From 901119beab6622a263d9d0ccf4eb494bd33d3c77 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 4 Oct 2002 11:10:04 +1000 Subject: - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2 --- ChangeLog | 3 ++- msg.c | 18 +++++++++--------- msg.h | 4 ++-- ssh-keysign.c | 6 +++--- sshconnect2.c | 4 ++-- 5 files changed, 18 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6e956f8c3..9662ebcc8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ [version.h] OpenSSH 3.5 - (djm) Bump RPM spec version numbers + - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2 20020930 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, @@ -756,4 +757,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2491 2002/10/03 01:56:58 djm Exp $ +$Id: ChangeLog,v 1.2492 2002/10/04 01:10:04 djm Exp $ diff --git a/msg.c b/msg.c index de19b057f..107a37691 100644 --- a/msg.c +++ b/msg.c @@ -31,43 +31,43 @@ RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); #include "msg.h" void -msg_send(int fd, u_char type, Buffer *m) +ssh_msg_send(int fd, u_char type, Buffer *m) { u_char buf[5]; u_int mlen = buffer_len(m); - debug3("msg_send: type %u", (unsigned int)type & 0xff); + debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff); PUT_32BIT(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf)) - fatal("msg_send: write"); + fatal("ssh_msg_send: write"); if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen) - fatal("msg_send: write"); + fatal("ssh_msg_send: write"); } int -msg_recv(int fd, Buffer *m) +ssh_msg_recv(int fd, Buffer *m) { u_char buf[4]; ssize_t res; u_int msg_len; - debug3("msg_recv entering"); + debug3("ssh_msg_recv entering"); res = atomicio(read, fd, buf, sizeof(buf)); if (res != sizeof(buf)) { if (res == 0) return -1; - fatal("msg_recv: read: header %ld", (long)res); + fatal("ssh_msg_recv: read: header %ld", (long)res); } msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) - fatal("msg_recv: read: bad msg_len %u", msg_len); + fatal("ssh_msg_recv: read: bad msg_len %u", msg_len); buffer_clear(m); buffer_append_space(m, msg_len); res = atomicio(read, fd, buffer_ptr(m), msg_len); if (res != msg_len) - fatal("msg_recv: read: %ld != msg_len", (long)res); + fatal("ssh_msg_recv: read: %ld != msg_len", (long)res); return 0; } diff --git a/msg.h b/msg.h index 13fa95b27..8980e254e 100644 --- a/msg.h +++ b/msg.h @@ -25,7 +25,7 @@ #ifndef SSH_MSG_H #define SSH_MSG_H -void msg_send(int, u_char, Buffer *); -int msg_recv(int, Buffer *); +void ssh_msg_send(int, u_char, Buffer *); +int ssh_msg_recv(int, Buffer *); #endif diff --git a/ssh-keysign.c b/ssh-keysign.c index 06d28efa8..79aee17c0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -206,8 +206,8 @@ main(int argc, char **argv) fatal("no hostkey found"); buffer_init(&b); - if (msg_recv(STDIN_FILENO, &b) < 0) - fatal("msg_recv failed"); + if (ssh_msg_recv(STDIN_FILENO, &b) < 0) + fatal("ssh_msg_recv failed"); if (buffer_get_char(&b) != version) fatal("bad version"); fd = buffer_get_int(&b); @@ -239,7 +239,7 @@ main(int argc, char **argv) /* send reply */ buffer_clear(&b); buffer_put_string(&b, signature, slen); - msg_send(STDOUT_FILENO, version, &b); + ssh_msg_send(STDOUT_FILENO, version, &b); return (0); } diff --git a/sshconnect2.c b/sshconnect2.c index 0e93496b6..703d0721f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -947,9 +947,9 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, buffer_init(&b); buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ buffer_put_string(&b, data, datalen); - msg_send(to[1], version, &b); + ssh_msg_send(to[1], version, &b); - if (msg_recv(from[0], &b) < 0) { + if (ssh_msg_recv(from[0], &b) < 0) { error("ssh_keysign: no reply"); buffer_clear(&b); return -1; -- cgit v1.2.3 From dc3c757f577ba1f81df4a65c3fd3dcb79f3bb8c2 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 4 Oct 2002 23:54:54 +0000 Subject: - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with SIA. --- ChangeLog | 6 +++++- configure.ac | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9662ebcc8..12ec21b56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20021004 + - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with + SIA. + 20021003 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/10/01 20:34:12 @@ -757,4 +761,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2492 2002/10/04 01:10:04 djm Exp $ +$Id: ChangeLog,v 1.2493 2002/10/04 23:54:54 mouring Exp $ diff --git a/configure.ac b/configure.ac index 5fe50e56b..c7223c7aa 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ +# $Id: configure.ac,v 1.90 2002/10/04 23:54:55 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -330,6 +330,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_MSG_RESULT(no) fi fi + AC_DEFINE(DISABLE_FD_PASSING) ;; *-*-nto-qnx) -- cgit v1.2.3 From 94f628f0abc38aeef6368178f2341d3747a3e5c8 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 15 Oct 2002 13:16:55 -0700 Subject: [contrib/caldera/openssh.spec] make ssh-agent setgid nobody --- ChangeLog | 5 ++++- contrib/caldera/openssh.spec | 13 ++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12ec21b56..3a06ff76d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20021015 + - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody + 20021004 - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with SIA. @@ -761,4 +764,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2493 2002/10/04 23:54:54 mouring Exp $ +$Id: ChangeLog,v 1.2494 2002/10/15 20:16:55 tim Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index b7de22e8b..1ccf71b78 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -316,7 +316,14 @@ fi %defattr(-,root,root) %dir %{_sysconfdir} %config %{_sysconfdir}/ssh_config -%{_bindir}/* +%{_bindir}/scp +%{_bindir}/sftp +%{_bindir}/ssh +%{_bindir}/slogin +%{_bindir}/ssh-add +%attr(2755,root,nobody) %{_bindir}/ssh-agent +%{_bindir}/ssh-keygen +%{_bindir}/ssh-keyscan %dir %{_libexecdir} %{_sbindir}/ssh-host-keygen %dir %{_defaultdocdir}/%{name}-%{version} @@ -331,7 +338,7 @@ fi %Files server %defattr(-,root,root) -%dir %attr(0700,root,root) %{_var}/empty/sshd +%dir %{_var}/empty/sshd %config %{SVIdir}/sshd %config /etc/pam.d/sshd %config %{_sysconfdir}/moduli @@ -353,4 +360,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $ +$Id: openssh.spec,v 1.39 2002/10/15 20:16:56 tim Exp $ -- cgit v1.2.3 From 97e38d866778f1c36486af5f7f1a238c41693d58 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 16 Oct 2002 00:13:52 +0000 Subject: 20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. --- ChangeLog | 5 ++++- auth.c | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3a06ff76d..315a37328 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20021015 + - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. + 20021015 - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody @@ -764,4 +767,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2494 2002/10/15 20:16:55 tim Exp $ +$Id: ChangeLog,v 1.2495 2002/10/16 00:13:52 mouring Exp $ diff --git a/auth.c b/auth.c index 48720da8f..4e1dc1641 100644 --- a/auth.c +++ b/auth.c @@ -202,7 +202,13 @@ allowed_user(struct passwd * pw) } #ifdef WITH_AIXAUTHENTICATE - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { + /* + * Don't check loginrestrictions() for root account (use + * PermitRootLogin to control logins via ssh), or if running as + * non-root user (since loginrestrictions will always fail). + */ + if ( (pw->pw_uid != 0) && (geteuid() == 0) && + loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { if (loginmsg && *loginmsg) { /* Remove embedded newlines (if any) */ char *p; -- cgit v1.2.3 From 3e0064781bfd3a0efdd28ee84f34a3807ff2988a Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 16 Oct 2002 00:24:03 +0000 Subject: - (bal) More advanced strsep test by Darren Tucker --- ChangeLog | 3 ++- configure.ac | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 315a37328..0947b39e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. + - (bal) More advanced strsep test by Darren Tucker 20021015 - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody @@ -767,4 +768,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2495 2002/10/16 00:13:52 mouring Exp $ +$Id: ChangeLog,v 1.2496 2002/10/16 00:24:03 mouring Exp $ diff --git a/configure.ac b/configure.ac index c7223c7aa..4be5f641e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.90 2002/10/04 23:54:55 mouring Exp $ +# $Id: configure.ac,v 1.91 2002/10/16 00:24:05 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -605,9 +605,12 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ + socketpair strerror strlcat strlcpy strmode sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +dnl Make sure strsep prototype is defined before defining HAVE_STRSEP +AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) + dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ -- cgit v1.2.3 From 5a5da88c59d30c8a97625def757d20f151bb200c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Oct 2002 10:13:35 +1000 Subject: - (djm) Kill ssh-rand-helper children on timeout, patch from dtucker@zip.com.au --- ChangeLog | 6 +++++- ssh-rand-helper.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0947b39e0..9a01c2317 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20021021 + - (djm) Kill ssh-rand-helper children on timeout, patch from + dtucker@zip.com.au + 20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. - (bal) More advanced strsep test by Darren Tucker @@ -768,4 +772,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2496 2002/10/16 00:24:03 mouring Exp $ +$Id: ChangeLog,v 1.2497 2002/10/21 00:13:35 djm Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index e6c52b546..375ba3cbf 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.8 2002/07/28 20:42:24 stevesk Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.9 2002/10/21 00:13:37 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -355,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case 0: /* timer expired */ error_abort = 1; + kill(pid, SIGINT); break; case 1: /* command input */ -- cgit v1.2.3 From 7b3f58cbcd1e30d02292b5574aaa3e2486288ec2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Oct 2002 10:50:25 +1000 Subject: - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from dirk.meyer@dinoex.sub.org --- ChangeLog | 7 ++++--- includes.h | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a01c2317..51bfea7f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20021021 - - (djm) Kill ssh-rand-helper children on timeout, patch from - dtucker@zip.com.au + - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from + dirk.meyer@dinoex.sub.org + - (djm) Bug #317: FreeBSD needs libutil.h for openpty() 20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. @@ -772,4 +773,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2497 2002/10/21 00:13:35 djm Exp $ +$Id: ChangeLog,v 1.2498 2002/10/21 00:50:25 djm Exp $ diff --git a/includes.h b/includes.h index d7b875c52..37d402ef4 100644 --- a/includes.h +++ b/includes.h @@ -157,6 +157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_LIBUTIL_H +# include /* Openpty on FreeBSD at least */ +#endif + #include /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" -- cgit v1.2.3 From 885929cd315b8e0bde419eab3a09523378972d68 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 21 Oct 2002 20:26:16 +1000 Subject: fix changelog --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 51bfea7f6..d5dcfba1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,8 @@ 20021021 + - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from + dtucker@zip.com.au - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from dirk.meyer@dinoex.sub.org - - (djm) Bug #317: FreeBSD needs libutil.h for openpty() 20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root. @@ -773,4 +774,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2498 2002/10/21 00:50:25 djm Exp $ +$Id: ChangeLog,v 1.2499 2002/10/21 10:26:16 djm Exp $ -- cgit v1.2.3 From 0851381bf7d4ce9a16399b216621edf7476ead05 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:40:34 +0000 Subject: - itojun@cvs.openbsd.org 2002/10/16 14:31:48 [sftp-common.c] 64bit pedant. %llu is "unsigned long long". markus ok --- ChangeLog | 8 +++++++- sftp-common.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d5dcfba1e..5b2de4ee6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20021109 + - (bal) OpenBSD CVS Sync + - itojun@cvs.openbsd.org 2002/10/16 14:31:48 + [sftp-common.c] + 64bit pedant. %llu is "unsigned long long". markus ok + 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from dtucker@zip.com.au @@ -774,4 +780,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2499 2002/10/21 10:26:16 djm Exp $ +$Id: ChangeLog,v 1.2500 2002/11/09 15:40:34 mouring Exp $ diff --git a/sftp-common.c b/sftp-common.c index 082345486..31d41385b 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.8 2002/10/16 14:31:48 itojun Exp $"); #include "buffer.h" #include "bufaux.h" @@ -208,6 +208,6 @@ ls_file(char *name, struct stat *st, int remote) glen = MAX(strlen(group), 8); snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, st->st_nlink, ulen, user, glen, group, - (u_int64_t)st->st_size, tbuf, name); + (unsigned long long)st->st_size, tbuf, name); return xstrdup(buf); } -- cgit v1.2.3 From 0cc2a476749e366d54afa842c5cc77d629deed29 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:41:39 +0000 Subject: - markus@cvs.openbsd.org 2002/10/23 10:32:13 [packet.c] use %u for u_int --- ChangeLog | 5 ++++- packet.c | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b2de4ee6..7120cceec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - itojun@cvs.openbsd.org 2002/10/16 14:31:48 [sftp-common.c] 64bit pedant. %llu is "unsigned long long". markus ok + - markus@cvs.openbsd.org 2002/10/23 10:32:13 + [packet.c] + use %u for u_int 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -780,4 +783,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2500 2002/11/09 15:40:34 mouring Exp $ +$Id: ChangeLog,v 1.2501 2002/11/09 15:41:39 mouring Exp $ diff --git a/packet.c b/packet.c index bd347ef0f..5078630e7 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.98 2002/10/23 10:32:13 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -840,7 +840,7 @@ packet_read_poll1(void) cp = buffer_ptr(&input); len = GET_32BIT(cp); if (len < 1 + 2 + 2 || len > 256 * 1024) - packet_disconnect("Bad packet length %d.", len); + packet_disconnect("Bad packet length %u.", len); padded_len = (len + 8) & ~7; /* Check if the packet has been entirely received. */ @@ -936,9 +936,9 @@ packet_read_poll2(u_int32_t *seqnr_p) packet_length = GET_32BIT(cp); if (packet_length < 1 + 4 || packet_length > 256 * 1024) { buffer_dump(&incoming_packet); - packet_disconnect("Bad packet length %d.", packet_length); + packet_disconnect("Bad packet length %u.", packet_length); } - DBG(debug("input: packet len %d", packet_length+4)); + DBG(debug("input: packet len %u", packet_length+4)); buffer_consume(&input, block_size); } /* we have a partial packet of block_size bytes */ -- cgit v1.2.3 From ee844912c94226a09c95e4140c158d9c4f37a0b5 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:43:23 +0000 Subject: - markus@cvs.openbsd.org 2002/10/23 10:40:16 [bufaux.c] %u for u_int --- ChangeLog | 5 ++++- bufaux.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7120cceec..9d4a185ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ - markus@cvs.openbsd.org 2002/10/23 10:32:13 [packet.c] use %u for u_int + - markus@cvs.openbsd.org 2002/10/23 10:40:16 + [bufaux.c] + %u for u_int 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -783,4 +786,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2501 2002/11/09 15:41:39 mouring Exp $ +$Id: ChangeLog,v 1.2502 2002/11/09 15:43:23 mouring Exp $ diff --git a/bufaux.c b/bufaux.c index d3dc674ce..3c276b810 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.28 2002/10/23 10:40:16 markus Exp $"); #include #include "bufaux.h" @@ -225,7 +225,7 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr) /* Get the length. */ len = buffer_get_int(buffer); if (len > 256 * 1024) - fatal("buffer_get_string: bad string length %d", len); + fatal("buffer_get_string: bad string length %u", len); /* Allocate space for the string. Add one byte for a null character. */ value = xmalloc(len + 1); /* Get the string. */ -- cgit v1.2.3 From 485075e8faf48c34c930446dc3f3905465941d56 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:45:12 +0000 Subject: - markus@cvs.openbsd.org 2002/11/04 10:07:53 [auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@ --- ChangeLog | 6 +++++- auth.c | 12 +++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d4a185ee..5536cfda2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ - markus@cvs.openbsd.org 2002/10/23 10:40:16 [bufaux.c] %u for u_int + - markus@cvs.openbsd.org 2002/11/04 10:07:53 + [auth.c] + don't compare against pw_home if realpath fails for pw_home (seen + on AFS); ok djm@ 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -786,4 +790,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2502 2002/11/09 15:43:23 mouring Exp $ +$Id: ChangeLog,v 1.2503 2002/11/09 15:45:12 mouring Exp $ diff --git a/auth.c b/auth.c index 4e1dc1641..021174f97 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $"); #ifdef HAVE_LOGIN_H #include @@ -423,6 +423,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, uid_t uid = pw->pw_uid; char buf[MAXPATHLEN], homedir[MAXPATHLEN]; char *cp; + int comparehome = 0; struct stat st; if (realpath(file, buf) == NULL) { @@ -430,11 +431,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, strerror(errno)); return -1; } - if (realpath(pw->pw_dir, homedir) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, - strerror(errno)); - return -1; - } + if (realpath(pw->pw_dir, homedir) != NULL) + comparehome = 1; /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -463,7 +461,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } /* If are passed the homedir then we can stop */ - if (strcmp(homedir, buf) == 0) { + if (comparehome && strcmp(homedir, buf) == 0) { debug3("secure_filename: terminating check at '%s'", buf); break; -- cgit v1.2.3 From 9bda7ae4c695a0ff78e570151c067a62c5e44de6 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:46:24 +0000 Subject: - markus@cvs.openbsd.org 2002/11/04 10:09:51 [packet.c] log before send disconnect; ok djm@ --- ChangeLog | 5 ++++- packet.c | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5536cfda2..be51642cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ [auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@ + - markus@cvs.openbsd.org 2002/11/04 10:09:51 + [packet.c] + log before send disconnect; ok djm@ 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -790,4 +793,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2503 2002/11/09 15:45:12 mouring Exp $ +$Id: ChangeLog,v 1.2504 2002/11/09 15:46:24 mouring Exp $ diff --git a/packet.c b/packet.c index 5078630e7..6400ad9b1 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.98 2002/10/23 10:32:13 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.99 2002/11/04 10:09:51 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1226,6 +1226,9 @@ packet_disconnect(const char *fmt,...) vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); + /* Display the error locally */ + log("Disconnecting: %.100s", buf); + /* Send the disconnect message to the other side, and wait for it to get sent. */ if (compat20) { packet_start(SSH2_MSG_DISCONNECT); @@ -1245,8 +1248,6 @@ packet_disconnect(const char *fmt,...) /* Close the connection. */ packet_close(); - /* Display the error locally and exit. */ - log("Disconnecting: %.100s", buf); fatal_cleanup(); } -- cgit v1.2.3 From 41ee2b0d77b1d890bc284972aaf5d8935a0c1893 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:47:47 +0000 Subject: - markus@cvs.openbsd.org 2002/11/05 19:45:20 [monitor.c] handle overflows for size_t larger than u_int; siw@goneko.de, bug #425 --- ChangeLog | 5 ++++- monitor.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index be51642cb..9c7a78602 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - markus@cvs.openbsd.org 2002/11/04 10:09:51 [packet.c] log before send disconnect; ok djm@ + - markus@cvs.openbsd.org 2002/11/05 19:45:20 + [monitor.c] + handle overflows for size_t larger than u_int; siw@goneko.de, bug #425 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -793,4 +796,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2504 2002/11/09 15:46:24 mouring Exp $ +$Id: ChangeLog,v 1.2505 2002/11/09 15:47:47 mouring Exp $ diff --git a/monitor.c b/monitor.c index 4ad3f3d21..b91cfdeda 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.30 2002/11/05 19:45:20 markus Exp $"); #include @@ -1551,7 +1551,7 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { - size_t len = size * ncount; + size_t len = (size_t) size * ncount; void *address; if (len == 0 || ncount > SIZE_T_MAX / size) -- cgit v1.2.3 From 8e879cf6918efbf40984bbfb6db0deecc26881f5 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:48:49 +0000 Subject: - markus@cvs.openbsd.org 2002/11/05 20:10:37 [sftp-client.c] typo; GaryF@livevault.com --- ChangeLog | 5 ++++- sftp-client.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c7a78602..e922dde4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ - markus@cvs.openbsd.org 2002/11/05 19:45:20 [monitor.c] handle overflows for size_t larger than u_int; siw@goneko.de, bug #425 + - markus@cvs.openbsd.org 2002/11/05 20:10:37 + [sftp-client.c] + typo; GaryF@livevault.com 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -796,4 +799,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2505 2002/11/09 15:47:47 mouring Exp $ +$Id: ChangeLog,v 1.2506 2002/11/09 15:48:49 mouring Exp $ diff --git a/sftp-client.c b/sftp-client.c index f6a73f379..30bef8936 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.36 2002/11/05 20:10:37 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -660,7 +660,7 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) status = get_status(conn->fd_in, id); if (status != SSH2_FX_OK) - error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath, + error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath, newpath, fx2txt(status)); return(status); -- cgit v1.2.3 From c2faa4a504188d8fdf27467fca136f69e451fc27 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:50:03 +0000 Subject: - markus@cvs.openbsd.org 2002/11/07 16:28:47 [sshd.c] log to stderr if -ie is given, bug #414, prj@po.cwru.edu --- ChangeLog | 5 ++++- sshd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e922dde4d..f3ca4cfcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - markus@cvs.openbsd.org 2002/11/05 20:10:37 [sftp-client.c] typo; GaryF@livevault.com + - markus@cvs.openbsd.org 2002/11/07 16:28:47 + [sshd.c] + log to stderr if -ie is given, bug #414, prj@po.cwru.edu 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -799,4 +802,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2506 2002/11/09 15:48:49 mouring Exp $ +$Id: ChangeLog,v 1.2507 2002/11/09 15:50:03 mouring Exp $ diff --git a/sshd.c b/sshd.c index f8bd7ce54..8bf1557a2 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.261 2002/11/07 16:28:47 markus Exp $"); #include #include @@ -944,7 +944,7 @@ main(int ac, char **av) SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == SYSLOG_FACILITY_NOT_SET ? SYSLOG_FACILITY_AUTH : options.log_facility, - !inetd_flag); + log_stderr || !inetd_flag); #ifdef _UNICOS /* Cray can define user privs drop all prives now! -- cgit v1.2.3 From b6df73b06abb12772d816e64f210ad30ebaf54cb Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:52:31 +0000 Subject: - markus@cvs.openbsd.org 2002/11/07 22:08:07 [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de --- ChangeLog | 9 ++++++++- readconf.c | 11 ++++++++++- readconf.h | 4 +++- ssh-keysign.8 | 4 ++-- ssh-keysign.c | 6 +++--- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f3ca4cfcb..5ca11a877 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,13 @@ - markus@cvs.openbsd.org 2002/11/07 16:28:47 [sshd.c] log to stderr if -ie is given, bug #414, prj@po.cwru.edu + - markus@cvs.openbsd.org 2002/11/07 22:08:07 + [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] + we cannot use HostbasedAuthentication for enabling ssh-keysign(8), + because HostbasedAuthentication might be enabled based on the + target host and ssh-keysign(8) does not know the remote hostname + and not trust ssh(1) about the hostname, so we add a new option + EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -802,4 +809,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2507 2002/11/09 15:50:03 mouring Exp $ +$Id: ChangeLog,v 1.2508 2002/11/09 15:52:31 mouring Exp $ diff --git a/readconf.c b/readconf.c index bae06be12..b9f1b7ddc 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.101 2002/11/07 22:08:07 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -114,6 +114,7 @@ typedef enum { oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oDeprecated } OpCodes; @@ -185,6 +186,7 @@ static struct { { "bindaddress", oBindAddress }, { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, + { "enablesshkeysign", oEnableSSHKeysign }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { NULL, oBadOption } }; @@ -669,6 +671,10 @@ parse_int: *intptr = value; break; + case oEnableSSHKeysign: + intptr = &options->enable_ssh_keysign; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -792,6 +798,7 @@ initialize_options(Options * options) options->preferred_authentications = NULL; options->bind_address = NULL; options->smartcard_device = NULL; + options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; } @@ -907,6 +914,8 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->enable_ssh_keysign == -1) + options->enable_ssh_keysign = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 92af535d0..bc5968843 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */ /* * Author: Tatu Ylonen @@ -99,6 +99,8 @@ typedef struct { int num_remote_forwards; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; int clear_forwardings; + + int enable_ssh_keysign; int no_host_authentication_for_localhost; } Options; diff --git a/ssh-keysign.8 b/ssh-keysign.8 index cea4a8244..9a87731f9 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.4 2002/11/07 22:08:07 markus Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -42,7 +42,7 @@ is disabled by default and can only be enabled in the the global client configuration file .Pa /etc/ssh/ssh_config by setting -.Cm HostbasedAuthentication +.Cm EnableSSHKeysign to .Dq yes . .Pp diff --git a/ssh-keysign.c b/ssh-keysign.c index 79aee17c0..3288eb182 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.8 2002/11/07 22:08:07 markus Exp $"); #include #include @@ -168,8 +168,8 @@ main(int argc, char **argv) initialize_options(&options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); fill_default_options(&options); - if (options.hostbased_authentication != 1) - fatal("Hostbased authentication not enabled in %s", + if (options.enable_ssh_keysign != 1) + fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); if (key_fd[0] == -1 && key_fd[1] == -1) -- cgit v1.2.3 From 007eb912eae0258744043d08e85f99ba3201aeea Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:54:08 +0000 Subject: - markus@cvs.openbsd.org 2002/11/07 22:35:38 [scp.c] check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de --- ChangeLog | 6 +++++- scp.c | 29 ++++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5ca11a877..f947b3505 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,10 @@ target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de + - markus@cvs.openbsd.org 2002/11/07 22:35:38 + [scp.c] + check exit status from ssh, and exit(1) if ssh fails; bug#369; + binder@arago.de 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -809,4 +813,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2508 2002/11/09 15:52:31 mouring Exp $ +$Id: ChangeLog,v 1.2509 2002/11/09 15:54:08 mouring Exp $ diff --git a/scp.c b/scp.c index 921ffeedc..05c490f4e 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.91 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: scp.c,v 1.92 2002/11/07 22:35:38 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -125,6 +125,9 @@ int showprogress = 1; /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; +/* This is used to store the pid of ssh_program */ +pid_t do_cmd_pid; + /* * This function executes the given command as the specified user on the * given host. This returns < 0 if execution fails, and >= 0 otherwise. This @@ -159,7 +162,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) close(reserved[1]); /* For a child to execute the command on the remote host using ssh. */ - if (fork() == 0) { + do_cmd_pid = fork(); + if (do_cmd_pid == 0) { /* Child. */ close(pin[1]); close(pout[0]); @@ -177,6 +181,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) execvp(ssh_program, args.list); perror(ssh_program); exit(1); + } else if (do_cmd_pid == -1) { + fatal("fork: %s", strerror(errno)); } /* Parent. Close the other side, and return the local side. */ close(pin[0]); @@ -219,7 +225,7 @@ main(argc, argv) int argc; char *argv[]; { - int ch, fflag, tflag; + int ch, fflag, tflag, status; char *targ; extern char *optarg; extern int optind; @@ -317,6 +323,7 @@ main(argc, argv) targetshouldbedirectory = 1; remin = remout = -1; + do_cmd_pid = -1; /* Command to be executed on remote system using "ssh". */ (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s", verbose_mode ? " -v" : "", @@ -332,6 +339,22 @@ main(argc, argv) if (targetshouldbedirectory) verifydir(argv[argc - 1]); } + /* + * Finally check the exit status of the ssh process, if one was forked + * and no error has occured yet + */ + if (do_cmd_pid != -1 && errs == 0) { + if (remin != -1) + (void) close(remin); + if (remout != -1) + (void) close(remout); + if (waitpid(do_cmd_pid, &status, 0) == -1) + errs = 1; + else { + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + errs = 1; + } + } exit(errs != 0); } -- cgit v1.2.3 From 224313cdaedbcad4f3453895fa7d8de66e133f47 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 15:59:27 +0000 Subject: - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c ntsec now default if cygwin version beginning w/ version 56. Patch by Corinna Vinschen --- ChangeLog | 5 ++- contrib/cygwin/ssh-host-config | 11 +++--- openbsd-compat/bsd-cygwin_util.c | 72 +++++++++++++++++++++++++++++++++------- 3 files changed, 71 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index f947b3505..af7ba9e79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,9 @@ [scp.c] check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de + - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c + ntsec now default if cygwin version beginning w/ version 56. Patch + by Corinna Vinschen 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -813,4 +816,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2509 2002/11/09 15:54:08 mouring Exp $ +$Id: ChangeLog,v 1.2510 2002/11/09 15:59:27 mouring Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 4df5aa969..2c6db51e5 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -378,6 +378,8 @@ then # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a @@ -394,7 +396,7 @@ Port $port_number #HostKey ${SYSCONFDIR}/ssh_host_rsa_key #HostKey ${SYSCONFDIR}/ssh_host_dsa_key -# Lifetime and size of ephemeral version 1 server ke +# Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 @@ -405,7 +407,7 @@ Port $port_number # Authentication: -#LoginGraceTime 600 +#LoginGraceTime 120 #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -414,11 +416,11 @@ StrictModes no #RSAAuthentication yes #PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys +#AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no -# Don't read ~/.rhosts and ~/.shosts files +# Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts #RhostsRSAAuthentication no @@ -443,6 +445,7 @@ StrictModes no #KeepAlive yes #UseLogin no UsePrivilegeSeparation $privsep_used +#PermitUserEnvironment no #Compression yes #MaxStartups 10 diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 2396a6e6b..0fa5964bc 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -31,7 +31,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $"); #ifdef HAVE_CYGWIN @@ -43,6 +43,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $"); #define is_winnt (GetVersion() < 0x80000000) #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) +#define ntsec_off(c) ((c) && strstr((c),"nontsec")) #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) #if defined(open) && open == binary_open @@ -74,6 +75,56 @@ int binary_pipe(int fd[2]) return ret; } +#define HAS_CREATE_TOKEN 1 +#define HAS_NTSEC_BY_DEFAULT 2 + +static int has_capability(int what) +{ + /* has_capability() basically calls uname() and checks if + specific capabilities of Cygwin can be evaluated from that. + This simplifies the calling functions which only have to ask + for a capability using has_capability() instead of having + to figure that out by themselves. */ + static int inited; + static int has_create_token; + static int has_ntsec_by_default; + + if (!inited) { + struct utsname uts; + char *c; + + if (!uname(&uts)) { + int major_high = 0; + int major_low = 0; + int minor = 0; + int api_major_version = 0; + int api_minor_version = 0; + char *c; + + sscanf(uts.release, "%d.%d.%d", &major_high, + &major_low, &minor); + c = strchr(uts.release, '('); + if (c) + sscanf(c + 1, "%d.%d", &api_major_version, + &api_minor_version); + if (major_high > 1 || + (major_high == 1 && (major_low > 3 || + (major_low == 3 && minor >= 2)))) + has_create_token = 1; + if (api_major_version > 0 || api_minor_version >= 56) + has_ntsec_by_default = 1; + inited = 1; + } + } + switch (what) { + case HAS_CREATE_TOKEN: + return has_create_token; + case HAS_NTSEC_BY_DEFAULT: + return has_ntsec_by_default; + } + return 0; +} + int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* @@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, struct passwd *pw) return 0; if (is_winnt) { if (has_create_token < 0) { - struct utsname uts; - int major_high = 0, major_low = 0, minor = 0; char *cygwin = getenv("CYGWIN"); has_create_token = 0; - if (ntsec_on(cygwin) && !uname(&uts)) { - sscanf(uts.release, "%d.%d.%d", - &major_high, &major_low, &minor); - if (major_high > 1 || - (major_high == 1 && (major_low > 3 || - (major_low == 3 && minor >= 2)))) - has_create_token = 1; - } + if (has_capability(HAS_CREATE_TOKEN) && + (ntsec_on(cygwin) || + (has_capability(HAS_NTSEC_BY_DEFAULT) && + !ntsec_off(cygwin)))) + has_create_token = 1; } if (has_create_token < 1 && !pwd_authenticated && geteuid() != pw->pw_uid) @@ -128,7 +174,9 @@ int check_ntsec(const char *filename) /* Evaluate current CYGWIN settings. */ cygwin = getenv("CYGWIN"); allow_ntea = ntea_on(cygwin); - allow_ntsec = ntsec_on(cygwin); + allow_ntsec = ntsec_on(cygwin) || + (has_capability(HAS_NTSEC_BY_DEFAULT) && + !ntsec_off(cygwin)); /* * `ntea' is an emulation of POSIX attributes. It doesn't support -- cgit v1.2.3 From f5397c081d790a3758e1ee65eca1ab7b3632b0d0 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 9 Nov 2002 16:11:10 +0000 Subject: - (bal) AIX does not log login attempts for unknown users (bug #432). patch by dtucker@zip.com.au --- ChangeLog | 4 +++- auth.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index af7ba9e79..4a49a8c27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,8 @@ - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c ntsec now default if cygwin version beginning w/ version 56. Patch by Corinna Vinschen + - (bal) AIX does not log login attempts for unknown users (bug #432). + patch by dtucker@zip.com.au 20021021 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from @@ -816,4 +818,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2510 2002/11/09 15:59:27 mouring Exp $ +$Id: ChangeLog,v 1.2511 2002/11/09 16:11:10 mouring Exp $ diff --git a/auth.c b/auth.c index 021174f97..ee001283f 100644 --- a/auth.c +++ b/auth.c @@ -491,6 +491,11 @@ getpwnamallow(const char *user) if (pw == NULL) { log("Illegal user %.100s from %.100s", user, get_remote_ipaddr()); +#ifdef WITH_AIXAUTHENTICATE + loginfailed(user, + get_canonical_hostname(options.verify_reverse_mapping), + "ssh"); +#endif return (NULL); } if (!allowed_user(pw)) -- cgit v1.2.3 From 748fcf9881f67f75b5b5935b1a0f18945e9c0443 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 13 Nov 2002 15:50:04 -0800 Subject: [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is not world writable. --- ChangeLog | 6 +++++- contrib/solaris/opensshd.in | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4a49a8c27..ebcda10f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20021111 + - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is + not world writable. + 20021109 - (bal) OpenBSD CVS Sync - itojun@cvs.openbsd.org 2002/10/16 14:31:48 @@ -818,4 +822,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2511 2002/11/09 16:11:10 mouring Exp $ +$Id: ChangeLog,v 1.2512 2002/11/13 23:50:04 tim Exp $ diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in index e7ca2489f..48b6c5702 100755 --- a/contrib/solaris/opensshd.in +++ b/contrib/solaris/opensshd.in @@ -3,6 +3,8 @@ # # Stripped PRNGd out of it for the time being. +umask 022 + CAT=/usr/bin/cat KILL=/usr/bin/kill -- cgit v1.2.3 From be2396458eb442f095402019609d425fd54cacc1 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 13 Nov 2002 15:55:55 -0800 Subject: [configure.ac] remove unused variables no_libsocket and no_libnsl --- ChangeLog | 5 ++++- configure.ac | 6 +----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index ebcda10f5..57c6d6d62 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20021113 + - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl + 20021111 - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is not world writable. @@ -822,4 +825,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2512 2002/11/13 23:50:04 tim Exp $ +$Id: ChangeLog,v 1.2513 2002/11/13 23:55:55 tim Exp $ diff --git a/configure.ac b/configure.ac index 4be5f641e..0736e41ab 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.91 2002/10/16 00:24:05 mouring Exp $ +# $Id: configure.ac,v 1.92 2002/11/13 23:55:57 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -290,8 +290,6 @@ mips-sony-bsd|mips-sony-newsos4) MANTYPE=man ;; *-*-unicosmk*) - no_libsocket=1 - no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) LDFLAGS="$LDFLAGS" @@ -299,8 +297,6 @@ mips-sony-bsd|mips-sony-newsos4) MANTYPE=cat ;; *-*-unicos*) - no_libsocket=1 - no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(NO_SSH_LASTLOG) -- cgit v1.2.3 From 1c9e688548a0f47fcfe41de43625f5b8a7d500dd Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Fri, 22 Nov 2002 13:29:01 -0800 Subject: [configure.ac] fix STDPATH test for IRIX. First reported by advax@triumf.ca. This type of solution tested by --- ChangeLog | 6 +++++- configure.ac | 8 ++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57c6d6d62..f8fdc9bab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20021122 + - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by + advax@triumf.ca. This type of solution tested by + 20021113 - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl @@ -825,4 +829,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2513 2002/11/13 23:55:55 tim Exp $ +$Id: ChangeLog,v 1.2514 2002/11/22 21:29:01 tim Exp $ diff --git a/configure.ac b/configure.ac index 0736e41ab..e96a0721d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.92 2002/11/13 23:55:57 tim Exp $ +# $Id: configure.ac,v 1.93 2002/11/22 21:29:03 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -2060,7 +2060,11 @@ Edit /etc/login.conf instead.]) # include #endif #ifndef _PATH_STDPATH -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif #endif #include #include -- cgit v1.2.3 From ab1c12a11c0c05223405a814d39281b5b0b9b712 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 5 Dec 2002 20:59:33 +1100 Subject: - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org --- ChangeLog | 5 ++++- fixpaths | 49 ++++++++++++++----------------------------------- 2 files changed, 18 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index f8fdc9bab..194ecdcb6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20021205 + - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org + 20021122 - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by advax@triumf.ca. This type of solution tested by @@ -829,4 +832,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2514 2002/11/22 21:29:01 tim Exp $ +$Id: ChangeLog,v 1.2515 2002/12/05 09:59:33 djm Exp $ diff --git a/fixpaths b/fixpaths index 7e4178e4a..60a67990f 100755 --- a/fixpaths +++ b/fixpaths @@ -1,43 +1,22 @@ -#!/usr/bin/perl -w +#!/bin/sh # # fixpaths - substitute makefile variables into text files +# Usage: fixpaths -Dsomething=somethingelse ... - -$usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n"; - -if (!defined(@ARGV)) { die ("$usage"); } - -# read in the command line and get some definitions -while ($_=$ARGV[0], /^-/) { - if (/^-D/) { - # definition - shift(@ARGV); - if ( /-D(.*)=(.*)/ ) { - $def{"$1"}=$2; - } else { - die ("$usage$0: error in command line arguments.\n"); - } - } else { - @cmd = split(//, $ARGV[0]); $opt = $cmd[1]; - die ("$usage$0: unknown option '-$opt'\n"); - } -} # while parsing arguments - -if (!defined(%def)) { - die ("$0: nothing to do - no substitutions listed!\n"); +die() { + echo $* + exit -1 } -for $f (@ARGV) { +test -n "`echo $1|grep -- -D`" || \ + die $0: nothing to do - no substitutions listed! + +test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \ + die $0: error in command line arguments. - $f =~ /(.*\/)*(.*)$/; +test -n "`echo $*|grep -- ' [^-]'`" || \ + die Usage: $0 '[-Dstring=replacement] [[infile] ...]' - open(IN, "<$f") || die ("$0: input file $f missing!\n"); - while () { - for $s (keys(%def)) { - s#$s#$def{$s}#; - } # for $s - print; - } # while -} # for $f +sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'` -exit 0; +exit 0 -- cgit v1.2.3 From 44adb8fed9214d209eb8d7d47d5adb053c69f190 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:00:23 +0000 Subject: - fgsch@cvs.openbsd.org 2002/11/15 10:03:09 [authfile.c] lseek(2) may return -1 when getting the public/private key lenght. Simplify the code and check for errors using fstat(2). Problem reported by Mauricio Sanchez, markus@ ok. --- ChangeLog | 11 ++++++++++- authfile.c | 21 ++++++++++++++++----- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 194ecdcb6..3eed9b8c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20021222 + - (bal) OpenBSD CVS Sync + - fgsch@cvs.openbsd.org 2002/11/15 10:03:09 + [authfile.c] + lseek(2) may return -1 when getting the public/private key lenght. + Simplify the code and check for errors using fstat(2). + + Problem reported by Mauricio Sanchez, markus@ ok. + 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -832,4 +841,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2515 2002/12/05 09:59:33 djm Exp $ +$Id: ChangeLog,v 1.2516 2002/12/23 02:00:23 mouring Exp $ diff --git a/authfile.c b/authfile.c index 1fa5d811a..24ae6abd3 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $"); #include #include @@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) { Buffer buffer; Key *pub; + struct stat st; char *cp; int i; off_t len; - len = lseek(fd, (off_t) 0, SEEK_END); - lseek(fd, (off_t) 0, SEEK_SET); + if (fstat(fd, &st) < 0) { + error("fstat for key file %.200s failed: %.100s", + filename, strerror(errno)); + return NULL; + } + len = st.st_size; buffer_init(&buffer); cp = buffer_append_space(&buffer, len); @@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, CipherContext ciphercontext; Cipher *cipher; Key *prv = NULL; + struct stat st; - len = lseek(fd, (off_t) 0, SEEK_END); - lseek(fd, (off_t) 0, SEEK_SET); + if (fstat(fd, &st) < 0) { + error("fstat for key file %.200s failed: %.100s", + filename, strerror(errno)); + close(fd); + return NULL; + } + len = st.st_size; buffer_init(&buffer); cp = buffer_append_space(&buffer, len); -- cgit v1.2.3 From f49dbff61d9729962b91b293ec65d85d810dbd26 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:01:55 +0000 Subject: - markus@cvs.openbsd.org 2002/11/18 16:43:44 [clientloop.c] don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN; e.g. if ssh is used for backup; report Joerg Schilling; ok millert@ --- ChangeLog | 6 +++++- clientloop.c | 16 +++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3eed9b8c2..2c9165158 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Simplify the code and check for errors using fstat(2). Problem reported by Mauricio Sanchez, markus@ ok. + - markus@cvs.openbsd.org 2002/11/18 16:43:44 + [clientloop.c] + don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN; + e.g. if ssh is used for backup; report Joerg Schilling; ok millert@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -841,4 +845,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2516 2002/12/23 02:00:23 mouring Exp $ +$Id: ChangeLog,v 1.2517 2002/12/23 02:01:55 mouring Exp $ diff --git a/clientloop.c b/clientloop.c index 2c030e71b..fcd75d2d7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -888,10 +888,16 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) client_init_dispatch(); - /* Set signal handlers to restore non-blocking mode. */ - signal(SIGINT, signal_handler); - signal(SIGQUIT, signal_handler); - signal(SIGTERM, signal_handler); + /* + * Set signal handlers, (e.g. to restore non-blocking mode) + * but don't overwrite SIG_IGN, matches behaviour from rsh(1) + */ + if (signal(SIGINT, SIG_IGN) != SIG_IGN) + signal(SIGINT, signal_handler); + if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) + signal(SIGQUIT, signal_handler); + if (signal(SIGTERM, SIG_IGN) != SIG_IGN) + signal(SIGTERM, signal_handler); if (have_pty) signal(SIGWINCH, window_change_handler); -- cgit v1.2.3 From 1f53083fc47e1ebd9f08f8d04035720316385560 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:03:02 +0000 Subject: - markus@cvs.openbsd.org 2002/11/21 22:22:50 [dh.c] debug->debug2 --- ChangeLog | 5 ++++- dh.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c9165158..40381ec6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ [clientloop.c] don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN; e.g. if ssh is used for backup; report Joerg Schilling; ok millert@ + - markus@cvs.openbsd.org 2002/11/21 22:22:50 + [dh.c] + debug->debug2 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -845,4 +848,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2517 2002/12/23 02:01:55 mouring Exp $ +$Id: ChangeLog,v 1.2518 2002/12/23 02:03:02 mouring Exp $ diff --git a/dh.c b/dh.c index 6ec37867a..1be51953c 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $"); #include "xmalloc.h" @@ -182,7 +182,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) @@ -214,7 +214,7 @@ dh_gen_key(DH *dh, int need) for (i = 0; i <= BN_num_bits(dh->priv_key); i++) if (BN_is_bit_set(dh->priv_key, i)) bits_set++; - debug("dh_gen_key: priv key bits set: %d/%d", + debug2("dh_gen_key: priv key bits set: %d/%d", bits_set, BN_num_bits(dh->priv_key)); if (tries++ > 10) fatal("dh_gen_key: too many bad keys: giving up"); -- cgit v1.2.3 From 064496feaab2183b6dc5db0b0bebe0b226e2d31d Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:04:22 +0000 Subject: - markus@cvs.openbsd.org 2002/11/21 22:45:31 [cipher.c kex.c packet.c sshconnect.c sshconnect2.c] debug->debug2, unify debug messages --- ChangeLog | 5 ++++- cipher.c | 4 ++-- kex.c | 6 +++--- packet.c | 6 +++--- sshconnect.c | 4 ++-- sshconnect2.c | 14 ++++++-------- 6 files changed, 20 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 40381ec6f..514d8ab50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - markus@cvs.openbsd.org 2002/11/21 22:22:50 [dh.c] debug->debug2 + - markus@cvs.openbsd.org 2002/11/21 22:45:31 + [cipher.c kex.c packet.c sshconnect.c sshconnect2.c] + debug->debug2, unify debug messages 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -848,4 +851,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2518 2002/12/23 02:03:02 mouring Exp $ +$Id: ChangeLog,v 1.2519 2002/12/23 02:04:22 mouring Exp $ diff --git a/cipher.c b/cipher.c index 1933d3eab..b5d38747e 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, cipher->name); klen = EVP_CIPHER_CTX_key_length(&cc->evp); if (klen > 0 && keylen != klen) { - debug("cipher_init: set keylen (%d -> %d)", klen, keylen); + debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) fatal("cipher_init: set keylen failed (%d -> %d)", klen, keylen); diff --git a/kex.c b/kex.c index bdbf3882c..113663598 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $"); #include @@ -135,7 +135,7 @@ kex_finish(Kex *kex) /* packet_write_wait(); */ debug("SSH2_MSG_NEWKEYS sent"); - debug("waiting for SSH2_MSG_NEWKEYS"); + debug("expecting SSH2_MSG_NEWKEYS"); packet_read_expect(SSH2_MSG_NEWKEYS); packet_check_eom(); debug("SSH2_MSG_NEWKEYS received"); @@ -433,7 +433,7 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) for (i = 0; i < NKEYS; i++) keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); - debug("kex_derive_keys"); + debug2("kex_derive_keys"); for (mode = 0; mode < MODE_MAX; mode++) { current_keys[mode] = kex->newkeys[mode]; kex->newkeys[mode] = NULL; diff --git a/packet.c b/packet.c index 6400ad9b1..0a8baa5b2 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.99 2002/11/04 10:09:51 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.100 2002/11/21 22:45:31 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -564,7 +564,7 @@ set_newkeys(int mode) CipherContext *cc; int encrypt; - debug("newkeys: mode %d", mode); + debug2("set_newkeys: mode %d", mode); if (mode == MODE_OUT) { cc = &send_context; @@ -574,7 +574,7 @@ set_newkeys(int mode) encrypt = CIPHER_DECRYPT; } if (newkeys[mode] != NULL) { - debug("newkeys: rekeying"); + debug("set_newkeys: rekeying"); cipher_cleanup(cc); enc = &newkeys[mode]->enc; mac = &newkeys[mode]->mac; diff --git a/sshconnect.c b/sshconnect.c index 776d72065..f99fe0257 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.136 2002/11/21 22:45:31 markus Exp $"); #include @@ -247,7 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, */ int full_failure = 1; - debug("ssh_connect: needpriv %d", needpriv); + debug2("ssh_connect: needpriv %d", needpriv); /* Get default port if port has not been set. */ if (port == 0) { diff --git a/sshconnect2.c b/sshconnect2.c index 703d0721f..755be5cca 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.108 2002/11/21 22:45:31 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -128,7 +128,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) packet_send(); packet_write_wait(); #endif - debug("done: ssh_kex2."); } /* @@ -224,24 +223,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - debug("send SSH2_MSG_SERVICE_REQUEST"); packet_start(SSH2_MSG_SERVICE_REQUEST); packet_put_cstring("ssh-userauth"); packet_send(); + debug("SSH2_MSG_SERVICE_REQUEST sent"); packet_write_wait(); type = packet_read(); - if (type != SSH2_MSG_SERVICE_ACCEPT) { - fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); - } + if (type != SSH2_MSG_SERVICE_ACCEPT) + fatal("Server denied authentication request: %d", type); if (packet_remaining() > 0) { char *reply = packet_get_string(NULL); - debug("service_accept: %s", reply); + debug2("service_accept: %s", reply); xfree(reply); } else { debug("buggy server: service_accept w/o service"); } packet_check_eom(); - debug("got SSH2_MSG_SERVICE_ACCEPT"); + debug("SSH2_MSG_SERVICE_ACCEPT received"); if (options.preferred_authentications == NULL) options.preferred_authentications = authmethods_get(); -- cgit v1.2.3 From 93576d9538f3b6d373248ffd2ed5ab9852a1555c Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:06:19 +0000 Subject: - deraadt@cvs.openbsd.org 2002/11/21 23:03:51 [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF --- ChangeLog | 6 +++++- auth-krb5.c | 4 ++-- auth1.c | 4 ++-- hostfile.h | 12 ++++++------ monitor_wrap.c | 4 ++-- sftp-client.c | 14 +++++++------- sftp-int.c | 28 ++++++++++++++-------------- ssh-add.c | 4 ++-- ssh-rsa.c | 4 ++-- sshconnect.c | 10 +++++----- 10 files changed, 47 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 514d8ab50..e41fef034 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ - markus@cvs.openbsd.org 2002/11/21 22:45:31 [cipher.c kex.c packet.c sshconnect.c sshconnect2.c] debug->debug2, unify debug messages + - deraadt@cvs.openbsd.org 2002/11/21 23:03:51 + [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c + sshconnect.c] + KNF 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -851,4 +855,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2519 2002/12/23 02:04:22 mouring Exp $ +$Id: ChangeLog,v 1.2520 2002/12/23 02:06:19 mouring Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index 512f70b78..e3e2d9751 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -107,7 +107,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) if (problem) goto err; - problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, KRB5_NT_SRV_HST, &server); if (problem) goto err; diff --git a/auth1.c b/auth1.c index 9527ba004..1af30e0ec 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.45 2002/11/21 23:03:51 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -150,7 +150,7 @@ do_authloop(Authctxt *authctxt) snprintf(info, sizeof(info), " tktuser %.100s", client_user); - + /* Send response to client */ packet_start( SSH_SMSG_AUTH_KERBEROS_RESPONSE); diff --git a/hostfile.h b/hostfile.h index 1df7a22f2..e3d116581 100644 --- a/hostfile.h +++ b/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ +/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -19,10 +19,10 @@ typedef enum { } HostStatus; int hostfile_read_key(char **, u_int *, Key *); -HostStatus -check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, Key *); -int -lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *); +HostStatus check_host_in_hostfile(const char *, const char *, + Key *, Key *, int *); +int add_host_to_hostfile(const char *, const char *, Key *); +int lookup_key_in_hostfile_by_type(const char *, const char *, + int, Key *, int *); #endif diff --git a/monitor_wrap.c b/monitor_wrap.c index 4c53bfd13..b75f9dfc7 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.20 2002/11/21 23:03:51 deraadt Exp $"); #include #include @@ -969,7 +969,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) xfree(p); } buffer_free(&m); - return (success); + return (success); } #endif diff --git a/sftp-client.c b/sftp-client.c index 30bef8936..df9838648 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.36 2002/11/05 20:10:37 markus Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.37 2002/11/21 23:03:51 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -857,9 +857,9 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, (unsigned long long)req->offset + len - 1); if (len > req->len) fatal("Received more data than asked for " - "%u > %u", len, req->len); + "%u > %u", len, req->len); if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || - atomicio(write, local_fd, data, len) != len) && + atomicio(write, local_fd, data, len) != len) && !write_error) { write_errno = errno; write_error = 1; @@ -930,7 +930,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, if (pflag && chmod(local_path, mode) == -1) #endif /* HAVE_FCHMOD */ error("Couldn't set mode on \"%s\": %s", local_path, - strerror(errno)); + strerror(errno)); if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { struct timeval tv[2]; tv[0].tv_sec = a->atime; @@ -938,7 +938,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, tv[0].tv_usec = tv[1].tv_usec = 0; if (utimes(local_path, tv) == -1) error("Can't set times on \"%s\": %s", - local_path, strerror(errno)); + local_path, strerror(errno)); } } close(local_fd); @@ -1047,7 +1047,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_string(&msg, data, len); send_msg(conn->fd_out, &msg); debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", - id, (unsigned long long)offset, len); + id, (unsigned long long)offset, len); } else if (TAILQ_FIRST(&acks) == NULL) break; @@ -1081,7 +1081,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (status != SSH2_FX_OK) { error("Couldn't write to remote file \"%s\": %s", - remote_path, fx2txt(status)); + remote_path, fx2txt(status)); do_close(conn, handle, handle_len); close(local_fd); goto done; diff --git a/sftp-int.c b/sftp-int.c index 6a2012910..04b67c969 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.50 2002/11/21 23:03:51 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -550,7 +550,7 @@ sdirent_comp(const void *aa, const void *bb) SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; - return (strcmp(a->filename, b->filename)); + return (strcmp(a->filename, b->filename)); } /* sftp ls.1 replacement for directories */ @@ -563,7 +563,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) if ((n = do_readdir(conn, path, &d)) != 0) return (n); - /* Count entries for sort */ + /* Count entries for sort */ for (n = 0; d[n] != NULL; n++) ; @@ -571,7 +571,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) for (n = 0; d[n] != NULL; n++) { char *tmp, *fname; - + tmp = path_append(path, d[n]->filename); fname = path_strip(tmp, strip_path); xfree(tmp); @@ -589,7 +589,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) /* XXX - multicolumn display would be nice here */ printf("%s\n", fname); } - + xfree(fname); } @@ -599,7 +599,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) /* sftp ls.1 replacement which handles path globs */ static int -do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, +do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { glob_t g; @@ -609,23 +609,23 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, memset(&g, 0, sizeof(g)); - if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, + if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, NULL, &g)) { error("Can't ls: \"%s\" not found", path); return (-1); } /* - * If the glob returns a single match, which is the same as the + * If the glob returns a single match, which is the same as the * input glob, and it is a directory, then just list its contents */ - if (g.gl_pathc == 1 && + if (g.gl_pathc == 1 && strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { if ((a = do_lstat(conn, path, 1)) == NULL) { globfree(&g); return (-1); } - if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && + if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && S_ISDIR(a->perm)) { globfree(&g); return (do_ls_dir(conn, path, strip_path, lflag)); @@ -640,8 +640,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, if (lflag) { /* * XXX: this is slow - 1 roundtrip per path - * A solution to this is to fork glob() and - * build a sftp specific version which keeps the + * A solution to this is to fork glob() and + * build a sftp specific version which keeps the * attribs (which currently get thrown away) * that the server returns as well as the filenames. */ @@ -666,7 +666,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } static int -parse_args(const char **cpp, int *pflag, int *lflag, +parse_args(const char **cpp, int *pflag, int *lflag, unsigned long *n_arg, char **path1, char **path2) { const char *cmd, *cp = *cpp; @@ -900,7 +900,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) do_globbed_ls(conn, *pwd, *pwd, lflag); break; } - + /* Strip pwd off beginning of non-absolute paths */ tmp = NULL; if (*path1 != '/') diff --git a/ssh-add.c b/ssh-add.c index 9c729752a..4f4ab3a06 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.64 2002/11/21 23:03:51 deraadt Exp $"); #include @@ -169,7 +169,7 @@ add_file(AuthenticationConnection *ac, const char *filename) fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; if (lifetime != 0) - fprintf(stderr, + fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); } else if (ssh_add_identity(ac, private, comment)) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); diff --git a/ssh-rsa.c b/ssh-rsa.c index d7b2918f9..c599ce65c 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.27 2002/11/21 23:03:51 deraadt Exp $"); #include #include @@ -37,7 +37,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); #include "compat.h" #include "ssh.h" -static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *); +static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int diff --git a/sshconnect.c b/sshconnect.c index f99fe0257..dae25969a 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.136 2002/11/21 22:45:31 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.137 2002/11/21 23:03:51 deraadt Exp $"); #include @@ -649,10 +649,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "%s key fingerprint is %s.