From cc7c212830e3f5adabe1996e6b498f01e963cfee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 2 Feb 2006 18:44:19 +1100 Subject: - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. --- ChangeLog | 6 +++++- configure.ac | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index cc7daba5e..8943f0e96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060202 + - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it + works with picky compilers. Patch from alex.kiernan at thus.net. + 20060201 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to determine the user's login name - needed for regress tests on Solaris @@ -3818,4 +3822,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4118 2006/02/01 11:32:17 djm Exp $ +$Id: ChangeLog,v 1.4119 2006/02/02 07:44:19 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 70e26deea..6b5ec8636 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322 2006/01/29 13:22:39 dtucker Exp $ +# $Id: configure.ac,v 1.323 2006/02/02 07:44:19 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1832,7 +1832,7 @@ AC_COMPILE_IFELSE( [AC_LANG_SOURCE([[ #include #include -int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)} +int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);} ]])], [ AC_MSG_RESULT(no) -- cgit v1.2.3 From fd80ddcb2349e2ac28f4fc6f682c20c8d1dc06ad Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 2 Feb 2006 19:11:56 -0800 Subject: - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run by a platform specific check, builtin standard includes tests will be skipped on the other platforms. Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. OK tim@, djm@. --- ChangeLog | 10 +++++++++- configure.ac | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8943f0e96..e99ae9d5d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060203 + - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first + AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run + by a platform specific check, builtin standard includes tests will be + skipped on the other platforms. + Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. + OK tim@, djm@. + 20060202 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. @@ -3822,4 +3830,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4119 2006/02/02 07:44:19 dtucker Exp $ +$Id: ChangeLog,v 1.4120 2006/02/03 03:11:56 tim Exp $ diff --git a/configure.ac b/configure.ac index 6b5ec8636..fe034aca6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.323 2006/02/02 07:44:19 dtucker Exp $ +# $Id: configure.ac,v 1.324 2006/02/03 03:11:56 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -27,6 +27,7 @@ AC_PROG_AWK AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL +AC_PROG_EGREP AC_PATH_PROG(AR, ar) AC_PATH_PROG(CAT, cat) AC_PATH_PROG(KILL, kill) -- cgit v1.2.3 From 0daad78fab0ff6b6b4064e3e7a5090d258d945a8 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:33:55 -0800 Subject: - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e99ae9d5d..10fea4e89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060205 + - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test + for Solaris. OK dtucker@. + 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run @@ -3830,4 +3834,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4120 2006/02/03 03:11:56 tim Exp $ +$Id: ChangeLog,v 1.4121 2006/02/05 01:33:55 tim Exp $ diff --git a/configure.ac b/configure.ac index fe034aca6..d64daf219 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.324 2006/02/03 03:11:56 tim Exp $ +# $Id: configure.ac,v 1.325 2006/02/05 01:33:55 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,6 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) +AC_REVISION($Revision: 1.325 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -673,7 +674,6 @@ AC_CHECK_HEADERS( \ glob.h \ ia.h \ iaf.h \ - lastlog.h \ limits.h \ login.h \ login_cap.h \ @@ -724,6 +724,13 @@ AC_CHECK_HEADERS( \ vis.h \ ) +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + # sys/ptms.h requires sys/stream.h to be included first on Solaris AC_CHECK_HEADERS(sys/ptms.h, [], [], [ #ifdef HAVE_SYS_STREAM_H -- cgit v1.2.3 From 70335a6b5f54b9e9e2460cb22957c872d7eca5fb Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:42:58 -0800 Subject: - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by kraai at ftbfs.org. --- ChangeLog | 4 +++- configure.ac | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 10fea4e89..61faee92e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. + - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by + kraai at ftbfs.org. 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first @@ -3834,4 +3836,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4121 2006/02/05 01:33:55 tim Exp $ +$Id: ChangeLog,v 1.4122 2006/02/05 01:42:58 tim Exp $ diff --git a/configure.ac b/configure.ac index d64daf219..8c6551453 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.325 2006/02/05 01:33:55 tim Exp $ +# $Id: configure.ac,v 1.326 2006/02/05 01:42:58 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.325 $) +AC_REVISION($Revision: 1.326 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -577,12 +577,13 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) ;; -*-*-nto-qnx) +*-*-nto-qnx*) AC_DEFINE(USE_PIPES) AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) + AC_DEFINE(DISABLE_LASTLOG) ;; *-*-ultrix*) -- cgit v1.2.3 From ac9b0609e17e36fec8fc4d4bc8f805696fbffc08 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 5 Feb 2006 11:27:10 -0800 Subject: - (tim) [configure.ac] Remove unnecessary tests for net/if.h and netinet/in_systm.h. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 6 ++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61faee92e..3fce05b78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060206 + - (tim) [configure.ac] Remove unnecessary tests for net/if.h and + netinet/in_systm.h. OK dtucker@. + 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. @@ -3836,4 +3840,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4122 2006/02/05 01:42:58 tim Exp $ +$Id: ChangeLog,v 1.4123 2006/02/05 19:27:10 tim Exp $ diff --git a/configure.ac b/configure.ac index 8c6551453..f27320e56 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.326 2006/02/05 01:42:58 tim Exp $ +# $Id: configure.ac,v 1.327 2006/02/05 19:27:10 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.326 $) +AC_REVISION($Revision: 1.327 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -680,10 +680,8 @@ AC_CHECK_HEADERS( \ login_cap.h \ maillock.h \ ndir.h \ - net/if.h \ netdb.h \ netgroup.h \ - netinet/in_systm.h \ pam/pam_appl.h \ paths.h \ pty.h \ -- cgit v1.2.3 From 83d2f5fedfac201f24205c41691a03f23bd35df0 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 7 Feb 2006 15:17:44 -0800 Subject: - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. --- ChangeLog | 7 ++++++- session.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3fce05b78..19734bdc6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060208 + - (tim) [session.c] Logout records were not updated on systems with + post auth privsep disabled due to bug 1086 changes. Analysis and patch + by vinschen at redhat.com. OK tim@, dtucker@. + 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and netinet/in_systm.h. OK dtucker@. @@ -3840,4 +3845,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4123 2006/02/05 19:27:10 tim Exp $ +$Id: ChangeLog,v 1.4124 2006/02/07 23:17:44 tim Exp $ diff --git a/session.c b/session.c index 2bf904404..0cbd5fbb2 100644 --- a/session.c +++ b/session.c @@ -2176,7 +2176,6 @@ session_exit_message(Session *s, int status) /* disconnect channel */ debug("session_exit_message: release channel %d", s->chanid); - s->pid = 0; /* * Adjust cleanup callback attachment to send close messages when @@ -2238,6 +2237,7 @@ session_close_by_pid(pid_t pid, int status) session_exit_message(s, status); if (s->ttyfd != -1) session_pty_cleanup(s); + s->pid = 0; } /* -- cgit v1.2.3 From 988b3fd161e678c7efc5a9974b51ecc3e2ad8a7b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 8 Feb 2006 22:11:27 +1100 Subject: - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ --- ChangeLog | 4 +++- configure.ac | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 19734bdc6..357d7a8cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. + - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP + -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and @@ -3845,4 +3847,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4124 2006/02/07 23:17:44 tim Exp $ +$Id: ChangeLog,v 1.4125 2006/02/08 11:11:27 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f27320e56..ca381c770 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.327 2006/02/05 19:27:10 tim Exp $ +# $Id: configure.ac,v 1.328 2006/02/08 11:11:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.327 $) +AC_REVISION($Revision: 1.328 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -345,7 +345,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) fi ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) + AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -589,7 +589,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-ultrix*) AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPRGP) + AC_DEFINE(NEED_SETPGRP) AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) ;; -- cgit v1.2.3 From 84af61555a62e39c583522ec1ab356cd595846b3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 12 Feb 2006 11:59:08 +1100 Subject: - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned to silence compiler warning, from vinschen at redhat.com. --- ChangeLog | 6 +++++- openbsd-compat/bsd-cygwin_util.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 357d7a8cf..969180384 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060212 + - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned + to silence compiler warning, from vinschen at redhat.com. + 20060208 - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch @@ -3847,4 +3851,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4125 2006/02/08 11:11:27 dtucker Exp $ +$Id: ChangeLog,v 1.4126 2006/02/12 00:59:08 dtucker Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index b5e3cc52b..96be7fecd 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.15 2006/02/12 00:59:09 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -268,7 +268,7 @@ char ** fetch_windows_environment(void) { char **e, **p; - int i, idx = 0; + unsigned int i, idx = 0; p = xmalloc((WENV_SIZ + 1) * sizeof(char *)); for (e = environ; *e != NULL; ++e) { -- cgit v1.2.3 From 2f993465d4584c1eb188e02fde1f0da9dbb4fc88 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 11 Feb 2006 18:37:48 -0800 Subject: - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. --- ChangeLog | 3 ++- configure.ac | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 969180384..b60041f59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060212 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned to silence compiler warning, from vinschen at redhat.com. + - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. 20060208 - (tim) [session.c] Logout records were not updated on systems with @@ -3851,4 +3852,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4126 2006/02/12 00:59:08 dtucker Exp $ +$Id: ChangeLog,v 1.4127 2006/02/12 02:37:48 tim Exp $ diff --git a/configure.ac b/configure.ac index ca381c770..7fcca216a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.328 2006/02/08 11:11:28 dtucker Exp $ +# $Id: configure.ac,v 1.329 2006/02/12 02:37:48 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.328 $) +AC_REVISION($Revision: 1.329 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -584,6 +584,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) + enable_etc_default_login=no # has incompatible /etc/default/login ;; *-*-ultrix*) -- cgit v1.2.3 From 6163350eb97774e7f780d5cc9df6164a6803aa0c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 12 Feb 2006 16:48:56 +1100 Subject: - (dtucker) [README version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version strings to match 4.3p2 release. --- ChangeLog | 5 ++++- README | 4 ++-- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- version.h | 2 +- 6 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index b60041f59..2251c7295 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned to silence compiler warning, from vinschen at redhat.com. - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. + - (dtucker) [README version.h contrib/caldera/openssh.spec + contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version + strings to match 4.3p2 release. 20060208 - (tim) [session.c] Logout records were not updated on systems with @@ -3852,4 +3855,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4127 2006/02/12 02:37:48 tim Exp $ +$Id: ChangeLog,v 1.4128 2006/02/12 05:48:56 dtucker Exp $ diff --git a/README b/README index 924293b66..9b05205b8 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.3 for the release notes. +See http://www.openssh.com/txt/release-4.3p2 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.61 2005/12/01 11:21:04 dtucker Exp $ +$Id: README,v 1.62 2006/02/12 05:48:56 dtucker Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 077b86b3a..77fc51897 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.3p1 + %define version 4.3p2 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.56 2006/02/01 11:10:48 djm Exp $ +$Id: openssh.spec,v 1.57 2006/02/12 05:48:56 dtucker Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 545e27b64..cbdf7bbc7 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.3p1 +%define ver 4.3p2 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index e7739bd91..b49e78c65 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.3p1 +Version: 4.3p2 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/version.h b/version.h index 2b729524e..d5fd0c6ce 100644 --- a/version.h +++ b/version.h @@ -2,5 +2,5 @@ #define SSH_VERSION "OpenSSH_4.3" -#define SSH_PORTABLE "p1" +#define SSH_PORTABLE "p2" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From bf209f590108a12a9758dcfcdf4297a3d593ce87 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 13 Feb 2006 12:46:44 -0800 Subject: - (tim) [buildpkg.sh.in] Make the names consistent. s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ --- ChangeLog | 6 +++++- buildpkg.sh.in | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2251c7295..fd1d9d2ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060214 + - (tim) [buildpkg.sh.in] Make the names consistent. + s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ + 20060212 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned to silence compiler warning, from vinschen at redhat.com. @@ -3855,4 +3859,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4128 2006/02/12 05:48:56 dtucker Exp $ +$Id: ChangeLog,v 1.4129 2006/02/13 20:46:44 tim Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index cb9eb3048..31db10d66 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -35,7 +35,7 @@ SSHDGID=67 # Default privsep gid SYSVINITSTART=S98 SYSVINITSTOPT=K30 # We will source these if they exist -POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh +POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh # We'll be one level deeper looking for these PKG_PREINSTALL_LOCAL=../pkg-preinstall.local -- cgit v1.2.3 From 4881c371cef5e3c1065d7dfa314fffc3a5ab0256 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 19 Feb 2006 22:50:20 +1100 Subject: - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] Add first attempt at regress tests for compat library. ok djm@ --- ChangeLog | 6 ++- Makefile.in | 5 ++- configure.ac | 6 +-- openbsd-compat/regress/Makefile.in | 39 +++++++++++++++++++ openbsd-compat/regress/snprintftest.c | 72 +++++++++++++++++++++++++++++++++++ openbsd-compat/regress/strduptest.c | 42 ++++++++++++++++++++ openbsd-compat/regress/strtonumtest.c | 66 ++++++++++++++++++++++++++++++++ 7 files changed, 231 insertions(+), 5 deletions(-) create mode 100644 openbsd-compat/regress/Makefile.in create mode 100644 openbsd-compat/regress/snprintftest.c create mode 100644 openbsd-compat/regress/strduptest.c create mode 100644 openbsd-compat/regress/strtonumtest.c diff --git a/ChangeLog b/ChangeLog index fd1d9d2ba..67369376f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060219 + - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] + Add first attempt at regress tests for compat library. ok djm@ + 20060214 - (tim) [buildpkg.sh.in] Make the names consistent. s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ @@ -3859,4 +3863,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4129 2006/02/13 20:46:44 tim Exp $ +$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index af881c521..1baffb4df 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $ +# $Id: Makefile.in,v 1.275 2006/02/19 11:50:20 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -410,6 +410,9 @@ tests: $(TARGETS) EXEEXT="$(EXEEXT)" \ $@ +compat-tests: $(LIBCOMPAT) + (cd openbsd-compat/regress && $(MAKE)) + regressclean: if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ diff --git a/configure.ac b/configure.ac index 7fcca216a..c4feaf752 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.329 2006/02/12 02:37:48 tim Exp $ +# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.329 $) +AC_REVISION($Revision: 1.330 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3729,7 +3729,7 @@ CFLAGS="$CFLAGS $werror_flags" AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ - scard/Makefile ssh_prng_cmds survey.sh]) + openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in new file mode 100644 index 000000000..51383a777 --- /dev/null +++ b/openbsd-compat/regress/Makefile.in @@ -0,0 +1,39 @@ +# $Id: Makefile.in,v 1.1 2006/02/19 11:50:20 dtucker Exp $ + +sysconfdir=@sysconfdir@ +piddir=@piddir@ +srcdir=@srcdir@ +top_srcdir=@top_srcdir@ + +VPATH=@srcdir@ +CC=@CC@ +LD=@LD@ +CFLAGS=@CFLAGS@ +CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ +LIBS=@LIBS@ +LDFLAGS=-L.. -lopenbsd-compat @LDFLAGS@ + +LIBCOMPAT=../libopenbsd-compat.a +TESTPROGS=strtonumtest strduptest snprintftest + +all: t-exec ${OTHERTESTS} + +t-exec: $(TESTPROGS) + @echo running compat regress tests + @for TEST in ""$?; do \ + echo "run test $${TEST}" ... 1>&2; \ + ./$${TEST} || exit $$? ; \ + done + @echo finished compat regress tests + +strtonumtest: strtonumtest.c $(LIBCOMPAT) + $(CC) $(CFLAGS) $(CPPFLAGS) -o strtonumtest $< $(LDFLAGS) + +strduptest: strduptest.c $(LIBCOMPAT) + $(CC) $(CFLAGS) $(CPPFLAGS) -o strduptest $< $(LDFLAGS) + +clean: + rm -f *.o *.a core $(TESTPROGS) valid.out + +distclean: clean + rm -f Makefile *~ diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c new file mode 100644 index 000000000..e25bf223f --- /dev/null +++ b/openbsd-compat/regress/snprintftest.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2005 Darren Tucker + * Copyright (c) 2005 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define BUFSZ 2048 + +#include +#include +#include +#include + +static int failed = 0; + +static void +fail(const char *m) +{ + fprintf(stderr, "%s", m); + failed = 1; +} + +int x_snprintf(char *str, size_t count, const char *fmt, ...) +{ + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); + return ret; +} + +int +main(void) +{ + char b[5]; + char *src; + + snprintf(b,5,"123456789"); + if (b[4] != '\0') + fail("snprintf does not correctly terminate long strings"); + + /* check for read overrun on unterminated string */ + if ((src = malloc(BUFSZ)) == NULL) { + fail("malloc failed"); + } else { + memset(src, 'a', BUFSZ); + snprintf(b, sizeof(b), "%.*s", 1, src); + if (strcmp(b, "a") != 0) + fail("failed with length limit '%%.s'"); + } + + /* check that snprintf and vsnprintf return sane values */ + if (snprintf(b, 1, "%s %d", "hello", 12345) != 11) + fail("snprintf does not return required length"); + if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11) + fail("vsnprintf does not return required length"); + + return failed; +} diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c new file mode 100644 index 000000000..664a48ef4 --- /dev/null +++ b/openbsd-compat/regress/strduptest.c @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +static int fail = 0; + +void +test(const char *a) +{ + char *b; + + b = strdup(a); + if (b == 0) { + fail = 1; + return; + } + if (strcmp(a, b) != 0) + fail = 1; + free(b); +} + +int +main(void) +{ + test(""); + test("a"); + test("\0"); + test("abcdefghijklmnopqrstuvwxyz"); + return fail; +} diff --git a/openbsd-compat/regress/strtonumtest.c b/openbsd-compat/regress/strtonumtest.c new file mode 100644 index 000000000..cb8585129 --- /dev/null +++ b/openbsd-compat/regress/strtonumtest.c @@ -0,0 +1,66 @@ +/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */ +/* + * Copyright (c) 2004 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ + +#include +#include +#include + +int fail; + +void +test(const char *p, long long lb, long long ub, int ok) +{ + long long val; + const char *q; + + val = strtonum(p, lb, ub, &q); + if (ok && q != NULL) { + fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub); + fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q); + fail = 1; + } else if (!ok && q == NULL) { + fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val); + fprintf(stderr, "NUMBER ACCEPTED\n"); + fail = 1; + } +} + +int main(int argc, char *argv[]) +{ + test("1", 0, 10, 1); + test("0", -2, 5, 1); + test("0", 2, 5, 0); + test("0", 2, LLONG_MAX, 0); + test("-2", 0, LLONG_MAX, 0); + test("0", -5, LLONG_MAX, 1); + test("-3", -3, LLONG_MAX, 1); + test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1); + test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1); + test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0); + test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0); + test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-2", 10, -1, 0); + test("-2", -10, -1, 1); + test("-20", -10, -1, 0); + test("20", -10, -1, 0); + + return (fail); +} + -- cgit v1.2.3 From fabdb6c29022846ed10fde235db0a7c53f21a6b1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Feb 2006 20:17:35 +1100 Subject: - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] Add optional enabling of OpenSSL's (hardware) Engine support, via configure --with-ssl-engine. Based in part on a diff by michal at logix.cz. --- ChangeLog | 8 +++++++- INSTALL | 4 +++- configure.ac | 22 ++++++++++++++++++++-- openbsd-compat/openssl-compat.c | 20 ++++++++++++++++++-- openbsd-compat/openssl-compat.h | 15 ++++++++------- 5 files changed, 56 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 67369376f..2c0bd1e9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060220 + - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] + Add optional enabling of OpenSSL's (hardware) Engine support, via + configure --with-ssl-engine. Based in part on a diff by michal at + logix.cz. + 20060219 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] Add first attempt at regress tests for compat library. ok djm@ @@ -3863,4 +3869,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $ +$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 753d2d061..38f39473f 100644 --- a/INSTALL +++ b/INSTALL @@ -165,6 +165,8 @@ created. --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries are installed. +--with-ssl-engine enables OpenSSL's (hardware) ENGINE support + --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -225,4 +227,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ +$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c4feaf752..eb24fa00e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $ +# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.330 $) +AC_REVISION($Revision: 1.331 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1834,6 +1834,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +AC_ARG_WITH(ssl-engine, + [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], + [ if test "x$withval" != "xno" ; then + AC_MSG_CHECKING(for OpenSSL ENGINE support) + AC_TRY_COMPILE( + [ #include ], + [ +int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} + ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(USE_OPENSSL_ENGINE, 1, + [Enable OpenSSL engine support]) + ], + [ AC_MSG_ERROR(OpenSSL ENGINE support not found)] + ) + fi ] +) + # Check for OpenSSL without EVP_aes_{192,256}_cbc AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) AC_COMPILE_IFELSE( diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index b690e8fe6..763f84734 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -18,7 +18,11 @@ #include "includes.h" -#define SSH_DONT_REDEF_EVP +#ifdef USE_OPENSSL_ENGINE +# include +#endif + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" #ifdef SSH_OLD_EVP @@ -44,3 +48,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) return 1; } #endif + +void +ssh_SSLeay_add_all_algorithms(void) +{ + SSLeay_add_all_algorithms(); + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 8a015ec43..1196d71ea 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -54,21 +54,22 @@ extern const EVP_CIPHER *evp_acss(void); * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and * implement the ssh_* equivalents. */ -#ifdef SSH_OLD_EVP - -# ifndef SSH_DONT_REDEF_EVP +#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS +# ifdef SSH_OLD_EVP # ifdef EVP_Cipher # undef EVP_Cipher # endif - # define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) # define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) -# endif +# endif /* SSH_OLD_EVP */ + +# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() +void ssh_SSLeay_add_all_algorithms(void); int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -#endif +#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ -- cgit v1.2.3 From 3322e0d421676a6931fe01efdd5e0f34af8e5da2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 22 Feb 2006 00:00:27 +1100 Subject: - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about redefinition of SSLeay_add_all_algorithms. --- ChangeLog | 6 +++++- openbsd-compat/openssl-compat.h | 9 +++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c0bd1e9d..43d09104f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060221 + - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about + redefinition of SSLeay_add_all_algorithms. + 20060220 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] Add optional enabling of OpenSSL's (hardware) Engine support, via @@ -3869,4 +3873,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $ +$Id: ChangeLog,v 1.4132 2006/02/21 13:00:27 dtucker Exp $ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 1196d71ea..01fc41e3a 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.5 2006/02/21 13:00:28 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -65,8 +65,13 @@ extern const EVP_CIPHER *evp_acss(void); # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) # endif /* SSH_OLD_EVP */ -# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() +# ifdef USE_OPENSSL_ENGINE +# ifdef SSLeay_add_all_algorithms +# undef SSLeay_add_all_algorithms +# endif +# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() void ssh_SSLeay_add_all_algorithms(void); +#endif int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); -- cgit v1.2.3 From 94413cf32ba932537ef215b07eb1833e297fcae5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 22 Feb 2006 22:24:47 +1100 Subject: - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only compile in compat code if required. --- ChangeLog | 6 +++++- openbsd-compat/openssl-compat.c | 6 +++--- openbsd-compat/openssl-compat.h | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 43d09104f..f942c2453 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2006022 + - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only + compile in compat code if required. + 20060221 - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about redefinition of SSLeay_add_all_algorithms. @@ -3873,4 +3877,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4132 2006/02/21 13:00:27 dtucker Exp $ +$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $ diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 763f84734..45ebd3f66 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.4 2006/02/22 11:24:47 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -49,14 +49,14 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) } #endif +#ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) { SSLeay_add_all_algorithms(); -#ifdef USE_OPENSSL_ENGINE /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); -#endif } +#endif diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 01fc41e3a..c582cd269 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.5 2006/02/21 13:00:28 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -70,11 +70,11 @@ extern const EVP_CIPHER *evp_acss(void); # undef SSLeay_add_all_algorithms # endif # define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() -void ssh_SSLeay_add_all_algorithms(void); #endif int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +void ssh_SSLeay_add_all_algorithms(void); #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ -- cgit v1.2.3 From a4904f7bf19fb091b9fcf8059dedd5c5198fc039 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 23 Feb 2006 21:35:30 +1100 Subject: - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current reality. Pointed out by tryponraj at gmail.com. --- ChangeLog | 6 +++++- sshd_config | 13 +++++++------ sshd_config.5 | 5 ++++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f942c2453..d7213862f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2006023 + - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current + reality. Pointed out by tryponraj at gmail.com. + 2006022 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only compile in compat code if required. @@ -3877,4 +3881,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4133 2006/02/22 11:24:47 dtucker Exp $ +$Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $ diff --git a/sshd_config b/sshd_config index 4957dd1a6..57f9a17bb 100644 --- a/sshd_config +++ b/sshd_config @@ -71,12 +71,13 @@ # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication mechanism. -# Depending on your PAM configuration, this may bypass the setting of -# PasswordAuthentication, PermitEmptyPasswords, and -# "PermitRootLogin without-password". If you just want the PAM account and -# session checks to run without PAM authentication, then enable this but set -# ChallengeResponseAuthentication=no +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowTcpForwarding yes diff --git a/sshd_config.5 b/sshd_config.5 index 71a293ffb..6e2de10d7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -677,7 +677,10 @@ If set to .Dq yes this will enable PAM authentication using .Cm ChallengeResponseAuthentication -and PAM account and session module processing for all authentication types. +and +.Cm PasswordAuthentication +in addition to PAM account and session module processing for all +authentication types. .Pp Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either -- cgit v1.2.3 From 54b75fe742c43aeaca7277a4c310eba43d057e4d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 26 Feb 2006 12:31:48 +1100 Subject: - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY patch from kraai at ftbfs.org. --- ChangeLog | 10 +++++++--- configure.ac | 5 +++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index d7213862f..09d74de42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,12 @@ -2006023 +20060226 + - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY + patch from kraai at ftbfs.org. + +20060223 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current reality. Pointed out by tryponraj at gmail.com. -2006022 +20060222 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only compile in compat code if required. @@ -3881,4 +3885,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4134 2006/02/23 10:35:30 dtucker Exp $ +$Id: ChangeLog,v 1.4135 2006/02/26 01:31:48 dtucker Exp $ diff --git a/configure.ac b/configure.ac index eb24fa00e..0781d59fe 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $ +# $Id: configure.ac,v 1.332 2006/02/26 01:31:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.331 $) +AC_REVISION($Revision: 1.332 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -584,6 +584,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(SSHD_ACQUIRES_CTTY) enable_etc_default_login=no # has incompatible /etc/default/login ;; -- cgit v1.2.3 From 18614c254d83466ab706ffd0d4f58a8a018dcddf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 4 Mar 2006 08:50:31 +1100 Subject: - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a file rather than directory, required as Cygwin will be importing lastlog(1). Also tightens up permissions on the file. Patch from vinschen@redhat.com. --- ChangeLog | 7 ++++++- contrib/cygwin/ssh-host-config | 40 +++++++++++++++++++++++++--------------- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 09d74de42..f714b84e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060304 + - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a + file rather than directory, required as Cygwin will be importing lastlog(1). + Also tightens up permissions on the file. Patch from vinschen@redhat.com. + 20060226 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY patch from kraai at ftbfs.org. @@ -3885,4 +3890,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4135 2006/02/26 01:31:48 dtucker Exp $ +$Id: ChangeLog,v 1.4136 2006/03/03 21:50:31 dtucker Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 0540890e6..09cc3fcf0 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -153,22 +153,31 @@ fi # Create /var/log and /var/log/lastlog if not already existing -if [ -f ${LOCALSTATEDIR}/log ] +if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ] then - echo "Creating ${LOCALSTATEDIR}/log failed!" -else - if [ ! -d ${LOCALSTATEDIR}/log ] - then - mkdir -p ${LOCALSTATEDIR}/log - fi - if [ -d ${LOCALSTATEDIR}/log/lastlog ] - then - chmod 777 ${LOCALSTATEDIR}/log/lastlog - elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] - then - cat /dev/null > ${LOCALSTATEDIR}/log/lastlog - chmod 666 ${LOCALSTATEDIR}/log/lastlog - fi + echo + echo "${LOCALSTATEDIR}/log is existant but not a directory." + echo "Cannot create ssh host configuration." + echo + exit 1 +fi +if [ ! -e ${LOCALSTATEDIR}/log ] +then + mkdir -p ${LOCALSTATEDIR}/log +fi + +if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] +then + echo + echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." + echo "Cannot create ssh host configuration." + echo + exit 1 +fi +if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] +then + cat /dev/null > ${LOCALSTATEDIR}/log/lastlog + chmod 644 ${LOCALSTATEDIR}/log/lastlog fi # Create /var/empty file used as chroot jail for privilege separation @@ -578,6 +587,7 @@ then fi chown "${_user}" ${SYSCONFDIR}/ssh* chown "${_user}".544 ${LOCALSTATEDIR}/empty + chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog if [ -f ${LOCALSTATEDIR}/log/sshd.log ] then chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log -- cgit v1.2.3 From 890909ec4821c2143ae6af4550aee977711bf914 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 4 Mar 2006 08:59:39 +1100 Subject: - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h includes. Patch from gentoo.riverrat at gmail.com. --- ChangeLog | 4 +++- gss-serv-krb5.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f714b84e0..880d5e56f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a file rather than directory, required as Cygwin will be importing lastlog(1). Also tightens up permissions on the file. Patch from vinschen@redhat.com. + - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h + includes. Patch from gentoo.riverrat at gmail.com. 20060226 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY @@ -3890,4 +3892,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4136 2006/03/03 21:50:31 dtucker Exp $ +$Id: ChangeLog,v 1.4137 2006/03/03 21:59:39 dtucker Exp $ diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 5c5837ffb..5a9b2cdd3 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -41,9 +41,9 @@ extern ServerOptions options; #ifdef HEIMDAL # include #else -# ifdef HAVE_GSSAPI_KRB5 +# ifdef HAVE_GSSAPI_KRB5_H # include -# elif HAVE_GSSAPI_GSSAPI_KRB5 +# elif HAVE_GSSAPI_GSSAPI_KRB5_H # include # endif #endif -- cgit v1.2.3 From f35014af79c7a94e7c39d3ed4b3fb276115d9705 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 4 Mar 2006 09:00:19 +1100 Subject: typo --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 880d5e56f..76129a5e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,7 +48,7 @@ post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP - -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ + -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@ 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and @@ -3892,4 +3892,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4137 2006/03/03 21:59:39 dtucker Exp $ +$Id: ChangeLog,v 1.4138 2006/03/03 22:00:19 dtucker Exp $ -- cgit v1.2.3 From d1450dbe2ab1cc06fd54af265014dfcf68c08cc1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 13 Mar 2006 19:06:51 +1100 Subject: - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) since not all platforms support it. Instead, use internal equivalent while computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* as it's no longer required. Tested by Bernhard Simon, ok djm@ --- ChangeLog | 8 +++++++- configure.ac | 53 +++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 44 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 76129a5e4..f95f561f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060313 + - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) + since not all platforms support it. Instead, use internal equivalent while + computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* + as it's no longer required. Tested by Bernhard Simon, ok djm@ + 20060304 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a file rather than directory, required as Cygwin will be importing lastlog(1). @@ -3892,4 +3898,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4138 2006/03/03 22:00:19 dtucker Exp $ +$Id: ChangeLog,v 1.4139 2006/03/13 08:06:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 0781d59fe..adef4f675 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.332 2006/02/26 01:31:49 dtucker Exp $ +# $Id: configure.ac,v 1.333 2006/03/13 08:06:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.332 $) +AC_REVISION($Revision: 1.333 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2132,6 +2132,34 @@ if test -z "$have_llong_max"; then #define __USE_ISOC99 #include #define DATA "conftest.llminmax" +#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) + +/* + * printf in libc on some platforms (eg old Tru64) does not understand %lld so + * we do this the hard way. + */ +static int +fprint_ll(FILE *f, long long n) +{ + unsigned int i; + int l[sizeof(long long) * 8]; + + if (n < 0) + if (fprintf(f, "-") < 0) + return -1; + for (i = 0; n != 0; i++) { + l[i] = my_abs(n % 10); + n /= 10; + } + do { + if (fprintf(f, "%d", l[--i]) < 0) + return -1; + } while (i != 0); + if (fprintf(f, " ") < 0) + return -1; + return 0; +} + int main(void) { FILE *f; long long i, llmin, llmax = 0; @@ -2153,14 +2181,18 @@ int main(void) { /* Sanity check */ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax) { + || llmax - 1 > llmax || llmin == llmax || llmin == 0 + || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { fprintf(f, "unknown unknown\n"); exit(2); } - if (fprintf(f ,"%lld %lld", llmin, llmax) < 0) + if (fprint_ll(f, llmin) < 0) exit(3); - + if (fprint_ll(f, llmax) < 0) + exit(4); + if (fclose(f) < 0) + exit(5); exit(0); } ]])], @@ -2168,17 +2200,6 @@ int main(void) { llong_min=`$AWK '{print $1}' conftest.llminmax` llong_max=`$AWK '{print $2}' conftest.llminmax` - # snprintf on some Tru64s doesn't understand "%lld" - case "$host" in - alpha-dec-osf*) - if test "x$ac_cv_sizeof_long_long_int" = "x8" && - test "x$llong_max" = "xld"; then - llong_min="-9223372036854775808" - llong_max="9223372036854775807" - fi - ;; - esac - AC_MSG_RESULT($llong_max) AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], [max value of long long calculated by configure]) -- cgit v1.2.3 From 9f67a21de62ca0b0e2db022abaeaf3f2faed5f0c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:05:35 +1100 Subject: - msf@cvs.openbsd.org 2006/02/06 15:54:07 [ssh.1] - typo fix ok jmc@ --- ChangeLog | 9 ++++++++- ssh.1 | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f95f561f8..ab4173e56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060315 + - (djm) OpenBSD CVS Sync: + - msf@cvs.openbsd.org 2006/02/06 15:54:07 + [ssh.1] + - typo fix + ok jmc@ + 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) since not all platforms support it. Instead, use internal equivalent while @@ -3898,4 +3905,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4139 2006/03/13 08:06:51 dtucker Exp $ +$Id: ChangeLog,v 1.4140 2006/03/15 00:05:35 djm Exp $ diff --git a/ssh.1 b/ssh.1 index f4c677628..895008139 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.253 2006/01/30 13:37:49 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.254 2006/02/06 15:54:07 msf Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1087,7 +1087,7 @@ is set to .Dq forced-commands-only : .Bd -literal -offset 2n tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane -tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john +tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp Since a SSH-based setup entails a fair amount of overhead, -- cgit v1.2.3 From e93eaaa0d1e8e6447eeb6f698f7da50ede0cb926 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:05:59 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/06 21:44:47 [ssh.1] make this a little less ambiguous... --- ChangeLog | 5 ++++- ssh.1 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ab4173e56..1a7e9b020 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [ssh.1] - typo fix ok jmc@ + - jmc@cvs.openbsd.org 2006/02/06 21:44:47 + [ssh.1] + make this a little less ambiguous... 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3905,4 +3908,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4140 2006/03/15 00:05:35 djm Exp $ +$Id: ChangeLog,v 1.4141 2006/03/15 00:05:59 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 895008139..ba02e6c90 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.254 2006/02/06 15:54:07 msf Exp $ +.\" $OpenBSD: ssh.1,v 1.255 2006/02/06 21:44:47 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1075,11 +1075,11 @@ Client access may be more finely tuned via the file (see below) and the .Cm PermitRootLogin server option. -The following entry would permit connections on the first +The following entry would permit connections on .Xr tun 4 -device from user +device 1 from user .Dq jane -and on the second device from user +and on tun device 2 from user .Dq john , if .Cm PermitRootLogin -- cgit v1.2.3 From 015cd79ac5bbdac513e1a2c14ba4c5226c0a7ae0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:08:02 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 [auth-rhosts.c includes.h] move #include out of includes.h; ok markus@ --- ChangeLog | 5 ++++- auth-rhosts.c | 6 +++++- includes.h | 5 +---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1a7e9b020..6eaa78879 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - jmc@cvs.openbsd.org 2006/02/06 21:44:47 [ssh.1] make this a little less ambiguous... + - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 + [auth-rhosts.c includes.h] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3908,4 +3911,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4141 2006/03/15 00:05:59 djm Exp $ +$Id: ChangeLog,v 1.4142 2006/03/15 00:08:02 djm Exp $ diff --git a/auth-rhosts.c b/auth-rhosts.c index aaba8557e..9748a9457 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.34 2006/02/07 01:08:04 stevesk Exp $"); + +#ifdef HAVE_NETGROUP_H +# include +#endif #include "packet.h" #include "uidswap.h" diff --git a/includes.h b/includes.h index 520817400..c23f94ce4 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.22 2006/01/01 08:59:27 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.23 2006/02/07 01:08:04 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -51,9 +51,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } defined(GLOB_HAS_GL_MATCHC) # include #endif -#ifdef HAVE_NETGROUP_H -# include -#endif #ifdef HAVE_ENDIAN_H # include #endif -- cgit v1.2.3 From 2eb6340ddd2d1326cb3fd708be21b1bce7355e49 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:09:42 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] move #include out of includes.h; ok markus@ --- ChangeLog | 5 ++++- includes.h | 2 +- ssh-agent.c | 2 +- ssh-keyscan.c | 2 +- sshconnect2.c | 4 +++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6eaa78879..4e942999a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 [auth-rhosts.c includes.h] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 + [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3911,4 +3914,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4142 2006/03/15 00:08:02 djm Exp $ +$Id: ChangeLog,v 1.4143 2006/03/15 00:09:42 djm Exp $ diff --git a/includes.h b/includes.h index c23f94ce4..b734f7d1b 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.23 2006/02/07 01:08:04 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.24 2006/02/07 01:18:09 stevesk Exp $ */ /* * Author: Tatu Ylonen diff --git a/ssh-agent.c b/ssh-agent.c index a69c25eec..cfeeebb50 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.125 2006/02/07 01:18:09 stevesk Exp $"); #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 6915102dd..1282a62e0 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.57 2005/10/30 04:01:03 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.58 2006/02/07 01:18:09 stevesk Exp $"); #include "openbsd-compat/sys-queue.h" diff --git a/sshconnect2.c b/sshconnect2.c index adf967281..ce64586d8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.144 2006/02/07 01:18:09 stevesk Exp $"); + +#include #include "openbsd-compat/sys-queue.h" -- cgit v1.2.3 From 99bd21e3fe8f8312cb71c1ebf23c34a82a861429 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:11:28 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 [channels.c clientloop.c clientloop.h includes.h packet.h] [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] move #include out of includes.h; ok markus@ --- ChangeLog | 6 +++++- channels.c | 4 +++- clientloop.c | 4 +++- clientloop.h | 4 +++- includes.h | 3 +-- packet.h | 4 +++- serverloop.c | 4 +++- sshpty.c | 4 +++- sshpty.h | 4 +++- sshtty.c | 4 +++- ttymodes.c | 4 +++- 11 files changed, 33 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4e942999a..3ad3feb46 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 + [channels.c clientloop.c clientloop.h includes.h packet.h] + [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3914,4 +3918,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4143 2006/03/15 00:09:42 djm Exp $ +$Id: ChangeLog,v 1.4144 2006/03/15 00:11:28 djm Exp $ diff --git a/channels.c b/channels.c index 1252f3446..78d4d9187 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.233 2006/02/07 01:42:00 stevesk Exp $"); + +#include #include "ssh.h" #include "ssh1.h" diff --git a/clientloop.c b/clientloop.c index b76f7cfe0..c43a50b25 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.150 2006/02/07 01:42:00 stevesk Exp $"); + +#include #include "ssh.h" #include "ssh1.h" diff --git a/clientloop.h b/clientloop.h index aed2d918b..64cd956d2 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.15 2006/02/07 01:42:00 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -35,6 +35,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include + /* Client side main loop for the interactive session. */ int client_loop(int, int, int); void client_x11_get_proto(const char *, const char *, u_int, diff --git a/includes.h b/includes.h index b734f7d1b..db2f2f5a2 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.24 2006/02/07 01:18:09 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.25 2006/02/07 01:42:00 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -67,7 +67,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif #include /* For STDIN_FILENO, etc */ -#include /* Struct winsize */ /* *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively diff --git a/packet.h b/packet.h index 8c23646aa..04123046a 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.43 2005/07/25 11:59:40 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.44 2006/02/07 01:42:00 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -16,6 +16,8 @@ #ifndef PACKET_H #define PACKET_H +#include + #include void packet_set_connection(int, int); diff --git a/serverloop.c b/serverloop.c index 3d8e7cfb5..23f8831ef 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.125 2006/02/07 01:42:00 stevesk Exp $"); + +#include #include "xmalloc.h" #include "packet.h" diff --git a/sshpty.c b/sshpty.c index 36788c4d7..8ce8ee469 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,7 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.12 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.13 2006/02/07 01:42:00 stevesk Exp $"); + +#include #ifdef HAVE_UTIL_H # include diff --git a/sshpty.h b/sshpty.h index c0678de22..a7de73700 100644 --- a/sshpty.h +++ b/sshpty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.h,v 1.5 2004/05/08 00:01:37 deraadt Exp $ */ +/* $OpenBSD: sshpty.h,v 1.6 2006/02/07 01:42:00 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -17,6 +17,8 @@ #ifndef SSHPTY_H #define SSHPTY_H +#include + struct termios get_saved_tio(void); void leave_raw_mode(void); void enter_raw_mode(void); diff --git a/sshtty.c b/sshtty.c index 0b17c3e2d..dcaba1830 100644 --- a/sshtty.c +++ b/sshtty.c @@ -35,7 +35,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshtty.c,v 1.6 2004/05/08 00:01:37 deraadt Exp $"); +RCSID("$OpenBSD: sshtty.c,v 1.7 2006/02/07 01:42:00 stevesk Exp $"); + +#include #include "sshpty.h" #include "log.h" diff --git a/ttymodes.c b/ttymodes.c index cf4c7d5c6..7f621e30e 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -43,7 +43,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: ttymodes.c,v 1.19 2003/04/08 20:21:29 itojun Exp $"); +RCSID("$OpenBSD: ttymodes.c,v 1.20 2006/02/07 01:42:00 stevesk Exp $"); + +#include #include "packet.h" #include "log.h" -- cgit v1.2.3 From 972c84b80085235e2a89017991dcc2deaa6e742f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:11:56 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 [sshtty.c] "log.h" not needed --- ChangeLog | 5 ++++- sshtty.c | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3ad3feb46..1e64687b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ [channels.c clientloop.c clientloop.h includes.h packet.h] [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 + [sshtty.c] + "log.h" not needed 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3918,4 +3921,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4144 2006/03/15 00:11:28 djm Exp $ +$Id: ChangeLog,v 1.4145 2006/03/15 00:11:56 djm Exp $ diff --git a/sshtty.c b/sshtty.c index dcaba1830..844a5c063 100644 --- a/sshtty.c +++ b/sshtty.c @@ -35,12 +35,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshtty.c,v 1.7 2006/02/07 01:42:00 stevesk Exp $"); +RCSID("$OpenBSD: sshtty.c,v 1.8 2006/02/07 01:52:50 stevesk Exp $"); #include #include "sshpty.h" -#include "log.h" static struct termios _saved_tio; static int _in_raw_mode = 0; -- cgit v1.2.3 From 5d7710552751dc58667e5cc73434846395de2480 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:12:13 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 [hostfile.c] "packet.h" not needed --- ChangeLog | 5 ++++- hostfile.