etc/ssh/ssh_host_key.pub^[[0m |
358 | and adding the host names at the front. | 358 | and adding the host names at the front. |
359 | 359 | ||
360 | Examples | 360 | ^[[1mExamples^[[0m |
361 | 361 | ||
362 | closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi | 362 | closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi |
363 | cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= | 363 | cvs.openbsd.org,199.185.137.3 sshM-bM-^@M-^Prsa AAAA1234.....= |
364 | 364 | ||
365 | FILES | 365 | ^[[1mFILES^[[0m |
366 | /etc/ssh/sshd_config | 366 | /etc/ssh/sshd_config |
367 | Contains configuration data for sshd. The file format and conM-- | 367 | Contains configuration data for ^[[1msshd^[[22m. The file format and conM-bM-^@M-^P |
368 | figuration options are described in sshd_config(5). | 368 | figuration options are described in sshd_config(5). |
369 | 369 | ||
370 | /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, | 370 | /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, |
371 | /etc/ssh/ssh_host_rsa_key | 371 | /etc/ssh/ssh_host_rsa_key |
372 | These three files contain the private parts of the host keys. | 372 | These three files contain the private parts of the host keys. |
373 | These files should only be owned by root, readable only by root, | 373 | These files should only be owned by root, readable only by root, |
374 | and not accessible to others. Note that sshd does not start if | 374 | and not accessible to others. Note that ^[[1msshd ^[[22mdoes not start if |
375 | this file is group/world-accessible. | 375 | this file is group/worldM-bM-^@M-^Paccessible. |
376 | 376 | ||
377 | /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, | 377 | /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, |
378 | /etc/ssh/ssh_host_rsa_key.pub | 378 | /etc/ssh/ssh_host_rsa_key.pub |
379 | These three files contain the public parts of the host keys. | 379 | These three files contain the public parts of the host keys. |
380 | These files should be world-readable but writable only by root. | 380 | These files should be worldM-bM-^@M-^Preadable but writable only by root. |
381 | Their contents should match the respective private parts. These | 381 | Their contents should match the respective private parts. These |
382 | files are not really used for anything; they are provided for the | 382 | files are not really used for anything; they are provided for the |
383 | convenience of the user so their contents can be copied to known | 383 | convenience of the user so their contents can be copied to known |
384 | hosts files. These files are created using ssh-keygen(1). | 384 | hosts files. These files are created using sshM-bM-^@M-^Pkeygen(1). |
385 | 385 | ||
386 | /etc/moduli | 386 | /etc/moduli |
387 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group | 387 | Contains DiffieM-bM-^@M-^PHellman groups used for the "DiffieM-bM-^@M-^PHellman Group |
388 | Exchange". The file format is described in moduli(5). | 388 | Exchange". The file format is described in moduli(5). |
389 | 389 | ||
390 | /var/empty | 390 | /var/empty |
391 | chroot(2) directory used by sshd during privilege separation in | 391 | chroot(2) directory used by ^[[1msshd ^[[22mduring privilege separation in |
392 | the pre-authentication phase. The directory should not contain | 392 | the preM-bM-^@M-^Pauthentication phase. The directory should not contain |
393 | any files and must be owned by root and not group or world- | 393 | any files and must be owned by root and not group or worldM-bM-^@M-^P |
394 | writable. | 394 | writable. |
395 | 395 | ||
396 | /var/run/sshd.pid | 396 | /var/run/sshd.pid |
397 | Contains the process ID of the sshd listening for connections (if | 397 | Contains the process ID of the ^[[1msshd ^[[22mlistening for connections (if |
398 | there are several daemons running concurrently for different | 398 | there are several daemons running concurrently for different |
399 | ports, this contains the process ID of the one started last). | 399 | ports, this contains the process ID of the one started last). |
400 | The content of this file is not sensitive; it can be world-readM-- | 400 | The content of this file is not sensitive; it can be worldM-bM-^@M-^PreadM-bM-^@M-^P |
401 | able. | 401 | able. |
402 | 402 | ||
403 | $HOME/.ssh/authorized_keys | 403 | $HOME/.ssh/authorized_keys |
404 | Lists the public keys (RSA or DSA) that can be used to log into | 404 | Lists the public keys (RSA or DSA) that can be used to log into |
405 | the user's account. This file must be readable by root (which | 405 | the userM-bM-^@M-^Ys account. This file must be readable by root (which |
406 | may on some machines imply it being world-readable if the user's | 406 | may on some machines imply it being worldM-bM-^@M-^Preadable if the userM-bM-^@M-^Ys |
407 | home directory resides on an NFS volume). It is recommended that | 407 | home directory resides on an NFS volume). It is recommended that |
408 | it not be accessible by others. The format of this file is | 408 | it not be accessible by others. The format of this file is |
409 | described above. Users will place the contents of their | 409 | described above. Users will place the contents of their |
410 | identity.pub, id_dsa.pub and/or id_rsa.pub files into this file, | 410 | ^[[4midentity.pub^[[24m, ^[[4mid_dsa.pub^[[24m and/or ^[[4mid_rsa.pub^[[24m files into this file, |
411 | as described in ssh-keygen(1). | 411 | as described in sshM-bM-^@M-^Pkeygen(1). |
412 | 412 | ||
413 | /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts | 413 | /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts |
414 | These files are consulted when using rhosts with RSA host authenM-- | 414 | These files are consulted when using rhosts with RSA host authenM-bM-^@M-^P |
415 | tication or protocol version 2 hostbased authentication to check | 415 | tication or protocol version 2 hostbased authentication to check |
416 | the public key of the host. The key must be listed in one of | 416 | the public key of the host. The key must be listed in one of |
417 | these files to be accepted. The client uses the same files to | 417 | these files to be accepted. The client uses the same files to |
418 | verify that it is connecting to the correct remote host. These | 418 | verify that it is connecting to the correct remote host. These |
419 | files should be writable only by root/the owner. | 419 | files should be writable only by root/the owner. |
420 | /etc/ssh/ssh_known_hosts should be world-readable, and | 420 | ^[[4m/etc/ssh/ssh_known_hosts^[[24m should be worldM-bM-^@M-^Preadable, and |
421 | $HOME/.ssh/known_hosts can but need not be world-readable. | 421 | ^[[4m$HOME/.ssh/known_hosts^[[24m can, but need not be, worldM-bM-^@M-^Preadable. |
422 | 422 | ||
423 | /etc/nologin | 423 | /etc/nologin |
424 | If this file exists, sshd refuses to let anyone except root log | 424 | If this file exists, ^[[1msshd ^[[22mrefuses to let anyone except root log |
425 | in. The contents of the file are displayed to anyone trying to | 425 | in. The contents of the file are displayed to anyone trying to |
426 | log in, and non-root connections are refused. The file should be | 426 | log in, and nonM-bM-^@M-^Proot connections are refused. The file should be |
427 | world-readable. | 427 | worldM-bM-^@M-^Preadable. |
428 | 428 | ||
429 | /etc/hosts.allow, /etc/hosts.deny | 429 | /etc/hosts.allow, /etc/hosts.deny |
430 | Access controls that should be enforced by tcp-wrappers are | 430 | Access controls that should be enforced by tcpM-bM-^@M-^Pwrappers are |
431 | defined here. Further details are described in hosts_access(5). | 431 | defined here. Further details are described in hosts_access(5). |
432 | 432 | ||
433 | $HOME/.rhosts | 433 | $HOME/.rhosts |
434 | This file contains host-username pairs, separated by a space, one | 434 | This file contains hostM-bM-^@M-^Pusername pairs, separated by a space, one |
435 | per line. The given user on the corresponding host is permitted | 435 | per line. The given user on the corresponding host is permitted |
436 | to log in without password. The same file is used by rlogind and | 436 | to log in without a password. The same file is used by rlogind |
437 | rshd. The file must be writable only by the user; it is recomM-- | 437 | and rshd. The file must be writable only by the user; it is recM-bM-^@M-^P |
438 | mended that it not be accessible by others. | 438 | ommended that it not be accessible by others. |
439 | 439 | ||
440 | If is also possible to use netgroups in the file. Either host or | 440 | If is also possible to use netgroups in the file. Either host or |
441 | user name may be of the form +@groupname to specify all hosts or | 441 | user name may be of the form +@groupname to specify all hosts or |
442 | all users in the group. | 442 | all users in the group. |
443 | 443 | ||
444 | $HOME/.shosts | 444 | $HOME/.shosts |
445 | For ssh, this file is exactly the same as for .rhosts. However, | 445 | For ssh, this file is exactly the same as for ^[[4m.rhosts^[[24m. However, |
446 | this file is not used by rlogin and rshd, so using this permits | 446 | this file is not used by rlogin and rshd, so using this permits |
447 | access using SSH only. | 447 | access using SSH only. |
448 | 448 | ||
449 | /etc/hosts.equiv | 449 | /etc/hosts.equiv |
450 | This file is used during .rhosts authentication. In the simplest | 450 | This file is used during ^[[4m.rhosts^[[24m authentication. In the simplest |
451 | form, this file contains host names, one per line. Users on | 451 | form, this file contains host names, one per line. Users on |
452 | those hosts are permitted to log in without a password, provided | 452 | those hosts are permitted to log in without a password, provided |
453 | they have the same user name on both machines. The host name may | 453 | they have the same user name on both machines. The host name may |
454 | also be followed by a user name; such users are permitted to log | 454 | also be followed by a user name; such users are permitted to log |
455 | in as any user on this machine (except root). Additionally, the | 455 | in as ^[[4many^[[24m user on this machine (except root). Additionally, the |
456 | syntax ``+@group'' can be used to specify netgroups. Negated | 456 | syntax M-bM-^@M-^\+@groupM-bM-^@M-^] can be used to specify netgroups. Negated |
457 | entries start with `-'. | 457 | entries start with M-bM-^@M-^XM-bM-^@M-^PM-bM-^@M-^Y. |