\n" "Are you sure you want to continue connecting " "(yes/no)? ", - host, ip, - has_keys ? ",\nbut keys of different type are already " - "known for this host." : ".", - type, fp); + host, ip, + has_keys ? ",\nbut keys of different type are already " + "known for this host." : ".", + type, fp); xfree(fp); if (!confirm(msg)) goto fail; -- cgit v1.2.3 From 604dc728907e684e3c70bd5ebf0485d8de6fc94e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:08:57 +0000 Subject: - markus@cvs.openbsd.org 2002/11/21 23:04:33 [ssh.c] debug->debug2 --- ChangeLog | 5 ++++- ssh.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e41fef034..4427664b0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF + - markus@cvs.openbsd.org 2002/11/21 23:04:33 + [ssh.c] + debug->debug2 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -855,4 +858,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2520 2002/12/23 02:06:19 mouring Exp $ +$Id: ChangeLog,v 1.2521 2002/12/23 02:08:57 mouring Exp $ diff --git a/ssh.c b/ssh.c index 2c589de82..ac1c1db4a 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.187 2002/11/21 23:04:33 markus Exp $"); #include #include @@ -1026,7 +1026,7 @@ ssh_session2_setup(int id, void *arg) int interactive = 0; struct termios tio; - debug("ssh_session2_setup: id %d", id); + debug2("ssh_session2_setup: id %d", id); if (tty_flag) { struct winsize ws; -- cgit v1.2.3 From 2594d9a06bb1b7e0d249a02e0c217280883bdbf0 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:09:59 +0000 Subject: - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 [ssh-keysign.8] typo: "the the" --- ChangeLog | 5 ++++- ssh-keysign.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4427664b0..2b7f8d6ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - markus@cvs.openbsd.org 2002/11/21 23:04:33 [ssh.c] debug->debug2 + - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 + [ssh-keysign.8] + typo: "the the" 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -858,4 +861,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2521 2002/12/23 02:08:57 mouring Exp $ +$Id: ChangeLog,v 1.2522 2002/12/23 02:09:59 mouring Exp $ diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 9a87731f9..99d373406 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.4 2002/11/07 22:08:07 markus Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.5 2002/11/24 21:46:24 stevesk Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -39,7 +39,7 @@ required during hostbased authentication with SSH protocol version 2. .Pp .Nm is disabled by default and can only be enabled in the -the global client configuration file +global client configuration file .Pa /etc/ssh/ssh_config by setting .Cm EnableSSHKeysign -- cgit v1.2.3 From e7ee7fe602edcca6f55c445cd56775ab3b0a759d Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:11:02 +0000 Subject: - wcobb@cvs.openbsd.org 2002/11/26 00:45:03 [scp.c ssh-keygen.c] Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@ --- ChangeLog | 6 +++++- scp.c | 3 +-- ssh-keygen.c | 3 +-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2b7f8d6ea..dbef2c842 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 [ssh-keysign.8] typo: "the the" + - wcobb@cvs.openbsd.org 2002/11/26 00:45:03 + [scp.c ssh-keygen.c] + Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. + ok markus@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -861,4 +865,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2522 2002/12/23 02:09:59 mouring Exp $ +$Id: ChangeLog,v 1.2523 2002/12/23 02:11:02 mouring Exp $ diff --git a/scp.c b/scp.c index 05c490f4e..73ab0de81 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.92 2002/11/07 22:35:38 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.93 2002/11/26 00:45:03 wcobb Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -570,7 +570,6 @@ syserr: run_err("%s: %s", name, strerror(errno)); #endif if (verbose_mode) { fprintf(stderr, "Sending file modes: %s", buf); - fflush(stderr); } (void) atomicio(write, remout, buf, strlen(buf)); if (response() < 0) diff --git a/ssh-keygen.c b/ssh-keygen.c index 3478e3723..6a872bcfd 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $"); #include #include @@ -109,7 +109,6 @@ ask_filename(struct passwd *pw, const char *prompt) snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); fprintf(stderr, "%s (%s): ", prompt, identity_file); - fflush(stderr); if (fgets(buf, sizeof(buf), stdin) == NULL) exit(1); if (strchr(buf, '\n')) -- cgit v1.2.3 From 9394d2fc0a3fed5cfca0bae0cb6dd8e4c1ee1e9d Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:11:54 +0000 Subject: - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 [ssh-keygen.1] remove outdated statement; ok markus@ deraadt@ --- ChangeLog | 5 ++++- ssh-keygen.1 | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index dbef2c842..ba1105ab6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ [scp.c ssh-keygen.c] Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@ + - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 + [ssh-keygen.1] + remove outdated statement; ok markus@ deraadt@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -865,4 +868,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2523 2002/12/23 02:11:02 mouring Exp $ +$Id: ChangeLog,v 1.2524 2002/12/23 02:11:54 mouring Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 35b0bb916..78fdb496a 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.54 2002/06/19 00:27:55 deraadt Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $ .\" .\" -*- nroff -*- .\" @@ -147,8 +147,7 @@ The options are as follows: .It Fl b Ar bits Specifies the number of bits in the key to create. Minimum is 512 bits. -Generally 1024 bits is considered sufficient, and key sizes -above that no longer improve security but make things slower. +Generally, 1024 bits is considered sufficient. The default is 1024 bits. .It Fl c Requests changing the comment in the private and public key files. -- cgit v1.2.3 From acaac975cad5a45c14da53f1e61e5c6d133de85d Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:13:37 +0000 Subject: - stevesk@cvs.openbsd.org 2002/11/26 02:38:54 [canohost.c] KNF, comment and error message repair; ok markus@ --- ChangeLog | 5 ++++- canohost.c | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index ba1105ab6..f9e7fa386 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 [ssh-keygen.1] remove outdated statement; ok markus@ deraadt@ + - stevesk@cvs.openbsd.org 2002/11/26 02:38:54 + [canohost.c] + KNF, comment and error message repair; ok markus@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -868,4 +871,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2524 2002/12/23 02:11:54 mouring Exp $ +$Id: ChangeLog,v 1.2525 2002/12/23 02:13:37 mouring Exp $ diff --git a/canohost.c b/canohost.c index a457d3c52..9aa942a9f 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $"); #include "packet.h" #include "xmalloc.h" @@ -38,7 +38,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) /* Get IP address of client. */ fromlen = sizeof(from); memset(&from, 0, sizeof(from)); - if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { + if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } @@ -202,8 +202,8 @@ get_canonical_hostname(int verify_reverse_mapping) } /* - * Returns the remote IP-address of socket as a string. The returned - * string must be freed. + * Returns the local/remote IP-address/hostname of socket as a string. + * The returned string must be freed. */ static char * get_socket_address(int socket, int remote, int flags) @@ -228,7 +228,7 @@ get_socket_address(int socket, int remote, int flags) /* Get the address in ascii. */ if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), NULL, 0, flags) != 0) { - error("get_socket_ipaddr: getnameinfo %d failed", flags); + error("get_socket_address: getnameinfo %d failed", flags); return NULL; } return xstrdup(ntop); @@ -314,7 +314,7 @@ get_sock_port(int sock, int local) return 0; } } else { - if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { + if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } -- cgit v1.2.3 From c276c1208e43ed4305d723004ddf602fbe99513b Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:14:51 +0000 Subject: - markus@cvs.openbsd.org 2002/11/27 17:53:35 [scp.c sftp.c ssh.c] allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@ --- ChangeLog | 6 +++++- scp.c | 10 +++++----- sftp.c | 4 ++-- ssh.c | 6 +++--- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index f9e7fa386..1745e7c99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ - stevesk@cvs.openbsd.org 2002/11/26 02:38:54 [canohost.c] KNF, comment and error message repair; ok markus@ + - markus@cvs.openbsd.org 2002/11/27 17:53:35 + [scp.c sftp.c ssh.c] + allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; + http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -871,4 +875,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2525 2002/12/23 02:13:37 mouring Exp $ +$Id: ChangeLog,v 1.2526 2002/12/23 02:14:51 mouring Exp $ diff --git a/scp.c b/scp.c index 73ab0de81..4214e0c53 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.93 2002/11/26 00:45:03 wcobb Exp $"); +RCSID("$OpenBSD: scp.c,v 1.94 2002/11/27 17:53:35 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -370,7 +370,7 @@ toremote(targ, argc, argv) if (*targ == 0) targ = "."; - if ((thost = strchr(argv[argc - 1], '@'))) { + if ((thost = strrchr(argv[argc - 1], '@'))) { /* user@host */ *thost++ = 0; tuser = argv[argc - 1]; @@ -391,7 +391,7 @@ toremote(targ, argc, argv) *src++ = 0; if (*src == 0) src = "."; - host = strchr(argv[i], '@'); + host = strrchr(argv[i], '@'); len = strlen(ssh_program) + strlen(argv[i]) + strlen(src) + (tuser ? strlen(tuser) : 0) + strlen(thost) + strlen(targ) + @@ -470,7 +470,7 @@ tolocal(argc, argv) *src++ = 0; if (*src == 0) src = "."; - if ((host = strchr(argv[i], '@')) == NULL) { + if ((host = strrchr(argv[i], '@')) == NULL) { host = argv[i]; suser = NULL; } else { @@ -1036,7 +1036,7 @@ okname(cp0) if (c & 0200) goto bad; if (!isalpha(c) && !isdigit(c) && - c != '_' && c != '-' && c != '.' && c != '+') + c != '@' && c != '_' && c != '-' && c != '.' && c != '+') goto bad; } while (*++cp); return (1); diff --git a/sftp.c b/sftp.c index c4055b91e..c173e58cb 100644 --- a/sftp.c +++ b/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.32 2002/11/27 17:53:35 markus Exp $"); /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -197,7 +197,7 @@ main(int argc, char **argv) file1 = cp; } - if ((host = strchr(userhost, '@')) == NULL) + if ((host = strrchr(userhost, '@')) == NULL) host = userhost; else { *host++ = '\0'; diff --git a/ssh.c b/ssh.c index ac1c1db4a..c6beb1bcf 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.187 2002/11/21 23:04:33 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.188 2002/11/27 17:53:35 markus Exp $"); #include #include @@ -495,9 +495,9 @@ again: av += optind; if (ac > 0 && !host && **av != '-') { - if (strchr(*av, '@')) { + if (strrchr(*av, '@')) { p = xstrdup(*av); - cp = strchr(p, '@'); + cp = strrchr(p, '@'); if (cp == NULL || cp == p) usage(); options.user = p; -- cgit v1.2.3 From 611797ed1533f14ac2c04a2531ad90615afa6174 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:15:57 +0000 Subject: - stevesk@cvs.openbsd.org 2002/12/04 04:36:47 [session.c] remove xauth entries before add; PR 2994 from janjaap@stack.nl. ok markus@ --- ChangeLog | 6 +++++- session.c | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1745e7c99..dcddd6c86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,10 @@ [scp.c sftp.c ssh.c] allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@ + - stevesk@cvs.openbsd.org 2002/12/04 04:36:47 + [session.c] + remove xauth entries before add; PR 2994 from janjaap@stack.nl. + ok markus@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -875,4 +879,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2526 2002/12/23 02:14:51 mouring Exp $ +$Id: ChangeLog,v 1.2527 2002/12/23 02:15:57 mouring Exp $ diff --git a/session.c b/session.c index 9074525a4..ac1561756 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.151 2002/12/04 04:36:47 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1146,8 +1146,10 @@ do_rc_files(Session *s, const char *shell) /* Add authority data to .Xauthority if appropriate. */ if (debug_flag) { fprintf(stderr, - "Running %.500s add " - "%.100s %.100s %.100s\n", + "Running %.500s remove %.100s\n", + options.xauth_location, s->auth_display); + fprintf(stderr, + "%.500s add %.100s %.100s %.100s\n", options.xauth_location, s->auth_display, s->auth_proto, s->auth_data); } @@ -1155,6 +1157,8 @@ do_rc_files(Session *s, const char *shell) options.xauth_location); f = popen(cmd, "w"); if (f) { + fprintf(f, "remove %s\n", + s->auth_display); fprintf(f, "add %s %s %s\n", s->auth_display, s->auth_proto, s->auth_data); -- cgit v1.2.3 From 418e078378d078c6995742e3f95f7c22f3580fb1 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:22:09 +0000 Subject: - markus@cvs.openbsd.org 2002/12/05 11:08:35 [scp.c] use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@ --- ChangeLog | 6 +++++- scp.c | 8 +++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index dcddd6c86..3fd15bc1a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,10 @@ [session.c] remove xauth entries before add; PR 2994 from janjaap@stack.nl. ok markus@ + - markus@cvs.openbsd.org 2002/12/05 11:08:35 + [scp.c] + use roundup() similar to rcp/util.c and avoid problems with strange + filesystem block sizes, noted by tjr@freebsd.org; ok djm@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -879,4 +883,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2527 2002/12/23 02:15:57 mouring Exp $ +$Id: ChangeLog,v 1.2528 2002/12/23 02:22:09 mouring Exp $ diff --git a/scp.c b/scp.c index 4214e0c53..eb5f23e40 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.94 2002/11/27 17:53:35 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.95 2002/12/05 11:08:35 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -1058,11 +1058,9 @@ allocbuf(bp, fd, blksize) run_err("fstat: %s", strerror(errno)); return (0); } - if (stb.st_blksize == 0) + size = roundup(stb.st_blksize, blksize); + if (size == 0) size = blksize; - else - size = blksize + (stb.st_blksize - blksize % stb.st_blksize) % - stb.st_blksize; #else /* HAVE_STRUCT_STAT_ST_BLKSIZE */ size = blksize; #endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ -- cgit v1.2.3 From d57678182944d4acf87b7dfa0db7725e7721c6d6 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:23:37 +0000 Subject: - djm@cvs.openbsd.org 2002/12/06 05:20:02 [sftp.1] Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@ --- ChangeLog | 5 ++++- sftp.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3fd15bc1a..2c83c164c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ [scp.c] use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@ + - djm@cvs.openbsd.org 2002/12/06 05:20:02 + [sftp.1] + Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -883,4 +886,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2528 2002/12/23 02:22:09 mouring Exp $ +$Id: ChangeLog,v 1.2529 2002/12/23 02:23:37 mouring Exp $ diff --git a/sftp.1 b/sftp.1 index 33ceb6596..84d1c1bf5 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.37 2002/12/06 05:20:02 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -224,7 +224,7 @@ Create remote directory specified by .It Xo Ic put .Op Ar flags .Ar local-path -.Op Ar local-path +.Op Ar remote-path .Xc Upload .Ar local-path -- cgit v1.2.3 From b9fa691819cabfeb1a1bc721daa45593e1bb59e2 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:24:54 +0000 Subject: - millert@cvs.openbsd.org 2002/12/09 16:50:30 [ssh.c] Avoid setting optind to 0 as GNU getopt treats that like we do optreset. markus@ OK --- ChangeLog | 6 +++++- ssh.c | 9 ++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c83c164c..01c24e6b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,10 @@ - djm@cvs.openbsd.org 2002/12/06 05:20:02 [sftp.1] Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@ + - millert@cvs.openbsd.org 2002/12/09 16:50:30 + [ssh.c] + Avoid setting optind to 0 as GNU getopt treats that like we do optreset. + markus@ OK 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -886,4 +890,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2529 2002/12/23 02:23:37 mouring Exp $ +$Id: ChangeLog,v 1.2530 2002/12/23 02:24:54 mouring Exp $ diff --git a/ssh.c b/ssh.c index c6beb1bcf..7162e680d 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.188 2002/11/27 17:53:35 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.189 2002/12/09 16:50:30 millert Exp $"); #include #include @@ -505,12 +505,11 @@ again: host = ++cp; } else host = *av; - ac--, av++; - if (ac > 0) { - optind = 0; - optreset = 1; + if (ac > 1) { + optind = optreset = 1; goto again; } + ac--, av++; } /* Check that we got a host name. */ -- cgit v1.2.3 From 46767607e290343fdd43f6f6b4dc170647700698 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:26:08 +0000 Subject: - markus@cvs.openbsd.org 2002/12/10 08:56:00 [session.c] Make sure $SHELL points to the shell from the password file, even if shell is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@ --- ChangeLog | 6 +++++- session.c | 11 ++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 01c24e6b3..892c87e24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,10 @@ [ssh.c] Avoid setting optind to 0 as GNU getopt treats that like we do optreset. markus@ OK + - markus@cvs.openbsd.org 2002/12/10 08:56:00 + [session.c] + Make sure $SHELL points to the shell from the password file, even if shell + is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -890,4 +894,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2530 2002/12/23 02:24:54 mouring Exp $ +$Id: ChangeLog,v 1.2531 2002/12/23 02:26:08 mouring Exp $ diff --git a/session.c b/session.c index ac1561756..dfff9c6bf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.151 2002/12/04 04:36:47 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.152 2002/12/10 08:56:00 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1324,12 +1324,17 @@ do_child(Session *s, const char *command) * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + + /* + * Make sure $SHELL points to the shell from the password file, + * even if shell is overridden from login.conf + */ + env = do_setup_env(s, shell); + #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - env = do_setup_env(s, shell); - /* we have to stash the hostname before we close our socket. */ if (options.use_login) hostname = get_remote_name_or_ip(utmp_len, -- cgit v1.2.3 From a743398d04d2bb40b95b8d508152fb15601e2329 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:41:41 +0000 Subject: - markus@cvs.openbsd.org 2002/12/10 19:26:50 [packet.c] move tos handling to packet_set_tos; ok provos/henning/deraadt --- ChangeLog | 5 ++++- packet.c | 49 ++++++++++++++++++------------------------------- 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 892c87e24..8a8fc00bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,6 +59,9 @@ [session.c] Make sure $SHELL points to the shell from the password file, even if shell is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@ + - markus@cvs.openbsd.org 2002/12/10 19:26:50 + [packet.c] + move tos handling to packet_set_tos; ok provos/henning/deraadt 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -894,4 +897,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2531 2002/12/23 02:26:08 mouring Exp $ +$Id: ChangeLog,v 1.2532 2002/12/23 02:41:41 mouring Exp $ diff --git a/packet.c b/packet.c index 0a8baa5b2..d06ac904a 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.100 2002/11/21 22:45:31 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.101 2002/12/10 19:26:50 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1314,16 +1314,26 @@ packet_not_very_much_data_to_write(void) return buffer_len(&output) < 128 * 1024; } +void +packet_set_tos(int interactive) +{ + int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; + + if (!packet_connection_is_on_socket() || + !packet_connection_is_ipv4()) + return; + if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos, + sizeof(tos)) < 0) + error("setsockopt IP_TOS %d: %.100s:", + tos, strerror(errno)); +} + /* Informs that the current session is interactive. Sets IP flags for that. */ void packet_set_interactive(int interactive) { static int called = 0; -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - int lowdelay = IPTOS_LOWDELAY; - int throughput = IPTOS_THROUGHPUT; -#endif if (called) return; @@ -1334,35 +1344,12 @@ packet_set_interactive(int interactive) /* Only set socket options if using a socket. */ if (!packet_connection_is_on_socket()) - return; - /* - * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only - */ - if (interactive) { - /* - * Set IP options for an interactive connection. Use - * IPTOS_LOWDELAY and TCP_NODELAY. - */ -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - if (packet_connection_is_ipv4()) { - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, - &lowdelay, sizeof(lowdelay)) < 0) - error("setsockopt IPTOS_LOWDELAY: %.100s", - strerror(errno)); - } -#endif + if (interactive) set_nodelay(connection_in); - } else if (packet_connection_is_ipv4()) { - /* - * Set IP options for a non-interactive connection. Use - * IPTOS_THROUGHPUT. - */ #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput, - sizeof(throughput)) < 0) - error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); + packet_set_tos(interactive); #endif - } + } /* Returns true if the current connection is interactive. */ -- cgit v1.2.3 From faa1ea8c20f6f234e14b192705ddaeb1bc67f7de Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:42:52 +0000 Subject: - markus@cvs.openbsd.org 2002/12/10 19:47:14 [packet.c] static --- ChangeLog | 5 ++++- packet.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8a8fc00bf..c75b2890e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,9 @@ - markus@cvs.openbsd.org 2002/12/10 19:26:50 [packet.c] move tos handling to packet_set_tos; ok provos/henning/deraadt + - markus@cvs.openbsd.org 2002/12/10 19:47:14 + [packet.c] + static 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -897,4 +900,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2532 2002/12/23 02:41:41 mouring Exp $ +$Id: ChangeLog,v 1.2533 2002/12/23 02:42:52 mouring Exp $ diff --git a/packet.c b/packet.c index d06ac904a..3e2d1249d 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.101 2002/12/10 19:26:50 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.102 2002/12/10 19:47:14 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1314,7 +1314,7 @@ packet_not_very_much_data_to_write(void) return buffer_len(&output) < 128 * 1024; } -void +static void packet_set_tos(int interactive) { int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; -- cgit v1.2.3 From 1d568f9fce07fd6ea1f6d9f84cd204a17264e28e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:44:36 +0000 Subject: - markus@cvs.openbsd.org 2002/12/13 10:03:15 [channels.c misc.c sshconnect2.c] cleanup debug messages, more useful information for the client user. --- ChangeLog | 5 ++++- channels.c | 12 ++++++------ misc.c | 4 ++-- sshconnect2.c | 25 ++++++++++++------------- 4 files changed, 24 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index c75b2890e..335614598 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ - markus@cvs.openbsd.org 2002/12/10 19:47:14 [packet.c] static + - markus@cvs.openbsd.org 2002/12/13 10:03:15 + [channels.c misc.c sshconnect2.c] + cleanup debug messages, more useful information for the client user. 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -900,4 +903,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2533 2002/12/23 02:42:52 mouring Exp $ +$Id: ChangeLog,v 1.2534 2002/12/23 02:44:36 mouring Exp $ diff --git a/channels.c b/channels.c index 6ff9e2583..1586ea397 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $"); +RCSID("$OpenBSD: channels.c,v 1.184 2002/12/13 10:03:15 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -578,7 +578,7 @@ channel_send_open(int id) log("channel_send_open: %d: bad id", id); return; } - debug("send channel open %d", id); + debug2("channel %d: send open", id); packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring(c->ctype); packet_put_int(c->self); @@ -588,15 +588,15 @@ channel_send_open(int id) } void -channel_request_start(int local_id, char *service, int wantconfirm) +channel_request_start(int id, char *service, int wantconfirm) { - Channel *c = channel_lookup(local_id); + Channel *c = channel_lookup(id); if (c == NULL) { - log("channel_request_start: %d: unknown channel id", local_id); + log("channel_request_start: %d: unknown channel id", id); return; } - debug("channel request %d: %s", local_id, service) ; + debug("channel %d: request %s", id, service) ; packet_start(SSH2_MSG_CHANNEL_REQUEST); packet_put_int(c->remote_id); packet_put_cstring(service); diff --git a/misc.c b/misc.c index e9fcef6ca..512fb22fb 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $"); #include "misc.h" #include "log.h" @@ -105,7 +105,7 @@ set_nodelay(int fd) return; } opt = 1; - debug("fd %d setting TCP_NODELAY", fd); + debug2("fd %d setting TCP_NODELAY", fd); if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } diff --git a/sshconnect2.c b/sshconnect2.c index 755be5cca..5859199d7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.108 2002/11/21 22:45:31 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.109 2002/12/13 10:03:15 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -236,7 +236,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, debug2("service_accept: %s", reply); xfree(reply); } else { - debug("buggy server: service_accept w/o service"); + debug2("buggy server: service_accept w/o service"); } packet_check_eom(); debug("SSH2_MSG_SERVICE_ACCEPT received"); @@ -271,7 +271,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (authctxt.agent != NULL) ssh_close_authentication_connection(authctxt.agent); - debug("ssh-userauth2 successful: method %s", authctxt.method->name); + debug("Authentication succeeded (%s).", authctxt.method->name); } void userauth(Authctxt *authctxt, char *authlist) @@ -345,7 +345,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) if (partial != 0) log("Authenticated with partial success."); - debug("authentications that can continue: %s", authlist); + debug("Authentications that can continue: %s", authlist); clear_auth_state(authctxt); userauth(authctxt, authlist); @@ -377,7 +377,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", + debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); do { @@ -762,7 +762,7 @@ userauth_pubkey_agent(Authctxt *authctxt) if (k == NULL) { debug2("userauth_pubkey_agent: no more keys"); } else { - debug("userauth_pubkey_agent: testing agent key %s", comment); + debug("Offering agent key: %s", comment); xfree(comment); ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); if (ret == 0) @@ -790,7 +790,7 @@ userauth_pubkey(Authctxt *authctxt) key = options.identity_keys[idx]; filename = options.identity_files[idx]; if (key == NULL) { - debug("try privkey: %s", filename); + debug("Trying private key: %s", filename); key = load_identity_file(filename); if (key != NULL) { sent = sign_and_send_pubkey(authctxt, key, @@ -798,7 +798,7 @@ userauth_pubkey(Authctxt *authctxt) key_free(key); } } else if (key->type != KEY_RSA1) { - debug("try pubkey: %s", filename); + debug("Offering public key: %s", filename); sent = send_pubkey_test(authctxt, key, identity_sign_cb, idx); } @@ -904,7 +904,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, pid_t pid; int to[2], from[2], status, version = 2; - debug("ssh_keysign called"); + debug2("ssh_keysign called"); if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { error("ssh_keysign: no installed: %s", strerror(errno)); @@ -993,7 +993,7 @@ userauth_hostbased(Authctxt *authctxt) } } if (!found) { - debug("userauth_hostbased: no more client hostkeys"); + debug("No more client hostkeys for hostbased authentication."); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { @@ -1107,7 +1107,6 @@ static char *preferred = NULL; static Authmethod * authmethod_get(char *authlist) { - char *name = NULL; u_int next; @@ -1128,7 +1127,7 @@ authmethod_get(char *authlist) for (;;) { if ((name = match_list(preferred, supported, &next)) == NULL) { - debug("no more auth methods to try"); + debug("No more authentication methods to try."); current = NULL; return NULL; } @@ -1138,7 +1137,7 @@ authmethod_get(char *authlist) if ((current = authmethod_lookup(name)) != NULL && authmethod_is_enabled(current)) { debug3("authmethod_is_enabled %s", name); - debug("next auth method to try is %s", name); + debug("Next authentication method: %s", name); return current; } } -- cgit v1.2.3 From 40b950356303d5293f1f684d2748be18291541af Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:53:08 +0000 Subject: - markus@cvs.openbsd.org 2002/12/13 15:20:52 [scp.c] 1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@ --- ChangeLog | 17 ++++++++++++----- scp.c | 65 ++++++++++++++++++++++++++++++++++----------------------------- 2 files changed, 47 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 335614598..971aa9c04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,17 +20,17 @@ [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF - - markus@cvs.openbsd.org 2002/11/21 23:04:33 + - markus@cvs.openbsd.org 2002/11/21 23:04:33 [ssh.c] debug->debug2 - - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 + - stevesk@cvs.openbsd.org 2002/11/24 21:46:24 [ssh-keysign.8] typo: "the the" - wcobb@cvs.openbsd.org 2002/11/26 00:45:03 [scp.c ssh-keygen.c] Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@ - - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 + - stevesk@cvs.openbsd.org 2002/11/26 02:35:30 [ssh-keygen.1] remove outdated statement; ok markus@ deraadt@ - stevesk@cvs.openbsd.org 2002/11/26 02:38:54 @@ -48,7 +48,7 @@ [scp.c] use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@ - - djm@cvs.openbsd.org 2002/12/06 05:20:02 + - djm@cvs.openbsd.org 2002/12/06 05:20:02 [sftp.1] Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@ - millert@cvs.openbsd.org 2002/12/09 16:50:30 @@ -68,6 +68,13 @@ - markus@cvs.openbsd.org 2002/12/13 10:03:15 [channels.c misc.c sshconnect2.c] cleanup debug messages, more useful information for the client user. + - markus@cvs.openbsd.org 2002/12/13 15:20:52 + [scp.c] + 1) include stalling time in total time + 2) truncate filenames to 45 instead of 20 characters + 3) print rate instead of progress bar, no more stars + 4) scale output to tty width + based on a patch from Niels; ok fries@ lebel@ fgs@ millert@ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -903,4 +910,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2534 2002/12/23 02:44:36 mouring Exp $ +$Id: ChangeLog,v 1.2535 2002/12/23 02:53:08 mouring Exp $ diff --git a/scp.c b/scp.c index eb5f23e40..71d2a0d90 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.95 2002/12/05 11:08:35 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.96 2002/12/13 15:20:52 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -1119,13 +1119,19 @@ foregroundproc(void) void progressmeter(int flag) { + static const char spaces[] = " " + " " + " " + " " + " " + " "; static const char prefixes[] = " KMGTP"; static struct timeval lastupdate; static off_t lastsize; struct timeval now, td, wait; - off_t cursize, abbrevsize; + off_t cursize, abbrevsize, bytespersec; double elapsed; - int ratio, barlength, i, remaining; + int ratio, remaining, i, ai, bi, nspaces; char buf[512]; if (flag == -1) { @@ -1145,45 +1151,44 @@ progressmeter(int flag) } else ratio = 100; - snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio); - - barlength = getttywidth() - 51; - if (barlength > 0) { - i = barlength * ratio / 100; - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - "|%.*s%*s|", i, - "*******************************************************" - "*******************************************************" - "*******************************************************" - "*******************************************************" - "*******************************************************" - "*******************************************************" - "*******************************************************", - barlength - i, ""); - } - i = 0; abbrevsize = cursize; - while (abbrevsize >= 100000 && i < sizeof(prefixes)) { - i++; + for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++) abbrevsize >>= 10; - } - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ", - (unsigned long) abbrevsize, prefixes[i], - prefixes[i] == ' ' ? ' ' : 'B'); timersub(&now, &lastupdate, &wait); if (cursize > lastsize) { lastupdate = now; lastsize = cursize; - if (wait.tv_sec >= STALLTIME) { - start.tv_sec += wait.tv_sec; - start.tv_usec += wait.tv_usec; - } wait.tv_sec = 0; } timersub(&now, &start, &td); elapsed = td.tv_sec + (td.tv_usec / 1000000.0); + bytespersec = 0; + if (statbytes > 0) { + bytespersec = statbytes; + if (elapsed > 0.0) + bytespersec /= elapsed; + } + for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++) + bytespersec >>= 10; + + nspaces = MIN(getttywidth() - 79, sizeof(spaces) - 1); + + snprintf(buf, sizeof(buf), + "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", + curfile, + nspaces, + spaces, + ratio, + (long long)abbrevsize, + prefixes[ai], + ai == 0 ? ' ' : 'B', + (long long)(bytespersec / 1024), + (int)((bytespersec % 1024) * 10 / 1024), + prefixes[bi] + ); + if (flag != 1 && (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), -- cgit v1.2.3 From 1b96cfb97585459bbb71198123425f7e831e2845 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 23 Dec 2002 02:58:17 +0000 Subject: - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since we already did s/msg_send/ssh_msg_send/ --- ChangeLog | 4 +++- msg.c | 2 +- msg.h | 2 +- ssh-keysign.c | 2 +- sshconnect2.c | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 971aa9c04..bac6b2f2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,8 @@ 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@ + - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since + we already did s/msg_send/ssh_msg_send/ 20021205 - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org @@ -910,4 +912,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2535 2002/12/23 02:53:08 mouring Exp $ +$Id: ChangeLog,v 1.2536 2002/12/23 02:58:17 mouring Exp $ diff --git a/msg.c b/msg.c index 107a37691..5d266c207 100644 --- a/msg.c +++ b/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); +RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $"); #include "buffer.h" #include "getput.h" diff --git a/msg.h b/msg.h index 8980e254e..c07df88a7 100644 --- a/msg.h +++ b/msg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */ +/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/ssh-keysign.c b/ssh-keysign.c index 3288eb182..46028ae51 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.8 2002/11/07 22:08:07 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $"); #include #include diff --git a/sshconnect2.c b/sshconnect2.c index 5859199d7..de33e142b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.109 2002/12/13 10:03:15 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.110 2002/12/19 00:07:02 djm Exp $"); #include "ssh.h" #include "ssh2.h" -- cgit v1.2.3 From 678ee51ff3493f0185dcb23bfb9fb2ba299d89b1 Mon Sep 17 00:00:00 2001 From: Kevin Steves Date: Wed, 1 Jan 2003 23:43:55 +0000 Subject: - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable parts of pass addrlen with sockaddr * fix. from Hajimu UMEMOTO --- ChangeLog | 7 ++++++- session.c | 4 ++-- sshlogin.c | 6 +++--- sshlogin.h | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index bac6b2f2b..84adce11a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20030101 + - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable + parts of pass addrlen with sockaddr * fix. + from Hajimu UMEMOTO + 20021222 - (bal) OpenBSD CVS Sync - fgsch@cvs.openbsd.org 2002/11/15 10:03:09 @@ -912,4 +917,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2536 2002/12/23 02:58:17 mouring Exp $ +$Id: ChangeLog,v 1.2537 2003/01/01 23:43:55 stevesk Exp $ diff --git a/session.c b/session.c index dfff9c6bf..90d59513c 100644 --- a/session.c +++ b/session.c @@ -689,7 +689,7 @@ do_pre_login(Session *s) record_utmp_only(pid, s->tty, s->pw->pw_name, get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), - (struct sockaddr *)&from); + (struct sockaddr *)&from, fromlen); } #endif @@ -730,8 +730,8 @@ do_login(Session *s, const char *command) * the address be 0.0.0.0. */ memset(&from, 0, sizeof(from)); + fromlen = sizeof(from); if (packet_connection_is_on_socket()) { - fromlen = sizeof(from); if (getpeername(packet_get_connection_in(), (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); diff --git a/sshlogin.c b/sshlogin.c index 4cd1c0059..12555d635 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -70,7 +70,7 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, struct logininfo *li; li = login_alloc_entry(pid, user, host, ttyname); - login_set_addr(li, addr, sizeof(struct sockaddr)); + login_set_addr(li, addr, addrlen); login_login(li); login_free_entry(li); } @@ -78,12 +78,12 @@ record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, #ifdef LOGIN_NEEDS_UTMPX void record_utmp_only(pid_t pid, const char *ttyname, const char *user, - const char *host, struct sockaddr * addr) + const char *host, struct sockaddr * addr, socklen_t addrlen) { struct logininfo *li; li = login_alloc_entry(pid, user, host, ttyname); - login_set_addr(li, addr, sizeof(struct sockaddr)); + login_set_addr(li, addr, addrlen); login_utmp_only(li); login_free_entry(li); } diff --git a/sshlogin.h b/sshlogin.h index 287c0d9f6..1c8bfad32 100644 --- a/sshlogin.h +++ b/sshlogin.h @@ -22,7 +22,7 @@ u_long get_last_login_time(uid_t, const char *, char *, u_int); #ifdef LOGIN_NEEDS_UTMPX void record_utmp_only(pid_t, const char *, const char *, const char *, - struct sockaddr *); + struct sockaddr *, socklen_t); #endif #endif -- cgit v1.2.3 From 8aff5cbed75279094e2cf701d6eed38dbe4275b8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 3 Jan 2003 14:34:06 +1100 Subject: - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from cjwatson@debian.org --- ChangeLog | 6 +++++- contrib/ssh-copy-id | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 84adce11a..9c85c7993 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030103 + - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from + cjwatson@debian.org + 20030101 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable parts of pass addrlen with sockaddr * fix. @@ -917,4 +921,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2537 2003/01/01 23:43:55 stevesk Exp $ +$Id: ChangeLog,v 1.2538 2003/01/03 03:34:06 djm Exp $ diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 2346761f7..a1ad34a8d 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -29,7 +29,12 @@ if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then fi if [ -z "`eval $GET_ID`" ]; then - echo "$0: ERROR: No identities found" + echo "$0: ERROR: No identities found" >&2 + exit 1 +fi + +if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 exit 1 fi -- cgit v1.2.3 From 02e16ad95fb1f56ab004b01a10aab89f7103c55d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 3 Jan 2003 14:42:27 +1100 Subject: - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from cjwatson@debian.org --- ChangeLog | 6 ++++-- loginrec.c | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c85c7993..91b4c10bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,9 @@ 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from cjwatson@debian.org - + - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from + cjwatson@debian.org + 20030101 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable parts of pass addrlen with sockaddr * fix. @@ -921,4 +923,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2538 2003/01/03 03:34:06 djm Exp $ +$Id: ChangeLog,v 1.2539 2003/01/03 03:42:27 djm Exp $ diff --git a/loginrec.c b/loginrec.c index 02c3106a3..a0d14dbdf 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); +RCSID("$Id: loginrec.c,v 1.45 2003/01/03 03:42:28 djm Exp $"); #ifdef HAVE_UTIL_H # include @@ -609,6 +609,9 @@ void construct_utmp(struct logininfo *li, struct utmp *ut) { +# ifdef HAVE_ADDR_V6_IN_UTMP + struct sockaddr_in6 *sa6; +# endif memset(ut, '\0', sizeof(*ut)); /* First fill out fields used for both logins and logouts */ @@ -661,6 +664,19 @@ construct_utmp(struct logininfo *li, if (li->hostaddr.sa.sa_family == AF_INET) ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; # endif +# ifdef HAVE_ADDR_V6_IN_UTMP + /* this is just a 128-bit IPv6 address */ + if (li->hostaddr.sa.sa_family == AF_INET6) { + sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); + memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); + if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { + ut->ut_addr_v6[0] = ut->ut_addr_v6[3]; + ut->ut_addr_v6[1] = 0; + ut->ut_addr_v6[2] = 0; + ut->ut_addr_v6[3] = 0; + } + } +# endif } #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */ @@ -689,6 +705,9 @@ set_utmpx_time(struct logininfo *li, struct utmpx *utx) void construct_utmpx(struct logininfo *li, struct utmpx *utx) { +# ifdef HAVE_ADDR_V6_IN_UTMP + struct sockaddr_in6 *sa6; +# endif memset(utx, '\0', sizeof(*utx)); # ifdef HAVE_ID_IN_UTMPX line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); @@ -725,6 +744,19 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) if (li->hostaddr.sa.sa_family == AF_INET) utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; # endif +# ifdef HAVE_ADDR_V6_IN_UTMP + /* this is just a 128-bit IPv6 address */ + if (li->hostaddr.sa.sa_family == AF_INET6) { + sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); + memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); + if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { + ut->ut_addr_v6[0] = ut->ut_addr_v6[3]; + ut->ut_addr_v6[1] = 0; + ut->ut_addr_v6[2] = 0; + ut->ut_addr_v6[3] = 0; + } + } +# endif # ifdef HAVE_SYSLEN_IN_UTMPX /* ut_syslen is the length of the utx_host string */ utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host)); -- cgit v1.2.3 From dfedbf8e5a1f6719a9e91f79900d8cc0d055c453 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 3 Jan 2003 14:52:53 +1100 Subject: - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from mii@ornl.gov --- ChangeLog | 6 ++++-- session.c | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 91b4c10bd..28e6ac4a2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,9 @@ cjwatson@debian.org - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from cjwatson@debian.org - + - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from + mii@ornl.gov + 20030101 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable parts of pass addrlen with sockaddr * fix. @@ -923,4 +925,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2539 2003/01/03 03:42:27 djm Exp $ +$Id: ChangeLog,v 1.2540 2003/01/03 03:52:53 djm Exp $ diff --git a/session.c b/session.c index 90d59513c..9832d7a83 100644 --- a/session.c +++ b/session.c @@ -969,6 +969,9 @@ do_setup_env(Session *s, const char *shell) /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); +#ifdef _AIX + child_set_env(&env, &envsize, "LOGIN", pw->pw_name); +#endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) -- cgit v1.2.3 From 5e4471e45a9ba9a4ecafa91e15142feaa682bf02 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 10:51:23 +1100 Subject: - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. Based on fix from yoshfuji@linux-ipv6.org --- ChangeLog | 6 +++++- canohost.c | 13 +++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 28e6ac4a2..0c6e463f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030107 + - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. + Based on fix from yoshfuji@linux-ipv6.org + 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from cjwatson@debian.org @@ -925,4 +929,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2540 2003/01/03 03:52:53 djm Exp $ +$Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $ diff --git a/canohost.c b/canohost.c index 9aa942a9f..941db23b6 100644 --- a/canohost.c +++ b/canohost.c @@ -59,11 +59,14 @@ get_remote_hostname(int socket, int verify_reverse_mapping) memset(&from, 0, sizeof(from)); from4->sin_family = AF_INET; + fromlen = sizeof(*from4); memcpy(&from4->sin_addr, &addr, sizeof(addr)); from4->sin_port = port; } } #endif + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) @@ -225,6 +228,11 @@ get_socket_address(int socket, int remote, int flags) < 0) return NULL; } + + /* Work around Linux IPv6 weirdness */ + if (addr.ss_family == AF_INET6) + addrlen = sizeof(struct sockaddr_in6); + /* Get the address in ascii. */ if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), NULL, 0, flags) != 0) { @@ -319,6 +327,11 @@ get_sock_port(int sock, int local) fatal_cleanup(); } } + + /* Work around Linux IPv6 weirdness */ + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + /* Return port number. */ if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, strport, sizeof(strport), NI_NUMERICSERV) != 0) -- cgit v1.2.3 From 48cb8aa935211ff95ff62267a799d3548df442d4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 12:19:32 +1100 Subject: - (djm) Bug #442: Check for and deny access to accounts with locked passwords. Patch from dtucker@zip.com.au --- ChangeLog | 4 +++- auth.c | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0c6e463f0..3be46f5cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. Based on fix from yoshfuji@linux-ipv6.org + - (djm) Bug #442: Check for and deny access to accounts with locked + passwords. Patch from dtucker@zip.com.au 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -929,4 +931,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2541 2003/01/06 23:51:23 djm Exp $ +$Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $ diff --git a/auth.c b/auth.c index ee001283f..0e7910943 100644 --- a/auth.c +++ b/auth.c @@ -72,20 +72,23 @@ int allowed_user(struct passwd * pw) { struct stat st; - const char *hostname = NULL, *ipaddr = NULL; + const char *hostname = NULL, *ipaddr = NULL, *passwd; char *shell; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) struct spwd *spw; +#endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ spw = getspnam(pw->pw_name); if (spw != NULL) { @@ -116,11 +119,19 @@ allowed_user(struct passwd * pw) return 0; } } +#endif + +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) + passwd = spw->sp_pwdp; #else - /* Shouldn't be called if pw is NULL, but better safe than sorry... */ - if (!pw || !pw->pw_name) - return 0; + passwd = pw->pw_passwd; #endif + /* check for locked account */ + if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { + log("User %.100s not allowed because account is locked", + pw->pw_name); + return 0; + } /* * Get the shell from the password data. An empty shell field is -- cgit v1.2.3 From e832819cf7289b467070fc31c5080c133f0a101e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 15:18:32 +1100 Subject: - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch --- ChangeLog | 4 +++- acconfig.h | 5 ++++- configure.ac | 28 +++++++++++++++++++++++++++- openbsd-compat/mktemp.c | 4 ++-- openbsd-compat/mktemp.h | 6 +++--- 5 files changed, 39 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3be46f5cb..681c51f1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ Based on fix from yoshfuji@linux-ipv6.org - (djm) Bug #442: Check for and deny access to accounts with locked passwords. Patch from dtucker@zip.com.au + - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes + Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -931,4 +933,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2542 2003/01/07 01:19:32 djm Exp $ +$Id: ChangeLog,v 1.2543 2003/01/07 04:18:32 djm Exp $ diff --git a/acconfig.h b/acconfig.h index 3e058f3ea..314cbaaa4 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ +/* $Id: acconfig.h,v 1.146 2003/01/07 04:18:33 djm Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -364,6 +364,9 @@ /* Define if your platform needs to skip post auth file descriptor passing */ #undef DISABLE_FD_PASSING +/* Silly mkstemp() */ +#undef HAVE_STRICT_MKSTEMP + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/configure.ac b/configure.ac index e96a0721d..f01c0c642 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.93 2002/11/22 21:29:03 tim Exp $ +# $Id: configure.ac,v 1.94 2003/01/07 04:18:33 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -680,6 +680,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +dnl see whether mkstemp() requires XXXXXX +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then +AC_MSG_CHECKING([for (overly) strict mkstemp]) +AC_TRY_RUN( + [ +#include +main() { char template[]="conftest.mkstemp-test"; +if (mkstemp(template) == -1) + exit(1); +unlink(template); exit(0); +} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ] +) +fi + AC_FUNC_GETPGRP # Check for PAM libs diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index d256ee448..c951050c0 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -36,7 +36,7 @@ #include "includes.h" -#ifndef HAVE_MKDTEMP +#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $"; @@ -181,4 +181,4 @@ _gettemp(path, doopen, domkdir, slen) /*NOTREACHED*/ } -#endif /* !HAVE_MKDTEMP */ +#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ diff --git a/openbsd-compat/mktemp.h b/openbsd-compat/mktemp.h index 6a96f6fa6..505ca6a1f 100644 --- a/openbsd-compat/mktemp.h +++ b/openbsd-compat/mktemp.h @@ -1,13 +1,13 @@ -/* $Id: mktemp.