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1e64687b1..b9c0bd8ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 [sshtty.c] "log.h" not needed + - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 + [hostfile.c] + "packet.h" not needed 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3921,4 +3924,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4145 2006/03/15 00:11:56 djm Exp $ +$Id: ChangeLog,v 1.4146 2006/03/15 00:12:13 djm Exp $ diff --git a/hostfile.c b/hostfile.c index 3ed646247..5cb55dd3c 100644 --- a/hostfile.c +++ b/hostfile.c @@ -36,13 +36,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.36 2005/11/22 03:36:03 dtucker Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.37 2006/02/07 03:47:05 stevesk Exp $"); #include + #include #include -#include "packet.h" #include "match.h" #include "key.h" #include "hostfile.h" -- cgit v1.2.3 From de6dd0a35f9eb100d02a8953800ae49cc27e9cd5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:12:38 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 [deattack.c] duplicate #include --- ChangeLog | 5 ++++- deattack.c | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b9c0bd8ef..4b2a76585 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 [hostfile.c] "packet.h" not needed + - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 + [deattack.c] + duplicate #include 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3924,4 +3927,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4146 2006/03/15 00:12:13 djm Exp $ +$Id: ChangeLog,v 1.4147 2006/03/15 00:12:38 djm Exp $ diff --git a/deattack.c b/deattack.c index 8b55d6686..0cf1e1c54 100644 --- a/deattack.c +++ b/deattack.c @@ -18,14 +18,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $"); +RCSID("$OpenBSD: deattack.c,v 1.20 2006/02/07 03:59:20 stevesk Exp $"); #include "deattack.h" #include "log.h" #include "crc32.h" #include "getput.h" #include "xmalloc.h" -#include "deattack.h" /* SSH Constants */ #define SSH_MAXBLOCKS (32 * 1024) -- cgit v1.2.3 From 03e2003a2336e576aa1f27eab4f0f5b0b582bddd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:16:59 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include out of includes.h; ok markus@ --- ChangeLog | 7 ++++++- auth.c | 5 ++++- clientloop.c | 3 ++- includes.h | 5 +---- misc.c | 5 ++++- monitor.c | 6 ++++-- readpass.c | 6 +++++- session.c | 4 +++- sftp.c | 5 ++++- ssh-agent.c | 5 ++++- ssh-keysign.c | 4 +++- ssh.c | 4 +++- sshconnect.c | 4 +++- sshd.c | 4 +++- sshpty.c | 8 +++++--- 15 files changed, 54 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4b2a76585..e00c31d5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,11 @@ - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 [deattack.c] duplicate #include + - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 + [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] + [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] + [sshd.c sshpty.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3927,4 +3932,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4147 2006/03/15 00:12:38 djm Exp $ +$Id: ChangeLog,v 1.4148 2006/03/15 00:16:59 djm Exp $ diff --git a/auth.c b/auth.c index 2dc5c2be6..94c4a3eb8 100644 --- a/auth.c +++ b/auth.c @@ -23,8 +23,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth.c,v 1.61 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H +# include +#endif #ifdef HAVE_LOGIN_H #include #endif diff --git a/clientloop.c b/clientloop.c index c43a50b25..893ba30ff 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,8 +59,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.150 2006/02/07 01:42:00 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.151 2006/02/08 12:15:27 stevesk Exp $"); +#include #include #include "ssh.h" diff --git a/includes.h b/includes.h index db2f2f5a2..85a907ceb 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.25 2006/02/07 01:42:00 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.26 2006/02/08 12:15:27 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -90,9 +90,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_LASTLOG_H # include #endif -#ifdef HAVE_PATHS_H -# include /* For _PATH_XXX */ -#endif #include #include diff --git a/misc.c b/misc.c index 29e928886..a80eedb1c 100644 --- a/misc.c +++ b/misc.c @@ -24,8 +24,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.43 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H +# include +#endif #ifdef SSH_TUN_OPENBSD #include #endif diff --git a/monitor.c b/monitor.c index e6f648b0b..1d6fcf1d8 100644 --- a/monitor.c +++ b/monitor.c @@ -25,14 +25,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.65 2006/02/08 12:15:27 stevesk Exp $"); -#include +#include #ifdef SKEY #include #endif +#include + #include "ssh.h" #include "auth.h" #include "kex.h" diff --git a/readpass.c b/readpass.c index 7914799a4..a9b99617a 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.34 2006/02/08 12:15:27 stevesk Exp $"); + +#ifdef HAVE_PATHS_H +# include +#endif #include "xmalloc.h" #include "misc.h" diff --git a/session.c b/session.c index 0cbd5fbb2..88e0a04d2 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.192 2006/02/08 12:15:27 stevesk Exp $"); + +#include #include "ssh.h" #include "ssh1.h" diff --git a/sftp.c b/sftp.c index a2e3f6aad..877632ec3 100644 --- a/sftp.c +++ b/sftp.c @@ -16,8 +16,11 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.71 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H +# include +#endif #ifdef USE_LIBEDIT #include #else diff --git a/ssh-agent.c b/ssh-agent.c index cfeeebb50..87381f09f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,8 +35,11 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.125 2006/02/07 01:18:09 stevesk Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.126 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H +# include +#endif #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index dae3a2e8c..f2ee214e1 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.20 2006/02/08 12:15:27 stevesk Exp $"); + +#include #include #include diff --git a/ssh.c b/ssh.c index 3940dabfd..b248c0280 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.258 2006/02/08 12:15:27 stevesk Exp $"); + +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index 64ffec240..9da911c4c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.172 2006/02/08 12:15:27 stevesk Exp $"); + +#include #include diff --git a/sshd.c b/sshd.c index def90d827..10f9f52a5 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.319 2006/02/08 12:15:27 stevesk Exp $"); + +#include #include #include diff --git a/sshpty.c b/sshpty.c index 8ce8ee469..6b0ad1f2a 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,10 +12,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.13 2006/02/07 01:42:00 stevesk Exp $"); - -#include +RCSID("$OpenBSD: sshpty.c,v 1.14 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H +# include +#endif +#include #ifdef HAVE_UTIL_H # include #endif /* HAVE_UTIL_H */ -- cgit v1.2.3 From a9263d065d1db21c1d0661913673ed5c9b4d6467 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:18:26 +1100 Subject: fix spacing of include --- auth.c | 2 +- misc.c | 2 +- readpass.c | 2 +- sftp.c | 2 +- ssh-agent.c | 2 +- sshpty.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/auth.c b/auth.c index 94c4a3eb8..666a2dd22 100644 --- a/auth.c +++ b/auth.c @@ -26,7 +26,7 @@ RCSID("$OpenBSD: auth.c,v 1.61 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #ifdef HAVE_LOGIN_H #include diff --git a/misc.c b/misc.c index a80eedb1c..e85b773d0 100644 --- a/misc.c +++ b/misc.c @@ -27,7 +27,7 @@ RCSID("$OpenBSD: misc.c,v 1.43 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #ifdef SSH_TUN_OPENBSD #include diff --git a/readpass.c b/readpass.c index a9b99617a..9f74bec19 100644 --- a/readpass.c +++ b/readpass.c @@ -26,7 +26,7 @@ RCSID("$OpenBSD: readpass.c,v 1.34 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #include "xmalloc.h" diff --git a/sftp.c b/sftp.c index 877632ec3..636c1f5f4 100644 --- a/sftp.c +++ b/sftp.c @@ -19,7 +19,7 @@ RCSID("$OpenBSD: sftp.c,v 1.71 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #ifdef USE_LIBEDIT #include diff --git a/ssh-agent.c b/ssh-agent.c index 87381f09f..0b10f9194 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -38,7 +38,7 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.126 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #include #include diff --git a/sshpty.c b/sshpty.c index 6b0ad1f2a..4434a908d 100644 --- a/sshpty.c +++ b/sshpty.c @@ -15,7 +15,7 @@ RCSID("$OpenBSD: sshpty.c,v 1.14 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H -# include +# include #endif #include #ifdef HAVE_UTIL_H -- cgit v1.2.3 From 3a4051e88b18b4290b07db7aec99adfffe566c96 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:19:42 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 [includes.h misc.c] move #include out of includes.h; ok markus@ --- ChangeLog | 5 ++++- includes.h | 3 +-- misc.c | 5 +++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e00c31d5a..95d2b76f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,9 @@ [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 + [includes.h misc.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3932,4 +3935,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4148 2006/03/15 00:16:59 djm Exp $ +$Id: ChangeLog,v 1.4149 2006/03/15 00:19:42 djm Exp $ diff --git a/includes.h b/includes.h index 85a907ceb..bcc3b41f2 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.26 2006/02/08 12:15:27 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.27 2006/02/08 12:32:49 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -140,7 +140,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* For typedefs */ #include /* For IPv6 macros */ #include /* For IPTOS macros */ -#include #include #if defined(HAVE_NETDB_H) # include diff --git a/misc.c b/misc.c index e85b773d0..e4a47e610 100644 --- a/misc.c +++ b/misc.c @@ -24,8 +24,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.43 2006/02/08 12:15:27 stevesk Exp $"); - +RCSID("$OpenBSD: misc.c,v 1.44 2006/02/08 12:32:49 stevesk Exp $"); + +#include #ifdef HAVE_PATHS_H # include #endif -- cgit v1.2.3 From 0b70b54abc79e73ab0949b56c3d7dd1c3e60bf47 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:20:03 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 [gss-serv.c monitor.c] small KNF --- ChangeLog | 5 ++++- gss-serv.c | 7 ++++--- monitor.c | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 95d2b76f8..25b4adae5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,9 @@ - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 [includes.h misc.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 + [gss-serv.c monitor.c] + small KNF 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3935,4 +3938,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4149 2006/03/15 00:19:42 djm Exp $ +$Id: ChangeLog,v 1.4150 2006/03/15 00:20:03 djm Exp $ diff --git a/gss-serv.c b/gss-serv.c index 26eec25bd..56e33d6a2 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.14 2006/02/08 13:15:44 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -175,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) return GSS_S_FAILURE; name->value = xmalloc(name->length+1); - memcpy(name->value, tok+offset,name->length); + memcpy(name->value, tok+offset, name->length); ((char *)name->value)[name->length] = 0; return GSS_S_COMPLETE; @@ -234,7 +234,8 @@ ssh_gssapi_cleanup_creds(void) { if (gssapi_client.store.filename != NULL) { /* Unlink probably isn't sufficient */ - debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename); + debug("removing gssapi cred file\"%s\"", + gssapi_client.store.filename); unlink(gssapi_client.store.filename); } } diff --git a/monitor.c b/monitor.c index 1d6fcf1d8..4ba78db9c 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.65 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.66 2006/02/08 13:15:44 stevesk Exp $"); #include @@ -198,7 +198,7 @@ struct mon_table mon_dispatch_proto20[] = { #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, - {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, + {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, #endif #ifdef SKEY {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, @@ -239,7 +239,7 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, - {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, + {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, #endif #ifdef SKEY {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, -- cgit v1.2.3 From 52ab08475511b5700e823f058b7ffebbcbcf7056 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:20:46 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 [sshconnect.c] not needed --- ChangeLog | 5 ++++- sshconnect.c | 4 +--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 25b4adae5..27cf354aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 [gss-serv.c monitor.c] small KNF + - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 + [sshconnect.c] + not needed 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3938,4 +3941,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4150 2006/03/15 00:20:03 djm Exp $ +$Id: ChangeLog,v 1.4151 2006/03/15 00:20:46 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 9da911c4c..a71251ea0 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,12 +13,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.172 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.173 2006/02/08 14:16:59 stevesk Exp $"); #include -#include - #include "ssh.h" #include "xmalloc.h" #include "rsa.h" -- cgit v1.2.3 From cd4223c24503346477bc7d50249e569ae8ef97ae Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:22:47 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 [includes.h ssh-agent.c ssh-keyscan.c ssh.c] move #include out of includes.h; ok markus@ --- ChangeLog | 5 ++++- includes.h | 3 +-- ssh-agent.c | 5 +++-- ssh-keyscan.c | 5 +++-- ssh.c | 4 +++- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 27cf354aa..4639f4e79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 [sshconnect.c] not needed + - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 + [includes.h ssh-agent.c ssh-keyscan.c ssh.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3941,4 +3944,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4151 2006/03/15 00:20:46 djm Exp $ +$Id: ChangeLog,v 1.4152 2006/03/15 00:22:47 djm Exp $ diff --git a/includes.h b/includes.h index bcc3b41f2..27792e10a 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.27 2006/02/08 12:32:49 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.28 2006/02/08 14:31:30 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -98,7 +98,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_SYS_TIME_H # include /* For timersub */ #endif -#include #ifdef HAVE_SYS_SELECT_H # include #endif diff --git a/ssh-agent.c b/ssh-agent.c index 0b10f9194..8821e0006 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -34,9 +34,10 @@ */ #include "includes.h" +RCSID("$OpenBSD: ssh-agent.c,v 1.127 2006/02/08 14:31:30 stevesk Exp $"); + #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.126 2006/02/08 12:15:27 stevesk Exp $"); - +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1282a62e0..13e7c721c 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,9 +7,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.58 2006/02/07 01:18:09 stevesk Exp $"); - +RCSID("$OpenBSD: ssh-keyscan.c,v 1.59 2006/02/08 14:31:30 stevesk Exp $"); + #include "openbsd-compat/sys-queue.h" +#include #include diff --git a/ssh.c b/ssh.c index b248c0280..3384de012 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.258 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.259 2006/02/08 14:31:30 stevesk Exp $"); + +#include #include -- cgit v1.2.3 From 68f8e992bf4ab38263b8619aad8a5e34f238fffb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:24:12 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 [includes.h packet.c] move #include and out of includes.h; ok markus@ --- ChangeLog | 6 +++++- includes.h | 4 +--- packet.c | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4639f4e79..707411e33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,10 @@ - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 [includes.h ssh-agent.c ssh-keyscan.c ssh.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 + [includes.h packet.c] + move #include and out of + includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3944,4 +3948,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4152 2006/03/15 00:22:47 djm Exp $ +$Id: ChangeLog,v 1.4153 2006/03/15 00:24:12 djm Exp $ diff --git a/includes.h b/includes.h index 27792e10a..60053b8d3 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.28 2006/02/08 14:31:30 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.29 2006/02/08 14:38:18 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -137,8 +137,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #endif #include /* For typedefs */ -#include /* For IPv6 macros */ -#include /* For IPTOS macros */ #include #if defined(HAVE_NETDB_H) # include diff --git a/packet.c b/packet.c index db2aa2411..24d2bb312 100644 --- a/packet.c +++ b/packet.c @@ -37,9 +37,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); - +RCSID("$OpenBSD: packet.c,v 1.121 2006/02/08 14:38:18 stevesk Exp $"); + #include "openbsd-compat/sys-queue.h" +#include +#include #include "xmalloc.h" #include "buffer.h" -- cgit v1.2.3 From 88f254b9a56fb87069e9f078ec613d6d08e4dac5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:25:13 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 [includes.h scp.c sftp-glob.c sftp-server.c] move #include out of includes.h; ok markus@ --- ChangeLog | 5 ++++- includes.h | 3 +-- scp.c | 4 +++- sftp-glob.c | 4 +++- sftp-server.c | 4 +++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 707411e33..d87509fb4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,9 @@ [includes.h packet.c] move #include and out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 + [includes.h scp.c sftp-glob.c sftp-server.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3948,4 +3951,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4153 2006/03/15 00:24:12 djm Exp $ +$Id: ChangeLog,v 1.4154 2006/03/15 00:25:13 djm Exp $ diff --git a/includes.h b/includes.h index 60053b8d3..6452d2fc5 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.29 2006/02/08 14:38:18 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.30 2006/02/08 23:51:24 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -35,7 +35,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include #include #include -#include #include #ifdef HAVE_LIMITS_H diff --git a/scp.c b/scp.c index 620024ea7..0b65ff081 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.131 2006/02/08 23:51:24 stevesk Exp $"); + +#include #include "xmalloc.h" #include "atomicio.h" diff --git a/sftp-glob.c b/sftp-glob.c index 16c5e206a..9dfbf9538 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -15,7 +15,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-glob.c,v 1.15 2004/02/17 07:17:29 djm Exp $"); +RCSID("$OpenBSD: sftp-glob.c,v 1.16 2006/02/08 23:51:24 stevesk Exp $"); + +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp-server.c b/sftp-server.c index 7060c44ad..96fe1a7bb 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.50 2006/01/02 01:20:31 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.51 2006/02/08 23:51:24 stevesk Exp $"); + +#include #include "buffer.h" #include "bufaux.h" -- cgit v1.2.3 From 1d90540534da87ba4ac5b48037f1d66f82569ff7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:26:55 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 [includes.h] #include not needed; ok djm@ NB. ID Sync only - we still need this (but it may move later) --- ChangeLog | 6 +++++- includes.h | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d87509fb4..91846668f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,10 @@ - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 [includes.h scp.c sftp-glob.c sftp-server.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 + [includes.h] + #include not needed; ok djm@ + NB. ID Sync only - we still need this (but it may move later) 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3951,4 +3955,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4154 2006/03/15 00:25:13 djm Exp $ +$Id: ChangeLog,v 1.4155 2006/03/15 00:26:55 djm Exp $ diff --git a/includes.h b/includes.h index 6452d2fc5..b4cd092b6 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.30 2006/02/08 23:51:24 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.31 2006/02/09 00:32:07 stevesk Exp $ */ /* * Author: Tatu Ylonen -- cgit v1.2.3 From c47d7e9e1905adbef3489cc2bbdceda02d212f7e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:27:20 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/09 10:10:47 [sshd.8] - move some text into a CAVEATS section - merge the COMMAND EXECUTION... section into AUTHENTICATION --- ChangeLog | 6 +++++- sshd.8 | 26 +++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 91846668f..10bf3c86f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,10 @@ [includes.h] #include not needed; ok djm@ NB. ID Sync only - we still need this (but it may move later) + - jmc@cvs.openbsd.org 2006/02/09 10:10:47 + [sshd.8] + - move some text into a CAVEATS section + - merge the COMMAND EXECUTION... section into AUTHENTICATION 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3955,4 +3959,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4155 2006/03/15 00:26:55 djm Exp $ +$Id: ChangeLog,v 1.4156 2006/03/15 00:27:20 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 51d339b65..e884e2b09 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -308,17 +308,6 @@ or .Ql \&*NP\&* ). .Pp -System security is not improved unless -.Nm rshd , -.Nm rlogind , -and -.Nm rexecd -are disabled (thus completely disabling -.Xr rlogin -and -.Xr rsh -into the machine). -.Sh COMMAND EXECUTION AND DATA FORWARDING If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request @@ -326,7 +315,7 @@ things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP connections, or forwarding the authentication agent connection over the secure channel. .Pp -Finally, the client either requests a shell or execution of a command. +After this, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or @@ -867,3 +856,14 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. +.Sh CAVEATS +System security is not improved unless +.Nm rshd , +.Nm rlogind , +and +.Nm rexecd +are disabled (thus completely disabling +.Xr rlogin +and +.Xr rsh +into the machine). -- cgit v1.2.3 From 17e91c0fb01787f9a5974a997bb26114a435dde7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:28:34 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] [ssh.c sshd.c sshpty.c] move #include out of includes.h; ok markus@ --- ChangeLog | 6 +++++- channels.c | 4 +++- clientloop.c | 4 +++- includes.h | 3 +-- misc.c | 5 +++-- progressmeter.c | 4 +++- sftp.c | 3 ++- ssh.c | 3 ++- sshd.c | 4 +++- sshpty.c | 4 +++- 10 files changed, 28 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 10bf3c86f..1582d97c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,10 @@ [sshd.8] - move some text into a CAVEATS section - merge the COMMAND EXECUTION... section into AUTHENTICATION + - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 + [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] + [ssh.c sshd.c sshpty.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3959,4 +3963,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4156 2006/03/15 00:27:20 djm Exp $ +$Id: ChangeLog,v 1.4157 2006/03/15 00:28:34 djm Exp $ diff --git a/channels.c b/channels.c index 78d4d9187..3955b6158 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.233 2006/02/07 01:42:00 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.234 2006/02/10 00:27:13 stevesk Exp $"); + +#include #include diff --git a/clientloop.c b/clientloop.c index 893ba30ff..52f3bd5b5 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.151 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.152 2006/02/10 00:27:13 stevesk Exp $"); + +#include #include #include diff --git a/includes.h b/includes.h index b4cd092b6..9cf7d30a2 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.31 2006/02/09 00:32:07 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.32 2006/02/10 00:27:13 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -92,7 +92,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include #include -#include #include #ifdef HAVE_SYS_TIME_H # include /* For timersub */ diff --git a/misc.c b/misc.c index e4a47e610..e1da651ef 100644 --- a/misc.c +++ b/misc.c @@ -24,8 +24,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.44 2006/02/08 12:32:49 stevesk Exp $"); - +RCSID("$OpenBSD: misc.c,v 1.45 2006/02/10 00:27:13 stevesk Exp $"); + +#include #include #ifdef HAVE_PATHS_H # include diff --git a/progressmeter.c b/progressmeter.c index 13c51d87e..4f76c53d0 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.25 2006/02/10 00:27:13 stevesk Exp $"); + +#include #include "progressmeter.h" #include "atomicio.h" diff --git a/sftp.c b/sftp.c index 636c1f5f4..0599e587a 100644 --- a/sftp.c +++ b/sftp.c @@ -15,8 +15,9 @@ */ #include "includes.h" +RCSID("$OpenBSD: sftp.c,v 1.72 2006/02/10 00:27:13 stevesk Exp $"); -RCSID("$OpenBSD: sftp.c,v 1.71 2006/02/08 12:15:27 stevesk Exp $"); +#include #ifdef HAVE_PATHS_H # include diff --git a/ssh.c b/ssh.c index 3384de012..5331402e5 100644 --- a/ssh.c +++ b/ssh.c @@ -40,9 +40,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.259 2006/02/08 14:31:30 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.260 2006/02/10 00:27:13 stevesk Exp $"); #include +#include #include diff --git a/sshd.c b/sshd.c index 10f9f52a5..3bf489723 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.319 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.320 2006/02/10 00:27:13 stevesk Exp $"); + +#include #include diff --git a/sshpty.c b/sshpty.c index 4434a908d..884df26ae 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,7 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.14 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.15 2006/02/10 00:27:13 stevesk Exp $"); + +#include #ifdef HAVE_PATHS_H # include -- cgit v1.2.3 From 9cf6d077fb87b4364e70c9fd889bf26744718301 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:29:24 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 [includes.h monitor.c readpass.c scp.c serverloop.c session.c^?] [sftp.c sshconnect.c sshconnect2.c sshd.c] move #include out of includes.h; ok markus@ --- ChangeLog | 6 +++++- includes.h | 3 +-- monitor.c | 5 ++++- readpass.c | 5 ++++- scp.c | 5 ++++- serverloop.c | 5 ++++- session.c | 5 ++++- sftp.c | 4 +++- sshconnect.c | 5 ++++- sshconnect2.c | 4 +++- sshd.c | 4 +++- 11 files changed, 39 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1582d97c7..b6ddb879d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,10 @@ [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] [ssh.c sshd.c sshpty.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 + [includes.h monitor.c readpass.c scp.c serverloop.c session.c] + [sftp.c sshconnect.c sshconnect2.c sshd.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3963,4 +3967,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4157 2006/03/15 00:28:34 djm Exp $ +$Id: ChangeLog,v 1.4158 2006/03/15 00:29:24 djm Exp $ diff --git a/includes.h b/includes.h index 9cf7d30a2..1dbe16b78 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.32 2006/02/10 00:27:13 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.33 2006/02/10 01:44:26 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -92,7 +92,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include #include -#include #ifdef HAVE_SYS_TIME_H # include /* For timersub */ #endif diff --git a/monitor.c b/monitor.c index 4ba78db9c..c21c0fab8 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.66 2006/02/08 13:15:44 stevesk Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.67 2006/02/10 01:44:26 stevesk Exp $"); + +#include +#include #include diff --git a/readpass.c b/readpass.c index 9f74bec19..811cfa231 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.34 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.35 2006/02/10 01:44:26 stevesk Exp $"); + +#include +#include #ifdef HAVE_PATHS_H # include diff --git a/scp.c b/scp.c index 0b65ff081..4521f6343 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.131 2006/02/08 23:51:24 stevesk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.132 2006/02/10 01:44:26 stevesk Exp $"); + +#include +#include #include diff --git a/serverloop.c b/serverloop.c index 23f8831ef..11dcaf703 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.125 2006/02/07 01:42:00 stevesk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.126 2006/02/10 01:44:26 stevesk Exp $"); + +#include +#include #include diff --git a/session.c b/session.c index 88e0a04d2..ecd6cf216 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.192 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.193 2006/02/10 01:44:27 stevesk Exp $"); + +#include +#include #include diff --git a/sftp.c b/sftp.c index 0599e587a..4e170ee60 100644 --- a/sftp.c +++ b/sftp.c @@ -15,9 +15,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.72 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.73 2006/02/10 01:44:27 stevesk Exp $"); #include +#include +#include #ifdef HAVE_PATHS_H # include diff --git a/sshconnect.c b/sshconnect.c index a71251ea0..dc74d75c4 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.173 2006/02/08 14:16:59 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.174 2006/02/10 01:44:27 stevesk Exp $"); + +#include +#include #include diff --git a/sshconnect2.c b/sshconnect2.c index ce64586d8..eb9a4d870 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,8 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.144 2006/02/07 01:18:09 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.145 2006/02/10 01:44:27 stevesk Exp $"); +#include +#include #include #include "openbsd-compat/sys-queue.h" diff --git a/sshd.c b/sshd.c index 3bf489723..8a68a537b 100644 --- a/sshd.c +++ b/sshd.c @@ -42,9 +42,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.320 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.321 2006/02/10 01:44:27 stevesk Exp $"); #include +#include +#include #include -- cgit v1.2.3 From 3fd019ecca7d41702111f926f08e370946cf9060 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:29:51 +1100 Subject: - otto@cvs.openbsd.org 2006/02/11 19:31:18 [atomicio.c] type correctness; from Ray Lai in PR 5011; ok millert@ --- ChangeLog | 5 ++++- atomicio.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6ddb879d..70cd90426 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,9 @@ [includes.h monitor.c readpass.c scp.c serverloop.c session.c] [sftp.c sshconnect.c sshconnect2.c sshd.c] move #include out of includes.h; ok markus@ + - otto@cvs.openbsd.org 2006/02/11 19:31:18 + [atomicio.c] + type correctness; from Ray Lai in PR 5011; ok millert@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3967,4 +3970,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4158 2006/03/15 00:29:24 djm Exp $ +$Id: ChangeLog,v 1.4159 2006/03/15 00:29:51 djm Exp $ diff --git a/atomicio.c b/atomicio.c index 12abbda16..8dd271b6d 100644 --- a/atomicio.c +++ b/atomicio.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.14 2006/02/11 19:31:18 otto Exp $"); #include "atomicio.h" @@ -58,7 +58,7 @@ atomicio(f, fd, _s, n) errno = EPIPE; return pos; default: - pos += (u_int)res; + pos += (size_t)res; } } return (pos); -- cgit v1.2.3 From 3ec54c7e58eb9724a5d54d3e985992ebecbd7553 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:30:13 +1100 Subject: - djm@cvs.openbsd.org 2006/02/12 06:45:34 [ssh.c ssh_config.5] add a %l expansion code to the ControlPath, which is filled in with the local hostname at runtime. Requested by henning@ to avoid some problems with /home on NFS; ok dtucker@ --- ChangeLog | 7 ++++++- ssh.c | 8 ++++++-- ssh_config.5 | 6 ++++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70cd90426..380b952b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -69,6 +69,11 @@ - otto@cvs.openbsd.org 2006/02/11 19:31:18 [atomicio.c] type correctness; from Ray Lai in PR 5011; ok millert@ + - djm@cvs.openbsd.org 2006/02/12 06:45:34 + [ssh.c ssh_config.5] + add a %l expansion code to the ControlPath, which is filled in with the + local hostname at runtime. Requested by henning@ to avoid some problems + with /home on NFS; ok dtucker@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3970,4 +3975,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4159 2006/03/15 00:29:51 djm Exp $ +$Id: ChangeLog,v 1.4160 2006/03/15 00:30:13 djm Exp $ diff --git a/ssh.c b/ssh.c index 5331402e5..4a373356f 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.260 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.261 2006/02/12 06:45:34 djm Exp $"); #include #include @@ -638,11 +638,15 @@ again: options.control_path = NULL; if (options.control_path != NULL) { + char me[NI_MAXHOST]; + + if (gethostname(me, sizeof(me)) == -1) + fatal("gethostname: %s", strerror(errno)); snprintf(buf, sizeof(buf), "%d", options.port); cp = tilde_expand_filename(options.control_path, original_real_uid); options.control_path = percent_expand(cp, "p", buf, "h", host, - "r", options.user, (char *)NULL); + "r", options.user, "l", me, (char *)NULL); xfree(cp); } if (mux_command != 0 && options.control_path == NULL) diff --git a/ssh_config.5 b/ssh_config.5 index 5c94ffc9c..5d821a0b1 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.76 2006/01/20 11:21:45 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.77 2006/02/12 06:45:34 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -306,6 +306,8 @@ section above or the string .Dq none to disable connection sharing. In the path, +.Ql %l +will be substituted by the local host name, .Ql %h will be substituted by the target host name, .Ql %p @@ -315,7 +317,7 @@ by the remote login username. It is recommended that any .Cm ControlPath used for opportunistic connection sharing include -all three of these escape sequences. +at least the last three of these escape sequences (%h, %p and %r). This ensures that shared connections are uniquely identified. .It Cm DynamicForward Specifies that a TCP port on the local machine be forwarded -- cgit v1.2.3 From b59d4fe8b505f98f1a95da369c0f4c51b642e042 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:30:38 +1100 Subject: - djm@cvs.openbsd.org 2006/02/12 10:44:18 [readconf.c] raise error when the user specifies a RekeyLimit that is smaller than 16 (the smallest of our cipher's blocksize) or big enough to cause integer wraparound; ok & feedback dtucker@ --- ChangeLog | 7 ++++++- readconf.c | 29 ++++++++++++++++++++++------- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 380b952b8..f8e857153 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,6 +74,11 @@ add a %l expansion code to the ControlPath, which is filled in with the local hostname at runtime. Requested by henning@ to avoid some problems with /home on NFS; ok dtucker@ + - djm@cvs.openbsd.org 2006/02/12 10:44:18 + [readconf.c] + raise error when the user specifies a RekeyLimit that is smaller than 16 + (the smallest of our cipher's blocksize) or big enough to cause integer + wraparound; ok & feedback dtucker@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3975,4 +3980,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4160 2006/03/15 00:30:13 djm Exp $ +$Id: ChangeLog,v 1.4161 2006/03/15 00:30:38 djm Exp $ diff --git a/readconf.c b/readconf.c index 1fbf59793..bc5cf6188 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.146 2006/02/12 10:44:18 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -306,7 +306,8 @@ process_config_line(Options *options, const char *host, int *activep) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value, value2; + int opcode, *intptr, value, value2, scale; + long long orig, val64; size_t len; Forward fwd; @@ -479,22 +480,36 @@ parse_yesnoask: fatal("%.200s line %d: Missing argument.", filename, linenum); if (arg[0] < '0' || arg[0] > '9') fatal("%.200s line %d: Bad number.", filename, linenum); - value = strtol(arg, &endofnumber, 10); + orig = val64 = strtoll(arg, &endofnumber, 10); if (arg == endofnumber) fatal("%.200s line %d: Bad number.", filename, linenum); switch (toupper(*endofnumber)) { + case '\0': + scale = 1; + break; case 'K': - value *= 1<<10; + scale = 1<<10; break; case 'M': - value *= 1<<20; + scale = 1<<20; break; case 'G': - value *= 1<<30; + scale = 1<<30; break; + default: + fatal("%.200s line %d: Invalid RekeyLimit suffix", + filename, linenum); } + val64 *= scale; + /* detect integer wrap and too-large limits */ + if ((val64 / scale) != orig || val64 > INT_MAX) + fatal("%.200s line %d: RekeyLimit too large", + filename, linenum); + if (val64 < 16) + fatal("%.200s line %d: RekeyLimit too small", + filename, linenum); if (*activep && *intptr == -1) - *intptr = value; + *intptr = (int)val64; break; case oIdentityFile: -- cgit v1.2.3 From 20c2ec48c376fc025774bbb903f57de449bb8c5c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:31:01 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/12 10:49:44 [ssh_config.5] slight rewording; ok djm --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f8e857153..70b3bcc62 100644 --- a/ChangeLog +++ b/ChangeLog @@ -79,6 +79,9 @@ raise error when the user specifies a RekeyLimit that is smaller than 16 (the smallest of our cipher's blocksize) or big enough to cause integer wraparound; ok & feedback dtucker@ + - jmc@cvs.openbsd.org 2006/02/12 10:49:44 + [ssh_config.5] + slight rewording; ok djm 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3980,4 +3983,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4161 2006/03/15 00:30:38 djm Exp $ +$Id: ChangeLog,v 1.4162 2006/03/15 00:31:01 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 5d821a0b1..62a185a39 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.77 2006/02/12 06:45:34 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.78 2006/02/12 10:49:44 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -317,7 +317,7 @@ by the remote login username. It is recommended that any .Cm ControlPath used for opportunistic connection sharing include -at least the last three of these escape sequences (%h, %p and %r). +at least %h, %p, and %r. This ensures that shared connections are uniquely identified. .It Cm DynamicForward Specifies that a TCP port on the local machine be forwarded -- cgit v1.2.3 From dcfea27f1b4e7af8019f8539dd53188af1ccded3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:31:22 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/12 10:52:41 [sshd.8] rework the description of authorized_keys a little; --- ChangeLog | 5 ++++- sshd.8 | 29 +++++++++++++---------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70b3bcc62..608a438cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -82,6 +82,9 @@ - jmc@cvs.openbsd.org 2006/02/12 10:49:44 [ssh_config.5] slight rewording; ok djm + - jmc@cvs.openbsd.org 2006/02/12 10:52:41 + [sshd.8] + rework the description of authorized_keys a little; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3983,4 +3986,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4162 2006/03/15 00:31:01 djm Exp $ +$Id: ChangeLog,v 1.4163 2006/03/15 00:31:22 djm Exp $ diff --git a/sshd.8 b/sshd.8 index e884e2b09..909339f07 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.216 2006/02/09 10:10:47 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -374,27 +374,24 @@ authentication protocol and cookie in standard input. Runs user's shell or command. .El .Sh AUTHORIZED_KEYS FILE FORMAT -.Pa ~/.ssh/authorized_keys -is the default file that lists the public keys that are -permitted for RSA authentication in protocol version 1 -and for public key authentication (PubkeyAuthentication) -in protocol version 2. .Cm AuthorizedKeysFile -may be used to specify an alternative file. -.Pp +specifies the file containing public keys for +public key authentication; +if none is specified, the default is +.Pa ~/.ssh/authorized_keys . Each line of the file contains one key (empty lines and lines starting with a .Ql # are ignored as comments). -Each RSA public key consists of the following fields, separated by -spaces: options, bits, exponent, modulus, comment. -Each protocol version 2 public key consists of: -options, keytype, base64 encoded key, comment. -The options field -is optional; its presence is determined by whether the line starts +Protocol 1 public keys consist of the following space-separated fields: +options, bits, exponent, modulus, comment. +Protocol 2 public key consist of: +options, keytype, base64-encoded key, comment. +The options field is optional; +its presence is determined by whether the line starts with a number or not (the options field never starts with a number). -The bits, exponent, modulus and comment fields give the RSA key for +The bits, exponent, modulus, and comment fields give the RSA key for protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). @@ -409,7 +406,7 @@ Note that lines in this file are usually several hundred bytes long keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , -.Pa id_dsa.pub +.Pa id_dsa.pub , or the .Pa id_rsa.pub file and edit it. -- cgit v1.2.3 From 31bdc52325c8ba48f23fc7e0b32bfab67ebf47cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:31:44 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/12 17:57:19 [sshd.8] sort the list of options permissable w/ authorized_keys; ok djm dtucker --- ChangeLog | 6 +++++- sshd.8 | 52 ++++++++++++++++++++++++++-------------------------- 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index 608a438cd..9928e171c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -85,6 +85,10 @@ - jmc@cvs.openbsd.org 2006/02/12 10:52:41 [sshd.8] rework the description of authorized_keys a little; + - jmc@cvs.openbsd.org 2006/02/12 17:57:19 + [sshd.8] + sort the list of options permissable w/ authorized_keys; + ok djm dtucker 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3986,4 +3990,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4163 2006/03/15 00:31:22 djm Exp $ +$Id: ChangeLog,v 1.4164 2006/03/15 00:31:44 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 909339f07..58bf9062a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -421,26 +421,6 @@ No spaces are permitted, except within double quotes. The following option specifications are supported (note that option keywords are case-insensitive): .Bl -tag -width Ds -.It Cm from="pattern-list" -Specifies that in addition to public key authentication, the canonical name -of the remote host must be present in the comma-separated list of -patterns -.Pf ( Ql \&* -and -.Ql \&? -serve as wildcards). -The list may also contain -patterns negated by prefixing them with -.Ql \&! ; -if the canonical host name matches a negated pattern, the key is not accepted. -The purpose -of this option is to optionally increase security: public key authentication -by itself does not trust the network or name servers or anything (but -the key); however, if somebody somehow steals the key, the key -permits an intruder to log in from anywhere in the world. -This additional option makes using a stolen key more difficult (name -servers and/or routers would have to be compromised in addition to -just the key). .It Cm command="command" Specifies that the command is executed whenever this key is used for authentication. @@ -470,20 +450,40 @@ option. This option is automatically disabled if .Cm UseLogin is enabled. +.It Cm from="pattern-list" +Specifies that in addition to public key authentication, the canonical name +of the remote host must be present in the comma-separated list of +patterns +.Pf ( Ql \&* +and +.Ql \&? +serve as wildcards). +The list may also contain +patterns negated by prefixing them with +.Ql \&! ; +if the canonical host name matches a negated pattern, the key is not accepted. +The purpose +of this option is to optionally increase security: public key authentication +by itself does not trust the network or name servers or anything (but +the key); however, if somebody somehow steals the key, the key +permits an intruder to log in from anywhere in the world. +This additional option makes using a stolen key more difficult (name +servers and/or routers would have to be compromised in addition to +just the key). +.It Cm no-agent-forwarding +Forbids authentication agent forwarding when this key is used for +authentication. .It Cm no-port-forwarding Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. This might be used, e.g., in connection with the .Cm command option. +.It Cm no-pty +Prevents tty allocation (a request to allocate a pty will fail). .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. -.It Cm no-agent-forwarding -Forbids authentication agent forwarding when this key is used for -authentication. -.It Cm no-pty -Prevents tty allocation (a request to allocate a pty will fail). .It Cm permitopen="host:port" Limit local .Li ``ssh -L'' -- cgit v1.2.3 From 7d2ef02f1c79788e9b73d15a33019e09fe6bec76 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:32:06 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 10:16:39 [sshd.8] no need to subsection the authorized_keys examples - instead, convert this to look like an actual file. also use proto 2 keys, and use IETF example addresses; --- ChangeLog | 7 ++++++- sshd.8 | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9928e171c..ec05ccba3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -89,6 +89,11 @@ [sshd.8] sort the list of options permissable w/ authorized_keys; ok djm dtucker + - jmc@cvs.openbsd.org 2006/02/13 10:16:39 + [sshd.8] + no need to subsection the authorized_keys examples - instead, convert + this to look like an actual file. also use proto 2 keys, and use IETF + example addresses; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3990,4 +3995,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4164 2006/03/15 00:31:44 djm Exp $ +$Id: ChangeLog,v 1.4165 2006/03/15 00:32:06 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 58bf9062a..4eb5321ab 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.219 2006/02/13 10:16:39 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -503,16 +503,16 @@ device on the server. Without this option, the next available device will be used if the client requests a tunnel. .El -.Ss Examples -1024 33 12121...312314325 ylo@foo.bar -.Pp -from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula -.Pp -command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp -permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 -.Pp -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org +An example authorized_keys file: +.Bd -literal +# Comments allowed at start of line +ssh-rsa AAAAB3Nza...LiPk== user@example.net +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net +command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +.Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts -- cgit v1.2.3 From 9a7f201d45a5bc2c268ff35668a120487ac8e33c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:32:42 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 10:21:25 [sshd.8] small tweaks for the ssh_known_hosts section; --- ChangeLog | 5 ++++- sshd.8 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec05ccba3..0e20e59a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -94,6 +94,9 @@ no need to subsection the authorized_keys examples - instead, convert this to look like an actual file. also use proto 2 keys, and use IETF example addresses; + - jmc@cvs.openbsd.org 2006/02/13 10:21:25 + [sshd.8] + small tweaks for the ssh_known_hosts section; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3995,4 +3998,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4165 2006/03/15 00:32:06 djm Exp $ +$Id: ChangeLog,v 1.4166 2006/03/15 00:32:42 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 4eb5321ab..1db605c6a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.219 2006/02/13 10:16:39 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.220 2006/02/13 10:21:25 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -521,7 +521,7 @@ and files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects from an unknown host +maintained automatically: whenever the user connects from an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: hostnames, @@ -529,7 +529,7 @@ bits, exponent, modulus, comment. The fields are separated by spaces. .Pp Hostnames is a comma-separated list of patterns -.Pf ( Ql \&* +.Pf ( Ql * and .Ql \&? act as @@ -551,7 +551,7 @@ Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. .Pp Bits, exponent, and modulus are taken directly from the RSA host key; they -can be obtained, e.g., from +can be obtained, for example, from .Pa /etc/ssh/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp -- cgit v1.2.3 From cc00f5e2592157fa772bd4c287618c357ef7b444 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:00 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:02:26 [sshd.8] turn this into an example ssh_known_hosts file; ok djm --- ChangeLog | 5 ++++- sshd.8 | 14 +++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0e20e59a3..e857f566c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,9 @@ - jmc@cvs.openbsd.org 2006/02/13 10:21:25 [sshd.8] small tweaks for the ssh_known_hosts section; + - jmc@cvs.openbsd.org 2006/02/13 11:02:26 + [sshd.8] + turn this into an example ssh_known_hosts file; ok djm 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -3998,4 +4001,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4166 2006/03/15 00:32:42 djm Exp $ +$Id: ChangeLog,v 1.4167 2006/03/15 00:33:00 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 1db605c6a..d5f48085e 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.220 2006/02/13 10:21:25 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.221 2006/02/13 11:02:26 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -576,12 +576,12 @@ Rather, generate them by a script or by taking .Pa /etc/ssh/ssh_host_key.pub and adding the host names at the front. -.Ss Examples -.Bd -literal -closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi -cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= -.Ed -.Bd -literal +.Pp +An example ssh_known_hosts file: +.Bd -literal -offset 3n +# Comments allowed at start of line +closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net +cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= # A hashed hostname |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa AAAA1234.....= -- cgit v1.2.3 From c8f61cf1996a7374de465d8e2fda93dec34364a2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:25 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:08:43 [sshd.8] - avoid nasty line split - `*' does not need to be escaped --- ChangeLog | 6 +++++- sshd.8 | 18 +++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index e857f566c..736696204 100644 --- a/ChangeLog +++ b/ChangeLog @@ -100,6 +100,10 @@ - jmc@cvs.openbsd.org 2006/02/13 11:02:26 [sshd.8] turn this into an example ssh_known_hosts file; ok djm + - jmc@cvs.openbsd.org 2006/02/13 11:08:43 + [sshd.8] + - avoid nasty line split + - `*' does not need to be escaped 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4001,4 +4005,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4167 2006/03/15 00:33:00 djm Exp $ +$Id: ChangeLog,v 1.4168 2006/03/15 00:33:25 djm Exp $ diff --git a/sshd.8 b/sshd.8 index d5f48085e..0ad133d0d 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.221 2006/02/13 11:02:26 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.222 2006/02/13 11:08:43 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -454,7 +454,7 @@ is enabled. Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma-separated list of patterns -.Pf ( Ql \&* +.Pf ( Ql * and .Ql \&? serve as wildcards). @@ -505,13 +505,17 @@ the client requests a tunnel. .El .Pp An example authorized_keys file: -.Bd -literal +.Bd -literal -offset 3n # Comments allowed at start of line ssh-rsa AAAAB3Nza...LiPk== user@example.net -from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net -command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa +AAAAB2...19Q== john@example.net +command="dump /home",no-pty,no-port-forwarding ssh-dss +AAAAC3...51R== example.net +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss +AAAAB5...21S== +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== +jane@example.net .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The -- cgit v1.2.3 From d8702e865d1e0107d50dc0296b22dc0b788d5a0a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:33:56 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/13 11:27:25 [sshd.8] sort FILES and use a -compact list; --- ChangeLog | 5 +- sshd.8 | 284 ++++++++++++++++++++++++++++++++++---------------------------- 2 files changed, 158 insertions(+), 131 deletions(-) diff --git a/ChangeLog b/ChangeLog index 736696204..0a70ec21c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,9 @@ [sshd.8] - avoid nasty line split - `*' does not need to be escaped + - jmc@cvs.openbsd.org 2006/02/13 11:27:25 + [sshd.8] + sort FILES and use a -compact list; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4005,4 +4008,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4168 2006/03/15 00:33:25 djm Exp $ +$Id: ChangeLog,v 1.4169 2006/03/15 00:33:56 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 0ad133d0d..e56b422a6 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.222 2006/02/13 11:08:43 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.223 2006/02/13 11:27:25 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -591,77 +591,8 @@ cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= AAAA1234.....= .Ed .Sh FILES -.Bl -tag -width Ds -.It Pa /etc/ssh/sshd_config -Contains configuration data for -.Nm sshd . -The file format and configuration options are described in -.Xr sshd_config 5 . -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys. -These files should only be owned by root, readable only by root, and not -accessible to others. -Note that -.Nm -does not start if this file is group/world-accessible. -.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub -These three files contain the public parts of the host keys. -These files should be world-readable but writable only by -root. -Their contents should match the respective private parts. -These files are not -really used for anything; they are provided for the convenience of -the user so their contents can be copied to known hosts files. -These files are created using -.Xr ssh-keygen 1 . -.It Pa /etc/moduli -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". -The file format is described in -.Xr moduli 5 . -.It Pa /var/empty -.Xr chroot 2 -directory used by -.Nm -during privilege separation in the pre-authentication phase. -The directory should not contain any files and must be owned by root -and not group or world-writable. -.It Pa /var/run/sshd.pid -Contains the process ID of the -.Nm -listening for connections (if there are several daemons running -concurrently for different ports, this contains the process ID of the one -started last). -The content of this file is not sensitive; it can be world-readable. -.It Pa ~/.ssh/authorized_keys -Lists the public keys (RSA or DSA) that can be used to log into the user's account. -This file must be readable by root (which may on some machines imply -it being world-readable if the user's home directory resides on an NFS -volume). -It is recommended that it not be accessible by others. -The format of this file is described above. -Users will place the contents of their -.Pa identity.pub , -.Pa id_dsa.pub -and/or -.Pa id_rsa.pub -files into this file, as described in -.Xr ssh-keygen 1 . -.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" -These files are consulted when using rhosts with RSA host -authentication or protocol version 2 hostbased authentication -to check the public key of the host. -The key must be listed in one of these files to be accepted. -The client uses the same files -to verify that it is connecting to the correct remote host. -These files should be writable only by root/the owner. -.Pa /etc/ssh/ssh_known_hosts -should be world-readable, and -.Pa ~/.ssh/known_hosts -can, but need not be, world-readable. -.It Pa /etc/motd -See -.Xr motd 5 . -.It Pa ~/.hushlogin +.Bl -tag -width Ds -compact +.It ~/.hushlogin This file is used to suppress printing the last login time and .Pa /etc/motd , if @@ -672,19 +603,8 @@ respectively, are enabled. It does not suppress printing of the banner specified by .Cm Banner . -.It Pa /etc/nologin -If this file exists, -.Nm -refuses to let anyone except root log in. -The contents of the file -are displayed to anyone trying to log in, and non-root connections are -refused. -The file should be world-readable. -.It Pa /etc/hosts.allow, /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.It Pa ~/.rhosts +.Pp +.It ~/.rhosts This file is used during .Cm RhostsRSAAuthentication and @@ -702,56 +622,30 @@ It is also possible to use netgroups in the file. Either host or user name may be of the form +@groupname to specify all hosts or all users in the group. -.It Pa ~/.shosts +.Pp +.It ~/.shosts For ssh, this file is exactly the same as for .Pa .rhosts . However, this file is not used by rlogin and rshd, so using this permits access using SSH only. -.It Pa /etc/hosts.equiv -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication. -In the simplest form, this file contains host names, one per line. -Users on -those hosts are permitted to log in without a password, provided they -have the same user name on both machines. -The host name may also be -followed by a user name; such users are permitted to log in as -.Em any -user on this machine (except root). -Additionally, the syntax -.Dq +@group -can be used to specify netgroups. -Negated entries start with -.Ql \&- . -.Pp -If the client host/user is successfully matched in this file, login is -automatically permitted provided the client and server user names are the -same. -Additionally, successful client host key authentication is required. -This file must be writable only by root; it is recommended -that it be world-readable. .Pp -.Sy "Warning: It is almost never a good idea to use user names in" -.Pa hosts.equiv . -Beware that it really means that the named user(s) can log in as -.Em anybody , -which includes bin, daemon, adm, and other accounts that own critical -binaries and directories. -Using a user name practically grants the user root access. -The only valid use for user names that I can think -of is in negative entries. +.It ~/.ssh/authorized_keys +Lists the public keys (RSA or DSA) that can be used to log into the user's account. +This file must be readable by root (which may on some machines imply +it being world-readable if the user's home directory resides on an NFS +volume). +It is recommended that it not be accessible by others. +The format of this file is described above. +Users will place the contents of their +.Pa identity.pub , +.Pa id_dsa.pub +and/or +.Pa id_rsa.pub +files into this file, as described in +.Xr ssh-keygen 1 . .Pp -Note that this warning also applies to rsh/rlogin. -.It Pa /etc/shosts.equiv -This is processed exactly as -.Pa /etc/hosts.equiv . -However, this file may be useful in environments that want to run both -rsh/rlogin and ssh. -.It Pa ~/.ssh/environment +.It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , @@ -762,7 +656,22 @@ Environment processing is disabled by default and is controlled via the .Cm PermitUserEnvironment option. -.It Pa ~/.ssh/rc +.Pp +.It ~/.ssh/known_hosts +.It /etc/ssh/ssh_known_hosts +These files are consulted when using rhosts with RSA host +authentication or protocol version 2 hostbased authentication +to check the public key of the host. +The key must be listed in one of these files to be accepted. +The client uses the same files +to verify that it is connecting to the correct remote host. +These files should be writable only by root/the owner. +.Pa /etc/ssh/ssh_known_hosts +should be world-readable, and +.Pa ~/.ssh/known_hosts +can, but need not be, world-readable. +.Pp +.It ~/.ssh/rc If this file exists, it is run with .Pa /bin/sh after reading the @@ -805,12 +714,127 @@ does not exist either, xauth is used to add the cookie. .Pp This file should be writable only by the user, and need not be readable by anyone else. -.It Pa /etc/ssh/sshrc +.Pp +.It /etc/hosts.allow +.It /etc/hosts.deny +Access controls that should be enforced by tcp-wrappers are defined here. +Further details are described in +.Xr hosts_access 5 . +.Pp +.It /etc/hosts.equiv +This file is used during +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +authentication. +In the simplest form, this file contains host names, one per line. +Users on +those hosts are permitted to log in without a password, provided they +have the same user name on both machines. +The host name may also be +followed by a user name; such users are permitted to log in as +.Em any +user on this machine (except root). +Additionally, the syntax +.Dq +@group +can be used to specify netgroups. +Negated entries start with +.Ql \&- . +.Pp +If the client host/user is successfully matched in this file, login is +automatically permitted provided the client and server user names are the +same. +Additionally, successful client host key authentication is required. +This file must be writable only by root; it is recommended +that it be world-readable. +.Pp +.Sy "Warning: It is almost never a good idea to use user names in" +.Pa hosts.equiv . +Beware that it really means that the named user(s) can log in as +.Em anybody , +which includes bin, daemon, adm, and other accounts that own critical +binaries and directories. +Using a user name practically grants the user root access. +The only valid use for user names that I can think +of is in negative entries. +.Pp +Note that this warning also applies to rsh/rlogin. +.Pp +.It /etc/moduli +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +The file format is described in +.Xr moduli 5 . +.Pp +.It /etc/motd +See +.Xr motd 5 . +.Pp +.It /etc/nologin +If this file exists, +.Nm +refuses to let anyone except root log in. +The contents of the file +are displayed to anyone trying to log in, and non-root connections are +refused. +The file should be world-readable. +.Pp +.It /etc/shosts.equiv +This is processed exactly as +.Pa /etc/hosts.equiv . +However, this file may be useful in environments that want to run both +rsh/rlogin and ssh. +.Pp +.It /etc/ssh/ssh_host_key +.It /etc/ssh/ssh_host_dsa_key +.It /etc/ssh/ssh_host_rsa_key +These three files contain the private parts of the host keys. +These files should only be owned by root, readable only by root, and not +accessible to others. +Note that +.Nm +does not start if this file is group/world-accessible. +.Pp +.It /etc/ssh/ssh_host_key.pub +.It /etc/ssh/ssh_host_dsa_key.pub +.It /etc/ssh/ssh_host_rsa_key.pub +These three files contain the public parts of the host keys. +These files should be world-readable but writable only by +root. +Their contents should match the respective private parts. +These files are not +really used for anything; they are provided for the convenience of +the user so their contents can be copied to known hosts files. +These files are created using +.Xr ssh-keygen 1 . +.Pp +.It /etc/ssh/sshd_config +Contains configuration data for +.Nm sshd . +The file format and configuration options are described in +.Xr sshd_config 5 . +.Pp +.It /etc/ssh/sshrc Like .Pa ~/.ssh/rc . This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. +.Pp +.It /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. +.Pp +.It /var/run/sshd.pid +Contains the process ID of the +.Nm +listening for connections (if there are several daemons running +concurrently for different ports, this contains the process ID of the one +started last). +The content of this file is not sensitive; it can be world-readable. .El .Sh SEE ALSO .Xr scp 1 , -- cgit v1.2.3 From 0c8d8f68db86dfee772c51bdeb6d9558d7be97f2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:34:25 +1100 Subject: - david@cvs.openbsd.org 2006/02/15 05:08:24 [sftp-client.c] typo in comment; ok djm@ --- ChangeLog | 5 ++++- sftp-client.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a70ec21c..4d4b64739 100644 --- a/ChangeLog +++ b/ChangeLog @@ -107,6 +107,9 @@ - jmc@cvs.openbsd.org 2006/02/13 11:27:25 [sshd.8] sort FILES and use a -compact list; + - david@cvs.openbsd.org 2006/02/15 05:08:24 + [sftp-client.c] + typo in comment; ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4008,4 +4011,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4169 2006/03/15 00:33:56 djm Exp $ +$Id: ChangeLog,v 1.4170 2006/03/15 00:34:25 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index 05bce3368..9dfdf5ad5 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.58 2006/01/02 01:20:31 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.59 2006/02/15 05:08:24 david Exp $"); #include "openbsd-compat/sys-queue.h" @@ -39,7 +39,7 @@ RCSID("$OpenBSD: sftp-client.c,v 1.58 2006/01/02 01:20:31 djm Exp $"); extern volatile sig_atomic_t interrupted; extern int showprogress; -/* Minimum amount of data to read at at time */ +/* Minimum amount of data to read at a time */ #define MIN_READ_SIZE 512 struct sftp_conn { -- cgit v1.2.3 From 39a93a3305079d6bfab7f749e92d7931491ddf94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:34:45 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/15 16:53:20 [ssh.1] remove the IETF draft references and replace them with some updated RFCs; --- ChangeLog | 5 ++++- ssh.1 | 59 +++++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 53 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4d4b64739..333a64c7d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -110,6 +110,9 @@ - david@cvs.openbsd.org 2006/02/15 05:08:24 [sftp-client.c] typo in comment; ok djm@ + - jmc@cvs.openbsd.org 2006/02/15 16:53:20 + [ssh.1] + remove the IETF draft references and replace them with some updated RFCs; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4011,4 +4014,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4170 2006/03/15 00:34:25 djm Exp $ +$Id: ChangeLog,v 1.4171 2006/03/15 00:34:45 djm Exp $ diff --git a/ssh.1 b/ssh.1 index ba02e6c90..b9bbe0bd6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.255 2006/02/06 21:44:47 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.256 2006/02/15 16:53:20 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1339,15 +1339,54 @@ manual page for more information. .Xr ssh-keysign 8 , .Xr sshd 8 .Rs -.%A T. Ylonen -.%A T. Kivinen -.%A M. Saarinen -.%A T. Rinne -.%A S. Lehtinen -.%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-12.txt -.%D January 2002 -.%O work in progress material +.%R RFC 4250 +.%T "The Secure Shell (SSH) Protocol Assigned Numbers" +.%D 2006 +.Re +.Rs +.%R RFC 4251 +.%T "The Secure Shell (SSH) Protocol Architecture" +.%D 2006 +.Re +.Rs +.%R RFC 4252 +.%T "The Secure Shell (SSH) Authentication Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4253 +.%T "The Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4254 +.%T "The Secure Shell (SSH) Connection Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4255 +.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" +.%D 2006 +.Re +.Rs +.%R RFC 4256 +.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)" +.%D 2006 +.Re +.Rs +.%R RFC 4335 +.%T "The Secure Shell (SSH) Session Channel Break Extension" +.%D 2006 +.Re +.Rs +.%R RFC 4344 +.%T "The Secure Shell (SSH) Transport Layer Encryption Modes" +.%D 2006 +.Re +.Rs +.%R RFC 4345 +.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 .Re .Sh AUTHORS OpenSSH is a derivative of the original and free -- cgit v1.2.3 From bc1936ad8735cc5f4949eb18172869352e2c5c1c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:05 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/15 16:55:33 [sshd.8] remove ietf draft references; RFC list now maintained in ssh.1; --- ChangeLog | 5 ++++- sshd.8 | 22 +--------------------- 2 files changed, 5 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 333a64c7d..b12e1f03f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -113,6 +113,9 @@ - jmc@cvs.openbsd.org 2006/02/15 16:53:20 [ssh.1] remove the IETF draft references and replace them with some updated RFCs; + - jmc@cvs.openbsd.org 2006/02/15 16:55:33 + [sshd.8] + remove ietf draft references; RFC list now maintained in ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4014,4 +4017,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4171 2006/03/15 00:34:45 djm Exp $ +$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $ diff --git a/sshd.8 b/sshd.8 index e56b422a6..aed8b60d1 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.223 2006/02/13 11:27:25 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -850,26 +850,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr sshd_config 5 , .Xr inetd 8 , .Xr sftp-server 8 -.Rs -.%A T. Ylonen -.%A T. Kivinen -.%A M. Saarinen -.%A T. Rinne -.%A S. Lehtinen -.%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-12.txt -.%D January 2002 -.%O work in progress material -.Re -.Rs -.%A M. Friedl -.%A N. Provos -.%A W. A. Simpson -.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol" -.%N draft-ietf-secsh-dh-group-exchange-02.txt -.%D January 2002 -.%O work in progress material -.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3 From adc35b9583944203906ef1fd8b078316213e35d5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:27 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/16 09:05:34 [sshd.8] sync some of the FILES entries w/ ssh.1; --- ChangeLog | 5 +++- sshd.8 | 78 +++++++++++++++++++++++++++------------------------------------ 2 files changed, 37 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index b12e1f03f..4c24caccd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -116,6 +116,9 @@ - jmc@cvs.openbsd.org 2006/02/15 16:55:33 [sshd.8] remove ietf draft references; RFC list now maintained in ssh.1; + - jmc@cvs.openbsd.org 2006/02/16 09:05:34 + [sshd.8] + sync some of the FILES entries w/ ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4017,4 +4020,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $ +$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $ diff --git a/sshd.8 b/sshd.8 index aed8b60d1..6d79f175c 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -605,45 +605,31 @@ It does not suppress printing of the banner specified by .Cm Banner . .Pp .It ~/.rhosts -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -and contains host-username pairs, separated by a space, one per -line. -The given user on the corresponding host is permitted to log in -without a password. -The same file is used by rlogind and rshd. -The file must -be writable only by the user; it is recommended that it not be +This file is used for host-based authentication (see +.Xr ssh 1 +for more information). +On some machines this file may need to be +world-readable if the user's home directory is on an NFS partition, +because +.Nm +reads it as root. +Additionally, this file must be owned by the user, +and must not have write permissions for anyone else. +The recommended +permission for most machines is read/write for the user, and not accessible by others. .Pp -It is also possible to use netgroups in the file. -Either host or user -name may be of the form +@groupname to specify all hosts or all users -in the group. -.Pp .It ~/.shosts -For ssh, -this file is exactly the same as for -.Pa .rhosts . -However, this file is -not used by rlogin and rshd, so using this permits access using SSH only. +This file is used in exactly the same way as +.Pa .rhosts , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It ~/.ssh/authorized_keys -Lists the public keys (RSA or DSA) that can be used to log into the user's account. -This file must be readable by root (which may on some machines imply -it being world-readable if the user's home directory resides on an NFS -volume). -It is recommended that it not be accessible by others. +Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. -Users will place the contents of their -.Pa identity.pub , -.Pa id_dsa.pub -and/or -.Pa id_rsa.pub -files into this file, as described in -.Xr ssh-keygen 1 . +This file is not highly sensitive, but the recommended +permissions are read/write for the user, and not accessible by others. .Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). @@ -658,17 +644,10 @@ controlled via the option. .Pp .It ~/.ssh/known_hosts -.It /etc/ssh/ssh_known_hosts -These files are consulted when using rhosts with RSA host -authentication or protocol version 2 hostbased authentication -to check the public key of the host. -The key must be listed in one of these files to be accepted. -The client uses the same files -to verify that it is connecting to the correct remote host. -These files should be writable only by root/the owner. -.Pa /etc/ssh/ssh_known_hosts -should be world-readable, and -.Pa ~/.ssh/known_hosts +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. +The format of this file is described above. +This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp .It ~/.ssh/rc @@ -784,6 +763,15 @@ This is processed exactly as However, this file may be useful in environments that want to run both rsh/rlogin and ssh. .Pp +.It /etc/ssh/ssh_known_hosts +Systemwide list of known host keys. +This file should be prepared by the +system administrator to contain the public host keys of all machines in the +organization. +The format of this file is described above. +This file should be writable only by root/the owner and +should be world-readable. +.Pp .It /etc/ssh/ssh_host_key .It /etc/ssh/ssh_host_dsa_key .It /etc/ssh/ssh_host_rsa_key -- cgit v1.2.3 From fd725cf585d0f9aca648f177df35265b6abc10e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:35:54 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 19:52:10 [sshd.8] move the sshrc stuff out of FILES, and into its own section: FILES is not a good place to document how stuff works; --- ChangeLog | 6 +++- sshd.8 | 95 ++++++++++++++++++++++++++++++++++----------------------------- 2 files changed, 56 insertions(+), 45 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4c24caccd..27bdea89a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -119,6 +119,10 @@ - jmc@cvs.openbsd.org 2006/02/16 09:05:34 [sshd.8] sync some of the FILES entries w/ ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 19:52:10 + [sshd.8] + move the sshrc stuff out of FILES, and into its own section: + FILES is not a good place to document how stuff works; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4020,4 +4024,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $ +$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 6d79f175c..6df9d8aab 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -370,9 +370,54 @@ The .Dq rc files are given the X11 authentication protocol and cookie in standard input. +See +.Sx SSHRC , +below. .It Runs user's shell or command. .El +.Sh SSHRC +If the file +.Pa ~/.ssh/rc +exists, +.Xr sh 1 +runs it after reading the +environment files but before starting the user's shell or command. +It must not produce any output on stdout; stderr must be used +instead. +If X11 forwarding is in use, it will receive the "proto cookie" pair in +its standard input (and +.Ev DISPLAY +in its environment). +The script must call +.Xr xauth 1 +because +.Nm +will not run xauth automatically to add X11 cookies. +.Pp +The primary purpose of this file is to run any initialization routines +which may be needed before the user's home directory becomes +accessible; AFS is a particular example of such an environment. +.Pp +This file will probably contain some initialization code followed by +something similar to: +.Bd -literal -offset 3n +if read proto cookie && [ -n "$DISPLAY" ]; then + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then + # X11UseLocalhost=yes + echo add unix:`echo $DISPLAY | + cut -c11-` $proto $cookie + else + # X11UseLocalhost=no + echo add $DISPLAY $proto $cookie + fi | xauth -q - +fi +.Ed +.Pp +If this file does not exist, +.Pa /etc/ssh/sshrc +is run, and if that +does not exist either, xauth is used to add the cookie. .Sh AUTHORIZED_KEYS FILE FORMAT .Cm AuthorizedKeysFile specifies the file containing public keys for @@ -651,46 +696,8 @@ This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp .It ~/.ssh/rc -If this file exists, it is run with -.Pa /bin/sh -after reading the -environment files but before starting the user's shell or command. -It must not produce any output on stdout; stderr must be used -instead. -If X11 forwarding is in use, it will receive the "proto cookie" pair in -its standard input (and -.Ev DISPLAY -in its environment). -The script must call -.Xr xauth 1 -because -.Nm -will not run xauth automatically to add X11 cookies. -.Pp -The primary purpose of this file is to run any initialization routines -which may be needed before the user's home directory becomes -accessible; AFS is a particular example of such an environment. -.Pp -This file will probably contain some initialization code followed by -something similar to: -.Bd -literal -if read proto cookie && [ -n "$DISPLAY" ]; then - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then - # X11UseLocalhost=yes - echo add unix:`echo $DISPLAY | - cut -c11-` $proto $cookie - else - # X11UseLocalhost=no - echo add $DISPLAY $proto $cookie - fi | xauth -q - -fi -.Ed -.Pp -If this file does not exist, -.Pa /etc/ssh/sshrc -is run, and if that -does not exist either, xauth is used to add the cookie. -.Pp +Contains initialization routines to be run before +the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp @@ -802,9 +809,9 @@ The file format and configuration options are described in .Xr sshd_config 5 . .Pp .It /etc/ssh/sshrc -Like -.Pa ~/.ssh/rc . -This can be used to specify +Similar to +.Pa ~/.ssh/rc , +it can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Pp -- cgit v1.2.3 From 445121fe8dc73601fc301de5be5b7c02b2d20bf9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:36:18 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 20:02:17 [sshd.8] sync the (s)hosts.equiv FILES entries w/ those from ssh.1; --- ChangeLog | 5 ++++- sshd.8 | 50 ++++++++------------------------------------------ 2 files changed, 12 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 27bdea89a..46fcf667a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -123,6 +123,9 @@ [sshd.8] move the sshrc stuff out of FILES, and into its own section: FILES is not a good place to document how stuff works; + - jmc@cvs.openbsd.org 2006/02/19 20:02:17 + [sshd.8] + sync the (s)hosts.equiv FILES entries w/ those from ssh.1; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4024,4 +4027,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $ +$Id: ChangeLog,v 1.4175 2006/03/15 00:36:18 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 6df9d8aab..24c149975 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -708,43 +708,9 @@ Further details are described in .Xr hosts_access 5 . .Pp .It /etc/hosts.equiv -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication. -In the simplest form, this file contains host names, one per line. -Users on -those hosts are permitted to log in without a password, provided they -have the same user name on both machines. -The host name may also be -followed by a user name; such users are permitted to log in as -.Em any -user on this machine (except root). -Additionally, the syntax -.Dq +@group -can be used to specify netgroups. -Negated entries start with -.Ql \&- . -.Pp -If the client host/user is successfully matched in this file, login is -automatically permitted provided the client and server user names are the -same. -Additionally, successful client host key authentication is required. -This file must be writable only by root; it is recommended -that it be world-readable. -.Pp -.Sy "Warning: It is almost never a good idea to use user names in" -.Pa hosts.equiv . -Beware that it really means that the named user(s) can log in as -.Em anybody , -which includes bin, daemon, adm, and other accounts that own critical -binaries and directories. -Using a user name practically grants the user root access. -The only valid use for user names that I can think -of is in negative entries. -.Pp -Note that this warning also applies to rsh/rlogin. +This file is for host-based authentication (see +.Xr ssh 1 ) . +It should only be writable by root. .Pp .It /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". @@ -765,10 +731,10 @@ refused. The file should be world-readable. .Pp .It /etc/shosts.equiv -This is processed exactly as -.Pa /etc/hosts.equiv . -However, this file may be useful in environments that want to run both -rsh/rlogin and ssh. +This file is used in exactly the same way as +.Pa hosts.equiv , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It /etc/ssh/ssh_known_hosts Systemwide list of known host keys. -- cgit v1.2.3 From edd0375d828e0ecbac4c515ae848256e907ba840 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:36:45 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 20:05:00 [sshd.8] grammar; --- ChangeLog | 5 ++++- sshd.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46fcf667a..50c42733b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -126,6 +126,9 @@ - jmc@cvs.openbsd.org 2006/02/19 20:02:17 [sshd.8] sync the (s)hosts.equiv FILES entries w/ those from ssh.1; + - jmc@cvs.openbsd.org 2006/02/19 20:05:00 + [sshd.8] + grammar; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4027,4 +4030,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4175 2006/03/15 00:36:18 djm Exp $ +$Id: ChangeLog,v 1.4176 2006/03/15 00:36:45 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 24c149975..bb5cacd45 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -753,7 +753,7 @@ These files should only be owned by root, readable only by root, and not accessible to others. Note that .Nm -does not start if this file is group/world-accessible. +does not start if these files are group/world-accessible. .Pp .It /etc/ssh/ssh_host_key.pub .It /etc/ssh/ssh_host_dsa_key.pub -- cgit v1.2.3 From 5c853b531f3e2af1aa38d1a911529ecc9511c341 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:37:02 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/19 20:12:25 [ssh_config.5] add some vertical space; --- ChangeLog | 5 ++++- ssh_config.5 | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 50c42733b..d26a81071 100644 --- a/ChangeLog +++ b/ChangeLog @@ -129,6 +129,9 @@ - jmc@cvs.openbsd.org 2006/02/19 20:05:00 [sshd.8] grammar; + - jmc@cvs.openbsd.org 2006/02/19 20:12:25 + [ssh_config.5] + add some vertical space; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4030,4 +4033,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4176 2006/03/15 00:36:45 djm Exp $ +$Id: ChangeLog,v 1.4177 2006/03/15 00:37:02 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 62a185a39..44107bfe7 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.78 2006/02/12 10:49:44 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -50,6 +50,7 @@ .Nm ssh obtains configuration data from the following sources in the following order: +.Pp .Bl -enum -offset indent -compact .It command-line options -- cgit v1.2.3 From 574c41fdb3ff4b8eb7f121b05a08f2415ec7efec Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:40:10 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] move #include out of includes.h; ok djm@ --- ChangeLog | 5 ++++- authfd.c | 5 ++++- channels.c | 4 +++- includes.h | 5 +---- session.c | 3 ++- ssh-agent.c | 8 ++++++-- ssh.c | 4 +++- 7 files changed, 23 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index d26a81071..29ee4407d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -132,6 +132,9 @@ - jmc@cvs.openbsd.org 2006/02/19 20:12:25 [ssh_config.5] add some vertical space; + - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 + [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] + move #include out of includes.h; ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4033,4 +4036,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4177 2006/03/15 00:37:02 djm Exp $ +$Id: ChangeLog,v 1.4178 2006/03/15 00:40:10 djm Exp $ diff --git a/authfd.c b/authfd.c index 8976616b4..06e6d4a4c 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.67 2006/02/20 16:36:14 stevesk Exp $"); + +#include +#include #include diff --git a/channels.c b/channels.c index 3955b6158..7161b9413 100644 --- a/channels.c +++ b/channels.c @@ -39,9 +39,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.234 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.235 2006/02/20 16:36:14 stevesk Exp $"); #include +#include +#include #include diff --git a/includes.h b/includes.h index 1dbe16b78..ef4a269cc 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.33 2006/02/10 01:44:26 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.34 2006/02/20 16:36:14 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -102,9 +102,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include #endif #include /* For MAXPATHLEN and roundup() */ -#ifdef HAVE_SYS_UN_H -# include /* For sockaddr_un */ -#endif #ifdef HAVE_STDINT_H # include #endif diff --git a/session.c b/session.c index ecd6cf216..969a7792a 100644 --- a/session.c +++ b/session.c @@ -33,10 +33,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.193 2006/02/10 01:44:27 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.194 2006/02/20 16:36:14 stevesk Exp $"); #include #include +#include #include diff --git a/ssh-agent.c b/ssh-agent.c index 8821e0006..0ab232191 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -34,8 +34,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.127 2006/02/08 14:31:30 stevesk Exp $"); - +RCSID("$OpenBSD: ssh-agent.c,v 1.128 2006/02/20 16:36:14 stevesk Exp $"); + +#include +#ifdef HAVE_SYS_UN_H +# include +#endif #include "openbsd-compat/sys-queue.h" #include #ifdef HAVE_PATHS_H diff --git a/ssh.c b/ssh.c index 4a373356f..84246b5c4 100644 --- a/ssh.c +++ b/ssh.c @@ -40,10 +40,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.261 2006/02/12 06:45:34 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.262 2006/02/20 16:36:15 stevesk Exp $"); #include #include +#include +#include #include -- cgit v1.2.3 From f17883e6a0f9462c8bc163cce44331862581b0cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:45:54 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include out of includes.h; ok markus@ --- ChangeLog | 6 +++++- auth-rhosts.c | 5 ++++- auth-rsa.c | 5 ++++- auth.c | 5 ++++- auth2-none.c | 5 ++++- auth2-pubkey.c | 5 ++++- authfile.c | 5 ++++- clientloop.c | 6 +++++- includes.h | 5 +---- readconf.c | 5 ++++- scp.c | 5 ++++- session.c | 5 ++++- sftp-client.c | 7 ++++++- sftp-common.c | 5 ++++- sftp-common.h | 5 ++++- sftp-glob.c | 7 ++++++- sftp-server.c | 5 ++++- sftp.c | 7 +++++-- ssh-add.c | 5 ++++- ssh-keygen.c | 5 ++++- ssh.c | 7 +++++-- sshconnect.c | 3 ++- sshconnect2.c | 3 ++- sshd.c | 7 +++++-- sshpty.c | 4 +++- 25 files changed, 101 insertions(+), 31 deletions(-) diff --git a/ChangeLog b/ChangeLog index 29ee4407d..be7263bd8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,6 +135,10 @@ - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] move #include out of includes.h; ok djm@ + - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 + [clientloop.c includes.h monitor.c progressmeter.c scp.c] + [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4036,4 +4040,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4178 2006/03/15 00:40:10 djm Exp $ +$Id: ChangeLog,v 1.4179 2006/03/15 00:45:54 djm Exp $ diff --git a/auth-rhosts.c b/auth-rhosts.c index 9748a9457..1deeb30b9 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.34 2006/02/07 01:08:04 stevesk Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.35 2006/02/20 17:19:53 stevesk Exp $"); + +#include +#include #ifdef HAVE_NETGROUP_H # include diff --git a/auth-rsa.c b/auth-rsa.c index d9c9652dc..275c0b67b 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.64 2006/02/20 17:19:53 stevesk Exp $"); + +#include +#include #include #include diff --git a/auth.c b/auth.c index 666a2dd22..fca373b80 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.61 2006/02/08 12:15:27 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.62 2006/02/20 17:19:53 stevesk Exp $"); + +#include +#include #ifdef HAVE_PATHS_H # include diff --git a/auth2-none.c b/auth2-none.c index 1c30a3203..2eb27a914 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -23,7 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: auth2-none.c,v 1.8 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include "auth.h" #include "xmalloc.h" diff --git a/auth2-pubkey.c b/auth2-pubkey.c index a97d0f430..ea1367070 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.10 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include "ssh.h" #include "ssh2.h" diff --git a/authfile.c b/authfile.c index 420813f37..f97cf1820 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.62 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include #include diff --git a/clientloop.c b/clientloop.c index 52f3bd5b5..a7c510cca 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,8 +59,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.152 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.154 2006/02/20 17:19:54 stevesk Exp $"); +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include #include diff --git a/includes.h b/includes.h index ef4a269cc..be844c80b 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.34 2006/02/20 16:36:14 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.36 2006/02/20 17:19:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -111,9 +111,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_SYS_CDEFS_H # include /* For __P() */ #endif -#ifdef HAVE_SYS_STAT_H -# include /* For S_* constants and macros */ -#endif #ifdef HAVE_SYS_SYSMACROS_H # include /* For MIN, MAX, etc */ #endif diff --git a/readconf.c b/readconf.c index bc5cf6188..da704d803 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.146 2006/02/12 10:44:18 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.147 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include "ssh.h" #include "xmalloc.h" diff --git a/scp.c b/scp.c index 4521f6343..8b806d637 100644 --- a/scp.c +++ b/scp.c @@ -71,9 +71,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.132 2006/02/10 01:44:26 stevesk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.134 2006/02/20 17:19:54 stevesk Exp $"); #include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include #include diff --git a/session.c b/session.c index 969a7792a..1e883036b 100644 --- a/session.c +++ b/session.c @@ -33,9 +33,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.194 2006/02/20 16:36:14 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.196 2006/02/20 17:19:54 stevesk Exp $"); #include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include #include diff --git a/sftp-client.c b/sftp-client.c index 9dfdf5ad5..042ab8879 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,12 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.59 2006/02/15 05:08:24 david Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.60 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include "openbsd-compat/sys-queue.h" diff --git a/sftp-common.c b/sftp-common.c index 4cea3c305..aa0757561 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -24,7 +24,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.11 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp-common.h b/sftp-common.h index 2b1995a2d..72be6e61c 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.6 2006/01/02 01:20:31 djm Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.7 2006/02/20 17:19:54 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,6 +25,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include +#include + /* Maximum packet that we are willing to send/accept */ #define SFTP_MAX_MSG_LENGTH (256 * 1024) diff --git a/sftp-glob.c b/sftp-glob.c index 9dfbf9538..baa84aa71 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -15,7 +15,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-glob.c,v 1.16 2006/02/08 23:51:24 stevesk Exp $"); +RCSID("$OpenBSD: sftp-glob.c,v 1.17 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include diff --git a/sftp-server.c b/sftp-server.c index 96fe1a7bb..30bd1b0ee 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.51 2006/02/08 23:51:24 stevesk Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.52 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include diff --git a/sftp.c b/sftp.c index 4e170ee60..f5589f2b9 100644 --- a/sftp.c +++ b/sftp.c @@ -15,10 +15,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.73 2006/02/10 01:44:27 stevesk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); -#include #include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#include #include #ifdef HAVE_PATHS_H diff --git a/ssh-add.c b/ssh-add.c index 2b01e6f13..8bfc401e8 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 64fadc7a1..8acbf7783 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.136 2006/02/20 17:19:54 stevesk Exp $"); + +#include +#include #include #include diff --git a/ssh.c b/ssh.c index 84246b5c4..196da80c5 100644 --- a/ssh.c +++ b/ssh.c @@ -40,11 +40,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.262 2006/02/20 16:36:15 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.264 2006/02/20 17:19:54 stevesk Exp $"); +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include #include -#include #include #include diff --git a/sshconnect.c b/sshconnect.c index dc74d75c4..519a7cf0d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,10 +13,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.174 2006/02/10 01:44:27 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.175 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include diff --git a/sshconnect2.c b/sshconnect2.c index eb9a4d870..f2776edb7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,11 +23,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.145 2006/02/10 01:44:27 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.146 2006/02/20 17:19:54 stevesk Exp $"); #include #include #include +#include #include "openbsd-compat/sys-queue.h" diff --git a/sshd.c b/sshd.c index 8a68a537b..f06b41188 100644 --- a/sshd.c +++ b/sshd.c @@ -42,10 +42,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.321 2006/02/10 01:44:27 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.323 2006/02/20 17:19:54 stevesk Exp $"); -#include #include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#include #include #include diff --git a/sshpty.c b/sshpty.c index 884df26ae..7cfcf91f6 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,9 +12,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.15 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.16 2006/02/20 17:19:54 stevesk Exp $"); #include +#include +#include #ifdef HAVE_PATHS_H # include -- cgit v1.2.3 From 6ff3caddb687a89a5df715337917d0e140985b7f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:52:09 +1100 Subject: oops, this commit is really: - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include out of includes.h; ok markus@ the previous was: - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] [authfile.c clientloop.c includes.h readconf.c scp.c session.c] [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] [sshconnect2.c sshd.c sshpty.c] move #include out of includes.h; ok markus@ --- ChangeLog | 9 ++++++++- clientloop.c | 1 + includes.h | 3 +-- monitor.c | 3 ++- progressmeter.c | 4 +++- scp.c | 1 + serverloop.c | 3 ++- session.c | 1 + sftp.c | 1 + ssh-agent.c | 4 +++- ssh.c | 1 + sshd.c | 1 + 12 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index be7263bd8..eafa56ed6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -139,6 +139,13 @@ [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 + [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] + [authfile.c clientloop.c includes.h readconf.c scp.c session.c] + [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] + [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] + [sshconnect2.c sshd.c sshpty.c] + move #include out of includes.h; ok markus@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4040,4 +4047,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4179 2006/03/15 00:45:54 djm Exp $ +$Id: ChangeLog,v 1.4180 2006/03/15 00:52:09 djm Exp $ diff --git a/clientloop.c b/clientloop.c index a7c510cca..af5351b7d 100644 --- a/clientloop.c +++ b/clientloop.c @@ -68,6 +68,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.154 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include #include "ssh.h" diff --git a/includes.h b/includes.h index be844c80b..564bb7634 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.36 2006/02/20 17:19:53 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.35 2006/02/20 17:02:44 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -28,7 +28,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include #include #include /* For O_NONBLOCK */ -#include #include #include #include diff --git a/monitor.c b/monitor.c index c21c0fab8..3260d473d 100644 --- a/monitor.c +++ b/monitor.c @@ -25,12 +25,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.67 2006/02/10 01:44:26 stevesk Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.68 2006/02/20 17:02:44 stevesk Exp $"); #include #include #include +#include #ifdef SKEY #include diff --git a/progressmeter.c b/progressmeter.c index 4f76c53d0..5ae02493b 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,10 +23,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.25 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.26 2006/02/20 17:02:44 stevesk Exp $"); #include +#include + #include "progressmeter.h" #include "atomicio.h" #include "misc.h" diff --git a/scp.c b/scp.c index 8b806d637..9d30ec527 100644 --- a/scp.c +++ b/scp.c @@ -80,6 +80,7 @@ RCSID("$OpenBSD: scp.c,v 1.134 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include "xmalloc.h" #include "atomicio.h" diff --git a/serverloop.c b/serverloop.c index 11dcaf703..0a1bbf1ad 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,11 +35,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.126 2006/02/10 01:44:26 stevesk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.127 2006/02/20 17:02:44 stevesk Exp $"); #include #include +#include #include #include "xmalloc.h" diff --git a/session.c b/session.c index 1e883036b..f69074500 100644 --- a/session.c +++ b/session.c @@ -43,6 +43,7 @@ RCSID("$OpenBSD: session.c,v 1.196 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include "ssh.h" #include "ssh1.h" diff --git a/sftp.c b/sftp.c index f5589f2b9..c4f027846 100644 --- a/sftp.c +++ b/sftp.c @@ -32,6 +32,7 @@ RCSID("$OpenBSD: sftp.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); #else typedef void EditLine; #endif +#include #include "buffer.h" #include "xmalloc.h" diff --git a/ssh-agent.c b/ssh-agent.c index 0ab232191..b45087629 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.128 2006/02/20 16:36:14 stevesk Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.129 2006/02/20 17:02:44 stevesk Exp $"); #include #ifdef HAVE_SYS_UN_H @@ -45,6 +45,8 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.128 2006/02/20 16:36:14 stevesk Exp $"); #ifdef HAVE_PATHS_H # include #endif +#include + #include #include diff --git a/ssh.c b/ssh.c index 196da80c5..18631f272 100644 --- a/ssh.c +++ b/ssh.c @@ -51,6 +51,7 @@ RCSID("$OpenBSD: ssh.c,v 1.264 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include #include diff --git a/sshd.c b/sshd.c index f06b41188..40593ee2e 100644 --- a/sshd.c +++ b/sshd.c @@ -52,6 +52,7 @@ RCSID("$OpenBSD: sshd.c,v 1.323 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include #include -- cgit v1.2.3 From c7b06369a846822b0da77b969d4ed72ea8ee38d4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:53:45 +1100 Subject: - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] [sshconnect.c] move #include out of includes.h; ok djm@ --- ChangeLog | 6 +++++- canohost.c | 4 +++- clientloop.c | 3 ++- includes.h | 3 +-- match.c | 4 +++- readconf.c | 4 +++- scp.c | 3 ++- ssh.c | 3 ++- sshconnect.c | 3 ++- 9 files changed, 23 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index eafa56ed6..8d19a746d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -146,6 +146,10 @@ [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] [sshconnect2.c sshd.c sshpty.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 + [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] + [sshconnect.c] + move #include out of includes.h; ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4047,4 +4051,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4180 2006/03/15 00:52:09 djm Exp $ +$Id: ChangeLog,v 1.4181 2006/03/15 00:53:45 djm Exp $ diff --git a/canohost.c b/canohost.c index 6ca60e6b4..76b0bee02 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.48 2005/12/28 22:46:06 stevesk Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.49 2006/02/22 00:04:44 stevesk Exp $"); + +#include #include "packet.h" #include "xmalloc.h" diff --git a/clientloop.c b/clientloop.c index af5351b7d..dba3e96c3 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.154 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.155 2006/02/22 00:04:44 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H @@ -67,6 +67,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.154 2006/02/20 17:19:54 stevesk Exp $"); #endif #include +#include #include #include #include diff --git a/includes.h b/includes.h index 564bb7634..c3da49ebd 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.35 2006/02/20 17:02:44 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.37 2006/02/22 00:04:44 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -25,7 +25,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include #include -#include #include #include /* For O_NONBLOCK */ #include diff --git a/match.c b/match.c index 29fb7dab9..51407b818 100644 --- a/match.c +++ b/match.c @@ -35,7 +35,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: match.c,v 1.21 2006/02/22 00:04:44 stevesk Exp $"); + +#include #include "match.h" #include "xmalloc.h" diff --git a/readconf.c b/readconf.c index da704d803..392fc52c2 100644 --- a/readconf.c +++ b/readconf.c @@ -12,11 +12,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.147 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.148 2006/02/22 00:04:44 stevesk Exp $"); #include #include +#include + #include "ssh.h" #include "xmalloc.h" #include "compat.h" diff --git a/scp.c b/scp.c index 9d30ec527..af9317645 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.134 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.135 2006/02/22 00:04:44 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H @@ -79,6 +79,7 @@ RCSID("$OpenBSD: scp.c,v 1.134 2006/02/20 17:19:54 stevesk Exp $"); #endif #include +#include #include #include diff --git a/ssh.c b/ssh.c index 18631f272..e2e7ab329 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.264 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.265 2006/02/22 00:04:45 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H @@ -50,6 +50,7 @@ RCSID("$OpenBSD: ssh.c,v 1.264 2006/02/20 17:19:54 stevesk Exp $"); #include #include +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index 519a7cf0d..9d1c8593c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,12 +13,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.175 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.176 2006/02/22 00:04:45 stevesk Exp $"); #include #include #include +#include #include #include "ssh.h" -- cgit v1.2.3 From 6def55171fa7625da63f6b5c2fc0a45211208c11 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:54:05 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 10:25:14 [ssh_config.5] add section on patterns; from dtucker + myself --- ChangeLog | 6 +++++- ssh_config.5 | 54 +++++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 48 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8d19a746d..7f34f310f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -150,6 +150,10 @@ [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] [sshconnect.c] move #include out of includes.h; ok djm@ + - jmc@cvs.openbsd.org 2006/02/24 10:25:14 + [ssh_config.5] + add section on patterns; + from dtucker + myself 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4051,4 +4055,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4181 2006/03/15 00:53:45 djm Exp $ +$Id: ChangeLog,v 1.4182 2006/03/15 00:54:05 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 44107bfe7..5f1ced5b6 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -73,13 +73,47 @@ The matched host name is the one given on the command line. Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. +.Sh PATTERNS +A +.Em pattern +consists of zero or more non-whitespace characters, +.Sq * +(a wildcard that matches zero or more characters), +or +.Sq ?\& +(a wildcard that matches exactly one character). +For example, to specify a set of declarations for any host in the +.Dq .co.uk +set of domains, +the following pattern could be used: +.Pp +.Dl Host *.co.uk +.Pp +The following pattern +would match any host in the 192.168.0.[0-9] network range: .Pp +.Dl Host 192.168.0.? +.Pp +A +.Em pattern-list +is a comma-separated list of patterns. +Patterns within pattern-lists may be negated +by preceding them with an exclamation mark +.Pq Sq !\& . +For example, +to allow a key to be used from anywhere within an organisation +except from the +.Dq dialup +pool, +the following entry (in authorized_keys) could be used: +.Pp +.Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Sh FILE FORMAT The configuration file has the following format: .Pp Empty lines and lines starting with .Ql # are comments. -.Pp Otherwise a line is of the format .Dq keyword arguments . Configuration options may be separated by whitespace or @@ -103,15 +137,13 @@ Restricts the following declarations (up to the next .Cm Host keyword) to be only for those hosts that match one of the patterns given after the keyword. -.Ql \&* -and -.Ql \&? -can be used as wildcards in the -patterns. A single .Ql \&* as a pattern can be used to provide global defaults for all hosts. +See +.Sx PATTERNS +for more information on patterns. The host is the .Ar hostname argument given on the command line (i.e., the name is not converted to @@ -805,10 +837,10 @@ Refer to in .Xr sshd_config 5 for how to configure the server. -Variables are specified by name, which may contain the wildcard characters -.Ql \&* -and -.Ql \&? . +Variables are specified by name, which may contain wildcard characters. +See +.Sx PATTERNS +for more information on patterns. Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv -- cgit v1.2.3 From 0c2079d81f6244c6bfdc0d091dc575c820af08f1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:54:21 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 10:33:54 [sshd_config.5] signpost to PATTERNS; --- ChangeLog | 5 ++++- sshd_config.5 | 45 +++++++++++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f34f310f..4d289aa4c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -154,6 +154,9 @@ [ssh_config.5] add section on patterns; from dtucker + myself + - jmc@cvs.openbsd.org 2006/02/24 10:33:54 + [sshd_config.5] + signpost to PATTERNS; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4055,4 +4058,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4182 2006/03/15 00:54:05 djm Exp $ +$Id: ChangeLog,v 1.4183 2006/03/15 00:54:21 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 6e2de10d7..e0768230e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.48 2006/01/02 17:09:49 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.49 2006/02/24 10:33:54 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -99,13 +99,14 @@ This keyword can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns. -.Ql \&* -and -.Ql \&? -can be used as -wildcards in the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is @@ -118,16 +119,17 @@ This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. -.Ql \&* -and -.Ql \&? -can be used as -wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. @@ -231,26 +233,29 @@ This keyword can be followed by a list of group name patterns, separated by spaces. Login is disallowed for users whose primary group or supplementary group list matches one of the patterns. -.Ql \&* -and -.Ql \&? -can be used as -wildcards in the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm DenyUsers This keyword can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. -.Ql \&* -and -.Ql \&? -can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. -- cgit v1.2.3 From f54a4b9da57eff2b68c09ce7f50b3573f1fc0f4a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:54:36 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 10:37:07 [ssh_config.5] tidy up the refs to PATTERNS; --- ChangeLog | 5 ++++- ssh_config.5 | 16 +++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4d289aa4c..7087d81f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -157,6 +157,9 @@ - jmc@cvs.openbsd.org 2006/02/24 10:33:54 [sshd_config.5] signpost to PATTERNS; + - jmc@cvs.openbsd.org 2006/02/24 10:37:07 + [ssh_config.5] + tidy up the refs to PATTERNS; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4058,4 +4061,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4183 2006/03/15 00:54:21 djm Exp $ +$Id: ChangeLog,v 1.4184 2006/03/15 00:54:36 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 5f1ced5b6..a334e57dc 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.81 2006/02/24 10:37:07 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -141,13 +141,14 @@ A single .Ql \&* as a pattern can be used to provide global defaults for all hosts. -See -.Sx PATTERNS -for more information on patterns. The host is the .Ar hostname argument given on the command line (i.e., the name is not converted to a canonicalized host name before matching). +.Pp +See +.Sx PATTERNS +for more information on patterns. .It Cm AddressFamily Specifies which address family to use when connecting. Valid arguments are @@ -838,14 +839,15 @@ in .Xr sshd_config 5 for how to configure the server. Variables are specified by name, which may contain wildcard characters. -See -.Sx PATTERNS -for more information on patterns. Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv directives. The default is not to send any environment variables. +.Pp +See +.Sx PATTERNS +for more information on patterns. .It Cm ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without -- cgit v1.2.3 From c7d5b5e4662b5c4d78639b9bfed642917f775da4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:55:08 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 10:39:52 [sshd.8] signpost to PATTERNS section; --- ChangeLog | 5 ++++- sshd.8 | 18 ++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7087d81f5..b5f623a8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -160,6 +160,9 @@ - jmc@cvs.openbsd.org 2006/02/24 10:37:07 [ssh_config.5] tidy up the refs to PATTERNS; + - jmc@cvs.openbsd.org 2006/02/24 10:39:52 + [sshd.8] + signpost to PATTERNS section; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4061,4 +4064,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4184 2006/03/15 00:54:36 djm Exp $ +$Id: ChangeLog,v 1.4185 2006/03/15 00:55:08 djm Exp $ diff --git a/sshd.8 b/sshd.8 index bb5cacd45..d09dc4e99 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -498,15 +498,7 @@ is enabled. .It Cm from="pattern-list" Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma-separated list of -patterns -.Pf ( Ql * -and -.Ql \&? -serve as wildcards). -The list may also contain -patterns negated by prefixing them with -.Ql \&! ; -if the canonical host name matches a negated pattern, the key is not accepted. +patterns. The purpose of this option is to optionally increase security: public key authentication by itself does not trust the network or name servers or anything (but @@ -515,6 +507,12 @@ permits an intruder to log in from anywhere in the world. This additional option makes using a stolen key more difficult (name servers and/or routers would have to be compromised in addition to just the key). +.Pp +See +.Sx PATTERNS +in +.Xr ssh_config 5 +for more information on patterns. .It Cm no-agent-forwarding Forbids authentication agent forwarding when this key is used for authentication. -- cgit v1.2.3 From 1faa7133233075776c83a71b427d19e35790280e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:55:31 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 20:22:16 [ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes; --- ChangeLog | 5 ++++- ssh-keysign.8 | 10 +++++----- ssh_config.5 | 4 ++-- sshd_config.5 | 6 +++--- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index b5f623a8e..730634ce7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -163,6 +163,9 @@ - jmc@cvs.openbsd.org 2006/02/24 10:39:52 [sshd.8] signpost to PATTERNS section; + - jmc@cvs.openbsd.org 2006/02/24 20:22:16 + [ssh-keysign.8 ssh_config.5 sshd_config.5] + some consistency fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4064,4 +4067,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4185 2006/03/15 00:55:08 djm Exp $ +$Id: ChangeLog,v 1.4186 2006/03/15 00:55:31 djm Exp $ diff --git a/ssh-keysign.8 b/ssh-keysign.8 index a17e8d5cf..4cdcb7a43 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.7 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.8 2006/02/24 20:22:16 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -27,7 +27,7 @@ .Os .Sh NAME .Nm ssh-keysign -.Nd ssh helper program for hostbased authentication +.Nd ssh helper program for host-based authentication .Sh SYNOPSIS .Nm .Sh DESCRIPTION @@ -35,7 +35,7 @@ is used by .Xr ssh 1 to access the local host keys and generate the digital signature -required during hostbased authentication with SSH protocol version 2. +required during host-based authentication with SSH protocol version 2. .Pp .Nm is disabled by default and can only be enabled in the @@ -53,7 +53,7 @@ See .Xr ssh 1 and .Xr sshd 8 -for more information about hostbased authentication. +for more information about host-based authentication. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/ssh_config @@ -67,7 +67,7 @@ They should be owned by root, readable only by root, and not accessible to others. Since they are readable only by root, .Nm -must be set-uid root if hostbased authentication is used. +must be set-uid root if host-based authentication is used. .El .Sh SEE ALSO .Xr ssh 1 , diff --git a/ssh_config.5 b/ssh_config.5 index a334e57dc..5905d4c90 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.81 2006/02/24 10:37:07 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.82 2006/02/24 20:22:16 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -178,7 +178,7 @@ Note that this option does not work if is set to .Dq yes . .It Cm ChallengeResponseAuthentication -Specifies whether to use challenge response authentication. +Specifies whether to use challenge-response authentication. The argument to this keyword must be .Dq yes or diff --git a/sshd_config.5 b/sshd_config.5 index e0768230e..caeddf603 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.49 2006/02/24 10:33:54 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.50 2006/02/24 20:22:16 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -153,7 +153,7 @@ authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication -Specifies whether challenge response authentication is allowed. +Specifies whether challenge-response authentication is allowed. All authentication styles from .Xr login.conf 5 are supported. @@ -291,7 +291,7 @@ Note that this option applies to protocol version 2 only. .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed -(hostbased authentication). +(host-based authentication). This option is similar to .Cm RhostsRSAAuthentication and applies to protocol version 2 only. -- cgit v1.2.3 From 208f1ed6f180cc0cfd3ab59d0b1c33796cc4c641 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:56:03 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 20:31:31 [ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes; --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- ssh_config.5 | 6 +++--- sshd.8 | 8 ++++---- sshd_config.5 | 8 ++++---- 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 730634ce7..b24ca1887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -166,6 +166,9 @@ - jmc@cvs.openbsd.org 2006/02/24 20:22:16 [ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 20:31:31 + [ssh.1 ssh_config.5 sshd.8 sshd_config.5] + more consistency fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4067,4 +4070,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4186 2006/03/15 00:55:31 djm Exp $ +$Id: ChangeLog,v 1.4187 2006/03/15 00:56:03 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b9bbe0bd6..e66ad9e88 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.256 2006/02/15 16:53:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.257 2006/02/24 20:31:30 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -569,7 +569,7 @@ Disable pseudo-tty allocation. Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, -e.g., when implementing menu services. +e.g. when implementing menu services. Multiple .Fl t options force tty allocation, even if @@ -1178,7 +1178,7 @@ If the current session has no tty, this variable is not set. .It Ev TZ This variable is set to indicate the present time zone if it -was set when the daemon was started (i.e., the daemon passes the value +was set when the daemon was started (i.e. the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. diff --git a/ssh_config.5 b/ssh_config.5 index 5905d4c90..66c9ed3f5 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.82 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.83 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -138,12 +138,12 @@ Restricts the following declarations (up to the next keyword) to be only for those hosts that match one of the patterns given after the keyword. A single -.Ql \&* +.Ql * as a pattern can be used to provide global defaults for all hosts. The host is the .Ar hostname -argument given on the command line (i.e., the name is not converted to +argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). .Pp See diff --git a/sshd.8 b/sshd.8 index d09dc4e99..0bfd68505 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -81,7 +81,7 @@ configuration file. .Nm rereads its configuration file when it receives a hangup signal, .Dv SIGHUP , -by executing itself with the name and options it was started with, e.g., +by executing itself with the name and options it was started with, e.g.\& .Pa /usr/sbin/sshd . .Pp The options are as follows: @@ -154,7 +154,7 @@ is normally not run from inetd because it needs to generate the server key before it can respond to the client, and this may take tens of seconds. Clients would have to wait too long if the key was regenerated every time. -However, with small key sizes (e.g., 512) using +However, with small key sizes (e.g. 512) using .Nm from inetd may be feasible. @@ -519,7 +519,7 @@ authentication. .It Cm no-port-forwarding Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. -This might be used, e.g., in connection with the +This might be used, e.g. in connection with the .Cm command option. .It Cm no-pty diff --git a/sshd_config.5 b/sshd_config.5 index caeddf603..642e1fa29 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.50 2006/02/24 20:22:16 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.51 2006/02/24 20:31:31 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -72,7 +72,7 @@ in for how to configure the client. Note that environment passing is only supported for protocol 2. Variables are specified by name, which may contain the wildcard characters -.Ql \&* +.Ql * and .Ql \&? . Multiple environment variables may be separated by whitespace or spread @@ -456,7 +456,7 @@ The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values .Dq start:rate:full -(e.g., "10:30:60"). +(e.g. "10:30:60"). .Nm sshd will refuse connection attempts with a probability of .Dq rate/100 @@ -612,7 +612,7 @@ directory or files world-writable. The default is .Dq yes . .It Cm Subsystem -Configures an external subsystem (e.g., file transfer daemon). +Configures an external subsystem (e.g. file transfer daemon). Arguments should be a subsystem name and a command to execute upon subsystem request. The command -- cgit v1.2.3 From 45ee2b91e62eb382e0cd0c61a9b34c25b8efc36c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:56:18 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 23:20:07 [ssh_config.5] some grammar/wording fixes; --- ChangeLog | 5 +- ssh_config.5 | 152 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 78 insertions(+), 79 deletions(-) diff --git a/ChangeLog b/ChangeLog index b24ca1887..a24b2d025 100644 --- a/ChangeLog +++ b/ChangeLog @@ -169,6 +169,9 @@ - jmc@cvs.openbsd.org 2006/02/24 20:31:31 [ssh.1 ssh_config.5 sshd.8 sshd_config.5] more consistency fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:20:07 + [ssh_config.5] + some grammar/wording fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4070,4 +4073,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4187 2006/03/15 00:56:03 djm Exp $ +$Id: ChangeLog,v 1.4188 2006/03/15 00:56:18 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 66c9ed3f5..40fef73cf 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.83 2006/02/24 20:31:31 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.84 2006/02/24 23:20:07 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -47,7 +47,7 @@ .It Pa /etc/ssh/ssh_config .El .Sh DESCRIPTION -.Nm ssh +.Xr ssh 1 obtains configuration data from the following sources in the following order: .Pp @@ -154,7 +154,7 @@ Specifies which address family to use when connecting. Valid arguments are .Dq any , .Dq inet -(use IPv4 only) or +(use IPv4 only), or .Dq inet6 (use IPv6 only). .It Cm BatchMode @@ -188,7 +188,8 @@ The default is .It Cm CheckHostIP If this flag is set to .Dq yes , -ssh will additionally check the host IP address in the +.Xr ssh 1 +will additionally check the host IP address in the .Pa known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. @@ -208,7 +209,7 @@ and are supported. .Ar des is only supported in the -.Nm ssh +.Xr ssh 1 client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des @@ -234,18 +235,18 @@ The supported ciphers are .Dq blowfish-cbc , and .Dq cast128-cbc . -The default is -.Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, - arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, - aes192-ctr,aes256-ctr'' +The default is: +.Bd -literal -offset 3n +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, +arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, +aes192-ctr,aes256-ctr .Ed .It Cm ClearAllForwardings -Specifies that all local, remote and dynamic port forwardings +Specifies that all local, remote, and dynamic port forwardings specified in the configuration files or on the command line be cleared. This option is primarily useful when used from the -.Nm ssh +.Xr ssh 1 command line to clear port forwardings set in configuration files, and is automatically set by .Xr scp 1 @@ -278,15 +279,15 @@ The argument must be an integer. This may be useful in scripts if the connection sometimes fails. The default is 1. .It Cm ConnectTimeout -Specifies the timeout (in seconds) used when connecting to the ssh -server, instead of using the default system TCP timeout. +Specifies the timeout (in seconds) used when connecting to the +SSH server, instead of using the default system TCP timeout. This value is used only when the target is down or really unreachable, not when it refuses the connection. .It Cm ControlMaster Enables the sharing of multiple sessions over a single network connection. When set to -.Dq yes -.Nm ssh +.Dq yes , +.Xr ssh 1 will listen for connections on a control socket specified using the .Cm ControlPath argument. @@ -303,8 +304,7 @@ if the control socket does not exist, or is not listening. .Pp Setting this to .Dq ask -will cause -.Nm ssh +will cause ssh to listen for control connections, but require confirmation using the .Ev SSH_ASKPASS program before they are accepted (see @@ -312,9 +312,8 @@ program before they are accepted (see for details). If the .Cm ControlPath -can not be opened, -.Nm ssh -will continue without connecting to a master instance. +cannot be opened, +ssh will continue without connecting to a master instance. .Pp X11 and .Xr ssh-agent 1 @@ -345,7 +344,7 @@ will be substituted by the local host name, .Ql %h will be substituted by the target host name, .Ql %p -the port and +the port, and .Ql %r by the remote login username. It is recommended that any @@ -382,7 +381,7 @@ empty address or indicates that the port should be available from all interfaces. .Pp Currently the SOCKS4 and SOCKS5 protocols are supported, and -.Nm ssh +.Xr ssh 1 will act as a SOCKS server. Multiple forwardings may be specified, and additional forwardings can be given on the command line. @@ -457,12 +456,12 @@ if the option is also enabled. .It Cm ForwardX11Trusted If this option is set to -.Dq yes -then remote X11 clients will have full access to the original X11 display. +.Dq yes , +remote X11 clients will have full access to the original X11 display. .Pp If this option is set to -.Dq no -then remote X11 clients will be considered untrusted and prevented +.Dq no , +remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. Furthermore, the @@ -479,12 +478,11 @@ the restrictions imposed on untrusted clients. Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, -.Nm ssh +.Xr ssh 1 binds local port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts -can be used to specify that -.Nm ssh +can be used to specify that ssh should bind local port forwardings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. The argument must be @@ -509,13 +507,13 @@ The default is Note that this option applies to protocol version 2 only. .It Cm HashKnownHosts Indicates that -.Nm ssh +.Xr ssh 1 should hash host names and addresses when they are added to .Pa ~/.ssh/known_hosts . These hashed names may be used normally by -.Nm ssh +.Xr ssh 1 and -.Nm sshd , +.Xr sshd 8 , but they do not reveal identifying information should the file's contents be disclosed. The default is @@ -544,30 +542,29 @@ The default for this option is: Specifies an alias that should be used instead of the real host name when looking up or saving the host key in the host key database files. -This option is useful for tunneling ssh connections +This option is useful for tunneling SSH connections or for multiple servers running on a single host. .It Cm HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. -Default is the name given on the command line. +The default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in .Cm HostName specifications). .It Cm IdentitiesOnly Specifies that -.Nm ssh +.Xr ssh 1 should only use the authentication identity files configured in the .Nm files, -even if the -.Nm ssh-agent +even if +.Xr ssh-agent 1 offers more identities. The argument to this keyword must be .Dq yes or .Dq no . -This option is intended for situations where -.Nm ssh-agent +This option is intended for situations where ssh-agent offers many different identities. The default is .Dq no . @@ -633,9 +630,9 @@ empty address or indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from -.Nm ssh . +.Xr ssh 1 . The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output. @@ -645,7 +642,7 @@ in order of preference. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. -The default is +The default is: .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. @@ -660,7 +657,7 @@ The default is to check the host key for localhost. .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The argument to this keyword must be an integer. -Default is 3. +The default is 3. .It Cm PasswordAuthentication Specifies whether to use password authentication. The argument to this keyword must be @@ -684,7 +681,7 @@ The default is .Dq no . .It Cm Port Specifies the port number to connect on the remote host. -Default is 22. +The default is 22. .It Cm PreferredAuthentications Specifies the order in which the client should try protocol 2 authentication methods. @@ -696,17 +693,16 @@ The default for this option is: .Dq hostbased,publickey,keyboard-interactive,password . .It Cm Protocol Specifies the protocol versions -.Nm ssh +.Xr ssh 1 should support in order of preference. The possible values are -.Dq 1 +.Sq 1 and -.Dq 2 . +.Sq 2 . Multiple versions must be comma-separated. The default is .Dq 2,1 . -This means that -.Nm ssh +This means that ssh tries version 2 and falls back to version 1 if version 2 is not available. .It Cm ProxyCommand @@ -764,9 +760,9 @@ or .Sq G to indicate Kilobytes, Megabytes, or Gigabytes, respectively. The default is between -.Dq 1G +.Sq 1G and -.Dq 4G , +.Sq 4G , depending on the cipher. This option applies to protocol version 2 only. .It Cm RemoteForward @@ -812,7 +808,7 @@ or The default is .Dq no . This option applies to protocol version 1 only and requires -.Nm ssh +.Xr ssh 1 to be setuid root. .It Cm RSAAuthentication Specifies whether to try RSA authentication. @@ -830,8 +826,8 @@ Note that this option applies to protocol version 1 only. Specifies what variables from the local .Xr environ 7 should be sent to the server. -Note that environment passing is only supported for protocol 2, the -server must also support it, and the server must be configured to +Note that environment passing is only supported for protocol 2. +The server must also support it, and the server must be configured to accept these environment variables. Refer to .Cm AcceptEnv @@ -851,11 +847,10 @@ for more information on patterns. .It Cm ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without -.Nm ssh +.Xr ssh 1 receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, -.Nm ssh -will disconnect from the server, terminating the session. +ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from .Cm TCPKeepAlive @@ -871,14 +866,14 @@ server depend on knowing when a connection has become inactive. The default value is 3. If, for example, .Cm ServerAliveInterval -(see below) is set to 15, and +(see below) is set to 15 and .Cm ServerAliveCountMax -is left at the default, if the server becomes unresponsive ssh -will disconnect after approximately 45 seconds. +is left at the default, if the server becomes unresponsive, +ssh will disconnect after approximately 45 seconds. .It Cm ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, -.Nm ssh +.Xr ssh 1 will send a message through the encrypted channel to request a response from the server. The default @@ -887,41 +882,39 @@ This option applies to protocol version 2 only. .It Cm SmartcardDevice Specifies which smartcard device to use. The argument to this keyword is the device -.Nm ssh +.Xr ssh 1 should use to communicate with a smartcard used for storing the user's private RSA key. By default, no device is specified and smartcard support is not activated. .It Cm StrictHostKeyChecking If this flag is set to .Dq yes , -.Nm ssh +.Xr ssh 1 will never automatically add host keys to the .Pa ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, -however, can be annoying when the +though it can be annoying when the .Pa /etc/ssh/ssh_known_hosts -file is poorly maintained, or connections to new hosts are +file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to .Dq no , -.Nm ssh -will automatically add new host keys to the +ssh will automatically add new host keys to the user known hosts files. If this flag is set to .Dq ask , new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and -.Nm ssh -will refuse to connect to hosts whose host key has changed. +ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be .Dq yes , -.Dq no +.Dq no , or .Dq ask . The default is @@ -952,7 +945,7 @@ instead of layer 3 (point-to-point) tunneling from the server. The argument must be .Dq yes , .Dq point-to-point , -.Dq ethernet +.Dq ethernet , or .Dq no . The default is @@ -971,8 +964,8 @@ or The default is .Dq no . If set to -.Dq yes -.Nm ssh +.Dq yes , +.Xr ssh 1 must be setuid root. Note that this option must be set to .Dq yes @@ -1005,12 +998,17 @@ need to confirm new host keys according to the option. The argument must be .Dq yes , -.Dq no +.Dq no , or .Dq ask . The default is .Dq no . Note that this option applies to protocol version 2 only. +.Pp +See also +.Sx VERIFYING HOST KEYS +in +.Xr ssh 1 . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 @@ -1023,9 +1021,7 @@ The default is .It Pa ~/.ssh/config This is the per-user configuration file. The format of this file is described above. -This file is used by the -.Nm ssh -client. +This file is used by the SSH client. Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. .It Pa /etc/ssh/ssh_config -- cgit v1.2.3 From 5b0d63f8943dc7f9029ba5171b2a23acfa97f7aa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:56:56 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 23:43:57 [sshd_config.5] some grammar/wording fixes; --- ChangeLog | 5 ++- sshd_config.5 | 107 +++++++++++++++++++++++++++------------------------------- 2 files changed, 54 insertions(+), 58 deletions(-) diff --git a/ChangeLog b/ChangeLog index a24b2d025..18298750c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -172,6 +172,9 @@ - jmc@cvs.openbsd.org 2006/02/24 23:20:07 [ssh_config.5] some grammar/wording fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:43:57 + [sshd_config.5] + some grammar/wording fixes; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4073,4 +4076,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4188 2006/03/15 00:56:18 djm Exp $ +$Id: ChangeLog,v 1.4189 2006/03/15 00:56:56 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 642e1fa29..6f60d7e84 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.51 2006/02/24 20:31:31 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.52 2006/02/24 23:43:57 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -89,7 +89,7 @@ Specifies which address family should be used by Valid arguments are .Dq any , .Dq inet -(use IPv4 only) or +(use IPv4 only), or .Dq inet6 (use IPv6 only). The default is @@ -135,9 +135,9 @@ Specifies the file that contains the public keys that can be used for user authentication. .Cm AuthorizedKeysFile may contain tokens of the form %T which are substituted during connection -set-up. +setup. The following tokens are defined: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated and +%h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. After expansion, .Cm AuthorizedKeysFile @@ -176,20 +176,19 @@ The supported ciphers are .Dq blowfish-cbc , and .Dq cast128-cbc . -The default is -.Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, - arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, - aes192-ctr,aes256-ctr'' +The default is: +.Bd -literal -offset 3n +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, +arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, +aes192-ctr,aes256-ctr .Ed .It Cm ClientAliveCountMax Sets the number of client alive messages (see below) which may be sent without -.Nm sshd +.Xr sshd 8 receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, -.Nm sshd -will disconnect the client, terminating the session. +sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from .Cm TCPKeepAlive @@ -207,12 +206,12 @@ If .Cm ClientAliveInterval (see below) is set to 15, and .Cm ClientAliveCountMax -is left at the default, unresponsive ssh clients +is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, -.Nm sshd +.Xr sshd 8 will send a message through the encrypted channel to request a response from the client. The default @@ -260,12 +259,11 @@ for more information on patterns. Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, -.Nm sshd +.Xr sshd 8 binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts -can be used to specify that -.Nm sshd +can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be @@ -308,7 +306,7 @@ and .Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. Note that -.Nm sshd +.Xr sshd 8 will refuse to use a file if it is group/world-accessible. It is possible to have multiple host key files. .Dq rsa1 @@ -335,7 +333,7 @@ The default is .Dq yes . .It Cm IgnoreUserKnownHosts Specifies whether -.Nm sshd +.Xr sshd 8 should ignore the user's .Pa ~/.ssh/known_hosts during @@ -350,24 +348,24 @@ Specifies whether the password provided by the user for will be validated through the Kerberos KDC. To use this option, the server needs a Kerberos servtab which allows the verification of the KDC's identity. -Default is +The default is .Dq no . .It Cm KerberosGetAFSToken If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an AFS token before accessing the user's home directory. -Default is +The default is .Dq no . .It Cm KerberosOrLocalPasswd -If set then if password authentication through Kerberos fails then +If password authentication through Kerberos fails then the password will be validated via any additional local mechanism such as .Pa /etc/passwd . -Default is +The default is .Dq yes . .It Cm KerberosTicketCleanup Specifies whether to automatically destroy the user's ticket cache file on logout. -Default is +The default is .Dq yes . .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated @@ -380,7 +378,7 @@ If the value is 0, the key is never regenerated. The default is 3600 (seconds). .It Cm ListenAddress Specifies the local addresses -.Nm sshd +.Xr sshd 8 should listen on. The following forms may be used: .Pp @@ -406,8 +404,7 @@ The following forms may be used: If .Ar port is not specified, -.Nm sshd -will listen on the address and all prior +sshd will listen on the address and all prior .Cm Port options specified. The default is to listen on all local addresses. @@ -416,7 +413,7 @@ Multiple options are permitted. Additionally, any .Cm Port -options must precede this option for non port qualified addresses. +options must precede this option for non-port qualified addresses. .It Cm LoginGraceTime The server disconnects after this time if the user has not successfully logged in. @@ -426,7 +423,7 @@ The default is 120 seconds. Gives the verbosity level that is used when logging messages from .Nm sshd . The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. @@ -436,7 +433,7 @@ Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. -The default is +The default is: .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . .It Cm MaxAuthTries Specifies the maximum number of authentication attempts permitted per @@ -446,8 +443,7 @@ additional failures are logged. The default is 6. .It Cm MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the -.Nm sshd -daemon. +SSH daemon. Additional connections will be dropped until authentication succeeds or the .Cm LoginGraceTime expires for a connection. @@ -484,18 +480,18 @@ Specifies whether root can log in using The argument must be .Dq yes , .Dq without-password , -.Dq forced-commands-only +.Dq forced-commands-only , or .Dq no . The default is .Dq yes . .Pp If this option is set to -.Dq without-password +.Dq without-password , password authentication is disabled for root. .Pp If this option is set to -.Dq forced-commands-only +.Dq forced-commands-only , root login with public key authentication will be allowed, but only if the .Ar command @@ -505,7 +501,7 @@ normally not allowed). All other authentication methods are disabled for root. .Pp If this option is set to -.Dq no +.Dq no , root is not allowed to log in. .It Cm PermitTunnel Specifies whether @@ -514,7 +510,7 @@ device forwarding is allowed. The argument must be .Dq yes , .Dq point-to-point , -.Dq ethernet +.Dq ethernet , or .Dq no . The default is @@ -527,7 +523,7 @@ and options in .Pa ~/.ssh/authorized_keys are processed by -.Nm sshd . +.Xr sshd 8 . The default is .Dq no . Enabling environment processing may enable users to bypass access @@ -541,7 +537,7 @@ The default is .Pa /var/run/sshd.pid . .It Cm Port Specifies the port number that -.Nm sshd +.Xr sshd 8 listens on. The default is 22. Multiple options of this type are permitted. @@ -549,14 +545,14 @@ See also .Cm ListenAddress . .It Cm PrintLastLog Specifies whether -.Nm sshd +.Xr sshd 8 should print the date and time of the last user login when a user logs in interactively. The default is .Dq yes . .It Cm PrintMotd Specifies whether -.Nm sshd +.Xr sshd 8 should print .Pa /etc/motd when a user logs in interactively. @@ -567,12 +563,12 @@ The default is .Dq yes . .It Cm Protocol Specifies the protocol versions -.Nm sshd +.Xr sshd 8 supports. The possible values are -.Dq 1 +.Sq 1 and -.Dq 2 . +.Sq 2 . Multiple versions must be comma-separated. The default is .Dq 2,1 . @@ -604,7 +600,7 @@ Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 768. .It Cm StrictModes Specifies whether -.Nm sshd +.Xr sshd 8 should check file modes and ownership of the user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their @@ -651,7 +647,7 @@ To disable TCP keepalive messages, the value should be set to .Dq no . .It Cm UseDNS Specifies whether -.Nm sshd +.Xr sshd 8 should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. @@ -702,7 +698,7 @@ The default is .Dq no . .It Cm UsePrivilegeSeparation Specifies whether -.Nm sshd +.Xr sshd 8 separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has @@ -713,11 +709,9 @@ The default is .Dq yes . .It Cm X11DisplayOffset Specifies the first display number available for -.Nm sshd Ns 's +.Xr sshd 8 Ns 's X11 forwarding. -This prevents -.Nm sshd -from interfering with real X11 servers. +This prevents sshd from interfering with real X11 servers. The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. @@ -730,14 +724,14 @@ The default is .Pp When X11 forwarding is enabled, there may be additional exposure to the server and to client displays if the -.Nm sshd +.Xr sshd 8 proxy display is configured to listen on the wildcard address (see .Cm X11UseLocalhost -below), however this is not the default. +below), though this is not the default. Additionally, the authentication spoofing and authentication data verification and substitution occur on the client side. The security risk of using X11 forwarding is that the client's X11 -display server may be exposed to attack when the ssh client requests +display server may be exposed to attack when the SSH client requests forwarding (see the warnings for .Cm ForwardX11 in @@ -755,12 +749,11 @@ X11 forwarding is automatically disabled if is enabled. .It Cm X11UseLocalhost Specifies whether -.Nm sshd +.Xr sshd 8 should bind the X11 forwarding server to the loopback address or to the wildcard address. By default, -.Nm sshd -binds the forwarding server to the loopback address and sets the +sshd binds the forwarding server to the loopback address and sets the hostname part of the .Ev DISPLAY environment variable to -- cgit v1.2.3 From f4f22b54c0e2a454d3ac093d99f845db4da98a81 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:57:25 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/24 23:51:17 [sshd_config.5] oops - bits i missed; --- ChangeLog | 5 ++++- sshd_config.5 | 19 +++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18298750c..4d21aae76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -175,6 +175,9 @@ - jmc@cvs.openbsd.org 2006/02/24 23:43:57 [sshd_config.5] some grammar/wording fixes; + - jmc@cvs.openbsd.org 2006/02/24 23:51:17 + [sshd_config.5] + oops - bits i missed; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4076,4 +4079,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4189 2006/03/15 00:56:56 djm Exp $ +$Id: ChangeLog,v 1.4190 2006/03/15 00:57:25 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 6f60d7e84..8c714444b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.52 2006/02/24 23:43:57 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.53 2006/02/24 23:51:17 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -46,7 +46,7 @@ .It Pa /etc/ssh/sshd_config .El .Sh DESCRIPTION -.Nm sshd +.Xr sshd 8 reads configuration data from .Pa /etc/ssh/sshd_config (or the file specified with @@ -85,7 +85,7 @@ For this reason, care should be taken in the use of this directive. The default is not to accept any environment variables. .It Cm AddressFamily Specifies which address family should be used by -.Nm sshd . +.Xr sshd 8 . Valid arguments are .Dq any , .Dq inet @@ -421,7 +421,7 @@ If the value is 0, there is no time limit. The default is 120 seconds. .It Cm LogLevel Gives the verbosity level that is used when logging messages from -.Nm sshd . +.Xr sshd 8 . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. @@ -453,7 +453,7 @@ Alternatively, random early drop can be enabled by specifying the three colon separated values .Dq start:rate:full (e.g. "10:30:60"). -.Nm sshd +.Xr sshd 8 will refuse connection attempts with a probability of .Dq rate/100 (30%) @@ -531,8 +531,7 @@ restrictions in some configurations using mechanisms such as .Ev LD_PRELOAD . .It Cm PidFile Specifies the file that contains the process ID of the -.Nm sshd -daemon. +SSH daemon. The default is .Pa /var/run/sshd.pid . .It Cm Port @@ -620,7 +619,7 @@ By default no subsystems are defined. Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from -.Nm sshd . +.Xr sshd 8 . The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. @@ -780,7 +779,7 @@ The default is .Pa /usr/X11R6/bin/xauth . .El .Ss Time Formats -.Nm sshd +.Xr sshd 8 command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: .Sm off @@ -824,7 +823,7 @@ Time format examples: .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config Contains configuration data for -.Nm sshd . +.Xr sshd 8 . This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. .El -- cgit v1.2.3 From 9cfbaecb64cbfbd7e9218faa1e95985a72d73038 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:57:55 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/25 12:26:17 [ssh_config.5] document the possible values for KbdInteractiveDevices; --- ChangeLog | 5 ++++- ssh_config.5 | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4d21aae76..d063f9f2f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -178,6 +178,9 @@ - jmc@cvs.openbsd.org 2006/02/24 23:51:17 [sshd_config.5] oops - bits i missed; + - jmc@cvs.openbsd.org 2006/02/25 12:26:17 + [ssh_config.5] + document the possible values for KbdInteractiveDevices; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4079,4 +4082,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4190 2006/03/15 00:57:25 djm Exp $ +$Id: ChangeLog,v 1.4191 2006/03/15 00:57:55 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 40fef73cf..0e6a41808 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.84 2006/02/24 23:20:07 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.85 2006/02/25 12:26:17 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -589,6 +589,13 @@ identities will be tried in sequence. Specifies the list of methods to use in keyboard-interactive authentication. Multiple method names must be comma-separated. The default is to use the server specified list. +The methods available vary depending on what the server supports. +For an OpenSSH server, +it may be zero or more of: +.Dq bsdauth , +.Dq pam , +and +.Dq skey . .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. -- cgit v1.2.3 From d450f49d4a306bf70320fc2526ce68917a2a315a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:58:25 +1100 Subject: missed in commit message: help/ok dtucker --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d063f9f2f..9f07c8cf4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -181,6 +181,7 @@ - jmc@cvs.openbsd.org 2006/02/25 12:26:17 [ssh_config.5] document the possible values for KbdInteractiveDevices; + help/ok dtucker 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4082,4 +4083,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4191 2006/03/15 00:57:55 djm Exp $ +$Id: ChangeLog,v 1.4192 2006/03/15 00:58:25 djm Exp $ -- cgit v1.2.3 From ac73e5139072c444ade00fadc7817451a531788d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:58:49 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/25 12:28:34 [sshd_config.5] document the order in which allow/deny directives are processed; help/ok dtucker --- ChangeLog | 6 +++++- sshd_config.5 | 26 +++++++++++++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f07c8cf4..bdfb7520b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -182,6 +182,10 @@ [ssh_config.5] document the possible values for KbdInteractiveDevices; help/ok dtucker + - jmc@cvs.openbsd.org 2006/02/25 12:28:34 + [sshd_config.5] + document the order in which allow/deny directives are processed; + help/ok dtucker 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4083,4 +4087,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4192 2006/03/15 00:58:25 djm Exp $ +$Id: ChangeLog,v 1.4193 2006/03/15 00:58:49 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 8c714444b..2fc2d057e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.53 2006/02/24 23:51:17 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.54 2006/02/25 12:28:34 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -101,6 +101,12 @@ If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. +The allow/deny directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers , +.Cm DenyGroups , +and finally +.Cm AllowGroups . .Pp See .Sx PATTERNS @@ -124,6 +130,12 @@ By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +The allow/deny directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers , +.Cm DenyGroups , +and finally +.Cm AllowGroups . .Pp See .Sx PATTERNS @@ -234,6 +246,12 @@ Login is disallowed for users whose primary group or supplementary group list matches one of the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. +The allow/deny directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers , +.Cm DenyGroups , +and finally +.Cm AllowGroups . .Pp See .Sx PATTERNS @@ -249,6 +267,12 @@ By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +The allow/deny directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers , +.Cm DenyGroups , +and finally +.Cm AllowGroups . .Pp See .Sx PATTERNS -- cgit v1.2.3 From b5282c2f06ee40ee2f7e99cb315956b63c56c7cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:59:08 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/26 17:17:18 [ssh_config.5] move PATTERNS to the end of the main body; requested by dtucker --- ChangeLog | 5 ++++- ssh_config.5 | 72 ++++++++++++++++++++++++++++++------------------------------ 2 files changed, 40 insertions(+), 37 deletions(-) diff --git a/ChangeLog b/ChangeLog index bdfb7520b..dbfb130a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -186,6 +186,9 @@ [sshd_config.5] document the order in which allow/deny directives are processed; help/ok dtucker + - jmc@cvs.openbsd.org 2006/02/26 17:17:18 + [ssh_config.5] + move PATTERNS to the end of the main body; requested by dtucker 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4087,4 +4090,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4193 2006/03/15 00:58:49 djm Exp $ +$Id: ChangeLog,v 1.4194 2006/03/15 00:59:08 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 0e6a41808..3c5bf3919 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.85 2006/02/25 12:26:17 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.86 2006/02/26 17:17:18 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -73,42 +73,7 @@ The matched host name is the one given on the command line. Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. -.Sh PATTERNS -A -.Em pattern -consists of zero or more non-whitespace characters, -.Sq * -(a wildcard that matches zero or more characters), -or -.Sq ?\& -(a wildcard that matches exactly one character). -For example, to specify a set of declarations for any host in the -.Dq .co.uk -set of domains, -the following pattern could be used: -.Pp -.Dl Host *.co.uk -.Pp -The following pattern -would match any host in the 192.168.0.[0-9] network range: .Pp -.Dl Host 192.168.0.? -.Pp -A -.Em pattern-list -is a comma-separated list of patterns. -Patterns within pattern-lists may be negated -by preceding them with an exclamation mark -.Pq Sq !\& . -For example, -to allow a key to be used from anywhere within an organisation -except from the -.Dq dialup -pool, -the following entry (in authorized_keys) could be used: -.Pp -.Dl from=\&"!*.dialup.example.com,*.example.com\&" -.Sh FILE FORMAT The configuration file has the following format: .Pp Empty lines and lines starting with @@ -1023,6 +988,41 @@ program. The default is .Pa /usr/X11R6/bin/xauth . .El +.Sh PATTERNS +A +.Em pattern +consists of zero or more non-whitespace characters, +.Sq * +(a wildcard that matches zero or more characters), +or +.Sq ?\& +(a wildcard that matches exactly one character). +For example, to specify a set of declarations for any host in the +.Dq .co.uk +set of domains, +the following pattern could be used: +.Pp +.Dl Host *.co.uk +.Pp +The following pattern +would match any host in the 192.168.0.[0-9] network range: +.Pp +.Dl Host 192.168.0.? +.Pp +A +.Em pattern-list +is a comma-separated list of patterns. +Patterns within pattern-lists may be negated +by preceding them with an exclamation mark +.Pq Sq !\& . +For example, +to allow a key to be used from anywhere within an organisation +except from the +.Dq dialup +pool, +the following entry (in authorized_keys) could be used: +.Pp +.Dl from=\&"!*.dialup.example.com,*.example.com\&" .