458 | 458 | ||
459 | If the client host/user is successfully matched in this file, | 459 | If the client host/user is successfully matched in this file, |
460 | login is automatically permitted provided the client and server | 460 | login is automatically permitted provided the client and server |
461 | user names are the same. Additionally, successful RSA host | 461 | user names are the same. Additionally, successful RSA host |
462 | authentication is normally required. This file must be writable | 462 | authentication is normally required. This file must be writable |
463 | only by root; it is recommended that it be world-readable. | 463 | only by root; it is recommended that it be worldM-bM-^@M-^Preadable. |
464 | 464 | ||
465 | Warning: It is almost never a good idea to use user names in | 465 | ^[[1mWarning: It is almost never a good idea to use user names in^[[0m |
466 | hosts.equiv. Beware that it really means that the named user(s) | 466 | ^[[4mhosts.equiv^[[24m. Beware that it really means that the named user(s) |
467 | can log in as anybody, which includes bin, daemon, adm, and other | 467 | can log in as ^[[4manybody^[[24m, which includes bin, daemon, adm, and other |
468 | accounts that own critical binaries and directories. Using a | 468 | accounts that own critical binaries and directories. Using a |
469 | user name practically grants the user root access. The only | 469 | user name practically grants the user root access. The only |
470 | valid use for user names that I can think of is in negative | 470 | valid use for user names that I can think of is in negative |
@@ -473,75 +473,75 @@ FILES | |||
473 | Note that this warning also applies to rsh/rlogin. | 473 | Note that this warning also applies to rsh/rlogin. |
474 | 474 | ||
475 | /etc/shosts.equiv | 475 | /etc/shosts.equiv |
476 | This is processed exactly as /etc/hosts.equiv. However, this | 476 | This is processed exactly as ^[[4m/etc/hosts.equiv^[[24m. However, this |
477 | file may be useful in environments that want to run both | 477 | file may be useful in environments that want to run both |
478 | rsh/rlogin and ssh. | 478 | rsh/rlogin and ssh. |
479 | 479 | ||
480 | $HOME/.ssh/environment | 480 | $HOME/.ssh/environment |
481 | This file is read into the environment at login (if it exists). | 481 | This file is read into the environment at login (if it exists). |
482 | It can only contain empty lines, comment lines (that start with | 482 | It can only contain empty lines, comment lines (that start with |
483 | `#'), and assignment lines of the form name=value. The file | 483 | M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file |
484 | should be writable only by the user; it need not be readable by | 484 | should be writable only by the user; it need not be readable by |
485 | anyone else. Environment processing is disabled by default and | 485 | anyone else. Environment processing is disabled by default and |
486 | is controlled via the PermitUserEnvironment option. | 486 | is controlled via the ^[[1mPermitUserEnvironment ^[[22moption. |
487 | 487 | ||
488 | $HOME/.ssh/rc | 488 | $HOME/.ssh/rc |
489 | If this file exists, it is run with /bin/sh after reading the | 489 | If this file exists, it is run with ^[[4m/bin/sh^[[24m after reading the |
490 | environment files but before starting the user's shell or comM-- | 490 | environment files but before starting the userM-bM-^@M-^Ys shell or comM-bM-^@M-^P |
491 | mand. It must not produce any output on stdout; stderr must be | 491 | mand. It must not produce any output on stdout; stderr must be |
492 | used instead. If X11 forwarding is in use, it will receive the | 492 | used instead. If X11 forwarding is in use, it will receive the |
493 | "proto cookie" pair in its standard input (and DISPLAY in its | 493 | "proto cookie" pair in its standard input (and DISPLAY in its |
494 | environment). The script must call xauth(1) because sshd will | 494 | environment). The script must call xauth(1) because ^[[1msshd ^[[22mwill |
495 | not run xauth automatically to add X11 cookies. | 495 | not run xauth automatically to add X11 cookies. |
496 | 496 | ||
497 | The primary purpose of this file is to run any initialization | 497 | The primary purpose of this file is to run any initialization |
498 | routines which may be needed before the user's home directory | 498 | routines which may be needed before the userM-bM-^@M-^Ys home directory |
499 | becomes accessible; AFS is a particular example of such an enviM-- | 499 | becomes accessible; AFS is a particular example of such an enviM-bM-^@M-^P |
500 | ronment. | 500 | ronment. |
501 | 501 | ||
502 | This file will probably contain some initialization code followed | 502 | This file will probably contain some initialization code followed |
503 | by something similar to: | 503 | by something similar to: |
504 | 504 | ||
505 | if read proto cookie && [ -n "$DISPLAY" ]; then | 505 | if read proto cookie && [ M-bM-^@M-^Pn "$DISPLAY" ]; then |
506 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then | 506 | if [ M-bM-^@M-^Xecho $DISPLAY | cut M-bM-^@M-^Pc1M-bM-^@M-^P10M-bM-^@M-^X = M-bM-^@M-^Ylocalhost:M-bM-^@M-^Y ]; then |
507 | # X11UseLocalhost=yes | 507 | # X11UseLocalhost=yes |
508 | echo add unix:`echo $DISPLAY | | 508 | echo add unix:M-bM-^@M-^Xecho $DISPLAY | |
509 | cut -c11-` $proto $cookie | 509 | cut M-bM-^@M-^Pc11M-bM-^@M-^PM-bM-^@M-^X $proto $cookie |
510 | else | 510 | else |
511 | # X11UseLocalhost=no | 511 | # X11UseLocalhost=no |
512 | echo add $DISPLAY $proto $cookie | 512 | echo add $DISPLAY $proto $cookie |
513 | fi | xauth -q - | 513 | fi | xauth M-bM-^@M-^Pq M-bM-^@M-^P |
514 | fi | 514 | fi |
515 | 515 | ||
516 | If this file does not exist, /etc/ssh/sshrc is run, and if that | 516 | If this file does not exist, ^[[4m/etc/ssh/sshrc^[[24m is run, and if that |
517 | does not exist either, xauth is used to add the cookie. | 517 | does not exist either, xauth is used to add the cookie. |
518 | 518 | ||
519 | This file should be writable only by the user, and need not be | 519 | This file should be writable only by the user, and need not be |
520 | readable by anyone else. | 520 | readable by anyone else. |
521 | 521 | ||
522 | /etc/ssh/sshrc | 522 | /etc/ssh/sshrc |
523 | Like $HOME/.ssh/rc. This can be used to specify machine-specific | 523 | Like ^[[4m$HOME/.ssh/rc^[[24m. This can be used to specify machineM-bM-^@M-^Pspecific |
524 | login-time initializations globally. This file should be | 524 | loginM-bM-^@M-^Ptime initializations globally. This file should be |
525 | writable only by root, and should be world-readable. | 525 | writable only by root, and should be worldM-bM-^@M-^Preadable. |
526 | 526 | ||
527 | AUTHORS | 527 | ^[[1mAUTHORS^[[0m |
528 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 528 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
529 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 529 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
530 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 530 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
531 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 531 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
532 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 532 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
533 | for privilege separation. | 533 | for privilege separation. |
534 | 534 | ||
535 | SEE ALSO | 535 | ^[[1mSEE ALSO^[[0m |
536 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 536 | scp(1), sftp(1), ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshM-bM-^@M-^Pkeygen(1), |
537 | login.conf(5), moduli(5), sshd_config(5), sftp-server(8) | 537 | login.conf(5), moduli(5), sshd_config(5), sftpM-bM-^@M-^Pserver(8) |
538 | 538 | ||
539 | T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH | 539 | T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, ^[[4mSSH^[[0m |
540 | Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January | 540 | ^[[4mProtocol^[[24m ^[[4mArchitecture^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^ParchitectureM-bM-^@M-^P12.txt, January |
541 | 2002, work in progress material. | 541 | 2002, work in progress material. |
542 | 542 | ||
543 | M. Friedl, N. Provos, and W. A. Simpson, Diffie-Hellman Group Exchange | 543 | M. Friedl, N. Provos, and W. A. Simpson, ^[[4mDiffieM-bM-^@M-^PHellman^[[24m ^[[4mGroup^[[24m ^[[4mExchange^[[0m |
544 | for the SSH Transport Layer Protocol, draft-ietf-secsh-dh-group- | 544 | ^[[4mfor^[[24m ^[[4mthe^[[24m ^[[4mSSH^[[24m ^[[4mTransport^[[24m ^[[4mLayer^[[24m ^[[4mProtocol^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^PsecshM-bM-^@M-^PdhM-bM-^@M-^PgroupM-bM-^@M-^P |
545 | exchange-02.txt, January 2002, work in progress material. | 545 | exchangeM-bM-^@M-^P02.txt, January 2002, work in progress material. |
546 | 546 | ||
547 | BSD September 25, 1999 BSD | 547 | BSD September 25, 1999 BSD |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -43,6 +43,7 @@ | |||
43 | .Nd OpenSSH SSH daemon | 43 | .Nd OpenSSH SSH daemon |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Nm sshd | 45 | .Nm sshd |
46 | .Bk -words | ||
46 | .Op Fl deiqtD46 | 47 | .Op Fl deiqtD46 |
47 | .Op Fl b Ar bits | 48 | .Op Fl b Ar bits |
48 | .Op Fl f Ar config_file | 49 | .Op Fl f Ar config_file |
@@ -52,6 +53,7 @@ | |||
52 | .Op Fl o Ar option | 53 | .Op Fl o Ar option |
53 | .Op Fl p Ar port | 54 | .Op Fl p Ar port |
54 | .Op Fl u Ar len | 55 | .Op Fl u Ar len |
56 | .Ek | ||
55 | .Sh DESCRIPTION | 57 | .Sh DESCRIPTION |
56 | .Nm | 58 | .Nm |
57 | (SSH Daemon) is the daemon program for | 59 | (SSH Daemon) is the daemon program for |
@@ -75,7 +77,7 @@ This implementation of | |||
75 | .Nm | 77 | .Nm |
76 | supports both SSH protocol version 1 and 2 simultaneously. | 78 | supports both SSH protocol version 1 and 2 simultaneously. |
77 | .Nm | 79 | .Nm |
78 | works as follows. | 80 | works as follows: |
79 | .Pp | 81 | .Pp |
80 | .Ss SSH protocol version 1 | 82 | .Ss SSH protocol version 1 |
81 | .Pp | 83 | .Pp |
@@ -86,7 +88,7 @@ the daemon starts, it generates a server RSA key (normally 768 bits). | |||
86 | This key is normally regenerated every hour if it has been used, and | 88 | This key is normally regenerated every hour if it has been used, and |
87 | is never stored on disk. | 89 | is never stored on disk. |
88 | .Pp | 90 | .Pp |