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ +/* $Id: mktemp.h,v 1.3 2003/01/07 04:18:33 djm Exp $ */ #ifndef _BSD_MKTEMP_H #define _BSD_MKTEMP_H #include "config.h" -#ifndef HAVE_MKDTEMP +#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) int mkstemps(char *path, int slen); int mkstemp(char *path); char *mkdtemp(char *path); -#endif /* !HAVE_MKDTEMP */ +#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ #endif /* _BSD_MKTEMP_H */ -- cgit v1.2.3 From 64004b5566282ceb395674e0c4aaa89e04b3847d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 16:15:20 +1100 Subject: - (djm) Fix Bug #442 for PAM case --- ChangeLog | 3 ++- auth.c | 4 +--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 681c51f1b..28c340032 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ passwords. Patch from dtucker@zip.com.au - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch + - (djm) Fix Bug #442 for PAM case 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -933,4 +934,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2543 2003/01/07 04:18:32 djm Exp $ +$Id: ChangeLog,v 1.2544 2003/01/07 05:15:20 djm Exp $ diff --git a/auth.c b/auth.c index 0e7910943..ee21149df 100644 --- a/auth.c +++ b/auth.c @@ -119,13 +119,11 @@ allowed_user(struct passwd * pw) return 0; } } -#endif - -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; #endif + /* check for locked account */ if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { log("User %.100s not allowed because account is locked", -- cgit v1.2.3 From 7df881d20e85ecbd389311cea999162a945774e1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 16:46:58 +1100 Subject: - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based on one by peak@argo.troja.mff.cuni.cz --- ChangeLog | 4 +++- loginrec.c | 34 ++++++++++++++++++++++------------ 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28c340032..0ab9043a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch - (djm) Fix Bug #442 for PAM case + - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based + on one by peak@argo.troja.mff.cuni.cz 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -934,4 +936,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2544 2003/01/07 05:15:20 djm Exp $ +$Id: ChangeLog,v 1.2545 2003/01/07 05:46:58 djm Exp $ diff --git a/loginrec.c b/loginrec.c index a0d14dbdf..0a5fefad3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.45 2003/01/03 03:42:28 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.46 2003/01/07 05:46:58 djm Exp $"); #ifdef HAVE_UTIL_H # include @@ -1522,22 +1522,32 @@ int lastlog_get_entry(struct logininfo *li) { struct lastlog last; - int fd; + int fd, ret; if (!lastlog_openseek(li, &fd, O_RDONLY)) - return 0; - - if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) { - close(fd); - log("lastlog_get_entry: Error reading from %s: %s", - LASTLOG_FILE, strerror(errno)); - return 0; - } + return (0); + ret = atomicio(read, fd, &last, sizeof(last)); close(fd); - lastlog_populate_entry(li, &last); + switch (ret) { + case 0: + memset(&last, '\0', sizeof(last)); + /* FALLTHRU */ + case sizeof(last): + lastlog_populate_entry(li, &last); + return (1); + case -1: + error("%s: Error reading from %s: %s", __func__, + LASTLOG_FILE, strerror(errno)); + return (0); + default: + error("%s: Error reading from %s: Expecting %d, got %d", + __func__, LASTLOG_FILE, sizeof(last), ret); + return (0); + } - return 1; + /* NOTREACHED */ + return (0); } #endif /* USE_LASTLOG */ -- cgit v1.2.3 From b93addb6d667b36bdbb298b8b3c581c1738c0c9f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 17:04:18 +1100 Subject: - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate nasties. Report from peak@argo.troja.mff.cuni.cz --- ChangeLog | 4 +- configure.ac | 6 +- log.c | 7 +- openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/vis.c | 232 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/vis.h | 91 ++++++++++++++++ 7 files changed, 338 insertions(+), 9 deletions(-) create mode 100644 openbsd-compat/vis.c create mode 100644 openbsd-compat/vis.h diff --git a/ChangeLog b/ChangeLog index 0ab9043a1..0c7bfaca0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ - (djm) Fix Bug #442 for PAM case - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based on one by peak@argo.troja.mff.cuni.cz + - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate + nasties. Report from peak@argo.troja.mff.cuni.cz 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -936,4 +938,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2545 2003/01/07 05:46:58 djm Exp $ +$Id: ChangeLog,v 1.2546 2003/01/07 06:04:18 djm Exp $ diff --git a/configure.ac b/configure.ac index f01c0c642..d4213af5f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.94 2003/01/07 04:18:33 djm Exp $ +# $Id: configure.ac,v 1.95 2003/01/07 06:04:18 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -601,8 +601,8 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode sysconf tcgetpgrp \ - truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) + socketpair strerror strlcat strlcpy strmode strvis sysconf \ + tcgetpgrp truncate utimes vhangup vsnprintf waitpid __b64_ntop \ _getpty) dnl Make sure strsep prototype is defined before defining HAVE_STRSEP AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) diff --git a/log.c b/log.c index 96626d7d4..ead7e9028 100644 --- a/log.c +++ b/log.c @@ -386,11 +386,14 @@ do_log(LogLevel level, const char *fmt, va_list args) } else { vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); } + /* Escape magic chars in output. */ + strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL); + if (log_on_stderr) { - fprintf(stderr, "%s\r\n", msgbuf); + fprintf(stderr, "%s\r\n", fmtbuf); } else { openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); - syslog(pri, "%.500s", msgbuf); + syslog(pri, "%.500s", fmtbuf); closelog(); } } diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 5229e7e20..8b1e5b538 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $ +# $Id: Makefile.in,v 1.24 2003/01/07 06:04:18 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o +OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index ae18afd34..dcb7ba15b 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.18 2003/01/07 06:04:18 djm Exp $ */ #ifndef _OPENBSD_H #define _OPENBSD_H @@ -26,6 +26,7 @@ #include "glob.h" #include "readpassphrase.h" #include "getopt.h" +#include "vis.h" /* Home grown routines */ #include "bsd-arc4random.h" diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c new file mode 100644 index 000000000..303a9a5b3 --- /dev/null +++ b/openbsd-compat/vis.c @@ -0,0 +1,232 @@ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include "config.h" +#if !defined(HAVE_STRVIS) + +#if defined(LIBC_SCCS) && !defined(lint) +static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include + +#include "vis.h" + +#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') +#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ + isgraph((u_char)(c))) || \ + ((flag & VIS_SP) == 0 && (c) == ' ') || \ + ((flag & VIS_TAB) == 0 && (c) == '\t') || \ + ((flag & VIS_NL) == 0 && (c) == '\n') || \ + ((flag & VIS_SAFE) && \ + ((c) == '\b' || (c) == '\007' || (c) == '\r'))) + +/* + * vis - visually encode characters + */ +char * +vis(dst, c, flag, nextc) + register char *dst; + int c, nextc; + register int flag; +{ + if (isvisible(c)) { + *dst++ = c; + if (c == '\\' && (flag & VIS_NOSLASH) == 0) + *dst++ = '\\'; + *dst = '\0'; + return (dst); + } + + if (flag & VIS_CSTYLE) { + switch(c) { + case '\n': + *dst++ = '\\'; + *dst++ = 'n'; + goto done; + case '\r': + *dst++ = '\\'; + *dst++ = 'r'; + goto done; + case '\b': + *dst++ = '\\'; + *dst++ = 'b'; + goto done; + case '\a': + *dst++ = '\\'; + *dst++ = 'a'; + goto done; + case '\v': + *dst++ = '\\'; + *dst++ = 'v'; + goto done; + case '\t': + *dst++ = '\\'; + *dst++ = 't'; + goto done; + case '\f': + *dst++ = '\\'; + *dst++ = 'f'; + goto done; + case ' ': + *dst++ = '\\'; + *dst++ = 's'; + goto done; + case '\0': + *dst++ = '\\'; + *dst++ = '0'; + if (isoctal(nextc)) { + *dst++ = '0'; + *dst++ = '0'; + } + goto done; + } + } + if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) { + *dst++ = '\\'; + *dst++ = ((u_char)c >> 6 & 07) + '0'; + *dst++ = ((u_char)c >> 3 & 07) + '0'; + *dst++ = ((u_char)c & 07) + '0'; + goto done; + } + if ((flag & VIS_NOSLASH) == 0) + *dst++ = '\\'; + if (c & 0200) { + c &= 0177; + *dst++ = 'M'; + } + if (iscntrl(c)) { + *dst++ = '^'; + if (c == 0177) + *dst++ = '?'; + else + *dst++ = c + '@'; + } else { + *dst++ = '-'; + *dst++ = c; + } +done: + *dst = '\0'; + return (dst); +} + +/* + * strvis, strnvis, strvisx - visually encode characters from src into dst + * + * Dst must be 4 times the size of src to account for possible + * expansion. The length of dst, not including the trailing NULL, + * is returned. + * + * Strnvis will write no more than siz-1 bytes (and will NULL terminate). + * The number of bytes needed to fully encode the string is returned. + * + * Strvisx encodes exactly len bytes from src into dst. + * This is useful for encoding a block of data. + */ +int +strvis(dst, src, flag) + register char *dst; + register const char *src; + int flag; +{ + register char c; + char *start; + + for (start = dst; (c = *src);) + dst = vis(dst, c, flag, *++src); + *dst = '\0'; + return (dst - start); +} + +int +strnvis(dst, src, siz, flag) + register char *dst; + register const char *src; + size_t siz; + int flag; +{ + register char c; + char *start, *end; + + for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { + if (isvisible(c)) { + *dst++ = c; + if (c == '\\' && (flag & VIS_NOSLASH) == 0) { + /* need space for the extra '\\' */ + if (dst < end) + *dst++ = '\\'; + else { + dst--; + break; + } + } + src++; + } else { + /* vis(3) requires up to 4 chars */ + if (dst + 3 < end) + dst = vis(dst, c, flag, *++src); + else + break; + } + } + *dst = '\0'; + if (dst >= end) { + char tbuf[5]; + + /* adjust return value for truncation */ + while ((c = *src)) + dst += vis(tbuf, c, flag, *++src) - tbuf; + } + return (dst - start); +} + +int +strvisx(dst, src, len, flag) + register char *dst; + register const char *src; + register size_t len; + int flag; +{ + register char c; + char *start; + + for (start = dst; len > 1; len--) { + c = *src; + dst = vis(dst, c, flag, *++src); + } + if (len) + dst = vis(dst, *src, flag, '\0'); + *dst = '\0'; + return (dst - start); +} + +#endif diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h new file mode 100644 index 000000000..98924bde4 --- /dev/null +++ b/openbsd-compat/vis.h @@ -0,0 +1,91 @@ +/* $OpenBSD: vis.h,v 1.5 2002/02/16 21:27:17 millert Exp $ */ +/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)vis.h 5.9 (Berkeley) 4/3/91 + */ +#include "config.h" +#if !defined(HAVE_STRVIS) + +#ifndef _VIS_H_ +#define _VIS_H_ + +#include +#include + +/* + * to select alternate encoding format + */ +#define VIS_OCTAL 0x01 /* use octal \ddd format */ +#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ + +/* + * to alter set of characters encoded (default is to encode all + * non-graphic except space, tab, and newline). + */ +#define VIS_SP 0x04 /* also encode space */ +#define VIS_TAB 0x08 /* also encode tab */ +#define VIS_NL 0x10 /* also encode newline */ +#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) +#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ + +/* + * other + */ +#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ + +/* + * unvis return codes + */ +#define UNVIS_VALID 1 /* character valid */ +#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ +#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ +#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ +#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ + +/* + * unvis flags + */ +#define UNVIS_END 1 /* no more characters */ + +char *vis(char *, int, int, int); +int strvis(char *, const char *, int); +int strnvis(char *, const char *, size_t, int); +int strvisx(char *, const char *, size_t, int); +int strunvis(char *, const char *); +int unvis(char *, char, int *, int); + +#endif /* !_VIS_H_ */ + +#endif /* !HAVE_STRVIS */ -- cgit v1.2.3 From f25c18d7e8810ad94c7d2030cb0427e22745531e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 17:38:58 +1100 Subject: - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au --- ChangeLog | 4 +++- auth.c | 10 ++++++++-- session.c | 1 + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0c7bfaca0..890b16210 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ on one by peak@argo.troja.mff.cuni.cz - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate nasties. Report from peak@argo.troja.mff.cuni.cz + - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from + Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -938,4 +940,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2546 2003/01/07 06:04:18 djm Exp $ +$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $ diff --git a/auth.c b/auth.c index ee21149df..7deded205 100644 --- a/auth.c +++ b/auth.c @@ -218,6 +218,8 @@ allowed_user(struct passwd * pw) */ if ( (pw->pw_uid != 0) && (geteuid() == 0) && loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { + int loginrestrict_errno = errno; + if (loginmsg && *loginmsg) { /* Remove embedded newlines (if any) */ char *p; @@ -227,9 +229,13 @@ allowed_user(struct passwd * pw) } /* Remove trailing newline */ *--p = '\0'; - log("Login restricted for %s: %.100s", pw->pw_name, loginmsg); + log("Login restricted for %s: %.100s", pw->pw_name, + loginmsg); } - return 0; + /* Don't fail if /etc/nologin set */ + if (!(loginrestrict_errno == EPERM && + stat(_PATH_NOLOGIN, &st) == 0)) + return 0; } #endif /* WITH_AIXAUTHENTICATE */ diff --git a/session.c b/session.c index 9832d7a83..c16cdcc13 100644 --- a/session.c +++ b/session.c @@ -1194,6 +1194,7 @@ do_nologin(struct passwd *pw) while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); + fflush(NULL); exit(254); } } -- cgit v1.2.3 From 06817f9cd3bf6720ff59b38efe42ebfd8db47546 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 7 Jan 2003 23:55:59 +1100 Subject: - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by dtucker@zip.com.au. Reorder for clarity too. --- ChangeLog | 4 +++- auth.c | 69 +++++++++++++++++++++++++++++++++------------------------------ 2 files changed, 39 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 890b16210..2441fdfa9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ nasties. Report from peak@argo.troja.mff.cuni.cz - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au + - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by + dtucker@zip.com.au. Reorder for clarity too. 20030103 - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from @@ -940,4 +942,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2547 2003/01/07 06:38:58 djm Exp $ +$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $ diff --git a/auth.c b/auth.c index 7deded205..48586cc5d 100644 --- a/auth.c +++ b/auth.c @@ -78,8 +78,7 @@ allowed_user(struct passwd * pw) #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ -#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; #endif @@ -87,38 +86,11 @@ allowed_user(struct passwd * pw) if (!pw || !pw->pw_name) return 0; -#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) -#define DAY (24L * 60 * 60) /* 1 day in seconds */ + /* Grab the password for locked account checking */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); - if (spw != NULL) { - time_t today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); - - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - log("Account %.100s has expired", pw->pw_name); - return 0; - } - - if (spw->sp_lstchg == 0) { - log("User %.100s password has expired (root forced)", - pw->pw_name); - return 0; - } - - if (spw->sp_max != -1 && - today > spw->sp_lstchg + spw->sp_max) { - log("User %.100s password has expired (password aged)", - pw->pw_name); - return 0; - } - } + if (!spw) + return 0; passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; @@ -131,6 +103,37 @@ allowed_user(struct passwd * pw) return 0; } +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#define DAY (24L * 60 * 60) /* 1 day in seconds */ + time_t today = time(NULL) / DAY; + debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" + " sp_max %d", (int)today, (int)spw->sp_expire, + (int)spw->sp_lstchg, (int)spw->sp_max); + + /* + * We assume account and password expiration occurs the + * day after the day specified. + */ + if (spw->sp_expire != -1 && today > spw->sp_expire) { + log("Account %.100s has expired", pw->pw_name); + return 0; + } + + if (spw->sp_lstchg == 0) { + log("User %.100s password has expired (root forced)", + pw->pw_name); + return 0; + } + + if (spw->sp_max != -1 && + today > spw->sp_lstchg + spw->sp_max) { + log("User %.100s password has expired (password aged)", + pw->pw_name); + return 0; + } +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. -- cgit v1.2.3 From bc9b7c41e2339cc5158357213dad9f238612705b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 00:06:48 +1100 Subject: missing newline --- configure.ac | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d4213af5f..a115d3cd2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.95 2003/01/07 06:04:18 djm Exp $ +# $Id: configure.ac,v 1.96 2003/01/07 13:06:48 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -602,7 +602,8 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ socketpair strerror strlcat strlcpy strmode strvis sysconf \ - tcgetpgrp truncate utimes vhangup vsnprintf waitpid __b64_ntop \ _getpty) + tcgetpgrp truncate utimes vhangup vsnprintf waitpid __b64_ntop \ + _getpty) dnl Make sure strsep prototype is defined before defining HAVE_STRSEP AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) -- cgit v1.2.3 From 13dd03a0e2605f0ec2da811aa814a58bc2dd9a3d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 11:16:48 +1100 Subject: - (djm) Sync openbsd-compat/ with OpenBSD -current --- ChangeLog | 5 ++++- openbsd-compat/getcwd.c | 4 ++-- openbsd-compat/getopt.c | 5 ++++- openbsd-compat/setenv.c | 5 +++-- openbsd-compat/sys-tree.h | 8 +++++--- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2441fdfa9..0e00a6c9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030108 + - (djm) Sync openbsd-compat/ with OpenBSD -current + 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. Based on fix from yoshfuji@linux-ipv6.org @@ -942,4 +945,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2548 2003/01/07 12:55:59 djm Exp $ +$Id: ChangeLog,v 1.2549 2003/01/08 00:16:48 djm Exp $ diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index 6fd8543a5..f4b98e824 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c @@ -29,7 +29,7 @@ #if !defined(HAVE_GETCWD) #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -127,7 +127,7 @@ getcwd(char *pt,size_t size) /* * Build pointer to the parent directory, allocating memory * as necessary. Max length is 3 for "../", the largest - * possible component name, plus a trailing NULL. + * possible component name, plus a trailing NUL. */ if (bup + 3 + MAXNAMLEN + 1 >= eup) { char *nup; diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c index 4a5cfe5f0..a3fe807ee 100644 --- a/openbsd-compat/getopt.c +++ b/openbsd-compat/getopt.c @@ -35,7 +35,7 @@ #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; +static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -66,6 +66,9 @@ BSDgetopt(nargc, nargv, ostr) static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ + if (ostr == NULL) + return (-1); + if (BSDoptreset || !*place) { /* update scanning pointer */ BSDoptreset = 0; if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 1dff15c73..e5c5de62e 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -35,12 +35,14 @@ #ifndef HAVE_SETENV #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $"; +static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $"; #endif /* LIBC_SCCS and not lint */ #include #include +char *__findenv(const char *name, int *offset); + /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. @@ -92,7 +94,6 @@ setenv(name, value, rewrite) static int alloced; /* if allocated space before */ register char *C; int l_value, offset; - char *__findenv(); if (*value == '=') /* no `=' in value */ ++value; diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h index 0a58710c9..927ca04cd 100644 --- a/openbsd-compat/sys-tree.h +++ b/openbsd-compat/sys-tree.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */ +/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -343,12 +343,13 @@ struct { \ RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ else \ RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ } else \ (head)->rbh_root = (tmp); \ RB_LEFT(tmp, field) = (elm); \ RB_PARENT(elm, field) = (tmp); \ RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ } while (0) #define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ @@ -362,12 +363,13 @@ struct { \ RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ else \ RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ } else \ (head)->rbh_root = (tmp); \ RB_RIGHT(tmp, field) = (elm); \ RB_PARENT(elm, field) = (tmp); \ RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ } while (0) /* Generates prototypes and inline functions */ -- cgit v1.2.3 From e77c17ee4a699052bb012751b527d72488350fc7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 12:37:03 +1100 Subject: - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@ --- ChangeLog | 3 ++- auth2-pam.c | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0e00a6c9c..fae787ac0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current + - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@ 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -945,4 +946,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2549 2003/01/08 00:16:48 djm Exp $ +$Id: ChangeLog,v 1.2550 2003/01/08 01:37:03 djm Exp $ diff --git a/auth2-pam.c b/auth2-pam.c index a2daf96b7..ac28fb245 100644 --- a/auth2-pam.c +++ b/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $"); +RCSID("$Id: auth2-pam.c,v 1.15 2003/01/08 01:37:03 djm Exp $"); #ifdef USE_PAM #include @@ -154,8 +154,7 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) resp = packet_get_string(&rlen); context_pam2.responses[j].resp_retcode = PAM_SUCCESS; - context_pam2.responses[j].resp = xstrdup(resp); - xfree(resp); + context_pam2.responses[j].resp = resp; context_pam2.num_received++; } -- cgit v1.2.3 From 275295eb41278ccb0bf652271c33d656f2dc0de3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 14:04:09 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/01/01 18:08:52 [channels.c] move big output buffer messages to debug2 --- ChangeLog | 6 +++++- channels.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index fae787ac0..35b35c1d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@ + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/01/01 18:08:52 + [channels.c] + move big output buffer messages to debug2 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -946,4 +950,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2550 2003/01/08 01:37:03 djm Exp $ +$Id: ChangeLog,v 1.2551 2003/01/08 03:04:09 djm Exp $ diff --git a/channels.c b/channels.c index 1586ea397..2fb22f7c4 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.184 2002/12/13 10:03:15 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.185 2003/01/01 18:08:52 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -413,13 +413,13 @@ channel_not_very_much_buffered_data(void) #if 0 if (!compat20 && buffer_len(&c->input) > packet_get_maxsize()) { - debug("channel %d: big input buffer %d", + debug2("channel %d: big input buffer %d", c->self, buffer_len(&c->input)); return 0; } #endif if (buffer_len(&c->output) > packet_get_maxsize()) { - debug("channel %d: big output buffer %d > %d", + debug2("channel %d: big output buffer %d > %d", c->self, buffer_len(&c->output), packet_get_maxsize()); return 0; -- cgit v1.2.3 From 770b374a68fdb27de2c6314f154db57067875ff8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 14:04:53 +1100 Subject: - djm@cvs.openbsd.org 2003/01/06 23:51:22 [sftp-client.c] Fix "get -p" download to not add user-write perm. mindrot bug #426 reported by gfernandez@livevault.com; ok markus@ --- ChangeLog | 6 +++++- sftp-client.c | 7 ++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35b35c1d2..3d489ed24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ - markus@cvs.openbsd.org 2003/01/01 18:08:52 [channels.c] move big output buffer messages to debug2 + - djm@cvs.openbsd.org 2003/01/06 23:51:22 + [sftp-client.c] + Fix "get -p" download to not add user-write perm. mindrot bug #426 + reported by gfernandez@livevault.com; ok markus@ 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -950,4 +954,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2551 2003/01/08 03:04:09 djm Exp $ +$Id: ChangeLog,v 1.2552 2003/01/08 03:04:53 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index df9838648..bff37073c 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.37 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.38 2003/01/06 23:51:22 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -758,7 +758,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, /* XXX: should we preserve set[ug]id? */ if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) - mode = S_IWRITE | (a->perm & 0777); + mode = a->perm & 0777; else mode = 0666; @@ -793,7 +793,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, return(-1); } - local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode); + local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, + mode | S_IWRITE); if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", local_path, strerror(errno)); -- cgit v1.2.3 From 6342180b7f64c96e020db99b97428e4a69a39567 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 14:05:23 +1100 Subject: - fgsch@cvs.openbsd.org 2003/01/07 23:42:54 [sftp.1] add version; from Nils Nordman via markus@. markus@ ok --- ChangeLog | 6 +++++- sftp.1 | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3d489ed24..aacdf9958 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [sftp-client.c] Fix "get -p" download to not add user-write perm. mindrot bug #426 reported by gfernandez@livevault.com; ok markus@ + - fgsch@cvs.openbsd.org 2003/01/07 23:42:54 + [sftp.1] + add version; from Nils Nordman via markus@. + markus@ ok 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -954,4 +958,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2552 2003/01/08 03:04:53 djm Exp $ +$Id: ChangeLog,v 1.2553 2003/01/08 03:05:23 djm Exp $ diff --git a/sftp.1 b/sftp.1 index 84d1c1bf5..60d46b1c2 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.37 2002/12/06 05:20:02 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.38 2003/01/07 23:42:54 fgsch Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -253,6 +253,10 @@ Create a symbolic link from .Ar oldpath to .Ar newpath . +.It Ic version +Display the +.Nm +protocol version. .It Ic ! Ar command Execute .Ar command -- cgit v1.2.3 From 2047b3bdf69549eff9031fcf4464fd011381ecf2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 8 Jan 2003 23:28:40 +1100 Subject: - (djm) Update README to reflect AIX's status as a well supported platform. From dtucker@zip.com.au --- ChangeLog | 4 +++- README | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index aacdf9958..35995d3dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ [sftp.1] add version; from Nils Nordman via markus@. markus@ ok + - (djm) Update README to reflect AIX's status as a well supported platform. + From dtucker@zip.com.au 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -958,4 +960,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2553 2003/01/08 03:05:23 djm Exp $ +$Id: ChangeLog,v 1.2554 2003/01/08 12:28:40 djm Exp $ diff --git a/README b/README index 3c54c477b..5709fbeaf 100644 --- a/README +++ b/README @@ -15,8 +15,8 @@ and Dug Song. It has a homepage at http://www.openssh.com/ This port consists of the re-introduction of autoconf support, PAM support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements for OpenBSD library functions that are (regrettably) absent from other -unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD -and Irix. Support for AIX, SCO, NeXT and other Unices is underway. +unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, +Irix and AIX. Support for SCO, NeXT and other Unices is underway. This version actively tracks changes in the OpenBSD CVS repository. The PAM support is now more functional than the popular packages of @@ -63,4 +63,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $ +$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $ -- cgit v1.2.3 From d0d7a8b27b4cc9faaa4d8e4112d5d1fe759b0939 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 8 Jan 2003 17:22:59 -0800 Subject: [Makefile.in configure.ac] replace fixpath with sed script. Patch by Mo DeJong. --- ChangeLog | 4 +++- Makefile.in | 37 +++++++++++++++++++------------------ configure.ac | 3 ++- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35995d3dc..af4ec49e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ markus@ ok - (djm) Update README to reflect AIX's status as a well supported platform. From dtucker@zip.com.au + - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch + by Mo DeJong. 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -960,4 +962,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2554 2003/01/08 12:28:40 djm Exp $ +$Id: ChangeLog,v 1.2555 2003/01/09 01:22:59 tim Exp $ diff --git a/Makefile.in b/Makefile.in index 89d02c959..85b108d16 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $ +# $Id: Makefile.in,v 1.223 2003/01/09 01:22:59 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -48,6 +48,7 @@ AR=@AR@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ PERL=@PERL@ +SED=@SED@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ @@ -74,23 +75,23 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out CONFIGFILES_IN=sshd_config ssh_config moduli PATHSUBS = \ - -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \ - -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \ - -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \ - -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \ - -D/usr/libexec=$(libexecdir) \ - -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \ - -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \ - -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \ - -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \ - -D/var/run/sshd.pid=$(piddir)/sshd.pid \ - -D/etc/ssh/moduli=$(sysconfdir)/moduli \ - -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ - -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ - -D/var/empty=$(PRIVSEP_PATH) \ - -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ - -FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) + -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ + -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ + -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ + -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ + -e 's|/usr/libexec|$(libexecdir)|g' \ + -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ + -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ + -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ + -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ + -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ + -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ + -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \ + -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ + -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ + -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' + +FIXPATHSCMD = $(SED) $(PATHSUBS) all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) diff --git a/configure.ac b/configure.ac index a115d3cd2..d384f7dd7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.96 2003/01/07 13:06:48 djm Exp $ +# $Id: configure.ac,v 1.97 2003/01/09 01:22:59 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -14,6 +14,7 @@ AC_PROG_RANLIB AC_PROG_INSTALL AC_PATH_PROG(AR, ar) AC_PATH_PROGS(PERL, perl5 perl) +AC_PATH_PROG(SED, sed) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) -- cgit v1.2.3 From 458c6bfa10bb370487e9e27f540e1a7e7a5909cc Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 8 Jan 2003 20:04:27 -0800 Subject: [auth.c] declare today at top of allowed_user() to keep older compilers happy. --- ChangeLog | 5 +++-- auth.c | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index af4ec49e9..db9c94f14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,7 +16,8 @@ - (djm) Update README to reflect AIX's status as a well supported platform. From dtucker@zip.com.au - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch - by Mo DeJong. + - (tim) [auth.c] declare today at top of allowed_user() to keep + older compilers happy. 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -962,4 +963,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2555 2003/01/09 01:22:59 tim Exp $ +$Id: ChangeLog,v 1.2556 2003/01/09 04:04:27 tim Exp $ diff --git a/auth.c b/auth.c index 48586cc5d..c6e5a1732 100644 --- a/auth.c +++ b/auth.c @@ -80,6 +80,9 @@ allowed_user(struct passwd * pw) #endif /* WITH_AIXAUTHENTICATE */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; +#if !defined(USE_PAM) && defined(HAS_SHADOW_EXPIRE) + time_t today; +#endif #endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ @@ -106,7 +109,7 @@ allowed_user(struct passwd * pw) #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ - time_t today = time(NULL) / DAY; + today = time(NULL) / DAY; debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" " sp_max %d", (int)today, (int)spw->sp_expire, (int)spw->sp_lstchg, (int)spw->sp_max); -- cgit v1.2.3 From 13b2e55c36ec316bd4ec15e830c9eae888d2cb68 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 8 Jan 2003 20:09:30 -0800 Subject: [scp.c] make compilers without long long happy. --- ChangeLog | 4 +++- scp.c | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index db9c94f14..6b3409317 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,8 +16,10 @@ - (djm) Update README to reflect AIX's status as a well supported platform. From dtucker@zip.com.au - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch + by Mo DeJong. - (tim) [auth.c] declare today at top of allowed_user() to keep older compilers happy. + - (tim) [scp.c] make compilers without long long happy. 20030107 - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses. @@ -963,4 +965,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2556 2003/01/09 04:04:27 tim Exp $ +$Id: ChangeLog,v 1.2557 2003/01/09 04:09:30 tim Exp $ diff --git a/scp.c b/scp.c index 71d2a0d90..8324549d7 100644 --- a/scp.c +++ b/scp.c @@ -1175,6 +1175,7 @@ progressmeter(int flag) nspaces = MIN(getttywidth() - 79, sizeof(spaces) - 1); +#ifdef HAVE_LONG_LONG_INT snprintf(buf, sizeof(buf), "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", curfile, @@ -1188,6 +1189,21 @@ progressmeter(int flag) (int)((bytespersec % 1024) * 10 / 1024), prefixes[bi] ); +#else + snprintf(buf, sizeof(buf), + "\r%-45.45s%.*s%3d%% %4lld%c%c %3lu.%01d%cB/s", + curfile, + nspaces, + spaces, + ratio, + (u_long)abbrevsize, + prefixes[ai], + ai == 0 ? ' ' : 'B', + (u_long)(bytespersec / 1024), + (int)((bytespersec % 1024) * 10 / 1024), + prefixes[bi] + ); +#endif if (flag != 1 && (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) { -- cgit v1.2.3 From a8ed44b79e6dd78d7871b0fb8149951b54662ef5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 09:53:12 +1100 Subject: - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More systems may be added later. --- ChangeLog | 6 +- TODO | 4 +- configure.ac | 6 +- openbsd-compat/bsd-misc.c | 12 +- openbsd-compat/setproctitle.c | 288 ++++++++++++++++++++++++++++++++---------- openbsd-compat/setproctitle.h | 3 +- session.c | 11 +- sshd.c | 10 +- 8 files changed, 258 insertions(+), 82 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6b3409317..492eadab3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030110 + - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More + systems may be added later. + 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@ @@ -965,4 +969,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2557 2003/01/09 04:09:30 tim Exp $ +$Id: ChangeLog,v 1.2558 2003/01/09 22:53:12 djm Exp $ diff --git a/TODO b/TODO index f667d59d6..d3246144e 100644 --- a/TODO +++ b/TODO @@ -13,7 +13,7 @@ Programming: - Write a test program that calls stat() to search for EGD/PRNGd socket rather than use the (non-portable) "test -S". -- Replacement for setproctitle() - HP-UX support only currently +- More platforms for for setproctitle() emulation (testing needed) - Handle changing passwords for the non-PAM expired password case @@ -133,4 +133,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ +$Id: TODO,v 1.52 2003/01/09 22:53:12 djm Exp $ diff --git a/configure.ac b/configure.ac index d384f7dd7..e64a0dd83 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.97 2003/01/09 01:22:59 tim Exp $ +# $Id: configure.ac,v 1.98 2003/01/09 22:53:12 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -380,7 +380,7 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ - sys/mman.h sys/select.h sys/stat.h \ + sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h \ sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) @@ -598,7 +598,7 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ getrlimit getrusage getttyent glob inet_aton inet_ntoa \ inet_ntop innetgr login_getcapbool md5_crypt memmove \ - mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ + mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo pstat readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 1c1e43a52..d7180d424 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -23,15 +23,20 @@ */ #include "includes.h" +#include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $"); +RCSID("$Id: bsd-misc.c,v 1.11 2003/01/09 22:53:13 djm Exp $"); +/* + * NB. duplicate __progname in case it is an alias for argv[0] + * Otherwise it may get clobbered by setproctitle() + */ char *get_progname(char *argv0) { #ifdef HAVE___PROGNAME extern char *__progname; - return __progname; + return xstrdup(__progname); #else char *p; @@ -42,7 +47,8 @@ char *get_progname(char *argv0) p = argv0; else p++; - return p; + + return xstrdup(p); #endif } diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index e165dd13c..5439bd07e 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -1,102 +1,250 @@ /* - * Modified for OpenSSH by Kevin Steves - * October 2000 + * Based on src/backend/utils/misc/pg_status.c from + * PostgreSQL Database Management System + * + * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group + * + * Portions Copyright (c) 1994, The Regents of the University of California + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose, without fee, and without a written agreement + * is hereby granted, provided that the above copyright notice and this + * paragraph and the following two paragraphs appear in all copies. + * + * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS + * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO + * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. */ -/* - * Copyright (c) 1994, 1995 Christopher G. Demetriou - * All rights reserved. +/*-------------------------------------------------------------------- + * ps_status.c + * + * Routines to support changing the ps display of PostgreSQL backends + * to contain some useful information. Mechanism differs wildly across + * platforms. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Christopher G. Demetriou - * for the NetBSD Project. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission + * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.3 2003/01/09 22:53:13 djm Exp $ * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * Copyright 2000 by PostgreSQL Global Development Group + * various details abducted from various places + *-------------------------------------------------------------------- */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "includes.h" #ifndef HAVE_SETPROCTITLE -#define SPT_NONE 0 -#define SPT_PSTAT 1 +#include +#ifdef HAVE_SYS_PSTAT_H +#include /* for HP-UX */ +#endif +#ifdef HAVE_PS_STRINGS +#include /* for old BSD */ +#include +#endif + +extern char **environ; -#ifndef SPT_TYPE -#define SPT_TYPE SPT_NONE +/*------ + * Alternative ways of updating ps display: + * + * PS_USE_PSTAT + * use the pstat(PSTAT_SETCMD, ) + * (HPUX) + * PS_USE_PS_STRINGS + * assign PS_STRINGS->ps_argvstr = "string" + * (some BSD systems) + * PS_USE_CHANGE_ARGV + * assign argv[0] = "string" + * (some other BSD systems) + * PS_USE_CLOBBER_ARGV + * write over the argv and environment area + * (most SysV-like systems) + * PS_USE_NONE + * don't update ps display + * (This is the default, as it is safest.) + */ +#if defined(HAVE_PSTAT) && defined(PSTAT_SETCMD) +#define PS_USE_PSTAT +#elif defined(HAVE_PS_STRINGS) +#define PS_USE_PS_STRINGS +#elif defined(BSD) || defined(__bsdi__) || defined(__hurd__) +#define PS_USE_CHANGE_ARGV +#elif defined(__linux__) || defined(_AIX) +#define PS_USE_CLOBBER_ARGV +#else +#define PS_USE_NONE #endif -#if SPT_TYPE == SPT_PSTAT -#include -#include -#endif /* SPT_TYPE == SPT_PSTAT */ +/* Different systems want the buffer padded differently */ +#if defined(_AIX) || defined(__linux__) || defined(__QNX__) || defined(__svr4__) +#define PS_PADDING '\0' +#else +#define PS_PADDING ' ' +#endif -#define MAX_PROCTITLE 2048 +/* + * argv clobbering uses existing argv space, all other methods need a buffer + */ +#ifndef PS_USE_CLOBBER_ARGV +static char ps_buffer[256]; +static const size_t ps_buffer_size = sizeof(ps_buffer); +#else /* PS_USE_CLOBBER_ARGV */ +static char *ps_buffer; /* will point to argv area */ +static size_t ps_buffer_size; /* space determined at run time */ +#endif /* PS_USE_CLOBBER_ARGV */ + +/* save the original argv[] location here */ +static int save_argc; +static char **save_argv; extern char *__progname; /* - * Set Process Title (SPT) defines. Modeled after sendmail's - * SPT type definition strategy. - * - * SPT_TYPE: - * - * SPT_NONE: Don't set the process title. Default. - * SPT_PSTAT: Use pstat(PSTAT_SETCMD). HP-UX specific. + * Call this to update the ps status display to a fixed prefix plus an + * indication of what you're currently doing passed in the argument. */ - void setproctitle(const char *fmt, ...) { -#if SPT_TYPE != SPT_NONE +#ifdef PS_USE_PSTAT + union pstun pst; +#endif +#ifndef PS_USE_NONE + ssize_t used; va_list ap; - - char buf[MAX_PROCTITLE]; - size_t used; -#if SPT_TYPE == SPT_PSTAT - union pstun pst; -#endif /* SPT_TYPE == SPT_PSTAT */ + /* no ps display if you didn't call save_ps_display_args() */ + if (save_argv == NULL) + return; +#ifdef PS_USE_CLOBBER_ARGV + /* If ps_buffer is a pointer, it might still be null */ + if (ps_buffer == NULL) + return; +#endif /* PS_USE_CLOBBER_ARGV */ + + /* + * Overwrite argv[] to point at appropriate space, if needed + */ +#ifdef PS_USE_CHANGE_ARGV + save_argv[0] = ps_buffer; + save_argv[1] = NULL; +#endif /* PS_USE_CHANGE_ARGV */ + +#ifdef PS_USE_CLOBBER_ARGV + save_argv[1] = NULL; +#endif /* PS_USE_CLOBBER_ARGV */ + + /* + * Make fixed prefix of ps display. + */ va_start(ap, fmt); - if (fmt != NULL) { - used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname); - if (used >= MAX_PROCTITLE) - used = MAX_PROCTITLE - 1; - (void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap); - } else - (void)snprintf(buf, MAX_PROCTITLE, "%s", __progname); + if (fmt == NULL) + snprintf(ps_buffer, ps_buffer_size, "%s", __progname); + else { + used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname); + if (used == -1 || used >= ps_buffer_size) + used = ps_buffer_size; + vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap); + } va_end(ap); - used = strlen(buf); -#if SPT_TYPE == SPT_PSTAT - pst.pst_command = buf; - pstat(PSTAT_SETCMD, pst, used, 0, 0); -#endif /* SPT_TYPE == SPT_PSTAT */ +#if 0 + error("XXXXXXXXX %s", __progname); + error("XXXXXXXXX %d", ps_buffer_size); + error("XXXXXXXXX %s", ps_buffer); +#endif + +#ifdef PS_USE_PSTAT + pst.pst_command = ps_buffer; + pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0); +#endif /* PS_USE_PSTAT */ + +#ifdef PS_USE_PS_STRINGS + PS_STRINGS->ps_nargvstr = 1; + PS_STRINGS->ps_argvstr = ps_buffer; +#endif /* PS_USE_PS_STRINGS */ -#endif /* SPT_TYPE != SPT_NONE */ +#ifdef PS_USE_CLOBBER_ARGV + /* pad unused memory */ + used = strlen(ps_buffer); + memset(ps_buffer + used, PS_PADDING, ps_buffer_size - used); +#endif /* PS_USE_CLOBBER_ARGV */ + +#endif /* PS_USE_NONE */ } + #endif /* HAVE_SETPROCTITLE */ + +/* + * Call this early in startup to save the original argc/argv values. + * + * argv[] will not be overwritten by this routine, but may be overwritten + * during setproctitle. Also, the physical location of the environment + * strings may be moved, so this should be called before any code that + * might try to hang onto a getenv() result. + */ +void +compat_init_setproctitle(int argc, char *argv[]) +{ +#ifdef PS_USE_CLOBBER_ARGV + char *end_of_area = NULL; + char **new_environ; + int i; +#endif + + save_argc = argc; + save_argv = argv; + +#ifdef PS_USE_CLOBBER_ARGV + /* + * If we're going to overwrite the argv area, count the available + * space. Also move the environment to make additional room. + */ + + /* + * check for contiguous argv strings + */ + for (i = 0; i < argc; i++) { + if (i == 0 || end_of_area + 1 == argv[i]) + end_of_area = argv[i] + strlen(argv[i]); + } + + /* probably can't happen? */ + if (end_of_area == NULL) { + ps_buffer = NULL; + ps_buffer_size = 0; + return; + } + + /* + * check for contiguous environ strings following argv + */ + for (i = 0; environ[i] != NULL; i++) { + if (end_of_area + 1 == environ[i]) + end_of_area = environ[i] + strlen(environ[i]); + } + + ps_buffer = argv[0]; + ps_buffer_size = end_of_area - argv[0] - 1; + + /* + * Duplicate and move the environment out of the way + */ + new_environ = malloc(sizeof(char *) * (i + 1)); + for (i = 0; environ[i] != NULL; i++) + new_environ[i] = strdup(environ[i]); + new_environ[i] = NULL; + environ = new_environ; +#endif /* PS_USE_CLOBBER_ARGV */ +} + diff --git a/openbsd-compat/setproctitle.h b/openbsd-compat/setproctitle.h index 8261bd0ee..48d26c6ea 100644 --- a/openbsd-compat/setproctitle.h +++ b/openbsd-compat/setproctitle.h @@ -1,4 +1,4 @@ -/* $Id: setproctitle.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ +/* $Id: setproctitle.h,v 1.3 2003/01/09 22:53:13 djm Exp $ */ #ifndef _BSD_SETPROCTITLE_H #define _BSD_SETPROCTITLE_H @@ -7,6 +7,7 @@ #ifndef HAVE_SETPROCTITLE void setproctitle(const char *fmt, ...); +void compat_init_setproctitle(int argc, char *argv[]); #endif #endif /* _BSD_SETPROCTITLE_H */ diff --git a/session.c b/session.c index c16cdcc13..812681d0f 100644 --- a/session.c +++ b/session.c @@ -2002,13 +2002,22 @@ session_tty_list(void) { static char buf[1024]; int i; + char *cp; + buf[0] = '\0'; for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->ttyfd != -1) { + + if (strncmp(s->tty, "/dev/", 5) != 0) { + cp = strrchr(s->tty, '/'); + cp = (cp == NULL) ? s->tty : cp + 1; + } else + cp = s->tty + 5; + if (buf[0] != '\0') strlcat(buf, ",", sizeof buf); - strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); + strlcat(buf, cp, sizeof buf); } } if (buf[0] == '\0') diff --git a/sshd.c b/sshd.c index 8bf1557a2..8a7ec6b8e 100644 --- a/sshd.c +++ b/sshd.c @@ -827,9 +827,17 @@ main(int ac, char **av) __progname = get_progname(av[0]); init_rng(); - /* Save argv. */ + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; saved_argv = av; + saved_argv = xmalloc(sizeof(*saved_argv) * ac); + for (i = 0; i < ac; i++) + saved_argv[i] = xstrdup(av[i]); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + compat_init_setproctitle(ac, av); +#endif /* Initialize configuration options to their default values. */ initialize_server_options(&options); -- cgit v1.2.3 From 956f3fb28b93420e87a51d1611029accebb2e43b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:40:00 +1100 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/01/08 23:53:26 [sftp.1 sftp.c sftp-int.c sftp-int.h] Cleanup error handling for batchmode Allow blank lines and comments in input Ability to suppress abort on error in batchmode ("-put blah") Fixes mindrot bug #452; markus@ ok --- ChangeLog | 9 ++++- sftp-int.c | 132 +++++++++++++++++++++++++++++++++++++------------------------ sftp-int.h | 4 +- sftp.1 | 11 +++++- sftp.c | 8 ++-- 5 files changed, 103 insertions(+), 61 deletions(-) diff --git a/ChangeLog b/ChangeLog index 492eadab3..3c38dbb10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ 20030110 - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More systems may be added later. + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/01/08 23:53:26 + [sftp.1 sftp.c sftp-int.c sftp-int.h] + Cleanup error handling for batchmode + Allow blank lines and comments in input + Ability to suppress abort on error in batchmode ("-put blah") + Fixes mindrot bug #452; markus@ ok 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current @@ -969,4 +976,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2558 2003/01/09 22:53:12 djm Exp $ +$Id: ChangeLog,v 1.2559 2003/01/10 10:40:00 djm Exp $ diff --git a/sftp-int.c b/sftp-int.c index 04b67c969..f2c8fa6dc 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.50 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.51 2003/01/08 23:53:26 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -666,7 +666,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } static int -parse_args(const char **cpp, int *pflag, int *lflag, +parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, unsigned long *n_arg, char **path1, char **path2) { const char *cmd, *cp = *cpp; @@ -678,10 +678,17 @@ parse_args(const char **cpp, int *pflag, int *lflag, /* Skip leading whitespace */ cp = cp + strspn(cp, WHITESPACE); - /* Ignore blank lines */ - if (!*cp) - return(-1); + /* Ignore blank lines and lines which begin with comment '#' char */ + if (*cp == '\0' || *cp == '#') + return (0); + /* Check for leading '-' (disable error processing) */ + *iflag = 0; + if (*cp == '-') { + *iflag = 1; + cp++; + } + /* Figure out which command we have */ for (i = 0; cmds[i].c; i++) { int cmdlen = strlen(cmds[i].c); @@ -703,7 +710,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, cmdnum = I_SHELL; } else if (cmdnum == -1) { error("Invalid command."); - return(-1); + return (-1); } /* Get arguments and parse flags */ @@ -813,10 +820,11 @@ parse_args(const char **cpp, int *pflag, int *lflag, } static int -parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) +parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, + int err_abort) { char *path1, *path2, *tmp; - int pflag, lflag, cmdnum, i; + int pflag, lflag, iflag, cmdnum, i; unsigned long n_arg; Attrib a, *aa; char path_buf[MAXPATHLEN]; @@ -824,14 +832,22 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) glob_t g; path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg, + cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg, &path1, &path2); + if (iflag != 0) + err_abort = 0; + memset(&g, 0, sizeof(g)); /* Perform command */ switch (cmdnum) { + case 0: + /* Blank line */ + break; case -1: + /* Unrecognized command */ + err = -1; break; case I_GET: err = process_get(conn, path1, path2, *pwd, pflag); @@ -853,8 +869,9 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i]; i++) { printf("Removing %s\n", g.gl_pathv[i]); - if (do_rm(conn, g.gl_pathv[i]) == -1) - err = -1; + err = do_rm(conn, g.gl_pathv[i]); + if (err != 0 && err_abort) + break; } break; case I_MKDIR: @@ -907,8 +924,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) tmp = *pwd; path1 = make_absolute(path1, *pwd); - - do_globbed_ls(conn, path1, tmp, lflag); + err = do_globbed_ls(conn, path1, tmp, lflag); break; case I_LCHDIR: if (chdir(path1) == -1) { @@ -942,56 +958,57 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i]; i++) { printf("Changing mode on %s\n", g.gl_pathv[i]); - do_setstat(conn, g.gl_pathv[i], &a); + err = do_setstat(conn, g.gl_pathv[i], &a); + if (err != 0 && err_abort) + break; } break; case I_CHOWN: - path1 = make_absolute(path1, *pwd); - remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); - for (i = 0; g.gl_pathv[i]; i++) { - if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) - continue; - if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { - error("Can't get current ownership of " - "remote file \"%s\"", g.gl_pathv[i]); - continue; - } - printf("Changing owner on %s\n", g.gl_pathv[i]); - aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; - aa->uid = n_arg; - do_setstat(conn, g.gl_pathv[i], aa); - } - break; case I_CHGRP: path1 = make_absolute(path1, *pwd); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); for (i = 0; g.gl_pathv[i]; i++) { - if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) - continue; + if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { + if (err != 0 && err_abort) + break; + else + continue; + } if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { error("Can't get current ownership of " "remote file \"%s\"", g.gl_pathv[i]); - continue; + if (err != 0 && err_abort) + break; + else + continue; } - printf("Changing group on %s\n", g.gl_pathv[i]); aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; - aa->gid = n_arg; - do_setstat(conn, g.gl_pathv[i], aa); + if (cmdnum == I_CHOWN) { + printf("Changing owner on %s\n", g.gl_pathv[i]); + aa->uid = n_arg; + } else { + printf("Changing group on %s\n", g.gl_pathv[i]); + aa->gid = n_arg; + } + err = do_setstat(conn, g.gl_pathv[i], aa); + if (err != 0 && err_abort) + break; } break; case I_PWD: printf("Remote working directory: %s\n", *pwd); break; case I_LPWD: - if (!getcwd(path_buf, sizeof(path_buf))) - error("Couldn't get local cwd: %s", - strerror(errno)); - else - printf("Local working directory: %s\n", - path_buf); + if (!getcwd(path_buf, sizeof(path_buf))) { + error("Couldn't get local cwd: %s", strerror(errno)); + err = -1; + break; + } + printf("Local working directory: %s\n", path_buf); break; case I_QUIT: - return(-1); + /* Processed below */ + break; case I_HELP: help(); break; @@ -1009,20 +1026,23 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) if (path2) xfree(path2); - /* If an error occurs in batch mode we should abort. */ - if (infile != stdin && err > 0) - return -1; + /* If an unignored error occurs in batch mode we should abort. */ + if (err_abort && err != 0) + return (-1); + else if (cmdnum == I_QUIT) + return (1); - return(0); + return (0); } -void +int interactive_loop(int fd_in, int fd_out, char *file1, char *file2) { char *pwd; char *dir = NULL; char cmd[2048]; struct sftp_conn *conn; + int err; conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); if (conn == NULL) @@ -1039,7 +1059,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (remote_is_dir(conn, dir) && file2 == NULL) { printf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); - parse_dispatch_command(conn, cmd, &pwd); + if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) + return (-1); } else { if (file2 == NULL) snprintf(cmd, sizeof cmd, "get %s", dir); @@ -1047,12 +1068,13 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) snprintf(cmd, sizeof cmd, "get %s %s", dir, file2); - parse_dispatch_command(conn, cmd, &pwd); + err = parse_dispatch_command(conn, cmd, &pwd, 1); xfree(dir); - return; + return (err); } xfree(dir); } + #if HAVE_SETVBUF setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); @@ -1061,6 +1083,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) setlinebuf(infile); #endif + err = 0; for (;;) { char *cp; @@ -1077,8 +1100,13 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (cp) *cp = '\0'; - if (parse_dispatch_command(conn, cmd, &pwd)) + err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin); + if (err != 0) break; } xfree(pwd); + + /* err == 1 signifies normal "quit" exit */ + return (err >= 0 ? 