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config -- cgit v1.2.3 From e3beba231af4aa4364171c6828b0481067293ab5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:59:25 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/26 18:01:13 [sshd_config.5] subsection is pointless here; --- ChangeLog | 5 ++++- sshd_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index dbfb130a6..ac7af857c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -189,6 +189,9 @@ - jmc@cvs.openbsd.org 2006/02/26 17:17:18 [ssh_config.5] move PATTERNS to the end of the main body; requested by dtucker + - jmc@cvs.openbsd.org 2006/02/26 18:01:13 + [sshd_config.5] + subsection is pointless here; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4090,4 +4093,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4194 2006/03/15 00:59:08 djm Exp $ +$Id: ChangeLog,v 1.4195 2006/03/15 00:59:25 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 2fc2d057e..446e59afd 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.54 2006/02/25 12:28:34 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.55 2006/02/26 18:01:13 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -802,7 +802,7 @@ program. The default is .Pa /usr/X11R6/bin/xauth . .El -.Ss Time Formats +.Sh TIME FORMATS .Xr sshd 8 command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: -- cgit v1.2.3 From 4aea974a1df1396a7b2300a331b5162db69a39f0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 11:59:39 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/26 18:03:10 [ssh_config.5] comma; --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ac7af857c..113bb2e18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -192,6 +192,9 @@ - jmc@cvs.openbsd.org 2006/02/26 18:01:13 [sshd_config.5] subsection is pointless here; + - jmc@cvs.openbsd.org 2006/02/26 18:03:10 + [ssh_config.5] + comma; 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4093,4 +4096,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4195 2006/03/15 00:59:25 djm Exp $ +$Id: ChangeLog,v 1.4196 2006/03/15 00:59:39 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 3c5bf3919..ba8926e8e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.86 2006/02/26 17:17:18 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.87 2006/02/26 18:03:10 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -87,7 +87,7 @@ optional whitespace and exactly one the latter format is useful to avoid the need to quote whitespace when specifying configuration options using the .Nm ssh , -.Nm scp +.Nm scp , and .Nm sftp .Fl o -- cgit v1.2.3 From 1cf76d97f91e16cd82ca457220a3e1b40ec2943a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:01:14 +1100 Subject: - djm@cvs.openbsd.org 2006/02/28 01:10:21 [session.c] fix logout recording when privilege separation is disabled, analysis and patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ NB. ID sync only - patch already in portable --- ChangeLog | 7 ++++++- session.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 113bb2e18..11b2071e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -195,6 +195,11 @@ - jmc@cvs.openbsd.org 2006/02/26 18:03:10 [ssh_config.5] comma; + - djm@cvs.openbsd.org 2006/02/28 01:10:21 + [session.c] + fix logout recording when privilege separation is disabled, analysis and + patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ + NB. ID sync only - patch already in portable 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4096,4 +4101,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4196 2006/03/15 00:59:39 djm Exp $ +$Id: ChangeLog,v 1.4197 2006/03/15 01:01:14 djm Exp $ diff --git a/session.c b/session.c index f69074500..6fb63d3ad 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.196 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.197 2006/02/28 01:10:21 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H -- cgit v1.2.3 From ec04f360eb56a75e5f12393e80bc9ca39eacd5e8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:01:34 +1100 Subject: - djm@cvs.openbsd.org 2006/03/04 04:12:58 [serverloop.c] move a debug() outside of a signal handler; ok markus@ a little while back --- ChangeLog | 5 ++++- serverloop.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 11b2071e4..011a1279e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -200,6 +200,9 @@ fix logout recording when privilege separation is disabled, analysis and patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ NB. ID sync only - patch already in portable + - djm@cvs.openbsd.org 2006/03/04 04:12:58 + [serverloop.c] + move a debug() outside of a signal handler; ok markus@ a little while back 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4101,4 +4104,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4197 2006/03/15 01:01:14 djm Exp $ +$Id: ChangeLog,v 1.4198 2006/03/15 01:01:34 djm Exp $ diff --git a/serverloop.c b/serverloop.c index 0a1bbf1ad..f4fb6b7b5 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.127 2006/02/20 17:02:44 stevesk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.128 2006/03/04 04:12:58 djm Exp $"); #include #include @@ -152,7 +152,6 @@ static void sigchld_handler(int sig) { int save_errno = errno; - debug("Received SIGCHLD."); child_terminated = 1; #ifndef _UNICOS mysignal(SIGCHLD, sigchld_handler); @@ -755,6 +754,7 @@ collect_children(void) sigaddset(&nset, SIGCHLD); sigprocmask(SIG_BLOCK, &nset, &oset); if (child_terminated) { + debug("Received SIGCHLD."); while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || (pid < 0 && errno == EINTR)) if (pid > 0) -- cgit v1.2.3 From 2ecb6bd95d1f7d47d6071614be99339b290771e0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:03:53 +1100 Subject: - djm@cvs.openbsd.org 2006/03/12 04:23:07 [ssh.c] knf nit --- ChangeLog | 5 ++++- ssh.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 011a1279e..0509ceef3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -203,6 +203,9 @@ - djm@cvs.openbsd.org 2006/03/04 04:12:58 [serverloop.c] move a debug() outside of a signal handler; ok markus@ a little while back + - djm@cvs.openbsd.org 2006/03/12 04:23:07 + [ssh.c] + knf nit 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4104,4 +4107,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4198 2006/03/15 01:01:34 djm Exp $ +$Id: ChangeLog,v 1.4199 2006/03/15 01:03:53 djm Exp $ diff --git a/ssh.c b/ssh.c index e2e7ab329..6f185b4a7 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.265 2006/02/22 00:04:45 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.266 2006/03/12 04:23:07 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H @@ -254,7 +254,7 @@ main(int ac, char **av) /* Parse command-line arguments. */ host = NULL; -again: + again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { -- cgit v1.2.3 From b24c2f8e33781be43702d8cfc69d4fbd0547e638 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:04:36 +1100 Subject: - djm@cvs.openbsd.org 2006/03/13 08:16:00 [sshd.c] don't log that we are listening on a socket before the listen() call actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ --- ChangeLog | 6 +++++- sshd.c | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0509ceef3..2be6f21d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -206,6 +206,10 @@ - djm@cvs.openbsd.org 2006/03/12 04:23:07 [ssh.c] knf nit + - djm@cvs.openbsd.org 2006/03/13 08:16:00 + [sshd.c] + don't log that we are listening on a socket before the listen() call + actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4107,4 +4111,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4199 2006/03/15 01:03:53 djm Exp $ +$Id: ChangeLog,v 1.4200 2006/03/15 01:04:36 djm Exp $ diff --git a/sshd.c b/sshd.c index 40593ee2e..19c2d96ad 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.323 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.325 2006/03/13 08:16:00 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H @@ -1333,10 +1333,10 @@ main(int ac, char **av) num_listen_socks++; /* Start listening on the port. */ - logit("Server listening on %s port %s.", ntop, strport); if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) - fatal("listen: %.100s", strerror(errno)); - + fatal("listen on [%s]:%s: %.100s", + ntop, strport, strerror(errno)); + logit("Server listening on %s port %s.", ntop, strport); } freeaddrinfo(options.listen_addrs); -- cgit v1.2.3 From 314dd4b2f33c22330f3f4272b1605fb0d8fbc58b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:05:22 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 [packet.c] Set TCP_NODELAY for all connections not just "interactive" ones. Fixes poor performance and protocol stalls under some network conditions (mindrot bugs #556 and #981). Patch originally from markus@, ok djm@ --- ChangeLog | 7 ++++++- packet.c | 5 ++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2be6f21d6..7cc666a58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -210,6 +210,11 @@ [sshd.c] don't log that we are listening on a socket before the listen() call actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ + - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 + [packet.c] + Set TCP_NODELAY for all connections not just "interactive" ones. Fixes + poor performance and protocol stalls under some network conditions (mindrot + bugs #556 and #981). Patch originally from markus@, ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4111,4 +4116,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4200 2006/03/15 01:04:36 djm Exp $ +$Id: ChangeLog,v 1.4201 2006/03/15 01:05:22 djm Exp $ diff --git a/packet.c b/packet.c index 24d2bb312..ca6861e55 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.121 2006/02/08 14:38:18 stevesk Exp $"); +RCSID("$OpenBSD: packet.c,v 1.122 2006/03/13 08:33:00 dtucker Exp $"); #include "openbsd-compat/sys-queue.h" #include @@ -1482,8 +1482,7 @@ packet_set_interactive(int interactive) /* Only set socket options if using a socket. */ if (!packet_connection_is_on_socket()) return; - if (interactive) - set_nodelay(connection_in); + set_nodelay(connection_in); packet_set_tos(interactive); } -- cgit v1.2.3 From 8056a9d46ac2d75560c2fd9fc69c75ee46a43922 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:05:40 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 [ssh-keygen.c] Make ssh-keygen handle CR and CRLF line termination when converting IETF format keys, in adition to vanilla LF. mindrot #1157, tested by Chris Pepper, ok djm@ --- ChangeLog | 7 ++++++- ssh-keygen.c | 42 +++++++++++++++++++++++++++++++++--------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7cc666a58..74ece7805 100644 --- a/ChangeLog +++ b/ChangeLog @@ -215,6 +215,11 @@ Set TCP_NODELAY for all connections not just "interactive" ones. Fixes poor performance and protocol stalls under some network conditions (mindrot bugs #556 and #981). Patch originally from markus@, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 + [ssh-keygen.c] + Make ssh-keygen handle CR and CRLF line termination when converting IETF + format keys, in adition to vanilla LF. mindrot #1157, tested by Chris + Pepper, ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4116,4 +4121,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4201 2006/03/15 01:05:22 djm Exp $ +$Id: ChangeLog,v 1.4202 2006/03/15 01:05:40 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 8acbf7783..bea4ed59b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.136 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.137 2006/03/13 08:43:16 dtucker Exp $"); #include #include @@ -305,13 +305,42 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) return key; } +static int +get_line(FILE *fp, char *line, size_t len) +{ + int c; + size_t pos = 0; + + line[0] = '\0'; + while ((c = fgetc(fp)) != EOF) { + if (pos >= len - 1) { + fprintf(stderr, "input line too long.\n"); + exit(1); + } + switch(c) { + case '\r': + c = fgetc(fp); + if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { + fprintf(stderr, "unget: %s\n", strerror(errno)); + exit(1); + } + return pos; + case '\n': + return pos; + } + line[pos++] = c; + line[pos] = '\0'; + } + return pos; +} + static void do_convert_from_ssh2(struct passwd *pw) { Key *k; int blen; u_int len; - char line[1024], *p; + char line[1024]; u_char blob[8096]; char encoded[8096]; struct stat st; @@ -330,12 +359,8 @@ do_convert_from_ssh2(struct passwd *pw) exit(1); } encoded[0] = '\0'; - while (fgets(line, sizeof(line), fp)) { - if (!(p = strchr(line, '\n'))) { - fprintf(stderr, "input line too long.\n"); - exit(1); - } - if (p > line && p[-1] == '\\') + while ((blen = get_line(fp, line, sizeof(line))) != -1) { + if (line[blen - 1] == '\\') escaped++; if (strncmp(line, "----", 4) == 0 || strstr(line, ": ") != NULL) { @@ -352,7 +377,6 @@ do_convert_from_ssh2(struct passwd *pw) /* fprintf(stderr, "escaped: %s", line); */ continue; } - *p = '\0'; strlcat(encoded, line, sizeof(encoded)); } len = strlen(encoded); -- cgit v1.2.3 From 306d118f72670f0da447f28b7eec576dcb4a6e38 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:05:59 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 [misc.c ssh_config.5 sshd_config.5] Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@ --- ChangeLog | 6 +++++- misc.c | 17 +++++++++++++++-- ssh_config.5 | 5 ++++- sshd_config.5 | 5 ++++- 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74ece7805..c72eeed41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -220,6 +220,10 @@ Make ssh-keygen handle CR and CRLF line termination when converting IETF format keys, in adition to vanilla LF. mindrot #1157, tested by Chris Pepper, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 + [misc.c ssh_config.5 sshd_config.5] + Allow config directives to contain whitespace by surrounding them by double + quotes. mindrot #482, man page help from jmc@, ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4121,4 +4125,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4202 2006/03/15 01:05:40 djm Exp $ +$Id: ChangeLog,v 1.4203 2006/03/15 01:05:59 djm Exp $ diff --git a/misc.c b/misc.c index e1da651ef..662480e9e 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.45 2006/02/10 00:27:13 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.46 2006/03/13 10:14:29 dtucker Exp $"); #include #include @@ -128,6 +128,7 @@ set_nodelay(int fd) /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" +#define QUOTE "\"" /* return next token in configuration line */ char * @@ -141,15 +142,27 @@ strdelim(char **s) old = *s; - *s = strpbrk(*s, WHITESPACE "="); + *s = strpbrk(*s, WHITESPACE QUOTE "="); if (*s == NULL) return (old); + if (*s[0] == '\"') { + memmove(*s, *s + 1, strlen(*s)); /* move nul too */ + /* Find matching quote */ + if ((*s = strpbrk(*s, QUOTE)) == NULL) { + return (NULL); /* no matching quote */ + } else { + *s[0] = '\0'; + return (old); + } + } + /* Allow only one '=' to be skipped */ if (*s[0] == '=') wspace = 1; *s[0] = '\0'; + /* Skip any extra whitespace after first token */ *s += strspn(*s + 1, WHITESPACE) + 1; if (*s[0] == '=' && !wspace) *s += strspn(*s + 1, WHITESPACE) + 1; diff --git a/ssh_config.5 b/ssh_config.5 index ba8926e8e..f7c9f7145 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.87 2006/02/26 18:03:10 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.88 2006/03/13 10:14:29 dtucker Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -92,6 +92,9 @@ and .Nm sftp .Fl o option. +Arguments may optionally be enclosed in double quotes +.Pq \&" +in order to represent arguments containing spaces. .Pp The possible keywords and their meanings are as follows (note that diff --git a/sshd_config.5 b/sshd_config.5 index 446e59afd..1bd3a624f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.55 2006/02/26 18:01:13 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.56 2006/03/13 10:14:29 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -56,6 +56,9 @@ The file contains keyword-argument pairs, one per line. Lines starting with .Ql # and empty lines are interpreted as comments. +Arguments may optionally be enclosed in double quotes +.Pq \&" +in order to represent arguments containing spaces. .Pp The possible keywords and their meanings are as follows (note that -- cgit v1.2.3 From 8275fade44b56aed722ea91bc4586f48babece80 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:06:23 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 [authfile.c authfile.h ssh-add.c] Make ssh-add check file permissions before attempting to load private key files multiple times; it will fail anyway and this prevents confusing multiple prompts and warnings. mindrot #1138, ok djm@ --- ChangeLog | 7 ++++++- authfile.c | 4 ++-- authfile.h | 3 ++- ssh-add.c | 17 +++++++++++++---- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c72eeed41..d41b4cb46 100644 --- a/ChangeLog +++ b/ChangeLog @@ -224,6 +224,11 @@ [misc.c ssh_config.5 sshd_config.5] Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@ + - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 + [authfile.c authfile.h ssh-add.c] + Make ssh-add check file permissions before attempting to load private + key files multiple times; it will fail anyway and this prevents confusing + multiple prompts and warnings. mindrot #1138, ok djm@ 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4125,4 +4130,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4203 2006/03/15 01:05:59 djm Exp $ +$Id: ChangeLog,v 1.4204 2006/03/15 01:06:23 djm Exp $ diff --git a/authfile.c b/authfile.c index f97cf1820..0656262d0 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.62 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.63 2006/03/13 10:26:52 dtucker Exp $"); #include #include @@ -510,7 +510,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, return prv; } -static int +int key_perm_ok(int fd, const char *filename) { struct stat st; diff --git a/authfile.h b/authfile.h index 7f92701ec..a16caa7a8 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.10 2002/05/23 19:24:30 markus Exp $ */ +/* $OpenBSD: authfile.h,v 1.11 2006/03/13 10:26:52 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -21,5 +21,6 @@ Key *key_load_public_type(int, const char *, char **); Key *key_load_private(const char *, const char *, char **); Key *key_load_private_type(int, const char *, const char *, char **); Key *key_load_private_pem(int, int, const char *, char **); +int key_perm_ok(int, const char *); #endif diff --git a/ssh-add.c b/ssh-add.c index 8bfc401e8..59933012d 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.76 2006/03/13 10:26:52 dtucker Exp $"); #include #include @@ -127,16 +127,25 @@ delete_all(AuthenticationConnection *ac) static int add_file(AuthenticationConnection *ac, const char *filename) { - struct stat st; Key *private; char *comment = NULL; char msg[1024]; - int ret = -1; + int fd, perms_ok, ret = -1; - if (stat(filename, &st) < 0) { + if ((fd = open(filename, 0)) < 0) { perror(filename); return -1; } + + /* + * Since we'll try to load a keyfile multiple times, permission errors + * will occur multiple times, so check perms first and bail if wrong. + */ + perms_ok = key_perm_ok(fd, filename); + close(fd); + if (!perms_ok) + return -1; + /* At first, try empty passphrase */ private = key_load_private(filename, "", &comment); if (comment == NULL) -- cgit v1.2.3 From de85a28825de0dea6aa5b6d3e79f7207d7dda51d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:06:41 +1100 Subject: - djm@cvs.openbsd.org 2006/03/14 00:15:39 [canohost.c] log the originating address and not just the name when a reverse mapping check fails, requested by linux AT linuon.com --- ChangeLog | 6 +++++- canohost.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d41b4cb46..57c97c85e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -229,6 +229,10 @@ Make ssh-add check file permissions before attempting to load private key files multiple times; it will fail anyway and this prevents confusing multiple prompts and warnings. mindrot #1138, ok djm@ + - djm@cvs.openbsd.org 2006/03/14 00:15:39 + [canohost.c] + log the originating address and not just the name when a reverse + mapping check fails, requested by linux AT linuon.com 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4130,4 +4134,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4204 2006/03/15 01:06:23 djm Exp $ +$Id: ChangeLog,v 1.4205 2006/03/15 01:06:41 djm Exp $ diff --git a/canohost.c b/canohost.c index 76b0bee02..f15aecb62 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.49 2006/02/22 00:04:44 stevesk Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.50 2006/03/14 00:15:39 djm Exp $"); #include @@ -104,7 +104,7 @@ get_remote_hostname(int sock, int use_dns) hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { logit("reverse mapping checking getaddrinfo for %.700s " - "failed - POSSIBLE BREAK-IN ATTEMPT!", name); + "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); return xstrdup(ntop); } /* Look for the address from the list of addresses. */ -- cgit v1.2.3 From cc3e8ba3c24357b912dd7071ba34ab863de593bd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:06:55 +1100 Subject: - markus@cvs.openbsd.org 2006/03/14 16:32:48 [ssh_config.5 sshd_config.5] *AliveCountMax applies to protcol v2 only; ok dtucker, djm --- ChangeLog | 5 ++++- ssh_config.5 | 3 ++- sshd_config.5 | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57c97c85e..3064b306d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -233,6 +233,9 @@ [canohost.c] log the originating address and not just the name when a reverse mapping check fails, requested by linux AT linuon.com + - markus@cvs.openbsd.org 2006/03/14 16:32:48 + [ssh_config.5 sshd_config.5] + *AliveCountMax applies to protcol v2 only; ok dtucker, djm 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4134,4 +4137,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4205 2006/03/15 01:06:41 djm Exp $ +$Id: ChangeLog,v 1.4206 2006/03/15 01:06:55 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index f7c9f7145..5b02ef821 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.88 2006/03/13 10:14:29 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.89 2006/03/14 16:32:48 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -845,6 +845,7 @@ If, for example, .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. +This option applies to protocol version 2 only. .It Cm ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, diff --git a/sshd_config.5 b/sshd_config.5 index 1bd3a624f..aad28f4c8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.56 2006/03/13 10:14:29 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.57 2006/03/14 16:32:48 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -223,6 +223,7 @@ If .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. +This option applies to protocol version 2 only. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, -- cgit v1.2.3 From a63128d1a8a4077bc992e09d00e2683d1592e500 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 12:08:28 +1100 Subject: - djm@cvs.openbsd.org 2006/03/07 09:07:40 [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet --- ChangeLog | 8 ++++++- kex.c | 7 +++++- kex.h | 4 +++- md-sha256.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ monitor.c | 9 ++++++-- myproposal.h | 10 +++++---- ssh-keyscan.c | 3 ++- sshconnect2.c | 3 ++- sshd.c | 1 + 9 files changed, 105 insertions(+), 11 deletions(-) create mode 100644 md-sha256.c diff --git a/ChangeLog b/ChangeLog index 3064b306d..3cd994f2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -236,6 +236,12 @@ - markus@cvs.openbsd.org 2006/03/14 16:32:48 [ssh_config.5 sshd_config.5] *AliveCountMax applies to protcol v2 only; ok dtucker, djm + - djm@cvs.openbsd.org 2006/03/07 09:07:40 + [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] + Implement the diffie-hellman-group-exchange-sha256 key exchange method + using the SHA256 code in libc (and wrapper to make it into an OpenSSL + EVP), interop tested against CVS PuTTY + NB. no portability bits committed yet 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4137,4 +4143,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4206 2006/03/15 01:06:55 djm Exp $ +$Id: ChangeLog,v 1.4207 2006/03/15 01:08:28 djm Exp $ diff --git a/kex.c b/kex.c index cd71be9ca..175613b40 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #include @@ -44,6 +44,8 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $"); #define KEX_COOKIE_LEN 16 +extern const EVP_MD *evp_ssh_sha256(void); + /* prototype */ static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); @@ -301,6 +303,9 @@ choose_kex(Kex *k, char *client, char *server) } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; k->evp_md = EVP_sha1(); + } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { + k->kex_type = KEX_DH_GEX_SHA256; + k->evp_md = evp_ssh_sha256(); } else fatal("bad kex alg %s", k->name); } diff --git a/kex.h b/kex.h index bbd931e04..e2ba0a98f 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.39 2006/03/07 09:07:40 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -34,6 +34,7 @@ #define KEX_DH1 "diffie-hellman-group1-sha1" #define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" +#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -63,6 +64,7 @@ enum kex_exchange { KEX_DH_GRP1_SHA1, KEX_DH_GRP14_SHA1, KEX_DH_GEX_SHA1, + KEX_DH_GEX_SHA256, KEX_MAX }; diff --git a/md-sha256.c b/md-sha256.c new file mode 100644 index 000000000..08848f841 --- /dev/null +++ b/md-sha256.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2005 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* EVP wrapper for SHA256 */ + +#include "includes.h" +#include +#include + +RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); + +const EVP_MD *evp_ssh_sha256(void); + +static int +ssh_sha256_init(EVP_MD_CTX *ctxt) +{ + SHA256_Init(ctxt->md_data); + return (1); +} + +static int +ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len) +{ + SHA256_Update(ctxt->md_data, data, len); + return (1); +} + +static int +ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest) +{ + SHA256_Final(digest, ctxt->md_data); + return (1); +} + +static int +ssh_sha256_cleanup(EVP_MD_CTX *ctxt) +{ + memset(ctxt->md_data, 0, sizeof(SHA256_CTX)); + return (1); +} + +const EVP_MD * +evp_ssh_sha256(void) +{ + static EVP_MD ssh_sha256; + + memset(&ssh_sha256, 0, sizeof(ssh_sha256)); + ssh_sha256.type = NID_undef; + ssh_sha256.md_size = SHA256_DIGEST_LENGTH; + ssh_sha256.init = ssh_sha256_init; + ssh_sha256.update = ssh_sha256_update; + ssh_sha256.final = ssh_sha256_final; + ssh_sha256.cleanup = ssh_sha256_cleanup; + ssh_sha256.block_size = SHA256_BLOCK_LENGTH; + ssh_sha256.ctx_size = sizeof(SHA256_CTX); + + return (&ssh_sha256); +} diff --git a/monitor.c b/monitor.c index 3260d473d..30849a371 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.68 2006/02/20 17:02:44 stevesk Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.69 2006/03/07 09:07:40 djm Exp $"); #include #include @@ -543,7 +543,11 @@ mm_answer_sign(int sock, Buffer *m) keyid = buffer_get_int(m); p = buffer_get_string(m, &datlen); - if (datlen != 20) + /* + * Supported KEX types will only return SHA1 (20 byte) or + * SHA256 (32 byte) hashes + */ + if (datlen != 20 && datlen != 32) fatal("%s: data length incorrect: %u", __func__, datlen); /* save session id, it will be passed on the first call */ @@ -1627,6 +1631,7 @@ mm_get_kex(Buffer *m) kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); diff --git a/myproposal.h b/myproposal.h index d8cba1caf..cc94a8ed2 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.19 2006/03/07 09:07:40 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -23,9 +23,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ - "diffie-hellman-group1-sha1" +#define KEX_DEFAULT_KEX \ + "diffie-hellman-group-exchange-sha256," \ + "diffie-hellman-group-exchange-sha1," \ + "diffie-hellman-group14-sha1," \ + "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 13e7c721c..f05c4697c 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.59 2006/02/08 14:31:30 stevesk Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.60 2006/03/07 09:07:40 djm Exp $"); #include "openbsd-compat/sys-queue.h" #include @@ -351,6 +351,7 @@ keygrab_ssh2(con *c) c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; + c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; c->c_kex->verify_host_key = hostjump; if (!(j = setjmp(kexjmp))) { diff --git a/sshconnect2.c b/sshconnect2.c index f2776edb7..b01a3ca5b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.146 2006/02/20 17:19:54 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.147 2006/03/07 09:07:40 djm Exp $"); #include #include @@ -127,6 +127,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.c b/sshd.c index 19c2d96ad..6f458eb3b 100644 --- a/sshd.c +++ b/sshd.c @@ -2042,6 +2042,7 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; -- cgit v1.2.3 From af87af165f25b7db22e32c0b2e55606bc68c450c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:02:28 +1100 Subject: - (djm) [configure.ac defines.h kex.c md-sha256.c] [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] [openbsd-compat/sha2.c] First stab at portability glue for SHA256 KEX support, should work with libc SHA256 support or OpenSSL EVP_sha256 if present --- ChangeLog | 7 +- configure.ac | 15 +- defines.h | 18 +- kex.c | 4 + md-sha256.c | 7 +- openbsd-compat/openbsd-compat.h | 4 +- openbsd-compat/sha2.c | 876 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/sha2.h | 125 ++++++ openbsd-compat/xmmap.c | 4 +- 9 files changed, 1047 insertions(+), 13 deletions(-) create mode 100644 openbsd-compat/sha2.c create mode 100644 openbsd-compat/sha2.h diff --git a/ChangeLog b/ChangeLog index 3cd994f2c..db0a4f633 100644 --- a/ChangeLog +++ b/ChangeLog @@ -242,6 +242,11 @@ using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet + - (djm) [configure.ac defines.h kex.c md-sha256.c] + [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] + [openbsd-compat/sha2.c] First stab at portability glue for SHA256 + KEX support, should work with libc SHA256 support or OpenSSL + EVP_sha256 if present 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4143,4 +4148,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4207 2006/03/15 01:08:28 djm Exp $ +$Id: ChangeLog,v 1.4208 2006/03/15 02:02:28 djm Exp $ diff --git a/configure.ac b/configure.ac index adef4f675..160493f06 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.333 2006/03/13 08:06:51 dtucker Exp $ +# $Id: configure.ac,v 1.334 2006/03/15 02:02:28 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.333 $) +AC_REVISION($Revision: 1.334 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -923,11 +923,9 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_EGREP_CPP(FOUNDIT, - [ - #include - int main(void){glob_t g; g.gl_matchc = 1;} - ], +AC_TRY_COMPILE(FOUNDIT, + [ #include ], + [glob_t g; g.gl_matchc = 1;], [ AC_DEFINE(GLOB_HAS_GL_MATCHC, 1, [Define if your system glob() function has @@ -1883,6 +1881,9 @@ if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") fi +# Search for SHA256 support in libc and/or OpenSSL +AC_CHECK_FUNCS(SHA256_Update EVP_sha256) + AC_CHECK_LIB(iaf, ia_openinfo) ### Configure cryptographic random number support diff --git a/defines.h b/defines.h index f25934176..9ecf18d5a 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */ +/* $Id: defines.h,v 1.131 2006/03/15 02:02:28 djm Exp $ */ /* Constants */ @@ -496,6 +496,22 @@ struct winsize { # define offsetof(type, member) ((size_t) &((type *)0)->member) #endif +/* Set up BSD-style BYTE_ORDER definition if it isn't there already */ +/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */ +#ifndef BYTE_ORDER +# ifndef LITTLE_ENDIAN +# define LITTLE_ENDIAN 1234 +# endif /* LITTLE_ENDIAN */ +# ifndef BIG_ENDIAN +# define BIG_ENDIAN 4321 +# endif /* BIG_ENDIAN */ +# ifdef WORDS_BIGENDIAN +# define BYTE_ORDER BIG_ENDIAN +# else /* WORDS_BIGENDIAN */ +# define BYTE_ORDER LITTLE_ENDIAN +# endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + /* Function replacement / compatibility hacks */ #if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO)) diff --git a/kex.c b/kex.c index 175613b40..70c2c9709 100644 --- a/kex.c +++ b/kex.c @@ -44,7 +44,11 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #define KEX_COOKIE_LEN 16 +#ifdef HAVE_EVP_SHA256 +# define evp_ssh_sha256 EVP_sha256 +#else /* HAVE_EVP_SHA256 */ extern const EVP_MD *evp_ssh_sha256(void); +#endif /* HAVE_EVP_SHA256 */ /* prototype */ static void kex_kexinit_finish(Kex *); diff --git a/md-sha256.c b/md-sha256.c index 08848f841..82c526d33 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -17,8 +17,10 @@ /* EVP wrapper for SHA256 */ #include "includes.h" + +#ifndef HAVE_EVP_SHA256 + #include -#include RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); @@ -69,3 +71,6 @@ evp_ssh_sha256(void) return (&ssh_sha256); } + +#endif /* HAVE_EVP_SHA256 */ + diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 1a3027353..9022c793f 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.34 2006/03/15 02:02:31 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -38,7 +38,7 @@ #include "readpassphrase.h" #include "vis.h" #include "getrrsetbyname.h" - +#include "sha2.h" #ifndef HAVE_BASENAME char *basename(const char *path); diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c new file mode 100644 index 000000000..d04fb25f7 --- /dev/null +++ b/openbsd-compat/sha2.c @@ -0,0 +1,876 @@ +/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */ + +/* + * FILE: sha2.c + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ + +#include "includes.h" + +#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) +#include +#include +#include "sha2.h" + +/* + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * #define SHA2_UNROLL_TRANSFORM + * + */ + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivilent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * #define LITTLE_ENDIAN 1234 + * #define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * #define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * #define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif + + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) +#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) +#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) + +/*** ENDIAN SPECIFIC COPY MACROS **************************************/ +#define BE_8_TO_32(dst, cp) do { \ + (dst) = (u_int32_t)(cp)[3] | ((u_int32_t)(cp)[2] << 8) | \ + ((u_int32_t)(cp)[1] << 16) | ((u_int32_t)(cp)[0] << 24); \ +} while(0) + +#define BE_8_TO_64(dst, cp) do { \ + (dst) = (u_int64_t)(cp)[7] | ((u_int64_t)(cp)[6] << 8) | \ + ((u_int64_t)(cp)[5] << 16) | ((u_int64_t)(cp)[4] << 24) | \ + ((u_int64_t)(cp)[3] << 32) | ((u_int64_t)(cp)[2] << 40) | \ + ((u_int64_t)(cp)[1] << 48) | ((u_int64_t)(cp)[0] << 56); \ +} while (0) + +#define BE_64_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 56; \ + (cp)[1] = (src) >> 48; \ + (cp)[2] = (src) >> 40; \ + (cp)[3] = (src) >> 32; \ + (cp)[4] = (src) >> 24; \ + (cp)[5] = (src) >> 16; \ + (cp)[6] = (src) >> 8; \ + (cp)[7] = (src); \ +} while (0) + +#define BE_32_TO_8(cp, src) do { \ + (cp)[0] = (src) >> 24; \ + (cp)[1] = (src) >> 16; \ + (cp)[2] = (src) >> 8; \ + (cp)[3] = (src); \ +} while (0) + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) do { \ + (w)[0] += (u_int64_t)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} while (0) + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-256: */ +const static u_int32_t K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Initial hash value H for SHA-256: */ +const static u_int32_t sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +/* Hash constant words K for SHA-384 and SHA-512: */ +const static u_int64_t K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* Initial hash value H for SHA-384 */ +const static u_int64_t sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* Initial hash value H for SHA-512 */ +const static u_int64_t sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; + + +/*** SHA-256: *********************************************************/ +void +SHA256_Init(SHA256_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha256_initial_hash_value, + sizeof(sha256_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_32(W256[j], data); \ + data += 4; \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +#define ROUND256(a,b,c,d,e,f,g,h) do { \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 63: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) +{ + u_int32_t a, b, c, d, e, f, g, h, s0, s1; + u_int32_t T1, T2, W256[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_32(W256[j], data); + data += 4; + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + SHA256_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA256_Transform(context->state, data); + context->bitcount += SHA256_BLOCK_LENGTH << 3; + len -= SHA256_BLOCK_LENGTH; + data += SHA256_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +SHA256_Pad(SHA256_CTX *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, + SHA256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA256_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, + SHA256_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Prepare for last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], + context->bitcount); + + /* Final transform: */ + SHA256_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context) +{ + SHA256_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_32_TO_8(digest + i * 4, context->state[i]); +#else + memcpy(digest, context->state, SHA256_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + + +/*** SHA-512: *********************************************************/ +void +SHA512_Init(SHA512_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha512_initial_hash_value, + sizeof(sha512_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ + BE_8_TO_64(W512[j], data); \ + data += 8; \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + + +#define ROUND512(a,b,c,d,e,f,g,h) do { \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ + j++; \ +} while(0) + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +void +SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) +{ + u_int64_t a, b, c, d, e, f, g, h, s0, s1; + u_int64_t T1, T2, W512[16]; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + f = state[5]; + g = state[6]; + h = state[7]; + + j = 0; + do { + BE_8_TO_64(W512[j], data); + data += 8; + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void +SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) +{ + size_t freespace, usedspace; + + /* Calling with no data is valid (we do nothing) */ + if (len == 0) + return; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + SHA512_Transform(context->state, context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + SHA512_Transform(context->state, data); + ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); + len -= SHA512_BLOCK_LENGTH; + data += SHA512_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +SHA512_Pad(SHA512_CTX *context) +{ + unsigned int usedspace; + + usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < SHA512_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + SHA512_Transform(context->state, context->buffer); + + /* And set-up for the last transform: */ + memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits) in big endian format: */ + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], + context->bitcount[1]); + BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8], + context->bitcount[0]); + + /* Final transform: */ + SHA512_Transform(context->state, context->buffer); + + /* Clean up: */ + usedspace = 0; +} + +void +SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context) +{ + SHA512_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 8; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA512_DIGEST_LENGTH); +#endif + memset(context, 0, sizeof(*context)); + } +} + + +/*** SHA-384: *********************************************************/ +void +SHA384_Init(SHA384_CTX *context) +{ + if (context == NULL) + return; + memcpy(context->state, sha384_initial_hash_value, + sizeof(sha384_initial_hash_value)); + memset(context->buffer, 0, sizeof(context->buffer)); + context->bitcount[0] = context->bitcount[1] = 0; +} + +__weak_alias(SHA384_Transform, SHA512_Transform); +__weak_alias(SHA384_Update, SHA512_Update); +__weak_alias(SHA384_Pad, SHA512_Pad); + +void +SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) +{ + SHA384_Pad(context); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != NULL) { +#if BYTE_ORDER == LITTLE_ENDIAN + int i; + + /* Convert TO host byte order */ + for (i = 0; i < 6; i++) + BE_64_TO_8(digest + i * 8, context->state[i]); +#else + memcpy(digest, context->state, SHA384_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + memset(context, 0, sizeof(*context)); +} + +#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h new file mode 100644 index 000000000..fb40bde43 --- /dev/null +++ b/openbsd-compat/sha2.h @@ -0,0 +1,125 @@ +/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $ */ + +/* + * FILE: sha2.h + * AUTHOR: Aaron D. Gifford + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ + */ + +/* OPENBSD ORIGINAL: include/sha2.h */ + +#ifndef _SHA2_H +#define _SHA2_H + +#include "includes.h" + +#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) + + +/*** SHA-256/384/512 Context Structures *******************************/ +typedef struct _SHA256_CTX { + u_int32_t state[8]; + u_int64_t bitcount; + u_int8_t buffer[SHA256_BLOCK_LENGTH]; +} SHA256_CTX; +typedef struct _SHA512_CTX { + u_int64_t state[8]; + u_int64_t bitcount[2]; + u_int8_t buffer[SHA512_BLOCK_LENGTH]; +} SHA512_CTX; + +typedef SHA512_CTX SHA384_CTX; + +void SHA256_Init(SHA256_CTX *); +void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); +void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA256_Pad(SHA256_CTX *); +void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); +char *SHA256_End(SHA256_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); +char *SHA256_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); + +void SHA384_Init(SHA384_CTX *); +void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); +void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA384_Pad(SHA384_CTX *); +void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); +char *SHA384_End(SHA384_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); +char *SHA384_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); + +void SHA512_Init(SHA512_CTX *); +void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); +void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void SHA512_Pad(SHA512_CTX *); +void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *) + __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); +char *SHA512_End(SHA512_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); +char *SHA512_Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); + +#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ + +#endif /* _SHA2_H */ diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 74e8a8b13..68ac91192 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,13 +23,15 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.7 2006/03/15 02:02:31 djm Exp $ */ #include "includes.h" +#include #ifdef HAVE_SYS_MMAN_H #include #endif +#include #include "log.h" -- cgit v1.2.3 From dcf4ca110e751208400660317ae2cee6f28cbff9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:07:48 +1100 Subject: - (djm) [includes.h] Restore accidentally dropped netinet/in.h --- ChangeLog | 3 ++- includes.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index db0a4f633..1664c4fd0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -247,6 +247,7 @@ [openbsd-compat/sha2.c] First stab at portability glue for SHA256 KEX support, should work with libc SHA256 support or OpenSSL EVP_sha256 if present + - (djm) [includes.h] Restore accidentally dropped netinet/in.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4148,4 +4149,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4208 2006/03/15 02:02:28 djm Exp $ +$Id: ChangeLog,v 1.4209 2006/03/15 02:07:48 djm Exp $ diff --git a/includes.h b/includes.h index c3da49ebd..800d23e90 100644 --- a/includes.h +++ b/includes.h @@ -125,6 +125,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* for grantpt() and friends */ #endif +#include #include /* For typedefs */ #include #if defined(HAVE_NETDB_H) -- cgit v1.2.3 From 471e9b3ca6500cff8f97f0a472719b01fa3eeb09 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:09:18 +1100 Subject: - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files --- ChangeLog | 3 ++- Makefile.in | 4 ++-- openbsd-compat/Makefile.in | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1664c4fd0..fbdf12179 100644 --- a/ChangeLog +++ b/ChangeLog @@ -248,6 +248,7 @@ KEX support, should work with libc SHA256 support or OpenSSL EVP_sha256 if present - (djm) [includes.h] Restore accidentally dropped netinet/in.h + - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4149,4 +4150,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4209 2006/03/15 02:07:48 djm Exp $ +$Id: ChangeLog,v 1.4210 2006/03/15 02:09:18 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 1baffb4df..57475f003 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.275 2006/02/19 11:50:20 dtucker Exp $ +# $Id: Makefile.in,v 1.276 2006/03/15 02:09:18 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -66,7 +66,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ - log.o match.o moduli.o nchan.o packet.o \ + log.o match.o md-sha256.o moduli.o nchan.o packet.o \ readpass.o rsa.o ttymodes.o xmalloc.o \ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3a8703bc1..f1a706241 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $ +# $Id: Makefile.in,v 1.38 2006/03/15 02:09:20 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -- cgit v1.2.3 From 41e364bcfa11d5a72c242d0b27ead364b0ebaa5d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:12:41 +1100 Subject: - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present --- ChangeLog | 3 ++- configure.ac | 5 +++-- md-sha256.c | 4 ++++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fbdf12179..be1030f6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -249,6 +249,7 @@ EVP_sha256 if present - (djm) [includes.h] Restore accidentally dropped netinet/in.h - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files + - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4150,4 +4151,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4210 2006/03/15 02:09:18 djm Exp $ +$Id: ChangeLog,v 1.4211 2006/03/15 02:12:41 djm Exp $ diff --git a/configure.ac b/configure.ac index 160493f06..fc54f3b54 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.334 2006/03/15 02:02:28 djm Exp $ +# $Id: configure.ac,v 1.335 2006/03/15 02:12:41 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.334 $) +AC_REVISION($Revision: 1.335 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -690,6 +690,7 @@ AC_CHECK_HEADERS( \ readpassphrase.h \ rpc/types.h \ security/pam_appl.h \ + sha2.h \ shadow.h \ stddef.h \ stdint.h \ diff --git a/md-sha256.c b/md-sha256.c index 82c526d33..ff7f38157 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -20,7 +20,11 @@ #ifndef HAVE_EVP_SHA256 +#include #include +#if defined(HAVE_SHA2_H) && defined(HAVE_SHA256_UPDATE) +# include +#endif RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); -- cgit v1.2.3 From b3b4ba3fba90ecc80877f2dbdb2c3b50e9fce227 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 13:13:27 +1100 Subject: - (djm) [regress/.cvsignore] Ignore Makefile here --- ChangeLog | 3 ++- regress/.cvsignore | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 regress/.cvsignore diff --git a/ChangeLog b/ChangeLog index be1030f6e..1628cfa8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -250,6 +250,7 @@ - (djm) [includes.h] Restore accidentally dropped netinet/in.h - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present + - (djm) [regress/.cvsignore] Ignore Makefile here 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4151,4 +4152,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4211 2006/03/15 02:12:41 djm Exp $ +$Id: ChangeLog,v 1.4212 2006/03/15 02:13:27 djm Exp $ diff --git a/regress/.cvsignore b/regress/.cvsignore new file mode 100644 index 000000000..f3c7a7c5d --- /dev/null +++ b/regress/.cvsignore @@ -0,0 +1 @@ +Makefile -- cgit v1.2.3 From 627725281e348dee76fa9c588923bd28247e2520 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:01:11 +1100 Subject: - (djm) [loginrec.c] Need stat.h --- ChangeLog | 3 ++- loginrec.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1628cfa8f..241961575 100644 --- a/ChangeLog +++ b/ChangeLog @@ -251,6 +251,7 @@ - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present - (djm) [regress/.cvsignore] Ignore Makefile here + - (djm) [loginrec.c] Need stat.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4152,4 +4153,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4212 2006/03/15 02:13:27 djm Exp $ +$Id: ChangeLog,v 1.4213 2006/03/15 03:01:11 djm Exp $ diff --git a/loginrec.c b/loginrec.c index d096346ec..9f9eb69a7 100644 --- a/loginrec.c +++ b/loginrec.c @@ -147,6 +147,9 @@ #include "includes.h" +#include +#include + #include "ssh.h" #include "xmalloc.h" #include "loginrec.h" @@ -165,7 +168,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.71 2005/11/22 08:55:13 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.72 2006/03/15 03:01:11 djm Exp $"); /** ** prototypes for helper functions in this file -- cgit v1.2.3 From a62380786075ece35897bef1ba01386a55f7de33 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:02:01 +1100 Subject: - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with system sha2.h --- ChangeLog | 4 +++- openbsd-compat/sha2.h | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 241961575..d574dc222 100644 --- a/ChangeLog +++ b/ChangeLog @@ -252,6 +252,8 @@ - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present - (djm) [regress/.cvsignore] Ignore Makefile here - (djm) [loginrec.c] Need stat.h + - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with + system sha2.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4153,4 +4155,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4213 2006/03/15 03:01:11 djm Exp $ +$Id: ChangeLog,v 1.4214 2006/03/15 03:02:01 djm Exp $ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index fb40bde43..5e2641c4b 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h @@ -36,8 +36,8 @@ /* OPENBSD ORIGINAL: include/sha2.h */ -#ifndef _SHA2_H -#define _SHA2_H +#ifndef _SSHSHA2_H +#define _SSHSHA2_H #include "includes.h" @@ -122,4 +122,4 @@ char *SHA512_Data(const u_int8_t *, size_t, char *) #endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ -#endif /* _SHA2_H */ +#endif /* _SSHSHA2_H */ -- cgit v1.2.3 From 3717cdac6087c3e5a0df0def4d3c41694e1b55fe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:02:36 +1100 Subject: - (djm) [ssh-rand-helper.c] Needs a bunch of headers --- ChangeLog | 3 ++- ssh-rand-helper.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d574dc222..0edca130a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -254,6 +254,7 @@ - (djm) [loginrec.c] Need stat.h - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with system sha2.h + - (djm) [ssh-rand-helper.c] Needs a bunch of headers 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4155,4 +4156,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4214 2006/03/15 03:02:01 djm Exp $ +$Id: ChangeLog,v 1.4215 2006/03/15 03:02:36 djm Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 87e52cf75..d6e631317 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -24,6 +24,17 @@ #include "includes.h" +#include +#include +#include +#include + +#ifdef HAVE_SYS_UN_H +# include +#endif + +#include + #include #include #include @@ -39,7 +50,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.27 2006/03/15 03:02:36 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 -- cgit v1.2.3 From 42fb06898ed362df4c58226fc449dbe738d4ea3f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:03:06 +1100 Subject: - (djm) [ssh-agent.c] Restore dropped stat.h --- ChangeLog | 3 ++- ssh-agent.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0edca130a..54bfc7c06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -255,6 +255,7 @@ - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with system sha2.h - (djm) [ssh-rand-helper.c] Needs a bunch of headers + - (djm) [ssh-agent.c] Restore dropped stat.