89 | Whenever a client connects the daemon responds with its public | 91 | Whenever a client connects, the daemon responds with its public |
90 | host and server keys. | 92 | host and server keys. |
91 | The client compares the | 93 | The client compares the |
92 | RSA host key against its own database to verify that it has not changed. | 94 | RSA host key against its own database to verify that it has not changed. |
@@ -119,7 +121,7 @@ System security is not improved unless | |||
119 | .Nm rshd , | 121 | .Nm rshd , |
120 | .Nm rlogind , | 122 | .Nm rlogind , |
121 | and | 123 | and |
122 | .Xr rexecd | 124 | .Nm rexecd |
123 | are disabled (thus completely disabling | 125 | are disabled (thus completely disabling |
124 | .Xr rlogin | 126 | .Xr rlogin |
125 | and | 127 | and |
@@ -189,7 +191,9 @@ The server sends verbose debug output to the system | |||
189 | log, and does not put itself in the background. | 191 | log, and does not put itself in the background. |
190 | The server also will not fork and will only process one connection. | 192 | The server also will not fork and will only process one connection. |
191 | This option is only intended for debugging for the server. | 193 | This option is only intended for debugging for the server. |
192 | Multiple -d options increase the debugging level. | 194 | Multiple |
195 | .Fl d | ||
196 | options increase the debugging level. | ||
193 | Maximum is 3. | 197 | Maximum is 3. |
194 | .It Fl e | 198 | .It Fl e |
195 | When this option is specified, | 199 | When this option is specified, |
@@ -225,7 +229,8 @@ the different protocol versions and host key algorithms. | |||
225 | .It Fl i | 229 | .It Fl i |
226 | Specifies that | 230 | Specifies that |
227 | .Nm | 231 | .Nm |
228 | is being run from inetd. | 232 | is being run from |
233 | .Xr inetd 8 . | ||
229 | .Nm | 234 | .Nm |
230 | is normally not run | 235 | is normally not run |
231 | from inetd because it needs to generate the server key before it can | 236 | from inetd because it needs to generate the server key before it can |
@@ -285,7 +290,7 @@ should be put into the | |||
285 | .Pa utmp | 290 | .Pa utmp |
286 | file. | 291 | file. |
287 | .Fl u0 | 292 | .Fl u0 |
288 | is also be used to prevent | 293 | may also be used to prevent |
289 | .Nm | 294 | .Nm |
290 | from making DNS requests unless the authentication | 295 | from making DNS requests unless the authentication |
291 | mechanism or configuration requires it. | 296 | mechanism or configuration requires it. |
@@ -449,7 +454,7 @@ authentication. | |||
449 | The command supplied by the user (if any) is ignored. | 454 | The command supplied by the user (if any) is ignored. |
450 | The command is run on a pty if the client requests a pty; | 455 | The command is run on a pty if the client requests a pty; |
451 | otherwise it is run without a tty. | 456 | otherwise it is run without a tty. |
452 | If a 8-bit clean channel is required, | 457 | If an 8-bit clean channel is required, |
453 | one must not request a pty or should specify | 458 | one must not request a pty or should specify |
454 | .Cm no-pty . | 459 | .Cm no-pty . |
455 | A quote may be included in the command by quoting it with a backslash. | 460 | A quote may be included in the command by quoting it with a backslash. |
@@ -509,7 +514,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu | |||
509 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 | 514 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
510 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 515 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
511 | The | 516 | The |
512 | .Pa /etc/ssh/ssh_known_hosts , | 517 | .Pa /etc/ssh/ssh_known_hosts |
513 | and | 518 | and |
514 | .Pa $HOME/.ssh/known_hosts | 519 | .Pa $HOME/.ssh/known_hosts |
515 | files contain host public keys for all known hosts. | 520 | files contain host public keys for all known hosts. |
@@ -630,7 +635,7 @@ These files should be writable only by root/the owner. | |||
630 | .Pa /etc/ssh/ssh_known_hosts | 635 | .Pa /etc/ssh/ssh_known_hosts |
631 | should be world-readable, and | 636 | should be world-readable, and |
632 | .Pa $HOME/.ssh/known_hosts | 637 | .Pa $HOME/.ssh/known_hosts |
633 | can but need not be world-readable. | 638 | can, but need not be, world-readable. |
634 | .It Pa /etc/nologin | 639 | .It Pa /etc/nologin |
635 | If this file exists, | 640 | If this file exists, |
636 | .Nm | 641 | .Nm |
@@ -647,7 +652,7 @@ Further details are described in | |||
647 | This file contains host-username pairs, separated by a space, one per | 652 | This file contains host-username pairs, separated by a space, one per |
648 | line. | 653 | line. |
649 | The given user on the corresponding host is permitted to log in | 654 | The given user on the corresponding host is permitted to log in |
650 | without password. | 655 | without a password. |
651 | The same file is used by rlogind and rshd. | 656 | The same file is used by rlogind and rshd. |
652 | The file must | 657 | The file must |
653 | be writable only by the user; it is recommended that it not be | 658 | be writable only by the user; it is recommended that it not be |
@@ -716,7 +721,9 @@ controlled via the | |||
716 | .Cm PermitUserEnvironment | 721 | .Cm PermitUserEnvironment |
717 | option. | 722 | option. |
718 | .It Pa $HOME/.ssh/rc | 723 | .It Pa $HOME/.ssh/rc |
719 | If this file exists, it is run with /bin/sh after reading the | 724 | If this file exists, it is run with |
725 | .Pa /bin/sh | ||
726 | after reading the | ||
720 | environment files but before starting the user's shell or command. | 727 | environment files but before starting the user's shell or command. |
721 | It must not produce any output on stdout; stderr must be used | 728 | It must not produce any output on stdout; stderr must be used |
722 | instead. | 729 | instead. |
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -202,8 +202,8 @@ int *startup_pipes = NULL; | |||
202 | int startup_pipe; /* in child */ | 202 | int startup_pipe; /* in child */ |
203 | 203 | ||
204 | /* variables used for privilege separation */ | 204 | /* variables used for privilege separation */ |
205 | extern struct monitor *pmonitor; | 205 | int use_privsep; |
206 | extern int use_privsep; | 206 | struct monitor *pmonitor; |
207 | 207 | ||
208 | /* Prototypes for various functions defined later in this file. */ | 208 | /* Prototypes for various functions defined later in this file. */ |
209 | void destroy_sensitive_data(void); | 209 | void destroy_sensitive_data(void); |
@@ -827,9 +827,17 @@ main(int ac, char **av) | |||
827 | __progname = get_progname(av[0]); | 827 | __progname = get_progname(av[0]); |
828 | init_rng(); | 828 | init_rng(); |
829 | 829 | ||
830 | /* Save argv. */ | 830 | /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ |
831 | saved_argc = ac; | 831 | saved_argc = ac; |
832 | saved_argv = av; | 832 | saved_argv = av; |
833 | saved_argv = xmalloc(sizeof(*saved_argv) * ac); | ||
834 | for (i = 0; i < ac; i++) | ||
835 | saved_argv[i] = xstrdup(av[i]); | ||
836 | |||
837 | #ifndef HAVE_SETPROCTITLE | ||
838 | /* Prepare for later setproctitle emulation */ | ||
839 | compat_init_setproctitle(ac, av); | ||
840 | #endif | ||
833 | 841 | ||
834 | /* Initialize configuration options to their default values. */ | 842 | /* Initialize configuration options to their default values. */ |
835 | initialize_server_options(&options); | 843 | initialize_server_options(&options); |
@@ -949,7 +957,7 @@ main(int ac, char **av) | |||
949 | SYSLOG_LEVEL_INFO : options.log_level, | 957 | SYSLOG_LEVEL_INFO : options.log_level, |
950 | options.log_facility == SYSLOG_FACILITY_NOT_SET ? | 958 | options.log_facility == SYSLOG_FACILITY_NOT_SET ? |
951 | SYSLOG_FACILITY_AUTH : options.log_facility, | 959 | SYSLOG_FACILITY_AUTH : options.log_facility, |
952 | !inetd_flag); | 960 | log_stderr || !inetd_flag); |
953 | 961 | ||
954 | #ifdef _UNICOS | 962 | #ifdef _UNICOS |
955 | /* Cray can define user privs drop all prives now! | 963 | /* Cray can define user privs drop all prives now! |
@@ -1063,8 +1071,8 @@ main(int ac, char **av) | |||
1063 | #else | 1071 | #else |
1064 | if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 1072 | if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) |
1065 | #endif | 1073 | #endif |
1066 | fatal("Bad owner or mode for %s", | 1074 | fatal("%s must be owned by root and not group or " |
1067 | _PATH_PRIVSEP_CHROOT_DIR); | 1075 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); |
1068 | } | 1076 | } |
1069 | 1077 | ||
1070 | /* Configuration looks good, so exit if in test mode. */ | 1078 | /* Configuration looks good, so exit if in test mode. */ |
@@ -1397,8 +1405,12 @@ main(int ac, char **av) | |||
1397 | * setlogin() affects the entire process group. We don't | 1405 | * setlogin() affects the entire process group. We don't |
1398 | * want the child to be able to affect the parent. | 1406 | * want the child to be able to affect the parent. |
1399 | */ | 1407 | */ |
1400 | #if 0 | 1408 | #if !defined(STREAMS_PUSH_ACQUIRES_CTTY) |
1401 | /* XXX: this breaks Solaris */ | 1409 | /* |
1410 | * If setsid is called on Solaris, sshd will acquire the controlling | ||
1411 | * terminal while pushing STREAMS modules. This will prevent the | ||
1412 | * shell from acquiring it later. | ||
1413 | */ | ||
1402 | if (!debug_flag && !inetd_flag && setsid() < 0) | 1414 | if (!debug_flag && !inetd_flag && setsid() < 0) |
1403 | error("setsid: %.100s", strerror(errno)); | 1415 | error("setsid: %.100s", strerror(errno)); |
1404 | #endif | 1416 | #endif |
@@ -1811,6 +1823,8 @@ do_ssh2_kex(void) | |||
1811 | 1823 | ||
1812 | /* start key exchange */ | 1824 | /* start key exchange */ |
1813 | kex = kex_setup(myproposal); | 1825 | kex = kex_setup(myproposal); |
1826 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | ||
1827 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | ||
1814 | kex->server = 1; | 1828 | kex->server = 1; |
1815 | kex->client_version_string=client_version_string; | 1829 | kex->client_version_string=client_version_string; |
1816 | kex->server_version_string=server_version_string; | 1830 | kex->server_version_string=server_version_string; |
diff --git a/sshd_config.0 b/sshd_config.0 index a4e31be0f..e234efdb4 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -1,445 +1,444 @@ | |||
1 | SSHD_CONFIG(5) System File Formats Manual SSHD_CONFIG(5) | 1 | SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5) |
2 | 2 | ||
3 | NAME | 3 | ^[[1mNAME^[[0m |