0 : -1); } + diff --git a/sftp-int.h b/sftp-int.h index 976875812..8a04a03f6 100644 --- a/sftp-int.h +++ b/sftp-int.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-int.h,v 1.5 2002/02/13 00:59:23 djm Exp $ */ +/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */ /* * Copyright (c) 2001,2002 Damien Miller. All rights reserved. @@ -24,4 +24,4 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -void interactive_loop(int, int, char *, char *); +int interactive_loop(int, int, char *, char *); diff --git a/sftp.1 b/sftp.1 index 60d46b1c2..67086bdaa 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.38 2003/01/07 23:42:54 fgsch Exp $ +.\" $OpenBSD: sftp.1,v 1.39 2003/01/08 23:53:26 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -77,9 +77,16 @@ non-interactive authentication. will abort if any of the following commands fail: .Ic get , put , rename , ln , -.Ic rm , mkdir , chdir , lchdir +.Ic rm , mkdir , chdir , ls , +.Ic lchdir , chmod , chown , chgrp , lpwd and .Ic lmkdir . +Termination on error can be suppressed on a command by command basis by +prefixing the command with a +.Ic '-' +character (For example, +.Ic -rm /tmp/blah* +). .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh diff --git a/sftp.c b/sftp.c index c173e58cb..d62e9e42c 100644 --- a/sftp.c +++ b/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.32 2002/11/27 17:53:35 markus Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.33 2003/01/08 23:53:26 djm Exp $"); /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -108,7 +108,7 @@ usage(void) int main(int argc, char **argv) { - int in, out, ch; + int in, out, ch, err; pid_t sshpid; char *host, *userhost, *cp, *file2; int debug_level = 0, sshver = 2; @@ -237,7 +237,7 @@ main(int argc, char **argv) &sshpid); } - interactive_loop(in, out, file1, file2); + err = interactive_loop(in, out, file1, file2); #if !defined(USE_PIPES) shutdown(in, SHUT_RDWR); @@ -254,5 +254,5 @@ main(int argc, char **argv) fatal("Couldn't wait for ssh process: %s", strerror(errno)); - exit(0); + exit(err == 0 ? 0 : 1); } -- cgit v1.2.3 From 62d57f605a84b8d80803a36a612a37a5137a9963 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:43:24 +1100 Subject: - fgsch@cvs.openbsd.org 2003/01/10 08:19:07 [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c] sftp progress meter support. original diffs by Nils Nordman via markus@, merged to -current by me, djm@ ok. --- ChangeLog | 7 +- Makefile.in | 10 +-- scp.c | 211 +++------------------------------------------------------- sftp-client.c | 27 +++++++- sftp-int.c | 18 ++++- sftp.1 | 4 +- sftp.c | 5 +- 7 files changed, 69 insertions(+), 213 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3c38dbb10..c075cd359 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ Allow blank lines and comments in input Ability to suppress abort on error in batchmode ("-put blah") Fixes mindrot bug #452; markus@ ok + - fgsch@cvs.openbsd.org 2003/01/10 08:19:07 + [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c] + sftp progress meter support. + original diffs by Nils Nordman via + markus@, merged to -current by me, djm@ ok. 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current @@ -976,4 +981,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2559 2003/01/10 10:40:00 djm Exp $ +$Id: ChangeLog,v 1.2560 2003/01/10 10:43:24 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 85b108d16..8d5987afd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.223 2003/01/09 01:22:59 tim Exp $ +# $Id: Makefile.in,v 1.224 2003/01/10 10:43:25 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -117,8 +117,8 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) -scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o - $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o + $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -138,8 +138,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o - $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/scp.c b/scp.c index 8324549d7..44b5b4582 100644 --- a/scp.c +++ b/scp.c @@ -75,13 +75,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.96 2002/12/13 15:20:52 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.97 2003/01/10 08:19:07 fgsch Exp $"); #include "xmalloc.h" #include "atomicio.h" #include "pathnames.h" #include "log.h" #include "misc.h" +#include "progressmeter.h" #ifdef HAVE___PROGNAME extern char *__progname; @@ -89,30 +90,9 @@ extern char *__progname; char *__progname; #endif -/* For progressmeter() -- number of seconds before xfer considered "stalled" */ -#define STALLTIME 5 -/* alarm() interval for updating progress meter */ -#define PROGRESSTIME 1 - -/* Visual statistics about files as they are transferred. */ -void progressmeter(int); - -/* Returns width of the terminal (for progress meter calculations). */ -int getttywidth(void); -int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc); - /* Struct for addargs */ arglist args; -/* Time a transfer started. */ -static struct timeval start; - -/* Number of bytes of current file transferred so far. */ -volatile off_t statbytes; - -/* Total size of current file. */ -off_t totalbytes = 0; - /* Name of current file being transferred. */ char *curfile; @@ -505,7 +485,7 @@ source(argc, argv) struct stat stb; static BUF buffer; BUF *bp; - off_t i, amt, result; + off_t i, amt, result, statbytes; int fd, haderr, indx; char *last, *name, buf[2048]; int len; @@ -578,10 +558,8 @@ syserr: run_err("%s: %s", name, strerror(errno)); next: (void) close(fd); continue; } - if (showprogress) { - totalbytes = stb.st_size; - progressmeter(-1); - } + if (showprogress) + start_progress_meter(curfile, stb.st_size, &statbytes); /* Keep writing after an error so that we stay sync'd up. */ for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { amt = bp->cnt; @@ -602,7 +580,7 @@ next: (void) close(fd); } } if (showprogress) - progressmeter(1); + stop_progress_meter(); if (close(fd) < 0 && !haderr) haderr = errno; @@ -682,7 +660,7 @@ sink(argc, argv) BUF *bp; off_t i, j; int amt, count, exists, first, mask, mode, ofd, omode; - off_t size; + off_t size, statbytes; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; struct timeval tv[2]; @@ -844,11 +822,9 @@ bad: run_err("%s: %s", np, strerror(errno)); cp = bp->buf; wrerr = NO; - if (showprogress) { - totalbytes = size; - progressmeter(-1); - } statbytes = 0; + if (showprogress) + start_progress_meter(curfile, size, &statbytes); for (count = i = 0; i < size; i += 4096) { amt = 4096; if (i + amt > size) @@ -882,7 +858,7 @@ bad: run_err("%s: %s", np, strerror(errno)); } } if (showprogress) - progressmeter(1); + stop_progress_meter(); if (count != 0 && wrerr == NO && (j = atomicio(write, ofd, bp->buf, count)) != count) { wrerr = YES; @@ -1086,170 +1062,3 @@ lostconn(signo) else exit(1); } - -static void -updateprogressmeter(int ignore) -{ - int save_errno = errno; - - progressmeter(0); - signal(SIGALRM, updateprogressmeter); - alarm(PROGRESSTIME); - errno = save_errno; -} - -static int -foregroundproc(void) -{ - static pid_t pgrp = -1; - int ctty_pgrp; - - if (pgrp == -1) - pgrp = getpgrp(); - -#ifdef HAVE_TCGETPGRP - return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 && - ctty_pgrp == pgrp); -#else - return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && - ctty_pgrp == pgrp)); -#endif -} - -void -progressmeter(int flag) -{ - static const char spaces[] = " " - " " - " " - " " - " " - " "; - static const char prefixes[] = " KMGTP"; - static struct timeval lastupdate; - static off_t lastsize; - struct timeval now, td, wait; - off_t cursize, abbrevsize, bytespersec; - double elapsed; - int ratio, remaining, i, ai, bi, nspaces; - char buf[512]; - - if (flag == -1) { - (void) gettimeofday(&start, (struct timezone *) 0); - lastupdate = start; - lastsize = 0; - } - if (foregroundproc() == 0) - return; - - (void) gettimeofday(&now, (struct timezone *) 0); - cursize = statbytes; - if (totalbytes != 0) { - ratio = 100.0 * cursize / totalbytes; - ratio = MAX(ratio, 0); - ratio = MIN(ratio, 100); - } else - ratio = 100; - - abbrevsize = cursize; - for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++) - abbrevsize >>= 10; - - timersub(&now, &lastupdate, &wait); - if (cursize > lastsize) { - lastupdate = now; - lastsize = cursize; - wait.tv_sec = 0; - } - timersub(&now, &start, &td); - elapsed = td.tv_sec + (td.tv_usec / 1000000.0); - - bytespersec = 0; - if (statbytes > 0) { - bytespersec = statbytes; - if (elapsed > 0.0) - bytespersec /= elapsed; - } - for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++) - bytespersec >>= 10; - - nspaces = MIN(getttywidth() - 79, sizeof(spaces) - 1); - -#ifdef HAVE_LONG_LONG_INT - snprintf(buf, sizeof(buf), - "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", - curfile, - nspaces, - spaces, - ratio, - (long long)abbrevsize, - prefixes[ai], - ai == 0 ? ' ' : 'B', - (long long)(bytespersec / 1024), - (int)((bytespersec % 1024) * 10 / 1024), - prefixes[bi] - ); -#else - snprintf(buf, sizeof(buf), - "\r%-45.45s%.*s%3d%% %4lld%c%c %3lu.%01d%cB/s", - curfile, - nspaces, - spaces, - ratio, - (u_long)abbrevsize, - prefixes[ai], - ai == 0 ? ' ' : 'B', - (u_long)(bytespersec / 1024), - (int)((bytespersec % 1024) * 10 / 1024), - prefixes[bi] - ); -#endif - - if (flag != 1 && - (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) { - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - " --:-- ETA"); - } else if (wait.tv_sec >= STALLTIME) { - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - " - stalled -"); - } else { - if (flag != 1) - remaining = (int)(totalbytes / (statbytes / elapsed) - - elapsed); - else - remaining = elapsed; - - i = remaining / 3600; - if (i) - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - "%2d:", i); - else - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - " "); - i = remaining % 3600; - snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), - "%02d:%02d%s", i / 60, i % 60, - (flag != 1) ? " ETA" : " "); - } - atomicio(write, fileno(stdout), buf, strlen(buf)); - - if (flag == -1) { - mysignal(SIGALRM, updateprogressmeter); - alarm(PROGRESSTIME); - } else if (flag == 1) { - alarm(0); - atomicio(write, fileno(stdout), "\n", 1); - statbytes = 0; - } -} - -int -getttywidth(void) -{ - struct winsize winsize; - - if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1) - return (winsize.ws_col ? winsize.ws_col : 80); - else - return (80); -} diff --git a/sftp-client.c b/sftp-client.c index bff37073c..e0d3ad568 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.38 2003/01/06 23:51:22 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.39 2003/01/10 08:19:07 fgsch Exp $"); #include "openbsd-compat/sys-queue.h" @@ -38,11 +38,14 @@ RCSID("$OpenBSD: sftp-client.c,v 1.38 2003/01/06 23:51:22 djm Exp $"); #include "xmalloc.h" #include "log.h" #include "atomicio.h" +#include "progressmeter.h" #include "sftp.h" #include "sftp-common.h" #include "sftp-client.h" +extern int showprogress; + /* Minimum amount of data to read at at time */ #define MIN_READ_SIZE 512 @@ -741,6 +744,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, int read_error, write_errno; u_int64_t offset, size; u_int handle_len, mode, type, id, buflen; + off_t progress_counter; struct request { u_int id; u_int len; @@ -806,6 +810,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, /* Read from remote and write to local */ write_error = read_error = write_errno = num_req = offset = 0; max_req = 1; + progress_counter = 0; + + if (showprogress) { + if (size) + start_progress_meter(remote_path, size, + &progress_counter); + else + printf("Fetching %s to %s\n", remote_path, local_path); + } + while (num_req > 0 || max_req > 0) { char *data; u_int len; @@ -866,6 +880,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, write_error = 1; max_req = 0; } + progress_counter += len; xfree(data); if (len == req->len) { @@ -908,6 +923,9 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, } } + if (showprogress && size) + stop_progress_meter(); + /* Sanity check */ if (TAILQ_FIRST(&requests) != NULL) fatal("Transfer complete, but requests still in queue"); @@ -1018,6 +1036,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, /* Read from local and write to remote */ offset = 0; + if (showprogress) + start_progress_meter(local_path, sb.st_size, &offset); + else + printf("Uploading %s to %s\n", local_path, remote_path); + for (;;) { int len; @@ -1094,6 +1117,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, } offset += len; } + if (showprogress) + stop_progress_meter(); xfree(data); if (close(local_fd) == -1) { diff --git a/sftp-int.c b/sftp-int.c index f2c8fa6dc..88b0530ab 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.51 2003/01/08 23:53:26 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.52 2003/01/10 08:19:07 fgsch Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -47,6 +47,9 @@ extern size_t copy_buffer_len; /* Number of concurrent outstanding requests */ extern int num_requests; +/* This is set to 0 if the progressmeter is not desired. */ +int showprogress = 1; + /* Seperators for interactive commands */ #define WHITESPACE " \t\r\n" @@ -73,6 +76,7 @@ extern int num_requests; #define I_SHELL 20 #define I_SYMLINK 21 #define I_VERSION 22 +#define I_PROGRESS 23 struct CMD { const char *c; @@ -100,6 +104,7 @@ const struct CMD cmds[] = { { "ls", I_LS }, { "lumask", I_LUMASK }, { "mkdir", I_MKDIR }, + { "progress", I_PROGRESS }, { "put", I_PUT }, { "mput", I_PUT }, { "pwd", I_PWD }, @@ -132,6 +137,7 @@ help(void) printf("ls [path] Display remote directory listing\n"); printf("lumask umask Set local umask to 'umask'\n"); printf("mkdir path Create remote directory\n"); + printf("preogress Toggle display of progress meter\n"); printf("put local-path [remote-path] Upload file\n"); printf("pwd Display remote working directory\n"); printf("exit Quit sftp\n"); @@ -425,7 +431,6 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) err = -1; goto out; } - printf("Fetching %s to %s\n", g.gl_pathv[0], abs_dst); err = do_download(conn, g.gl_pathv[0], abs_dst, pflag); goto out; } @@ -507,7 +512,6 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) } abs_dst = make_absolute(abs_dst, pwd); } - printf("Uploading %s to %s\n", g.gl_pathv[0], abs_dst); err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag); goto out; } @@ -810,6 +814,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, case I_LPWD: case I_HELP: case I_VERSION: + case I_PROGRESS: break; default: fatal("Command not implemented"); @@ -1015,6 +1020,13 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, case I_VERSION: printf("SFTP protocol version %u\n", sftp_proto_version(conn)); break; + case I_PROGRESS: + showprogress = !showprogress; + if (showprogress) + printf("Progress meter enabled\n"); + else + printf("Progress meter disabled\n"); + break; default: fatal("%d is not implemented", cmdnum); } diff --git a/sftp.1 b/sftp.1 index 67086bdaa..ecd4d3174 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.39 2003/01/08 23:53:26 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.40 2003/01/10 08:19:07 fgsch Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -228,6 +228,8 @@ Set local umask to .It Ic mkdir Ar path Create remote directory specified by .Ar path . +.It Ic progress +Toggle display of progress meter. .It Xo Ic put .Op Ar flags .Ar local-path diff --git a/sftp.c b/sftp.c index d62e9e42c..e8adcba18 100644 --- a/sftp.c +++ b/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.33 2003/01/08 23:53:26 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.34 2003/01/10 08:19:07 fgsch Exp $"); /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -49,6 +49,8 @@ FILE* infile; size_t copy_buffer_len = 32768; size_t num_requests = 16; +extern int showprogress; + static void connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) { @@ -162,6 +164,7 @@ main(int argc, char **argv) fatal("%s (%s).", strerror(errno), optarg); } else fatal("Filename already specified."); + showprogress = 0; break; case 'P': sftp_direct = optarg; -- cgit v1.2.3 From a7f3aaadc30b1533def73449081263a5d42d4aa4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:43:58 +1100 Subject: - djm@cvs.openbsd.org 2003/01/10 08:48:15 [sftp-client.c] Simplify and avoid redundancy in packet send and receive functions; ok fgs@ --- ChangeLog | 6 +++++- sftp-client.c | 54 +++++++++++++++++++++++++++--------------------------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/ChangeLog b/ChangeLog index c075cd359..595f1f6fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ sftp progress meter support. original diffs by Nils Nordman via markus@, merged to -current by me, djm@ ok. + - djm@cvs.openbsd.org 2003/01/10 08:48:15 + [sftp-client.c] + Simplify and avoid redundancy in packet send and receive + functions; ok fgs@ 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current @@ -981,4 +985,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2560 2003/01/10 10:43:24 djm Exp $ +$Id: ChangeLog,v 1.2561 2003/01/10 10:43:58 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index e0d3ad568..3fac22bee 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001,2002 Damien Miller. All rights reserved. + * Copyright (c) 2001-2003 Damien Miller. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.39 2003/01/10 08:19:07 fgsch Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.40 2003/01/10 08:48:15 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -49,6 +49,9 @@ extern int showprogress; /* Minimum amount of data to read at at time */ #define MIN_READ_SIZE 512 +/* Maximum packet size */ +#define MAX_MSG_LENGTH (256 * 1024) + struct sftp_conn { int fd_in; int fd_out; @@ -61,48 +64,45 @@ struct sftp_conn { static void send_msg(int fd, Buffer *m) { - int mlen = buffer_len(m); - int len; - Buffer oqueue; + u_char mlen[4]; + + if (buffer_len(m) > MAX_MSG_LENGTH) + fatal("Outbound message too long %u", buffer_len(m)); - buffer_init(&oqueue); - buffer_put_int(&oqueue, mlen); - buffer_append(&oqueue, buffer_ptr(m), mlen); - buffer_consume(m, mlen); + /* Send length first */ + PUT_32BIT(mlen, buffer_len(m)); + if (atomicio(write, fd, mlen, sizeof(mlen)) <= 0) + fatal("Couldn't send packet: %s", strerror(errno)); - len = atomicio(write, fd, buffer_ptr(&oqueue), buffer_len(&oqueue)); - if (len <= 0) + if (atomicio(write, fd, buffer_ptr(m), buffer_len(m)) <= 0) fatal("Couldn't send packet: %s", strerror(errno)); - buffer_free(&oqueue); + buffer_clear(m); } static void get_msg(int fd, Buffer *m) { - u_int len, msg_len; - unsigned char buf[4096]; + ssize_t len; + u_int msg_len; - len = atomicio(read, fd, buf, 4); + buffer_append_space(m, 4); + len = atomicio(read, fd, buffer_ptr(m), 4); if (len == 0) fatal("Connection closed"); else if (len == -1) fatal("Couldn't read packet: %s", strerror(errno)); - msg_len = GET_32BIT(buf); - if (msg_len > 256 * 1024) + msg_len = buffer_get_int(m); + if (msg_len > MAX_MSG_LENGTH) fatal("Received message too long %u", msg_len); - while (msg_len) { - len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); - if (len == 0) - fatal("Connection closed"); - else if (len == -1) - fatal("Couldn't read packet: %s", strerror(errno)); - - msg_len -= len; - buffer_append(m, buf, len); - } + buffer_append_space(m, msg_len); + len = atomicio(read, fd, buffer_ptr(m), msg_len); + if (len == 0) + fatal("Connection closed"); + else if (len == -1) + fatal("Read packet: %s", strerror(errno)); } static void -- cgit v1.2.3 From 86b781c179911d609bd0e3cfa3992f510cd56413 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:44:48 +1100 Subject: - djm@cvs.openbsd.org 2003/01/10 10:29:35 [scp.c] Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@ --- ChangeLog | 7 ++++++- scp.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 595f1f6fc..26afd0929 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,11 @@ [sftp-client.c] Simplify and avoid redundancy in packet send and receive functions; ok fgs@ + - djm@cvs.openbsd.org 2003/01/10 10:29:35 + [scp.c] + Don't ftruncate after write error, creating sparse files of + incorrect length + mindrot bug #403, reported by rusr@cup.hp.com; ok markus@ 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current @@ -985,4 +990,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2561 2003/01/10 10:43:58 djm Exp $ +$Id: ChangeLog,v 1.2562 2003/01/10 10:44:48 djm Exp $ diff --git a/scp.c b/scp.c index 44b5b4582..616dd3783 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.97 2003/01/10 08:19:07 fgsch Exp $"); +RCSID("$OpenBSD: scp.c,v 1.98 2003/01/10 10:29:35 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -864,7 +864,7 @@ bad: run_err("%s: %s", np, strerror(errno)); wrerr = YES; wrerrno = j >= 0 ? EIO : errno; } - if (ftruncate(ofd, size)) { + if (wrerr == NO && ftruncate(ofd, size) != 0) { run_err("%s: truncate: %s", np, strerror(errno)); wrerr = DISPLAYED; } -- cgit v1.2.3 From b46b9f322d82a7c912e6e15dbd8a73261acf2991 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:45:12 +1100 Subject: - djm@cvs.openbsd.org 2003/01/10 10:32:54 [channels.c] hush socket() errors, except last. Fixes mindrot bug #408; ok markus@ --- ChangeLog | 5 ++++- channels.c | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26afd0929..e45a2cd03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@ + - djm@cvs.openbsd.org 2003/01/10 10:32:54 + [channels.c] + hush socket() errors, except last. Fixes mindrot bug #408; ok markus@ 20030108 - (djm) Sync openbsd-compat/ with OpenBSD -current @@ -990,4 +993,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2562 2003/01/10 10:44:48 djm Exp $ +$Id: ChangeLog,v 1.2563 2003/01/10 10:45:12 djm Exp $ diff --git a/channels.c b/channels.c index 2fb22f7c4..ea1d46c21 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.185 2003/01/01 18:08:52 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.186 2003/01/10 10:32:54 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2281,7 +2281,10 @@ connect_to(const char *host, u_short port) } sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { - error("socket: %.100s", strerror(errno)); + if (ai->ai_next == NULL) + error("socket: %.100s", strerror(errno)); + else + verbose("socket: %.100s", strerror(errno)); continue; } if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) -- cgit v1.2.3 From 6fd00e042c13dfd94cdcaef5b4d1656d900b8ce6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Jan 2003 21:46:02 +1100 Subject: - fgsch@cvs.openbsd.org 2003/01/10 08:19:07 [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c] [progressmeter.h] sftp progress meter support. original diffs by Nils Nordman via markus@, merged to -current by me, djm@ ok. --- ChangeLog | 5 +- progressmeter.c | 256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ progressmeter.h | 27 ++++++ 3 files changed, 286 insertions(+), 2 deletions(-) create mode 100644 progressmeter.c create mode 100644 progressmeter.h diff --git a/ChangeLog b/ChangeLog index e45a2cd03..498a3193c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,8 @@ Ability to suppress abort on error in batchmode ("-put blah") Fixes mindrot bug #452; markus@ ok - fgsch@cvs.openbsd.org 2003/01/10 08:19:07 - [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c] + [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c] + [progressmeter.h] sftp progress meter support. original diffs by Nils Nordman via markus@, merged to -current by me, djm@ ok. @@ -993,4 +994,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2563 2003/01/10 10:45:12 djm Exp $ +$Id: ChangeLog,v 1.2564 2003/01/10 10:46:02 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c new file mode 100644 index 000000000..ae13c67e7 --- /dev/null +++ b/progressmeter.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 1999 Theo de Raadt. All rights reserved. + * Copyright (c) 1999 Aaron Campbell. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Parts from: + * + * Copyright (c) 1983, 1990, 1992, 1993, 1995 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include "includes.h" +RCSID("$OpenBSD: progressmeter.c,v 1.1 2003/01/10 08:19:07 fgsch Exp $"); + +#include + +#include "atomicio.h" + +/* Number of seconds before xfer considered "stalled". */ +#define STALLTIME 5 +/* alarm() interval for updating progress meter. */ +#define PROGRESSTIME 1 + +/* Signal handler used for updating the progress meter. */ +static void update_progress_meter(int); + +/* Returns non-zero if we are the foreground process. */ +static int foregroundproc(void); + +/* Returns width of the terminal (for progress meter calculations). */ +static int get_tty_width(void); + +/* Visual statistics about files as they are transferred. */ +static void draw_progress_meter(); + +/* Time a transfer started. */ +static struct timeval start; + +/* Number of bytes of current file transferred so far. */ +static volatile off_t *statbytes; + +/* Total size of current file. */ +static off_t totalbytes; + +/* Name of current file being transferred. */ +static char *curfile; + +/* Time of last update. */ +static struct timeval lastupdate; + +/* Size at the time of the last update. */ +static off_t lastsize; + +void +start_progress_meter(char *file, off_t filesize, off_t *counter) +{ + if ((curfile = basename(file)) == NULL) + curfile = file; + + totalbytes = filesize; + statbytes = counter; + (void) gettimeofday(&start, (struct timezone *) 0); + lastupdate = start; + lastsize = 0; + + draw_progress_meter(); + signal(SIGALRM, update_progress_meter); + alarm(PROGRESSTIME); +} + +void +stop_progress_meter() +{ + alarm(0); + draw_progress_meter(); + atomicio(write, fileno(stdout), "\n", 1); +} + +static void +update_progress_meter(int ignore) +{ + int save_errno = errno; + + draw_progress_meter(); + signal(SIGALRM, update_progress_meter); + alarm(PROGRESSTIME); + errno = save_errno; +} + +static int +foregroundproc(void) +{ + static pid_t pgrp = -1; + int ctty_pgrp; + + if (pgrp == -1) + pgrp = getpgrp(); + + return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && + ctty_pgrp == pgrp)); +} + +static void +draw_progress_meter() +{ + static const char spaces[] = " " + " " + " " + " " + " " + " "; + static const char prefixes[] = " KMGTP"; + struct timeval now, td, wait; + off_t cursize, abbrevsize, bytespersec; + double elapsed; + int ratio, remaining, i, ai, bi, nspaces; + char buf[512]; + + if (foregroundproc() == 0) + return; + + (void) gettimeofday(&now, (struct timezone *) 0); + cursize = *statbytes; + if (totalbytes != 0) { + ratio = 100.0 * cursize / totalbytes; + ratio = MAX(ratio, 0); + ratio = MIN(ratio, 100); + } else + ratio = 100; + + abbrevsize = cursize; + for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++) + abbrevsize >>= 10; + + timersub(&now, &lastupdate, &wait); + if (cursize > lastsize) { + lastupdate = now; + lastsize = cursize; + wait.tv_sec = 0; + } + timersub(&now, &start, &td); + elapsed = td.tv_sec + (td.tv_usec / 1000000.0); + + bytespersec = 0; + if (cursize > 0) { + bytespersec = cursize; + if (elapsed > 0.0) + bytespersec /= elapsed; + } + for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++) + bytespersec >>= 10; + + nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1); + + snprintf(buf, sizeof(buf), + "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", + curfile, + nspaces, + spaces, + ratio, + (long long)abbrevsize, + prefixes[ai], + ai == 0 ? ' ' : 'B', + (long long)(bytespersec / 1024), + (int)((bytespersec % 1024) * 10 / 1024), + prefixes[bi] + ); + + if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " --:-- ETA"); + } else if (wait.tv_sec >= STALLTIME) { + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " - stalled -"); + } else { + if (cursize != totalbytes) + remaining = (int)(totalbytes / (cursize / elapsed) - + elapsed); + else + remaining = elapsed; + + i = remaining / 3600; + if (i) + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + "%2d:", i); + else + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + " "); + i = remaining % 3600; + snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), + "%02d:%02d%s", i / 60, i % 60, + (cursize != totalbytes) ? " ETA" : " "); + } + atomicio(write, fileno(stdout), buf, strlen(buf)); +} + +static int +get_tty_width(void) +{ + struct winsize winsize; + + if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1) + return (winsize.ws_col ? winsize.ws_col : 80); + else + return (80); +} diff --git a/progressmeter.h b/progressmeter.h new file mode 100644 index 000000000..bfb9a0b77 --- /dev/null +++ b/progressmeter.h @@ -0,0 +1,27 @@ +/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */ +/* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +void start_progress_meter(char *, off_t, off_t *); +void stop_progress_meter(void); -- cgit v1.2.3 From 4790772cda87697a33e54d35c7cc2763914e014a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 13 Jan 2003 10:00:34 +1100 Subject: more --- TODO | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index d3246144e..de83000f5 100644 --- a/TODO +++ b/TODO @@ -101,6 +101,7 @@ Clean up configure/makefiles: (vinschen@redhat.com) - Replace the whole u_intXX_t evilness in acconfig.h with something better??? + - Do it in configure.ac - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test to allow people to (right/wrongfully) link against Bind directly. @@ -133,4 +134,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.52 2003/01/09 22:53:12 djm Exp $ +$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $ -- cgit v1.2.3 From ec201964e4afc9d97b4f11251cb42db0bd4fb062 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 13 Jan 2003 10:04:58 +1100 Subject: - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type detection to configure.ac. Prompted by stevesk@ --- ChangeLog | 6 +++- acconfig.h | 6 +++- configure.ac | 12 ++++--- openbsd-compat/setproctitle.c | 73 +++++++++++++++++++------------------------ 4 files changed, 50 insertions(+), 47 deletions(-) diff --git a/ChangeLog b/ChangeLog index 498a3193c..13ca10ba4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030103 + - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type + detection to configure.ac. Prompted by stevesk@ + 20030110 - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More systems may be added later. @@ -994,4 +998,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2564 2003/01/10 10:46:02 djm Exp $ +$Id: ChangeLog,v 1.2565 2003/01/12 23:04:58 djm Exp $ diff --git a/acconfig.h b/acconfig.h index 314cbaaa4..cf5f961f2 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.146 2003/01/07 04:18:33 djm Exp $ */ +/* $Id: acconfig.h,v 1.147 2003/01/12 23:04:59 djm Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -367,6 +367,10 @@ /* Silly mkstemp() */ #undef HAVE_STRICT_MKSTEMP +/* Setproctitle emulation */ +#undef SETPROCTITLE_STRATEGY +#undef SETPROCTITLE_PS_PADDING + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/configure.ac b/configure.ac index e64a0dd83..54aad3704 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.98 2003/01/09 22:53:12 djm Exp $ +# $Id: configure.ac,v 1.99 2003/01/12 23:04:59 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -82,6 +82,8 @@ case "$host" in dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(LOGIN_NEEDS_UTMPX) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') ;; *-*-cygwin*) LIBS="$LIBS /usr/lib/textmode.o" @@ -122,7 +124,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec -lsecpw" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) disable_ptmx_check=yes @@ -138,7 +140,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -151,7 +153,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -178,6 +180,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') inet6_default_4in6=yes ;; mips-sony-bsd|mips-sony-newsos4) diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 5439bd07e..14d5d2f3c 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -31,7 +31,7 @@ * to contain some useful information. Mechanism differs wildly across * platforms. * - * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.3 2003/01/09 22:53:13 djm Exp $ + * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.4 2003/01/12 23:04:59 djm Exp $ * * Copyright 2000 by PostgreSQL Global Development Group * various details abducted from various places @@ -56,51 +56,47 @@ extern char **environ; /*------ * Alternative ways of updating ps display: * - * PS_USE_PSTAT + * SETPROCTITLE_STRATEGY == PS_USE_PSTAT * use the pstat(PSTAT_SETCMD, ) * (HPUX) - * PS_USE_PS_STRINGS + * SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS * assign PS_STRINGS->ps_argvstr = "string" * (some BSD systems) - * PS_USE_CHANGE_ARGV + * SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV * assign argv[0] = "string" * (some other BSD systems) - * PS_USE_CLOBBER_ARGV + * SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV * write over the argv and environment area * (most SysV-like systems) - * PS_USE_NONE + * SETPROCTITLE_STRATEGY == PS_USE_NONE * don't update ps display * (This is the default, as it is safest.) */ -#if defined(HAVE_PSTAT) && defined(PSTAT_SETCMD) -#define PS_USE_PSTAT -#elif defined(HAVE_PS_STRINGS) -#define PS_USE_PS_STRINGS -#elif defined(BSD) || defined(__bsdi__) || defined(__hurd__) -#define PS_USE_CHANGE_ARGV -#elif defined(__linux__) || defined(_AIX) -#define PS_USE_CLOBBER_ARGV -#else -#define PS_USE_NONE + +#define PS_USE_NONE 0 +#define PS_USE_PSTAT 1 +#define PS_USE_PS_STRINGS 2 +#define PS_USE_CHANGE_ARGV 3 +#define PS_USE_CLOBBER_ARGV 4 + +#ifndef SETPROCTITLE_STRATEGY +# define SETPROCTITLE_STRATEGY PS_USE_NONE #endif -/* Different systems want the buffer padded differently */ -#if defined(_AIX) || defined(__linux__) || defined(__QNX__) || defined(__svr4__) -#define PS_PADDING '\0' -#else -#define PS_PADDING ' ' +#ifndef SETPROCTITLE_PS_PADDING +# define SETPROCTITLE_PS_PADDING ' ' #endif /* * argv clobbering uses existing argv space, all other methods need a buffer */ -#ifndef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV static char ps_buffer[256]; static const size_t ps_buffer_size = sizeof(ps_buffer); -#else /* PS_USE_CLOBBER_ARGV */ +#else static char *ps_buffer; /* will point to argv area */ static size_t ps_buffer_size; /* space determined at run time */ -#endif /* PS_USE_CLOBBER_ARGV */ +#endif /* save the original argv[] location here */ static int save_argc; @@ -115,17 +111,17 @@ extern char *__progname; void setproctitle(const char *fmt, ...) { -#ifdef PS_USE_PSTAT +#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT union pstun pst; #endif -#ifndef PS_USE_NONE +#if SETPROCTITLE_STRATEGY != PS_USE_NONE ssize_t used; va_list ap; /* no ps display if you didn't call save_ps_display_args() */ if (save_argv == NULL) return; -#ifdef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV /* If ps_buffer is a pointer, it might still be null */ if (ps_buffer == NULL) return; @@ -134,12 +130,12 @@ setproctitle(const char *fmt, ...) /* * Overwrite argv[] to point at appropriate space, if needed */ -#ifdef PS_USE_CHANGE_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV save_argv[0] = ps_buffer; save_argv[1] = NULL; #endif /* PS_USE_CHANGE_ARGV */ -#ifdef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV save_argv[1] = NULL; #endif /* PS_USE_CLOBBER_ARGV */ @@ -158,26 +154,21 @@ setproctitle(const char *fmt, ...) } va_end(ap); -#if 0 - error("XXXXXXXXX %s", __progname); - error("XXXXXXXXX %d", ps_buffer_size); - error("XXXXXXXXX %s", ps_buffer); -#endif - -#ifdef PS_USE_PSTAT +#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT pst.pst_command = ps_buffer; pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0); #endif /* PS_USE_PSTAT */ -#ifdef PS_USE_PS_STRINGS +#if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS PS_STRINGS->ps_nargvstr = 1; PS_STRINGS->ps_argvstr = ps_buffer; #endif /* PS_USE_PS_STRINGS */ -#ifdef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV /* pad unused memory */ used = strlen(ps_buffer); - memset(ps_buffer + used, PS_PADDING, ps_buffer_size - used); + memset(ps_buffer + used, SETPROCTITLE_PS_PADDING, + ps_buffer_size - used); #endif /* PS_USE_CLOBBER_ARGV */ #endif /* PS_USE_NONE */ @@ -196,7 +187,7 @@ setproctitle(const char *fmt, ...) void compat_init_setproctitle(int argc, char *argv[]) { -#ifdef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV char *end_of_area = NULL; char **new_environ; int i; @@ -205,7 +196,7 @@ compat_init_setproctitle(int argc, char *argv[]) save_argc = argc; save_argv = argv; -#ifdef PS_USE_CLOBBER_ARGV +#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV /* * If we're going to overwrite the argv area, count the available * space. Also move the environment to make additional room. -- cgit v1.2.3 From 7d9012729123a55cbed793028618c81339309cbb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 13 Jan 2003 16:55:22 +1100 Subject: - (djm) Bug #467: Add a --disable-strip option to turn off stripping of installed binaries. From mdev@idg.nl --- ChangeLog | 4 +++- Makefile.in | 25 +++++++++++++------------ configure.ac | 13 ++++++++++++- 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13ca10ba4..971caa643 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20030103 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type detection to configure.ac. Prompted by stevesk@ + - (djm) Bug #467: Add a --disable-strip option to turn off stripping of + installed binaries. From mdev@idg.nl 20030110 - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More @@ -998,4 +1000,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2565 2003/01/12 23:04:58 djm Exp $ +$Id: ChangeLog,v 1.2566 2003/01/13 05:55:22 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 8d5987afd..c3efac60f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.224 2003/01/10 10:43:25 djm Exp $ +# $Id: Makefile.in,v 1.225 2003/01/13 05:55:23 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -27,6 +27,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ +STRIP_OPT=@STRIP_OPT@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -218,19 +219,19 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) - $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh - $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp - $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add - $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent - $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen - $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan - $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd + $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh + $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan + $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ fi - $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) - @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp - @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER) + $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) + @NO_SFTP@$(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp + @NO_SFTP@$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 diff --git a/configure.ac b/configure.ac index 54aad3704..3054a4394 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.99 2003/01/12 23:04:59 djm Exp $ +# $Id: configure.ac,v 1.100 2003/01/13 05:55:23 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -1938,6 +1938,17 @@ AC_ARG_WITH(xauth, ] ) +STRIP_OPT=-s +AC_ARG_ENABLE(strip, + [ --disable-strip Disable calling strip(1) on install], + [ + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + ] +) +AC_SUBST(STRIP_OPT) + if test -z "$xauth_path" ; then XAUTH_PATH="undefined" AC_SUBST(XAUTH_PATH) -- cgit v1.2.3 From 0141319d859ace49008c9a9923f6b448190786b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:22:11 +1100 Subject: - (djm) OpenBSD CVS Sync - fgsch@cvs.openbsd.org 2003/01/10 23:23:24 [sftp-int.c] typo; from Nils Nordman . --- ChangeLog | 10 ++++++++-- sftp-int.c | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 971caa643..25d6c6c0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,10 @@ -20030103 +20030114 + - (djm) OpenBSD CVS Sync + - fgsch@cvs.openbsd.org 2003/01/10 23:23:24 + [sftp-int.c] + typo; from Nils Nordman . + +20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type detection to configure.ac. Prompted by stevesk@ - (djm) Bug #467: Add a --disable-strip option to turn off stripping of @@ -1000,4 +1006,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2566 2003/01/13 05:55:22 djm Exp $ +$Id: ChangeLog,v 1.2567 2003/01/14 11:22:11 djm Exp $ diff --git a/sftp-int.c b/sftp-int.c index 88b0530ab..111d19031 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.52 2003/01/10 08:19:07 fgsch Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.53 2003/01/10 23:23:24 fgsch Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -137,7 +137,7 @@ help(void) printf("ls [path] Display remote directory listing\n"); printf("lumask umask Set local umask to 'umask'\n"); printf("mkdir path Create remote directory\n"); - printf("preogress Toggle display of progress meter\n"); + printf("progress Toggle display of progress meter\n"); printf("put local-path [remote-path] Upload file\n"); printf("pwd Display remote working directory\n"); printf("exit Quit sftp\n"); -- cgit v1.2.3 From 0946d876f9b7abea25eb0d617b1860575937e5f4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:22:43 +1100 Subject: - markus@cvs.openbsd.org 2003/01/11 18:29:43 [log.c] set fatal_cleanups to NULL in fatal_remove_all_cleanups(); dtucker@zip.com.au --- ChangeLog | 6 +++++- log.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 25d6c6c0e..94fe477d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - fgsch@cvs.openbsd.org 2003/01/10 23:23:24 [sftp-int.c] typo; from Nils Nordman . + - markus@cvs.openbsd.org 2003/01/11 18:29:43 + [log.c] + set fatal_cleanups to NULL in fatal_remove_all_cleanups(); + dtucker@zip.com.au 20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type @@ -1006,4 +1010,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2567 2003/01/14 11:22:11 djm Exp $ +$Id: ChangeLog,v 1.2568 2003/01/14 11:22:43 djm Exp $ diff --git a/log.c b/log.c index ead7e9028..84e4ce0ac 100644 --- a/log.c +++ b/log.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); +RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $"); #include "log.h" #include "xmalloc.h" @@ -233,6 +233,7 @@ fatal_remove_all_cleanups(void) next_cu = cu->next; xfree(cu); } + fatal_cleanups = NULL; } /* Cleanup and exit */ -- cgit v1.2.3 From 71a51415348921728b5b41ac45003858436634c3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:23:23 +1100 Subject: - markus@cvs.openbsd.org 2003/01/12 16:57:02 [progressmeter.c] allow WARNINGS=yes; ok djm@ --- ChangeLog | 5 ++++- progressmeter.c | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 94fe477d3..46333ce13 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ [log.c] set fatal_cleanups to NULL in fatal_remove_all_cleanups(); dtucker@zip.com.au + - markus@cvs.openbsd.org 2003/01/12 16:57:02 + [progressmeter.c] + allow WARNINGS=yes; ok djm@ 20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type @@ -1010,4 +1013,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2568 2003/01/14 11:22:43 djm Exp $ +$Id: ChangeLog,v 1.2569 2003/01/14 11:23:23 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c index ae13c67e7..e7380a8ff 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -60,11 +60,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.1 2003/01/10 08:19:07 fgsch Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.2 2003/01/12 16:57:02 markus Exp $"); #include #include "atomicio.h" +#include "progressmeter.h" /* Number of seconds before xfer considered "stalled". */ #define STALLTIME 5 @@ -81,7 +82,7 @@ static int foregroundproc(void); static int get_tty_width(void); /* Visual statistics about files as they are transferred. */ -static void draw_progress_meter(); +static void draw_progress_meter(void); /* Time a transfer started. */ static struct timeval start; -- cgit v1.2.3 From dc70857773267f4832ac159c2f98db125f25f419 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:24:05 +1100 Subject: - djm@cvs.openbsd.org 2003/01/13 11:04:04 [sftp-int.c] make cmds[] array static to avoid conflict with BSDI libc. --- ChangeLog | 5 ++++- sftp-int.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46333ce13..d0a3754f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - markus@cvs.openbsd.org 2003/01/12 16:57:02 [progressmeter.c] allow WARNINGS=yes; ok djm@ + - djm@cvs.openbsd.org 2003/01/13 11:04:04 + [sftp-int.c] + make cmds[] array static to avoid conflict with BSDI libc. 20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type @@ -1013,4 +1016,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2569 2003/01/14 11:23:23 djm Exp $ +$Id: ChangeLog,v 1.2570 2003/01/14 11:24:05 djm Exp $ diff --git a/sftp-int.c b/sftp-int.c index 111d19031..3438fdeb0 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.53 2003/01/10 23:23:24 fgsch Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.54 2003/01/13 11:04:04 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -83,7 +83,7 @@ struct CMD { const int n; }; -const struct CMD cmds[] = { +static const struct CMD cmds[] = { { "bye", I_QUIT }, { "cd", I_CHDIR }, { "chdir", I_CHDIR }, -- cgit v1.2.3 From 7a992387cb9a14fbe9b1a1108bd41c8cb1ccd38a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:24:19 +1100 Subject: oops --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d0a3754f0..bbd769ebd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ - djm@cvs.openbsd.org 2003/01/13 11:04:04 [sftp-int.c] make cmds[] array static to avoid conflict with BSDI libc. + mindrot bug #466. Fix from mdev@idg.nl; ok markus@ 20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type @@ -1016,4 +1017,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2570 2003/01/14 11:24:05 djm Exp $ +$Id: ChangeLog,v 1.2571 2003/01/14 11:24:19 djm Exp $ -- cgit v1.2.3 From 5fa01fd7fba87bbd716b4ca32d4d7e2f7180975a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 14 Jan 2003 22:24:47 +1100 Subject: - djm@cvs.openbsd.org 2003/01/14 10:58:00 [sftp-client.c sftp-int.c] Don't try to upload or download non-regular files. Report from apoloval@pantuflo.escet.urjc.es; ok markus@ --- ChangeLog | 6 +++++- sftp-client.c | 11 ++++++++--- sftp-int.c | 24 +++++++++++++++++++++++- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index bbd769ebd..36d5d2ca0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ [sftp-int.c] make cmds[] array static to avoid conflict with BSDI libc. mindrot bug #466. Fix from mdev@idg.nl; ok markus@ + - djm@cvs.openbsd.org 2003/01/14 10:58:00 + [sftp-client.c sftp-int.c] + Don't try to upload or download non-regular files. Report from + apoloval@pantuflo.escet.urjc.es; ok markus@ 20030113 - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type @@ -1017,4 +1021,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2571 2003/01/14 11:24:19 djm Exp $ +$Id: ChangeLog,v 1.2572 2003/01/14 11:24:47 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index 3fac22bee..8c12dae11 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.40 2003/01/10 08:48:15 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.41 2003/01/14 10:58:00 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -767,8 +767,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, mode = 0666; if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && - (a->perm & S_IFDIR)) { - error("Cannot download a directory: %s", remote_path); + (!S_ISREG(a->perm))) { + error("Cannot download non-regular file: %s", remote_path); return(-1); } @@ -1002,6 +1002,11 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, close(local_fd); return(-1); } + if (!S_ISREG(sb.st_mode)) { + error("%s is not a regular file", local_path); + close(local_fd); + return(-1); + } stat_to_attrib(&sb, &a); a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; diff --git a/sftp-int.c b/sftp-int.c index 3438fdeb0..42040f5bd 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.54 2003/01/13 11:04:04 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.55 2003/01/14 10:58:00 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -380,6 +380,17 @@ is_dir(char *path) return(sb.st_mode & S_IFDIR); } +static int +is_reg(char *path) +{ + struct stat sb; + + if (stat(path, &sb) == -1) + fatal("stat %s: %s", path, strerror(errno)); + + return(S_ISREG(sb.st_mode)); +} + static int remote_is_dir(struct sftp_conn *conn, char *path) { @@ -494,6 +505,12 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) /* Only one match, dst may be file, directory or unspecified */ if (g.gl_pathv[0] && g.gl_matchc == 1) { + if (!is_reg(g.gl_pathv[i])) { + error("Can't upload %s: not a regular file", + g.gl_pathv[0]); + err = 1; + goto out; + } if (tmp_dst) { /* If directory specified, append filename */ if (remote_is_dir(conn, tmp_dst)) { @@ -525,6 +542,11 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) } for (i = 0; g.gl_pathv[i]; i++) { + if (!is_reg(g.gl_pathv[i])) { + error("skipping non-regular file %s", + g.gl_pathv[i]); + continue; + } if (infer_path(g.gl_pathv[i], &tmp)) { err = -1; goto out; -- cgit v1.2.3 From cb3e3c8b24b5c62a56241719df3702b5d598d5f4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 16 Jan 2003 15:39:13 +1100 Subject: 20030116 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/01/16 03:41:55 [sftp-int.c] explicitly use first glob result --- ChangeLog | 8 +++++++- sftp-int.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 36d5d2ca0..63979507f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030116 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/01/16 03:41:55 + [sftp-int.c] + explicitly use first glob result + 20030114 - (djm) OpenBSD CVS Sync - fgsch@cvs.openbsd.org 2003/01/10 23:23:24 @@ -1021,4 +1027,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2572 2003/01/14 11:24:47 djm Exp $ +$Id: ChangeLog,v 1.2573 2003/01/16 04:39:13 djm Exp $ diff --git a/sftp-int.c b/sftp-int.c index 42040f5bd..013ea84e0 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.55 2003/01/14 10:58:00 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.56 2003/01/16 03:41:55 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -505,7 +505,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) /* Only one match, dst may be file, directory or unspecified */ if (g.gl_pathv[0] && g.gl_matchc == 1) { - if (!is_reg(g.gl_pathv[i])) { + if (!is_reg(g.gl_pathv[0])) { error("Can't upload %s: not a regular file", g.gl_pathv[0]); err = 1; -- cgit v1.2.3 From 9715bb1833947456dc4fa1cf536fbd32a129979f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 17 Jan 2003 10:31:38 +1100 Subject: - (djm) Bug #470: Detect strnvis, not strvis in configure. From d_wllms@lanl.gov --- ChangeLog | 6 +++++- configure.ac | 4 ++-- openbsd-compat/vis.c | 2 +- openbsd-compat/vis.h | 4 ++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 63979507f..c43ccc907 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030117 + - (djm) Bug #470: Detect strnvis, not strvis in configure. + From d_wllms@lanl.gov + 20030116 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/01/16 03:41:55 @@ -1027,4 +1031,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2573 2003/01/16 04:39:13 djm Exp $ +$Id: ChangeLog,v 1.2574 2003/01/16 23:31:38 djm Exp $ diff --git a/configure.ac b/configure.ac index 3054a4394..df4168096 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.100 2003/01/13 05:55:23 djm Exp $ +# $Id: configure.ac,v 1.101 2003/01/16 23:31:38 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -606,7 +606,7 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode strvis sysconf \ + socketpair strerror strlcat strlcpy strmode strnvis sysconf \ tcgetpgrp truncate utimes vhangup vsnprintf waitpid __b64_ntop \ _getpty) diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c index 303a9a5b3..fc5741390 100644 --- a/openbsd-compat/vis.c +++ b/openbsd-compat/vis.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ #include "config.h" -#if !defined(HAVE_STRVIS) +#if !defined(HAVE_STRNVIS) #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $"; diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h index 98924bde4..5df6f3694 100644 --- a/openbsd-compat/vis.h +++ b/openbsd-compat/vis.h @@ -36,7 +36,7 @@ * @(#)vis.h 5.9 (Berkeley) 4/3/91 */ #include "config.h" -#if !defined(HAVE_STRVIS) +#if !defined(HAVE_STRNVIS) #ifndef _VIS_H_ #define _VIS_H_ @@ -88,4 +88,4 @@ int unvis(char *, char, int *, int); #endif /* !