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4156,4 +4157,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4215 2006/03/15 03:02:36 djm Exp $ +$Id: ChangeLog,v 1.4216 2006/03/15 03:03:06 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index b45087629..b09ce86f2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -37,6 +37,7 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.129 2006/02/20 17:02:44 stevesk Exp $"); #include +#include #ifdef HAVE_SYS_UN_H # include #endif -- cgit v1.2.3 From 34877d2e1744237569555c73afbed02e338218f2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:36:55 +1100 Subject: - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out SHA384, which we don't need and doesn't compile without tweaks --- ChangeLog | 4 +++- openbsd-compat/sha2.c | 2 ++ openbsd-compat/sha2.h | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 54bfc7c06..d361e71f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -256,6 +256,8 @@ system sha2.h - (djm) [ssh-rand-helper.c] Needs a bunch of headers - (djm) [ssh-agent.c] Restore dropped stat.h + - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out + SHA384, which we don't need and doesn't compile without tweaks 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4157,4 +4159,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4216 2006/03/15 03:03:06 djm Exp $ +$Id: ChangeLog,v 1.4217 2006/03/15 03:37:48 djm Exp $ diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index d04fb25f7..36ab60e62 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c @@ -835,6 +835,7 @@ SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context) } +#if 0 /*** SHA-384: *********************************************************/ void SHA384_Init(SHA384_CTX *context) @@ -872,5 +873,6 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) /* Zero out state data */ memset(context, 0, sizeof(*context)); } +#endif #endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index 5e2641c4b..1d6aa61e9 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h @@ -67,7 +67,9 @@ typedef struct _SHA512_CTX { u_int8_t buffer[SHA512_BLOCK_LENGTH]; } SHA512_CTX; +#if 0 typedef SHA512_CTX SHA384_CTX; +#endif void SHA256_Init(SHA256_CTX *); void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); @@ -86,6 +88,7 @@ char *SHA256_Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); +#if 0 void SHA384_Init(SHA384_CTX *); void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) @@ -102,6 +105,7 @@ char *SHA384_FileChunk(const char *, char *, off_t, off_t) char *SHA384_Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); +#endif /* 0 */ void SHA512_Init(SHA512_CTX *); void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); -- cgit v1.2.3 From 6645e7a70d1b46b2cb408e1a13755c300a0d47c2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 14:42:54 +1100 Subject: - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris --- ChangeLog | 8 +++++++- auth-pam.c | 7 ++++++- clientloop.c | 2 ++ includes.h | 1 + monitor.c | 2 ++ openbsd-compat/bsd-misc.c | 5 ++++- openbsd-compat/bsd-openpty.c | 2 ++ openbsd-compat/glob.c | 3 +++ openbsd-compat/mktemp.c | 4 ++++ openbsd-compat/readpassphrase.c | 2 ++ session.c | 2 ++ sftp-client.c | 1 + ssh-keysign.c | 2 ++ ssh.c | 2 ++ sshconnect.c | 2 ++ sshconnect2.c | 1 - sshd.c | 2 ++ 17 files changed, 44 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d361e71f2..c30c0e399 100644 --- a/ChangeLog +++ b/ChangeLog @@ -258,6 +258,12 @@ - (djm) [ssh-agent.c] Restore dropped stat.h - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out SHA384, which we don't need and doesn't compile without tweaks + - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] + [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] + [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] + [openbsd-compat/glob.c openbsd-compat/mktemp.c] + [openbsd-compat/readpassphrase.c] Lots of include fixes for + OpenSolaris 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4159,4 +4165,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4217 2006/03/15 03:37:48 djm Exp $ +$Id: ChangeLog,v 1.4218 2006/03/15 03:42:54 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index fb9ae954a..49cf32369 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,12 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.128 2006/01/29 05:46:13 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.129 2006/03/15 03:42:55 djm Exp $"); + +#include +#include +#include +#include #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) diff --git a/clientloop.c b/clientloop.c index dba3e96c3..83706c297 100644 --- a/clientloop.c +++ b/clientloop.c @@ -68,7 +68,9 @@ RCSID("$OpenBSD: clientloop.c,v 1.155 2006/02/22 00:04:44 stevesk Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include diff --git a/includes.h b/includes.h index 800d23e90..431fa2d13 100644 --- a/includes.h +++ b/includes.h @@ -103,6 +103,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_STDINT_H # include #endif +#include #ifdef HAVE_SYS_BITYPES_H # include /* For u_intXX_t */ #endif diff --git a/monitor.c b/monitor.c index 30849a371..502d54efa 100644 --- a/monitor.c +++ b/monitor.c @@ -30,7 +30,9 @@ RCSID("$OpenBSD: monitor.c,v 1.69 2006/03/07 09:07:40 djm Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #ifdef SKEY diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index d32b054d7..00482616d 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -16,9 +16,12 @@ */ #include "includes.h" + +#include + #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.29 2006/03/15 03:42:57 djm Exp $"); #ifndef HAVE___PROGNAME char *__progname; diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 8eb62b7a8..28929de67 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -46,6 +46,8 @@ # include #endif +#include + #ifndef O_NOCTTY #define O_NOCTTY 0 #endif diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index f6a04ea3f..fd3d86c4c 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -34,6 +34,9 @@ /* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ #include "includes.h" +#include +#include +#include #include static long diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 88e04c520..53a50c512 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -35,6 +35,10 @@ #include "includes.h" +#include +#include +#include + #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) static int _gettemp(char *, int *, int, int); diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 919c0174a..95e26dcd4 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -27,6 +27,8 @@ #ifndef HAVE_READPASSPHRASE #include +#include +#include #include #ifdef TCSASOFT diff --git a/session.c b/session.c index 6fb63d3ad..8eb1a03e5 100644 --- a/session.c +++ b/session.c @@ -42,7 +42,9 @@ RCSID("$OpenBSD: session.c,v 1.197 2006/02/28 01:10:21 djm Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include "ssh.h" diff --git a/sftp-client.c b/sftp-client.c index 042ab8879..6637feca4 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -26,6 +26,7 @@ RCSID("$OpenBSD: sftp-client.c,v 1.60 2006/02/20 17:19:54 stevesk Exp $"); #ifdef HAVE_SYS_STAT_H # include #endif +# include #include "openbsd-compat/sys-queue.h" diff --git a/ssh-keysign.c b/ssh-keysign.c index f2ee214e1..aa0260bf8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -24,7 +24,9 @@ #include "includes.h" RCSID("$OpenBSD: ssh-keysign.c,v 1.20 2006/02/08 12:15:27 stevesk Exp $"); +#ifdef HAVE_PATHS_H #include +#endif #include #include diff --git a/ssh.c b/ssh.c index 6f185b4a7..911231a6c 100644 --- a/ssh.c +++ b/ssh.c @@ -51,7 +51,9 @@ RCSID("$OpenBSD: ssh.c,v 1.266 2006/03/12 04:23:07 djm Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include diff --git a/sshconnect.c b/sshconnect.c index 9d1c8593c..340270731 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -20,7 +20,9 @@ RCSID("$OpenBSD: sshconnect.c,v 1.176 2006/02/22 00:04:45 stevesk Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include "ssh.h" #include "xmalloc.h" diff --git a/sshconnect2.c b/sshconnect2.c index b01a3ca5b..2467d235c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -27,7 +27,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.147 2006/03/07 09:07:40 djm Exp $"); #include #include -#include #include #include "openbsd-compat/sys-queue.h" diff --git a/sshd.c b/sshd.c index 6f458eb3b..aef4db109 100644 --- a/sshd.c +++ b/sshd.c @@ -51,7 +51,9 @@ RCSID("$OpenBSD: sshd.c,v 1.325 2006/03/13 08:16:00 djm Exp $"); #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include -- cgit v1.2.3 From 7a4cf232c9861ccc5e824005ab696f73511f7520 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 14 Mar 2006 21:04:18 -0800 Subject: - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" warnings. --- ChangeLog | 4 +++- includes.h | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c30c0e399..e2bedaad8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -264,6 +264,8 @@ [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris + - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" + warnings. 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4165,4 +4167,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4218 2006/03/15 03:42:54 djm Exp $ +$Id: ChangeLog,v 1.4219 2006/03/15 05:04:18 tim Exp $ diff --git a/includes.h b/includes.h index 431fa2d13..c9f6f3723 100644 --- a/includes.h +++ b/includes.h @@ -110,6 +110,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_SYS_CDEFS_H # include /* For __P() */ #endif +#ifdef HAVE_SYS_STAT_H +# include /* For S_* constants and macros */ +#endif #ifdef HAVE_SYS_SYSMACROS_H # include /* For MIN, MAX, etc */ #endif -- cgit v1.2.3 From 4b23f7c660efee1b4158b6a9fa0197ff9f8f6692 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 14 Mar 2006 22:09:50 -0800 Subject: - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some includes removed from includes.h --- ChangeLog | 5 +++-- openbsd-compat/port-tun.c | 3 +++ sshpty.c | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e2bedaad8..c0a0a4ebe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -265,7 +265,8 @@ [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" - warnings. + - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some + includes removed from includes.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4167,4 +4168,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4219 2006/03/15 05:04:18 tim Exp $ +$Id: ChangeLog,v 1.4220 2006/03/15 06:09:50 tim Exp $ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 31921615f..d09fe3d06 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -16,6 +16,9 @@ #include "includes.h" +#include +#include + #include "log.h" #include "misc.h" #include "bufaux.h" diff --git a/sshpty.c b/sshpty.c index 7cfcf91f6..7241580a8 100644 --- a/sshpty.c +++ b/sshpty.c @@ -17,6 +17,7 @@ RCSID("$OpenBSD: sshpty.c,v 1.16 2006/02/20 17:19:54 stevesk Exp $"); #include #include #include +#include #ifdef HAVE_PATHS_H # include -- cgit v1.2.3 From 486d95e6f78e7b27bbdc932ee6fdce0d28b2f8d9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Mar 2006 21:31:39 +1100 Subject: - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c0a0a4ebe..0141c327c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -267,6 +267,7 @@ - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some includes removed from includes.h + - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4168,4 +4169,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4220 2006/03/15 06:09:50 tim Exp $ +$Id: ChangeLog,v 1.4221 2006/03/15 10:31:39 dtucker Exp $ diff --git a/configure.ac b/configure.ac index fc54f3b54..72577a728 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.335 2006/03/15 02:12:41 djm Exp $ +# $Id: configure.ac,v 1.336 2006/03/15 10:31:39 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.335 $) +AC_REVISION($Revision: 1.336 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -924,7 +924,7 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_TRY_COMPILE(FOUNDIT, +AC_TRY_COMPILE( [ #include ], [glob_t g; g.gl_matchc = 1;], [ -- cgit v1.2.3 From b0024914c98f4e622e1d1ae0ecc67d3fe9dd9830 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 15 Mar 2006 21:48:54 +1100 Subject: - (djm) [includes.h] Put back paths.h, it is needed in defines.h --- ChangeLog | 3 ++- includes.h | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0141c327c..5a6923b04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -268,6 +268,7 @@ - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some includes removed from includes.h - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE + - (djm) [includes.h] Put back paths.h, it is needed in defines.h 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4169,4 +4170,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4221 2006/03/15 10:31:39 dtucker Exp $ +$Id: ChangeLog,v 1.4222 2006/03/15 10:48:54 djm Exp $ diff --git a/includes.h b/includes.h index c9f6f3723..65c34c496 100644 --- a/includes.h +++ b/includes.h @@ -61,7 +61,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # include /* For _PATH_MAILDIR */ #endif #ifdef HAVE_NEXT -# include +# include +#endif +#ifdef HAVE_PATHS +# include #endif #include /* For STDIN_FILENO, etc */ -- cgit v1.2.3 From dc6118e1272e91fd4faebde7b2ea85a36dd6f08d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Mar 2006 22:25:54 +1100 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs sys/ioctl.h for struct winsize. --- ChangeLog | 4 +++- openbsd-compat/openbsd-compat.h | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5a6923b04..339568ddd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -269,6 +269,8 @@ includes removed from includes.h - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE - (djm) [includes.h] Put back paths.h, it is needed in defines.h + - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs + sys/ioctl.h for struct winsize. 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4170,4 +4172,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4222 2006/03/15 10:48:54 djm Exp $ +$Id: ChangeLog,v 1.4223 2006/03/15 11:25:54 dtucker Exp $ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 9022c793f..432b183e7 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.34 2006/03/15 02:02:31 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.35 2006/03/15 11:25:55 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -147,6 +147,7 @@ int asprintf(char **, const char *, ...); #endif #ifndef HAVE_OPENPTY +# include /* for struct winsize */ int openpty(int *, int *, char *, struct termios *, struct winsize *); #endif /* HAVE_OPENPTY */ -- cgit v1.2.3 From 8bb9e2c9000d5cfe8d5503d67d48a8a4e153ec39 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Mar 2006 22:28:17 +1100 Subject: - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. --- ChangeLog | 3 ++- configure.ac | 10 +++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 339568ddd..cdbf5d737 100644 --- a/ChangeLog +++ b/ChangeLog @@ -271,6 +271,7 @@ - (djm) [includes.h] Put back paths.h, it is needed in defines.h - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs sys/ioctl.h for struct winsize. + - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) @@ -4172,4 +4173,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4223 2006/03/15 11:25:54 dtucker Exp $ +$Id: ChangeLog,v 1.4224 2006/03/15 11:28:17 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 72577a728..f8faa2660 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.336 2006/03/15 10:31:39 dtucker Exp $ +# $Id: configure.ac,v 1.337 2006/03/15 11:28:17 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.336 $) +AC_REVISION($Revision: 1.337 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -679,7 +679,6 @@ AC_CHECK_HEADERS( \ iaf.h \ limits.h \ login.h \ - login_cap.h \ maillock.h \ ndir.h \ netdb.h \ @@ -740,6 +739,11 @@ AC_CHECK_HEADERS(sys/ptms.h, [], [], [ #endif ]) +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS(login_cap.h, [], [], [ +#include +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From d82cbcb9da3c2a908bd7704b1d9e5686f936ced3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 16 Mar 2006 07:21:35 +1100 Subject: - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. --- ChangeLog | 5 ++++- entropy.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index cdbf5d737..308f9d1ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060316 + - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. + 20060315 - (djm) OpenBSD CVS Sync: - msf@cvs.openbsd.org 2006/02/06 15:54:07 @@ -4173,4 +4176,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4224 2006/03/15 11:28:17 dtucker Exp $ +$Id: ChangeLog,v 1.4225 2006/03/15 20:21:35 dtucker Exp $ diff --git a/entropy.c b/entropy.c index e5b45b0b6..91724273e 100644 --- a/entropy.c +++ b/entropy.c @@ -24,6 +24,9 @@ #include "includes.h" +#include +#include + #include #include #include @@ -48,7 +51,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $"); +RCSID("$Id: entropy.c,v 1.53 2006/03/15 20:21:35 dtucker Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 -- cgit v1.2.3 From c495301bf8cd3a05512e702af212631abab52b88 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 16 Mar 2006 08:14:34 +1100 Subject: - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in /usr/include/crypto. Hint from djm@. --- ChangeLog | 4 +++- configure.ac | 5 +++-- md-sha256.c | 8 ++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 308f9d1ec..1c4fdef89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20060316 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. + - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in + /usr/include/crypto. Hint from djm@. 20060315 - (djm) OpenBSD CVS Sync: @@ -4176,4 +4178,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4225 2006/03/15 20:21:35 dtucker Exp $ +$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f8faa2660..9e037ab0e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.337 2006/03/15 11:28:17 dtucker Exp $ +# $Id: configure.ac,v 1.338 2006/03/15 21:14:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.337 $) +AC_REVISION($Revision: 1.338 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -669,6 +669,7 @@ dnl Checks for header files. AC_CHECK_HEADERS( \ bstring.h \ crypt.h \ + crypto/sha2.h \ dirent.h \ endian.h \ features.h \ diff --git a/md-sha256.c b/md-sha256.c index ff7f38157..0b1ed5828 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -22,8 +22,12 @@ #include #include -#if defined(HAVE_SHA2_H) && defined(HAVE_SHA256_UPDATE) -# include +#ifdef HAVE_SHA256_UPDATE +# ifdef HAVE_SHA2_H +# include +# elif defined(HAVE_CRYPTO_SHA2_H) +# include +# endif #endif RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); -- cgit v1.2.3 From 425a6886f99235e61faf8ea67c8f573f188eb2b2 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 15 Mar 2006 20:17:05 -0800 Subject: - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me. --- ChangeLog | 4 +++- kex.c | 8 +++++--- md-sha256.c | 5 +++-- myproposal.h | 14 +++++++++++++- openbsd-compat/sha2.c | 8 ++++++-- openbsd-compat/sha2.h | 8 ++++++-- 6 files changed, 36 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1c4fdef89..aa2918414 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in /usr/include/crypto. Hint from djm@. + - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] + Disable sha256 when openssl < 0.9.7. Patch from djm@. 20060315 - (djm) OpenBSD CVS Sync: @@ -4178,4 +4180,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $ +$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $ diff --git a/kex.c b/kex.c index 70c2c9709..8610a7dab 100644 --- a/kex.c +++ b/kex.c @@ -44,11 +44,13 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #define KEX_COOKIE_LEN 16 -#ifdef HAVE_EVP_SHA256 +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define evp_ssh_sha256() NULL +#elif defined(HAVE_EVP_SHA256) # define evp_ssh_sha256 EVP_sha256 -#else /* HAVE_EVP_SHA256 */ +#else extern const EVP_MD *evp_ssh_sha256(void); -#endif /* HAVE_EVP_SHA256 */ +#endif /* prototype */ static void kex_kexinit_finish(Kex *); diff --git a/md-sha256.c b/md-sha256.c index 0b1ed5828..064228a4a 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -17,8 +17,9 @@ /* EVP wrapper for SHA256 */ #include "includes.h" +#include -#ifndef HAVE_EVP_SHA256 +#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include #include @@ -80,5 +81,5 @@ evp_ssh_sha256(void) return (&ssh_sha256); } -#endif /* HAVE_EVP_SHA256 */ +#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ diff --git a/myproposal.h b/myproposal.h index cc94a8ed2..43c540209 100644 --- a/myproposal.h +++ b/myproposal.h @@ -23,11 +23,23 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#define KEX_DEFAULT_KEX \ + +#include + +/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define KEX_DEFAULT_KEX \ + "diffie-hellman-group-exchange-sha1," \ + "diffie-hellman-group14-sha1," \ + "diffie-hellman-group1-sha1" +#else +# define KEX_DEFAULT_KEX \ "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" +#endif + #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index 36ab60e62..cf8e0ad66 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c @@ -38,7 +38,10 @@ #include "includes.h" -#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) +#include + +#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include #include #include "sha2.h" @@ -875,4 +878,5 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) } #endif -#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ +#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index 1d6aa61e9..821f2dd6c 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h @@ -41,7 +41,10 @@ #include "includes.h" -#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) +#include + +#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) /*** SHA-256/384/512 Various Length Definitions ***********************/ #define SHA256_BLOCK_LENGTH 64 @@ -124,6 +127,7 @@ char *SHA512_Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); -#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ +#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \ + (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ #endif /* _SSHSHA2_H */ -- cgit v1.2.3 From b309203ce0fd065e74ee22349a16488a7713867b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 16 Mar 2006 18:22:18 +1100 Subject: - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old OpenSSL; ok tim --- ChangeLog | 4 +++- kex.c | 10 ++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa2918414..59ac3ad54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ /usr/include/crypto. Hint from djm@. - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable sha256 when openssl < 0.9.7. Patch from djm@. + - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old + OpenSSL; ok tim 20060315 - (djm) OpenBSD CVS Sync: @@ -4180,4 +4182,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $ +$Id: ChangeLog,v 1.4228 2006/03/16 07:22:18 djm Exp $ diff --git a/kex.c b/kex.c index 8610a7dab..23d8d2923 100644 --- a/kex.c +++ b/kex.c @@ -44,12 +44,12 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #define KEX_COOKIE_LEN 16 -#if OPENSSL_VERSION_NUMBER < 0x00907000L -# define evp_ssh_sha256() NULL -#elif defined(HAVE_EVP_SHA256) +#if OPENSSL_VERSION_NUMBER >= 0x00907000L +# if defined(HAVE_EVP_SHA256) # define evp_ssh_sha256 EVP_sha256 -#else +# else extern const EVP_MD *evp_ssh_sha256(void); +# endif #endif /* prototype */ @@ -309,9 +309,11 @@ choose_kex(Kex *k, char *client, char *server) } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; k->evp_md = EVP_sha1(); +#if OPENSSL_VERSION_NUMBER >= 0x00907000L } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { k->kex_type = KEX_DH_GEX_SHA256; k->evp_md = evp_ssh_sha256(); +#endif } else fatal("bad kex alg %s", k->name); } -- cgit v1.2.3 From 66f9eb65ff494e69fc0bdfede303c60763ad5515 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 18 Mar 2006 23:04:49 +1100 Subject: - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via elad AT NetBSD.org --- ChangeLog | 6 +++++- auth-pam.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59ac3ad54..61bf3b852 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060318 +- (djm) [auth-pam.c] Fix memleak in error path, from Coverity via + elad AT NetBSD.org + 20060316 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in @@ -4182,4 +4186,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4228 2006/03/16 07:22:18 djm Exp $ +$Id: ChangeLog,v 1.4229 2006/03/18 12:04:49 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 49cf32369..2d975c394 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.129 2006/03/15 03:42:55 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.130 2006/03/18 12:04:49 djm Exp $"); #include #include @@ -729,6 +729,7 @@ sshpam_query(void *ctx, char **name, char **info, *num = 0; **echo_on = 0; ctxt->pam_done = -1; + xfree(msg); return 0; } /* FALLTHROUGH */ -- cgit v1.2.3 From 9834cab32ef1abd8f0e4e74852ac52c35cfce0ef Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 19 Mar 2006 00:07:07 +1100 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take a LLONG rather than a long. Fixes scp'ing of large files on platforms with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. --- ChangeLog | 9 ++++++--- openbsd-compat/bsd-snprintf.c | 8 ++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61bf3b852..342844d33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20060318 -- (djm) [auth-pam.c] Fix memleak in error path, from Coverity via - elad AT NetBSD.org + - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via + elad AT NetBSD.org + - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take + a LLONG rather than a long. Fixes scp'ing of large files on platforms + with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. 20060316 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. @@ -4186,4 +4189,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4229 2006/03/18 12:04:49 djm Exp $ +$Id: ChangeLog,v 1.4230 2006/03/18 13:07:07 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index e4ba154fd..571c61fc0 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -89,7 +89,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.11 2005/12/17 11:32:04 dtucker Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.12 2006/03/18 13:07:07 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -161,7 +161,7 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags); + LLONG value, int base, int min, int max, int flags); static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, LDOUBLE fvalue, int min, int max, int flags); static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); @@ -468,10 +468,10 @@ static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags) + LLONG value, int base, int min, int max, int flags) { int signvalue = 0; - unsigned long uvalue; + unsigned LLONG uvalue; char convert[20]; int place = 0; int spadlen = 0; /* amount to space pad */ -- cgit v1.2.3 From 3e96d742743b150025588b7200c7998d7e4ec2c6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 25 Mar 2006 23:39:29 +1100 Subject: - djm@cvs.openbsd.org 2006/03/16 04:24:42 [ssh.1] Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs that OpenSSH supports --- ChangeLog | 9 ++++++++- ssh.1 | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 342844d33..2281accdc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060325 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/03/16 04:24:42 + [ssh.1] + Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs + that OpenSSH supports + 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via elad AT NetBSD.org @@ -4189,4 +4196,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4230 2006/03/18 13:07:07 dtucker Exp $ +$Id: ChangeLog,v 1.4231 2006/03/25 12:39:29 djm Exp $ diff --git a/ssh.1 b/ssh.1 index e66ad9e88..139b00154 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.257 2006/02/24 20:31:30 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.258 2006/03/16 04:24:42 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1388,6 +1388,11 @@ manual page for more information. .%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" .%D 2006 .Re +.Rs +.%R RFC 4419 +.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3 From b0fb6872ed2efe3a116083e43dd4f5f47cd4882b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:03:21 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die --- ChangeLog | 27 ++++++++++++++++++++++++++- atomicio.c | 1 - auth-bsdauth.c | 1 - auth-chall.c | 1 - auth-krb5.c | 1 - auth-options.c | 1 - auth-pam.c | 1 - auth-passwd.c | 1 - auth-rh-rsa.c | 1 - auth-rhosts.c | 1 - auth-rsa.c | 1 - auth-shadow.c | 1 - auth-skey.c | 1 - auth.c | 1 - auth1.c | 1 - auth2-chall.c | 1 - auth2-hostbased.c | 1 - auth2-kbdint.c | 1 - auth2-none.c | 1 - auth2-passwd.c | 1 - auth2-pubkey.c | 1 - auth2.c | 1 - authfd.c | 1 - authfile.c | 1 - bufaux.c | 1 - buffer.c | 1 - canohost.c | 1 - channels.c | 1 - cipher-3des1.c | 1 - cipher-acss.c | 2 -- cipher-aes.c | 1 - cipher-bf1.c | 1 - cipher-ctr.c | 1 - cipher.c | 1 - cleanup.c | 1 - clientloop.c | 1 - compat.c | 1 - compress.c | 1 - deattack.c | 1 - dh.c | 1 - dispatch.c | 1 - dns.c | 3 +-- entropy.c | 2 -- fatal.c | 1 - groupaccess.c | 1 - hostfile.c | 1 - includes.h | 5 +---- kex.c | 1 - kexdh.c | 1 - kexdhc.c | 1 - kexdhs.c | 1 - kexgex.c | 1 - kexgexc.c | 1 - kexgexs.c | 1 - key.c | 1 - log.c | 1 - loginrec.c | 2 -- loginrec.h | 2 -- logintest.c | 2 -- mac.c | 1 - match.c | 1 - md-sha256.c | 2 -- md5crypt.c | 2 -- misc.c | 1 - monitor.c | 1 - monitor_fdpass.c | 1 - monitor_mm.c | 1 - monitor_wrap.c | 1 - msg.c | 1 - nchan.c | 1 - openbsd-compat/bsd-arc4random.c | 2 -- openbsd-compat/bsd-closefrom.c | 2 -- openbsd-compat/bsd-cygwin_util.c | 2 -- openbsd-compat/bsd-getpeereid.c | 2 -- openbsd-compat/bsd-misc.c | 2 -- openbsd-compat/bsd-nextstep.c | 2 -- openbsd-compat/bsd-snprintf.c | 2 -- openbsd-compat/bsd-waitpid.c | 2 -- openbsd-compat/fake-rfc2553.c | 2 -- packet.c | 1 - progressmeter.c | 1 - readconf.c | 1 - readpass.c | 1 - rsa.c | 1 - scard.c | 1 - scp.c | 1 - servconf.c | 1 - serverloop.c | 1 - session.c | 1 - sftp-client.c | 1 - sftp-common.c | 1 - sftp-glob.c | 1 - sftp-server.c | 1 - sftp.c | 1 - ssh-add.c | 1 - ssh-agent.c | 1 - ssh-dss.c | 1 - ssh-keygen.c | 1 - ssh-keyscan.c | 1 - ssh-keysign.c | 1 - ssh-rand-helper.c | 2 -- ssh-rsa.c | 1 - ssh.c | 1 - sshconnect.c | 1 - sshconnect1.c | 1 - sshconnect2.c | 1 - sshd.c | 1 - sshlogin.c | 1 - sshpty.c | 1 - sshtty.c | 1 - ttymodes.c | 1 - uidswap.c | 1 - uuencode.c | 1 - xmalloc.c | 1 - 114 files changed, 28 insertions(+), 135 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2281accdc..64a20a4c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,31 @@ [ssh.1] Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs that OpenSSH supports + - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 + [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] + [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] + [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] + [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] + [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] + [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] + [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] + [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] + [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] + [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] + [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] + [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] + [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] + [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] + [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] + [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] + [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] + [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] + [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] + [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] + [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] + [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] + [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] + RCSID() can die 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4196,4 +4221,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4231 2006/03/25 12:39:29 djm Exp $ +$Id: ChangeLog,v 1.4232 2006/03/25 13:03:21 djm Exp $ diff --git a/atomicio.c b/atomicio.c index 8dd271b6d..afe306b1b 100644 --- a/atomicio.c +++ b/atomicio.c @@ -25,7 +25,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.14 2006/02/11 19:31:18 otto Exp $"); #include "atomicio.h" diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 920c977d8..f48b43174 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -22,7 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" diff --git a/auth-chall.c b/auth-chall.c index e4f783096..7707023a4 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" diff --git a/auth-krb5.c b/auth-krb5.c index 64d613543..8bdc64edf 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" diff --git a/auth-options.c b/auth-options.c index ad97e6129..77488a49d 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "match.h" diff --git a/auth-pam.c b/auth-pam.c index 2d975c394..3d64de76a 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,6 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.130 2006/03/18 12:04:49 djm Exp $"); #include #include diff --git a/auth-passwd.c b/auth-passwd.c index 6e6d0d76a..df202dde3 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -36,7 +36,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $"); #include "packet.h" #include "buffer.h" diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index c31f2b97b..f9c386dba 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -13,7 +13,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.38 2005/07/17 07:17:54 djm Exp $"); #include "packet.h" #include "uidswap.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index 1deeb30b9..098893563 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.35 2006/02/20 17:19:53 stevesk Exp $"); #include #include diff --git a/auth-rsa.c b/auth-rsa.c index 275c0b67b..effff5d2a 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.64 2006/02/20 17:19:53 stevesk Exp $"); #include #include diff --git a/auth-shadow.c b/auth-shadow.c index 59737b93c..c8d5dd3c1 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include diff --git a/auth-skey.c b/auth-skey.c index f676dbec9..ce8c1a809 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -22,7 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); #ifdef SKEY diff --git a/auth.c b/auth.c index fca373b80..35bc5ea1d 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.62 2006/02/20 17:19:53 stevesk Exp $"); #include #include diff --git a/auth1.c b/auth1.c index 4bc2bf76d..cc1092abf 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "rsa.h" diff --git a/auth2-chall.c b/auth2-chall.c index b147cadf3..8860a94c5 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $"); #include "ssh2.h" #include "auth.h" diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 1111ed67a..251828496 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" diff --git a/auth2-kbdint.c b/auth2-kbdint.c index fa8364975..1b902e4cb 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-kbdint.c,v 1.2 2002/05/31 11:35:15 markus Exp $"); #include "packet.h" #include "auth.h" diff --git a/auth2-none.c b/auth2-none.c index 2eb27a914..19cc2b1b7 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-none.c,v 1.8 2006/02/20 17:19:54 stevesk Exp $"); #include #include diff --git a/auth2-passwd.c b/auth2-passwd.c index 2321ef47b..41507af1d 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $"); #include "xmalloc.h" #include "packet.h" diff --git a/auth2-pubkey.c b/auth2-pubkey.c index ea1367070..a59c37993 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.10 2006/02/20 17:19:54 stevesk Exp $"); #include #include diff --git a/auth2.c b/auth2.c index d255242ed..b49cc79c7 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" diff --git a/authfd.c b/authfd.c index 06e6d4a4c..a3f22cfc7 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.67 2006/02/20 16:36:14 stevesk Exp $"); #include #include diff --git a/authfile.c b/authfile.c index 0656262d0..d529c8340 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.63 2006/03/13 10:26:52 dtucker Exp $"); #include #include diff --git a/bufaux.c b/bufaux.c index 106a3a0c7..19f6708f0 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $"); #include #include "bufaux.h" diff --git a/buffer.c b/buffer.c index 487e08105..08682e0f1 100644 --- a/buffer.c +++ b/buffer.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $"); #include "xmalloc.h" #include "buffer.h" diff --git a/canohost.c b/canohost.c index f15aecb62..4fafb0b82 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.50 2006/03/14 00:15:39 djm Exp $"); #include diff --git a/channels.c b/channels.c index 7161b9413..30c6d3870 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.235 2006/02/20 16:36:14 stevesk Exp $"); #include #include diff --git a/cipher-3des1.c b/cipher-3des1.c index f815e8ae5..53b5a2958 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $"); #include #include "xmalloc.h" diff --git a/cipher-acss.c b/cipher-acss.c index a95fa6747..90b51a4d1 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -17,8 +17,6 @@ #include "includes.h" #include -RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $"); - #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include "acss.h" diff --git a/cipher-aes.c b/cipher-aes.c index 228ddb104..99e9eea92 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -28,7 +28,6 @@ #include "openbsd-compat/openssl-compat.h" #ifdef USE_BUILTIN_RIJNDAEL -RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $"); #include #include "rijndael.h" diff --git a/cipher-bf1.c b/cipher-bf1.c index 5af695c17..e7246650b 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); #include #include "xmalloc.h" diff --git a/cipher-ctr.c b/cipher-ctr.c index 8a98f3c42..9615f5aa6 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -14,7 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $"); #include diff --git a/cipher.c b/cipher.c index 1434d5524..15397db03 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "log.h" diff --git a/cleanup.c b/cleanup.c index 11d1d4d9a..7b40ca781 100644 --- a/cleanup.c +++ b/cleanup.c @@ -14,7 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $"); #include "log.h" diff --git a/clientloop.c b/clientloop.c index 83706c297..6d58a5afb 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.155 2006/02/22 00:04:44 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/compat.c b/compat.c index 4086e853e..24d9a7f38 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $"); #include "buffer.h" #include "packet.h" diff --git a/compress.c b/compress.c index 0d1c7e55e..6f8d6b775 100644 --- a/compress.c +++ b/compress.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: compress.c,v 1.21 2004/01/13 19:45:15 markus Exp $"); #include "log.h" #include "buffer.h" diff --git a/deattack.c b/deattack.c index 0cf1e1c54..3d48afc89 100644 --- a/deattack.c +++ b/deattack.c @@ -18,7 +18,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: deattack.c,v 1.20 2006/02/07 03:59:20 stevesk Exp $"); #include "deattack.h" #include "log.h" diff --git a/dh.c b/dh.c index 044d869fb..a30b704fb 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $"); #include "xmalloc.h" diff --git a/dispatch.c b/dispatch.c index c5ff65031..3f96c726b 100644 --- a/dispatch.c +++ b/dispatch.c @@ -22,7 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: dispatch.c,v 1.16 2003/04/08 20:21:28 itojun Exp $"); #include "ssh1.h" #include "ssh2.h" diff --git a/dns.c b/dns.c index a71dd9bff..e9270798d 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.17 2006/03/19 18:51:18 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -26,7 +26,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $"); #include diff --git a/entropy.c b/entropy.c index 91724273e..d60583b34 100644 --- a/entropy.c +++ b/entropy.c @@ -51,8 +51,6 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.53 2006/03/15 20:21:35 dtucker Exp $"); - #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 static uid_t original_uid, original_euid; diff --git a/fatal.c b/fatal.c index ae1aaac6e..8eea85a03 100644 --- a/fatal.c +++ b/fatal.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $"); #include "log.h" diff --git a/groupaccess.c b/groupaccess.c index f50879f83..2328bf453 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $"); #include "groupaccess.h" #include "xmalloc.h" diff --git a/hostfile.c b/hostfile.c index 5cb55dd3c..85fbcf7ce 100644 --- a/hostfile.c +++ b/hostfile.c @@ -36,7 +36,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.37 2006/02/07 03:47:05 stevesk Exp $"); #include diff --git a/includes.h b/includes.h index 65c34c496..363be3ac5 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.37 2006/02/22 00:04:44 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.38 2006/03/19 18:51:18 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,9 +16,6 @@ #ifndef INCLUDES_H #define INCLUDES_H -#define RCSID(msg) \ -static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } - #include "config.h" #define _GNU_SOURCE /* activate extra prototypes for glibc */ diff --git a/kex.c b/kex.c index 23d8d2923..ced56e668 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $"); #include diff --git a/kexdh.c b/kexdh.c index f79d8781d..f34214062 100644 --- a/kexdh.c +++ b/kexdh.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $"); #include diff --git a/kexdhc.c b/kexdhc.c index d8a2fa3b7..23abeb50d 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" diff --git a/kexdhs.c b/kexdhs.c index 26c8cdfd6..be815e46b 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" diff --git a/kexgex.c b/kexgex.c index 705484a47..b306821cc 100644 --- a/kexgex.c +++ b/kexgex.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $"); #include diff --git a/kexgexc.c b/kexgexc.c index a6ff8757d..50c5a32e5 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" diff --git a/kexgexs.c b/kexgexs.c index c48b27af9..e3d0eacc5 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" diff --git a/key.c b/key.c index 08c158b59..5cb54c13b 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $"); #include diff --git a/log.c b/log.c index 96ab24b04..58ba8591c 100644 --- a/log.c +++ b/log.c @@ -34,7 +34,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $"); #include "log.h" #include "xmalloc.h" diff --git a/loginrec.c b/loginrec.c index 9f9eb69a7..c2498e1e3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -168,8 +168,6 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.72 2006/03/15 03:01:11 djm Exp $"); - /** ** prototypes for helper functions in this file **/ diff --git a/loginrec.h b/loginrec.h index 8e3390178..4fe24ac2a 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,8 +35,6 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */ - /** ** you should use the login_* calls to work around platform dependencies **/ diff --git a/logintest.c b/logintest.c index 95cce5a3a..1159274f8 100644 --- a/logintest.c +++ b/logintest.c @@ -43,8 +43,6 @@ #include "loginrec.h" -RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $"); - extern char *__progname; #define PAUSE_BEFORE_LOGOUT 3 diff --git a/mac.c b/mac.c index 2bda5a1b9..f03100ac9 100644 --- a/mac.c +++ b/mac.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $"); #include diff --git a/match.c b/match.c index 51407b818..736047df1 100644 --- a/match.c +++ b/match.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.21 2006/02/22 00:04:44 stevesk Exp $"); #include diff --git a/md-sha256.c b/md-sha256.c index 064228a4a..8ea0ac433 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -31,8 +31,6 @@ # endif #endif -RCSID("$OpenBSD: md-sha256.c,v 1.1 2006/03/07 09:07:40 djm Exp $"); - const EVP_MD *evp_ssh_sha256(void); static int diff --git a/md5crypt.c b/md5crypt.c index 8f2523e62..253fdfdf2 100644 --- a/md5crypt.c +++ b/md5crypt.c @@ -13,8 +13,6 @@ #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) #include -RCSID("$Id: md5crypt.c,v 1.9 2003/11/21 12:56:47 djm Exp $"); - /* 0 ... 63 => ascii - 64 */ static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; diff --git a/misc.c b/misc.c index 662480e9e..66b762b5a 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.46 2006/03/13 10:14:29 dtucker Exp $"); #include #include diff --git a/monitor.c b/monitor.c index 502d54efa..e34d006d7 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.69 2006/03/07 09:07:40 djm Exp $"); #include #include diff --git a/monitor_fdpass.c b/monitor_fdpass.c index dd1a13984..dec90d18b 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $"); #include diff --git a/monitor_mm.c b/monitor_mm.c index b0ec37cff..e8de71fea 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $"); #ifdef HAVE_SYS_MMAN_H #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 3b50753de..7536bf305 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $"); #include #include diff --git a/msg.c b/msg.c index 3e4c2882c..662db4cdb 100644 --- a/msg.c +++ b/msg.c @@ -22,7 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $"); #include "buffer.h" #include "getput.h" diff --git a/nchan.c b/nchan.c index aee3f37b0..ca9a56b59 100644 --- a/nchan.c +++ b/nchan.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh1.h" #include "ssh2.h" diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 1eeb6953b..46e0a020f 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -17,8 +17,6 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $"); - #ifndef HAVE_ARC4RANDOM #include diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 5b7b94ae4..7509d2835 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -46,8 +46,6 @@ # define OPEN_MAX 256 #endif -RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $"); - #ifndef lint static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $"; #endif /* lint */ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 96be7fecd..8f3acee26 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -29,8 +29,6 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.15 2006/02/12 00:59:09 dtucker Exp $"); - #ifdef HAVE_CYGWIN #include diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c index fe2edad71..d94489d1d 100644 --- a/openbsd-compat/bsd-getpeereid.c +++ b/openbsd-compat/bsd-getpeereid.c @@ -16,8 +16,6 @@ #include "includes.h" -RCSID("$Id: bsd-getpeereid.c,v 1.3 2004/02/17 05:49:55 djm Exp $"); - #if !defined(HAVE_GETPEEREID) #if defined(SO_PEERCRED) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 00482616d..d2d9ad771 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -21,8 +21,6 @@ #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.29 2006/03/15 03:42:57 djm Exp $"); - #ifndef HAVE___PROGNAME char *__progname; #endif diff --git a/openbsd-compat/bsd-nextstep.c b/openbsd-compat/bsd-nextstep.c index bd35a3afc..8195af88a 100644 --- a/openbsd-compat/bsd-nextstep.c +++ b/openbsd-compat/bsd-nextstep.c @@ -24,8 +24,6 @@ #include "includes.h" -RCSID("$Id: bsd-nextstep.c,v 1.6 2003/06/01 03:23:57 mouring Exp $"); - #ifdef HAVE_NEXT #include #include diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index 571c61fc0..c30cd1223 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -89,8 +89,6 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.12 2006/03/18 13:07:07 dtucker Exp $"); - #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF # undef HAVE_VSNPRINTF diff --git a/openbsd-compat/bsd-waitpid.c b/openbsd-compat/bsd-waitpid.c index 93c9ec35e..40e6ffaa8 100644 --- a/openbsd-compat/bsd-waitpid.c +++ b/openbsd-compat/bsd-waitpid.c @@ -24,8 +24,6 @@ #include "includes.h" -RCSID("$Id: bsd-waitpid.c,v 1.5 2003/06/01 03:23:57 mouring Exp $"); - #ifndef HAVE_WAITPID #include #include diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index 0186b5300..aae016bf7 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -37,8 +37,6 @@ #include "includes.h" -RCSID("$Id: fake-rfc2553.c,v 1.5 2003/09/22 02:08:23 dtucker Exp $"); - #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) diff --git a/packet.c b/packet.c index ca6861e55..a1e7d32f6 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.122 2006/03/13 08:33:00 dtucker Exp $"); #include "openbsd-compat/sys-queue.h" #include diff --git a/progressmeter.c b/progressmeter.c index 5ae02493b..26b34a3e9 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.26 2006/02/20 17:02:44 stevesk Exp $"); #include diff --git a/readconf.c b/readconf.c index 392fc52c2..1112d0d86 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.148 2006/02/22 00:04:44 stevesk Exp $"); #include #include diff --git a/readpass.c b/readpass.c index 811cfa231..4236c43c7 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.35 2006/02/10 01:44:26 stevesk Exp $"); #include #include diff --git a/rsa.c b/rsa.c index 66561a421..507b73c9c 100644 --- a/rsa.c +++ b/rsa.c @@ -60,7 +60,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: rsa.c,v 1.24 2001/12/27 18:22:16 markus Exp $"); #include "rsa.h" #include "log.h" diff --git a/scard.c b/scard.c index b3d25058a..7cffc2d4e 100644 --- a/scard.c +++ b/scard.c @@ -24,7 +24,6 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -RCSID("$OpenBSD: scard.c,v 1.29 2004/05/08 00:21:31 djm Exp $"); #include #include diff --git a/scp.c b/scp.c index af9317645..43fd50c9e 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.135 2006/02/22 00:04:44 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/servconf.c b/servconf.c index 81953bb80..2ae93d4c3 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $"); #include "ssh.h" #include "log.h" diff --git a/serverloop.c b/serverloop.c index f4fb6b7b5..2ad0bcf2b 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.128 2006/03/04 04:12:58 djm Exp $"); #include #include diff --git a/session.c b/session.c index 8eb1a03e5..6efaf659d 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.197 2006/02/28 01:10:21 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/sftp-client.c b/sftp-client.c index 6637feca4..c34f919a4 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,6 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.60 2006/02/20 17:19:54 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/sftp-common.c b/sftp-common.c index aa0757561..4222f58d6 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -24,7 +24,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.11 2006/02/20 17:19:54 stevesk Exp $"); #include #include diff --git a/sftp-glob.c b/sftp-glob.c index baa84aa71..cee44fc4c 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -15,7 +15,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-glob.c,v 1.17 2006/02/20 17:19:54 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/sftp-server.c b/sftp-server.c index 30bd1b0ee..cf3458120 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.52 2006/02/20 17:19:54 stevesk Exp $"); #include #include diff --git a/sftp.c b/sftp.c index c4f027846..d676a3771 100644 --- a/sftp.c +++ b/sftp.c @@ -15,7 +15,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.75 2006/02/20 17:19:54 stevesk Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/ssh-add.c b/ssh-add.c index 59933012d..4c5cc5727 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.76 2006/03/13 10:26:52 dtucker Exp $"); #include #include diff --git a/ssh-agent.c b/ssh-agent.c index b09ce86f2..17914410c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -34,7 +34,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.129 2006/02/20 17:02:44 stevesk Exp $"); #include #include diff --git a/ssh-dss.c b/ssh-dss.c index 381b7dedb..8250266fa 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $"); #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index bea4ed59b..c527252b9 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.137 2006/03/13 08:43:16 dtucker Exp $"); #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index f05c4697c..fee6406be 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.60 2006/03/07 09:07:40 djm Exp $"); #include "openbsd-compat/sys-queue.h" #include diff --git a/ssh-keysign.c b/ssh-keysign.c index aa0260bf8..a96babfa5 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.20 2006/02/08 12:15:27 stevesk Exp $"); #ifdef HAVE_PATHS_H #include diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index d6e631317..bdf73ec48 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -50,8 +50,6 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.27 2006/03/15 03:02:36 djm Exp $"); - /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 diff --git a/ssh-rsa.c b/ssh-rsa.c index eb422d07e..48607c4fb 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -14,7 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $"); #include #include diff --git a/ssh.c b/ssh.c index 911231a6c..9402491e3 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.266 2006/03/12 04:23:07 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/sshconnect.c b/sshconnect.c index 340270731..53b5200ff 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.176 2006/02/22 00:04:45 stevesk Exp $"); #include #include diff --git a/sshconnect1.c b/sshconnect1.c index 440d7c5bd..a39441120 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.62 2005/10/30 08:52:18 djm Exp $"); #include #include diff --git a/sshconnect2.c b/sshconnect2.c index 2467d235c..b7aa96e39 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.147 2006/03/07 09:07:40 djm Exp $"); #include #include diff --git a/sshd.c b/sshd.c index aef4db109..e6b1f5496 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.325 2006/03/13 08:16:00 djm Exp $"); #include #ifdef HAVE_SYS_STAT_H diff --git a/sshlogin.c b/sshlogin.c index 15eb916d1..718c9c412 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -39,7 +39,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.13 2004/08/12 09:18:24 djm Exp $"); #include "loginrec.h" #include "log.h" diff --git a/sshpty.c b/sshpty.c index 7241580a8..2e42aee11 100644 --- a/sshpty.c +++ b/sshpty.