4 | sshd_config - OpenSSH SSH daemon configuration file | 4 | ^[[1msshd_config ^[[22mM-bMM-^R OpenSSH SSH daemon configuration file |
5 | 5 | ||
6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
7 | /etc/ssh/sshd_config | 7 | ^[[4m/etc/ssh/sshd_config^[[0m |
8 | 8 | ||
9 | DESCRIPTION | 9 | ^[[1mDESCRIPTION^[[0m |
10 | sshd reads configuration data from /etc/ssh/sshd_config (or the file | 10 | ^[[1msshd ^[[22mreads configuration data from ^[[4m/etc/ssh/sshd_config^[[24m (or the file |
11 | specified with -f on the command line). The file contains keyword-arguM-- | 11 | specified with ^[[1mM-bMM-^Rf ^[[22mon the command line). The file contains keywordM-bM-^@M-^ParguM-bM-^@M-^P |
12 | ment pairs, one per line. Lines starting with `#' and empty lines are | 12 | ment pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are |
13 | interpreted as comments. | 13 | interpreted as comments. |
14 | 14 | ||
15 | The possible keywords and their meanings are as follows (note that keyM-- | 15 | The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P |
16 | words are case-insensitive and arguments are case-sensitive): | 16 | words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive): |
17 | 17 | ||
18 | AFSTokenPassing | 18 | ^[[1mAFSTokenPassing^[[0m |
19 | Specifies whether an AFS token may be forwarded to the server. | 19 | Specifies whether an AFS token may be forwarded to the server. |
20 | Default is ``no''. | 20 | Default is M-bM-^@M-^\noM-bM-^@M-^]. |
21 | 21 | ||
22 | AllowGroups | 22 | ^[[1mAllowGroups^[[0m |
23 | This keyword can be followed by a list of group name patterns, | 23 | This keyword can be followed by a list of group name patterns, |
24 | separated by spaces. If specified, login is allowed only for | 24 | separated by spaces. If specified, login is allowed only for |
25 | users whose primary group or supplementary group list matches one | 25 | users whose primary group or supplementary group list matches one |
26 | of the patterns. `*' and `'? can be used as wildcards in the | 26 | of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the |
27 | patterns. Only group names are valid; a numerical group ID is | 27 | patterns. Only group names are valid; a numerical group ID is |
28 | not recognized. By default, login is allowed for all groups. | 28 | not recognized. By default, login is allowed for all groups. |
29 | 29 | ||
30 | AllowTcpForwarding | 30 | ^[[1mAllowTcpForwarding^[[0m |
31 | Specifies whether TCP forwarding is permitted. The default is | 31 | Specifies whether TCP forwarding is permitted. The default is |
32 | ``yes''. Note that disabling TCP forwarding does not improve | 32 | M-bM-^@M-^\yesM-bM-^@M-^]. Note that disabling TCP forwarding does not improve secuM-bM-^@M-^P |
33 | security unless users are also denied shell access, as they can | 33 | rity unless users are also denied shell access, as they can |
34 | always install their own forwarders. | 34 | always install their own forwarders. |
35 | 35 | ||
36 | AllowUsers | 36 | ^[[1mAllowUsers^[[0m |
37 | This keyword can be followed by a list of user name patterns, | 37 | This keyword can be followed by a list of user name patterns, |
38 | separated by spaces. If specified, login is allowed only for | 38 | separated by spaces. If specified, login is allowed only for |
39 | users names that match one of the patterns. `*' and `'? can be | 39 | user names that match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be |
40 | used as wildcards in the patterns. Only user names are valid; a | 40 | used as wildcards in the patterns. Only user names are valid; a |
41 | numerical user ID is not recognized. By default, login is | 41 | numerical user ID is not recognized. By default, login is |
42 | allowed for all users. If the pattern takes the form USER@HOST | 42 | allowed for all users. If the pattern takes the form USER@HOST |
43 | then USER and HOST are separately checked, restricting logins to | 43 | then USER and HOST are separately checked, restricting logins to |
44 | particular users from particular hosts. | 44 | particular users from particular hosts. |
45 | 45 | ||
46 | AuthorizedKeysFile | 46 | ^[[1mAuthorizedKeysFile^[[0m |
47 | Specifies the file that contains the public keys that can be used | 47 | Specifies the file that contains the public keys that can be used |
48 | for user authentication. AuthorizedKeysFile may contain tokens | 48 | for user authentication. ^[[1mAuthorizedKeysFile ^[[22mmay contain tokens |
49 | of the form %T which are substituted during connection set-up. | 49 | of the form %T which are substituted during connection setM-bM-^@M-^Pup. |
50 | The following tokens are defined: %% is replaced by a literal | 50 | The following tokens are defined: %% is replaced by a literal |
51 | '%', %h is replaced by the home directory of the user being | 51 | M-bM-^@M-^Y%M-bM-^@M-^Y, %h is replaced by the home directory of the user being |
52 | authenticated and %u is replaced by the username of that user. | 52 | authenticated and %u is replaced by the username of that user. |
53 | After expansion, AuthorizedKeysFile is taken to be an absolute | 53 | After expansion, ^[[1mAuthorizedKeysFile ^[[22mis taken to be an absolute |
54 | path or one relative to the user's home directory. The default | 54 | path or one relative to the userM-bM-^@M-^Ys home directory. The default |
55 | is ``.ssh/authorized_keys''. | 55 | is M-bM-^@M-^\.ssh/authorized_keysM-bM-^@M-^]. |
56 | 56 | ||
57 | Banner In some jurisdictions, sending a warning message before authentiM-- | 57 | ^[[1mBanner ^[[22mIn some jurisdictions, sending a warning message before authentiM-bM-^@M-^P |
58 | cation may be relevant for getting legal protection. The conM-- | 58 | cation may be relevant for getting legal protection. The conM-bM-^@M-^P |
59 | tents of the specified file are sent to the remote user before | 59 | tents of the specified file are sent to the remote user before |
60 | authentication is allowed. This option is only available for | 60 | authentication is allowed. This option is only available for |
61 | protocol version 2. By default, no banner is displayed. | 61 | protocol version 2. By default, no banner is displayed. |
62 | 62 | ||
63 | ChallengeResponseAuthentication | 63 | ^[[1mChallengeResponseAuthentication^[[0m |
64 | Specifies whether challenge response authentication is allowed. | 64 | Specifies whether challenge response authentication is allowed. |
65 | All authentication styles from login.conf(5) are supported. The | 65 | All authentication styles from login.conf(5) are supported. The |
66 | default is ``yes''. | 66 | default is M-bM-^@M-^\yesM-bM-^@M-^]. |
67 | 67 | ||
68 | Ciphers | 68 | ^[[1mCiphers^[[0m |
69 | Specifies the ciphers allowed for protocol version 2. Multiple | 69 | Specifies the ciphers allowed for protocol version 2. Multiple |
70 | ciphers must be comma-separated. The default is | 70 | ciphers must be commaM-bM-^@M-^Pseparated. The default is |
71 | 71 | ||
72 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | 72 | M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour, |
73 | aes192-cbc,aes256-cbc'' | 73 | aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y |
74 | 74 | ||
75 | ClientAliveInterval | 75 | ^[[1mClientAliveInterval^[[0m |
76 | Sets a timeout interval in seconds after which if no data has | 76 | Sets a timeout interval in seconds after which if no data has |
77 | been received from the client, sshd will send a message through | 77 | been received from the client, ^[[1msshd ^[[22mwill send a message through |
78 | the encrypted channel to request a response from the client. The | 78 | the encrypted channel to request a response from the client. The |
79 | default is 0, indicating that these messages will not be sent to | 79 | default is 0, indicating that these messages will not be sent to |
80 | the client. This option applies to protocol version 2 only. | 80 | the client. This option applies to protocol version 2 only. |
81 | 81 | ||
82 | ClientAliveCountMax | 82 | ^[[1mClientAliveCountMax^[[0m |
83 | Sets the number of client alive messages (see above) which may be | 83 | Sets the number of client alive messages (see above) which may be |
84 | sent without sshd receiving any messages back from the client. If | 84 | sent without ^[[1msshd ^[[22mreceiving any messages back from the client. If |
85 | this threshold is reached while client alive messages are being | 85 | this threshold is reached while client alive messages are being |
86 | sent, sshd will disconnect the client, terminating the session. | 86 | sent, ^[[1msshd ^[[22mwill disconnect the client, terminating the session. |
87 | It is important to note that the use of client alive messages is | 87 | It is important to note that the use of client alive messages is |
88 | very different from KeepAlive (below). The client alive messages | 88 | very different from ^[[1mKeepAlive ^[[22m(below). The client alive messages |
89 | are sent through the encrypted channel and therefore will not be | 89 | are sent through the encrypted channel and therefore will not be |
90 | spoofable. The TCP keepalive option enabled by KeepAlive is | 90 | spoofable. The TCP keepalive option enabled by ^[[1mKeepAlive ^[[22mis |
91 | spoofable. The client alive mechanism is valuable when the client | 91 | spoofable. The client alive mechanism is valuable when the client |
92 | or server depend on knowing when a connection has become inacM-- | 92 | or server depend on knowing when a connection has become inacM-bM-^@M-^P |
93 | tive. | 93 | tive. |
94 | 94 | ||
95 | The default value is 3. If ClientAliveInterval (above) is set to | 95 | The default value is 3. If ^[[1mClientAliveInterval ^[[22m(above) is set to |
96 | 15, and ClientAliveCountMax is left at the default, unresponsive | 96 | 15, and ^[[1mClientAliveCountMax ^[[22mis left at the default, unresponsive |
97 | ssh clients will be disconnected after approximately 45 seconds. | 97 | ssh clients will be disconnected after approximately 45 seconds. |
98 | 98 | ||
99 | Compression | 99 | ^[[1mCompression^[[0m |
100 | Specifies whether compression is allowed. The argument must be | 100 | Specifies whether compression is allowed. The argument must be |
101 | ``yes'' or ``no''. The default is ``yes''. | 101 | M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
102 | 102 | ||
103 | DenyGroups | 103 | ^[[1mDenyGroups^[[0m |