_VIS_H_ */ -#endif /* !HAVE_STRVIS */ +#endif /* !HAVE_STRNVIS */ -- cgit v1.2.3 From e443e9398eb95f95bee82009cfae30951646c6e9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 18 Jan 2003 16:24:06 +1100 Subject: - (djm) Revert fix for Bug #442 for now. --- ChangeLog | 5 ++++- auth.c | 72 +++++++++++++++++++++++++-------------------------------------- 2 files changed, 32 insertions(+), 45 deletions(-) diff --git a/ChangeLog b/ChangeLog index c43ccc907..9c64c24e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030118 + - (djm) Revert fix for Bug #442 for now. + 20030117 - (djm) Bug #470: Detect strnvis, not strvis in configure. From d_wllms@lanl.gov @@ -1031,4 +1034,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2574 2003/01/16 23:31:38 djm Exp $ +$Id: ChangeLog,v 1.2575 2003/01/18 05:24:06 djm Exp $ diff --git a/auth.c b/auth.c index c6e5a1732..1268accb1 100644 --- a/auth.c +++ b/auth.c @@ -72,68 +72,52 @@ int allowed_user(struct passwd * pw) { struct stat st; - const char *hostname = NULL, *ipaddr = NULL, *passwd; + const char *hostname = NULL, *ipaddr = NULL; char *shell; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) struct spwd *spw; -#if !defined(USE_PAM) && defined(HAS_SHADOW_EXPIRE) time_t today; -#endif #endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; - /* Grab the password for locked account checking */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) - spw = getspnam(pw->pw_name); - if (!spw) - return 0; - passwd = spw->sp_pwdp; -#else - passwd = pw->pw_passwd; -#endif - - /* check for locked account */ - if (strcmp(passwd, "*LK*") == 0 || passwd[0] == '!') { - log("User %.100s not allowed because account is locked", - pw->pw_name); - return 0; - } - #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ - today = time(NULL) / DAY; - debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" - " sp_max %d", (int)today, (int)spw->sp_expire, - (int)spw->sp_lstchg, (int)spw->sp_max); + if ((spw = getspnam(pw->pw_name)) != NULL) { + today = time(NULL) / DAY; + debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" + " sp_max %d", (int)today, (int)spw->sp_expire, + (int)spw->sp_lstchg, (int)spw->sp_max); - /* - * We assume account and password expiration occurs the - * day after the day specified. - */ - if (spw->sp_expire != -1 && today > spw->sp_expire) { - log("Account %.100s has expired", pw->pw_name); - return 0; - } + /* + * We assume account and password expiration occurs the + * day after the day specified. + */ + if (spw->sp_expire != -1 && today > spw->sp_expire) { + log("Account %.100s has expired", pw->pw_name); + return 0; + } - if (spw->sp_lstchg == 0) { - log("User %.100s password has expired (root forced)", - pw->pw_name); - return 0; - } + if (spw->sp_lstchg == 0) { + log("User %.100s password has expired (root forced)", + pw->pw_name); + return 0; + } - if (spw->sp_max != -1 && - today > spw->sp_lstchg + spw->sp_max) { - log("User %.100s password has expired (password aged)", - pw->pw_name); - return 0; + if (spw->sp_max != -1 && + today > spw->sp_lstchg + spw->sp_max) { + log("User %.100s password has expired (password aged)", + pw->pw_name); + return 0; + } } #endif @@ -222,7 +206,7 @@ allowed_user(struct passwd * pw) * PermitRootLogin to control logins via ssh), or if running as * non-root user (since loginrestrictions will always fail). */ - if ( (pw->pw_uid != 0) && (geteuid() == 0) && + if ((pw->pw_uid != 0) && (geteuid() == 0) && loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { int loginrestrict_errno = errno; -- cgit v1.2.3 From 140344b8097ccf596b40131c1b22bef8139631f4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Jan 2003 13:15:10 +1100 Subject: - (djm) Fix compilation for NetBSD from dtucker@zip.com.au --- ChangeLog | 5 ++++- openbsd-compat/setproctitle.c | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c64c24e5..2f9adb864 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030120 + - (djm) Fix compilation for NetBSD from dtucker@zip.com.au + 20030118 - (djm) Revert fix for Bug #442 for now. @@ -1034,4 +1037,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2575 2003/01/18 05:24:06 djm Exp $ +$Id: ChangeLog,v 1.2576 2003/01/20 02:15:10 djm Exp $ diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 14d5d2f3c..07af7e9c0 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -31,7 +31,7 @@ * to contain some useful information. Mechanism differs wildly across * platforms. * - * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.4 2003/01/12 23:04:59 djm Exp $ + * $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.5 2003/01/20 02:15:11 djm Exp $ * * Copyright 2000 by PostgreSQL Global Development Group * various details abducted from various places @@ -51,8 +51,6 @@ #include #endif -extern char **environ; - /*------ * Alternative ways of updating ps display: * @@ -86,6 +84,9 @@ extern char **environ; #ifndef SETPROCTITLE_PS_PADDING # define SETPROCTITLE_PS_PADDING ' ' #endif +#endif /* HAVE_SETPROCTITLE */ + +extern char **environ; /* * argv clobbering uses existing argv space, all other methods need a buffer @@ -104,6 +105,7 @@ static char **save_argv; extern char *__progname; +#ifndef HAVE_SETPROCTITLE /* * Call this to update the ps status display to a fixed prefix plus an * indication of what you're currently doing passed in the argument. -- cgit v1.2.3 From 4ea542b41a5d677c3c91b883c935c1930a5bede4 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 19 Jan 2003 20:15:13 -0800 Subject: [progressmeter.c] make compilers without long long happy. --- ChangeLog | 3 ++- progressmeter.c | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2f9adb864..23230b5d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au + - (tim) [progressmeter.c] make compilers without long long happy. 20030118 - (djm) Revert fix for Bug #442 for now. @@ -1037,4 +1038,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2576 2003/01/20 02:15:10 djm Exp $ +$Id: ChangeLog,v 1.2577 2003/01/20 04:15:13 tim Exp $ diff --git a/progressmeter.c b/progressmeter.c index e7380a8ff..948d361d2 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -203,6 +203,7 @@ draw_progress_meter() nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1); +#ifdef HAVE_LONG_LONG_INT snprintf(buf, sizeof(buf), "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s", curfile, @@ -216,6 +217,22 @@ draw_progress_meter() (int)((bytespersec % 1024) * 10 / 1024), prefixes[bi] ); +#else + /* XXX: Handle integer overflow? */ + snprintf(buf, sizeof(buf), + "\r%-45.45s%.*s%3d%% %4lu%c%c %3lu.%01d%cB/s", + curfile, + nspaces, + spaces, + ratio, + (u_long)abbrevsize, + prefixes[ai], + ai == 0 ? ' ' : 'B', + (u_long)(bytespersec / 1024), + (int)((bytespersec % 1024) * 10 / 1024), + prefixes[bi] + ); +#endif if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) { snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), -- cgit v1.2.3 From 89fe3f30a71dee3b5effbcbc3b142c86ab129fe2 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 19 Jan 2003 20:20:24 -0800 Subject: [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when using cc. (gcc already did) --- ChangeLog | 4 +++- configure.ac | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 23230b5d4..85fb7c177 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au - (tim) [progressmeter.c] make compilers without long long happy. + - (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when + using cc. (gcc already did) 20030118 - (djm) Revert fix for Bug #442 for now. @@ -1038,4 +1040,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2577 2003/01/20 04:15:13 tim Exp $ +$Id: ChangeLog,v 1.2578 2003/01/20 04:20:24 tim Exp $ diff --git a/configure.ac b/configure.ac index df4168096..b85f1884e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.101 2003/01/16 23:31:38 djm Exp $ +# $Id: configure.ac,v 1.102 2003/01/20 04:20:25 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -283,6 +283,9 @@ mips-sony-bsd|mips-sony-newsos4) do_sco3_extra_lib_check=yes ;; *-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" -- cgit v1.2.3 From 53d81483f0bcea8af2207583bb6e83c187d522fc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Jan 2003 11:47:19 +1100 Subject: - (djm) OpenBSD CVS Sync - marc@cvs.openbsd.org 2003/01/21 18:14:36 [ssh-agent.1 ssh-agent.c] Add a -t life option to ssh-agent that set the default lifetime. The default can still be overriden by using -t in ssh-add. OK markus@ --- ChangeLog | 10 +++++++++- ssh-agent.1 | 11 ++++++++++- ssh-agent.c | 16 ++++++++++++++-- 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85fb7c177..ea91ef7a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20030122 + - (djm) OpenBSD CVS Sync + - marc@cvs.openbsd.org 2003/01/21 18:14:36 + [ssh-agent.1 ssh-agent.c] + Add a -t life option to ssh-agent that set the default lifetime. + The default can still be overriden by using -t in ssh-add. + OK markus@ + 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au - (tim) [progressmeter.c] make compilers without long long happy. @@ -1040,4 +1048,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2578 2003/01/20 04:20:24 tim Exp $ +$Id: ChangeLog,v 1.2579 2003/01/22 00:47:19 djm Exp $ diff --git a/ssh-agent.1 b/ssh-agent.1 index 0227436c1..98f9dc80d 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ .Nm ssh-agent .Op Fl a Ar bind_address .Op Fl c Li | Fl s +.Op Fl t Ar life .Op Fl d .Op Ar command Op Ar args ... .Nm ssh-agent @@ -86,6 +87,14 @@ does not look like it's a csh style of shell. Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl t Ar life +Set a default value for the maximum lifetime of identities added to the agent. +The lifetime may be specified in seconds or in a time format specified in +.Xr sshd 8 . +A lifetime specified for an identity with +.Xr ssh-add 1 +overrides this value. +Without this option the default maximum lifetime is forever. .It Fl d Debug mode. When this option is specified .Nm diff --git a/ssh-agent.c b/ssh-agent.c index cca720ee2..554f8942a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.106 2003/01/21 18:14:36 marc Exp $"); #include #include @@ -106,6 +106,9 @@ extern char *__progname; char *__progname; #endif +/* Default lifetime (0 == forever) */ +static int lifetime = 0; + static void close_socket(SocketEntry *e) { @@ -468,6 +471,8 @@ process_add_identity(SocketEntry *e, int version) break; } } + if (lifetime && !death) + death = time(NULL) + lifetime; if (lookup_identity(k, version) == NULL) { Identity *id = xmalloc(sizeof(Identity)); id->key = k; @@ -930,6 +935,7 @@ usage(void) fprintf(stderr, " -k Kill the current agent.\n"); fprintf(stderr, " -d Debug mode.\n"); fprintf(stderr, " -a socket Bind agent socket to given name.\n"); + fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); exit(1); } @@ -961,7 +967,7 @@ main(int ac, char **av) init_rng(); seed_rng(); - while ((ch = getopt(ac, av, "cdksa:")) != -1) { + while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -984,6 +990,12 @@ main(int ac, char **av) case 'a': agentsocket = optarg; break; + case 't': + if ((lifetime = convtime(optarg)) == -1) { + fprintf(stderr, "Invalid lifetime\n"); + usage(); + } + break; default: usage(); } -- cgit v1.2.3 From 2101bfc4e1dbe1dc475d71158b1c24c6d2e2e412 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Jan 2003 15:42:26 +1100 Subject: - (djm) Reorganise PAM & SIA password handling to eliminate some common code --- ChangeLog | 3 +- auth-pam.c | 10 +------ auth-passwd.c | 89 +++++++++++++++++++++++++++++------------------------------ auth-sia.c | 2 +- 4 files changed, 48 insertions(+), 56 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea91ef7a4..f4c7704c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ Add a -t life option to ssh-agent that set the default lifetime. The default can still be overriden by using -t in ssh-add. OK markus@ + - (djm) Reorganise PAM & SIA password handling to eliminate some common code 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au @@ -1048,4 +1049,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2579 2003/01/22 00:47:19 djm Exp $ +$Id: ChangeLog,v 1.2580 2003/01/22 04:42:26 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 99b03f45b..fe9570f92 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -38,7 +38,7 @@ extern char *__progname; extern int use_privsep; -RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $"); +RCSID("$Id: auth-pam.c,v 1.55 2003/01/22 04:42:26 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now." @@ -210,14 +210,6 @@ int auth_pam_password(Authctxt *authctxt, const char *password) do_pam_set_conv(&conv); - /* deny if no user. */ - if (pw == NULL) - return 0; - if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) - return 0; - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - __pampasswd = password; pamstate = INITIAL_LOGIN; diff --git a/auth-passwd.c b/auth-passwd.c index 185db7d6d..cbf093f0d 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -92,52 +92,51 @@ extern char *aixloginmsg; int auth_password(Authctxt *authctxt, const char *password) { -#if defined(USE_PAM) - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - return auth_pam_password(authctxt, password); -#elif defined(HAVE_OSF_SIA) - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - return auth_sia_password(authctxt, password); -#else +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) struct passwd * pw = authctxt->pw; char *encrypted_password; char *pw_password; char *salt; -#if defined(__hpux) || defined(HAVE_SECUREWARE) +# if defined(__hpux) || defined(HAVE_SECUREWARE) struct pr_passwd *spw; -#endif /* __hpux || HAVE_SECUREWARE */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# endif /* __hpux || HAVE_SECUREWARE */ +# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; -#endif -#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +# endif +# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; -#endif -#ifdef WITH_AIXAUTHENTICATE +# endif +# ifdef WITH_AIXAUTHENTICATE char *authmsg; int authsuccess; int reenter = 1; -#endif +# endif +#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */ /* deny if no user. */ if (pw == NULL) return 0; #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD) return 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; -#ifdef KRB5 + +#if defined(USE_PAM) + return auth_pam_password(authctxt, password); +#elif defined(HAVE_OSF_SIA) + return auth_sia_password(authctxt, password); +#else +# ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } -#endif -#ifdef HAVE_CYGWIN +# endif +# ifdef HAVE_CYGWIN if (is_winnt) { HANDLE hToken = cygwin_logon_user(pw, password); @@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password) cygwin_set_impersonation_token(hToken); return 1; } -#endif -#ifdef WITH_AIXAUTHENTICATE +# endif +# ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); if (authsuccess) @@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password) aixloginmsg = NULL; return(authsuccess); -#endif -#ifdef KRB4 +# endif +# ifdef KRB4 if (options.kerberos_authentication == 1) { int ret = auth_krb4_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } -#endif -#ifdef BSD_AUTH +# endif +# ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", (char *)password) == 0) return 0; else return 1; -#endif +# endif pw_password = pw->pw_passwd; /* * Various interfaces to shadow or protected password data */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); if (spw != NULL) pw_password = spw->sp_pwdp; -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ -#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) pw_password = spw->pwa_passwd; -#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ +# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ -#ifdef HAVE_SECUREWARE +# ifdef HAVE_SECUREWARE if ((spw = getprpwnam(pw->pw_name)) != NULL) pw_password = spw->ufld.fd_encrypt; -#endif /* HAVE_SECUREWARE */ +# endif /* HAVE_SECUREWARE */ -#if defined(__hpux) && !defined(HAVE_SECUREWARE) +# if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) pw_password = spw->ufld.fd_encrypt; -#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ +# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ /* Check for users with no password. */ if ((password[0] == '\0') && (pw_password[0] == '\0')) @@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password) else salt = "xx"; -#ifdef HAVE_MD5_PASSWORDS +# ifdef HAVE_MD5_PASSWORDS if (is_md5_salt(salt)) encrypted_password = md5_crypt(password, salt); else encrypted_password = crypt(password, salt); -#else /* HAVE_MD5_PASSWORDS */ -# if defined(__hpux) && !defined(HAVE_SECUREWARE) +# else /* HAVE_MD5_PASSWORDS */ +# if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) encrypted_password = bigcrypt(password, salt); else encrypted_password = crypt(password, salt); -# else -# ifdef HAVE_SECUREWARE - encrypted_password = bigcrypt(password, salt); # else +# ifdef HAVE_SECUREWARE + encrypted_password = bigcrypt(password, salt); +# else encrypted_password = crypt(password, salt); -# endif /* HAVE_SECUREWARE */ -# endif /* __hpux && !defined(HAVE_SECUREWARE) */ -#endif /* HAVE_MD5_PASSWORDS */ +# endif /* HAVE_SECUREWARE */ +# endif /* __hpux && !defined(HAVE_SECUREWARE) */ +# endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw_password) == 0); diff --git a/auth-sia.c b/auth-sia.c index 58b17c16f..071e154d8 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -57,7 +57,7 @@ auth_sia_password(Authctxt *authctxt, char *pass) host = get_canonical_hostname(options.verify_reverse_mapping); - if (!user || !pass || pass[0] == '\0') + if (pass[0] == '\0') return(0); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, -- cgit v1.2.3 From e9b7d720c8de6c293a3632c1fbf02cfa9c542923 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Jan 2003 16:21:02 +1100 Subject: unbreak for PAM case --- auth-passwd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-passwd.c b/auth-passwd.c index cbf093f0d..d419fa0d2 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -92,8 +92,8 @@ extern char *aixloginmsg; int auth_password(Authctxt *authctxt, const char *password) { -#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) struct passwd * pw = authctxt->pw; +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) char *encrypted_password; char *pw_password; char *salt; -- cgit v1.2.3 From 8b9cde784784949f9fdf0451f9da9030b76ca705 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Jan 2003 17:53:16 +1100 Subject: - (djm) Sync regress with OpenBSD -current --- ChangeLog | 3 +- regress/Makefile | 14 +++++-- regress/agent-getpeereid.sh | 34 +++++++++++++++ regress/agent-ptrace.sh | 28 +++++++++++++ regress/agent-timeout.sh | 36 ++++++++++++++++ regress/keygen-change.sh | 23 ++++++++++ regress/proxy-connect.sh | 9 +++- regress/sftp-batch.sh | 57 +++++++++++++++++++++++++ regress/sftp-cmds.sh | 100 ++++++++++++++++++++++++++++++++++++++++++++ regress/ssh-com-client.sh | 6 ++- regress/ssh-com-keygen.sh | 6 ++- regress/ssh-com-sftp.sh | 6 ++- regress/ssh-com.sh | 10 +++-- 13 files changed, 316 insertions(+), 16 deletions(-) create mode 100644 regress/agent-getpeereid.sh create mode 100644 regress/agent-ptrace.sh create mode 100644 regress/agent-timeout.sh create mode 100644 regress/keygen-change.sh create mode 100644 regress/sftp-batch.sh create mode 100644 regress/sftp-cmds.sh diff --git a/ChangeLog b/ChangeLog index f4c7704c7..96bc77e83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ The default can still be overriden by using -t in ssh-add. OK markus@ - (djm) Reorganise PAM & SIA password handling to eliminate some common code + - (djm) Sync regress with OpenBSD -current 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au @@ -1049,4 +1050,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2580 2003/01/22 04:42:26 djm Exp $ +$Id: ChangeLog,v 1.2581 2003/01/22 06:53:16 djm Exp $ diff --git a/regress/Makefile b/regress/Makefile index 26224cd7d..6e2029348 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $ +# $OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $ -REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7 +REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 -CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub +CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 LTESTS= connect \ proxy-connect \ @@ -17,8 +17,14 @@ LTESTS= connect \ try-ciphers \ yes-head \ agent \ + agent-getpeereid \ + agent-timeout \ + agent-ptrace \ keyscan \ + keygen-change \ sftp \ + sftp-cmds \ + sftp-batch \ forwarding USER!= id -un @@ -65,7 +71,7 @@ t7: t7.out ssh-keygen -Bf t7.out > /dev/null .for t in ${LTESTS} -REGRESSTARGETS+=t-${t} +REGRESS_TARGETS+=t-${t} t-${t}: sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh .endfor diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh new file mode 100644 index 000000000..0889fe80e --- /dev/null +++ b/regress/agent-getpeereid.sh @@ -0,0 +1,34 @@ +# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $ +# Placed in the Public Domain. + +tid="disallow agent attach from other uid" + +UNPRIV=nobody +ASOCK=${OBJ}/agent +SSH_AUTH_SOCK=/nonexistant + +trace "start agent" +eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fail "could not start ssh-agent: exit code $r" +else + chmod 644 ${SSH_AUTH_SOCK} + + ssh-add -l > /dev/null 2>&1 + r=$? + if [ $r -ne 1 ]; then + fail "ssh-add failed with $r != 1" + fi + + < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 + r=$? + if [ $r -lt 2 ]; then + fail "ssh-add did not fail for ${UNPRIV}: $r < 2" + fi + + trace "kill agent" + ${SSHAGENT} -k > /dev/null +fi + +rm -f ${OBJ}/agent diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh new file mode 100644 index 000000000..9f9c99960 --- /dev/null +++ b/regress/agent-ptrace.sh @@ -0,0 +1,28 @@ +# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $ +# Placed in the Public Domain. + +tid="disallow agent ptrace attach" + +trace "start agent" +eval `${SSHAGENT} -s` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fail "could not start ssh-agent: exit code $r" +else + # ls -l ${SSH_AUTH_SOCK} + gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF + quit +EOF + if [ $? -ne 0 ]; then + fail "gdb failed: exit code $?" + fi + grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out + r=$? + rm -f ${OBJ}/gdb.out + if [ $r -ne 0 ]; then + fail "ptrace succeeded?: exit code $r" + fi + + trace "kill agent" + ${SSHAGENT} -k > /dev/null +fi diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh new file mode 100644 index 000000000..28b1be028 --- /dev/null +++ b/regress/agent-timeout.sh @@ -0,0 +1,36 @@ +# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $ +# Placed in the Public Domain. + +tid="agent timeout test" + +TIMEOUT=5 + +trace "start agent" +eval `${SSHAGENT} -s` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fail "could not start ssh-agent: exit code $r" +else + trace "add keys with timeout" + for t in rsa rsa1; do + ${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh-add did succeed exit code 0" + fi + done + n=`${SSHADD} -l 2> /dev/null | wc -l` + trace "agent has $n keys" + if [ $n -ne 2 ]; then + fail "ssh-add -l did not return 2 keys: $n" + fi + trace "sleeping 2*${TIMEOUT} seconds" + sleep ${TIMEOUT} + sleep ${TIMEOUT} + ${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.' + if [ $? -ne 0 ]; then + fail "ssh-add -l still returns keys after timeout" + fi + + trace "kill agent" + ${SSHAGENT} -k > /dev/null +fi diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh new file mode 100644 index 000000000..08d359023 --- /dev/null +++ b/regress/keygen-change.sh @@ -0,0 +1,23 @@ +# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $ +# Placed in the Public Domain. + +tid="change passphrase for key" + +S1="secret1" +S2="2secret" + +for t in rsa dsa rsa1; do + # generate user key for agent + trace "generating $t key" + rm -f $OBJ/$t-key + ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key + if [ $? -eq 0 ]; then + ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null + if [ $? -ne 0 ]; then + fail "ssh-keygen -p failed for $t-key" + fi + else + fail "ssh-keygen for $t-key failed" + fi + rm -f $OBJ/$t-key $OBJ/$t-key.pub +done diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index bf1940fcc..6a36b2513 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh @@ -1,4 +1,4 @@ -# $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ +# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $ # Placed in the Public Domain. tid="proxy connect" @@ -8,4 +8,11 @@ for p in 1 2; do if [ $? -ne 0 ]; then fail "ssh proxyconnect protocol $p failed" fi + SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'` + if [ $? -ne 0 ]; then + fail "ssh proxyconnect protocol $p failed" + fi + if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then + fail "bad SSH_CONNECTION" + fi done diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh new file mode 100644 index 000000000..cffacb6df --- /dev/null +++ b/regress/sftp-batch.sh @@ -0,0 +1,57 @@ +# $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $ +# Placed in the Public Domain. + +tid="sftp batchfile" + +DATA=/bin/ls +COPY=${OBJ}/copy +BATCH=${OBJ}/sftp-batch + +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* + +cat << EOF > ${BATCH}.pass.1 + get $DATA $COPY + put ${COPY} ${COPY}.1 + rm ${COPY} + -put ${COPY} ${COPY}.2 +EOF + +cat << EOF > ${BATCH}.pass.2 + # This is a comment + + # That was a blank line + ls +EOF + +cat << EOF > ${BATCH}.fail.1 + get $DATA $COPY + put ${COPY} ${COPY}.3 + rm ${COPY}.* + # The next command should fail + put ${COPY}.3 ${COPY}.4 +EOF + +cat << EOF > ${BATCH}.fail.2 + # The next command should fail + jajajajaja +EOF + +verbose "$tid: good commands" +${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "good commands failed" + +verbose "$tid: bad commands" +${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ + && fail "bad commands succeeded" + +verbose "$tid: comments and blanks" +${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "comments & blanks failed" + +verbose "$tid: junk command" +${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ + && fail "junk command succeeded" + +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* + + diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh new file mode 100644 index 000000000..462c6802f --- /dev/null +++ b/regress/sftp-cmds.sh @@ -0,0 +1,100 @@ +# $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $ +# Placed in the Public Domain. + +# XXX - TODO: +# - globbed operations +# - chmod / chown / chgrp +# - -p flag for get & put + +tid="sftp commands" + +DATA=/bin/ls +COPY=${OBJ}/copy + +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* + +verbose "$tid: lls" +echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "lls failed" +# XXX always successful + +verbose "$tid: ls" +echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "ls failed" +# XXX always successful + +verbose "$tid: shell" +echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "shell failed" +# XXX always successful + +verbose "$tid: pwd" +echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "pwd failed" +# XXX always successful + +verbose "$tid: lpwd" +echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "lpwd failed" +# XXX always successful + +verbose "$tid: quit" +echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "quit failed" +# XXX always successful + +verbose "$tid: help" +echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "help failed" +# XXX always successful + +rm -f ${COPY} +verbose "$tid: get" +echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "get failed" +cmp $DATA ${COPY} || fail "corrupted copy after get" + +rm -f ${COPY} +verbose "$tid: put" +echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "put failed" +cmp $DATA ${COPY} || fail "corrupted copy after put" + +verbose "$tid: rename" +echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "rename failed" +test -f ${COPY}.1 || fail "missing file after rename" +cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename" + +verbose "$tid: ln" +echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed" +test -L ${COPY}.2 || fail "missing file after ln" + +verbose "$tid: mkdir" +echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "mkdir failed" +test -d ${COPY}.dd || fail "missing directory after mkdir" + +# XXX do more here +verbose "$tid: chdir" +echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "chdir failed" + +verbose "$tid: rmdir" +echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "rmdir failed" +test -d ${COPY}.1 && fail "present directory after rmdir" + +verbose "$tid: lmkdir" +echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "lmkdir failed" +test -d ${COPY}.dd || fail "missing directory after lmkdir" + +# XXX do more here +verbose "$tid: lchdir" +echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "lchdir failed" + +rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* + + diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh index 84b0b471e..015ebbb8c 100644 --- a/regress/ssh-com-client.sh +++ b/regress/ssh-com-client.sh @@ -1,4 +1,4 @@ -# $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $ +# $OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $ # Placed in the Public Domain. tid="connect with ssh.com client" @@ -15,7 +15,9 @@ VERSIONS=" 2.3.1 2.4.0 3.0.0 - 3.1.0" + 3.1.0 + 3.2.0 + 3.3.0" # 2.0.10 2.0.12 2.0.13 don't like the test setup diff --git a/regress/ssh-com-keygen.sh b/regress/ssh-com-keygen.sh index 90ba2fcdc..e93dc78c9 100644 --- a/regress/ssh-com-keygen.sh +++ b/regress/ssh-com-keygen.sh @@ -1,4 +1,4 @@ -# $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $ +# $OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $ # Placed in the Public Domain. tid="ssh.com key import" @@ -18,7 +18,9 @@ VERSIONS=" 2.3.1 2.4.0 3.0.0 - 3.1.0" + 3.1.0 + 3.2.0 + 3.3.0" COMPRV=${OBJ}/comkey COMPUB=${COMPRV}.pub diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh index 231efa132..f08018b84 100644 --- a/regress/ssh-com-sftp.sh +++ b/regress/ssh-com-sftp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $ +# $OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $ # Placed in the Public Domain. tid="basic sftp put/get with ssh.com server" @@ -24,7 +24,9 @@ VERSIONS=" 2.3.1 2.4.0 3.0.0 - 3.1.0" + 3.1.0 + 3.2.0 + 3.3.0" # go for it for v in ${VERSIONS}; do diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh index 6a199fa65..c2bd15380 100644 --- a/regress/ssh-com.sh +++ b/regress/ssh-com.sh @@ -1,4 +1,4 @@ -# $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ +# $OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $ # Placed in the Public Domain. tid="connect to ssh.com server" @@ -14,17 +14,19 @@ VERSIONS=" 2.1.0 2.2.0 2.3.0 - 2.3.1 2.4.0 3.0.0 - 3.1.0" + 3.1.0 + 3.2.0 + 3.3.0" # 2.0.10 does not support UserConfigDirectory +# 2.3.1 requires a config in $HOME/.ssh2 SRC=`dirname ${SCRIPT}` # ssh.com cat << EOF > $OBJ/sshd2_config -*: +#*: # Port and ListenAdress are not used. QuietMode yes Port 4343 -- cgit v1.2.3 From 21de87b936c0d2989790284dca3d5c51796ca966 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 23 Jan 2003 17:41:20 +1100 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/01/23 00:03:00 [auth1.c] Don't log TIS auth response; "get rid of it" - markus@ --- ChangeLog | 8 +++++++- auth1.c | 3 +-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96bc77e83..c5e32fc03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030123 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/01/23 00:03:00 + [auth1.c] + Don't log TIS auth response; "get rid of it" - markus@ + 20030122 - (djm) OpenBSD CVS Sync - marc@cvs.openbsd.org 2003/01/21 18:14:36 @@ -1050,4 +1056,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2581 2003/01/22 06:53:16 djm Exp $ +$Id: ChangeLog,v 1.2582 2003/01/23 06:41:20 djm Exp $ diff --git a/auth1.c b/auth1.c index 1af30e0ec..2ba411243 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.45 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.46 2003/01/23 00:03:00 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -285,7 +285,6 @@ do_authloop(Authctxt *authctxt) debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); if (options.challenge_response_authentication == 1) { char *response = packet_get_string(&dlen); - debug("got response '%s'", response); packet_check_eom(); authenticated = verify_response(authctxt, response); memset(response, 'r', dlen); -- cgit v1.2.3 From 5a93add673a68d9ef67504b17913254498f4deb9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Jan 2003 11:34:52 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2003/01/23 08:58:47 [sshd_config.5] typos; ok millert@ --- ChangeLog | 8 +++++++- sshd_config.5 | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c5e32fc03..7ecd2f7fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030124 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2003/01/23 08:58:47 + [sshd_config.5] + typos; ok millert@ + 20030123 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2003/01/23 00:03:00 @@ -1056,4 +1062,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2582 2003/01/23 06:41:20 djm Exp $ +$Id: ChangeLog,v 1.2583 2003/01/24 00:34:52 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 0944ba076..23ac0e96d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -89,7 +89,7 @@ own forwarders. .It Cm AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. -If specified, login is allowed only for users names that +If specified, login is allowed only for user names that match one of the patterns. .Ql \&* and -- cgit v1.2.3 From 6c71179f6839ab49e4e8a91209eef85dc190d5f1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Jan 2003 11:36:23 +1100 Subject: - markus@cvs.openbsd.org 2003/01/23 13:50:27 [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@ --- ChangeLog | 7 ++++++- authfd.c | 10 ++++++---- authfd.h | 6 ++++-- readpass.c | 16 ++++++++++++---- ssh-add.1 | 12 ++++++++++-- ssh-add.c | 17 ++++++++++++++--- ssh-agent.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-------- 7 files changed, 98 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ecd2f7fa..2fb0b941e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ - jmc@cvs.openbsd.org 2003/01/23 08:58:47 [sshd_config.5] typos; ok millert@ + - markus@cvs.openbsd.org 2003/01/23 13:50:27 + [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] + ssh-add -c, prompt user for confirmation (using ssh-askpass) when + private agent key is used; with djm@; test by dugsong@, djm@; + ok deraadt@ 20030123 - (djm) OpenBSD CVS Sync @@ -1062,4 +1067,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2583 2003/01/24 00:34:52 djm Exp $ +$Id: ChangeLog,v 1.2584 2003/01/24 00:36:23 djm Exp $ diff --git a/authfd.c b/authfd.c index f04e0858b..a186e0117 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $"); #include @@ -499,10 +499,10 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) int ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, - const char *comment, u_int life) + const char *comment, u_int life, u_int confirm) { Buffer msg; - int type, constrained = (life != 0); + int type, constrained = (life || confirm); buffer_init(&msg); @@ -532,6 +532,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); buffer_put_int(&msg, life); } + if (confirm != 0) + buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM); } if (ssh_request_reply(auth, &msg, &msg) == 0) { buffer_free(&msg); @@ -545,7 +547,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, int ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) { - return ssh_add_identity_constrained(auth, key, comment, 0); + return ssh_add_identity_constrained(auth, key, comment, 0, 0); } /* diff --git a/authfd.h b/authfd.h index 38ee49e88..2a8751ec1 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */ +/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */ /* * Author: Tatu Ylonen @@ -51,6 +51,7 @@ #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 #define SSH_AGENT_CONSTRAIN_LIFETIME 1 +#define SSH_AGENT_CONSTRAIN_CONFIRM 2 /* extended failure messages */ #define SSH2_AGENT_FAILURE 30 @@ -76,7 +77,8 @@ int ssh_get_num_identities(AuthenticationConnection *, int); Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); int ssh_add_identity(AuthenticationConnection *, Key *, const char *); -int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int); +int ssh_add_identity_constrained(AuthenticationConnection *, Key *, + const char *, u_int, u_int); int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_lock_agent(AuthenticationConnection *, int, const char *); diff --git a/readpass.c b/readpass.c index 96b7e84b4..95ec5d873 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $"); #include "xmalloc.h" #include "readpass.h" @@ -46,11 +46,11 @@ ssh_askpass(char *askpass, const char *msg) fatal("internal error: askpass undefined"); if (pipe(p) < 0) { error("ssh_askpass: pipe: %s", strerror(errno)); - return xstrdup(""); + return NULL; } if ((pid = fork()) < 0) { error("ssh_askpass: fork: %s", strerror(errno)); - return xstrdup(""); + return NULL; } if (pid == 0) { seteuid(getuid()); @@ -79,6 +79,11 @@ ssh_askpass(char *askpass, const char *msg) if (errno != EINTR) break; + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + memset(buf, 0, sizeof(buf)); + return NULL; + } + buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); memset(buf, 0, sizeof(buf)); @@ -115,7 +120,10 @@ read_passphrase(const char *prompt, int flags) askpass = getenv(SSH_ASKPASS_ENV); else askpass = _PATH_SSH_ASKPASS_DEFAULT; - return ssh_askpass(askpass, prompt); + if ((ret = ssh_askpass(askpass, prompt)) == NULL) + if (!(flags & RP_ALLOW_EOF)) + return xstrdup(""); + return ret; } if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { diff --git a/ssh-add.1 b/ssh-add.1 index 2a34a5133..66a8f9715 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $ +.\" $OpenBSD: ssh-add.1,v 1.36 2003/01/23 13:50:27 markus Exp $ .\" .\" -*- nroff -*- .\" @@ -45,7 +45,7 @@ .Nd adds RSA or DSA identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl lLdDxX +.Op Fl lLdDxXc .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -93,6 +93,14 @@ Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in .Xr sshd 8 . +.It Fl c +Indicates that added identities should be subject to confirmation before +being used for authentication. Confirmation is performed by the +.Ev SSH_ASKPASS +program mentioned below. Successful confirmation is signaled by a zero +exit status from the +.Ev SSH_ASKPASS +program, rather than text entered into the requester. .It Fl s Ar reader Add key in smartcard .Ar reader . diff --git a/ssh-add.c b/ssh-add.c index 4f4ab3a06..0c2ce163c 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.64 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.65 2003/01/23 13:50:27 markus Exp $"); #include @@ -70,6 +70,9 @@ static char *default_files[] = { /* Default lifetime (0 == forever) */ static int lifetime = 0; +/* User has to confirm key use */ +static int confirm = 0; + /* we keep a cache of one passphrases */ static char *pass = NULL; static void @@ -165,12 +168,16 @@ add_file(AuthenticationConnection *ac, const char *filename) } } - if (ssh_add_identity_constrained(ac, private, comment, lifetime)) { + if (ssh_add_identity_constrained(ac, private, comment, lifetime, + confirm)) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; if (lifetime != 0) fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); + if (confirm != 0) + fprintf(stderr, + "The user has to confirm each use of the key\n"); } else if (ssh_add_identity(ac, private, comment)) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; @@ -292,6 +299,7 @@ usage(void) fprintf(stderr, " -x Lock agent.\n"); fprintf(stderr, " -X Unlock agent.\n"); fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); + fprintf(stderr, " -c Require confirmation to sign using identities\n"); #ifdef SMARTCARD fprintf(stderr, " -s reader Add key in smartcard reader.\n"); fprintf(stderr, " -e reader Remove key in smartcard reader.\n"); @@ -319,7 +327,7 @@ main(int argc, char **argv) fprintf(stderr, "Could not open a connection to your authentication agent.\n"); exit(2); } - while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) { + while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { switch (ch) { case 'l': case 'L': @@ -333,6 +341,9 @@ main(int argc, char **argv) ret = 1; goto done; break; + case 'c': + confirm = 1; + break; case 'd': deleting = 1; break; diff --git a/ssh-agent.c b/ssh-agent.c index 554f8942a..b18dd980c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.106 2003/01/21 18:14:36 marc Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.107 2003/01/23 13:50:27 markus Exp $"); #include #include @@ -50,6 +50,8 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.106 2003/01/21 18:14:36 marc Exp $"); #include "authfd.h" #include "compat.h" #include "log.h" +#include "readpass.h" +#include "misc.h" #ifdef SMARTCARD #include "scard.h" @@ -77,6 +79,7 @@ typedef struct identity { Key *key; char *comment; u_int death; + u_int confirm; } Identity; typedef struct { @@ -162,6 +165,30 @@ lookup_identity(Key *key, int version) return (NULL); } +/* Check confirmation of keysign request */ +static int +confirm_key(Identity *id) +{ + char *p, prompt[1024]; + int ret = -1; + + p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); + snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" + "Key fingerprint %s.", id->comment, p); + xfree(p); + p = read_passphrase(prompt, RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) + ret = 0; + xfree(p); + } + return (ret); +} + /* send list of supported public keys to 'client' */ static void process_request_identities(SocketEntry *e, int version) @@ -225,7 +252,7 @@ process_authentication_challenge1(SocketEntry *e) goto failure; id = lookup_identity(key, 1); - if (id != NULL) { + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { Key *private = id->key; /* Decrypt the challenge using the private key. */ if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) @@ -285,7 +312,7 @@ process_sign_request2(SocketEntry *e) key = key_from_blob(blob, blen); if (key != NULL) { Identity *id = lookup_identity(key, 2); - if (id != NULL) + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); } key_free(key); @@ -405,7 +432,7 @@ static void process_add_identity(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - int type, success = 0, death = 0; + int type, success = 0, death = 0, confirm = 0; char *type_name, *comment; Key *k = NULL; @@ -467,6 +494,9 @@ process_add_identity(SocketEntry *e, int version) case SSH_AGENT_CONSTRAIN_LIFETIME: death = time(NULL) + buffer_get_int(&e->request); break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; default: break; } @@ -478,6 +508,7 @@ process_add_identity(SocketEntry *e, int version) id->key = k; id->comment = comment; id->death = death; + id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); /* Increment the number of identities. */ tab->nentries++; @@ -562,6 +593,7 @@ process_add_smartcard_key (SocketEntry *e) id->key = k; id->comment = xstrdup("smartcard key"); id->death = 0; + id->confirm = 0; TAILQ_INSERT_TAIL(&tab->idlist, id, next); tab->nentries++; success = 1; @@ -942,7 +974,8 @@ usage(void) int main(int ac, char **av) { - int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; + int sock, fd, ch, nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; @@ -1128,9 +1161,14 @@ main(int ac, char **av) } (void)chdir("/"); - close(0); - close(1); - close(2); + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + /* XXX might close listen socket */ + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) + close(fd); + } #ifdef HAVE_SETRLIMIT /* deny core dumps, since memory contains unencrypted private keys */ -- cgit v1.2.3 From ff74d748e941fd9078aa8ac3fddecd249ab8ceb2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Jan 2003 11:36:58 +1100 Subject: - markus@cvs.openbsd.org 2003/01/23 14:01:53 [scp.c] bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@ --- ChangeLog | 5 +++- scp.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 80 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2fb0b941e..b0255a778 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@ + - markus@cvs.openbsd.org 2003/01/23 14:01:53 + [scp.c] + bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@ 20030123 - (djm) OpenBSD CVS Sync @@ -1067,4 +1070,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2584 2003/01/24 00:36:23 djm Exp $ +$Id: ChangeLog,v 1.2585 2003/01/24 00:36:58 djm Exp $ diff --git a/scp.c b/scp.c index 616dd3783..ae0a1ead6 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.98 2003/01/10 10:29:35 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.99 2003/01/23 14:01:53 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -90,9 +90,14 @@ extern char *__progname; char *__progname; #endif +void bwlimit(int); + /* Struct for addargs */ arglist args; +/* Bandwidth limit */ +off_t limit = 0; + /* Name of current file being transferred. */ char *curfile; @@ -206,7 +211,8 @@ main(argc, argv) char *argv[]; { int ch, fflag, tflag, status; - char *targ; + double speed; + char *targ, *endp; extern char *optarg; extern int optind; @@ -219,7 +225,7 @@ main(argc, argv) addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q46S:o:F:")) != -1) switch (ch) { /* User-visible flags. */ case '4': @@ -239,6 +245,12 @@ main(argc, argv) case 'B': addargs(&args, "-oBatchmode yes"); break; + case 'l': + speed = strtod(optarg, &endp); + if (speed <= 0 || *endp != '\0') + usage(); + limit = speed * 1024; + break; case 'p': pflag = 1; break; @@ -578,6 +590,8 @@ next: (void) close(fd); haderr = result >= 0 ? EIO : errno; statbytes += result; } + if (limit) + bwlimit(amt); } if (showprogress) stop_progress_meter(); @@ -647,6 +661,60 @@ rsource(name, statp) (void) response(); } +void +bwlimit(int amount) +{ + static struct timeval bwstart, bwend; + static int lamt, thresh = 16384; + u_int64_t wait; + struct timespec ts, rm; + + if (!timerisset(&bwstart)) { + gettimeofday(&bwstart, NULL); + return; + } + + lamt += amount; + if (lamt < thresh) + return; + + gettimeofday(&bwend, NULL); + timersub(&bwend, &bwstart, &bwend); + if (!timerisset(&bwend)) + return; + + lamt *= 8; + wait = (double)1000000L * lamt / limit; + + bwstart.tv_sec = wait / 1000000L; + bwstart.tv_usec = wait % 1000000L; + + if (timercmp(&bwstart, &bwend, >)) { + timersub(&bwstart, &bwend, &bwend); + + /* Adjust the wait time */ + if (bwend.tv_sec) { + thresh /= 2; + if (thresh < 2048) + thresh = 2048; + } else if (bwend.tv_usec < 100) { + thresh *= 2; + if (thresh > 32768) + thresh = 32768; + } + + TIMEVAL_TO_TIMESPEC(&bwend, &ts); + while (nanosleep(&ts, &rm) == -1) { + if (errno != EINTR) + break; + ts = rm; + } + } + + lamt = 0; + gettimeofday(&bwstart, NULL); +} + void sink(argc, argv) int argc; @@ -844,6 +912,10 @@ bad: run_err("%s: %s", np, strerror(errno)); cp += j; statbytes += j; } while (amt > 0); + + if (limit) + bwlimit(4096); + if (count == bp->cnt) { /* Keep reading so we stay sync'd up. */ if (wrerr == NO) { @@ -954,7 +1026,7 @@ usage(void) { (void) fprintf(stderr, "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n" - " [-c cipher] [-i identity] [-o option]\n" + " [-c cipher] [-i identity] [-l limit] [-o option]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); } -- cgit v1.2.3 From 8e12147df54c5e490e847bbc0ede41ac0a17af9c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Jan 2003 11:37:38 +1100 Subject: - markus@cvs.openbsd.org 2003/01/23 14:06:15 [scp.1 scp.c] scp -12; Sam Smith and others; ok provos@, deraadt@ --- ChangeLog | 5 ++++- scp.1 | 14 +++++++++++--- scp.c | 8 +++++--- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b0255a778..0875c7026 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ - markus@cvs.openbsd.org 2003/01/23 14:01:53 [scp.c] bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@ + - markus@cvs.openbsd.org 2003/01/23 14:06:15 + [scp.1 scp.c] + scp -12; Sam Smith and others; ok provos@, deraadt@ 20030123 - (djm) OpenBSD CVS Sync @@ -1070,4 +1073,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2585 2003/01/24 00:36:58 djm Exp $ +$Id: ChangeLog,v 1.2586 2003/01/24 00:37:38 djm Exp $ diff --git a/scp.1 b/scp.1 index 396ab64be..9cddd59a7 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.24 2003/01/23 14:06:15 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -19,7 +19,7 @@ .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp -.Op Fl pqrvBC46 +.Op Fl pqrvBC1246 .Op Fl F Ar ssh_config .Op Fl S Ar program .Op Fl P Ar port @@ -123,8 +123,16 @@ This is useful for specifying options for which there is no separate .Nm scp command-line flag. For example, forcing the use of protocol -version 1 is specified using +version 1 can be specified using .Ic scp -oProtocol=1 . +.It Fl 1 +Forces +.Nm +to use protocol 1. +.It Fl 2 +Forces +.Nm +to use protocol 2. .It Fl 4 Forces .Nm diff --git a/scp.c b/scp.c index ae0a1ead6..60484e769 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.99 2003/01/23 14:01:53 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -225,9 +225,11 @@ main(argc, argv) addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q46S:o:F:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) switch (ch) { /* User-visible flags. */ + case '1': + case '2': case '4': case '6': case 'C': @@ -1025,7 +1027,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n" + "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" " [-c cipher] [-i identity] [-l limit] [-o option]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); -- cgit v1.2.3 From 3bc0c062abf4d7a41373694ae04363579e2345e4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Jan 2003 11:50:32 +1100 Subject: - (djm) Add TIMEVAL_TO_TIMESPEC macros --- ChangeLog | 3 ++- defines.h | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0875c7026..70ce05524 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,7 @@ - markus@cvs.openbsd.org 2003/01/23 14:06:15 [scp.1 scp.c] scp -12; Sam Smith and others; ok provos@, deraadt@ + - (djm) Add TIMEVAL_TO_TIMESPEC macros 20030123 - (djm) OpenBSD CVS Sync @@ -1073,4 +1074,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2586 2003/01/24 00:37:38 djm Exp $ +$Id: ChangeLog,v 1.2587 2003/01/24 00:50:32 djm Exp $ diff --git a/defines.h b/defines.h index ab19a077c..73fbe077b 100644 --- a/defines.h +++ b/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ +/* $Id: defines.h,v 1.97 2003/01/24 00:50:32 djm Exp $ */ /* Constants */ @@ -370,6 +370,20 @@ struct winsize { } while (0) #endif +#ifndef TIMEVAL_TO_TIMESPEC +#define TIMEVAL_TO_TIMESPEC(tv, ts) { \ + (ts)->tv_sec = (tv)->tv_sec; \ + (ts)->tv_nsec = (tv)->tv_usec * 1000; \ +} +#endif + +#ifndef TIMESPEC_TO_TIMEVAL +#define TIMESPEC_TO_TIMEVAL(tv, ts) { \ + (tv)->tv_sec = (ts)->tv_sec; \ + (tv)->tv_usec = (ts)->tv_nsec / 1000; \ +} +#endif + #ifndef __P # define __P(x) x #endif -- cgit v1.2.3 From 6dc562a7aacbedbf9d2dfcef19fcba19c226b453 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 27 Jan 2003 21:15:10 +0000 Subject: - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for cray. Also removed test for tcgetpgrp in configure.ac since it is no longer used. --- ChangeLog | 7 ++++++- configure.ac | 5 ++--- openbsd-compat/bsd-cray.h | 4 +++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70ce05524..2dd3bc6f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +200301027 + - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for + cray. Also removed test for tcgetpgrp in configure.ac since it + is no longer used. + 20030124 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2003/01/23 08:58:47 @@ -1074,4 +1079,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2587 2003/01/24 00:50:32 djm Exp $ +$Id: ChangeLog,v 1.2588 2003/01/27 21:15:10 mouring Exp $ diff --git a/configure.ac b/configure.ac index b85f1884e..870def2ae 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.102 2003/01/20 04:20:25 tim Exp $ +# $Id: configure.ac,v 1.103 2003/01/27 21:15:10 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -610,8 +610,7 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ socketpair strerror strlcat strlcpy strmode strnvis sysconf \ - tcgetpgrp truncate utimes vhangup vsnprintf waitpid __b64_ntop \ - _getpty) + truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) dnl Make sure strsep prototype is defined before defining HAVE_STRSEP AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 8868b4364..9a15cb251 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ + * $Id: bsd-cray.h,v 1.6 2003/01/27 21:15:11 mouring Exp $ * * bsd-cray.h * @@ -49,6 +49,8 @@ extern char cray_tmpdir[]; /* cray tmpdir */ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif +#include +#define TIOCGPGRP (tIOC|20) #endif #endif /* _BSD_CRAY_H */ -- cgit v1.2.3 From cd6853c31c226d4538f0a46b4ebcdcc734d4b6c0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 28 Jan 2003 11:33:42 +1100 Subject: - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au and openssh-unix-dev@thewrittenword.com --- ChangeLog | 6 +++++- acconfig.h | 5 ++++- configure.ac | 4 +++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2dd3bc6f5..f6a07fd91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +200301028 + - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au + and openssh-unix-dev@thewrittenword.com + 200301027 - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for cray. Also removed test for tcgetpgrp in configure.ac since it @@ -1079,4 +1083,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2588 2003/01/27 21:15:10 mouring Exp $ +$Id: ChangeLog,v 1.2589 2003/01/28 00:33:42 djm Exp $ diff --git a/acconfig.h b/acconfig.h index cf5f961f2..b28966084 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.147 2003/01/12 23:04:59 djm Exp $ */ +/* $Id: acconfig.h,v 1.148 2003/01/28 00:33:44 djm Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -371,6 +371,9 @@ #undef SETPROCTITLE_STRATEGY #undef SETPROCTITLE_PS_PADDING +/* Some systems put this outside of libc */ +#undef HAVE_NANOSLEEP + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/configure.ac b/configure.ac index 870def2ae..f66104e78 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.103 2003/01/27 21:15:10 mouring Exp $ +# $Id: configure.ac,v 1.104 2003/01/28 00:33:44 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -612,6 +612,8 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strnvis sysconf \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) + dnl Make sure strsep prototype is defined before defining HAVE_STRSEP AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) -- cgit v1.2.3 From 4d9dc1aa82a8c1e5feaef74ba1ee532b02823947 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 30 Jan 2003 10:20:56 +1100 Subject: - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au --- ChangeLog | 5 ++++- auth-passwd.