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.16 2006/02/20 17:19:54 stevesk Exp $"); #include #include diff --git a/sshtty.c b/sshtty.c index 844a5c063..528177b4b 100644 --- a/sshtty.c +++ b/sshtty.c @@ -35,7 +35,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshtty.c,v 1.8 2006/02/07 01:52:50 stevesk Exp $"); #include diff --git a/ttymodes.c b/ttymodes.c index 7f621e30e..2c95938d9 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -43,7 +43,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: ttymodes.c,v 1.20 2006/02/07 01:42:00 stevesk Exp $"); #include diff --git a/uidswap.c b/uidswap.c index aab7064eb..ca0894806 100644 --- a/uidswap.c +++ b/uidswap.c @@ -12,7 +12,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $"); #include "log.h" #include "uidswap.h" diff --git a/uuencode.c b/uuencode.c index 0a7c8d16a..314eb92f3 100644 --- a/uuencode.c +++ b/uuencode.c @@ -23,7 +23,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $"); #include "xmalloc.h" #include "uuencode.h" diff --git a/xmalloc.c b/xmalloc.c index 99c6ac330..64e439853 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -13,7 +13,6 @@ */ #include "includes.h" -RCSID("$OpenBSD: xmalloc.c,v 1.16 2001/07/23 18:21:46 stevesk Exp $"); #include "xmalloc.h" #include "log.h" -- cgit v1.2.3 From 51b4f821231446fd36baf991a3d08dd83fc7f6e9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:04:32 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 [kex.h myproposal.h] spacing --- ChangeLog | 5 ++++- kex.h | 4 ++-- myproposal.h | 10 +++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 64a20a4c4..ad9213eac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,9 @@ [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die + - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 + [kex.h myproposal.h] + spacing 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4221,4 +4224,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4232 2006/03/25 13:03:21 djm Exp $ +$Id: ChangeLog,v 1.4233 2006/03/25 13:04:32 djm Exp $ diff --git a/kex.h b/kex.h index e2ba0a98f..25dabbaaa 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.39 2006/03/07 09:07:40 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.40 2006/03/19 18:53:12 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -144,7 +144,7 @@ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); void kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, - int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, + int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); void diff --git a/myproposal.h b/myproposal.h index 43c540209..f564b0d96 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.19 2006/03/07 09:07:40 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.20 2006/03/19 18:53:12 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -30,14 +30,14 @@ #if OPENSSL_VERSION_NUMBER < 0x00907000L # define KEX_DEFAULT_KEX \ "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ - "diffie-hellman-group1-sha1" + "diffie-hellman-group14-sha1," \ + "diffie-hellman-group1-sha1" #else # define KEX_DEFAULT_KEX \ "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ - "diffie-hellman-group1-sha1" + "diffie-hellman-group14-sha1," \ + "diffie-hellman-group1-sha1" #endif #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" -- cgit v1.2.3 From f23c09670a2a7a0339daffb7f3340756f6d539de Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:04:53 +1100 Subject: - djm@cvs.openbsd.org 2006/03/20 04:07:22 [auth2-gss.c] GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok --- ChangeLog | 6 +++++- auth2-gss.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad9213eac..943c75491 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,10 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 [kex.h myproposal.h] spacing + - djm@cvs.openbsd.org 2006/03/20 04:07:22 + [auth2-gss.c] + GSSAPI related leaks detected by Coverity via elad AT netbsd.org; + reviewed by simon AT sxw.org.uk; deraadt@ ok 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4224,4 +4228,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4233 2006/03/25 13:04:32 djm Exp $ +$Id: ChangeLog,v 1.4234 2006/03/25 13:04:53 djm Exp $ diff --git a/auth2-gss.c b/auth2-gss.c index 95844a05e..bbb6db964 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.13 2006/03/20 04:07:22 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -100,6 +100,8 @@ userauth_gssapi(Authctxt *authctxt) } if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { + if (ctxt != NULL) + ssh_gssapi_delete_ctx(&ctxt); xfree(doid); return (0); } -- cgit v1.2.3 From a66cf68dd78aec58d3f7b35c0739eab7069b6936 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:05:23 +1100 Subject: - djm@cvs.openbsd.org 2006/03/20 04:07:49 [gss-genr.c] more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok --- ChangeLog | 6 +++++- gss-genr.c | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 943c75491..1da850aab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ [auth2-gss.c] GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok + - djm@cvs.openbsd.org 2006/03/20 04:07:49 + [gss-genr.c] + more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; + reviewed by simon AT sxw.org.uk; deraadt@ ok 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4228,4 +4232,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4234 2006/03/25 13:04:53 djm Exp $ +$Id: ChangeLog,v 1.4235 2006/03/25 13:05:23 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index c2b4f2dd8..8d75ee5c7 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.7 2006/03/20 04:07:49 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -72,7 +72,11 @@ ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) void ssh_gssapi_error(Gssctxt *ctxt) { - debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL)); + char *s; + + s = ssh_gssapi_last_error(ctxt, NULL, NULL); + debug("%s", s); + xfree(s); } char * @@ -231,11 +235,15 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) gss_create_empty_oid_set(&status, &oidset); gss_add_oid_set_member(&status, ctx->oid, &oidset); - if (gethostname(lname, MAXHOSTNAMELEN)) + if (gethostname(lname, MAXHOSTNAMELEN)) { + gss_release_oid_set(&status, &oidset); return (-1); + } - if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) + if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { + gss_release_oid_set(&status, &oidset); return (ctx->major); + } if ((ctx->major = gss_acquire_cred(&ctx->minor, ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- cgit v1.2.3 From 91a2d9746a0934777e9a43f3671db1daa309c1ab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:05:44 +1100 Subject: - djm@cvs.openbsd.org 2006/03/20 04:08:18 [gss-serv.c] last lot of GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok --- ChangeLog | 6 +++++- gss-serv.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1da850aab..bd2956304 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,10 @@ [gss-genr.c] more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok + - djm@cvs.openbsd.org 2006/03/20 04:08:18 + [gss-serv.c] + last lot of GSSAPI related leaks detected by Coverity via + elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4232,4 +4236,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4235 2006/03/25 13:05:23 djm Exp $ +$Id: ChangeLog,v 1.4236 2006/03/25 13:05:44 djm Exp $ diff --git a/gss-serv.c b/gss-serv.c index 56e33d6a2..c1e17cdc5 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.14 2006/02/08 13:15:44 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.15 2006/03/20 04:08:18 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -78,6 +78,8 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) &supported_mechs[i]->oid, oidset); i++; } + + gss_release_oid_set(&min_status, &supported); } -- cgit v1.2.3 From ed3986a00492c5a7f1f284f724dc4dd4063ea785 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:06:14 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 [monitor_wrap.h sshpty.h] sprinkle u_int throughout pty subsystem, ok markus --- ChangeLog | 5 ++++- monitor_wrap.h | 4 ++-- sshpty.h | 6 +++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd2956304..e3be2709c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,9 @@ [gss-serv.c] last lot of GSSAPI related leaks detected by Coverity via elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok + - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 + [monitor_wrap.h sshpty.h] + sprinkle u_int throughout pty subsystem, ok markus 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4236,4 +4239,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4236 2006/03/25 13:05:44 djm Exp $ +$Id: ChangeLog,v 1.4237 2006/03/25 13:06:14 djm Exp $ diff --git a/monitor_wrap.h b/monitor_wrap.h index 310b42513..8ecfdc0e3 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.14 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.15 2006/03/20 18:14:02 deraadt Exp $ */ /* * Copyright 2002 Niels Provos @@ -82,7 +82,7 @@ void mm_audit_run_command(const char *); struct Session; void mm_terminate(void); -int mm_pty_allocate(int *, int *, char *, int); +int mm_pty_allocate(int *, int *, char *, size_t); void mm_session_pty_cleanup2(struct Session *); /* SSHv1 interfaces */ diff --git a/sshpty.h b/sshpty.h index a7de73700..9a39e4a13 100644 --- a/sshpty.h +++ b/sshpty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.h,v 1.6 2006/02/07 01:42:00 stevesk Exp $ */ +/* $OpenBSD: sshpty.h,v 1.7 2006/03/20 18:14:02 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -23,10 +23,10 @@ struct termios get_saved_tio(void); void leave_raw_mode(void); void enter_raw_mode(void); -int pty_allocate(int *, int *, char *, int); +int pty_allocate(int *, int *, char *, size_t); void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); -void pty_change_window_size(int, int, int, int, int); +void pty_change_window_size(int, u_int, u_int, u_int, u_int); void pty_setowner(struct passwd *, const char *); #endif /* SSHPTY_H */ -- cgit v1.2.3 From 1345e617da1cdf8c62db7c372e2cd5762cb31f7f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:06:32 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 [session.h] annoying spacing fixes getting in the way of real diffs --- ChangeLog | 5 ++++- session.h | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e3be2709c..559639b89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 [monitor_wrap.h sshpty.h] sprinkle u_int throughout pty subsystem, ok markus + - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 + [session.h] + annoying spacing fixes getting in the way of real diffs 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4239,4 +4242,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4237 2006/03/25 13:06:14 djm Exp $ +$Id: ChangeLog,v 1.4238 2006/03/25 13:06:32 djm Exp $ diff --git a/session.h b/session.h index a2598a99c..2b8175c41 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.25 2005/07/17 06:49:04 djm Exp $ */ +/* $OpenBSD: session.h,v 1.26 2006/03/20 18:26:55 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -34,11 +34,13 @@ struct Session { struct passwd *pw; Authctxt *authctxt; pid_t pid; + /* tty */ char *term; int ptyfd, ttyfd, ptymaster; u_int row, col, xpixel, ypixel; char tty[TTYSZ]; + /* X11 */ u_int display_number; char *display; @@ -47,6 +49,7 @@ struct Session { char *auth_proto; char *auth_data; int single_connection; + /* proto 2 */ int chanid; int *x11_chanids; @@ -55,7 +58,7 @@ struct Session { struct { char *name; char *val; - } *env; + } *env; }; void do_authenticated(Authctxt *); -- cgit v1.2.3 From 5996294a954e3013ade0719f3c0c7389d3d333f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:06:48 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 [dns.c] cast xstrdup to propert u_char * --- ChangeLog | 5 ++++- dns.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 559639b89..f7dceae92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 [session.h] annoying spacing fixes getting in the way of real diffs + - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 + [dns.c] + cast xstrdup to propert u_char * 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4242,4 +4245,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4238 2006/03/25 13:06:32 djm Exp $ +$Id: ChangeLog,v 1.4239 2006/03/25 13:06:48 djm Exp $ diff --git a/dns.c b/dns.c index e9270798d..83d4d895a 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.17 2006/03/19 18:51:18 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.18 2006/03/20 18:41:43 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -121,7 +121,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, *digest = (u_char *) xmalloc(*digest_len); memcpy(*digest, rdata + 2, *digest_len); } else { - *digest = xstrdup(""); + *digest = (u_char *)xstrdup(""); } success = 1; -- cgit v1.2.3 From a1b3d636abea0e2e75d797af22e93f01c424d80a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:07:02 +1100 Subject: - jakob@cvs.openbsd.org 2006/03/22 21:16:24 [ssh.1] simplify SSHFP example; ok jmc@ --- ChangeLog | 5 ++++- ssh.1 | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f7dceae92..b3298fe0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 [dns.c] cast xstrdup to propert u_char * + - jakob@cvs.openbsd.org 2006/03/22 21:16:24 + [ssh.1] + simplify SSHFP example; ok jmc@ 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4245,4 +4248,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4239 2006/03/25 13:06:48 djm Exp $ +$Id: ChangeLog,v 1.4240 2006/03/25 13:07:02 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 139b00154..dab09c84e 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.258 2006/03/16 04:24:42 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.259 2006/03/22 21:16:24 jakob Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1025,8 +1025,7 @@ In this example, we are connecting a client to a server, The SSHFP resource records should first be added to the zonefile for host.example.com: .Bd -literal -offset indent -$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. -$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. +$ ssh-keygen -r host.example.com. .Ed .Pp The output lines will have to be added to the zonefile. -- cgit v1.2.3 From 2dbbf8e9fc058cab975a9bcda21465d34465c92e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 00:11:46 +1100 Subject: [deattack.c deattack.h] remove IV support from the CRC attack detector, OpenSSH has never used it - it only applied to IDEA-CFB, which we don't support. prompted by NetBSD Coverity report via elad AT netbsd.org; feedback markus@ "nuke it" deraadt@ --- ChangeLog | 8 +++++++- deattack.c | 33 ++++++--------------------------- deattack.h | 4 ++-- 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3298fe0a..3bc8c4bd3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,12 @@ - jakob@cvs.openbsd.org 2006/03/22 21:16:24 [ssh.1] simplify SSHFP example; ok jmc@ + - djm@cvs.openbsd.org 2006/03/22 21:27:15 + [deattack.c deattack.h] + remove IV support from the CRC attack detector, OpenSSH has never used + it - it only applied to IDEA-CFB, which we don't support. + prompted by NetBSD Coverity report via elad AT netbsd.org; + feedback markus@ "nuke it" deraadt@ 20060318 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via @@ -4248,4 +4254,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4240 2006/03/25 13:07:02 djm Exp $ +$Id: ChangeLog,v 1.4241 2006/03/25 13:11:46 djm Exp $ diff --git a/deattack.c b/deattack.c index 3d48afc89..bf4451b88 100644 --- a/deattack.c +++ b/deattack.c @@ -49,22 +49,17 @@ static void crc_update(u_int32_t *a, u_int32_t b) { b ^= *a; - *a = ssh_crc32((u_char *) &b, sizeof(b)); + *a = ssh_crc32((u_char *)&b, sizeof(b)); } /* detect if a block is used in a particular pattern */ static int -check_crc(u_char *S, u_char *buf, u_int32_t len, - u_char *IV) +check_crc(u_char *S, u_char *buf, u_int32_t len) { u_int32_t crc; u_char *c; crc = 0; - if (IV && !CMP(S, IV)) { - crc_update(&crc, 1); - crc_update(&crc, 0); - } for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { if (!CMP(S, c)) { crc_update(&crc, 1); @@ -80,7 +75,7 @@ check_crc(u_char *S, u_char *buf, u_int32_t len, /* Detect a crc32 compensation attack on a packet */ int -detect_attack(u_char *buf, u_int32_t len, u_char *IV) +detect_attack(u_char *buf, u_int32_t len) { static u_int16_t *h = (u_int16_t *) NULL; static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; @@ -109,15 +104,9 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (len <= HASH_MINBLOCKS) { for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) { - if (IV && (!CMP(c, IV))) { - if ((check_crc(c, buf, len, IV))) - return (DEATTACK_DETECTED); - else - break; - } for (d = buf; d < c; d += SSH_BLOCKSIZE) { if (!CMP(c, d)) { - if ((check_crc(c, buf, len, IV))) + if ((check_crc(c, buf, len))) return (DEATTACK_DETECTED); else break; @@ -128,21 +117,11 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) } memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); - if (IV) - h[HASH(IV) & (n - 1)] = HASH_IV; - for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { - if (h[i] == HASH_IV) { - if (!CMP(c, IV)) { - if (check_crc(c, buf, len, IV)) - return (DEATTACK_DETECTED); - else - break; - } - } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { - if (check_crc(c, buf, len, IV)) + if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { + if (check_crc(c, buf, len)) return (DEATTACK_DETECTED); else break; diff --git a/deattack.h b/deattack.h index ddccdea50..7bb6100d0 100644 --- a/deattack.h +++ b/deattack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */ +/* $OpenBSD: deattack.h,v 1.8 2006/03/22 21:27:15 djm Exp $ */ /* * Cryptographic attack detector for ssh - Header file @@ -26,5 +26,5 @@ #define DEATTACK_OK 0 #define DEATTACK_DETECTED 1 -int detect_attack(u_char *, u_int32_t, u_char[8]); +int detect_attack(u_char *, u_int32_t); #endif -- cgit v1.2.3 From cb314828eb11b3827a096d9b4abcd8d229764a46 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:48:01 +1100 Subject: - OpenBSD CVS Sync - jakob@cvs.openbsd.org 2006/03/15 08:46:44 [ssh-keygen.c] if no key file are given when printing the DNS host record, use the host key file(s) as default. ok djm@ --- ChangeLog | 9 ++++++++- ssh-keygen.c | 40 +++++++++++++++++++++++++++++++--------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3bc8c4bd3..0cde74e8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060326 + - OpenBSD CVS Sync + - jakob@cvs.openbsd.org 2006/03/15 08:46:44 + [ssh-keygen.c] + if no key file are given when printing the DNS host record, use the + host key file(s) as default. ok djm@ + 20060325 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/03/16 04:24:42 @@ -4254,4 +4261,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4241 2006/03/25 13:11:46 djm Exp $ +$Id: ChangeLog,v 1.4242 2006/03/26 02:48:01 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index c527252b9..126556466 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -858,30 +858,32 @@ do_change_passphrase(struct passwd *pw) /* * Print the SSHFP RR. */ -static void -do_print_resource_record(struct passwd *pw, char *hname) +static int +do_print_resource_record(struct passwd *pw, char *fname, char *hname) { Key *public; char *comment = NULL; struct stat st; - if (!have_identity) + if (fname == NULL) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) { - perror(identity_file); + if (stat(fname, &st) < 0) { + if (errno == ENOENT) + return 0; + perror(fname); exit(1); } - public = key_load_public(identity_file, &comment); + public = key_load_public(fname, &comment); if (public != NULL) { export_dns_rr(hname, public, stdout, print_generic); key_free(public); xfree(comment); - exit(0); + return 1; } if (comment) xfree(comment); - printf("failed to read v2 public key from %s.\n", identity_file); + printf("failed to read v2 public key from %s.\n", fname); exit(1); } @@ -1224,7 +1226,27 @@ main(int ac, char **av) if (print_public) do_print_public(pw); if (rr_hostname != NULL) { - do_print_resource_record(pw, rr_hostname); + unsigned int n = 0; + + if (have_identity) { + n = do_print_resource_record(pw, + identity_file, rr_hostname); + if (n == 0) { + perror(identity_file); + exit(1); + } + exit(0); + } else { + + n += do_print_resource_record(pw, + _PATH_HOST_RSA_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_DSA_KEY_FILE, rr_hostname); + + if (n == 0) + fatal("no keys found."); + exit(0); + } } if (reader_id != NULL) { #ifdef SMARTCARD -- cgit v1.2.3 From 745570cd7991f2a47649b414084496128326f5d3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:49:43 +1100 Subject: - biorn@cvs.openbsd.org 2006/03/16 10:31:45 [scp.c] Try to display errormessage even if remout == -1 ok djm@, markus@ --- ChangeLog | 6 +++++- scp.c | 18 +++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0cde74e8e..db58bb147 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [ssh-keygen.c] if no key file are given when printing the DNS host record, use the host key file(s) as default. ok djm@ + - biorn@cvs.openbsd.org 2006/03/16 10:31:45 + [scp.c] + Try to display errormessage even if remout == -1 + ok djm@, markus@ 20060325 - OpenBSD CVS Sync @@ -4261,4 +4265,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4242 2006/03/26 02:48:01 djm Exp $ +$Id: ChangeLog,v 1.4243 2006/03/26 02:49:43 djm Exp $ diff --git a/scp.c b/scp.c index 43fd50c9e..bf9db97cf 100644 --- a/scp.c +++ b/scp.c @@ -1106,15 +1106,15 @@ run_err(const char *fmt,...) va_list ap; ++errs; - if (fp == NULL && !(fp = fdopen(remout, "w"))) - return; - (void) fprintf(fp, "%c", 0x01); - (void) fprintf(fp, "scp: "); - va_start(ap, fmt); - (void) vfprintf(fp, fmt, ap); - va_end(ap); - (void) fprintf(fp, "\n"); - (void) fflush(fp); + if (fp != NULL || (remout != -1 && (fp = fdopen(remout, "w")))) { + (void) fprintf(fp, "%c", 0x01); + (void) fprintf(fp, "scp: "); + va_start(ap, fmt); + (void) vfprintf(fp, fmt, ap); + va_end(ap); + (void) fprintf(fp, "\n"); + (void) fflush(fp); + } if (!iamremote) { va_start(ap, fmt); -- cgit v1.2.3 From 5b83232b48b83e05856f96a5f7477e0352a29b1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:50:14 +1100 Subject: - djm@cvs.openbsd.org 2006/03/17 22:31:50 [authfd.c] another unreachable found by lint --- ChangeLog | 5 ++++- authfd.c | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index db58bb147..0245a0e03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ [scp.c] Try to display errormessage even if remout == -1 ok djm@, markus@ + - djm@cvs.openbsd.org 2006/03/17 22:31:50 + [authfd.c] + another unreachable found by lint 20060325 - OpenBSD CVS Sync @@ -4265,4 +4268,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4243 2006/03/26 02:49:43 djm Exp $ +$Id: ChangeLog,v 1.4244 2006/03/26 02:50:14 djm Exp $ diff --git a/authfd.c b/authfd.c index a3f22cfc7..421d75a77 100644 --- a/authfd.c +++ b/authfd.c @@ -519,7 +519,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, default: buffer_free(&msg); return 0; - break; } if (constrained) { if (life != 0) { -- cgit v1.2.3 From 304a940889e7673a017147e2dcbdaefb564f427a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:50:37 +1100 Subject: - djm@cvs.openbsd.org 2006/03/17 22:31:11 [authfd.c] unreachanble statement, found by lint --- ChangeLog | 5 ++++- authfd.c | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0245a0e03..0e4249605 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ - djm@cvs.openbsd.org 2006/03/17 22:31:50 [authfd.c] another unreachable found by lint + - djm@cvs.openbsd.org 2006/03/17 22:31:11 + [authfd.c] + unreachanble statement, found by lint 20060325 - OpenBSD CVS Sync @@ -4268,4 +4271,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4244 2006/03/26 02:50:14 djm Exp $ +$Id: ChangeLog,v 1.4245 2006/03/26 02:50:37 djm Exp $ diff --git a/authfd.c b/authfd.c index 421d75a77..22c585e94 100644 --- a/authfd.c +++ b/authfd.c @@ -337,7 +337,6 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio break; default: return NULL; - break; } /* Decrement the number of remaining entries. */ auth->howmany--; -- cgit v1.2.3 From 6f98a1fea710ab2dae0342f9a3cee8f01372b666 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:51:08 +1100 Subject: - djm@cvs.openbsd.org 2006/03/19 02:22:32 [serverloop.c] memory leaks detected by Coverity via elad AT netbsd.org; ok deraadt@ dtucker@ --- ChangeLog | 6 +++++- serverloop.c | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0e4249605..0ceea0717 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ - djm@cvs.openbsd.org 2006/03/17 22:31:11 [authfd.c] unreachanble statement, found by lint + - djm@cvs.openbsd.org 2006/03/19 02:22:32 + [serverloop.c] + memory leaks detected by Coverity via elad AT netbsd.org; + ok deraadt@ dtucker@ 20060325 - OpenBSD CVS Sync @@ -4271,4 +4275,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4245 2006/03/26 02:50:37 djm Exp $ +$Id: ChangeLog,v 1.4246 2006/03/26 02:51:08 djm Exp $ diff --git a/serverloop.c b/serverloop.c index 2ad0bcf2b..3efe7d80b 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1090,6 +1090,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) success = channel_cancel_rport_listener(cancel_address, cancel_port); + xfree(cancel_address); } if (want_reply) { packet_start(success ? -- cgit v1.2.3 From e0b90a676696c6729467837f6f4030d18999aa34 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:51:44 +1100 Subject: - djm@cvs.openbsd.org 2006/03/19 02:22:56 [sftp.c] more memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok --- ChangeLog | 6 +++++- sftp.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0ceea0717..c2d2a365a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ [serverloop.c] memory leaks detected by Coverity via elad AT netbsd.org; ok deraadt@ dtucker@ + - djm@cvs.openbsd.org 2006/03/19 02:22:56 + [sftp.c] + more memory leaks detected by Coverity via elad AT netbsd.org; + deraadt@ ok 20060325 - OpenBSD CVS Sync @@ -4275,4 +4279,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4246 2006/03/26 02:51:08 djm Exp $ +$Id: ChangeLog,v 1.4247 2006/03/26 02:51:44 djm Exp $ diff --git a/sftp.c b/sftp.c index d676a3771..194d22710 100644 --- a/sftp.c +++ b/sftp.c @@ -1289,6 +1289,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) { xfree(dir); xfree(pwd); + xfree(conn); return (-1); } } else { @@ -1301,6 +1302,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) err = parse_dispatch_command(conn, cmd, &pwd, 1); xfree(dir); xfree(pwd); + xfree(conn); return (err); } xfree(dir); @@ -1365,6 +1367,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) break; } xfree(pwd); + xfree(conn); #ifdef USE_LIBEDIT if (el != NULL) -- cgit v1.2.3 From 6db780e259f985b9c88dff222eb56b4726a5a5e1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:52:20 +1100 Subject: - djm@cvs.openbsd.org 2006/03/19 02:23:26 [hostfile.c] FILE* leak detected by Coverity via elad AT netbsd.org; ok deraadt@ --- ChangeLog | 6 +++++- hostfile.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index c2d2a365a..1093f5453 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,10 @@ [sftp.c] more memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok + - djm@cvs.openbsd.org 2006/03/19 02:23:26 + [hostfile.c] + FILE* leak detected by Coverity via elad AT netbsd.org; + ok deraadt@ 20060325 - OpenBSD CVS Sync @@ -4279,4 +4283,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4247 2006/03/26 02:51:44 djm Exp $ +$Id: ChangeLog,v 1.4248 2006/03/26 02:52:20 djm Exp $ diff --git a/hostfile.c b/hostfile.c index 85fbcf7ce..c80578440 100644 --- a/hostfile.c +++ b/hostfile.c @@ -253,8 +253,10 @@ check_host_in_hostfile_by_key_or_type(const char *filename, if (key == NULL) { /* we found a key of the requested type */ - if (found->type == keytype) + if (found->type == keytype) { + fclose(f); return HOST_FOUND; + } continue; } -- cgit v1.2.3 From 928b23684a1d94dc2bc1cecc75b0e596eb7a4cb9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:53:32 +1100 Subject: - djm@cvs.openbsd.org 2006/03/19 02:24:05 [dh.c readconf.c servconf.c] potential NULL pointer dereferences detected by Coverity via elad AT netbsd.org; ok deraadt@ --- ChangeLog | 6 +++++- dh.c | 3 ++- readconf.c | 3 ++- servconf.c | 3 ++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1093f5453..19425d867 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ [hostfile.c] FILE* leak detected by Coverity via elad AT netbsd.org; ok deraadt@ + - djm@cvs.openbsd.org 2006/03/19 02:24:05 + [dh.c readconf.c servconf.c] + potential NULL pointer dereferences detected by Coverity + via elad AT netbsd.org; ok deraadt@ 20060325 - OpenBSD CVS Sync @@ -4283,4 +4287,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4248 2006/03/26 02:52:20 djm Exp $ +$Id: ChangeLog,v 1.4249 2006/03/26 02:53:32 djm Exp $ diff --git a/dh.c b/dh.c index a30b704fb..e8ce3d1a9 100644 --- a/dh.c +++ b/dh.c @@ -45,7 +45,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) char *strsize, *gen, *prime; cp = line; - arg = strdelim(&cp); + if ((arg = strdelim(&cp)) == NULL) + return 0; /* Ignore leading whitespace */ if (*arg == '\0') arg = strdelim(&cp); diff --git a/readconf.c b/readconf.c index 1112d0d86..e2e10d9d6 100644 --- a/readconf.c +++ b/readconf.c @@ -324,7 +324,8 @@ process_config_line(Options *options, const char *host, s = line; /* Get the keyword. (Each line is supposed to begin with a keyword). */ - keyword = strdelim(&s); + if ((keyword = strdelim(&s)) == NULL) + return 0; /* Ignore leading whitespace. */ if (*keyword == '\0') keyword = strdelim(&s); diff --git a/servconf.c b/servconf.c index 2ae93d4c3..7923f5df4 100644 --- a/servconf.c +++ b/servconf.c @@ -447,7 +447,8 @@ process_server_config_line(ServerOptions *options, char *line, u_int i; cp = line; - arg = strdelim(&cp); + if ((arg = strdelim(&cp)) != NULL) + return 0; /* Ignore leading whitespace */ if (*arg == '\0') arg = strdelim(&cp); -- cgit v1.2.3 From 5790b5910bfc3de69e0886953f9c09341f3fd951 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:54:03 +1100 Subject: - djm@cvs.openbsd.org 2006/03/19 07:41:30 [sshconnect2.c] memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok --- ChangeLog | 6 +++++- sshconnect2.c | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 19425d867..5a46102ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ [dh.c readconf.c servconf.c] potential NULL pointer dereferences detected by Coverity via elad AT netbsd.org; ok deraadt@ + - djm@cvs.openbsd.org 2006/03/19 07:41:30 + [sshconnect2.c] + memory leaks detected by Coverity via elad AT netbsd.org; + deraadt@ ok 20060325 - OpenBSD CVS Sync @@ -4287,4 +4291,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4249 2006/03/26 02:53:32 djm Exp $ +$Id: ChangeLog,v 1.4250 2006/03/26 02:54:12 djm Exp $ diff --git a/sshconnect2.c b/sshconnect2.c index b7aa96e39..f8d21489e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -513,8 +513,10 @@ userauth_gssapi(Authctxt *authctxt) } } - if (!ok) + if (!ok) { + ssh_gssapi_delete_ctx(&gssctxt); return 0; + } authctxt->methoddata=(void *)gssctxt; @@ -1330,6 +1332,7 @@ userauth_hostbased(Authctxt *authctxt) if (p == NULL) { error("userauth_hostbased: cannot get local ipaddr/name"); key_free(private); + xfree(blob); return 0; } len = strlen(p) + 2; @@ -1368,6 +1371,7 @@ userauth_hostbased(Authctxt *authctxt) error("key_sign failed"); xfree(chost); xfree(pkalg); + xfree(blob); return 0; } packet_start(SSH2_MSG_USERAUTH_REQUEST); @@ -1383,6 +1387,7 @@ userauth_hostbased(Authctxt *authctxt) xfree(signature); xfree(chost); xfree(pkalg); + xfree(blob); packet_send(); return 1; -- cgit v1.2.3 From 78f16cb07bb0221caea416b5ea83f74dc196fd8a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:54:37 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 [servconf.c] Correct strdelim null test; ok djm@ --- ChangeLog | 5 ++++- servconf.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5a46102ec..6dbcbc3ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,9 @@ [sshconnect2.c] memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok + - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 + [servconf.c] + Correct strdelim null test; ok djm@ 20060325 - OpenBSD CVS Sync @@ -4291,4 +4294,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4250 2006/03/26 02:54:12 djm Exp $ +$Id: ChangeLog,v 1.4251 2006/03/26 02:54:37 djm Exp $ diff --git a/servconf.c b/servconf.c index 7923f5df4..1443e832e 100644 --- a/servconf.c +++ b/servconf.c @@ -447,7 +447,7 @@ process_server_config_line(ServerOptions *options, char *line, u_int i; cp = line; - if ((arg = strdelim(&cp)) != NULL) + if ((arg = strdelim(&cp)) == NULL) return 0; /* Ignore leading whitespace */ if (*arg == '\0') -- cgit v1.2.3 From 4ca108d19235c42fcfc69bb05b1f2e85217ec45e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:57:07 +1100 Subject: id sync --- dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns.c b/dns.c index 83d4d895a..ecb897703 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.18 2006/03/20 18:41:43 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.17 2006/03/19 18:51:18 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. -- cgit v1.2.3 From d62f2ca376168c716e4b485512a2b62b461e45b2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:57:41 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 [auth1.c authfd.c channels.c] spacing --- ChangeLog | 5 ++++- auth1.c | 2 +- authfd.c | 2 +- channels.c | 51 +++++++++++++++++++++++++-------------------------- 4 files changed, 31 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6dbcbc3ae..8bd37a01e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 [servconf.c] Correct strdelim null test; ok djm@ + - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 + [auth1.c authfd.c channels.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4294,4 +4297,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4251 2006/03/26 02:54:37 djm Exp $ +$Id: ChangeLog,v 1.4252 2006/03/26 02:57:41 djm Exp $ diff --git a/auth1.c b/auth1.c index cc1092abf..dc00a72d8 100644 --- a/auth1.c +++ b/auth1.c @@ -76,7 +76,7 @@ static const struct AuthMethod1 { int i; - for(i = 0; auth1_methods[i].name != NULL; i++) + for (i = 0; auth1_methods[i].name != NULL; i++) if (auth1_methods[i].type == type) return (&(auth1_methods[i])); diff --git a/authfd.c b/authfd.c index 22c585e94..fc322b983 100644 --- a/authfd.c +++ b/authfd.c @@ -105,7 +105,7 @@ ssh_get_authentication_socket(void) close(sock); return -1; } - if (connect(sock, (struct sockaddr *) &sunaddr, sizeof sunaddr) < 0) { + if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) { close(sock); return -1; } diff --git a/channels.c b/channels.c index 30c6d3870..ce868dc4e 100644 --- a/channels.c +++ b/channels.c @@ -173,7 +173,7 @@ channel_lookup(int id) if ((c = channel_by_id(id)) == NULL) return (NULL); - switch(c->type) { + switch (c->type) { case SSH_CHANNEL_X11_OPEN: case SSH_CHANNEL_LARVAL: case SSH_CHANNEL_CONNECTING: @@ -183,7 +183,6 @@ channel_lookup(int id) case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: return (c); - break; } logit("Non-public channel %d, type %d.", id, c->type); return (NULL); @@ -723,25 +722,25 @@ channel_set_fds(int id, int rfd, int wfd, int efd, * 'channel_post*': perform any appropriate operations for channels which * have events pending. */ -typedef void chan_fn(Channel *c, fd_set * readset, fd_set * writeset); +typedef void chan_fn(Channel *c, fd_set *readset, fd_set *writeset); chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE]; chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE]; static void -channel_pre_listener(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_listener(Channel *c, fd_set *readset, fd_set *writeset) { FD_SET(c->sock, readset); } static void -channel_pre_connecting(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset) { debug3("channel %d: waiting for connection", c->self); FD_SET(c->sock, writeset); } static void -channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset) { if (buffer_len(&c->input) < packet_get_maxsize()) FD_SET(c->sock, readset); @@ -750,7 +749,7 @@ channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); @@ -790,7 +789,7 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset) { if (buffer_len(&c->input) == 0) { packet_start(SSH_MSG_CHANNEL_CLOSE); @@ -802,7 +801,7 @@ channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_output_draining(Channel *c, fd_set *readset, fd_set *writeset) { if (buffer_len(&c->output) == 0) chan_mark_dead(c); @@ -878,7 +877,7 @@ x11_open_helper(Buffer *b) } static void -channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_x11_open_13(Channel *c, fd_set *readset, fd_set *writeset) { int ret = x11_open_helper(&c->output); @@ -904,7 +903,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_x11_open(Channel *c, fd_set *readset, fd_set *writeset) { int ret = x11_open_helper(&c->output); @@ -931,7 +930,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) /* try to decode a socks4 header */ static int -channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) +channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) { char *p, *host; u_int len, have, i, found; @@ -1009,7 +1008,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) #define SSH_SOCKS5_SUCCESS 0x00 static int -channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) +channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) { struct { u_int8_t version; @@ -1112,7 +1111,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) /* dynamic port forwarding */ static void -channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) +channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset) { u_char *p; u_int have; @@ -1156,7 +1155,7 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) /* This is our fake X11 server socket. */ static void -channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; struct sockaddr addr; @@ -1281,7 +1280,7 @@ channel_set_reuseaddr(int fd) * This socket is listening for connections to a forwarded TCP/IP port. */ static void -channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; struct sockaddr addr; @@ -1338,7 +1337,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) * clients. */ static void -channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) { Channel *nc; int newsock; @@ -1371,7 +1370,7 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) { int err = 0; socklen_t sz = sizeof(err); @@ -1417,7 +1416,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) } static int -channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) +channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) { char buf[CHAN_RBUF]; int len; @@ -1457,7 +1456,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) return 1; } static int -channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) +channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) { struct termios tio; u_char *data = NULL, *buf; @@ -1544,7 +1543,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) return 1; } static int -channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) +channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) { char buf[CHAN_RBUF]; int len; @@ -1587,7 +1586,7 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) return 1; } static int -channel_handle_ctl(Channel *c, fd_set * readset, fd_set * writeset) +channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset) { char buf[16]; int len; @@ -1634,7 +1633,7 @@ channel_check_window(Channel *c) } static void -channel_post_open(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_open(Channel *c, fd_set *readset, fd_set *writeset) { if (c->delayed) return; @@ -1648,7 +1647,7 @@ channel_post_open(Channel *c, fd_set * readset, fd_set * writeset) } static void -channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) +channel_post_output_drain_13(Channel *c, fd_set *readset, fd_set *writeset) { int len; @@ -1765,7 +1764,7 @@ channel_garbage_collect(Channel *c) } static void -channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) +channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) { static int did_init = 0; u_int i; @@ -1817,7 +1816,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * events pending. */ void -channel_after_select(fd_set * readset, fd_set * writeset) +channel_after_select(fd_set *readset, fd_set *writeset) { channel_handler(channel_post, readset, writeset); } -- cgit v1.2.3 From c91e556d8a2cf97a5d7075154d39eb8fd4098fe4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:58:55 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 [kex.c kex.h monitor.c myproposal.h session.c] spacing --- ChangeLog | 5 ++++- kex.c | 2 +- monitor.c | 2 +- session.c | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8bd37a01e..8c7627074 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 [auth1.c authfd.c channels.c] spacing + - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 + [kex.c kex.h monitor.c myproposal.h session.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4297,4 +4300,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4252 2006/03/26 02:57:41 djm Exp $ +$Id: ChangeLog,v 1.4253 2006/03/26 02:58:55 djm Exp $ diff --git a/kex.c b/kex.c index ced56e668..930e9cb4d 100644 --- a/kex.c +++ b/kex.c @@ -432,7 +432,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0) fatal("bad kex md size %d", mdsz); - digest = xmalloc(roundup(need, mdsz)); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); diff --git a/monitor.c b/monitor.c index e34d006d7..8b304f99c 100644 --- a/monitor.c +++ b/monitor.c @@ -545,7 +545,7 @@ mm_answer_sign(int sock, Buffer *m) p = buffer_get_string(m, &datlen); /* - * Supported KEX types will only return SHA1 (20 byte) or + * Supported KEX types will only return SHA1 (20 byte) or * SHA256 (32 byte) hashes */ if (datlen != 20 && datlen != 32) diff --git a/session.c b/session.c index 6efaf659d..b71a2c71a 100644 --- a/session.c +++ b/session.c @@ -2190,7 +2190,7 @@ session_exit_message(Session *s, int status) /* * Adjust cleanup callback attachment to send close messages when - * the channel gets EOF. The session will be then be closed + * the channel gets EOF. The session will be then be closed * by session_close_by_channel when the childs close their fds. */ channel_register_cleanup(c->self, session_close_by_channel, 1); -- cgit v1.2.3 From f0b15dfc525227f06a1404231cca2171c62d1178 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:59:20 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 [clientloop.c progressmeter.c serverloop.c sshd.c] ARGSUSED for signal handlers --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- progressmeter.c | 1 + serverloop.c | 4 +++- sshd.c | 57 +++++++++++++++++++++++++++++++++++++-------------------- 5 files changed, 47 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8c7627074..cdf467e39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,9 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 [kex.c kex.h monitor.c myproposal.h session.c] spacing + - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 + [clientloop.c progressmeter.c serverloop.c sshd.c] + ARGSUSED for signal handlers 20060325 - OpenBSD CVS Sync @@ -4300,4 +4303,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4253 2006/03/26 02:58:55 djm Exp $ +$Id: ChangeLog,v 1.4254 2006/03/26 02:59:20 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 6d58a5afb..d321cb8bf 100644 --- a/clientloop.c +++ b/clientloop.c @@ -190,7 +190,7 @@ enter_non_blocking(void) * Signal handler for the window change signal (SIGWINCH). This just sets a * flag indicating that the window has changed. */ - +/*ARGSUSED */ static void window_change_handler(int sig) { @@ -202,7 +202,7 @@ window_change_handler(int sig) * Signal handler for signals that cause the program to terminate. These * signals must be trapped to restore terminal modes. */ - +/*ARGSUSED */ static void signal_handler(int sig) { diff --git a/progressmeter.c b/progressmeter.c index 26b34a3e9..ff99acf71 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -272,6 +272,7 @@ stop_progress_meter(void) atomicio(vwrite, STDOUT_FILENO, "\n", 1); } +/*ARGSUSED*/ static void sig_winch(int sig) { diff --git a/serverloop.c b/serverloop.c index 3efe7d80b..816215e05 100644 --- a/serverloop.c +++ b/serverloop.c @@ -147,6 +147,7 @@ notify_done(fd_set *readset) debug2("notify_done: reading"); } +/*ARGSUSED*/ static void sigchld_handler(int sig) { @@ -159,6 +160,7 @@ sigchld_handler(int sig) errno = save_errno; } +/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -942,7 +944,7 @@ server_request_tun(void) tun = packet_get_int(); if (forced_tun_device != -1) { - if (tun != SSH_TUNID_ANY && forced_tun_device != tun) + if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; } diff --git a/sshd.c b/sshd.c index e6b1f5496..cfd38906e 100644 --- a/sshd.c +++ b/sshd.c @@ -257,6 +257,8 @@ close_startup_pipes(void) * the effect is to reread the configuration file (and to regenerate * the server key). */ + +/*ARGSUSED*/ static void sighup_handler(int sig) { @@ -271,6 +273,7 @@ sighup_handler(int sig) * Called from the main program after receiving SIGHUP. * Restarts the server. */ +/*ARGSUSED*/ static void sighup_restart(void) { @@ -286,6 +289,7 @@ sighup_restart(void) /* * Generic signal handler for terminating signals in the master daemon. */ +/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -296,6 +300,7 @@ sigterm_handler(int sig) * SIGCHLD handler. This is called whenever a child dies. This will then * reap any zombies left by exited children. */ +/*ARGSUSED*/ static void main_sigchld_handler(int sig) { @@ -314,6 +319,7 @@ main_sigchld_handler(int sig) /* * Signal handler for the alarm after the login grace period has expired. */ +/*ARGSUSED*/ static void grace_alarm_handler(int sig) { @@ -356,6 +362,7 @@ generate_ephemeral_server_key(void) arc4random_stir(); } +/*ARGSUSED*/ static void key_regeneration_alarm(int sig) { @@ -976,7 +983,8 @@ main(int ac, char **av) options.log_level = SYSLOG_LEVEL_QUIET; break; case 'b': - options.server_key_bits = atoi(optarg); + options.server_key_bits = (int)strtonum(optarg, 256, + 32768, NULL); break; case 'p': options.ports_from_cmdline = 1; @@ -1013,7 +1021,7 @@ main(int ac, char **av) test_flag = 1; break; case 'u': - utmp_len = atoi(optarg); + utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); if (utmp_len > MAXHOSTNAMELEN) { fprintf(stderr, "Invalid utmp length.\n"); exit(1); @@ -1169,10 +1177,9 @@ main(int ac, char **av) } if (use_privsep) { - struct passwd *pw; struct stat st; - if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) + if (getpwnam(SSH_PRIVSEP_USER) == NULL) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || @@ -1444,8 +1451,8 @@ main(int ac, char **av) if (!FD_ISSET(listen_socks[i], fdset)) continue; fromlen = sizeof(from); - newsock = accept(listen_socks[i], (struct sockaddr *)&from, - &fromlen); + newsock = accept(listen_socks[i], + (struct sockaddr *)&from, &fromlen); if (newsock < 0) { if (errno != EINTR && errno != EWOULDBLOCK) error("accept: %.100s", strerror(errno)); @@ -1516,10 +1523,11 @@ main(int ac, char **av) */ if ((pid = fork()) == 0) { /* - * Child. Close the listening and max_startup - * sockets. Start using the accepted socket. - * Reinitialize logging (since our pid has - * changed). We break out of the loop to handle + * Child. Close the listening and + * max_startup sockets. Start using + * the accepted socket. Reinitialize + * logging (since our pid has changed). + * We break out of the loop to handle * the connection. */ startup_pipe = startup_p[1]; @@ -1527,7 +1535,10 @@ main(int ac, char **av) close_listen_socks(); sock_in = newsock; sock_out = newsock; - log_init(__progname, options.log_level, options.log_facility, log_stderr); + log_init(__progname, + options.log_level, + options.log_facility, + log_stderr); if (rexec_flag) close(config_s[0]); break; @@ -1548,7 +1559,10 @@ main(int ac, char **av) close(config_s[1]); } - /* Mark that the key has been used (it was "given" to the child). */ + /* + * Mark that the key has been used (it + * was "given" to the child). + */ if ((options.protocol & SSH_PROTO_1) && key_used == 0) { /* Schedule server key regeneration alarm. */ @@ -1558,8 +1572,6 @@ main(int ac, char **av) } arc4random_stir(); - - /* Close the new socket (the child is now taking care of it). */ close(newsock); } /* child process check (or debug mode) */ @@ -1794,11 +1806,14 @@ ssh1_session_key(BIGNUM *session_key_int) { int rsafail = 0; - if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) { + if (BN_cmp(sensitive_data.server_key->rsa->n, + sensitive_data.ssh1_host_key->rsa->n) > 0) { /* Server key has bigger modulus. */ if (BN_num_bits(sensitive_data.server_key->rsa->n) < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { + fatal("do_connection: %s: " + "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", get_remote_ipaddr(), BN_num_bits(sensitive_data.server_key->rsa->n), BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), @@ -1813,8 +1828,10 @@ ssh1_session_key(BIGNUM *session_key_int) } else { /* Host key has bigger modulus (or they are equal). */ if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < - BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", + BN_num_bits(sensitive_data.server_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { + fatal("do_connection: %s: " + "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", get_remote_ipaddr(), BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), BN_num_bits(sensitive_data.server_key->rsa->n), @@ -2035,7 +2052,7 @@ do_ssh2_kex(void) myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; } - + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); /* start key exchange */ -- cgit v1.2.3 From 3bbaba60753b3987ba822a2cbf619fb00072a9e5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:59:38 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 [ssh-keyscan.c] please lint --- ChangeLog | 5 ++++- ssh-keyscan.c | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index cdf467e39..2b2599023 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 [clientloop.c progressmeter.c serverloop.c sshd.c] ARGSUSED for signal handlers + - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 + [ssh-keyscan.c] + please lint 20060325 - OpenBSD CVS Sync @@ -4303,4 +4306,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4254 2006/03/26 02:59:20 djm Exp $ +$Id: ChangeLog,v 1.4255 2006/03/26 02:59:38 djm Exp $ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index fee6406be..c7296938b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -128,7 +128,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) lb->stream = stdin; } - if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) { + if (!