104 | This keyword can be followed by a list of group name patterns, | 104 | This keyword can be followed by a list of group name patterns, |
105 | separated by spaces. Login is disallowed for users whose primary | 105 | separated by spaces. Login is disallowed for users whose primary |
106 | group or supplementary group list matches one of the patterns. | 106 | group or supplementary group list matches one of the patterns. |
107 | `*' and `'? can be used as wildcards in the patterns. Only | 107 | M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the patterns. Only |
108 | group names are valid; a numerical group ID is not recognized. | 108 | group names are valid; a numerical group ID is not recognized. |
109 | By default, login is allowed for all groups. | 109 | By default, login is allowed for all groups. |
110 | 110 | ||
111 | DenyUsers | 111 | ^[[1mDenyUsers^[[0m |
112 | This keyword can be followed by a list of user name patterns, | 112 | This keyword can be followed by a list of user name patterns, |
113 | separated by spaces. Login is disallowed for user names that | 113 | separated by spaces. Login is disallowed for user names that |
114 | match one of the patterns. `*' and `'? can be used as wildcards | 114 | match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards |
115 | in the patterns. Only user names are valid; a numerical user ID | 115 | in the patterns. Only user names are valid; a numerical user ID |
116 | is not recognized. By default, login is allowed for all users. | 116 | is not recognized. By default, login is allowed for all users. |
117 | If the pattern takes the form USER@HOST then USER and HOST are | 117 | If the pattern takes the form USER@HOST then USER and HOST are |
118 | separately checked, restricting logins to particular users from | 118 | separately checked, restricting logins to particular users from |
119 | particular hosts. | 119 | particular hosts. |
120 | 120 | ||
121 | GatewayPorts | 121 | ^[[1mGatewayPorts^[[0m |
122 | Specifies whether remote hosts are allowed to connect to ports | 122 | Specifies whether remote hosts are allowed to connect to ports |
123 | forwarded for the client. By default, sshd binds remote port | 123 | forwarded for the client. By default, ^[[1msshd ^[[22mbinds remote port |
124 | forwardings to the loopback address. This prevents other remote | 124 | forwardings to the loopback address. This prevents other remote |
125 | hosts from connecting to forwarded ports. GatewayPorts can be | 125 | hosts from connecting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be |
126 | used to specify that sshd should bind remote port forwardings to | 126 | used to specify that ^[[1msshd ^[[22mshould bind remote port forwardings to |
127 | the wildcard address, thus allowing remote hosts to connect to | 127 | the wildcard address, thus allowing remote hosts to connect to |
128 | forwarded ports. The argument must be ``yes'' or ``no''. The | 128 | forwarded ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
129 | default is ``no''. | 129 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
130 | 130 | ||
131 | HostbasedAuthentication | 131 | ^[[1mHostbasedAuthentication^[[0m |
132 | Specifies whether rhosts or /etc/hosts.equiv authentication | 132 | Specifies whether rhosts or /etc/hosts.equiv authentication |
133 | together with successful public key client host authentication is | 133 | together with successful public key client host authentication is |
134 | allowed (hostbased authentication). This option is similar to | 134 | allowed (hostbased authentication). This option is similar to |
135 | RhostsRSAAuthentication and applies to protocol version 2 only. | 135 | ^[[1mRhostsRSAAuthentication ^[[22mand applies to protocol version 2 only. |
136 | The default is ``no''. | 136 | The default is M-bM-^@M-^\noM-bM-^@M-^]. |
137 | 137 | ||
138 | HostKey | 138 | ^[[1mHostKey^[[0m |
139 | Specifies a file containing a private host key used by SSH. The | 139 | Specifies a file containing a private host key used by SSH. The |
140 | default is /etc/ssh/ssh_host_key for protocol version 1, and | 140 | default is ^[[4m/etc/ssh/ssh_host_key^[[24m for protocol version 1, and |
141 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for proM-- | 141 | ^[[4m/etc/ssh/ssh_host_rsa_key^[[24m and ^[[4m/etc/ssh/ssh_host_dsa_key^[[24m for proM-bM-^@M-^P |
142 | tocol version 2. Note that sshd will refuse to use a file if it | 142 | tocol version 2. Note that ^[[1msshd ^[[22mwill refuse to use a file if it |
143 | is group/world-accessible. It is possible to have multiple host | 143 | is group/worldM-bM-^@M-^Paccessible. It is possible to have multiple host |
144 | key files. ``rsa1'' keys are used for version 1 and ``dsa'' or | 144 | key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] |
145 | ``rsa'' are used for version 2 of the SSH protocol. | 145 | are used for version 2 of the SSH protocol. |
146 | 146 | ||
147 | IgnoreRhosts | 147 | ^[[1mIgnoreRhosts^[[0m |
148 | Specifies that .rhosts and .shosts files will not be used in | 148 | Specifies that ^[[4m.rhosts^[[24m and ^[[4m.shosts^[[24m files will not be used in |
149 | RhostsAuthentication, RhostsRSAAuthentication or | 149 | ^[[1mRhostsAuthentication^[[22m, ^[[1mRhostsRSAAuthentication ^[[22mor |
150 | HostbasedAuthentication. | 150 | ^[[1mHostbasedAuthentication^[[22m. |
151 | 151 | ||
152 | /etc/hosts.equiv and /etc/shosts.equiv are still used. The | 152 | ^[[4m/etc/hosts.equiv^[[24m and ^[[4m/etc/shosts.equiv^[[24m are still used. The |
153 | default is ``yes''. | 153 | default is M-bM-^@M-^\yesM-bM-^@M-^]. |
154 | 154 | ||
155 | IgnoreUserKnownHosts | 155 | ^[[1mIgnoreUserKnownHosts^[[0m |
156 | Specifies whether sshd should ignore the user's | 156 | Specifies whether ^[[1msshd ^[[22mshould ignore the userM-bM-^@M-^Ys |
157 | $HOME/.ssh/known_hosts during RhostsRSAAuthentication or | 157 | ^[[4m$HOME/.ssh/known_hosts^[[24m during ^[[1mRhostsRSAAuthentication ^[[22mor |
158 | HostbasedAuthentication. The default is ``no''. | 158 | ^[[1mHostbasedAuthentication^[[22m. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
159 | 159 | ||
160 | KeepAlive | 160 | ^[[1mKeepAlive^[[0m |
161 | Specifies whether the system should send TCP keepalive messages | 161 | Specifies whether the system should send TCP keepalive messages |
162 | to the other side. If they are sent, death of the connection or | 162 | to the other side. If they are sent, death of the connection or |
163 | crash of one of the machines will be properly noticed. However, | 163 | crash of one of the machines will be properly noticed. However, |
164 | this means that connections will die if the route is down temM-- | 164 | this means that connections will die if the route is down temM-bM-^@M-^P |
165 | porarily, and some people find it annoying. On the other hand, | 165 | porarily, and some people find it annoying. On the other hand, |
166 | if keepalives are not sent, sessions may hang indefinitely on the | 166 | if keepalives are not sent, sessions may hang indefinitely on the |
167 | server, leaving ``ghost'' users and consuming server resources. | 167 | server, leaving M-bM-^@M-^\ghostM-bM-^@M-^] users and consuming server resources. |
168 | 168 | ||
169 | The default is ``yes'' (to send keepalives), and the server will | 169 | The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the server will |
170 | notice if the network goes down or the client host crashes. This | 170 | notice if the network goes down or the client host crashes. This |
171 | avoids infinitely hanging sessions. | 171 | avoids infinitely hanging sessions. |
172 | 172 | ||
173 | To disable keepalives, the value should be set to ``no''. | 173 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. |
174 | 174 | ||
175 | KerberosAuthentication | 175 | ^[[1mKerberosAuthentication^[[0m |
176 | Specifies whether Kerberos authentication is allowed. This can | 176 | Specifies whether Kerberos authentication is allowed. This can |
177 | be in the form of a Kerberos ticket, or if PasswordAuthentication | 177 | be in the form of a Kerberos ticket, or if ^[[1mPasswordAuthentication^[[0m |
178 | is yes, the password provided by the user will be validated | 178 | is yes, the password provided by the user will be validated |
179 | through the Kerberos KDC. To use this option, the server needs a | 179 | through the Kerberos KDC. To use this option, the server needs a |
180 | Kerberos servtab which allows the verification of the KDC's idenM-- | 180 | Kerberos servtab which allows the verification of the KDCM-bM-^@M-^Ys idenM-bM-^@M-^P |
181 | tity. Default is ``no''. | 181 | tity. Default is M-bM-^@M-^\noM-bM-^@M-^]. |
182 | 182 | ||
183 | KerberosOrLocalPasswd | 183 | ^[[1mKerberosOrLocalPasswd^[[0m |
184 | If set then if password authentication through Kerberos fails | 184 | If set then if password authentication through Kerberos fails |
185 | then the password will be validated via any additional local | 185 | then the password will be validated via any additional local |
186 | mechanism such as /etc/passwd. Default is ``yes''. | 186 | mechanism such as ^[[4m/etc/passwd^[[24m. Default is M-bM-^@M-^\yesM-bM-^@M-^]. |
187 | 187 | ||
188 | KerberosTgtPassing | 188 | ^[[1mKerberosTgtPassing^[[0m |
189 | Specifies whether a Kerberos TGT may be forwarded to the server. | 189 | Specifies whether a Kerberos TGT may be forwarded to the server. |
190 | Default is ``no'', as this only works when the Kerberos KDC is | 190 | Default is M-bM-^@M-^\noM-bM-^@M-^], as this only works when the Kerberos KDC is |
191 | actually an AFS kaserver. | 191 | actually an AFS kaserver. |
192 | 192 | ||
193 | KerberosTicketCleanup | 193 | ^[[1mKerberosTicketCleanup^[[0m |
194 | Specifies whether to automatically destroy the user's ticket | 194 | Specifies whether to automatically destroy the userM-bM-^@M-^Ys ticket |
195 | cache file on logout. Default is ``yes''. | 195 | cache file on logout. Default is M-bM-^@M-^\yesM-bM-^@M-^]. |
196 | 196 | ||
197 | KeyRegenerationInterval | 197 | ^[[1mKeyRegenerationInterval^[[0m |
198 | In protocol version 1, the ephemeral server key is automatically | 198 | In protocol version 1, the ephemeral server key is automatically |
199 | regenerated after this many seconds (if it has been used). The | 199 | regenerated after this many seconds (if it has been used). The |
200 | purpose of regeneration is to prevent decrypting captured sesM-- | 200 | purpose of regeneration is to prevent decrypting captured sesM-bM-^@M-^P |