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f6a07fd91..300552af3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030130 + - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au + 200301028 - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au and openssh-unix-dev@thewrittenword.com @@ -1083,4 +1086,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2589 2003/01/28 00:33:42 djm Exp $ +$Id: ChangeLog,v 1.2590 2003/01/29 23:20:56 djm Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index d419fa0d2..9901d4842 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -117,7 +117,7 @@ auth_password(Authctxt *authctxt, const char *password) if (pw == NULL) return 0; #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) -- cgit v1.2.3 From 4b0f1ad4dbf1e3c42e9043ce0b0739a89f5b4c86 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sat, 1 Feb 2003 04:43:34 +0000 Subject: - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by dtucker@zip.com.au --- ChangeLog | 6 +++++- configure.ac | 8 ++++---- openbsd-compat/port-aix.h | 11 +++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 300552af3..a6acb5c50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030131 + - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by + dtucker@zip.com.au + 20030130 - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au @@ -1086,4 +1090,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2590 2003/01/29 23:20:56 djm Exp $ +$Id: ChangeLog,v 1.2591 2003/02/01 04:43:34 mouring Exp $ diff --git a/configure.ac b/configure.ac index f66104e78..608127f55 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.104 2003/01/28 00:33:44 djm Exp $ +# $Id: configure.ac,v 1.105 2003/02/01 04:43:34 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -388,7 +388,7 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ - sys/stropts.h sys/sysmacros.h sys/time.h \ + sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) @@ -604,8 +604,8 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ clock fchmod fchown freeaddrinfo futimes gai_strerror \ getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ getrlimit getrusage getttyent glob inet_aton inet_ntoa \ - inet_ntop innetgr login_getcapbool md5_crypt memmove \ - mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo pstat readpassphrase \ + inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp \ + mmap ngetaddrinfo nsleep openpty ogetaddrinfo pstat readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 79570a206..4abe00316 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -25,5 +25,16 @@ */ #ifdef _AIX + +/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ +#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) +# define nanosleep(a,b) nsleep(a,b) +#endif + +/* For struct timespec on AIX 4.2.x */ +#ifdef HAVE_SYS_TIMERS_H +# include +#endif + void aix_usrinfo(struct passwd *pw); #endif /* _AIX */ -- cgit v1.2.3 From 850b942037d527117a38d4e0350a5ee786020779 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Feb 2003 10:50:42 +1100 Subject: - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a string service name. Suggested by markus@, review by itojun@ --- ChangeLog | 6 +++++- openbsd-compat/fake-getaddrinfo.c | 24 +++++++++++++++++------- openbsd-compat/fake-getaddrinfo.h | 4 ++-- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6acb5c50..af9bf9a48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030206 + - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a + string service name. Suggested by markus@, review by itojun@ + 20030131 - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by dtucker@zip.com.au @@ -1090,4 +1094,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2591 2003/02/01 04:43:34 mouring Exp $ +$Id: ChangeLog,v 1.2592 2003/02/05 23:51:06 djm Exp $ diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c index 67e9eb788..2a2f269cb 100644 --- a/openbsd-compat/fake-getaddrinfo.c +++ b/openbsd-compat/fake-getaddrinfo.c @@ -12,10 +12,10 @@ #include "includes.h" #include "ssh.h" -RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $"); +RCSID("$Id: fake-getaddrinfo.c,v 1.3 2003/02/05 23:50:42 djm Exp $"); #ifndef HAVE_GAI_STRERROR -char *gai_strerror(int ecode) +const char *gai_strerror(int ecode) { switch (ecode) { case EAI_NODATA: @@ -67,13 +67,23 @@ int getaddrinfo(const char *hostname, const char *servname, { struct addrinfo *cur, *prev = NULL; struct hostent *hp; + struct servent *sp; struct in_addr in; - int i, port; + int i; + long int port; - if (servname) - port = htons(atoi(servname)); - else - port = 0; + port = 0; + if (servname != NULL) { + char *cp; + + port = strtol(servname, &cp, 10); + if (port > 0 && port <= 65535 && *cp == '\0') + port = htons(port); + else if ((sp = getservbyname(servname, NULL)) != NULL) + port = sp->s_port; + else + port = 0; + } if (hints && hints->ai_flags & AI_PASSIVE) { if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) diff --git a/openbsd-compat/fake-getaddrinfo.h b/openbsd-compat/fake-getaddrinfo.h index afd0226e2..a14a2cc11 100644 --- a/openbsd-compat/fake-getaddrinfo.h +++ b/openbsd-compat/fake-getaddrinfo.h @@ -1,4 +1,4 @@ -/* $Id: fake-getaddrinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */ +/* $Id: fake-getaddrinfo.h,v 1.3 2003/02/05 23:50:43 djm Exp $ */ #ifndef _FAKE_GETADDRINFO_H #define _FAKE_GETADDRINFO_H @@ -37,7 +37,7 @@ int getaddrinfo(const char *hostname, const char *servname, #endif /* !HAVE_GETADDRINFO */ #ifndef HAVE_GAI_STRERROR -char *gai_strerror(int ecode); +const char *gai_strerror(int ecode); #endif /* !HAVE_GAI_STRERROR */ #ifndef HAVE_FREEADDRINFO -- cgit v1.2.3 From c8936acfe1a3c570d79d8868f636c94adba3ca36 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 11 Feb 2003 10:04:03 +1100 Subject: - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com --- ChangeLog | 5 ++++- configure.ac | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index af9bf9a48..c152b768e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030211 + - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com + 20030206 - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a string service name. Suggested by markus@, review by itojun@ @@ -1094,4 +1097,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2592 2003/02/05 23:51:06 djm Exp $ +$Id: ChangeLog,v 1.2593 2003/02/10 23:04:03 djm Exp $ diff --git a/configure.ac b/configure.ac index 608127f55..03c5358fe 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.105 2003/02/01 04:43:34 mouring Exp $ +# $Id: configure.ac,v 1.106 2003/02/10 23:04:03 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -86,6 +86,7 @@ case "$host" in AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') ;; *-*-cygwin*) + check_for_libcrypt_later=1 LIBS="$LIBS /usr/lib/textmode.o" AC_DEFINE(HAVE_CYGWIN) AC_DEFINE(USE_PIPES) -- cgit v1.2.3 From 0775976dc61e0c172b3b508cd13f087e477c5793 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:48:22 +1100 Subject: - (djm) Tweak gnome-ssh-askpass2: - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't immediately fail if you are doing something else when it appears (e.g. dragging a window) - Perform server grab after we have the keyboard and/or pointer to avoid races. --- ChangeLog | 10 ++++++++- contrib/gnome-ssh-askpass2.c | 50 +++++++++++++++++++++++++++++--------------- 2 files changed, 42 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index c152b768e..00a854fc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20030224 + - (djm) Tweak gnome-ssh-askpass2: + - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't + immediately fail if you are doing something else when it appears (e.g. + dragging a window) + - Perform server grab after we have the keyboard and/or pointer to avoid + races. + 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1097,4 +1105,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2593 2003/02/10 23:04:03 djm Exp $ +$Id: ChangeLog,v 1.2594 2003/02/24 00:48:22 djm Exp $ diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 89a412aa8..9e8eaf920 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c @@ -36,10 +36,13 @@ * you don't trust your X server. We grab the keyboard always. */ +#define GRAB_TRIES 16 +#define GRAB_WAIT 250 /* milliseconds */ + /* * Compile with: * - * cc `pkg-config --cflags gtk+-2.0` \ + * cc -Wall `pkg-config --cflags gtk+-2.0` \ * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ * `pkg-config --libs gtk+-2.0` * @@ -48,6 +51,7 @@ #include #include #include +#include #include #include #include @@ -84,13 +88,13 @@ passphrase_dialog(char *message) { const char *failed; char *passphrase, *local; - char **messages; - int result, i, grab_server, grab_pointer; - GtkWidget *dialog, *entry, *label; + int result, grab_tries, grab_server, grab_pointer; + GtkWidget *dialog, *entry; GdkGrabStatus status; grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); + grab_tries = 0; dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION, @@ -117,23 +121,35 @@ passphrase_dialog(char *message) /* Grab focus */ gtk_widget_show_now(dialog); - if (grab_server) { - gdk_x11_grab_server(); - } if (grab_pointer) { - status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE, - 0, NULL, NULL, GDK_CURRENT_TIME); - if (status != GDK_GRAB_SUCCESS) { - failed = "mouse"; - goto nograb; + for(;;) { + status = gdk_pointer_grab( + (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, + NULL, GDK_CURRENT_TIME); + if (status == GDK_GRAB_SUCCESS) + break; + usleep(GRAB_WAIT * 1000); + if (++grab_tries > GRAB_TRIES) { + failed = "mouse"; + goto nograb; + } } } - status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE, - GDK_CURRENT_TIME); - if (status != GDK_GRAB_SUCCESS) { - failed = "keyboard"; - goto nograbkb; + for(;;) { + status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, + FALSE, GDK_CURRENT_TIME); + if (status == GDK_GRAB_SUCCESS) + break; + usleep(GRAB_WAIT * 1000); + if (++grab_tries > GRAB_TRIES) { + failed = "keyboard"; + goto nograbkb; + } } + if (grab_server) { + gdk_x11_grab_server(); + } + result = gtk_dialog_run(GTK_DIALOG(dialog)); /* Ungrab */ -- cgit v1.2.3 From 180fc5b23682ec39964b70dc3a43f9658b7c4acb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:50:18 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/01/27 17:06:31 [sshd.c] more specific error message when /var/empty has wrong permissions; bug #46, map@appgate.com; ok henning@, provos@, stevesk@ --- ChangeLog | 7 ++++++- sshd.c | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 00a854fc2..7f4f4e766 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ dragging a window) - Perform server grab after we have the keyboard and/or pointer to avoid races. + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/01/27 17:06:31 + [sshd.c] + more specific error message when /var/empty has wrong permissions; + bug #46, map@appgate.com; ok henning@, provos@, stevesk@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1105,4 +1110,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2594 2003/02/24 00:48:22 djm Exp $ +$Id: ChangeLog,v 1.2595 2003/02/24 00:50:18 djm Exp $ diff --git a/sshd.c b/sshd.c index 8a7ec6b8e..ca2d4d1bc 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.261 2002/11/07 16:28:47 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.262 2003/01/27 17:06:31 markus Exp $"); #include #include @@ -1066,8 +1066,8 @@ main(int ac, char **av) #else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) #endif - fatal("Bad owner or mode for %s", - _PATH_PRIVSEP_CHROOT_DIR); + fatal("%s must be owned by root and not group or " + "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */ -- cgit v1.2.3 From 8ee66a21cd0d033f8e8207b83f941ab7771b9ca3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:50:50 +1100 Subject: - markus@cvs.openbsd.org 2003/01/28 16:11:52 [scp.1] document -l; pekkas@netcore.fi --- ChangeLog | 5 ++++- scp.1 | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f4f4e766..457f16b0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ [sshd.c] more specific error message when /var/empty has wrong permissions; bug #46, map@appgate.com; ok henning@, provos@, stevesk@ + - markus@cvs.openbsd.org 2003/01/28 16:11:52 + [scp.1] + document -l; pekkas@netcore.fi 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1110,4 +1113,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2595 2003/02/24 00:50:18 djm Exp $ +$Id: ChangeLog,v 1.2596 2003/02/24 00:50:50 djm Exp $ diff --git a/scp.1 b/scp.1 index 9cddd59a7..59887482f 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.24 2003/01/23 14:06:15 markus Exp $ +.\" $OpenBSD: scp.1,v 1.25 2003/01/28 16:11:52 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -25,6 +25,7 @@ .Op Fl P Ar port .Op Fl c Ar cipher .Op Fl i Ar identity_file +.Op Fl l Ar limit .Op Fl o Ar ssh_option .Sm off .Oo @@ -68,6 +69,8 @@ Selects the file from which the identity (private key) for RSA authentication is read. This option is directly passed to .Xr ssh 1 . +.It Fl l Ar limit +Limits the used bandwidth, specified in Kbit/s. .It Fl p Preserves modification times, access times, and modes from the original file. -- cgit v1.2.3 From 2eb26e89c5472e6b3041bb5c776e819835bcbf4c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:51:32 +1100 Subject: - stevesk@cvs.openbsd.org 2003/01/28 17:24:51 [scp.1] remove example not pertinent with -1 addition; ok markus@ --- ChangeLog | 5 ++++- scp.1 | 6 ++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 457f16b0c..29328aa3f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - markus@cvs.openbsd.org 2003/01/28 16:11:52 [scp.1] document -l; pekkas@netcore.fi + - stevesk@cvs.openbsd.org 2003/01/28 17:24:51 + [scp.1] + remove example not pertinent with -1 addition; ok markus@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1113,4 +1116,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2596 2003/02/24 00:50:50 djm Exp $ +$Id: ChangeLog,v 1.2597 2003/02/24 00:51:32 djm Exp $ diff --git a/scp.1 b/scp.1 index 59887482f..89ebf7089 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.25 2003/01/28 16:11:52 markus Exp $ +.\" $OpenBSD: scp.1,v 1.26 2003/01/28 17:24:51 stevesk Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -125,9 +125,7 @@ in the format used in This is useful for specifying options for which there is no separate .Nm scp -command-line flag. For example, forcing the use of protocol -version 1 can be specified using -.Ic scp -oProtocol=1 . +command-line flag. .It Fl 1 Forces .Nm -- cgit v1.2.3 From ffadc583f63eb8b37750bdce6b70c6102ae621b4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:52:26 +1100 Subject: - jmc@cvs.openbsd.org 2003/01/31 21:54:40 [sshd.8] typos; sshd(8): help and ok markus@ help and ok millert@ --- ChangeLog | 6 +++++- sshd.8 | 31 +++++++++++++++++++------------ 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 29328aa3f..a966fbdde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ - stevesk@cvs.openbsd.org 2003/01/28 17:24:51 [scp.1] remove example not pertinent with -1 addition; ok markus@ + - jmc@cvs.openbsd.org 2003/01/31 21:54:40 + [sshd.8] + typos; sshd(8): help and ok markus@ + help and ok millert@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1116,4 +1120,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2597 2003/02/24 00:51:32 djm Exp $ +$Id: ChangeLog,v 1.2598 2003/02/24 00:52:26 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 22ab70e00..a99c4f162 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ +.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -43,6 +43,7 @@ .Nd OpenSSH SSH daemon .Sh SYNOPSIS .Nm sshd +.Bk -words .Op Fl deiqtD46 .Op Fl b Ar bits .Op Fl f Ar config_file @@ -52,6 +53,7 @@ .Op Fl o Ar option .Op Fl p Ar port .Op Fl u Ar len +.Ek .Sh DESCRIPTION .Nm (SSH Daemon) is the daemon program for @@ -75,7 +77,7 @@ This implementation of .Nm supports both SSH protocol version 1 and 2 simultaneously. .Nm -works as follows. +works as follows: .Pp .Ss SSH protocol version 1 .Pp @@ -86,7 +88,7 @@ the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. .Pp -Whenever a client connects the daemon responds with its public +Whenever a client connects, the daemon responds with its public host and server keys. The client compares the RSA host key against its own database to verify that it has not changed. @@ -119,7 +121,7 @@ System security is not improved unless .Nm rshd , .Nm rlogind , and -.Xr rexecd +.Nm rexecd are disabled (thus completely disabling .Xr rlogin and @@ -189,7 +191,9 @@ The server sends verbose debug output to the system log, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for debugging for the server. -Multiple -d options increase the debugging level. +Multiple +.Fl d +options increase the debugging level. Maximum is 3. .It Fl e When this option is specified, @@ -225,7 +229,8 @@ the different protocol versions and host key algorithms. .It Fl i Specifies that .Nm -is being run from inetd. +is being run from +.Xr inetd 8 . .Nm is normally not run from inetd because it needs to generate the server key before it can @@ -282,7 +287,7 @@ should be put into the .Pa utmp file. .Fl u0 -is also be used to prevent +may also be used to prevent .Nm from making DNS requests unless the authentication mechanism or configuration requires it. @@ -446,7 +451,7 @@ authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. -If a 8-bit clean channel is required, +If an 8-bit clean channel is required, one must not request a pty or should specify .Cm no-pty . A quote may be included in the command by quoting it with a backslash. @@ -506,7 +511,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The -.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. @@ -627,7 +632,7 @@ These files should be writable only by root/the owner. .Pa /etc/ssh/ssh_known_hosts should be world-readable, and .Pa $HOME/.ssh/known_hosts -can but need not be world-readable. +can, but need not be, world-readable. .It Pa /etc/nologin If this file exists, .Nm @@ -644,7 +649,7 @@ Further details are described in This file contains host-username pairs, separated by a space, one per line. The given user on the corresponding host is permitted to log in -without password. +without a password. The same file is used by rlogind and rshd. The file must be writable only by the user; it is recommended that it not be @@ -713,7 +718,9 @@ controlled via the .Cm PermitUserEnvironment option. .It Pa $HOME/.ssh/rc -If this file exists, it is run with /bin/sh after reading the +If this file exists, it is run with +.Pa /bin/sh +after reading the environment files but before starting the user's shell or command. It must not produce any output on stdout; stderr must be used instead. -- cgit v1.2.3 From eeeeb3517e3b878bc4d2f8db9cbebd8e912b0cca Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:52:58 +1100 Subject: - markus@cvs.openbsd.org 2003/02/02 10:51:13 [scp.c] call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@ --- ChangeLog | 6 +++++- scp.c | 23 +++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index a966fbdde..c36f52055 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,10 @@ [sshd.8] typos; sshd(8): help and ok markus@ help and ok millert@ + - markus@cvs.openbsd.org 2003/02/02 10:51:13 + [scp.c] + call okname() only when using system(3) for remote-remote copy; + fixes bugs #483, #472; ok deraadt@, mouring@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1120,4 +1124,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2598 2003/02/24 00:52:26 djm Exp $ +$Id: ChangeLog,v 1.2599 2003/02/24 00:52:58 djm Exp $ diff --git a/scp.c b/scp.c index 60484e769..e44a1cf69 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -370,8 +370,6 @@ toremote(targ, argc, argv) tuser = argv[argc - 1]; if (*tuser == '\0') tuser = NULL; - else if (!okname(tuser)) - exit(1); } else { thost = argv[argc - 1]; tuser = NULL; @@ -399,6 +397,8 @@ toremote(targ, argc, argv) suser = pwd->pw_name; else if (!okname(suser)) continue; + if (tuser && !okname(tuser)) + continue; snprintf(bp, len, "%s%s %s -n " "-l %s %s %s %s '%s%s%s:%s'", @@ -472,8 +472,6 @@ tolocal(argc, argv) suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; - else if (!okname(suser)) - continue; } host = cleanhostname(host); len = strlen(src) + CMDNEEDS + 20; @@ -1085,9 +1083,18 @@ okname(cp0) c = (int)*cp; if (c & 0200) goto bad; - if (!isalpha(c) && !isdigit(c) && - c != '@' && c != '_' && c != '-' && c != '.' && c != '+') - goto bad; + if (!isalpha(c) && !isdigit(c)) { + switch (c) { + case '\'': + case '"': + case '`': + case ' ': + case '#': + goto bad; + default: + break; + } + } } while (*++cp); return (1); -- cgit v1.2.3 From babb47a059148bb97de254f8964dffe7dab213dc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:53:32 +1100 Subject: - markus@cvs.openbsd.org 2003/02/02 10:56:08 [kex.c] add support for key exchange guesses; based on work by avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@ --- ChangeLog | 6 +++++- kex.c | 41 +++++++++++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c36f52055..bea81ad19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,10 @@ [scp.c] call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@ + - markus@cvs.openbsd.org 2003/02/02 10:56:08 + [kex.c] + add support for key exchange guesses; based on work by + avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1124,4 +1128,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2599 2003/02/24 00:52:58 djm Exp $ +$Id: ChangeLog,v 1.2600 2003/02/24 00:53:32 djm Exp $ diff --git a/kex.c b/kex.c index 113663598..0a861fb97 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.53 2003/02/02 10:56:08 markus Exp $"); #include @@ -74,7 +74,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) /* parse buffer and return algorithm proposal */ static char ** -kex_buf2prop(Buffer *raw) +kex_buf2prop(Buffer *raw, int *first_kex_follows) { Buffer b; int i; @@ -94,6 +94,8 @@ kex_buf2prop(Buffer *raw) } /* first kex follows / reserved */ i = buffer_get_char(&b); + if (first_kex_follows != NULL) + *first_kex_follows = i; debug2("kex_parse_kexinit: first_kex_follows %d ", i); i = buffer_get_int(&b); debug2("kex_parse_kexinit: reserved %d ", i); @@ -317,6 +319,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server) xfree(hostkeyalg); } +static int +proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) +{ + static int check[] = { + PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1 + }; + int *idx; + char *p; + + for (idx = &check[0]; *idx != -1; idx++) { + if ((p = strchr(my[*idx], ',')) != NULL) + *p = '\0'; + if ((p = strchr(peer[*idx], ',')) != NULL) + *p = '\0'; + if (strcmp(my[*idx], peer[*idx]) != 0) { + debug2("proposal mismatch: my %s peer %s", + my[*idx], peer[*idx]); + return (0); + } + } + debug2("proposals match"); + return (1); +} + static void kex_choose_conf(Kex *kex) { @@ -327,9 +353,10 @@ kex_choose_conf(Kex *kex) int mode; int ctos; /* direction: if true client-to-server */ int need; + int first_kex_follows, type; - my = kex_buf2prop(&kex->my); - peer = kex_buf2prop(&kex->peer); + my = kex_buf2prop(&kex->my, NULL); + peer = kex_buf2prop(&kex->peer, &first_kex_follows); if (kex->server) { cprop=peer; @@ -373,6 +400,12 @@ kex_choose_conf(Kex *kex) /* XXX need runden? */ kex->we_need = need; + /* ignore the next message if the proposals do not match */ + if (first_kex_follows && !proposals_match(my, peer)) { + type = packet_read(); + debug2("skipping next packet (type %u)", type); + } + kex_prop_free(my); kex_prop_free(peer); } -- cgit v1.2.3 From e8cea9e7553aa7df59608c0ae7a5a8dcbcde95a6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:54:10 +1100 Subject: - markus@cvs.openbsd.org 2003/02/03 08:56:16 [sshpty.c] don't call error() for readonly /dev; from soekris list; ok mcbride, henning, deraadt. --- ChangeLog | 6 +++++- sshpty.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index bea81ad19..4dc325aa5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,10 @@ [kex.c] add support for key exchange guesses; based on work by avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@ + - markus@cvs.openbsd.org 2003/02/03 08:56:16 + [sshpty.c] + don't call error() for readonly /dev; from soekris list; ok mcbride, + henning, deraadt. 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1128,4 +1132,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2600 2003/02/24 00:53:32 djm Exp $ +$Id: ChangeLog,v 1.2601 2003/02/24 00:54:10 djm Exp $ diff --git a/sshpty.c b/sshpty.c index 28d0e310c..d28947f62 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.8 2003/02/03 08:56:16 markus Exp $"); #ifdef HAVE_UTIL_H # include @@ -394,7 +394,7 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) - error("chown(%.100s, %u, %u) failed: %.100s", + debug("chown(%.100s, %u, %u) failed: %.100s", ttyname, (u_int)pw->pw_uid, (u_int)gid, strerror(errno)); else @@ -408,7 +408,7 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (chmod(ttyname, mode) < 0) { if (errno == EROFS && (st.st_mode & (S_IRGRP | S_IROTH)) == 0) - error("chmod(%.100s, 0%o) failed: %.100s", + debug("chmod(%.100s, 0%o) failed: %.100s", ttyname, mode, strerror(errno)); else fatal("chmod(%.100s, 0%o) failed: %.100s", -- cgit v1.2.3 From 386f1f3e6c5c3ea72970fcce4d939b2d4eb1bf3e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:54:57 +1100 Subject: - markus@cvs.openbsd.org 2003/02/04 09:32:08 [key.c] better debug3 message --- ChangeLog | 5 ++++- key.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4dc325aa5..e2f4635ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ [sshpty.c] don't call error() for readonly /dev; from soekris list; ok mcbride, henning, deraadt. + - markus@cvs.openbsd.org 2003/02/04 09:32:08 + [key.c] + better debug3 message 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1132,4 +1135,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2601 2003/02/24 00:54:10 djm Exp $ +$Id: ChangeLog,v 1.2602 2003/02/24 00:54:57 djm Exp $ diff --git a/key.c b/key.c index 9806a729a..c87bfcbf0 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.50 2003/02/04 09:32:08 markus Exp $"); #include @@ -410,14 +410,14 @@ key_read(Key *ret, char **cpp) case KEY_DSA: space = strchr(cp, ' '); if (space == NULL) { - debug3("key_read: no space"); + debug3("key_read: missing whitespace"); return -1; } *space = '\0'; type = key_type_from_name(cp); *space = ' '; if (type == KEY_UNSPEC) { - debug3("key_read: no key found"); + debug3("key_read: missing keytype"); return -1; } cp = space+1; -- cgit v1.2.3 From b7df3af154d035be480b9d9f433f440f1c66e1bd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:55:46 +1100 Subject: - markus@cvs.openbsd.org 2003/02/04 09:33:22 [monitor.c monitor_wrap.c] skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints. --- ChangeLog | 6 +++++- monitor.c | 26 +++++++++++++------------- monitor_wrap.c | 15 ++++++++------- 3 files changed, 26 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index e2f4635ea..0ba9fe7a5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ - markus@cvs.openbsd.org 2003/02/04 09:32:08 [key.c] better debug3 message + - markus@cvs.openbsd.org 2003/02/04 09:33:22 + [monitor.c monitor_wrap.c] + skey/bsdauth: use 0 to indicate failure instead of -1, because + the buffer API only supports unsigned ints. 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1135,4 +1139,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2602 2003/02/24 00:54:57 djm Exp $ +$Id: ChangeLog,v 1.2603 2003/02/24 00:55:46 djm Exp $ diff --git a/monitor.c b/monitor.c index b91cfdeda..07d1728ec 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.30 2002/11/05 19:45:20 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $"); #include @@ -634,20 +634,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m) u_int numprompts; u_int *echo_on; char **prompts; - int res; + u_int success; - res = bsdauth_query(authctxt, &name, &infotxt, &numprompts, - &prompts, &echo_on); + success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, + &prompts, &echo_on) < 0 ? 0 : 1; buffer_clear(m); - buffer_put_int(m, res); - if (res != -1) + buffer_put_int(m, success); + if (success) buffer_put_cstring(m, prompts[0]); - debug3("%s: sending challenge res: %d", __func__, res); + debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); - if (res != -1) { + if (success) { xfree(name); xfree(infotxt); xfree(prompts); @@ -691,16 +691,16 @@ mm_answer_skeyquery(int socket, Buffer *m) { struct skey skey; char challenge[1024]; - int res; + u_int success; - res = skeychallenge(&skey, authctxt->user, challenge); + success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; buffer_clear(m); - buffer_put_int(m, res); - if (res != -1) + buffer_put_int(m, success); + if (success) buffer_put_cstring(m, challenge); - debug3("%s: sending challenge res: %d", __func__, res); + debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); return (0); diff --git a/monitor_wrap.c b/monitor_wrap.c index b75f9dfc7..551bbc15a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.20 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); #include #include @@ -714,7 +714,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int res; + u_int success; char *challenge; debug3("%s: entering", __func__); @@ -724,8 +724,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); @@ -771,7 +771,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int len, res; + int len; + u_int success; char *p, *challenge; debug3("%s: entering", __func__); @@ -781,8 +782,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); -- cgit v1.2.3 From 61f08ac35a06e758c20fc85b9944d1feee146d47 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:56:27 +1100 Subject: - markus@cvs.openbsd.org 2003/02/05 09:02:28 [readconf.c] simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@ --- ChangeLog | 5 ++++- readconf.c | 17 ++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ba9fe7a5..8fe2de974 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ [monitor.c monitor_wrap.c] skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints. + - markus@cvs.openbsd.org 2003/02/05 09:02:28 + [readconf.c] + simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1139,4 +1142,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2603 2003/02/24 00:55:46 djm Exp $ +$Id: ChangeLog,v 1.2604 2003/02/24 00:56:27 djm Exp $ diff --git a/readconf.c b/readconf.c index b9f1b7ddc..8b576a7ad 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.101 2002/11/07 22:08:07 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.102 2003/02/05 09:02:28 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -268,14 +268,16 @@ parse_token(const char *cp, const char *filename, int linenum) * Processes a single option line as used in the configuration files. This * only sets those values that have not already been set. */ +#define WHITESPACE " \t\r\n" int process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; + char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; int opcode, *intptr, value; + size_t len; u_short fwd_port, fwd_host_port; char sfwd_host_port[6]; @@ -488,16 +490,9 @@ parse_string: case oProxyCommand: charptr = &options->proxy_command; - string = xstrdup(""); - while ((arg = strdelim(&s)) != NULL && *arg != '\0') { - string = xrealloc(string, strlen(string) + strlen(arg) + 2); - strcat(string, " "); - strcat(string, arg); - } + len = strspn(s, WHITESPACE "="); if (*activep && *charptr == NULL) - *charptr = string; - else - xfree(string); + *charptr = xstrdup(s + len); return 0; case oPort: -- cgit v1.2.3 From 97f39ae810a8589c262f2b88d7dd4e70c0b84d70 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:57:01 +1100 Subject: - markus@cvs.openbsd.org 2003/02/06 09:26:23 [session.c] missing call to setproctitle() after authentication; ok provos@ --- ChangeLog | 5 ++++- session.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8fe2de974..fc5f241bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ - markus@cvs.openbsd.org 2003/02/05 09:02:28 [readconf.c] simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@ + - markus@cvs.openbsd.org 2003/02/06 09:26:23 + [session.c] + missing call to setproctitle() after authentication; ok provos@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1142,4 +1145,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2604 2003/02/24 00:56:27 djm Exp $ +$Id: ChangeLog,v 1.2605 2003/02/24 00:57:01 djm Exp $ diff --git a/session.c b/session.c index 812681d0f..c64240cf2 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.152 2002/12/10 08:56:00 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.153 2003/02/06 09:26:23 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -201,6 +201,8 @@ auth_input_request_forwarding(struct passwd * pw) void do_authenticated(Authctxt *authctxt) { + setproctitle("%s", authctxt->pw->pw_name); + /* * Cancel the alarm we set to limit the time taken for * authentication. -- cgit v1.2.3 From 9f1e33a6b295f46dba45b0eefac173f699480943 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:57:32 +1100 Subject: - markus@cvs.openbsd.org 2003/02/06 09:27:29 [ssh.c ssh_config.5] support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@ --- ChangeLog | 5 ++++- ssh.c | 6 +++++- ssh_config.5 | 5 ++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fc5f241bc..9003211e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,9 @@ - markus@cvs.openbsd.org 2003/02/06 09:26:23 [session.c] missing call to setproctitle() after authentication; ok provos@ + - markus@cvs.openbsd.org 2003/02/06 09:27:29 + [ssh.c ssh_config.5] + support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1145,4 +1148,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2605 2003/02/24 00:57:01 djm Exp $ +$Id: ChangeLog,v 1.2606 2003/02/24 00:57:32 djm Exp $ diff --git a/ssh.c b/ssh.c index 7162e680d..720604394 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.189 2002/12/09 16:50:30 millert Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $"); #include #include @@ -601,6 +601,10 @@ again: if (options.hostname != NULL) host = options.hostname; + if (options.proxy_command != NULL && + strcmp(options.proxy_command, "none") == 0) + options.proxy_command = NULL; + /* Disable rhosts authentication if not running as root. */ #ifdef HAVE_CYGWIN /* Ignore uid if running under Windows */ diff --git a/ssh_config.5 b/ssh_config.5 index ac05a0cea..710c068c5 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -474,6 +474,9 @@ somewhere. Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). +Setting the command to +.Dq none +disables this option entirely. Note that .Cm CheckHostIP is not available for connects with a proxy command. -- cgit v1.2.3 From 9e51a73122fdb06c14068017d8f2a04179bf6bf6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:58:44 +1100 Subject: - markus@cvs.openbsd.org 2003/02/06 09:29:18 [sftp-server.c] fix races in rename/symlink; from Tony Finch; ok djm@ --- ChangeLog | 5 ++++- sftp-server.c | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9003211e6..7db7cf594 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ - markus@cvs.openbsd.org 2003/02/06 09:27:29 [ssh.c ssh_config.5] support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@ + - markus@cvs.openbsd.org 2003/02/06 09:29:18 + [sftp-server.c] + fix races in rename/symlink; from Tony Finch; ok djm@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1148,4 +1151,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2606 2003/02/24 00:57:32 djm Exp $ +$Id: ChangeLog,v 1.2607 2003/02/24 00:58:44 djm Exp $ diff --git a/sftp-server.c b/sftp-server.c index 84264693d..4eb31d94e 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.39 2003/02/06 09:29:18 markus Exp $"); #include "buffer.h" #include "bufaux.h" @@ -832,19 +832,22 @@ static void process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); TRACE("rename id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ - if (stat(newpath, &st) == -1) { - ret = rename(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + if (link(oldpath, newpath) == -1) + status = errno_to_portable(errno); + else if (unlink(oldpath) == -1) { + status = errno_to_portable(errno); + /* clean spare link */ + unlink(newpath); + } else + status = SSH2_FX_OK; send_status(id, status); xfree(oldpath); xfree(newpath); @@ -878,19 +881,16 @@ static void process_symlink(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int ret, status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); TRACE("symlink id %u old %s new %s", id, oldpath, newpath); - /* fail if 'newpath' exists */ - if (stat(newpath, &st) == -1) { - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - } + /* this will fail if 'newpath' exists */ + ret = symlink(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); xfree(oldpath); xfree(newpath); -- cgit v1.2.3 From 556f9315a538c9575c2fcaf2a3ca4d9c068ade78 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 11:59:26 +1100 Subject: - markus@cvs.openbsd.org 2003/02/06 21:22:43 [auth1.c auth2.c] undo broken fix for #387, fixes #486 --- ChangeLog | 5 ++++- auth1.c | 5 ++--- auth2.c | 5 ++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7db7cf594..206e72501 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,9 @@ - markus@cvs.openbsd.org 2003/02/06 09:29:18 [sftp-server.c] fix races in rename/symlink; from Tony Finch; ok djm@ + - markus@cvs.openbsd.org 2003/02/06 21:22:43 + [auth1.c auth2.c] + undo broken fix for #387, fixes #486 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1151,4 +1154,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2607 2003/02/24 00:58:44 djm Exp $ +$Id: ChangeLog,v 1.2608 2003/02/24 00:59:26 djm Exp $ diff --git a/auth1.c b/auth1.c index 2ba411243..c273f2fb6 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.46 2003/01/23 00:03:00 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -328,8 +328,7 @@ do_authloop(Authctxt *authctxt) } #else /* Special handling for root */ - if (!use_privsep && - authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_authname(type))) authenticated = 0; #endif diff --git a/auth2.c b/auth2.c index 17c58552a..1b21eb2da 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -205,8 +205,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authctxt->user); /* Special handling for root */ - if (!use_privsep && - authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(method)) authenticated = 0; -- cgit v1.2.3 From 7b406276c45abede9a3e6d5b979b37b8d50287f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:00:16 +1100 Subject: - markus@cvs.openbsd.org 2003/02/10 11:51:47 [ssh-add.1] xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490 --- ChangeLog | 5 ++++- ssh-add.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 206e72501..743c7457d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ - markus@cvs.openbsd.org 2003/02/06 21:22:43 [auth1.c auth2.c] undo broken fix for #387, fixes #486 + - markus@cvs.openbsd.org 2003/02/10 11:51:47 + [ssh-add.1] + xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1154,4 +1157,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2608 2003/02/24 00:59:26 djm Exp $ +$Id: ChangeLog,v 1.2609 2003/02/24 01:00:16 djm Exp $ diff --git a/ssh-add.1 b/ssh-add.1 index 66a8f9715..25d7333e9 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.36 2003/01/23 13:50:27 markus Exp $ +.\" $OpenBSD: ssh-add.1,v 1.37 2003/02/10 11:51:47 markus Exp $ .\" .\" -*- nroff -*- .\" @@ -92,7 +92,7 @@ Unlock the agent. Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in -.Xr sshd 8 . +.Xr sshd_config 5 . .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by the -- cgit v1.2.3 From e8a240f966c567304d810ba0234bca326e4abecb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:01:40 +1100 Subject: - markus@cvs.openbsd.org 2003/02/12 09:33:04 [key.c key.h ssh-dss.c ssh-rsa.c] merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@ --- ChangeLog | 5 ++++- key.c | 4 +--- key.h | 7 ++++++- ssh-dss.c | 3 +-- ssh-dss.h | 32 -------------------------------- ssh-rsa.c | 3 +-- ssh-rsa.h | 32 -------------------------------- 7 files changed, 13 insertions(+), 73 deletions(-) delete mode 100644 ssh-dss.h delete mode 100644 ssh-rsa.h diff --git a/ChangeLog b/ChangeLog index 743c7457d..7f17ed8a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,9 @@ - markus@cvs.openbsd.org 2003/02/10 11:51:47 [ssh-add.1] xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490 + - markus@cvs.openbsd.org 2003/02/12 09:33:04 + [key.c key.h ssh-dss.c ssh-rsa.c] + merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1157,4 +1160,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2609 2003/02/24 01:00:16 djm Exp $ +$Id: ChangeLog,v 1.2610 2003/02/24 01:01:40 djm Exp $ diff --git a/key.c b/key.c index c87bfcbf0..060b63745 100644 --- a/key.c +++ b/key.c @@ -32,15 +32,13 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.50 2003/02/04 09:32:08 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $"); #include #include "xmalloc.h" #include "key.h" #include "rsa.h" -#include "ssh-dss.h" -#include "ssh-rsa.h" #include "uuencode.h" #include "buffer.h" #include "bufaux.h" diff --git a/key.h b/key.h index 8d1fa4126..725c7a04a 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ +/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -78,4 +78,9 @@ int key_names_valid2(const char *); int key_sign(Key *, u_char **, u_int *, u_char *, u_int); int key_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); +int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); +int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); + #endif diff --git a/ssh-dss.c b/ssh-dss.c index 9ba2584dd..6cedcc4dc 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); #include #include @@ -34,7 +34,6 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); #include "compat.h" #include "log.h" #include "key.h" -#include "ssh-dss.h" #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) diff --git a/ssh-dss.h b/ssh-dss.h deleted file mode 100644 index 94961b1e8..000000000 --- a/ssh-dss.h +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: ssh-dss.h,v 1.6 2002/02/24 19:14:59 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef DSA_H -#define DSA_H - -int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); - -#endif diff --git a/ssh-rsa.c b/ssh-rsa.c index c599ce65c..efbc9e664 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.27 2002/11/21 23:03:51 deraadt Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.28 2003/02/12 09:33:04 markus Exp $"); #include #include @@ -33,7 +33,6 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.27 2002/11/21 23:03:51 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" #include "key.h" -#include "ssh-rsa.h" #include "compat.h" #include "ssh.h" diff --git a/ssh-rsa.h b/ssh-rsa.h deleted file mode 100644 index 7177a3f92..000000000 --- a/ssh-rsa.h +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: ssh-rsa.h,v 1.6 2002/02/24 19:14:59 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef SSH_RSA_H -#define SSH_RSA_H - -int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); - -#endif -- cgit v1.2.3 From 1587fb8a174f57a064d603bbd595c3369aa697aa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:02:12 +1100 Subject: - markus@cvs.openbsd.org 2003/02/12 21:39:50 [crc32.c crc32.h] replace crc32.c with a BSD licensed version; noted by David Turner --- ChangeLog | 5 +- crc32.c | 196 ++++++++++++++++++++++++++++++-------------------------------- crc32.h | 41 ++++++++----- 3 files changed, 123 insertions(+), 119 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f17ed8a8..586c10b5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -60,6 +60,9 @@ - markus@cvs.openbsd.org 2003/02/12 09:33:04 [key.c key.h ssh-dss.c ssh-rsa.c] merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@ + - markus@cvs.openbsd.org 2003/02/12 21:39:50 + [crc32.c crc32.h] + replace crc32.c with a BSD licensed version; noted by David Turner 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1160,4 +1163,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2610 2003/02/24 01:01:40 djm Exp $ +$Id: ChangeLog,v 1.2611 2003/02/24 01:02:12 djm Exp $ diff --git a/crc32.c b/crc32.c index 4774c8ba1..89c808a8d 100644 --- a/crc32.c +++ b/crc32.c @@ -1,114 +1,106 @@ +/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */ + /* - * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or - * code or tables extracted from it, as desired without restriction. - * - * First, the polynomial itself and its table of feedback terms. The - * polynomial is - * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 - * - * Note that we take it "backwards" and put the highest-order term in - * the lowest-order bit. The X^32 term is "implied"; the LSB is the - * X^31 term, etc. The X^0 term (usually shown as "+1") results in - * the MSB being 1 - * - * Note that the usual hardware shift register implementation, which - * is what we're using (we're merely optimizing it by doing eight-bit - * chunks at a time) shifts bits into the lowest-order term. In our - * implementation, that means shifting towards the right. Why do we - * do it this way? Because the calculated CRC must be transmitted in - * order from highest-order term to lowest-order term. UARTs transmit - * characters in order from LSB to MSB. By storing the CRC this way - * we hand it to the UART in the order low-byte to high-byte; the UART - * sends each low-bit to hight-bit; and the result is transmission bit - * by bit from highest- to lowest-order term without requiring any bit - * shuffling on our part. Reception works similarly + * Copyright (c) 2003 Markus Friedl. All rights reserved. * - * The feedback terms table consists of 256, 32-bit entries. Notes + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * The table can be generated at runtime if desired; code to do so - * is shown later. It might not be obvious, but the feedback - * terms simply represent the results of eight shift/xor opera - * tions for all combinations of data and CRC register values - * - * The values must be right-shifted by eight bits by the "updcrc - * logic; the shift must be u_(bring in zeroes). On some - * hardware you could probably optimize the shift in assembler by - * using byte-swap instructions - * polynomial $edb88320 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "includes.h" -RCSID("$OpenBSD: crc32.c,v 1.8 2000/12/19 23:17:56 markus Exp $"); - +#include #include "crc32.h" -static u_int crc32_tab[] = { - 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, - 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, - 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, - 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, - 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, - 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, - 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, - 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, - 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, - 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, - 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, - 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, - 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, - 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, - 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, - 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, - 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, - 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, - 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, - 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, - 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, - 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, - 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, - 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, - 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, - 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, - 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, - 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, - 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, - 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, - 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, - 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, - 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, - 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, - 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, - 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, - 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, - 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, - 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, - 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, - 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, - 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, - 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, - 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, - 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, - 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, - 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, - 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, - 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, - 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, - 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, - 0x2d02ef8dL +static const u_int32_t crc32tab[] = { + 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, + 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L, + 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L, + 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L, + 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, + 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, + 0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, + 0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L, + 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L, + 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, + 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, + 0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, + 0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L, + 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL, + 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, + 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, + 0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL, + 0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L, + 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L, + 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, + 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, + 0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, + 0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL, + 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L, + 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, + 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, + 0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, + 0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L, + 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L, + 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, + 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, + 0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, + 0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL, + 0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L, + 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, + 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, + 0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, + 0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L, + 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL, + 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, + 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, + 0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, + 0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L, + 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L, + 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, + 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, + 0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, + 0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL, + 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL, + 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, + 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, + 0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, + 0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL, + 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L, + 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, + 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, + 0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, + 0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL, + 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L, + 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, + 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, + 0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL, + 0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L, + 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL }; -/* Return a 32-bit CRC of the contents of the buffer. */ - -u_int -ssh_crc32(const u_char *s, u_int len) +u_int32_t +ssh_crc32(const u_char *buf, u_int32_t size) { - u_int i; - u_int crc32val; + u_int32_t i, crc; - crc32val = 0; - for (i = 0; i < len; i ++) { - crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8); - } - return crc32val; + crc = 0; + for (i = 0; i < size; i++) + crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8); + return crc; } diff --git a/crc32.h b/crc32.h index cd1832ff6..a2fb58493 100644 --- a/crc32.h +++ b/crc32.h @@ -1,21 +1,30 @@ -/* $OpenBSD: crc32.h,v 1.13 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */ /* - * Author: Tatu Ylonen - * Copyright (c) 1992 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Functions for computing 32-bit CRC. + * Copyright (c) 2003 Markus Friedl. All rights reserved. * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef CRC32_H -#define CRC32_H - -u_int ssh_crc32(const u_char *, u_int); - -#endif /* CRC32_H */ +#ifndef SSH_CRC32_H +#define SSH_CRC32_H +u_int32_t ssh_crc32(const u_char *, u_int32_t); +#endif -- cgit v1.2.3 From 8e7fb335235bd6a7f8387a40bf71eaf9798f6f7e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:03:03 +1100 Subject: - markus@cvs.openbsd.org 2003/02/16 17:09:57 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@ --- ChangeLog | 6 +- kex.c | 23 ++-- kex.h | 23 ++-- kexdh.c | 234 +---------------------------------------- kexdhc.c | 137 ++++++++++++++++++++++++ kexdhs.c | 138 ++++++++++++++++++++++++ kexgex.c | 328 +--------------------------------------------------------- kexgexc.c | 189 +++++++++++++++++++++++++++++++++ kexgexs.c | 186 +++++++++++++++++++++++++++++++++ ssh-keyscan.c | 4 +- sshconnect2.c | 4 +- sshd.c | 8 +- 12 files changed, 697 insertions(+), 583 deletions(-) create mode 100644 kexdhc.c create mode 100644 kexdhs.c create mode 100644 kexgexc.c create mode 100644 kexgexs.c diff --git a/ChangeLog b/ChangeLog index 586c10b5b..2fdcb2782 100644 --- a/ChangeLog +++ b/ChangeLog @@ -63,6 +63,10 @@ - markus@cvs.openbsd.org 2003/02/12 21:39:50 [crc32.c crc32.h] replace crc32.c with a BSD licensed version; noted by David Turner + - markus@cvs.openbsd.org 2003/02/16 17:09:57 + [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] + split