201 | sions by later breaking into the machine and stealing the keys. | 201 | sions by later breaking into the machine and stealing the keys. |
202 | The key is never stored anywhere. If the value is 0, the key is | 202 | The key is never stored anywhere. If the value is 0, the key is |
203 | never regenerated. The default is 3600 (seconds). | 203 | never regenerated. The default is 3600 (seconds). |
204 | 204 | ||
205 | ListenAddress | 205 | ^[[1mListenAddress^[[0m |
206 | Specifies the local addresses sshd should listen on. The followM-- | 206 | Specifies the local addresses ^[[1msshd ^[[22mshould listen on. The followM-bM-^@M-^P |
207 | ing forms may be used: | 207 | ing forms may be used: |
208 | 208 | ||
209 | ListenAddress host|IPv4_addr|IPv6_addr | 209 | ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m|^[[4mIPv6_addr^[[0m |
210 | ListenAddress host|IPv4_addr:port | 210 | ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m:^[[4mport^[[0m |
211 | ListenAddress [host|IPv6_addr]:port | 211 | ^[[1mListenAddress ^[[22m[^[[4mhost^[[24m|^[[4mIPv6_addr^[[24m]:^[[4mport^[[0m |
212 | 212 | ||
213 | If port is not specified, sshd will listen on the address and all | 213 | If ^[[4mport^[[24m is not specified, ^[[1msshd ^[[22mwill listen on the address and all |
214 | prior Port options specified. The default is to listen on all | 214 | prior ^[[1mPort ^[[22moptions specified. The default is to listen on all |
215 | local addresses. Multiple ListenAddress options are permitted. | 215 | local addresses. Multiple ^[[1mListenAddress ^[[22moptions are permitted. |
216 | Additionally, any Port options must precede this option for non | 216 | Additionally, any ^[[1mPort ^[[22moptions must precede this option for non |
217 | port qualified addresses. | 217 | port qualified addresses. |
218 | 218 | ||
219 | LoginGraceTime | 219 | ^[[1mLoginGraceTime^[[0m |
220 | The server disconnects after this time if the user has not sucM-- | 220 | The server disconnects after this time if the user has not sucM-bM-^@M-^P |
221 | cessfully logged in. If the value is 0, there is no time limit. | 221 | cessfully logged in. If the value is 0, there is no time limit. |
222 | The default is 120 seconds. | 222 | The default is 120 seconds. |
223 | 223 | ||
224 | LogLevel | 224 | ^[[1mLogLevel^[[0m |
225 | Gives the verbosity level that is used when logging messages from | 225 | Gives the verbosity level that is used when logging messages from |
226 | sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-- | 226 | ^[[1msshd^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P |
227 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. | 227 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. |
228 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | 228 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify |
229 | higher levels of debugging output. Logging with a DEBUG level | 229 | higher levels of debugging output. Logging with a DEBUG level |
230 | violates the privacy of users and is not recommended. | 230 | violates the privacy of users and is not recommended. |
231 | 231 | ||
232 | MACs Specifies the available MAC (message authentication code) algoM-- | 232 | ^[[1mMACs ^[[22mSpecifies the available MAC (message authentication code) algoM-bM-^@M-^P |
233 | rithms. The MAC algorithm is used in protocol version 2 for data | 233 | rithms. The MAC algorithm is used in protocol version 2 for data |
234 | integrity protection. Multiple algorithms must be comma-sepaM-- | 234 | integrity protection. Multiple algorithms must be commaM-bM-^@M-^PsepaM-bM-^@M-^P |
235 | rated. The default is | 235 | rated. The default is |
236 | ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. | 236 | M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^]. |
237 | 237 | ||
238 | MaxStartups | 238 | ^[[1mMaxStartups^[[0m |
239 | Specifies the maximum number of concurrent unauthenticated conM-- | 239 | Specifies the maximum number of concurrent unauthenticated conM-bM-^@M-^P |
240 | nections to the sshd daemon. Additional connections will be | 240 | nections to the ^[[1msshd ^[[22mdaemon. Additional connections will be |
241 | dropped until authentication succeeds or the LoginGraceTime | 241 | dropped until authentication succeeds or the ^[[1mLoginGraceTime^[[0m |
242 | expires for a connection. The default is 10. | 242 | expires for a connection. The default is 10. |
243 | 243 | ||
244 | Alternatively, random early drop can be enabled by specifying the | 244 | Alternatively, random early drop can be enabled by specifying the |
245 | three colon separated values ``start:rate:full'' (e.g., | 245 | three colon separated values M-bM-^@M-^\start:rate:fullM-bM-^@M-^] (e.g., |
246 | "10:30:60"). sshd will refuse connection attempts with a probaM-- | 246 | "10:30:60"). ^[[1msshd ^[[22mwill refuse connection attempts with a probaM-bM-^@M-^P |
247 | bility of ``rate/100'' (30%) if there are currently ``start'' | 247 | bility of M-bM-^@M-^\rate/100M-bM-^@M-^] (30%) if there are currently M-bM-^@M-^\startM-bM-^@M-^] (10) |
248 | (10) unauthenticated connections. The probability increases linM-- | 248 | unauthenticated connections. The probability increases linearly |
249 | early and all connection attempts are refused if the number of | 249 | and all connection attempts are refused if the number of unauM-bM-^@M-^P |
250 | unauthenticated connections reaches ``full'' (60). | 250 | thenticated connections reaches M-bM-^@M-^\fullM-bM-^@M-^] (60). |
251 | 251 | ||
252 | PAMAuthenticationViaKbdInt | 252 | ^[[1mPAMAuthenticationViaKbdInt^[[0m |
253 | Specifies whether PAM challenge response authentication is | 253 | Specifies whether PAM challenge response authentication is |
254 | allowed. This allows the use of most PAM challenge response | 254 | allowed. This allows the use of most PAM challenge response |
255 | authentication modules, but it will allow password authentication | 255 | authentication modules, but it will allow password authentication |
256 | regardless of whether PasswordAuthentication is enabled. | 256 | regardless of whether ^[[1mPasswordAuthentication ^[[22mis enabled. |
257 | 257 | ||
258 | PasswordAuthentication | 258 | ^[[1mPasswordAuthentication^[[0m |
259 | Specifies whether password authentication is allowed. The | 259 | Specifies whether password authentication is allowed. The |
260 | default is ``yes''. | 260 | default is M-bM-^@M-^\yesM-bM-^@M-^]. |
261 | 261 | ||
262 | PermitEmptyPasswords | 262 | ^[[1mPermitEmptyPasswords^[[0m |
263 | When password authentication is allowed, it specifies whether the | 263 | When password authentication is allowed, it specifies whether the |
264 | server allows login to accounts with empty password strings. The | 264 | server allows login to accounts with empty password strings. The |
265 | default is ``no''. | 265 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
266 | 266 | ||
267 | PermitRootLogin | 267 | ^[[1mPermitRootLogin^[[0m |
268 | Specifies whether root can login using ssh(1). The argument must | 268 | Specifies whether root can login using ssh(1). The argument must |
269 | be ``yes'', ``without-password'', ``forced-commands-only'' or | 269 | be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^], M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. |
270 | ``no''. The default is ``yes''. | 270 | The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
271 | 271 | ||
272 | If this option is set to ``without-password'' password authentiM-- | 272 | If this option is set to M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^] password authenticaM-bM-^@M-^P |
273 | cation is disabled for root. | 273 | tion is disabled for root. |
274 | 274 | ||
275 | If this option is set to ``forced-commands-only'' root login with | 275 | If this option is set to M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] root login with |
276 | public key authentication will be allowed, but only if the | 276 | public key authentication will be allowed, but only if the |
277 | command option has been specified (which may be useful for taking | 277 | ^[[4mcommand^[[24m option has been specified (which may be useful for taking |
278 | remote backups even if root login is normally not allowed). All | 278 | remote backups even if root login is normally not allowed). All |
279 | other authentication methods are disabled for root. | 279 | other authentication methods are disabled for root. |
280 | 280 | ||
281 | If this option is set to ``no'' root is not allowed to login. | 281 | If this option is set to M-bM-^@M-^\noM-bM-^@M-^] root is not allowed to login. |
282 | 282 | ||
283 | PermitUserEnvironment | 283 | ^[[1mPermitUserEnvironment^[[0m |
284 | Specifies whether ~/.ssh/environment and environment= options in | 284 | Specifies whether ^[[4m~/.ssh/environment^[[24m and ^[[1menvironment= ^[[22moptions in |
285 | ~/.ssh/authorized_keys are processed by sshd. The default is | 285 | ^[[4m~/.ssh/authorized_keys^[[24m are processed by ^[[1msshd^[[22m. The default is |
286 | ``no''. Enabling environment processing may enable users to | 286 | M-bM-^@M-^\noM-bM-^@M-^]. Enabling environment processing may enable users to bypass |
287 | bypass access restrictions in some configurations using mechaM-- | 287 | access restrictions in some configurations using mechanisms such |
288 | nisms such as LD_PRELOAD. | 288 | as LD_PRELOAD. |
289 | 289 | ||
290 | PidFile | 290 | ^[[1mPidFile^[[0m |
291 | Specifies the file that contains the process ID of the sshd daeM-- | 291 | Specifies the file that contains the process ID of the ^[[1msshd ^[[22mdaeM-bM-^@M-^P |
292 | mon. The default is /var/run/sshd.pid. | 292 | mon. The default is ^[[4m/var/run/sshd.pid^[[24m. |
293 | 293 | ||
294 | Port Specifies the port number that sshd listens on. The default is | 294 | ^[[1mPort ^[[22mSpecifies the port number that ^[[1msshd ^[[22mlistens on. The default is |
295 | 22. Multiple options of this type are permitted. See also | 295 | 22. Multiple options of this type are permitted. See also |
296 | ListenAddress. | 296 | ^[[1mListenAddress^[[22m. |
297 | 297 | ||
298 | PrintLastLog | 298 | ^[[1mPrintLastLog^[[0m |
299 | Specifies whether sshd should print the date and time when the | 299 | Specifies whether ^[[1msshd ^[[22mshould print the date and time when the |
300 | user last logged in. The default is ``yes''. | 300 | user last logged in. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
301 | 301 | ||
302 | PrintMotd | 302 | ^[[1mPrintMotd^[[0m |
303 | Specifies whether sshd should print /etc/motd when a user logs in | 303 | Specifies whether ^[[1msshd ^[[22mshould print ^[[4m/etc/motd^[[24m when a user logs in |
304 | interactively. (On some systems it is also printed by the shell, | 304 | interactively. (On some systems it is also printed by the shell, |
305 | /etc/profile, or equivalent.) The default is ``yes''. | 305 | ^[[4m/etc/profile^[[24m, or equivalent.) The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
306 | 306 | ||
307 | Protocol | 307 | ^[[1mProtocol^[[0m |
308 | Specifies the protocol versions sshd supports. The possible valM-- | 308 | Specifies the protocol versions ^[[1msshd ^[[22msupports. The possible valM-bM-^@M-^P |
309 | ues are ``1'' and ``2''. Multiple versions must be comma-sepaM-- | 309 | ues are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple versions must be commaM-bM-^@M-^Pseparated. |
310 | rated. The default is ``2,1''. Note that the order of the proM-- | 310 | The default is M-bM-^@M-^\2,1M-bM-^@M-^]. Note that the order of the protocol list |
311 | tocol list does not indicate preference, because the client | 311 | does not indicate preference, because the client selects among |
312 | selects among multiple protocol versions offered by the server. | 312 | multiple protocol versions offered by the server. Specifying |
313 | Specifying ``2,1'' is identical to ``1,2''. | 313 | M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^]. |
314 | 314 | ||
315 | PubkeyAuthentication | 315 | ^[[1mPubkeyAuthentication^[[0m |
316 | Specifies whether public key authentication is allowed. The | 316 | Specifies whether public key authentication is allowed. The |
317 | default is ``yes''. Note that this option applies to protocol | 317 | default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option applies to protocol verM-bM-^@M-^P |
318 | version 2 only. | 318 | sion 2 only. |
319 | 319 | ||
320 | RhostsAuthentication | 320 | ^[[1mRhostsAuthentication^[[0m |
321 | Specifies whether authentication using rhosts or /etc/hosts.equiv | 321 | Specifies whether authentication using rhosts or /etc/hosts.equiv |
322 | files is sufficient. Normally, this method should not be permitM-- | 322 | files is sufficient. Normally, this method should not be permitM-bM-^@M-^P |
323 | ted because it is insecure. RhostsRSAAuthentication should be | 323 | ted because it is insecure. ^[[1mRhostsRSAAuthentication ^[[22mshould be |
324 | used instead, because it performs RSA-based host authentication | 324 | used instead, because it performs RSAM-bM-^@M-^Pbased host authentication |
325 | in addition to normal rhosts or /etc/hosts.equiv authentication. | 325 | in addition to normal rhosts or /etc/hosts.equiv authentication. |
326 | The default is ``no''. This option applies to protocol version 1 | 326 | The default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 |
327 | only. | 327 | only. |
328 | 328 | ||
329 | RhostsRSAAuthentication | 329 | ^[[1mRhostsRSAAuthentication^[[0m |
330 | Specifies whether rhosts or /etc/hosts.equiv authentication | 330 | Specifies whether rhosts or /etc/hosts.equiv authentication |
331 | together with successful RSA host authentication is allowed. The | 331 | together with successful RSA host authentication is allowed. The |
332 | default is ``no''. This option applies to protocol version 1 | 332 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only. |
333 | only. | ||
334 | 333 | ||
335 | RSAAuthentication | 334 | ^[[1mRSAAuthentication^[[0m |
336 | Specifies whether pure RSA authentication is allowed. The | 335 | Specifies whether pure RSA authentication is allowed. The |
337 | default is ``yes''. This option applies to protocol version 1 | 336 | default is M-bM-^@M-^\yesM-bM-^@M-^]. This option applies to protocol version 1 |
338 | only. | 337 | only. |
339 | 338 | ||
340 | ServerKeyBits | 339 | ^[[1mServerKeyBits^[[0m |
341 | Defines the number of bits in the ephemeral protocol version 1 | 340 | Defines the number of bits in the ephemeral protocol version 1 |
342 | server key. The minimum value is 512, and the default is 768. | 341 | server key. The minimum value is 512, and the default is 768. |
343 | 342 | ||
344 | StrictModes | 343 | ^[[1mStrictModes^[[0m |
345 | Specifies whether sshd should check file modes and ownership of | 344 | Specifies whether ^[[1msshd ^[[22mshould check file modes and ownership of |
346 | the user's files and home directory before accepting login. This | 345 | the userM-bM-^@M-^Ys files and home directory before accepting login. This |
347 | is normally desirable because novices sometimes accidentally | 346 | is normally desirable because novices sometimes accidentally |
348 | leave their directory or files world-writable. The default is | 347 | leave their directory or files worldM-bM-^@M-^Pwritable. The default is |
349 | ``yes''. | 348 | M-bM-^@M-^\yesM-bM-^@M-^]. |
350 | 349 | ||
351 | Subsystem | 350 | ^[[1mSubsystem^[[0m |
352 | Configures an external subsystem (e.g., file transfer daemon). | 351 | Configures an external subsystem (e.g., file transfer daemon). |
353 | Arguments should be a subsystem name and a command to execute | 352 | Arguments should be a subsystem name and a command to execute |
354 | upon subsystem request. The command sftp-server(8) implements | 353 | upon subsystem request. The command sftpM-bM-^@M-^Pserver(8) implements |
355 | the ``sftp'' file transfer subsystem. By default no subsystems | 354 | the M-bM-^@M-^\sftpM-bM-^@M-^] file transfer subsystem. By default no subsystems are |
356 | are defined. Note that this option applies to protocol version 2 | 355 | defined. Note that this option applies to protocol version 2 |
357 | only. | 356 | only. |
358 | 357 | ||
359 | SyslogFacility | 358 | ^[[1mSyslogFacility^[[0m |
360 | Gives the facility code that is used when logging messages from | 359 | Gives the facility code that is used when logging messages from |
361 | sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, | 360 | ^[[1msshd^[[22m. The possible values are: DAEMON, USER, AUTH, LOCAL0, |
362 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The | 361 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The |
363 | default is AUTH. | 362 | default is AUTH. |
364 | 363 | ||
365 | UseLogin | 364 | ^[[1mUseLogin^[[0m |
366 | Specifies whether login(1) is used for interactive login sesM-- | 365 | Specifies whether login(1) is used for interactive login sesM-bM-^@M-^P |
367 | sions. The default is ``no''. Note that login(1) is never used | 366 | sions. The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that login(1) is never used |
368 | for remote command execution. Note also, that if this is | 367 | for remote command execution. Note also, that if this is |
369 | enabled, X11Forwarding will be disabled because login(1) does not | 368 | enabled, ^[[1mX11Forwarding ^[[22mwill be disabled because login(1) does not |
370 | know how to handle xauth(1) cookies. If UsePrivilegeSeparation | 369 | know how to handle xauth(1) cookies. If ^[[1mUsePrivilegeSeparation^[[0m |
371 | is specified, it will be disabled after authentication. | 370 | is specified, it will be disabled after authentication. |
372 | 371 | ||
373 | UsePrivilegeSeparation | 372 | ^[[1mUsePrivilegeSeparation^[[0m |
374 | Specifies whether sshd separates privileges by creating an | 373 | Specifies whether ^[[1msshd ^[[22mseparates privileges by creating an |
375 | unprivileged child process to deal with incoming network traffic. | 374 | unprivileged child process to deal with incoming network traffic. |
376 | After successful authentication, another process will be created | 375 | After successful authentication, another process will be created |
377 | that has the privilege of the authenticated user. The goal of | 376 | that has the privilege of the authenticated user. The goal of |
378 | privilege separation is to prevent privilege escalation by conM-- | 377 | privilege separation is to prevent privilege escalation by conM-bM-^@M-^P |
379 | taining any corruption within the unprivileged processes. The | 378 | taining any corruption within the unprivileged processes. The |
380 | default is ``yes''. | 379 | default is M-bM-^@M-^\yesM-bM-^@M-^]. |
381 | 380 | ||
382 | VerifyReverseMapping | 381 | ^[[1mVerifyReverseMapping^[[0m |
383 | Specifies whether sshd should try to verify the remote host name | 382 | Specifies whether ^[[1msshd ^[[22mshould try to verify the remote host name |
384 | and check that the resolved host name for the remote IP address | 383 | and check that the resolved host name for the remote IP address |
385 | maps back to the very same IP address. The default is ``no''. | 384 | maps back to the very same IP address. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
386 | 385 | ||
387 | X11DisplayOffset | 386 | ^[[1mX11DisplayOffset^[[0m |
388 | Specifies the first display number available for sshd's X11 forM-- | 387 | Specifies the first display number available for ^[[1msshd^[[22mM-bM-^@M-^Ys X11 forM-bM-^@M-^P |
389 | warding. This prevents sshd from interfering with real X11 | 388 | warding. This prevents ^[[1msshd ^[[22mfrom interfering with real X11 |
390 | servers. The default is 10. | 389 | servers. The default is 10. |
391 | 390 | ||
392 | X11Forwarding | 391 | ^[[1mX11Forwarding^[[0m |
393 | Specifies whether X11 forwarding is permitted. The argument must | 392 | Specifies whether X11 forwarding is permitted. The argument must |
394 | be ``yes'' or ``no''. The default is ``no''. | 393 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
395 | 394 | ||
396 | When X11 forwarding is enabled, there may be additional exposure | 395 | When X11 forwarding is enabled, there may be additional exposure |
397 | to the server and to client displays if the sshd proxy display is | 396 | to the server and to client displays if the ^[[1msshd ^[[22mproxy display is |
398 | configured to listen on the wildcard address (see X11UseLocalhost | 397 | configured to listen on the wildcard address (see ^[[1mX11UseLocalhost^[[0m |
399 | below), however this is not the default. Additionally, the | 398 | below), however this is not the default. Additionally, the |
400 | authentication spoofing and authentication data verification and | 399 | authentication spoofing and authentication data verification and |
401 | substitution occur on the client side. The security risk of | 400 | substitution occur on the client side. The security risk of |