kex into client and server code, no need to link + server code into the client; ok provos@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1163,4 +1167,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2611 2003/02/24 01:02:12 djm Exp $ +$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $ diff --git a/kex.c b/kex.c index 0a861fb97..2c1cacfec 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.53 2003/02/02 10:56:08 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.54 2003/02/16 17:09:57 markus Exp $"); #include @@ -44,11 +44,6 @@ RCSID("$OpenBSD: kex.c,v 1.53 2003/02/02 10:56:08 markus Exp $"); #define KEX_COOKIE_LEN 16 -/* Use privilege separation for sshd */ -int use_privsep; -struct monitor *pmonitor; - - /* prototype */ static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); @@ -237,14 +232,10 @@ kex_kexinit_finish(Kex *kex) kex_choose_conf(kex); - switch (kex->kex_type) { - case DH_GRP1_SHA1: - kexdh(kex); - break; - case DH_GEX_SHA1: - kexgex(kex); - break; - default: + if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX && + kex->kex[kex->kex_type] != NULL) { + (kex->kex[kex->kex_type])(kex); + } else { fatal("Unsupported key exchange %d", kex->kex_type); } } @@ -301,9 +292,9 @@ choose_kex(Kex *k, char *client, char *server) if (k->name == NULL) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { - k->kex_type = DH_GRP1_SHA1; + k->kex_type = KEX_DH_GRP1_SHA1; } else if (strcmp(k->name, KEX_DHGEX) == 0) { - k->kex_type = DH_GEX_SHA1; + k->kex_type = KEX_DH_GEX_SHA1; } else fatal("bad kex alg %s", k->name); } diff --git a/kex.h b/kex.h index 93a529e12..52d442e9a 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -55,8 +55,9 @@ enum kex_modes { }; enum kex_exchange { - DH_GRP1_SHA1, - DH_GEX_SHA1 + KEX_DH_GRP1_SHA1, + KEX_DH_GEX_SHA1, + KEX_MAX }; #define KEX_INIT_SENT 0x0001 @@ -112,6 +113,7 @@ struct Kex { int (*verify_host_key)(Key *); Key *(*load_host_key)(int); int (*host_key_index)(Key *); + void (*kex[KEX_MAX])(Kex *); }; Kex *kex_setup(char *[PROPOSAL_MAX]); @@ -121,11 +123,20 @@ void kex_send_kexinit(Kex *); void kex_input_kexinit(int, u_int32_t, void *); void kex_derive_keys(Kex *, u_char *, BIGNUM *); -void kexdh(Kex *); -void kexgex(Kex *); - Newkeys *kex_get_newkeys(int); +void kexdh_client(Kex *); +void kexdh_server(Kex *); +void kexgex_client(Kex *); +void kexgex_server(Kex *); + +u_char * +kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, + BIGNUM *, BIGNUM *, BIGNUM *); +u_char * +kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, + int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) void dump_digest(char *, u_char *, int); #endif diff --git a/kexdh.c b/kexdh.c index 1e91e2550..4bbb7d1db 100644 --- a/kexdh.c +++ b/kexdh.c @@ -23,23 +23,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); -#include -#include +#include -#include "xmalloc.h" #include "buffer.h" #include "bufaux.h" -#include "key.h" -#include "kex.h" -#include "log.h" -#include "packet.h" -#include "dh.h" #include "ssh2.h" -#include "monitor_wrap.h" +#include "kex.h" -static u_char * +u_char * kex_dh_hash( char *client_version_string, char *server_version_string, @@ -86,222 +79,3 @@ kex_dh_hash( #endif return digest; } - -/* client */ - -static void -kexdh_client(Kex *kex) -{ - BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; - DH *dh; - Key *server_host_key; - u_char *server_host_key_blob = NULL, *signature = NULL; - u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen; - - /* generate and send 'e', client DH public key */ - dh = dh_new_group1(); - dh_gen_key(dh, kex->we_need * 8); - packet_start(SSH2_MSG_KEXDH_INIT); - packet_put_bignum2(dh->pub_key); - packet_send(); - - debug("sending SSH2_MSG_KEXDH_INIT"); -#ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, dh->pub_key); - fprintf(stderr, "\n"); -#endif - - debug("expecting SSH2_MSG_KEXDH_REPLY"); - packet_read_expect(SSH2_MSG_KEXDH_REPLY); - - /* key, cert */ - server_host_key_blob = packet_get_string(&sbloblen); - server_host_key = key_from_blob(server_host_key_blob, sbloblen); - if (server_host_key == NULL) - fatal("cannot decode server_host_key_blob"); - if (server_host_key->type != kex->hostkey_type) - fatal("type mismatch for decoded server_host_key_blob"); - if (kex->verify_host_key == NULL) - fatal("cannot verify server_host_key"); - if (kex->verify_host_key(server_host_key) == -1) - fatal("server_host_key verification failed"); - - /* DH paramter f, server public DH key */ - if ((dh_server_pub = BN_new()) == NULL) - fatal("dh_server_pub == NULL"); - packet_get_bignum2(dh_server_pub); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_server_pub= "); - BN_print_fp(stderr, dh_server_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_server_pub)); -#endif - - /* signed H */ - signature = packet_get_string(&slen); - packet_check_eom(); - - if (!dh_pub_is_valid(dh, dh_server_pub)) - packet_disconnect("bad server public DH value"); - - klen = DH_size(dh); - kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("kexdh_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); - memset(kbuf, 0, klen); - xfree(kbuf); - - /* calc and verify H */ - hash = kex_dh_hash( - kex->client_version_string, - kex->server_version_string, - buffer_ptr(&kex->my), buffer_len(&kex->my), - buffer_ptr(&kex->peer), buffer_len(&kex->peer), - server_host_key_blob, sbloblen, - dh->pub_key, - dh_server_pub, - shared_secret - ); - xfree(server_host_key_blob); - BN_clear_free(dh_server_pub); - DH_free(dh); - - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) - fatal("key_verify failed for server_host_key"); - key_free(server_host_key); - xfree(signature); - - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = 20; - kex->session_id = xmalloc(kex->session_id_len); - memcpy(kex->session_id, hash, kex->session_id_len); - } - - kex_derive_keys(kex, hash, shared_secret); - BN_clear_free(shared_secret); - kex_finish(kex); -} - -/* server */ - -static void -kexdh_server(Kex *kex) -{ - BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; - DH *dh; - Key *server_host_key; - u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout; - u_int slen; - - /* generate server DH public key */ - dh = dh_new_group1(); - dh_gen_key(dh, kex->we_need * 8); - - debug("expecting SSH2_MSG_KEXDH_INIT"); - packet_read_expect(SSH2_MSG_KEXDH_INIT); - - if (kex->load_host_key == NULL) - fatal("Cannot load hostkey"); - server_host_key = kex->load_host_key(kex->hostkey_type); - if (server_host_key == NULL) - fatal("Unsupported hostkey type %d", kex->hostkey_type); - - /* key, cert */ - if ((dh_client_pub = BN_new()) == NULL) - fatal("dh_client_pub == NULL"); - packet_get_bignum2(dh_client_pub); - packet_check_eom(); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_client_pub= "); - BN_print_fp(stderr, dh_client_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_client_pub)); -#endif - -#ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, dh->pub_key); - fprintf(stderr, "\n"); -#endif - if (!dh_pub_is_valid(dh, dh_client_pub)) - packet_disconnect("bad client public DH value"); - - klen = DH_size(dh); - kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("kexdh_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); - memset(kbuf, 0, klen); - xfree(kbuf); - - key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); - - /* calc H */ - hash = kex_dh_hash( - kex->client_version_string, - kex->server_version_string, - buffer_ptr(&kex->peer), buffer_len(&kex->peer), - buffer_ptr(&kex->my), buffer_len(&kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, - dh->pub_key, - shared_secret - ); - BN_clear_free(dh_client_pub); - - /* save session id := H */ - /* XXX hashlen depends on KEX */ - if (kex->session_id == NULL) { - kex->session_id_len = 20; - kex->session_id = xmalloc(kex->session_id_len); - memcpy(kex->session_id, hash, kex->session_id_len); - } - - /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); - - /* destroy_sensitive_data(); */ - - /* send server hostkey, DH pubkey 'f' and singed H */ - packet_start(SSH2_MSG_KEXDH_REPLY); - packet_put_string(server_host_key_blob, sbloblen); - packet_put_bignum2(dh->pub_key); /* f */ - packet_put_string(signature, slen); - packet_send(); - - xfree(signature); - xfree(server_host_key_blob); - /* have keys, free DH */ - DH_free(dh); - - kex_derive_keys(kex, hash, shared_secret); - BN_clear_free(shared_secret); - kex_finish(kex); -} - -void -kexdh(Kex *kex) -{ - if (kex->server) - kexdh_server(kex); - else - kexdh_client(kex); -} diff --git a/kexdhc.c b/kexdhc.c new file mode 100644 index 000000000..fe6dc53f8 --- /dev/null +++ b/kexdhc.c @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); + +#include "xmalloc.h" +#include "key.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" + +void +kexdh_client(Kex *kex) +{ + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + DH *dh; + Key *server_host_key; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *kbuf, *hash; + u_int klen, kout, slen, sbloblen; + + /* generate and send 'e', client DH public key */ + dh = dh_new_group1(); + dh_gen_key(dh, kex->we_need * 8); + packet_start(SSH2_MSG_KEXDH_INIT); + packet_put_bignum2(dh->pub_key); + packet_send(); + + debug("sending SSH2_MSG_KEXDH_INIT"); +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, dh->pub_key); + fprintf(stderr, "\n"); +#endif + + debug("expecting SSH2_MSG_KEXDH_REPLY"); + packet_read_expect(SSH2_MSG_KEXDH_REPLY); + + /* key, cert */ + server_host_key_blob = packet_get_string(&sbloblen); + server_host_key = key_from_blob(server_host_key_blob, sbloblen); + if (server_host_key == NULL) + fatal("cannot decode server_host_key_blob"); + if (server_host_key->type != kex->hostkey_type) + fatal("type mismatch for decoded server_host_key_blob"); + if (kex->verify_host_key == NULL) + fatal("cannot verify server_host_key"); + if (kex->verify_host_key(server_host_key) == -1) + fatal("server_host_key verification failed"); + + /* DH paramter f, server public DH key */ + if ((dh_server_pub = BN_new()) == NULL) + fatal("dh_server_pub == NULL"); + packet_get_bignum2(dh_server_pub); + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_server_pub= "); + BN_print_fp(stderr, dh_server_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_server_pub)); +#endif + + /* signed H */ + signature = packet_get_string(&slen); + packet_check_eom(); + + if (!dh_pub_is_valid(dh, dh_server_pub)) + packet_disconnect("bad server public DH value"); + + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_server_pub, dh); +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("kexdh_client: BN_new failed"); + BN_bin2bn(kbuf, kout, shared_secret); + memset(kbuf, 0, klen); + xfree(kbuf); + + /* calc and verify H */ + hash = kex_dh_hash( + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->my), buffer_len(&kex->my), + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + server_host_key_blob, sbloblen, + dh->pub_key, + dh_server_pub, + shared_secret + ); + xfree(server_host_key_blob); + BN_clear_free(dh_server_pub); + DH_free(dh); + + if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + fatal("key_verify failed for server_host_key"); + key_free(server_host_key); + xfree(signature); + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = 20; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); + kex_finish(kex); +} diff --git a/kexdhs.c b/kexdhs.c new file mode 100644 index 000000000..f04bce825 --- /dev/null +++ b/kexdhs.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); + +#include "xmalloc.h" +#include "key.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "monitor_wrap.h" + +void +kexdh_server(Kex *kex) +{ + BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; + DH *dh; + Key *server_host_key; + u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; + u_int sbloblen, klen, kout; + u_int slen; + + /* generate server DH public key */ + dh = dh_new_group1(); + dh_gen_key(dh, kex->we_need * 8); + + debug("expecting SSH2_MSG_KEXDH_INIT"); + packet_read_expect(SSH2_MSG_KEXDH_INIT); + + if (kex->load_host_key == NULL) + fatal("Cannot load hostkey"); + server_host_key = kex->load_host_key(kex->hostkey_type); + if (server_host_key == NULL) + fatal("Unsupported hostkey type %d", kex->hostkey_type); + + /* key, cert */ + if ((dh_client_pub = BN_new()) == NULL) + fatal("dh_client_pub == NULL"); + packet_get_bignum2(dh_client_pub); + packet_check_eom(); + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_client_pub= "); + BN_print_fp(stderr, dh_client_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_client_pub)); +#endif + +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, dh->pub_key); + fprintf(stderr, "\n"); +#endif + if (!dh_pub_is_valid(dh, dh_client_pub)) + packet_disconnect("bad client public DH value"); + + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_client_pub, dh); +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("kexdh_server: BN_new failed"); + BN_bin2bn(kbuf, kout, shared_secret); + memset(kbuf, 0, klen); + xfree(kbuf); + + key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); + + /* calc H */ + hash = kex_dh_hash( + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + buffer_ptr(&kex->my), buffer_len(&kex->my), + server_host_key_blob, sbloblen, + dh_client_pub, + dh->pub_key, + shared_secret + ); + BN_clear_free(dh_client_pub); + + /* save session id := H */ + /* XXX hashlen depends on KEX */ + if (kex->session_id == NULL) { + kex->session_id_len = 20; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + /* sign H */ + /* XXX hashlen depends on KEX */ + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + + /* destroy_sensitive_data(); */ + + /* send server hostkey, DH pubkey 'f' and singed H */ + packet_start(SSH2_MSG_KEXDH_REPLY); + packet_put_string(server_host_key_blob, sbloblen); + packet_put_bignum2(dh->pub_key); /* f */ + packet_put_string(signature, slen); + packet_send(); + + xfree(signature); + xfree(server_host_key_blob); + /* have keys, free DH */ + DH_free(dh); + + kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); + kex_finish(kex); +} diff --git a/kexgex.c b/kexgex.c index 2d4a58153..b0c39c8cb 100644 --- a/kexgex.c +++ b/kexgex.c @@ -24,23 +24,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); -#include +#include -#include "xmalloc.h" #include "buffer.h" #include "bufaux.h" -#include "key.h" #include "kex.h" -#include "log.h" -#include "packet.h" -#include "dh.h" #include "ssh2.h" -#include "compat.h" -#include "monitor_wrap.h" -static u_char * +u_char * kexgex_hash( char *client_version_string, char *server_version_string, @@ -97,318 +90,3 @@ kexgex_hash( #endif return digest; } - -/* client */ - -static void -kexgex_client(Kex *kex) -{ - BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; - BIGNUM *p = NULL, *g = NULL; - Key *server_host_key; - u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int klen, kout, slen, sbloblen; - int min, max, nbits; - DH *dh; - - nbits = dh_estimate(kex->we_need * 8); - - if (datafellows & SSH_OLD_DHGEX) { - debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent"); - - /* Old GEX request */ - packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); - packet_put_int(nbits); - min = DH_GRP_MIN; - max = DH_GRP_MAX; - } else { - debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); - - /* New GEX request */ - min = DH_GRP_MIN; - max = DH_GRP_MAX; - packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); - packet_put_int(min); - packet_put_int(nbits); - packet_put_int(max); - } -#ifdef DEBUG_KEXDH - fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", - min, nbits, max); -#endif - packet_send(); - - debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); - packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); - - if ((p = BN_new()) == NULL) - fatal("BN_new"); - packet_get_bignum2(p); - if ((g = BN_new()) == NULL) - fatal("BN_new"); - packet_get_bignum2(g); - packet_check_eom(); - - if (BN_num_bits(p) < min || BN_num_bits(p) > max) - fatal("DH_GEX group out of range: %d !< %d !< %d", - min, BN_num_bits(p), max); - - dh = dh_new_group(g, p); - dh_gen_key(dh, kex->we_need * 8); - -#ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, dh->pub_key); - fprintf(stderr, "\n"); -#endif - - debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); - /* generate and send 'e', client DH public key */ - packet_start(SSH2_MSG_KEX_DH_GEX_INIT); - packet_put_bignum2(dh->pub_key); - packet_send(); - - debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); - packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY); - - /* key, cert */ - server_host_key_blob = packet_get_string(&sbloblen); - server_host_key = key_from_blob(server_host_key_blob, sbloblen); - if (server_host_key == NULL) - fatal("cannot decode server_host_key_blob"); - if (server_host_key->type != kex->hostkey_type) - fatal("type mismatch for decoded server_host_key_blob"); - if (kex->verify_host_key == NULL) - fatal("cannot verify server_host_key"); - if (kex->verify_host_key(server_host_key) == -1) - fatal("server_host_key verification failed"); - - /* DH paramter f, server public DH key */ - if ((dh_server_pub = BN_new()) == NULL) - fatal("dh_server_pub == NULL"); - packet_get_bignum2(dh_server_pub); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_server_pub= "); - BN_print_fp(stderr, dh_server_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_server_pub)); -#endif - - /* signed H */ - signature = packet_get_string(&slen); - packet_check_eom(); - - if (!dh_pub_is_valid(dh, dh_server_pub)) - packet_disconnect("bad server public DH value"); - - klen = DH_size(dh); - kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("kexgex_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); - memset(kbuf, 0, klen); - xfree(kbuf); - - if (datafellows & SSH_OLD_DHGEX) - min = max = -1; - - /* calc and verify H */ - hash = kexgex_hash( - kex->client_version_string, - kex->server_version_string, - buffer_ptr(&kex->my), buffer_len(&kex->my), - buffer_ptr(&kex->peer), buffer_len(&kex->peer), - server_host_key_blob, sbloblen, - min, nbits, max, - dh->p, dh->g, - dh->pub_key, - dh_server_pub, - shared_secret - ); - /* have keys, free DH */ - DH_free(dh); - xfree(server_host_key_blob); - BN_clear_free(dh_server_pub); - - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) - fatal("key_verify failed for server_host_key"); - key_free(server_host_key); - xfree(signature); - - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = 20; - kex->session_id = xmalloc(kex->session_id_len); - memcpy(kex->session_id, hash, kex->session_id_len); - } - kex_derive_keys(kex, hash, shared_secret); - BN_clear_free(shared_secret); - - kex_finish(kex); -} - -/* server */ - -static void -kexgex_server(Kex *kex) -{ - BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; - Key *server_host_key; - DH *dh; - u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, slen; - int min = -1, max = -1, nbits = -1, type; - - if (kex->load_host_key == NULL) - fatal("Cannot load hostkey"); - server_host_key = kex->load_host_key(kex->hostkey_type); - if (server_host_key == NULL) - fatal("Unsupported hostkey type %d", kex->hostkey_type); - - type = packet_read(); - switch (type) { - case SSH2_MSG_KEX_DH_GEX_REQUEST: - debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); - min = packet_get_int(); - nbits = packet_get_int(); - max = packet_get_int(); - min = MAX(DH_GRP_MIN, min); - max = MIN(DH_GRP_MAX, max); - break; - case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: - debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); - nbits = packet_get_int(); - min = DH_GRP_MIN; - max = DH_GRP_MAX; - /* unused for old GEX */ - break; - default: - fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); - } - packet_check_eom(); - - if (max < min || nbits < min || max < nbits) - fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", - min, nbits, max); - - /* Contact privileged parent */ - dh = PRIVSEP(choose_dh(min, nbits, max)); - if (dh == NULL) - packet_disconnect("Protocol error: no matching DH grp found"); - - debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); - packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); - packet_put_bignum2(dh->p); - packet_put_bignum2(dh->g); - packet_send(); - - /* flush */ - packet_write_wait(); - - /* Compute our exchange value in parallel with the client */ - dh_gen_key(dh, kex->we_need * 8); - - debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); - packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT); - - /* key, cert */ - if ((dh_client_pub = BN_new()) == NULL) - fatal("dh_client_pub == NULL"); - packet_get_bignum2(dh_client_pub); - packet_check_eom(); - -#ifdef DEBUG_KEXDH - fprintf(stderr, "dh_client_pub= "); - BN_print_fp(stderr, dh_client_pub); - fprintf(stderr, "\n"); - debug("bits %d", BN_num_bits(dh_client_pub)); -#endif - -#ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, dh->pub_key); - fprintf(stderr, "\n"); -#endif - if (!dh_pub_is_valid(dh, dh_client_pub)) - packet_disconnect("bad client public DH value"); - - klen = DH_size(dh); - kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); -#ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, kout); -#endif - if ((shared_secret = BN_new()) == NULL) - fatal("kexgex_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); - memset(kbuf, 0, klen); - xfree(kbuf); - - key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); - - if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) - min = max = -1; - - /* calc H */ /* XXX depends on 'kex' */ - hash = kexgex_hash( - kex->client_version_string, - kex->server_version_string, - buffer_ptr(&kex->peer), buffer_len(&kex->peer), - buffer_ptr(&kex->my), buffer_len(&kex->my), - server_host_key_blob, sbloblen, - min, nbits, max, - dh->p, dh->g, - dh_client_pub, - dh->pub_key, - shared_secret - ); - BN_clear_free(dh_client_pub); - - /* save session id := H */ - /* XXX hashlen depends on KEX */ - if (kex->session_id == NULL) { - kex->session_id_len = 20; - kex->session_id = xmalloc(kex->session_id_len); - memcpy(kex->session_id, hash, kex->session_id_len); - } - - /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); - - /* destroy_sensitive_data(); */ - - /* send server hostkey, DH pubkey 'f' and singed H */ - debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); - packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); - packet_put_string(server_host_key_blob, sbloblen); - packet_put_bignum2(dh->pub_key); /* f */ - packet_put_string(signature, slen); - packet_send(); - - xfree(signature); - xfree(server_host_key_blob); - /* have keys, free DH */ - DH_free(dh); - - kex_derive_keys(kex, hash, shared_secret); - BN_clear_free(shared_secret); - - kex_finish(kex); -} - -void -kexgex(Kex *kex) -{ - if (kex->server) - kexgex_server(kex); - else - kexgex_client(kex); -} diff --git a/kexgexc.c b/kexgexc.c new file mode 100644 index 000000000..f14ac44ca --- /dev/null +++ b/kexgexc.c @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); + +#include "xmalloc.h" +#include "key.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "compat.h" + +void +kexgex_client(Kex *kex) +{ + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; + BIGNUM *p = NULL, *g = NULL; + Key *server_host_key; + u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; + u_int klen, kout, slen, sbloblen; + int min, max, nbits; + DH *dh; + + nbits = dh_estimate(kex->we_need * 8); + + if (datafellows & SSH_OLD_DHGEX) { + debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent"); + + /* Old GEX request */ + packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); + packet_put_int(nbits); + min = DH_GRP_MIN; + max = DH_GRP_MAX; + } else { + debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); + + /* New GEX request */ + min = DH_GRP_MIN; + max = DH_GRP_MAX; + packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); + packet_put_int(min); + packet_put_int(nbits); + packet_put_int(max); + } +#ifdef DEBUG_KEXDH + fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", + min, nbits, max); +#endif + packet_send(); + + debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); + packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); + + if ((p = BN_new()) == NULL) + fatal("BN_new"); + packet_get_bignum2(p); + if ((g = BN_new()) == NULL) + fatal("BN_new"); + packet_get_bignum2(g); + packet_check_eom(); + + if (BN_num_bits(p) < min || BN_num_bits(p) > max) + fatal("DH_GEX group out of range: %d !< %d !< %d", + min, BN_num_bits(p), max); + + dh = dh_new_group(g, p); + dh_gen_key(dh, kex->we_need * 8); + +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, dh->pub_key); + fprintf(stderr, "\n"); +#endif + + debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); + /* generate and send 'e', client DH public key */ + packet_start(SSH2_MSG_KEX_DH_GEX_INIT); + packet_put_bignum2(dh->pub_key); + packet_send(); + + debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); + packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY); + + /* key, cert */ + server_host_key_blob = packet_get_string(&sbloblen); + server_host_key = key_from_blob(server_host_key_blob, sbloblen); + if (server_host_key == NULL) + fatal("cannot decode server_host_key_blob"); + if (server_host_key->type != kex->hostkey_type) + fatal("type mismatch for decoded server_host_key_blob"); + if (kex->verify_host_key == NULL) + fatal("cannot verify server_host_key"); + if (kex->verify_host_key(server_host_key) == -1) + fatal("server_host_key verification failed"); + + /* DH paramter f, server public DH key */ + if ((dh_server_pub = BN_new()) == NULL) + fatal("dh_server_pub == NULL"); + packet_get_bignum2(dh_server_pub); + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_server_pub= "); + BN_print_fp(stderr, dh_server_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_server_pub)); +#endif + + /* signed H */ + signature = packet_get_string(&slen); + packet_check_eom(); + + if (!dh_pub_is_valid(dh, dh_server_pub)) + packet_disconnect("bad server public DH value"); + + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_server_pub, dh); +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("kexgex_client: BN_new failed"); + BN_bin2bn(kbuf, kout, shared_secret); + memset(kbuf, 0, klen); + xfree(kbuf); + + if (datafellows & SSH_OLD_DHGEX) + min = max = -1; + + /* calc and verify H */ + hash = kexgex_hash( + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->my), buffer_len(&kex->my), + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + server_host_key_blob, sbloblen, + min, nbits, max, + dh->p, dh->g, + dh->pub_key, + dh_server_pub, + shared_secret + ); + /* have keys, free DH */ + DH_free(dh); + xfree(server_host_key_blob); + BN_clear_free(dh_server_pub); + + if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + fatal("key_verify failed for server_host_key"); + key_free(server_host_key); + xfree(signature); + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = 20; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); + + kex_finish(kex); +} diff --git a/kexgexs.c b/kexgexs.c new file mode 100644 index 000000000..baebfcfb0 --- /dev/null +++ b/kexgexs.c @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2000 Niels Provos. All rights reserved. + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); + +#include "xmalloc.h" +#include "key.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#include "compat.h" +#include "monitor_wrap.h" + +void +kexgex_server(Kex *kex) +{ + BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; + Key *server_host_key; + DH *dh; + u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; + u_int sbloblen, klen, kout, slen; + int min = -1, max = -1, nbits = -1, type; + + if (kex->load_host_key == NULL) + fatal("Cannot load hostkey"); + server_host_key = kex->load_host_key(kex->hostkey_type); + if (server_host_key == NULL) + fatal("Unsupported hostkey type %d", kex->hostkey_type); + + type = packet_read(); + switch (type) { + case SSH2_MSG_KEX_DH_GEX_REQUEST: + debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); + min = packet_get_int(); + nbits = packet_get_int(); + max = packet_get_int(); + min = MAX(DH_GRP_MIN, min); + max = MIN(DH_GRP_MAX, max); + break; + case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: + debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); + nbits = packet_get_int(); + min = DH_GRP_MIN; + max = DH_GRP_MAX; + /* unused for old GEX */ + break; + default: + fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); + } + packet_check_eom(); + + if (max < min || nbits < min || max < nbits) + fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", + min, nbits, max); + + /* Contact privileged parent */ + dh = PRIVSEP(choose_dh(min, nbits, max)); + if (dh == NULL) + packet_disconnect("Protocol error: no matching DH grp found"); + + debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); + packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); + packet_put_bignum2(dh->p); + packet_put_bignum2(dh->g); + packet_send(); + + /* flush */ + packet_write_wait(); + + /* Compute our exchange value in parallel with the client */ + dh_gen_key(dh, kex->we_need * 8); + + debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); + packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT); + + /* key, cert */ + if ((dh_client_pub = BN_new()) == NULL) + fatal("dh_client_pub == NULL"); + packet_get_bignum2(dh_client_pub); + packet_check_eom(); + +#ifdef DEBUG_KEXDH + fprintf(stderr, "dh_client_pub= "); + BN_print_fp(stderr, dh_client_pub); + fprintf(stderr, "\n"); + debug("bits %d", BN_num_bits(dh_client_pub)); +#endif + +#ifdef DEBUG_KEXDH + DHparams_print_fp(stderr, dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, dh->pub_key); + fprintf(stderr, "\n"); +#endif + if (!dh_pub_is_valid(dh, dh_client_pub)) + packet_disconnect("bad client public DH value"); + + klen = DH_size(dh); + kbuf = xmalloc(klen); + kout = DH_compute_key(kbuf, dh_client_pub, dh); +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, kout); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("kexgex_server: BN_new failed"); + BN_bin2bn(kbuf, kout, shared_secret); + memset(kbuf, 0, klen); + xfree(kbuf); + + key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); + + if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) + min = max = -1; + + /* calc H */ /* XXX depends on 'kex' */ + hash = kexgex_hash( + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + buffer_ptr(&kex->my), buffer_len(&kex->my), + server_host_key_blob, sbloblen, + min, nbits, max, + dh->p, dh->g, + dh_client_pub, + dh->pub_key, + shared_secret + ); + BN_clear_free(dh_client_pub); + + /* save session id := H */ + /* XXX hashlen depends on KEX */ + if (kex->session_id == NULL) { + kex->session_id_len = 20; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + /* sign H */ + /* XXX hashlen depends on KEX */ + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + + /* destroy_sensitive_data(); */ + + /* send server hostkey, DH pubkey 'f' and singed H */ + debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); + packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); + packet_put_string(server_host_key_blob, sbloblen); + packet_put_bignum2(dh->pub_key); /* f */ + packet_put_string(signature, slen); + packet_send(); + + xfree(signature); + xfree(server_host_key_blob); + /* have keys, free DH */ + DH_free(dh); + + kex_derive_keys(kex, hash, shared_secret); + BN_clear_free(shared_secret); + + kex_finish(kex); +} diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 8c14d6d26..5b4eb82d1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.41 2003/02/16 17:09:57 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -354,6 +354,8 @@ keygrab_ssh2(con *c) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? "ssh-dss": "ssh-rsa"; c->c_kex = kex_setup(myproposal); + c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->verify_host_key = hostjump; if (!(j = setjmp(kexjmp))) { diff --git a/sshconnect2.c b/sshconnect2.c index de33e142b..81d1b91c7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.110 2002/12/19 00:07:02 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.111 2003/02/16 17:09:57 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -110,6 +110,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* start key exchange */ kex = kex_setup(myproposal); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.c b/sshd.c index ca2d4d1bc..86441cff1 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.262 2003/01/27 17:06:31 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $"); #include #include @@ -202,8 +202,8 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ -extern struct monitor *pmonitor; -extern int use_privsep; +int use_privsep; +struct monitor *pmonitor; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); @@ -1814,6 +1814,8 @@ do_ssh2_kex(void) /* start key exchange */ kex = kex_setup(myproposal); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; -- cgit v1.2.3 From 06ebedf3656bbe603d0a0d8db9eeeb35ff702643 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:03:38 +1100 Subject: - markus@cvs.openbsd.org 2003/02/16 17:30:33 [monitor.c monitor_wrap.c] fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@ --- ChangeLog | 6 +++++- monitor.c | 4 +++- monitor_wrap.c | 17 ++++++++++++++--- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2fdcb2782..79594ab20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,10 @@ [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@ + - markus@cvs.openbsd.org 2003/02/16 17:30:33 + [monitor.c monitor_wrap.c] + fix permitrootlogin forced-commands-only for privsep; bux #387; + ok provos@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1167,4 +1171,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2612 2003/02/24 01:03:03 djm Exp $ +$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $ diff --git a/monitor.c b/monitor.c index 07d1728ec..694cd630a 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.31 2003/02/04 09:33:22 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $"); #include @@ -826,6 +826,7 @@ mm_answer_keyallowed(int socket, Buffer *m) buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); mm_append_debug(m); @@ -1188,6 +1189,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) } buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); /* clear temporarily storage (used by generate challenge) */ monitor_reset_key_state(); diff --git a/monitor_wrap.c b/monitor_wrap.c index 551bbc15a..1395a32f4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.22 2003/02/16 17:30:33 markus Exp $"); #include #include @@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.21 2003/02/04 09:33:22 markus Exp $"); #include "dh.h" #include "kex.h" #include "auth.h" +#include "auth-options.h" #include "buffer.h" #include "bufaux.h" #include "packet.h" @@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) Buffer m; u_char *blob; u_int len; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + /* Send potential debug messages */ mm_send_debug(&m); @@ -853,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) Key *key; u_char *blob; u_int blen; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -865,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + if (allowed && rkey != NULL) { blob = buffer_get_string(&m, &blen); if ((key = key_from_blob(blob, blen)) == NULL) -- cgit v1.2.3 From 9f82c8fa4f9b6b258caf432567d43b5194d99ad0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:04:33 +1100 Subject: - markus@cvs.openbsd.org 2003/02/21 09:05:53 [servconf.c] print sshd_config filename in debug2 mode. --- ChangeLog | 5 ++++- servconf.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 79594ab20..c37cd63f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,9 @@ [monitor.c monitor_wrap.c] fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@ + - markus@cvs.openbsd.org 2003/02/21 09:05:53 + [servconf.c] + print sshd_config filename in debug2 mode. 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1171,4 +1174,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2613 2003/02/24 01:03:38 djm Exp $ +$Id: ChangeLog,v 1.2614 2003/02/24 01:04:33 djm Exp $ diff --git a/servconf.c b/servconf.c index e3939df40..2510659ee 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $"); #if defined(KRB4) #include @@ -935,6 +935,7 @@ read_server_config(ServerOptions *options, const char *filename) char line[1024]; FILE *f; + debug2("read_server_config: filename %s", filename); f = fopen(filename, "r"); if (!f) { perror(filename); -- cgit v1.2.3 From 543402108ed6140bff2ddd6eb4011413b1d3b97f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:05:18 +1100 Subject: - mpech@cvs.openbsd.org 2003/02/21 10:34:48 [auth-krb4.c] ...sizeof(&adat.session) is not good here. henning@, deraadt@, millert@ --- ChangeLog | 6 +++++- auth-krb4.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c37cd63f5..5f0c83713 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,6 +74,10 @@ - markus@cvs.openbsd.org 2003/02/21 09:05:53 [servconf.c] print sshd_config filename in debug2 mode. + - mpech@cvs.openbsd.org 2003/02/21 10:34:48 + [auth-krb4.c] + ...sizeof(&adat.session) is not good here. + henning@, deraadt@, millert@ 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1174,4 +1178,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2614 2003/02/24 01:04:33 djm Exp $ +$Id: ChangeLog,v 1.2615 2003/02/24 01:05:18 djm Exp $ diff --git a/auth-krb4.c b/auth-krb4.c index b86ce7e49..b28df469f 100644 --- a/auth-krb4.c +++ b/auth-krb4.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: auth-krb4.c,v 1.29 2003/02/21 10:34:48 mpech Exp $"); #include "ssh.h" #include "ssh1.h" @@ -271,7 +271,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply) reply->length = r; /* Clear session key. */ - memset(&adat.session, 0, sizeof(&adat.session)); + memset(&adat.session, 0, sizeof(adat.session)); return (1); } #endif /* KRB4 */ -- cgit v1.2.3 From d194048f573136f1c2c34d25f951b78f4ffc7d77 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:18:46 +1100 Subject: - (djm) Add new object files to Makefile and reorder --- ChangeLog | 3 ++- Makefile.in | 29 +++++++++++++++++++++++------ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5f0c83713..b2d744843 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,6 +78,7 @@ [auth-krb4.c] ...sizeof(&adat.session) is not good here. henning@, deraadt@, millert@ + - (djm) Add new object files to Makefile and reorder 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1178,4 +1179,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2615 2003/02/24 01:05:18 djm Exp $ +$Id: ChangeLog,v 1.2616 2003/02/24 01:18:46 djm Exp $ diff --git a/Makefile.in b/Makefile.in index c3efac60f..276af9870 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.225 2003/01/13 05:55:23 djm Exp $ +# $Id: Makefile.in,v 1.226 2003/02/24 01:18:47 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -62,11 +62,28 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o - -SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o - -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o +LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ + cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ + hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \ + rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ + key.o dispatch.o kex.o mac.o uuencode.o misc.o \ + rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ + kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \ + entropy.o + +SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ + sshconnect.o sshconnect1.o sshconnect2.o + +SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ + sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \ + auth.o auth1.o auth2.o auth-options.o session.o \ + auth-chall.o auth2-chall.o groupaccess.o \ + auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ + auth2-none.o auth2-passwd.o auth2-pubkey.o \ + monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ + kexdhs.o kexgexs.o \ + auth-krb5.o auth-krb4.o \ + loginrec.o auth-pam.o auth-sia.o md5crypt.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 -- cgit v1.2.3 From 30947c72878e2dd1e6cf614d73bae226ab863b60 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:35:08 +1100 Subject: - (djm) Bug #501: gai_strerror should return char*; fix from dtucker@zip.com.au --- ChangeLog | 4 +++- openbsd-compat/fake-getaddrinfo.c | 4 ++-- openbsd-compat/fake-getaddrinfo.h | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b2d744843..fab77a966 100644 --- a/ChangeLog +++ b/ChangeLog @@ -79,6 +79,8 @@ ...sizeof(&adat.session) is not good here. henning@, deraadt@, millert@ - (djm) Add new object files to Makefile and reorder + - (djm) Bug #501: gai_strerror should return char*; + fix from dtucker@zip.com.au 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1179,4 +1181,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2616 2003/02/24 01:18:46 djm Exp $ +$Id: ChangeLog,v 1.2617 2003/02/24 01:35:08 djm Exp $ diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c index 2a2f269cb..e04776606 100644 --- a/openbsd-compat/fake-getaddrinfo.c +++ b/openbsd-compat/fake-getaddrinfo.c @@ -12,10 +12,10 @@ #include "includes.h" #include "ssh.h" -RCSID("$Id: fake-getaddrinfo.c,v 1.3 2003/02/05 23:50:42 djm Exp $"); +RCSID("$Id: fake-getaddrinfo.c,v 1.4 2003/02/24 01:35:09 djm Exp $"); #ifndef HAVE_GAI_STRERROR -const char *gai_strerror(int ecode) +char *gai_strerror(int ecode) { switch (ecode) { case EAI_NODATA: diff --git a/openbsd-compat/fake-getaddrinfo.h b/openbsd-compat/fake-getaddrinfo.h index a14a2cc11..6943378e9 100644 --- a/openbsd-compat/fake-getaddrinfo.h +++ b/openbsd-compat/fake-getaddrinfo.h @@ -1,4 +1,4 @@ -/* $Id: fake-getaddrinfo.h,v 1.3 2003/02/05 23:50:43 djm Exp $ */ +/* $Id: fake-getaddrinfo.h,v 1.4 2003/02/24 01:35:09 djm Exp $ */ #ifndef _FAKE_GETADDRINFO_H #define _FAKE_GETADDRINFO_H @@ -37,7 +37,7 @@ int getaddrinfo(const char *hostname, const char *servname, #endif /* !HAVE_GETADDRINFO */ #ifndef HAVE_GAI_STRERROR -const char *gai_strerror(int ecode); +char *gai_strerror(int ecode); #endif /* !HAVE_GAI_STRERROR */ #ifndef HAVE_FREEADDRINFO -- cgit v1.2.3 From b16f874d89402333aabcc7988de59766934bf83d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:47:15 +1100 Subject: - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter --- ChangeLog | 3 ++- configure.ac | 6 +++--- progressmeter.c | 7 +++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index fab77a966..6650c9970 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,6 +81,7 @@ - (djm) Add new object files to Makefile and reorder - (djm) Bug #501: gai_strerror should return char*; fix from dtucker@zip.com.au + - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1181,4 +1182,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2617 2003/02/24 01:35:08 djm Exp $ +$Id: ChangeLog,v 1.2618 2003/02/24 01:47:15 djm Exp $ diff --git a/configure.ac b/configure.ac index 03c5358fe..6965c05f2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.106 2003/02/10 23:04:03 djm Exp $ +# $Id: configure.ac,v 1.107 2003/02/24 01:47:16 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -383,7 +383,7 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h ia.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ @@ -610,7 +610,7 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode strnvis sysconf \ + socketpair strerror strlcat strlcpy strmode strnvis sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) diff --git a/progressmeter.c b/progressmeter.c index 948d361d2..9956201f3 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -62,7 +62,9 @@ #include "includes.h" RCSID("$OpenBSD: progressmeter.c,v 1.2 2003/01/12 16:57:02 markus Exp $"); +#ifdef HAVE_LIBGEN_H #include +#endif #include "atomicio.h" #include "progressmeter.h" @@ -147,8 +149,13 @@ foregroundproc(void) if (pgrp == -1) pgrp = getpgrp(); +#ifdef HAVE_TCGETPGRP + return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 && + ctty_pgrp == pgrp); +#else return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && ctty_pgrp == pgrp)); +#endif } static void -- cgit v1.2.3 From 8d8168a255c17ca343865d1ee4962f2cba46b2d8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 12:55:55 +1100 Subject: - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc --- ChangeLog | 3 +- configure.ac | 4 +-- openbsd-compat/Makefile.in | 4 +-- openbsd-compat/basename.c | 73 +++++++++++++++++++++++++++++++++++++++++ openbsd-compat/basename.h | 12 +++++++ openbsd-compat/openbsd-compat.h | 3 +- 6 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 openbsd-compat/basename.c create mode 100644 openbsd-compat/basename.h diff --git a/ChangeLog b/ChangeLog index 6650c9970..008a7f4f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -82,6 +82,7 @@ - (djm) Bug #501: gai_strerror should return char*; fix from dtucker@zip.com.au - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter + - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1182,4 +1183,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2618 2003/02/24 01:47:15 djm Exp $ +$Id: ChangeLog,v 1.2619 2003/02/24 01:55:55 djm Exp $ diff --git a/configure.ac b/configure.ac index 6965c05f2..20110761b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.107 2003/02/24 01:47:16 djm Exp $ +# $Id: configure.ac,v 1.108 2003/02/24 01:55:55 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -601,7 +601,7 @@ AC_ARG_WITH(tcp-wrappers, ) dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ +AC_CHECK_FUNCS(arc4random b64_ntop bcopy basename bindresvport_sa \ clock fchmod fchown freeaddrinfo futimes gai_strerror \ getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ getrlimit getrusage getttyent glob inet_aton inet_ntoa \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 8b1e5b538..8615e3633 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.24 2003/01/07 06:04:18 djm Exp $ +# $Id: Makefile.in,v 1.25 2003/02/24 01:55:56 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c new file mode 100644 index 000000000..5a3823bc5 --- /dev/null +++ b/openbsd-compat/basename.c @@ -0,0 +1,73 @@ +/* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */ + +/* + * Copyright (c) 1997 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "includes.h" + +#if !defined(HAVE_BASENAME) + +#ifndef lint +static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $"; +#endif /* not lint */ + +char * +basename(const char *path) +{ + static char bname[MAXPATHLEN]; + register const char *endp, *startp; + + /* Empty or NULL string gets treated as "." */ + if (path == NULL || *path == '\0') { + (void)strlcpy(bname, ".", sizeof bname); + return(bname); + } + + /* Strip trailing slashes */ + endp = path + strlen(path) - 1; + while (endp > path && *endp == '/') + endp--; + + /* All slashes become "/" */ + if (endp == path && *endp == '/') { + (void)strlcpy(bname, "/", sizeof bname); + return(bname); + } + + /* Find the start of the base */ + startp = endp; + while (startp > path && *(startp - 1) != '/') + startp--; + + if (endp - startp + 2 > sizeof(bname)) { + errno = ENAMETOOLONG; + return(NULL); + } + strlcpy(bname, startp, endp - startp + 2); + return(bname); +} + +#endif /* !defined(HAVE_BASENAME) */ diff --git a/openbsd-compat/basename.h b/openbsd-compat/basename.h new file mode 100644 index 000000000..0a14ff5c1 --- /dev/null +++ b/openbsd-compat/basename.h @@ -0,0 +1,12 @@ +/* $Id: basename.h,v 1.1 2003/02/24 01:55:56 djm Exp $ */ + +#ifndef _BASENAME_H +#define _BASENAME_H +#include "config.h" + +#if !defined(HAVE_BASENAME) + +char *getcwd(char *pt, size_t size); + +#endif /* !defined(HAVE_BASENAME) */ +#endif /* _BASENAME_H */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index dcb7ba15b..c3e19b9cb 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.18 2003/01/07 06:04:18 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.19 2003/02/24 01:55:56 djm Exp $ */ #ifndef _OPENBSD_H #define _OPENBSD_H @@ -6,6 +6,7 @@ #include "config.h" /* OpenBSD function replacements */ +#include "basename.h" #include "bindresvport.h" #include "getcwd.h" #include "realpath.h" -- cgit v1.2.3 From 1a3ccb07c5709672d327afefd7fb6971e96b1ef7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 13:04:01 +1100 Subject: - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; From vinschen@redhat.com --- ChangeLog | 7 +++++-- session.c | 12 ++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 008a7f4f9..0fc1191bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,8 +81,11 @@ - (djm) Add new object files to Makefile and reorder - (djm) Bug #501: gai_strerror should return char*; fix from dtucker@zip.com.au - - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter + - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter; + From vinschen@redhat.com - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc + - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; + From vinschen@redhat.com 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1183,4 +1186,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2619 2003/02/24 01:55:55 djm Exp $ +$Id: ChangeLog,v 1.2620 2003/02/24 02:04:01 djm Exp $ diff --git a/session.c b/session.c index c64240cf2..a1586d3b4 100644 --- a/session.c +++ b/session.c @@ -1205,11 +1205,11 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { -#ifdef HAVE_CYGWIN - if (is_winnt) { -#else /* HAVE_CYGWIN */ - if (getuid() == 0 || geteuid() == 0) { +#ifndef HAVE_CYGWIN + if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ + { + #ifdef HAVE_SETPCRED setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ @@ -1259,6 +1259,10 @@ do_setusercontext(struct passwd *pw) permanently_set_uid(pw); #endif } + +#ifdef HAVE_CYGWIN + if (is_winnt) +#endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } -- cgit v1.2.3 From fe1f14375a6a739fa662b4a9d5e9744bff9716eb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Feb 2003 15:45:42 +1100 Subject: - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com --- ChangeLog | 3 ++- config.sub | 4 ++++ configure.ac | 28 +++++++++++++++------------- openbsd-compat/base64.c | 9 +++++++-- openbsd-compat/base64.h | 11 ++++++++--- 5 files changed, 36 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0fc1191bf..b99e2bb98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -86,6 +86,7 @@ - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; From vinschen@redhat.com + - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com 20030211 - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com @@ -1186,4 +1187,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2620 2003/02/24 02:04:01 djm Exp $ +$Id: ChangeLog,v 1.2621 2003/02/24 04:45:42 djm Exp $ diff --git a/config.sub b/config.sub index 9ff085efa..a03c1d15a 100755 --- a/config.sub +++ b/config.sub @@ -887,6 +887,10 @@ case $basic_machine in basic_machine=sv1-cray os=-unicos ;; + sx*-nec) + basic_machine=sx6-nec + os=-sysv + ;; symmetry) basic_machine=i386-sequent os=-dynix diff --git a/configure.ac b/configure.ac index 20110761b..bdf80288e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.108 2003/02/24 01:55:55 djm Exp $ +# $Id: configure.ac,v 1.109 2003/02/24 04:45:43 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -600,18 +600,20 @@ AC_ARG_WITH(tcp-wrappers, ] ) -dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random b64_ntop bcopy basename bindresvport_sa \ - clock fchmod fchown freeaddrinfo futimes gai_strerror \ - getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ - getrlimit getrusage getttyent glob inet_aton inet_ntoa \ - inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp \ - mmap ngetaddrinfo nsleep openpty ogetaddrinfo pstat readpassphrase \ - realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ - setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ - setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode strnvis sysconf tcgetpgrp \ - truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +dnl Checks for library functions. Please keep in alphabetical order +AC_CHECK_FUNCS(\ + arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ + bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ + gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ + getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ + inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ + mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ + readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ + setegid setenv seteuid setgroups setlogin setpcred setproctitle \ + setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ + snprintf socketpair strerror strlcat strlcpy strmode strnvis \ + sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ +) AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c index 005170b80..91a5ab0ed 100644 --- a/openbsd-compat/base64.c +++ b/openbsd-compat/base64.c @@ -44,7 +44,7 @@ #include "includes.h" -#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) +#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) #include #include @@ -130,6 +130,7 @@ static const char Pad64 = '='; characters followed by one "=" padding character. */ +#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) { @@ -190,6 +191,9 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) target[datalength] = '\0'; /* Returned value doesn't count \0. */ return (datalength); } +#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ + +#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) /* skips all whitespace anywhere. converts characters, four at a time, starting at (or after) @@ -314,4 +318,5 @@ b64_pton(char const *src, u_char *target, size_t targsize) return (tarindex); } -#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ +#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */ +#endif diff --git a/openbsd-compat/base64.h b/openbsd-compat/base64.h index c92e70ea0..72db3ffc7 100644 --- a/openbsd-compat/base64.h +++ b/openbsd-compat/base64.h @@ -1,4 +1,4 @@ -/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */ +/* $Id: base64.h,v 1.4 2003/02/24 04:45:43 djm Exp $ */ #ifndef _BSD_BASE64_H #define _BSD_BASE64_H @@ -9,10 +9,15 @@ # ifndef HAVE_B64_NTOP int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize); -int b64_pton(char const *src, u_char *target, size_t targsize); # endif /* !HAVE_B64_NTOP */ # define __b64_ntop b64_ntop -# define __b64_pton b64_pton #endif /* HAVE___B64_NTOP */ +#ifndef HAVE___B64_PTON +# ifndef HAVE_B64_PTON +int b64_pton(char const *src, u_char *target, size_t targsize); +# endif /* !HAVE_B64_PTON */ +# define __b64_pton b64_pton +#endif /* HAVE___B64_PTON */ + #endif /* _BSD_BASE64_H */ -- cgit v1.2.3 From ca49a977888c5a318c55749fd6e1d3a9efe4b0bf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 25 Feb 2003 10:22:35 +1100 Subject: - (djm) Fix some compile errors spotted by dtucker and his fabulous tinderbox --- ChangeLog | 6 +++++- Makefile.in | 4 ++-- crc32.c | 3 +-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b99e2bb98..41c66dbd3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030225 + - (djm) Fix some compile errors spotted by dtucker and his fabulous + tinderbox + 20030224 - (djm) Tweak gnome-ssh-askpass2: - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't @@ -1187,4 +1191,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2621 2003/02/24 04:45:42 djm Exp $ +$Id: ChangeLog,v 1.2622 2003/02/24 23:22:35 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 276af9870..350b417f1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.226 2003/02/24 01:18:47 djm Exp $ +# $Id: Makefile.in,v 1.227 2003/02/24 23:22:36 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -83,7 +83,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ kexdhs.o kexgexs.o \ auth-krb5.o auth-krb4.o \ - loginrec.o auth-pam.o auth-sia.o md5crypt.o + loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/crc32.c b/crc32.c index 89c808a8d..ac627b57a 100644 --- a/crc32.c +++ b/crc32.c @@ -23,8 +23,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include +#include "includes.h" #include "crc32.h" static const u_int32_t crc32tab[] = { -- cgit v1.2.3 From 17bbc45a11a6cab7f308095c5aef6d9fbfe798c9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 25 Feb 2003 10:25:12 +1100 Subject: me <- idiot --- openbsd-compat/basename.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openbsd-compat/basename.h b/openbsd-compat/basename.h index 0a14ff5c1..d4f3c2f27 100644 --- a/openbsd-compat/basename.h +++ b/openbsd-compat/basename.h @@ -1,4 +1,4 @@ -/* $Id: basename.h,v 1.1 2003/02/24 01:55:56 djm Exp $ */ +/* $Id: basename.h,v 1.2 2003/02/24 23:25:12 djm Exp $ */ #ifndef _BASENAME_H #define _BASENAME_H @@ -6,7 +6,7 @@ #if !defined(HAVE_BASENAME) -char *getcwd(char *pt, size_t size); +char *basename(char *path); #endif /* !defined(HAVE_BASENAME) */ #endif /* _BASENAME_H */ -- cgit v1.2.3 From 73942b9d54ec71ae76e58d5bf3b06f094bfc3002 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 25 Feb 2003 14:32:16 +1100 Subject: duh --- openbsd-compat/basename.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openbsd-compat/basename.h b/openbsd-compat/basename.h index d4f3c2f27..a8bd6c17c 100644 --- a/openbsd-compat/basename.h +++ b/openbsd-compat/basename.h @@ -1,4 +1,4 @@ -/* $Id: basename.h,v 1.2 2003/02/24 23:25:12 djm Exp $ */ +/* $Id: basename.h,v 1.3 2003/02/25 03:32:16 djm Exp $ */ #ifndef _BASENAME_H #define _BASENAME_H @@ -6,7 +6,7 @@ #if !defined(HAVE_BASENAME) -char *basename(char *path); +char *basename(const char *path); #endif /* !defined(HAVE_BASENAME) */ #endif /* _BASENAME_H */ -- cgit v1.2.3 From 0011138d47e284273ba77415f7162aaab60d9a44 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Mar 2003 11:21:17 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/05 22:33:43 [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] [sftp-server.c ssh-add.c sshconnect2.c] fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ --- ChangeLog | 9 ++++++++- channels.c | 4 +++- monitor.c | 12 +++++++++--- scp.c | 10 +++++++--- session.c | 9 +++++---- sftp-client.c | 5 ++++- sftp-int.c | 3 ++- sftp-server.c | 10 ++++++---- ssh-add.c | 9 ++++++--- sshconnect2.c | 3 ++- 10 files changed, 52 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 41c66dbd3..984223fb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20030310 +- (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/05 22:33:43 + [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] + [sftp-server.c ssh-add.c sshconnect2.c] + fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ + 20030225 - (djm) Fix some compile errors spotted by dtucker and his fabulous tinderbox @@ -1191,4 +1198,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2622 2003/02/24 23:22:35 djm Exp $ +$Id: ChangeLog,v 1.2623 2003/03/10 00:21:17 djm Exp $ diff --git a/channels.c b/channels.c index ea1d46c21..1937b0244 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.186 2003/01/10 10:32:54 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1997,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) c->remote_id = remote_id; } if (c == NULL) { + xfree(originator_string); packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); packet_send(); @@ -2609,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) /* Send refusal to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remote_id); + xfree(remote_host); } else { /* Send a confirmation to the remote host. */ packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); diff --git a/monitor.c b/monitor.c index 694cd630a..2b4168831 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.32 2003/02/16 17:30:33 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.33 2003/03/05 22:33:43 markus Exp $"); #include @@ -806,8 +806,9 @@ mm_answer_keyallowed(int socket, Buffer *m) fatal("%s: unknown key type %d", __func__, type); break; } - key_free(key); } + if (key != NULL) + key_free(key); /* clear temporarily storage (used by verify) */ monitor_reset_key_state(); @@ -1204,8 +1205,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) key_blob = blob; key_bloblen = blen; key_blobtype = MM_RSAUSERKEY; - key_free(key); } + if (key != NULL) + key_free(key); mm_append_debug(m); @@ -1246,6 +1248,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m) mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); + + xfree(blob); + key_free(key); return (0); } @@ -1276,6 +1281,7 @@ mm_answer_rsa_response(int socket, Buffer *m) fatal("%s: received bad response to challenge", __func__); success = auth_rsa_verify_response(key, ssh1_challenge, response); + xfree(blob); key_free(key); xfree(response); diff --git a/scp.c b/scp.c index e44a1cf69..ab67c0bb8 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -395,10 +395,14 @@ toremote(targ, argc, argv) suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; - else if (!okname(suser)) + else if (!okname(suser)) { + xfree(bp); continue; - if (tuser && !okname(tuser)) + } + if (tuser && !okname(tuser)) { + xfree(bp); continue; + } snprintf(bp, len, "%s%s %s -n " "-l %s %s %s %s '%s%s%s:%s'", diff --git a/session.c b/session.c index a1586d3b4..ce9db27ef 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.153 2003/02/06 09:26:23 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -951,7 +951,7 @@ do_setup_env(Session *s, const char *shell) { char buf[256]; u_int i, envsize; - char **env; + char **env, *laddr; struct passwd *pw = s->pw; /* Initialize the environment. */ @@ -1030,9 +1030,10 @@ do_setup_env(Session *s, const char *shell) get_remote_ipaddr(), get_remote_port(), get_local_port()); child_set_env(&env, &envsize, "SSH_CLIENT", buf); + laddr = get_local_ipaddr(packet_get_connection_in()); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", - get_remote_ipaddr(), get_remote_port(), - get_local_ipaddr(packet_get_connection_in()), get_local_port()); + get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); + xfree(laddr); child_set_env(&env, &envsize, "SSH_CONNECTION", buf); if (s->ttyfd != -1) diff --git a/sftp-client.c b/sftp-client.c index 8c12dae11..3b3279e65 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.41 2003/01/14 10:58:00 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.42 2003/03/05 22:33:43 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -374,6 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, error("Couldn't read directory: %s", fx2txt(status)); do_close(conn, handle, handle_len); + xfree(handle); return(status); } } else if (type != SSH2_FXP_NAME) @@ -1113,6 +1114,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, remote_path, fx2txt(status)); do_close(conn, handle, handle_len); close(local_fd); + xfree(data); + xfree(ack); goto done; } debug3("In write loop, ack for %u %u bytes at %llu", diff --git a/sftp-int.c b/sftp-int.c index 013ea84e0..6987de9a3 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.56 2003/01/16 03:41:55 djm Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.57 2003/03/05 22:33:43 markus Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -1104,6 +1104,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) err = parse_dispatch_command(conn, cmd, &pwd, 1); xfree(dir); + xfree(pwd); return (err); } xfree(dir); diff --git a/sftp-server.c b/sftp-server.c index 4eb31d94e..0c00003f8 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.39 2003/02/06 09:29:18 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.40 2003/03/05 22:33:43 markus Exp $"); #include "buffer.h" #include "bufaux.h" @@ -158,7 +158,7 @@ handle_new(int use, char *name, int fd, DIR *dirp) handles[i].use = use; handles[i].dirp = dirp; handles[i].fd = fd; - handles[i].name = name; + handles[i].name = xstrdup(name); return i; } } @@ -230,9 +230,11 @@ handle_close(int handle) if (handle_is_ok(handle, HANDLE_FILE)) { ret = close(handles[handle].fd); handles[handle].use = HANDLE_UNUSED; + xfree(handles[handle].name); } else if (handle_is_ok(handle, HANDLE_DIR)) { ret = closedir(handles[handle].dirp); handles[handle].use = HANDLE_UNUSED; + xfree(handles[handle].name); } else { errno = ENOENT; } @@ -396,7 +398,7 @@ process_open(void) if (fd < 0) { status = errno_to_portable(errno); } else { - handle = handle_new(HANDLE_FILE, xstrdup(name), fd, NULL); + handle = handle_new(HANDLE_FILE, name, fd, NULL); if (handle < 0) { close(fd); } else { @@ -681,7 +683,7 @@ process_opendir(void) if (dirp == NULL) { status = errno_to_portable(errno); } else { - handle = handle_new(HANDLE_DIR, xstrdup(path), 0, dirp); + handle = handle_new(HANDLE_DIR, path, 0, dirp); if (handle < 0) { closedir(dirp); } else { diff --git a/ssh-add.c b/ssh-add.c index 0c2ce163c..9adec3094 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.65 2003/01/23 13:50:27 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $"); #include @@ -195,6 +195,7 @@ static int update_card(AuthenticationConnection *ac, int add, const char *id) { char *pin; + int ret = -1; pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); if (pin == NULL) @@ -203,12 +204,14 @@ update_card(AuthenticationConnection *ac, int add, const char *id) if (ssh_update_card(ac, add, id, pin)) { fprintf(stderr, "Card %s: %s\n", add ? "added" : "removed", id); - return 0; + ret = 0; } else { fprintf(stderr, "Could not %s card: %s\n", add ? "add" : "remove", id); - return -1; + ret = -1; } + xfree(pin); + return ret; } static int diff --git a/sshconnect2.c b/sshconnect2.c index 81d1b91c7..1f92f0296 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.111 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -1014,6 +1014,7 @@ userauth_hostbased(Authctxt *authctxt) strlcpy(chost, p, len); strlcat(chost, ".", len); debug2("userauth_hostbased: chost %s", chost); + xfree(p); service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; -- cgit v1.2.3 From f211efc69071744ad22e0b8a1c7ca01bdff0b91b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Mar 2003 11:23:06 +1100 Subject: - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/ CLOUSEAU --- ChangeLog | 4 +++- loginrec.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 984223fb1..d060257e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] [sftp-server.c ssh-add.c sshconnect2.c] fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ + - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/ + CLOUSEAU 20030225 - (djm) Fix some compile errors spotted by dtucker and his fabulous @@ -1198,4 +1200,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2623 2003/03/10 00:21:17 djm Exp $ +$Id: ChangeLog,v 1.2624 2003/03/10 00:23:06 djm Exp $ diff --git a/loginrec.c b/loginrec.c index 0a5fefad3..6697ca7b0 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.46 2003/01/07 05:46:58 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.47 2003/03/10 00:23:07 djm Exp $"); #ifdef HAVE_UTIL_H # include @@ -1345,6 +1345,7 @@ syslogin_perform_login(struct logininfo *li) } construct_utmp(li, ut); login(ut); + free(ut); return 1; } -- cgit v1.2.3 From 933cc8fb9cd3e34b9b656f73ad8b661c08551875 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Mar 2003 11:38:10 +1100 Subject: - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and dtucker@zip.com.au --- ChangeLog | 4 +++- acconfig.h | 5 ++++- configure.ac | 3 ++- sshd.c | 8 ++++++-- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index d060257e9..37a51edaa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@ - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/ CLOUSEAU + - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and + dtucker@zip.com.au 20030225 - (djm) Fix some compile errors spotted by dtucker and his fabulous @@ -1200,4 +1202,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2624 2003/03/10 00:23:06 djm Exp $ +$Id: ChangeLog,v 1.2625 2003/03/10 00:38:10 djm Exp $ diff --git a/acconfig.h b/acconfig.h index b28966084..b6e4b37cc 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.148 2003/01/28 00:33:44 djm Exp $ */ +/* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -374,6 +374,9 @@ /* Some systems put this outside of libc */ #undef HAVE_NANOSLEEP +/* Pushing STREAMS modules incorrectly acquires a controlling TTY */ +#undef STREAMS_PUSH_ACQUIRES_CTTY + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/configure.ac b/configure.ac index bdf80288e..3469af2f4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.109 2003/02/24 04:45:43 djm Exp $ +# $Id: configure.ac,v 1.110 2003/03/10 00:38:10 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -216,6 +216,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY) # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) diff --git a/sshd.c b/sshd.c index 86441cff1..0f2b2a3ce 100644 --- a/sshd.c +++ b/sshd.c @@ -1400,8 +1400,12 @@ main(int ac, char **av) * setlogin() affects the entire process group. We don't * want the child to be able to affect the parent. */ -#if 0 - /* XXX: this breaks Solaris */ +#if !defined(STREAMS_PUSH_ACQUIRES_CTTY) + /* + * If setsid is called on Solaris, sshd will acquire the controlling + * terminal while pushing STREAMS modules. This will prevent the + * shell from acquiring it later. + */ if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif -- cgit v1.2.3 From c9c1d3757f76381c432bac4ed6b20cfd90167601 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Mar 2003 12:10:45 +1100 Subject: - (djm) AIX package builder update from dtucker@zip.com.au --- ChangeLog | 3 ++- contrib/aix/README | 13 +++++++--- contrib/aix/buildbff.sh | 62 ++++++++++++++++++++++++++++++++++++++++-------- contrib/aix/inventory.sh | 4 ++-- 4 files changed, 66 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 37a51edaa..d86673d35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ CLOUSEAU - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and dtucker@zip.com.au + - (djm) AIX package builder update from dtucker@zip.com.au 20030225 - (djm) Fix some compile errors spotted by dtucker and his fabulous @@ -1202,4 +1203,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2625 2003/03/10 00:38:10 djm Exp $ +$Id: ChangeLog,v 1.2626 2003/03/10 01:10:45 djm Exp $ diff --git a/contrib/aix/README b/contrib/aix/README index 033fd0a5d..82fd8be1b 100644 --- a/contrib/aix/README +++ b/contrib/aix/README @@ -6,9 +6,15 @@ installable) openssh package. Directions: +(optional) create config.local in your build dir ./configure [options] -cd contrib/aix; ./buildbff.sh +contrib/aix/buildbff.sh +The file config.local or the environment is read to set the following options +(default first): +PERMIT_ROOT_LOGIN=[no|yes] +X11_FORWARDING=[no|yes] +AIX_SRC=[no|yes] Acknowledgements: @@ -19,6 +25,8 @@ Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's and for comparison with the output from this script, however no code from lppbuild is included and it is not required for operation. +SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. + Other notes: @@ -26,8 +34,7 @@ The script treats all packages as USR packages (not ROOT+USR when appropriate). It seems to work, though...... If there are any patches to this that have not yet been integrated they -may be found at http://www.zip.com.au/~dtucker/openssh/ or -http://home.usf.advantra.com.au/~dtucker/openssh/. +may be found at http://www.zip.com.au/~dtucker/openssh/. Disclaimer: diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 5c09c6b75..3b3699660 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -11,10 +11,12 @@ # # Tunable configuration settings -# create a "config.local" in your build directory to override these. +# create a "config.local" in your build directory or set +# environment variables to override these. # -PERMIT_ROOT_LOGIN=no -X11_FORWARDING=no +[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no +[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no +[ -z "$AIX_SRC" ] || AIX_SRC=no umask 022 @@ -166,6 +168,18 @@ This software is distributed under a BSD-style license. For the full text of the license, see /usr/lpp/openssh/LICENCE EOD +# +# openssh.size file allows filesystem expansion as required +# generate list of directories containing files +# then calculate disk usage for each directory and store in openssh.size +# +files=`find . -type f -print` +dirs=`for file in $files; do dirname $file; done | sort -u` +for dir in $dirs +do + du $dir +done > ../openssh.size + # # Create postinstall script # @@ -245,14 +259,42 @@ else fi echo -# Add to system startup if required -if grep $sbindir/sshd /etc/rc.tcpip >/dev/null +# Set startup command depending on SRC support +if [ "$AIX_SRC" = "yes" ] +then + echo Creating SRC sshd subsystem. + rmssys -s sshd 2>&1 >/dev/null + mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip + startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\"" + oldstartcmd="$sbindir/sshd" +else + startupcmd="$sbindir/sshd" + oldstartcmd="start $sbindir/sshd \\\"$src_running\\\"" +fi + +# If migrating to or from SRC, change previous startup command +# otherwise add to rc.tcpip +if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null then - echo "sshd found in rc.tcpip, not adding." + if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new + then + chmod 0755 /etc/rc.tcpip.new + mv /etc/rc.tcpip /etc/rc.tcpip.old && \ + mv /etc/rc.tcpip.new /etc/rc.tcpip + else + echo "Updating /etc/rc.tcpip failed, please check." + fi else - echo >>/etc/rc.tcpip - echo "echo Starting sshd" >>/etc/rc.tcpip - echo "$sbindir/sshd" >>/etc/rc.tcpip + # Add to system startup if required + if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null + then + echo "sshd found in rc.tcpip, not adding." + else + echo "Adding sshd to rc.tcpip" + echo >>/etc/rc.tcpip + echo "# Start sshd" >>/etc/rc.tcpip + echo "\$startupcmd" >>/etc/rc.tcpip + fi fi EOF @@ -262,7 +304,7 @@ EOF echo Creating liblpp.a ( cd .. - for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* + for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README* do ar -r liblpp.a $i rm $i diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 78df0d16e..619493ae2 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -2,9 +2,9 @@ # # inventory.sh # -# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl +# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # -# This will produced and AIX package inventory file, which looks like: +# This will produce an AIX package inventory file, which looks like: # # /usr/local/bin: # class=apply,inventory,openssh -- cgit v1.2.3 From c1365e19b0f5ae8d05b697cd40d1fb4f664112b6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Mar 2003 09:42:51 +1100 Subject: Fix bug # --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d86673d35..7ba6470c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -264,7 +264,7 @@ Based on fix from yoshfuji@linux-ipv6.org - (djm) Bug #442: Check for and deny access to accounts with locked passwords. Patch from dtucker@zip.com.au - - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes + - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch - (djm) Fix Bug #442 for PAM case - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based @@ -1203,4 +1203,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2626 2003/03/10 01:10:45 djm Exp $ +$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $ -- cgit v1.2.3 From ed33d3b4d229b0e815f43d8a3192047ef161dcd7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 15 Mar 2003 11:36:18 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/13 11:42:19 [authfile.c ssh-keysign.c] move RSA_blinding_on to generic key load method --- ChangeLog | 8 +++++++- authfile.c | 13 ++++++++++++- ssh-keysign.c | 9 +-------- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ba6470c1..961f12c7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030315 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/13 11:42:19 + [authfile.c ssh-keysign.c] + move RSA_blinding_on to generic key load method + 20030310 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/05 22:33:43 @@ -1203,4 +1209,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $ +$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $ diff --git a/authfile.c b/authfile.c index 24ae6abd3..90618efde 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $"); #include #include @@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, rsa_generate_additional_parameters(prv->rsa); buffer_free(&decrypted); + + /* enable blinding */ + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_rsa1: RSA_blinding_on failed"); + goto fail; + } close(fd); return prv; @@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase, #ifdef DEBUG_PK RSA_print_fp(stderr, prv->rsa, 8); #endif + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_pem: RSA_blinding_on failed"); + key_free(prv); + prv = NULL; + } } else if (pk->type == EVP_PKEY_DSA && (type == KEY_UNSPEC||type==KEY_DSA)) { prv = key_new(KEY_UNSPEC); diff --git a/ssh-keysign.c b/ssh-keysign.c index 46028ae51..26c8faad2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $"); #include #include @@ -192,13 +192,6 @@ main(int argc, char **argv) keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); close(key_fd[i]); - if (keys[i] != NULL && keys[i]->type == KEY_RSA) { - if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { - error("RSA_blinding_on failed"); - key_free(keys[i]); - keys[i] = NULL; - } - } if (keys[i] != NULL) found = 1; } -- cgit v1.2.3 From c51d0735a4a68ddcd927f003ffb3fc917cb207c2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 15 Mar 2003 11:37:09 +1100 Subject: - markus@cvs.openbsd.org 2003/03/13 11:44:50 [ssh-agent.c] ssh-agent is similar to ssh-keysign (allows other processes to use private rsa keys). however, it gets key over socket and not from a file, so we have to do blinding here as well. --- ChangeLog | 7 ++++++- ssh-agent.c | 13 ++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 961f12c7e..c692c2785 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ - markus@cvs.openbsd.org 2003/03/13 11:42:19 [authfile.c ssh-keysign.c] move RSA_blinding_on to generic key load method + - markus@cvs.openbsd.org 2003/03/13 11:44:50 + [ssh-agent.c] + ssh-agent is similar to ssh-keysign (allows other processes to use + private rsa keys). however, it gets key over socket and not from + a file, so we have to do blinding here as well. 20030310 - (djm) OpenBSD CVS Sync @@ -1209,4 +1214,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $ +$Id: ChangeLog,v 1.2629 2003/03/15 00:37:09 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index b18dd980c..eb593de73 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.107 2003/01/23 13:50:27 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); #include #include @@ -483,6 +483,17 @@ process_add_identity(SocketEntry *e, int version) } break; } + /* enable blinding */ + switch (k->type) { + case KEY_RSA: + case KEY_RSA1: + if (RSA_blinding_on(k->rsa, NULL) != 1) { + error("process_add_identity: RSA_blinding_on failed"); + key_free(k); + goto send; + } + break; + } comment = buffer_get_string(&e->request, NULL); if (k == NULL) { xfree(comment); -- cgit v1.2.3 From cafbcc73349f4e14afed5207b81a1205afc2cee2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Mar 2003 16:13:53 +1100 Subject: - (djm) Fix return value checks for RAND_bytes. Report from Steve G --- ChangeLog | 6 +++++- openbsd-compat/bsd-arc4random.c | 4 ++-- ssh-rand-helper.c | 8 +++++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index c692c2785..9346f1351 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030317 + - (djm) Fix return value checks for RAND_bytes. Report from + Steve G + 20030315 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/13 11:42:19 @@ -1214,4 +1218,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2629 2003/03/15 00:37:09 djm Exp $ +$Id: ChangeLog,v 1.2630 2003/03/17 05:13:53 djm Exp $ diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index ab4e1431e..dd08130d5 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -25,7 +25,7 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.5 2002/05/08 22:57:18 tim Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.6 2003/03/17 05:13:53 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -66,7 +66,7 @@ void arc4random_stir(void) unsigned char rand_buf[SEED_SIZE]; memset(&rc4, 0, sizeof(rc4)); - if (!RAND_bytes(rand_buf, sizeof(rand_buf))) + if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) fatal("Couldn't obtain random bytes (error %ld)", ERR_get_error()); RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 375ba3cbf..68b77b208 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.9 2002/10/21 00:13:37 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.10 2003/03/17 05:13:53 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -562,7 +562,8 @@ prng_write_seedfile(void) debug("writing PRNG seed to file %.100s", filename); - RAND_bytes(seed, sizeof(seed)); + if (RAND_bytes(seed, sizeof(seed)) <= 0) + fatal("PRNG seed extration failed"); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); @@ -849,7 +850,8 @@ main(int argc, char **argv) if (!RAND_status()) fatal("Not enough entropy in RNG"); - RAND_bytes(buf, bytes); + if (RAND_bytes(buf, bytes) <= 0) + fatal("Couldn't extract entropy from PRNG"); if (output_hex) { for(ret = 0; ret < bytes; ret++) -- cgit v1.2.3 From 4e4dc561ae948a410fb82fd8b0960ec2cf8e2e70 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 18 Mar 2003 10:21:40 -0800 Subject: [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] add nanosleep(). testing/corrections by Darren Tucker --- ChangeLog | 6 +++++- configure.ac | 4 +++- openbsd-compat/bsd-misc.c | 33 ++++++++++++++++++++++++++++++++- openbsd-compat/bsd-misc.h | 11 ++++++++++- 4 files changed, 50 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9346f1351..b53c81590 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030318 + - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] + add nanosleep(). testing/corrections by Darren Tucker + 20030317 - (djm) Fix return value checks for RAND_bytes. Report from Steve G @@ -1218,4 +1222,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2630 2003/03/17 05:13:53 djm Exp $ +$Id: ChangeLog,v 1.2631 2003/03/18 18:21:40 tim Exp $ diff --git a/configure.ac b/configure.ac index 3469af2f4..83575758f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.110 2003/03/10 00:38:10 djm Exp $ +# $Id: configure.ac,v 1.111 2003/03/18 18:21:41 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -1483,6 +1483,8 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then have_struct_timeval=1 fi +AC_CHECK_TYPES(struct timespec) + # If we don't have int64_t then we can't compile sftp-server. So don't # even attempt to do it. if test "x$ac_cv_have_int64_t" = "xno" -a \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index d7180d424..b8e9996d5 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -25,7 +25,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.11 2003/01/09 22:53:13 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.12 2003/03/18 18:21:41 tim Exp $"); /* * NB. duplicate __progname in case it is an alias for argv[0] @@ -135,3 +135,34 @@ setgroups(size_t size, const gid_t *list) } #endif +#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) +int nanosleep(const struct timespec *req, struct timespec *rem) +{ + int rc, saverrno; + extern int errno; + struct timeval tstart, tstop, tremain, time2wait; + + TIMESPEC_TO_TIMEVAL(&time2wait, req) + (void) gettimeofday(&tstart, NULL); + rc = select(0, NULL, NULL, NULL, &time2wait); + if (rc == -1) { + saverrno = errno; + (void) gettimeofday (&tstop, NULL); + errno = saverrno; + tremain.tv_sec = time2wait.tv_sec - + (tstop.tv_sec - tstart.tv_sec); + tremain.tv_usec = time2wait.tv_usec - + (tstop.tv_usec - tstart.tv_usec); + tremain.tv_sec += tremain.tv_usec / 1000000L; + tremain.tv_usec %= 1000000L; + } else { + tremain.tv_sec = 0; + tremain.tv_usec = 0; + } + TIMEVAL_TO_TIMESPEC(&tremain, rem) + + return(rc); +} + +#endif + diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 981196044..78d9ccdd4 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: bsd-misc.h,v 1.6 2002/06/13 21:34:58 mouring Exp $ */ +/* $Id: bsd-misc.h,v 1.7 2003/03/18 18:21:41 tim Exp $ */ #ifndef _BSD_MISC_H #define _BSD_MISC_H @@ -80,5 +80,14 @@ int truncate (const char *path, off_t length); int setgroups(size_t size, const gid_t *list); #endif +#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) +#ifndef HAVE_STRUCT_TIMESPEC +struct timespec { + time_t tv_sec; + long tv_nsec; +}; +#endif +int nanosleep(const struct timespec *req, struct timespec *rem); +#endif #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From 05f5578e1fe80be7c9ab6880eae7b7941c8eed98 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Mar 2003 10:08:05 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/17 10:38:38 [progressmeter.c] don't print \n if backgrounded; from ho@ --- ChangeLog | 8 +++++++- progressmeter.c | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b53c81590..18f289c31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030320 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/17 10:38:38 + [progressmeter.c] + don't print \n if backgrounded; from ho@ + 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] add nanosleep(). testing/corrections by Darren Tucker @@ -1222,4 +1228,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2631 2003/03/18 18:21:40 tim Exp $ +$Id: ChangeLog,v 1.2632 2003/03/19 23:08:05 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c index 9956201f3..90eb97f37 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -60,7 +60,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.2 2003/01/12 16:57:02 markus Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.3 2003/03/17 10:38:38 markus Exp $"); #ifdef HAVE_LIBGEN_H #include @@ -126,7 +126,8 @@ stop_progress_meter() { alarm(0); draw_progress_meter(); - atomicio(write, fileno(stdout), "\n", 1); + if (foregroundproc() != 0) + atomicio(write, fileno(stdout), "\n", 1); } static void -- cgit v1.2.3 From 4874c32531f92d9766c538f628c6b1a5a29996f3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Mar 2003 10:11:34 +1100 Subject: - markus@cvs.openbsd.org 2003/03/17 11:43:47 [version.h] enter 3.6 --- ChangeLog | 5 ++++- version.h | 7 +++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18f289c31..52b6650a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2003/03/17 10:38:38 [progressmeter.c] don't print \n if backgrounded; from ho@ + - markus@cvs.openbsd.org 2003/03/17 11:43:47 + [version.h] + enter 3.6 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1228,4 +1231,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2632 2003/03/19 23:08:05 djm Exp $ +$Id: ChangeLog,v 1.2633 2003/03/19 23:11:34 djm Exp $ diff --git a/version.h b/version.h index 1f1129924..380e35907 100644 --- a/version.h +++ b/version.h @@ -1,4 +1,3 @@ -/* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */ - -#define SSH_VERSION "OpenSSH_3.5p1" - +/* $OpenBSD: version.h,v 1.36 2003/03/17 11:43:47 markus Exp $ */ + +#define SSH_VERSION "OpenSSH_3.6p1" -- cgit v1.2.3 From 334821518eb45656d91c5df3a334f6ed8dc9c7f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Mar 2003 10:52:14 +1100 Subject: Bump RPM versions --- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 1ccf71b78..c67e19e3f 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.5p1 + %define version 3.6p1 %define cvs %{nil} %define release 2 %else @@ -360,4 +360,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.39 2002/10/15 20:16:56 tim Exp $ +$Id: openssh.spec,v 1.40 2003/03/19 23:52:14 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index e7005064d..1b7add2cf 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.5p1 +%define ver 3.6p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 3ae1dfc80..55de013dc 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.5p1 +Version: 3.6p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From eca464db1ee7526650754d3bd0bf2574642d3be7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Mar 2003 10:52:34 +1100 Subject: Bump RPM versions --- contrib/caldera/openssh.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index c67e19e3f..c442c1a57 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -360,4 +360,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.40 2003/03/19 23:52:14 djm Exp $ +$Id: openssh.spec,v 1.39.2.1 2003/03/19 23:52:34 djm Exp $ -- cgit v1.2.3 From 94de3b20db40dfa2ffbf51fb4757db11df493319 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 20 Mar 2003 11:05:11 +1100 Subject: Build gtk2 askpass by default (instead of old GNOME one) --- contrib/redhat/openssh.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 1b7add2cf..f71c0b261 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -21,7 +21,7 @@ %define scard 0 # Use GTK2 instead of GNOME in gnome-ssh-askpass -%define gtk2 0 +%define gtk2 1 # Is this build for RHL 6.x? %define build6x 0 -- cgit v1.2.3 From 1182f654ee0ab474c40f28e6f10fa543194a973e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 21 Mar 2003 00:51:35 +0000 Subject: - (bal) The days of lack of int64_t support are over. Sorry kids. --- ChangeLog | 3 ++- Makefile.in | 14 ++++++-------- configure.ac | 17 ++++++----------- 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 52b6650a6..aa8836e9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ - markus@cvs.openbsd.org 2003/03/17 11:43:47 [version.h] enter 3.6 + - (bal) The days of lack of int64_t support are over. Sorry kids. 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1231,4 +1232,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633 2003/03/19 23:11:34 djm Exp $ +$Id: ChangeLog,v 1.2633.2.1 2003/03/21 00:51:35 mouring Exp $ diff --git a/Makefile.in b/Makefile.in index 350b417f1..b94eae158 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.227 2003/02/24 23:22:36 djm Exp $ +# $Id: Makefile.in,v 1.227.2.1 2003/03/21 00:51:35 mouring Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -58,9 +58,7 @@ EXEEXT=@EXEEXT@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ -@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ @@ -247,8 +245,8 @@ install-files: scard-install $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ fi $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) - @NO_SFTP@$(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp - @NO_SFTP@$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) + $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp + $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 @@ -261,8 +259,8 @@ install-files: scard-install if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi - @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 + $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 + $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(bindir)/slogin ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin diff --git a/configure.ac b/configure.ac index 83575758f..6f4bdacc4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.111 2003/03/18 18:21:41 tim Exp $ +# $Id: configure.ac,v 1.111.2.1 2003/03/21 00:51:35 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -1485,12 +1485,14 @@ fi AC_CHECK_TYPES(struct timespec) -# If we don't have int64_t then we can't compile sftp-server. So don't -# even attempt to do it. +# We need int64_t or else certian parts of the compile will fail. if test "x$ac_cv_have_int64_t" = "xno" -a \ "x$ac_cv_sizeof_long_int" != "x8" -a \ "x$ac_cv_sizeof_long_long_int" = "x0" ; then - NO_SFTP='#' + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; else dnl test snprintf (broken on SCO w/gcc) AC_TRY_RUN( @@ -1520,7 +1522,6 @@ main() { exit(0); } ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] ) fi -AC_SUBST(NO_SFTP) dnl Checks for structure members OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) @@ -2555,12 +2556,6 @@ if test "x$PAM_MSG" = "xyes" ; then echo "" fi -if test ! -z "$NO_SFTP"; then - echo "sftp-server will be disabled. Your compiler does not " - echo "support 64bit integers." - echo "" -fi - if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "WARNING: you are using the builtin random number collection " echo "service. Please read WARNING.RNG and request that your OS " -- cgit v1.2.3 From f56198fb86eb67c7b010eca32d2db79ac26b02d4 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 21 Mar 2003 00:54:03 +0000 Subject: - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' --- ChangeLog | 3 ++- scp.c | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa8836e9e..f53127240 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ [version.h] enter 3.6 - (bal) The days of lack of int64_t support are over. Sorry kids. + - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1232,4 +1233,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.1 2003/03/21 00:51:35 mouring Exp $ +$Id: ChangeLog,v 1.2633.2.2 2003/03/21 00:54:03 mouring Exp $ diff --git a/scp.c b/scp.c index ab67c0bb8..35d4c5f71 100644 --- a/scp.c +++ b/scp.c @@ -96,7 +96,7 @@ void bwlimit(int); arglist args; /* Bandwidth limit */ -off_t limit = 0; +off_t limitbw = 0; /* Name of current file being transferred. */ char *curfile; @@ -251,7 +251,7 @@ main(argc, argv) speed = strtod(optarg, &endp); if (speed <= 0 || *endp != '\0') usage(); - limit = speed * 1024; + limitbw = speed * 1024; break; case 'p': pflag = 1; @@ -594,7 +594,7 @@ next: (void) close(fd); haderr = result >= 0 ? EIO : errno; statbytes += result; } - if (limit) + if (limitbw) bwlimit(amt); } if (showprogress) @@ -688,7 +688,7 @@ bwlimit(int amount) return; lamt *= 8; - wait = (double)1000000L * lamt / limit; + wait = (double)1000000L * lamt / limitbw; bwstart.tv_sec = wait / 1000000L; bwstart.tv_usec = wait % 1000000L; @@ -917,7 +917,7 @@ bad: run_err("%s: %s", np, strerror(errno)); statbytes += j; } while (amt > 0); - if (limit) + if (limitbw) bwlimit(4096); if (count == bp->cnt) { -- cgit v1.2.3 From f38ba20df530935c085eee2011f5d6693b79b806 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 21 Mar 2003 01:07:44 +0000 Subject: - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved guessing rules) --- ChangeLog | 4 +++- config.guess | 3 +++ config.sub | 5 ++++- openbsd-compat/bsd-cray.h | 4 +++- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f53127240..f710f8f64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ enter 3.6 - (bal) The days of lack of int64_t support are over. Sorry kids. - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' + - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved + guessing rules) 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1233,4 +1235,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.2 2003/03/21 00:54:03 mouring Exp $ +$Id: ChangeLog,v 1.2633.2.3 2003/03/21 01:07:44 mouring Exp $ diff --git a/config.guess b/config.guess index fd30ab031..e8f206123 100755 --- a/config.guess +++ b/config.guess @@ -726,6 +726,9 @@ EOF CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; + *:UNICOS/mp:*:*) + echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` diff --git a/config.sub b/config.sub index a03c1d15a..a0b7bb9e8 100755 --- a/config.sub +++ b/config.sub @@ -315,7 +315,7 @@ case $basic_machine in | mipsisa64-* | mipsisa64el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipstx39 | mipstx39el \ - | none-* | np1-* | ns16k-* | ns32k-* \ + | none-* | np1-* | ns16k-* | ns32k-* | nv1-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ @@ -715,6 +715,9 @@ case $basic_machine in nsr-tandem) basic_machine=nsr-tandem ;; + nv1) + basic_machine=nv1-cray + ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 9a15cb251..68947c92f 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.6 2003/01/27 21:15:11 mouring Exp $ + * $Id: bsd-cray.h,v 1.6.2.1 2003/03/21 01:07:45 mouring Exp $ * * bsd-cray.h * @@ -49,8 +49,10 @@ extern char cray_tmpdir[]; /* cray tmpdir */ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif +#ifndef _CRAYT3E #include #define TIOCGPGRP (tIOC|20) #endif +#endif #endif /* _BSD_CRAY_H */ -- cgit v1.2.3 From 1f1ac904ad19c2dc12203a43de8dd8b90a9cfa96 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 21 Mar 2003 01:15:17 +0000 Subject: - (bal) Disable Privsep for Tru64 after pre-authentication due to issues with SIA. Also, clean up of tru64 support patch by Chris Adams --- ChangeLog | 5 ++++- README.privsep | 6 +++++- auth-sia.c | 47 ++++++++++++++++------------------------------- auth-sia.h | 2 +- configure.ac | 3 ++- session.c | 2 +- 6 files changed, 29 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index f710f8f64..015ab286b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw' - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved guessing rules) + - (bal) Disable Privsep for Tru64 after pre-authentication due to issues + with SIA. Also, clean up of tru64 support patch by Chris Adams + 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1235,4 +1238,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.3 2003/03/21 01:07:44 mouring Exp $ +$Id: ChangeLog,v 1.2633.2.4 2003/03/21 01:15:17 mouring Exp $ diff --git a/README.privsep b/README.privsep index ced943f26..e92af2c41 100644 --- a/README.privsep +++ b/README.privsep @@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system configuration. PAMAuthenticationViaKbdInt does not function with privsep. +On Compaq Tru64 Unix, only the pre-authentication part of privsep is +supported. Post-authentication privsep is disabled automatically (so +you won't see the additional process mentioned below). + Note that for a normal interactive login with a shell, enabling privsep will require 1 additional process per login session. @@ -58,4 +62,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $ +$Id: README.privsep,v 1.10.6.1 2003/03/21 01:15:18 mouring Exp $ diff --git a/auth-sia.c b/auth-sia.c index 071e154d8..5c9b3f5de 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -45,27 +45,25 @@ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; -extern int errno; - int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; - char *user = authctxt->user; host = get_canonical_hostname(options.verify_reverse_mapping); - if (pass[0] == '\0') + if (!authctxt->user || !pass || pass[0] == '\0') return(0); - if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, - NULL) != SIASUCCESS) + if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, + NULL, 0, NULL) != SIASUCCESS) return(0); if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { - error("Couldn't authenticate %s from %s", user, host); + error("Couldn't authenticate %s from %s", authctxt->user, + host); if (ret & SIASTOP) sia_ses_release(&ent); return(0); @@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass) } void -session_setup_sia(char *user, char *tty) +session_setup_sia(struct passwd *pw, char *tty) { - struct passwd *pw; SIAENTITY *ent = NULL; const char *host; - host = get_canonical_hostname (options.verify_reverse_mapping); + host = get_canonical_hostname(options.verify_reverse_mapping); - if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, + 0, NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } - if ((pw = getpwnam(user)) == NULL) { - sia_ses_release(&ent); - fatal("getpwnam: no user: %s", user); - } if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { sia_ses_release(&ent); fatal("sia_make_entity_pwd failed"); } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { - fatal("Couldn't establish session for %s from %s", user, - host); - } - - if (setpriority(PRIO_PROCESS, 0, 0) == -1) { - sia_ses_release(&ent); - fatal("setpriority: %s", strerror (errno)); - } + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) + fatal("Couldn't establish session for %s from %s", + pw->pw_name, host); - if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { - fatal("Couldn't launch session for %s from %s", user, host); - } + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) + fatal("Couldn't launch session for %s from %s", pw->pw_name, + host); sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) { + if (setreuid(geteuid(), geteuid()) < 0) fatal("setreuid: %s", strerror(errno)); - } } #endif /* HAVE_OSF_SIA */ diff --git a/auth-sia.h b/auth-sia.h index caa584132..7aecce940 100644 --- a/auth-sia.h +++ b/auth-sia.h @@ -27,6 +27,6 @@ #ifdef HAVE_OSF_SIA int auth_sia_password(Authctxt *authctxt, char *pass); -void session_setup_sia(char *user, char *tty); +void session_setup_sia(struct passwd *pw, char *tty); #endif /* HAVE_OSF_SIA */ diff --git a/configure.ac b/configure.ac index 6f4bdacc4..48a98d319 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.111.2.1 2003/03/21 00:51:35 mouring Exp $ +# $Id: configure.ac,v 1.111.2.2 2003/03/21 01:15:18 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -331,6 +331,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_MSG_RESULT(yes) AC_DEFINE(HAVE_OSF_SIA) AC_DEFINE(DISABLE_LOGIN) + AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" else AC_MSG_RESULT(no) diff --git a/session.c b/session.c index ce9db27ef..c75fea966 100644 --- a/session.c +++ b/session.c @@ -1321,7 +1321,7 @@ do_child(Session *s, const char *command) */ if (!options.use_login) { #ifdef HAVE_OSF_SIA - session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); + session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); if (!check_quietlogin(s, command)) do_motd(); #else /* HAVE_OSF_SIA */ -- cgit v1.2.3 From 934a3a298344ff011d77e9978cfb9b5622ff2db3 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 20 Mar 2003 20:52:55 -0800 Subject: [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files section. --- ChangeLog | 4 +++- contrib/caldera/openssh.spec | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 015ab286b..825d60448 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ - (bal) Disable Privsep for Tru64 after pre-authentication due to issues with SIA. Also, clean up of tru64 support patch by Chris Adams + - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files + section. 20030318 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] @@ -1238,4 +1240,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.4 2003/03/21 01:15:17 mouring Exp $ +$Id: ChangeLog,v 1.2633.2.5 2003/03/21 04:52:55 tim Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index c442c1a57..e70ac8f37 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -198,7 +198,7 @@ xmkmf %Install [ %{buildroot} != "/" ] && rm -rf %{buildroot} -%makeinstall +make install DESTDIR=%{buildroot} %makeinstall -C %{askpass} \ BINDIR=%{_libexecdir} \ MANPATH=%{_mandir} \ @@ -325,6 +325,7 @@ fi %{_bindir}/ssh-keygen %{_bindir}/ssh-keyscan %dir %{_libexecdir} +%attr(4711,root,root) %{_libexecdir}/ssh-keysign %{_sbindir}/ssh-host-keygen %dir %{_defaultdocdir}/%{name}-%{version} %{_defaultdocdir}/%{name}-%{version}/CREDITS @@ -335,6 +336,8 @@ fi %{_defaultdocdir}/%{name}-%{version}/TODO %{_defaultdocdir}/%{name}-%{version}/faq.html %{_mandir}/man1/* +%{_mandir}/man8/ssh-keysign.8.gz +%{_mandir}/man5/ssh_config.5.gz %Files server %defattr(-,root,root) @@ -346,6 +349,7 @@ fi %config %{SVIcdir}/sshd %{_libexecdir}/sftp-server %{_sbindir}/sshd +%{_mandir}/man5/sshd_config.5.gz %{_mandir}/man8/sftp-server.8.gz %{_mandir}/man8/sshd.8.gz @@ -360,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.39.2.1 2003/03/19 23:52:34 djm Exp $ +$Id: openssh.spec,v 1.39.2.2 2003/03/21 04:52:56 tim Exp $ -- cgit v1.2.3 From a62e554c2495d5845a2add7f1f35aed31c385e0c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Mar 2003 09:12:50 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/23 19:02:00 [monitor.c] unbreak rekeying for privsep; ok millert@ --- ChangeLog | 9 ++++++++- monitor.c | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 825d60448..0eb5fec0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20030324 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/23 19:02:00 + [monitor.c] + unbreak rekeying for privsep; ok millert@ + - Release 3.6p1 + 20030320 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/17 10:38:38 @@ -1240,4 +1247,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.5 2003/03/21 04:52:55 tim Exp $ +$Id: ChangeLog,v 1.2633.2.6 2003/03/23 22:12:50 djm Exp $ diff --git a/monitor.c b/monitor.c index 2b4168831..3d7dcaf86 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.33 2003/03/05 22:33:43 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.34 2003/03/23 19:02:00 markus Exp $"); #include @@ -1466,6 +1466,8 @@ mm_get_kex(Buffer *m) (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); -- cgit v1.2.3 From 63e2615c137bde9587954d7947b5319c3b4d5f31 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 26 Mar 2003 15:59:47 +1100 Subject: - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 [sftp-server.c] one last fix to the tree: race fix broke stuff; pr 3169; srp@srparish.net, help from djm - Release 3.6p1 --- ChangeLog | 11 +++++++++-- sftp-server.c | 29 ++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0eb5fec0e..eae68464d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,16 @@ +20030326 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 + [sftp-server.c] + one last fix to the tree: race fix broke stuff; pr 3169; + srp@srparish.net, help from djm + - Release 3.6p1 + 20030324 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/23 19:02:00 [monitor.c] unbreak rekeying for privsep; ok millert@ - - Release 3.6p1 20030320 - (djm) OpenBSD CVS Sync @@ -1247,4 +1254,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.6 2003/03/23 22:12:50 djm Exp $ +$Id: ChangeLog,v 1.2633.2.7 2003/03/26 04:59:47 djm Exp $ diff --git a/sftp-server.c b/sftp-server.c index 0c00003f8..9a66b4de7 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.40 2003/03/05 22:33:43 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -836,20 +836,31 @@ process_rename(void) u_int32_t id; char *oldpath, *newpath; int status; + struct stat sb; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); TRACE("rename id %u old %s new %s", id, oldpath, newpath); - /* fail if 'newpath' exists */ - if (link(oldpath, newpath) == -1) + status = SSH2_FX_FAILURE; + if (lstat(oldpath, &sb) == -1) status = errno_to_portable(errno); - else if (unlink(oldpath) == -1) { - status = errno_to_portable(errno); - /* clean spare link */ - unlink(newpath); - } else - status = SSH2_FX_OK; + else if (S_ISREG(sb.st_mode)) { + /* Race-free rename of regular files */ + if (link(oldpath, newpath) == -1) + status = errno_to_portable(errno); + else if (unlink(oldpath) == -1) { + status = errno_to_portable(errno); + /* clean spare link */ + unlink(newpath); + } else + status = SSH2_FX_OK; + } else if (stat(newpath, &sb) == -1) { + if (rename(oldpath, newpath) == -1) + status = errno_to_portable(errno); + else + status = SSH2_FX_OK; + } send_status(id, status); xfree(oldpath); xfree(newpath); -- cgit v1.2.3 From c0d2468298d069cb0d234a4b1b9465b8edc8e005 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 26 Mar 2003 16:02:47 +1100 Subject: - (djm) Fix getpeerid support for 64 bit BE systems. From Arnd Bergmann --- ChangeLog | 4 +++- openbsd-compat/bsd-getpeereid.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index eae68464d..cdcd73df3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ [sftp-server.c] one last fix to the tree: race fix broke stuff; pr 3169; srp@srparish.net, help from djm + - (djm) Fix getpeerid support for 64 bit BE systems. From + Arnd Bergmann - Release 3.6p1 20030324 @@ -1254,4 +1256,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.7 2003/03/26 04:59:47 djm Exp $ +$Id: ChangeLog,v 1.2633.2.8 2003/03/26 05:02:47 djm Exp $ diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c index c7876823d..3f554e72a 100644 --- a/openbsd-compat/bsd-getpeereid.c +++ b/openbsd-compat/bsd-getpeereid.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $"); +RCSID("$Id: bsd-getpeereid.c,v 1.1.4.1 2003/03/26 05:02:47 djm Exp $"); #if !defined(HAVE_GETPEEREID) @@ -33,7 +33,7 @@ int getpeereid(int s, uid_t *euid, gid_t *gid) { struct ucred cred; - size_t len = sizeof(cred); + socklen_t len = sizeof(cred); if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) return (-1); -- cgit v1.2.3 From ae225aa5594655e3fa5685b4dd7f2ae0e1a5e2d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 26 Mar 2003 16:03:05 +1100 Subject: - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au --- ChangeLog | 4 +++- openbsd-compat/fake-getaddrinfo.c | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index cdcd73df3..9a7e2ea93 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ srp@srparish.net, help from djm - (djm) Fix getpeerid support for 64 bit BE systems. From Arnd Bergmann + - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. + Report from murple@murple.net, diagnosis from dtucker@zip.com.au - Release 3.6p1 20030324 @@ -1256,4 +1258,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2633.2.8 2003/03/26 05:02:47 djm Exp $ +$Id: ChangeLog,v 1.2633.2.9 2003/03/26 05:03:05 djm Exp $ diff --git a/openbsd-compat/fake-getaddrinfo.c b/openbsd-compat/fake-getaddrinfo.c index e04776606..bc58f30a6 100644 --- a/openbsd-compat/fake-getaddrinfo.c +++ b/openbsd-compat/fake-getaddrinfo.c @@ -12,7 +12,7 @@ #include "includes.h" #include "ssh.h" -RCSID("$Id: fake-getaddrinfo.c,v 1.4 2003/02/24 01:35:09 djm Exp $"); +RCSID("$Id: fake-getaddrinfo.c,v 1.4.2.1 2003/03/26 05:03:06 djm Exp $"); #ifndef HAVE_GAI_STRERROR char *gai_strerror(int ecode) @@ -71,6 +71,7 @@ int getaddrinfo(const char *hostname, const char *servname, struct in_addr in; int i; long int port; + u_long addr; port = 0; if (servname != NULL) { @@ -86,7 +87,10 @@ int getaddrinfo(const char *hostname, const char *servname, } if (hints && hints->ai_flags & AI_PASSIVE) { - if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) + addr = htonl(0x00000000); + if (hostname && inet_aton(hostname, &in) != 0) + addr = in.s_addr; + if (NULL != (*res = malloc_ai(port, addr))) return 0; else return EAI_MEMORY; -- cgit v1.2.3