402 | using X11 forwarding is that the client's X11 display server may | 401 | using X11 forwarding is that the clientM-bM-^@M-^Ys X11 display server may |
403 | be exposed to attack when the ssh client requests forwarding (see | 402 | be exposed to attack when the ssh client requests forwarding (see |
404 | the warnings for ForwardX11 in ssh_config(5) ). A system adminisM-- | 403 | the warnings for ^[[1mForwardX11 ^[[22min ssh_config(5) ). A system adminisM-bM-^@M-^P |
405 | trator may have a stance in which they want to protect clients | 404 | trator may have a stance in which they want to protect clients |
406 | that may expose themselves to attack by unwittingly requesting | 405 | that may expose themselves to attack by unwittingly requesting |
407 | X11 forwarding, which can warrant a ``no'' setting. | 406 | X11 forwarding, which can warrant a M-bM-^@M-^\noM-bM-^@M-^] setting. |
408 | 407 | ||
409 | Note that disabling X11 forwarding does not prevent users from | 408 | Note that disabling X11 forwarding does not prevent users from |
410 | forwarding X11 traffic, as users can always install their own | 409 | forwarding X11 traffic, as users can always install their own |
411 | forwarders. X11 forwarding is automatically disabled if UseLogin | 410 | forwarders. X11 forwarding is automatically disabled if ^[[1mUseLogin^[[0m |
412 | is enabled. | 411 | is enabled. |
413 | 412 | ||
414 | X11UseLocalhost | 413 | ^[[1mX11UseLocalhost^[[0m |
415 | Specifies whether sshd should bind the X11 forwarding server to | 414 | Specifies whether ^[[1msshd ^[[22mshould bind the X11 forwarding server to |
416 | the loopback address or to the wildcard address. By default, | 415 | the loopback address or to the wildcard address. By default, |
417 | sshd binds the forwarding server to the loopback address and sets | 416 | ^[[1msshd ^[[22mbinds the forwarding server to the loopback address and sets |
418 | the hostname part of the DISPLAY environment variable to | 417 | the hostname part of the DISPLAY environment variable to |
419 | ``localhost''. This prevents remote hosts from connecting to the | 418 | M-bM-^@M-^\localhostM-bM-^@M-^]. This prevents remote hosts from connecting to the |
420 | proxy display. However, some older X11 clients may not function | 419 | proxy display. However, some older X11 clients may not function |
421 | with this configuration. X11UseLocalhost may be set to ``no'' to | 420 | with this configuration. ^[[1mX11UseLocalhost ^[[22mmay be set to M-bM-^@M-^\noM-bM-^@M-^] to |
422 | specify that the forwarding server should be bound to the wildM-- | 421 | specify that the forwarding server should be bound to the wildM-bM-^@M-^P |
423 | card address. The argument must be ``yes'' or ``no''. The | 422 | card address. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default |
424 | default is ``yes''. | 423 | is M-bM-^@M-^\yesM-bM-^@M-^]. |
425 | 424 | ||
426 | XAuthLocation | 425 | ^[[1mXAuthLocation^[[0m |
427 | Specifies the full pathname of the xauth(1) program. The default | 426 | Specifies the full pathname of the xauth(1) program. The default |
428 | is /usr/X11R6/bin/xauth. | 427 | is ^[[4m/usr/X11R6/bin/xauth^[[24m. |
429 | 428 | ||
430 | Time Formats | 429 | ^[[1mTime Formats^[[0m |
431 | 430 | ||
432 | sshd command-line arguments and configuration file options that specify | 431 | ^[[1msshd ^[[22mcommandM-bM-^@M-^Pline arguments and configuration file options that specify |
433 | time may be expressed using a sequence of the form: time[qualifier], | 432 | time may be expressed using a sequence of the form: ^[[4mtime^[[24m[^[[4mqualifier^[[24m], |
434 | where time is a positive integer value and qualifier is one of the folM-- | 433 | where ^[[4mtime^[[24m is a positive integer value and ^[[4mqualifier^[[24m is one of the folM-bM-^@M-^P |
435 | lowing: | 434 | lowing: |
436 | 435 | ||
437 | <none> seconds | 436 | ^[[1m<none> ^[[22mseconds |
438 | s | S seconds | 437 | ^[[1ms ^[[22m| ^[[1mS ^[[22mseconds |
439 | m | M minutes | 438 | ^[[1mm ^[[22m| ^[[1mM ^[[22mminutes |
440 | h | H hours | 439 | ^[[1mh ^[[22m| ^[[1mH ^[[22mhours |
441 | d | D days | 440 | ^[[1md ^[[22m| ^[[1mD ^[[22mdays |
442 | w | W weeks | 441 | ^[[1mw ^[[22m| ^[[1mW ^[[22mweeks |
443 | 442 | ||
444 | Each member of the sequence is added together to calculate the total time | 443 | Each member of the sequence is added together to calculate the total time |
445 | value. | 444 | value. |
@@ -450,21 +449,21 @@ DESCRIPTION | |||
450 | 10m 10 minutes | 449 | 10m 10 minutes |
451 | 1h30m 1 hour 30 minutes (90 minutes) | 450 | 1h30m 1 hour 30 minutes (90 minutes) |
452 | 451 | ||
453 | FILES | 452 | ^[[1mFILES^[[0m |
454 | /etc/ssh/sshd_config | 453 | /etc/ssh/sshd_config |
455 | Contains configuration data for sshd. This file should be | 454 | Contains configuration data for ^[[1msshd^[[22m. This file should be |
456 | writable by root only, but it is recommended (though not necesM-- | 455 | writable by root only, but it is recommended (though not necesM-bM-^@M-^P |
457 | sary) that it be world-readable. | 456 | sary) that it be worldM-bM-^@M-^Preadable. |
458 | 457 | ||
459 | AUTHORS | 458 | ^[[1mAUTHORS^[[0m |
460 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 459 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
461 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 460 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
462 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 461 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
463 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 462 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
464 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 463 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
465 | for privilege separation. | 464 | for privilege separation. |
466 | 465 | ||
467 | SEE ALSO | 466 | ^[[1mSEE ALSO^[[0m |
468 | sshd(8) | 467 | sshd(8) |
469 | 468 | ||
470 | BSD September 25, 1999 BSD | 469 | BSD September 25, 1999 BSD |
diff --git a/sshd_config.5 b/sshd_config.5 index 0944ba076..23ac0e96d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -89,7 +89,7 @@ own forwarders. | |||
89 | .It Cm AllowUsers | 89 | .It Cm AllowUsers |
90 | This keyword can be followed by a list of user name patterns, separated | 90 | This keyword can be followed by a list of user name patterns, separated |
91 | by spaces. | 91 | by spaces. |
92 | If specified, login is allowed only for users names that | 92 | If specified, login is allowed only for user names that |
93 | match one of the patterns. | 93 | match one of the patterns. |
94 | .Ql \&* | 94 | .Ql \&* |
95 | and | 95 | and |
diff --git a/sshlogin.c b/sshlogin.c index 4cd1c0059..12555d635 100644 --- a/sshlogin.c +++ b/sshlogin.c | |||
@@ -70,7 +70,7 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, | |||
70 | struct logininfo *li; | 70 | struct logininfo *li; |
71 | 71 | ||
72 | li = login_alloc_entry(pid, user, host, ttyname); | 72 | li = login_alloc_entry(pid, user, host, ttyname); |
73 | login_set_addr(li, addr, sizeof(struct sockaddr)); | 73 | login_set_addr(li, addr, addrlen); |
74 | login_login(li); | 74 | login_login(li); |
75 | login_free_entry(li); | 75 | login_free_entry(li); |
76 | } | 76 | } |
@@ -78,12 +78,12 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, | |||
78 | #ifdef LOGIN_NEEDS_UTMPX | 78 | #ifdef LOGIN_NEEDS_UTMPX |
79 | void | 79 | void |
80 | record_utmp_only(pid_t pid, const char *ttyname, const char *user, | 80 | record_utmp_only(pid_t pid, const char *ttyname, const char *user, |
81 | const char *host, struct sockaddr * addr) | 81 | const char *host, struct sockaddr * addr, socklen_t addrlen) |
82 | { | 82 | { |
83 | struct logininfo *li; | 83 | struct logininfo *li; |
84 | 84 | ||
85 | li = login_alloc_entry(pid, user, host, ttyname); | 85 | li = login_alloc_entry(pid, user, host, ttyname); |
86 | login_set_addr(li, addr, sizeof(struct sockaddr)); | 86 | login_set_addr(li, addr, addrlen); |
87 | login_utmp_only(li); | 87 | login_utmp_only(li); |
88 | login_free_entry(li); | 88 | login_free_entry(li); |
89 | } | 89 | } |
diff --git a/sshlogin.h b/sshlogin.h index 287c0d9f6..1c8bfad32 100644 --- a/sshlogin.h +++ b/sshlogin.h | |||
@@ -22,7 +22,7 @@ u_long get_last_login_time(uid_t, const char *, char *, u_int); | |||
22 | 22 | ||
23 | #ifdef LOGIN_NEEDS_UTMPX | 23 | #ifdef LOGIN_NEEDS_UTMPX |
24 | void record_utmp_only(pid_t, const char *, const char *, const char *, | 24 | void record_utmp_only(pid_t, const char *, const char *, const char *, |
25 | struct sockaddr *); | 25 | struct sockaddr *, socklen_t); |
26 | #endif | 26 | #endif |
27 | 27 | ||
28 | #endif | 28 | #endif |
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $"); | 15 | RCSID("$OpenBSD: sshpty.c,v 1.8 2003/02/03 08:56:16 markus Exp $"); |
16 | 16 | ||
17 | #ifdef HAVE_UTIL_H | 17 | #ifdef HAVE_UTIL_H |
18 | # include <util.h> | 18 | # include <util.h> |
@@ -394,7 +394,7 @@ pty_setowner(struct passwd *pw, const char *ttyname) | |||
394 | if (chown(ttyname, pw->pw_uid, gid) < 0) { | 394 | if (chown(ttyname, pw->pw_uid, gid) < 0) { |
395 | if (errno == EROFS && | 395 | if (errno == EROFS && |
396 | (st.st_uid == pw->pw_uid || st.st_uid == 0)) | 396 | (st.st_uid == pw->pw_uid || st.st_uid == 0)) |
397 | error("chown(%.100s, %u, %u) failed: %.100s", | 397 | debug("chown(%.100s, %u, %u) failed: %.100s", |
398 | ttyname, (u_int)pw->pw_uid, (u_int)gid, | 398 | ttyname, (u_int)pw->pw_uid, (u_int)gid, |
399 | strerror(errno)); | 399 | strerror(errno)); |
400 | else | 400 | else |
@@ -408,7 +408,7 @@ pty_setowner(struct passwd *pw, const char *ttyname) | |||
408 | if (chmod(ttyname, mode) < 0) { | 408 | if (chmod(ttyname, mode) < 0) { |
409 | if (errno == EROFS && | 409 | if (errno == EROFS && |
410 | (st.st_mode & (S_IRGRP | S_IROTH)) == 0) | 410 | (st.st_mode & (S_IRGRP | S_IROTH)) == 0) |
411 | error("chmod(%.100s, 0%o) failed: %.100s", | 411 | debug("chmod(%.100s, 0%o) failed: %.100s", |
412 | ttyname, mode, strerror(errno)); | 412 | ttyname, mode, strerror(errno)); |
413 | else | 413 | else |
414 | fatal("chmod(%.100s, 0%o) failed: %.100s", | 414 | fatal("chmod(%.100s, 0%o) failed: %.100s", |
@@ -1,4 +1,3 @@ | |||
1 | /* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.36 2003/03/17 11:43:47 markus Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_3.5p1" | 3 | #define SSH_VERSION "OpenSSH_3.6p1" |
4 | |||