(lb->buf = malloc((lb->size = LINEBUF_SIZE)))) { if (errfun) (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); xfree(lb); @@ -603,7 +603,6 @@ conread(int s) keyprint(c, keygrab_ssh1(c)); confree(s); return; - break; default: fatal("conread: invalid status %d", c->c_status); break; -- cgit v1.2.3 From 4662d3492f24cf1d7974db805215c801e50cffc3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 13:59:59 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 [ssh.c] spacing --- ChangeLog | 5 ++++- ssh.c | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2b2599023..bd7b34ce2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 [ssh-keyscan.c] please lint + - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 + [ssh.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4306,4 +4309,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4255 2006/03/26 02:59:38 djm Exp $ +$Id: ChangeLog,v 1.4256 2006/03/26 02:59:59 djm Exp $ diff --git a/ssh.c b/ssh.c index 9402491e3..3615d1c40 100644 --- a/ssh.c +++ b/ssh.c @@ -1305,23 +1305,23 @@ control_client(const char *path) strerror(errno)); } if (errno == ENOENT) - debug("Control socket \"%.100s\" does not exist", path); + debug("Control socket \"%.100s\" does not exist", path); else { - error("Control socket connect(%.100s): %s", path, + error("Control socket connect(%.100s): %s", path, strerror(errno)); } - close(sock); - return; - } - - if (stdin_null_flag) { - if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) - fatal("open(/dev/null): %s", strerror(errno)); - if (dup2(fd, STDIN_FILENO) == -1) - fatal("dup2: %s", strerror(errno)); - if (fd > STDERR_FILENO) - close(fd); - } + close(sock); + return; + } + + if (stdin_null_flag) { + if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + if (dup2(fd, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (fd > STDERR_FILENO) + close(fd); + } term = getenv("TERM"); -- cgit v1.2.3 From 3305f5591f7a1b17565a1f13683d0b20287130c3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:00:31 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 [authfile.c] whoever thought that break after return was a good idea needs to get their head examimed --- ChangeLog | 6 +++++- authfile.c | 4 ---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd7b34ce2..302b1e1fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,10 @@ - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 [ssh.c] spacing + - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 + [authfile.c] + whoever thought that break after return was a good idea needs to + get their head examimed 20060325 - OpenBSD CVS Sync @@ -4309,4 +4313,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4256 2006/03/26 02:59:59 djm Exp $ +$Id: ChangeLog,v 1.4257 2006/03/26 03:00:31 djm Exp $ diff --git a/authfile.c b/authfile.c index d529c8340..55c66d1e3 100644 --- a/authfile.c +++ b/authfile.c @@ -213,12 +213,10 @@ key_save_private(Key *key, const char *filename, const char *passphrase, case KEY_RSA1: return key_save_private_rsa1(key, filename, passphrase, comment); - break; case KEY_DSA: case KEY_RSA: return key_save_private_pem(key, filename, passphrase, comment); - break; default: break; } @@ -556,13 +554,11 @@ key_load_private_type(int type, const char *filename, const char *passphrase, return key_load_private_rsa1(fd, filename, passphrase, commentp); /* closes fd */ - break; case KEY_DSA: case KEY_RSA: case KEY_UNSPEC: return key_load_private_pem(fd, type, passphrase, commentp); /* closes fd */ - break; default: close(fd); break; -- cgit v1.2.3 From 96937bd9144f582330478ed5c5b76dd3286c46e4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:01:54 +1100 Subject: - djm@cvs.openbsd.org 2006/03/20 04:09:44 [monitor.c] memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok that should be all of them now --- ChangeLog | 7 ++++++- monitor.c | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 302b1e1fc..8bebeda19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,11 @@ [authfile.c] whoever thought that break after return was a good idea needs to get their head examimed + - djm@cvs.openbsd.org 2006/03/20 04:09:44 + [monitor.c] + memory leaks detected by Coverity via elad AT netbsd.org; + deraadt@ ok + that should be all of them now 20060325 - OpenBSD CVS Sync @@ -4313,4 +4318,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4257 2006/03/26 03:00:31 djm Exp $ +$Id: ChangeLog,v 1.4258 2006/03/26 03:01:54 djm Exp $ diff --git a/monitor.c b/monitor.c index 8b304f99c..11244d273 100644 --- a/monitor.c +++ b/monitor.c @@ -1021,6 +1021,10 @@ mm_answer_keyallowed(int sock, Buffer *m) key_blobtype = type; hostbased_cuser = cuser; hostbased_chost = chost; + } else { + xfree(blob); + xfree(cuser); + xfree(chost); } debug3("%s: key %p is %s", -- cgit v1.2.3 From 429fcc23db22469ca48d18ad4a2940a265965caf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:02:16 +1100 Subject: - djm@cvs.openbsd.org 2006/03/20 11:38:46 [key.c] (really) last of the Coverity diffs: avoid possible NULL deref in key_free. via elad AT netbsd.org; markus@ ok --- ChangeLog | 6 +++++- key.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8bebeda19..4928e20b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,10 @@ memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok that should be all of them now + - djm@cvs.openbsd.org 2006/03/20 11:38:46 + [key.c] + (really) last of the Coverity diffs: avoid possible NULL deref in + key_free. via elad AT netbsd.org; markus@ ok 20060325 - OpenBSD CVS Sync @@ -4318,4 +4322,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4258 2006/03/26 03:01:54 djm Exp $ +$Id: ChangeLog,v 1.4259 2006/03/26 03:02:16 djm Exp $ diff --git a/key.c b/key.c index 5cb54c13b..283aea99e 100644 --- a/key.c +++ b/key.c @@ -122,6 +122,8 @@ key_new_private(int type) void key_free(Key *k) { + if (k == NULL) + fatal("key_free: key is NULL); switch (k->type) { case KEY_RSA1: case KEY_RSA: -- cgit v1.2.3 From 69b7203e6f7c93419aa1a0862962e128d68679e1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:02:35 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 [auth.c key.c misc.c packet.c ssh-add.c] in a switch (), break after return or goto is stupid --- ChangeLog | 5 ++++- auth.c | 1 - key.c | 18 ++---------------- misc.c | 1 + packet.c | 2 -- ssh-add.c | 3 --- 6 files changed, 7 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4928e20b6..3133fff23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ [key.c] (really) last of the Coverity diffs: avoid possible NULL deref in key_free. via elad AT netbsd.org; markus@ ok + - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 + [auth.c key.c misc.c packet.c ssh-add.c] + in a switch (), break after return or goto is stupid 20060325 - OpenBSD CVS Sync @@ -4322,4 +4325,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4259 2006/03/26 03:02:16 djm Exp $ +$Id: ChangeLog,v 1.4260 2006/03/26 03:02:45 djm Exp $ diff --git a/auth.c b/auth.c index 35bc5ea1d..85c6f8d1d 100644 --- a/auth.c +++ b/auth.c @@ -314,7 +314,6 @@ auth_root_allowed(char *method) switch (options.permit_root_login) { case PERMIT_YES: return 1; - break; case PERMIT_NO_PASSWD: if (strcmp(method, "password") != 0) return 1; diff --git a/key.c b/key.c index 283aea99e..96619fe60 100644 --- a/key.c +++ b/key.c @@ -156,14 +156,12 @@ key_equal(const Key *a, const Key *b) return a->rsa != NULL && b->rsa != NULL && BN_cmp(a->rsa->e, b->rsa->e) == 0 && BN_cmp(a->rsa->n, b->rsa->n) == 0; - break; case KEY_DSA: return a->dsa != NULL && b->dsa != NULL && BN_cmp(a->dsa->p, b->dsa->p) == 0 && BN_cmp(a->dsa->q, b->dsa->q) == 0 && BN_cmp(a->dsa->g, b->dsa->g) == 0 && BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; - break; default: fatal("key_equal: bad key type %d", a->type); break; @@ -210,7 +208,6 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, break; case KEY_UNSPEC: return retval; - break; default: fatal("key_fingerprint_raw: bad key type %d", k->type); break; @@ -531,13 +528,10 @@ key_type(const Key *k) switch (k->type) { case KEY_RSA1: return "RSA1"; - break; case KEY_RSA: return "RSA"; - break; case KEY_DSA: return "DSA"; - break; } return "unknown"; } @@ -548,10 +542,8 @@ key_ssh_name(const Key *k) switch (k->type) { case KEY_RSA: return "ssh-rsa"; - break; case KEY_DSA: return "ssh-dss"; - break; } return "ssh-unknown"; } @@ -563,10 +555,8 @@ key_size(const Key *k) case KEY_RSA1: case KEY_RSA: return BN_num_bits(k->rsa->n); - break; case KEY_DSA: return BN_num_bits(k->dsa->p); - break; } return 0; } @@ -575,6 +565,7 @@ static RSA * rsa_generate_private_key(u_int bits) { RSA *private; + private = RSA_generate_key(bits, 35, NULL, NULL); if (private == NULL) fatal("rsa_generate_private_key: key generation failed."); @@ -585,6 +576,7 @@ static DSA* dsa_generate_private_key(u_int bits) { DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); + if (private == NULL) fatal("dsa_generate_private_key: DSA_generate_parameters failed"); if (!DSA_generate_key(private)) @@ -794,14 +786,11 @@ key_sign( switch (key->type) { case KEY_DSA: return ssh_dss_sign(key, sigp, lenp, data, datalen); - break; case KEY_RSA: return ssh_rsa_sign(key, sigp, lenp, data, datalen); - break; default: error("key_sign: invalid key type %d", key->type); return -1; - break; } } @@ -821,14 +810,11 @@ key_verify( switch (key->type) { case KEY_DSA: return ssh_dss_verify(key, signature, signaturelen, data, datalen); - break; case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); - break; default: error("key_verify: invalid key type %d", key->type); return -1; - break; } } diff --git a/misc.c b/misc.c index 66b762b5a..1949dd4b3 100644 --- a/misc.c +++ b/misc.c @@ -297,6 +297,7 @@ convtime(const char *s) switch (*endp++) { case '\0': endp--; + break; case 's': case 'S': break; diff --git a/packet.c b/packet.c index a1e7d32f6..65fb31d2e 100644 --- a/packet.c +++ b/packet.c @@ -1188,7 +1188,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) break; default: return type; - break; } } else { type = packet_read_poll1(); @@ -1211,7 +1210,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) if (type) DBG(debug("received packet type %d", type)); return type; - break; } } } diff --git a/ssh-add.c b/ssh-add.c index 4c5cc5727..2944cceeb 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -346,13 +346,11 @@ main(int argc, char **argv) if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) ret = 1; goto done; - break; case 'x': case 'X': if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) ret = 1; goto done; - break; case 'c': confirm = 1; break; @@ -363,7 +361,6 @@ main(int argc, char **argv) if (delete_all(ac) == -1) ret = 1; goto done; - break; case 's': sc_reader_id = optarg; break; -- cgit v1.2.3 From bbaad7772a1d6f2c1d997e7bb15a92c5128d3863 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:03:03 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 [key.c] djm did a typo --- ChangeLog | 5 ++++- key.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3133fff23..0fa66c96e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -68,6 +68,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 [auth.c key.c misc.c packet.c ssh-add.c] in a switch (), break after return or goto is stupid + - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 + [key.c] + djm did a typo 20060325 - OpenBSD CVS Sync @@ -4325,4 +4328,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4260 2006/03/26 03:02:45 djm Exp $ +$Id: ChangeLog,v 1.4261 2006/03/26 03:03:03 djm Exp $ diff --git a/key.c b/key.c index 96619fe60..d6dd3abea 100644 --- a/key.c +++ b/key.c @@ -123,7 +123,7 @@ void key_free(Key *k) { if (k == NULL) - fatal("key_free: key is NULL); + fatal("key_free: key is NULL"); switch (k->type) { case KEY_RSA1: case KEY_RSA: -- cgit v1.2.3 From 6d39bcf898f2cf296333590330a2d945f2f123a4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:03:21 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 [ssh-rsa.c] in a switch (), break after return or goto is stupid --- ChangeLog | 5 ++++- ssh-rsa.c | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0fa66c96e..efe73053f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 [key.c] djm did a typo + - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 + [ssh-rsa.c] + in a switch (), break after return or goto is stupid 20060325 - OpenBSD CVS Sync @@ -4328,4 +4331,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4261 2006/03/26 03:03:03 djm Exp $ +$Id: ChangeLog,v 1.4262 2006/03/26 03:03:21 djm Exp $ diff --git a/ssh-rsa.c b/ssh-rsa.c index 48607c4fb..1520d7e1d 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -219,7 +219,6 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, break; default: goto done; - break; } if (hashlen != hlen) { error("bad hashlen"); -- cgit v1.2.3 From 71a73671305a2248a6c4a243134ebf28f7d8ee7a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:04:36 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] [ssh.c sshpty.c sshpty.h] sprinkle u_int throughout pty subsystem, ok markus --- ChangeLog | 5 ++++- channels.c | 8 ++++---- clientloop.c | 16 ++++++++-------- monitor_wrap.c | 2 +- serverloop.c | 8 ++++---- ssh.c | 8 ++++---- sshpty.c | 7 ++++--- 7 files changed, 29 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index efe73053f..70ecbcdcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,6 +74,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 [ssh-rsa.c] in a switch (), break after return or goto is stupid + - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 + [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c ssh.c sshpty.c sshpty.h] + sprinkle u_int throughout pty subsystem, ok markus 20060325 - OpenBSD CVS Sync @@ -4331,4 +4334,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4262 2006/03/26 03:03:21 djm Exp $ +$Id: ChangeLog,v 1.4263 2006/03/26 03:04:36 djm Exp $ diff --git a/channels.c b/channels.c index ce868dc4e..6cb88ad44 100644 --- a/channels.c +++ b/channels.c @@ -2737,10 +2737,10 @@ channel_send_window_changes(void) if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) continue; channel_request_start(i, "window-change", 0); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); packet_send(); } } diff --git a/clientloop.c b/clientloop.c index d321cb8bf..36a4a64ae 100644 --- a/clientloop.c +++ b/clientloop.c @@ -434,10 +434,10 @@ client_check_window_change(void) if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) return; packet_start(SSH_CMSG_WINDOW_SIZE); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); packet_send(); } } @@ -1881,10 +1881,10 @@ client_session2_setup(int id, int want_tty, int want_subsystem, channel_request_start(id, "pty-req", 0); packet_put_cstring(term != NULL ? term : ""); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); tio = get_saved_tio(); tty_make_modes(-1, tiop != NULL ? tiop : &tio); packet_send(); diff --git a/monitor_wrap.c b/monitor_wrap.c index 7536bf305..e5a65491d 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -636,7 +636,7 @@ mm_send_keystate(struct monitor *monitor) } int -mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) +mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { Buffer m; char *p, *msg; diff --git a/serverloop.c b/serverloop.c index 816215e05..3bc0c5a76 100644 --- a/serverloop.c +++ b/serverloop.c @@ -880,10 +880,10 @@ server_input_eof(int type, u_int32_t seq, void *ctxt) static void server_input_window_size(int type, u_int32_t seq, void *ctxt) { - int row = packet_get_int(); - int col = packet_get_int(); - int xpixel = packet_get_int(); - int ypixel = packet_get_int(); + u_int row = packet_get_int(); + u_int col = packet_get_int(); + u_int xpixel = packet_get_int(); + u_int ypixel = packet_get_int(); debug("Window change received."); packet_check_eom(); diff --git a/ssh.c b/ssh.c index 3615d1c40..550218444 100644 --- a/ssh.c +++ b/ssh.c @@ -889,10 +889,10 @@ ssh_session(void) /* Store window size in the packet. */ if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) memset(&ws, 0, sizeof(ws)); - packet_put_int(ws.ws_row); - packet_put_int(ws.ws_col); - packet_put_int(ws.ws_xpixel); - packet_put_int(ws.ws_ypixel); + packet_put_int((u_int)ws.ws_row); + packet_put_int((u_int)ws.ws_col); + packet_put_int((u_int)ws.ws_xpixel); + packet_put_int((u_int)ws.ws_ypixel); /* Store tty modes in the packet. */ tty_make_modes(fileno(stdin), NULL); diff --git a/sshpty.c b/sshpty.c index 2e42aee11..9ac4903ef 100644 --- a/sshpty.c +++ b/sshpty.c @@ -46,7 +46,7 @@ */ int -pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) +pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { /* openpty(3) exists in OSF/1 and some other os'es */ char *name; @@ -169,11 +169,12 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) /* Changes the window size associated with the pty. */ void -pty_change_window_size(int ptyfd, int row, int col, - int xpixel, int ypixel) +pty_change_window_size(int ptyfd, u_int row, u_int col, + u_int xpixel, u_int ypixel) { struct winsize w; + /* may truncate u_int -> u_short */ w.ws_row = row; w.ws_col = col; w.ws_xpixel = xpixel; -- cgit v1.2.3 From 1b81a49f8669b4fd33100ec349570fc5390d88d4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:05:02 +1100 Subject: rewrap --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70ecbcdcb..9bd6980dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,7 +75,8 @@ [ssh-rsa.c] in a switch (), break after return or goto is stupid - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 - [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c ssh.c sshpty.c sshpty.h] + [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] + [ssh.c sshpty.c sshpty.h] sprinkle u_int throughout pty subsystem, ok markus 20060325 @@ -4334,4 +4335,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4263 2006/03/26 03:04:36 djm Exp $ +$Id: ChangeLog,v 1.4264 2006/03/26 03:05:02 djm Exp $ -- cgit v1.2.3 From 91d4b12fcb045d93034b2609aaf56a4b41e6eb4f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:05:20 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 [auth1.c auth2.c sshd.c] sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args) --- ChangeLog | 6 +++++- auth1.c | 5 +++++ auth2.c | 2 ++ sshd.c | 1 - 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bd6980dc..bda489467 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,6 +78,10 @@ [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] [ssh.c sshpty.c sshpty.h] sprinkle u_int throughout pty subsystem, ok markus + - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 + [auth1.c auth2.c sshd.c] + sprinkle some ARGSUSED for table driven functions (which sometimes + must ignore their args) 20060325 - OpenBSD CVS Sync @@ -4335,4 +4339,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4264 2006/03/26 03:05:02 djm Exp $ +$Id: ChangeLog,v 1.4265 2006/03/26 03:05:20 djm Exp $ diff --git a/auth1.c b/auth1.c index dc00a72d8..2f8e13e05 100644 --- a/auth1.c +++ b/auth1.c @@ -95,6 +95,7 @@ get_authname(int type) return (buf); } +/*ARGSUSED*/ static int auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) { @@ -119,6 +120,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) return (authenticated); } +/*ARGSUSED*/ static int auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) { @@ -136,6 +138,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) return (authenticated); } +/*ARGSUSED*/ static int auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) { @@ -174,6 +177,7 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) return (authenticated); } +/*ARGSUSED*/ static int auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) { @@ -192,6 +196,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) return (-1); } +/*ARGSUSED*/ static int auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) { diff --git a/auth2.c b/auth2.c index b49cc79c7..9d3263e55 100644 --- a/auth2.c +++ b/auth2.c @@ -95,6 +95,7 @@ do_authentication2(Authctxt *authctxt) dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); } +/*ARGSUSED*/ static void input_service_request(int type, u_int32_t seq, void *ctxt) { @@ -128,6 +129,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) xfree(service); } +/*ARGSUSED*/ static void input_userauth_request(int type, u_int32_t seq, void *ctxt) { diff --git a/sshd.c b/sshd.c index cfd38906e..bb830161e 100644 --- a/sshd.c +++ b/sshd.c @@ -273,7 +273,6 @@ sighup_handler(int sig) * Called from the main program after receiving SIGHUP. * Restarts the server. */ -/*ARGSUSED*/ static void sighup_restart(void) { -- cgit v1.2.3 From 9096740f6c39bbd91f2484c8cf58b4996dd8564f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:07:26 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] [ssh-rsa.c ssh.c sshlogin.c] annoying spacing fixes getting in the way of real diffs --- ChangeLog | 6 +++++- channels.c | 2 +- monitor.c | 2 +- session.c | 4 ++-- ssh-agent.c | 4 ++-- ssh-keygen.c | 7 ++++--- ssh-rsa.c | 1 + ssh.c | 4 ++-- sshlogin.c | 2 +- 9 files changed, 19 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index bda489467..a31d62674 100644 --- a/ChangeLog +++ b/ChangeLog @@ -82,6 +82,10 @@ [auth1.c auth2.c sshd.c] sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args) + - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 + [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] + [ssh-rsa.c ssh.c sshlogin.c] + annoying spacing fixes getting in the way of real diffs 20060325 - OpenBSD CVS Sync @@ -4339,4 +4343,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4265 2006/03/26 03:05:20 djm Exp $ +$Id: ChangeLog,v 1.4266 2006/03/26 03:07:26 djm Exp $ diff --git a/channels.c b/channels.c index 6cb88ad44..d16493001 100644 --- a/channels.c +++ b/channels.c @@ -2877,7 +2877,7 @@ connect_local_xsocket(u_int dnr) memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr); - if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0) + if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0) return sock; close(sock); error("connect %.100s: %.100s", addr.sun_path, strerror(errno)); diff --git a/monitor.c b/monitor.c index 11244d273..db3030530 100644 --- a/monitor.c +++ b/monitor.c @@ -1226,7 +1226,7 @@ mm_record_login(Session *s, struct passwd *pw) fromlen = sizeof(from); if (packet_connection_is_on_socket()) { if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } diff --git a/session.c b/session.c index b71a2c71a..b00caa547 100644 --- a/session.c +++ b/session.c @@ -186,7 +186,7 @@ auth_input_request_forwarding(struct passwd * pw) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); - if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) packet_disconnect("bind: %.100s", strerror(errno)); /* Restore the privileged uid. */ @@ -643,7 +643,7 @@ do_pre_login(Session *s) fromlen = sizeof(from); if (packet_connection_is_on_socket()) { if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } diff --git a/ssh-agent.c b/ssh-agent.c index 17914410c..7feb898dd 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -887,7 +887,7 @@ after_select(fd_set *readset, fd_set *writeset) if (FD_ISSET(sockets[i].fd, readset)) { slen = sizeof(sunaddr); sock = accept(sockets[i].fd, - (struct sockaddr *) &sunaddr, &slen); + (struct sockaddr *)&sunaddr, &slen); if (sock < 0) { error("accept from AUTH_SOCKET: %s", strerror(errno)); @@ -1134,7 +1134,7 @@ main(int ac, char **av) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); prev_mask = umask(0177); - if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { + if (bind(sock, (struct sockaddr *) &sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); *socket_name = '\0'; /* Don't unlink any existing file */ umask(prev_mask); diff --git a/ssh-keygen.c b/ssh-keygen.c index 126556466..e8a1d4b4b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -105,7 +105,7 @@ ask_filename(struct passwd *pw, const char *prompt) if (key_type_name == NULL) name = _PATH_SSH_CLIENT_ID_RSA; - else + else { switch (key_type_from_name(key_type_name)) { case KEY_RSA1: name = _PATH_SSH_CLIENT_IDENTITY; @@ -121,7 +121,7 @@ ask_filename(struct passwd *pw, const char *prompt) exit(1); break; } - + } snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); fprintf(stderr, "%s (%s): ", prompt, identity_file); if (fgets(buf, sizeof(buf), stdin) == NULL) @@ -316,7 +316,7 @@ get_line(FILE *fp, char *line, size_t len) fprintf(stderr, "input line too long.\n"); exit(1); } - switch(c) { + switch (c) { case '\r': c = fgetc(fp); if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { @@ -1144,6 +1144,7 @@ main(int ac, char **av) break; case 'D': download = 1; + /*FALLTHROUGH*/ case 'U': reader_id = optarg; break; diff --git a/ssh-rsa.c b/ssh-rsa.c index 1520d7e1d..ce4195fea 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -61,6 +61,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, if (ok != 1) { int ecode = ERR_get_error(); + error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL)); xfree(sig); diff --git a/ssh.c b/ssh.c index 550218444..2681ccb6b 100644 --- a/ssh.c +++ b/ssh.c @@ -1041,7 +1041,7 @@ ssh_control_listener(void) fatal("%s socket(): %s", __func__, strerror(errno)); old_umask = umask(0177); - if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { + if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) { control_fd = -1; if (errno == EINVAL || errno == EADDRINUSE) fatal("ControlSocket %s already exists", @@ -1299,7 +1299,7 @@ control_client(const char *path) if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); - if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) { + if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) { if (mux_command != SSHMUX_COMMAND_OPEN) { fatal("Control socket connect(%.100s): %s", path, strerror(errno)); diff --git a/sshlogin.c b/sshlogin.c index 718c9c412..95b850acb 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -102,7 +102,7 @@ store_lastlog_message(const char *user, uid_t uid) */ void record_login(pid_t pid, const char *tty, const char *user, uid_t uid, - const char *host, struct sockaddr * addr, socklen_t addrlen) + const char *host, struct sockaddr *addr, socklen_t addrlen) { struct logininfo *li; -- cgit v1.2.3 From 9f3bd53acdf281586910e49b15eef2bf87bfdda2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:07:52 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 [monitor.c] spacing --- ChangeLog | 5 ++++- monitor.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a31d62674..29e317f94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -86,6 +86,9 @@ [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] [ssh-rsa.c ssh.c sshlogin.c] annoying spacing fixes getting in the way of real diffs + - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 + [monitor.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4343,4 +4346,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4266 2006/03/26 03:07:26 djm Exp $ +$Id: ChangeLog,v 1.4267 2006/03/26 03:07:52 djm Exp $ diff --git a/monitor.c b/monitor.c index db3030530..97b420fc3 100644 --- a/monitor.c +++ b/monitor.c @@ -1226,7 +1226,7 @@ mm_record_login(Session *s, struct passwd *pw) fromlen = sizeof(from); if (packet_connection_is_on_socket()) { if (getpeername(packet_get_connection_in(), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } -- cgit v1.2.3 From 4ae97f1885daee4b6ccfa2b5062530d26cb38806 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:08:10 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 [channels.c] x11_fake_data is only ever used as u_char * --- ChangeLog | 5 ++++- channels.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 29e317f94..d192ae418 100644 --- a/ChangeLog +++ b/ChangeLog @@ -89,6 +89,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 [monitor.c] spacing + - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 + [channels.c] + x11_fake_data is only ever used as u_char * 20060325 - OpenBSD CVS Sync @@ -4346,4 +4349,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4267 2006/03/26 03:07:52 djm Exp $ +$Id: ChangeLog,v 1.4268 2006/03/26 03:08:10 djm Exp $ diff --git a/channels.c b/channels.c index d16493001..239da8e9b 100644 --- a/channels.c +++ b/channels.c @@ -128,7 +128,7 @@ static u_int x11_saved_data_len = 0; * Fake X11 authentication data. This is what the server will be sending us; * we should replace any occurrences of this by the real data. */ -static char *x11_fake_data = NULL; +static u_char *x11_fake_data = NULL; static u_int x11_fake_data_len; -- cgit v1.2.3 From 1ff7c642eed4df1c2f9fcc6f247d7d9949b6e81c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:09:09 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 [dns.c] cast xstrdup to propert u_char * --- ChangeLog | 5 ++++- dns.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d192ae418..7396fe09d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -92,6 +92,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 [channels.c] x11_fake_data is only ever used as u_char * + - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 + [dns.c] + cast xstrdup to propert u_char * 20060325 - OpenBSD CVS Sync @@ -4349,4 +4352,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4268 2006/03/26 03:08:10 djm Exp $ +$Id: ChangeLog,v 1.4269 2006/03/26 03:09:09 djm Exp $ diff --git a/dns.c b/dns.c index ecb897703..83d4d895a 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.17 2006/03/19 18:51:18 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.18 2006/03/20 18:41:43 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. -- cgit v1.2.3 From 1d2b6706ba1b2000bd807731e6d8e35691eaf8df Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:09:54 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 [canohost.c match.c ssh.c sshconnect.c] be strict with tolower() casting --- ChangeLog | 5 ++++- canohost.c | 2 +- match.c | 2 +- ssh.c | 2 +- sshconnect.c | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7396fe09d..eea43e7c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -95,6 +95,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 [dns.c] cast xstrdup to propert u_char * + - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 + [canohost.c match.c ssh.c sshconnect.c] + be strict with tolower() casting 20060325 - OpenBSD CVS Sync @@ -4352,4 +4355,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4269 2006/03/26 03:09:09 djm Exp $ +$Id: ChangeLog,v 1.4270 2006/03/26 03:09:54 djm Exp $ diff --git a/canohost.c b/canohost.c index 4fafb0b82..b1c35e99e 100644 --- a/canohost.c +++ b/canohost.c @@ -88,7 +88,7 @@ get_remote_hostname(int sock, int use_dns) */ for (i = 0; name[i]; i++) if (isupper(name[i])) - name[i] = tolower(name[i]); + name[i] = (char)tolower(name[i]); /* * Map it back to an IP address and check that the given * address actually is an address of this host. This is diff --git a/match.c b/match.c index 736047df1..e08afdeb0 100644 --- a/match.c +++ b/match.c @@ -137,7 +137,7 @@ match_pattern_list(const char *string, const char *pattern, u_int len, i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; subi++, i++) sub[subi] = dolower && isupper(pattern[i]) ? - tolower(pattern[i]) : pattern[i]; + (char)tolower(pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) return 0; diff --git a/ssh.c b/ssh.c index 2681ccb6b..0c950745b 100644 --- a/ssh.c +++ b/ssh.c @@ -629,7 +629,7 @@ main(int ac, char **av) if (options.host_key_alias != NULL) { for (p = options.host_key_alias; *p; p++) if (isupper(*p)) - *p = tolower(*p); + *p = (char)tolower(*p); } /* Get default port if port has not been set. */ diff --git a/sshconnect.c b/sshconnect.c index 53b5200ff..33961e4dc 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -927,7 +927,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, host = xstrdup(orighost); for (cp = host; *cp; cp++) if (isupper(*cp)) - *cp = tolower(*cp); + *cp = (char)tolower(*cp); /* Exchange protocol version identification strings with the server. */ ssh_exchange_identification(); -- cgit v1.2.3 From 4f7becb44f26b61673b8478fd4aeee262adaf446 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:10:14 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 [channels.c fatal.c kex.c packet.c serverloop.c] spacing --- ChangeLog | 5 ++++- channels.c | 22 ++++++++-------------- fatal.c | 1 + kex.c | 6 +++++- packet.c | 8 ++++++++ serverloop.c | 1 + 6 files changed, 27 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index eea43e7c0..4dd368151 100644 --- a/ChangeLog +++ b/ChangeLog @@ -98,6 +98,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 [canohost.c match.c ssh.c sshconnect.c] be strict with tolower() casting + - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 + [channels.c fatal.c kex.c packet.c serverloop.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4355,4 +4358,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4270 2006/03/26 03:09:54 djm Exp $ +$Id: ChangeLog,v 1.4271 2006/03/26 03:10:14 djm Exp $ diff --git a/channels.c b/channels.c index 239da8e9b..1ff7152a8 100644 --- a/channels.c +++ b/channels.c @@ -192,7 +192,6 @@ channel_lookup(int id) * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd */ - static void channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage, int nonblock) @@ -239,7 +238,6 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, * Allocate a new channel object and set its type and socket. This will cause * remote_name to be freed. */ - Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) @@ -341,7 +339,6 @@ channel_close_fd(int *fdp) } /* Close all channel fd/socket. */ - static void channel_close_fds(Channel *c) { @@ -356,7 +353,6 @@ channel_close_fds(Channel *c) } /* Free the channel and close its fd/socket. */ - void channel_free(Channel *c) { @@ -403,7 +399,6 @@ channel_free_all(void) * Closes the sockets/fds of all channels. This is used to close extra file * descriptors after a fork. */ - void channel_close_all(void) { @@ -417,7 +412,6 @@ channel_close_all(void) /* * Stop listening to channels. */ - void channel_stop_listening(void) { @@ -444,7 +438,6 @@ channel_stop_listening(void) * Returns true if no channel has too much buffered data, and false if one or * more channel is overfull. */ - int channel_not_very_much_buffered_data(void) { @@ -474,7 +467,6 @@ channel_not_very_much_buffered_data(void) } /* Returns true if any channel is still open. */ - int channel_still_open(void) { @@ -517,7 +509,6 @@ channel_still_open(void) } /* Returns the id of an open channel suitable for keepaliving */ - int channel_find_open(void) { @@ -562,7 +553,6 @@ channel_find_open(void) * suitable for sending to the client. The message contains crlf pairs for * newlines. */ - char * channel_open_message(void) { @@ -647,6 +637,7 @@ channel_request_start(int id, char *service, int wantconfirm) packet_put_cstring(service); packet_put_char(wantconfirm); } + void channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) { @@ -659,6 +650,7 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) c->confirm = fn; c->confirm_ctx = ctx; } + void channel_register_cleanup(int id, channel_callback_fn *fn, int do_close) { @@ -671,6 +663,7 @@ channel_register_cleanup(int id, channel_callback_fn *fn, int do_close) c->detach_user = fn; c->detach_close = do_close; } + void channel_cancel_cleanup(int id) { @@ -683,6 +676,7 @@ channel_cancel_cleanup(int id) c->detach_user = NULL; c->detach_close = 0; } + void channel_register_filter(int id, channel_infilter_fn *ifn, channel_outfilter_fn *ofn) @@ -1455,6 +1449,7 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) } return 1; } + static int channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1542,6 +1537,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) } return 1; } + static int channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1585,6 +1581,7 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) } return 1; } + static int channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1612,6 +1609,7 @@ channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset) } return 1; } + static int channel_check_window(Channel *c) { @@ -1823,7 +1821,6 @@ channel_after_select(fd_set *readset, fd_set *writeset) /* If there is data to send to the connection, enqueue some of it now. */ - void channel_output_poll(void) { @@ -1943,7 +1940,6 @@ channel_output_poll(void) /* -- protocol input */ - void channel_input_data(int type, u_int32_t seq, void *ctxt) { @@ -2557,7 +2553,6 @@ channel_request_rforward_cancel(const char *host, u_short port) * listening for the port, and sends back a success reply (or disconnect * message if there was an error). This never returns if there was an error. */ - void channel_input_port_forward_request(int is_root, int gateway_ports) { @@ -2628,7 +2623,6 @@ channel_clear_permitted_opens(void) } - /* return socket to remote host, port */ static int connect_to(const char *host, u_short port) diff --git a/fatal.c b/fatal.c index 8eea85a03..78b51cd8b 100644 --- a/fatal.c +++ b/fatal.c @@ -32,6 +32,7 @@ void fatal(const char *fmt,...) { va_list args; + va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); diff --git a/kex.c b/kex.c index 930e9cb4d..91081b18e 100644 --- a/kex.c +++ b/kex.c @@ -261,6 +261,7 @@ choose_enc(Enc *enc, char *client, char *server) enc->key_len = cipher_keylen(enc->cipher); enc->block_size = cipher_blocksize(enc->cipher); } + static void choose_mac(Mac *mac, char *client, char *server) { @@ -276,6 +277,7 @@ choose_mac(Mac *mac, char *client, char *server) mac->key = NULL; mac->enabled = 0; } + static void choose_comp(Comp *comp, char *client, char *server) { @@ -293,6 +295,7 @@ choose_comp(Comp *comp, char *client, char *server) } comp->name = name; } + static void choose_kex(Kex *k, char *client, char *server) { @@ -485,7 +488,8 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) for (mode = 0; mode < MODE_MAX; mode++) { current_keys[mode] = kex->newkeys[mode]; kex->newkeys[mode] = NULL; - ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN); + ctos = (!kex->server && mode == MODE_OUT) || + (kex->server && mode == MODE_IN); current_keys[mode]->enc.iv = keys[ctos ? 0 : 1]; current_keys[mode]->enc.key = keys[ctos ? 2 : 3]; current_keys[mode]->mac.key = keys[ctos ? 4 : 5]; diff --git a/packet.c b/packet.c index 65fb31d2e..ee9369638 100644 --- a/packet.c +++ b/packet.c @@ -259,6 +259,7 @@ packet_get_keyiv_len(int mode) return (cipher_get_keyiv_len(cc)); } + void packet_set_iv(int mode, u_char *dat) { @@ -271,6 +272,7 @@ packet_set_iv(int mode, u_char *dat) cipher_set_keyiv(cc, dat); } + int packet_get_ssh1_cipher(void) { @@ -472,31 +474,37 @@ packet_put_char(int value) buffer_append(&outgoing_packet, &ch, 1); } + void packet_put_int(u_int value) { buffer_put_int(&outgoing_packet, value); } + void packet_put_string(const void *buf, u_int len) { buffer_put_string(&outgoing_packet, buf, len); } + void packet_put_cstring(const char *str) { buffer_put_cstring(&outgoing_packet, str); } + void packet_put_raw(const void *buf, u_int len) { buffer_append(&outgoing_packet, buf, len); } + void packet_put_bignum(BIGNUM * value) { buffer_put_bignum(&outgoing_packet, value); } + void packet_put_bignum2(BIGNUM * value) { diff --git a/serverloop.c b/serverloop.c index 3bc0c5a76..36c40ec59 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1102,6 +1102,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) } xfree(rtype); } + static void server_input_channel_req(int type, u_int32_t seq, void *ctxt) { -- cgit v1.2.3 From a5a2859275794e080fd1872006402a55498d7e95 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:10:34 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 [ttymodes.c] spacing --- ChangeLog | 5 ++++- ttymodes.c | 18 +++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4dd368151..04275b22c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -101,6 +101,9 @@ - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 [channels.c fatal.c kex.c packet.c serverloop.c] spacing + - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 + [ttymodes.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4358,4 +4361,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4271 2006/03/26 03:10:14 djm Exp $ +$Id: ChangeLog,v 1.4272 2006/03/26 03:10:34 djm Exp $ diff --git a/ttymodes.c b/ttymodes.c index 2c95938d9..40d536e2c 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -385,7 +385,8 @@ tty_parse_modes(int fd, int *n_bytes_ptr) n_bytes += 4; baud = packet_get_int(); debug3("tty_parse_modes: ispeed %d", baud); - if (failure != -1 && cfsetispeed(&tio, baud_to_speed(baud)) == -1) + if (failure != -1 && + cfsetispeed(&tio, baud_to_speed(baud)) == -1) error("cfsetispeed failed for %d", baud); break; @@ -395,7 +396,8 @@ tty_parse_modes(int fd, int *n_bytes_ptr) n_bytes += 4; baud = packet_get_int(); debug3("tty_parse_modes: ospeed %d", baud); - if (failure != -1 && cfsetospeed(&tio, baud_to_speed(baud)) == -1) + if (failure != -1 && + cfsetospeed(&tio, baud_to_speed(baud)) == -1) error("cfsetospeed failed for %d", baud); break; @@ -443,11 +445,12 @@ tty_parse_modes(int fd, int *n_bytes_ptr) /* * It is a truly undefined opcode (160 to 255). * We have no idea about its arguments. So we - * must stop parsing. Note that some data may be - * left in the packet; hopefully there is nothing - * more coming after the mode data. + * must stop parsing. Note that some data + * may be left in the packet; hopefully there + * is nothing more coming after the mode data. */ - logit("parse_tty_modes: unknown opcode %d", opcode); + logit("parse_tty_modes: unknown opcode %d", + opcode); goto set; } } else { @@ -463,7 +466,8 @@ tty_parse_modes(int fd, int *n_bytes_ptr) (void) packet_get_int(); break; } else { - logit("parse_tty_modes: unknown opcode %d", opcode); + logit("parse_tty_modes: unknown opcode %d", + opcode); goto set; } } -- cgit v1.2.3 From 7cd4579eb3c5afd22ae24436fd2611cd3aa0150a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:11:39 +1100 Subject: - djm@cvs.openbsd.org 2006/03/22 21:27:15 [deattack.c deattack.h packet.c] remove IV support from the CRC attack detector, OpenSSH has never used it - it only applied to IDEA-CFB, which we don't support. prompted by NetBSD Coverity report via elad AT netbsd.org; feedback markus@ "nuke it" deraadt@ --- packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packet.c b/packet.c index ee9369638..0121f8aee 100644 --- a/packet.c +++ b/packet.c @@ -988,7 +988,7 @@ packet_read_poll1(void) * Ariel Futoransky(futo@core-sdi.com) */ if (!receive_context.plaintext && - detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED) + detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED) packet_disconnect("crc32 compensation attack: network attack detected"); /* Decrypt data to incoming_packet. */ -- cgit v1.2.3 From 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:19:21 +1100 Subject: - djm@cvs.openbsd.org 2006/03/25 00:05:41 [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@ --- ChangeLog | 16 +++++++++++++++- auth-bsdauth.c | 5 ++--- auth-skey.c | 11 +++-------- auth.c | 12 +++++------- auth2-chall.c | 2 +- channels.c | 7 +++---- clientloop.c | 5 ++--- deattack.c | 2 +- gss-genr.c | 6 ++---- kex.c | 8 +++----- key.c | 10 ++++------ misc.c | 6 ++---- moduli.c | 17 +++-------------- monitor.c | 6 ++---- monitor_wrap.c | 10 +++------- packet.c | 4 ++-- scard.c | 2 +- sftp-server.c | 2 +- ssh-agent.c | 9 +++------ ssh-keyscan.c | 18 ++++++++---------- ssh.c | 5 +++-- sshconnect.c | 17 +++++------------ sshconnect2.c | 10 +++------- sshd.c | 16 +++++++--------- uuencode.c | 7 ++++++- xmalloc.c | 32 ++++++++++++++++++++++++++++++++ xmalloc.h | 6 +++++- 27 files changed, 127 insertions(+), 124 deletions(-) diff --git a/ChangeLog b/ChangeLog index 04275b22c..20d034a6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,20 @@ - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 [ttymodes.c] spacing + - djm@cvs.openbsd.org 2006/03/25 00:05:41 + [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] + [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] + [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] + [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] + [xmalloc.c xmalloc.h] + introduce xcalloc() and xasprintf() failure-checked allocations + functions and use them throughout openssh + + xcalloc is particularly important because malloc(nmemb * size) is a + dangerous idiom (subject to integer overflow) and it is time for it + to die + + feedback and ok deraadt@ 20060325 - OpenBSD CVS Sync @@ -4361,4 +4375,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4272 2006/03/26 03:10:34 djm Exp $ +$Id: ChangeLog,v 1.4273 2006/03/26 03:19:21 djm Exp $ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index f48b43174..2ccbc9d43 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -68,9 +68,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*prompts)[0] = xstrdup(challenge); return 0; diff --git a/auth-skey.c b/auth-skey.c index ce8c1a809..3e6a06db7 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -53,15 +53,10 @@ skey_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); - len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; - p = xmalloc(len); - strlcpy(p, challenge, len); - strlcat(p, SKEY_PROMPT, len); - (*prompts)[0] = p; + xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); return 0; } diff --git a/auth.c b/auth.c index 85c6f8d1d..aa6d66075 100644 --- a/auth.c +++ b/auth.c @@ -340,7 +340,8 @@ auth_root_allowed(char *method) static char * expand_authorized_keys(const char *filename, struct passwd *pw) { - char *file, *ret; + char *file, ret[MAXPATHLEN]; + int i; file = percent_expand(filename, "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); @@ -352,14 +353,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw) if (*file == '/') return (file); - ret = xmalloc(MAXPATHLEN); - if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN || - strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN || - strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN) + i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); + if (i < 0 || (size_t)i >= sizeof(ret)) fatal("expand_authorized_keys: path too long"); - xfree(file); - return (ret); + return (xstrdup(ret)); } char * diff --git a/auth2-chall.c b/auth2-chall.c index 8860a94c5..d54ee2856 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -290,7 +290,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) if (nresp > 100) fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { - response = xmalloc(nresp * sizeof(char *)); + response = xcalloc(nresp, sizeof(char *)); for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } diff --git a/channels.c b/channels.c index 1ff7152a8..0e7d5cf58 100644 --- a/channels.c +++ b/channels.c @@ -249,7 +249,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* Do initial allocation if this is the first call. */ if (channels_alloc == 0) { channels_alloc = 10; - channels = xmalloc(channels_alloc * sizeof(Channel *)); + channels = xcalloc(channels_alloc, sizeof(Channel *)); for (i = 0; i < channels_alloc; i++) channels[i] = NULL; } @@ -274,8 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, channels[i] = NULL; } /* Initialize and return new channel. */ - c = channels[found] = xmalloc(sizeof(Channel)); - memset(c, 0, sizeof(Channel)); + c = channels[found] = xcalloc(1, sizeof(Channel)); buffer_init(&c->input); buffer_init(&c->output); buffer_init(&c->extended); @@ -2842,7 +2841,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Allocate a channel for each socket. */ - *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); + *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; nc = channel_new("x11 listener", diff --git a/clientloop.c b/clientloop.c index 36a4a64ae..aa4ebb3aa 100644 --- a/clientloop.c +++ b/clientloop.c @@ -820,8 +820,7 @@ client_process_control(fd_set * readset) return; } - cctx = xmalloc(sizeof(*cctx)); - memset(cctx, 0, sizeof(*cctx)); + cctx = xcalloc(1, sizeof(*cctx)); cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; @@ -836,7 +835,7 @@ client_process_control(fd_set * readset) env_len = MIN(env_len, 4096); debug3("%s: receiving %d env vars", __func__, env_len); if (env_len != 0) { - cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1)); + cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env)); for (i = 0; i < env_len; i++) cctx->env[i] = buffer_get_string(&m, &len); cctx->env[i] = NULL; diff --git a/deattack.c b/deattack.c index bf4451b88..746ff5d43 100644 --- a/deattack.c +++ b/deattack.c @@ -93,7 +93,7 @@ detect_attack(u_char *buf, u_int32_t len) if (h == NULL) { debug("Installing crc compensation attack detector."); - h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); + h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE); n = l; } else { if (l > n) { diff --git a/gss-genr.c b/gss-genr.c index 8d75ee5c7..9cedfcdc3 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.7 2006/03/20 04:07:49 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.8 2006/03/25 00:05:41 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -135,9 +135,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, void ssh_gssapi_build_ctx(Gssctxt **ctx) { - *ctx = xmalloc(sizeof (Gssctxt)); - (*ctx)->major = 0; - (*ctx)->minor = 0; + *ctx = xcalloc(1, sizeof (Gssctxt)); (*ctx)->context = GSS_C_NO_CONTEXT; (*ctx)->name = GSS_C_NO_NAME; (*ctx)->oid = GSS_C_NO_OID; diff --git a/kex.c b/kex.c index 91081b18e..030df6be0 100644 --- a/kex.c +++ b/kex.c @@ -82,7 +82,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) int i; char **proposal; - proposal = xmalloc(PROPOSAL_MAX * sizeof(char *)); + proposal = xcalloc(PROPOSAL_MAX, sizeof(char *)); buffer_init(&b); buffer_append(&b, buffer_ptr(raw), buffer_len(raw)); @@ -217,8 +217,7 @@ kex_setup(char *proposal[PROPOSAL_MAX]) { Kex *kex; - kex = xmalloc(sizeof(*kex)); - memset(kex, 0, sizeof(*kex)); + kex = xcalloc(1, sizeof(*kex)); buffer_init(&kex->peer); buffer_init(&kex->my); kex_prop2buf(&kex->my, proposal); @@ -379,8 +378,7 @@ kex_choose_conf(Kex *kex) /* Algorithm Negotiation */ for (mode = 0; mode < MODE_MAX; mode++) { - newkeys = xmalloc(sizeof(*newkeys)); - memset(newkeys, 0, sizeof(*newkeys)); + newkeys = xcalloc(1, sizeof(*newkeys)); kex->newkeys[mode] = newkeys; ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN); nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; diff --git a/key.c b/key.c index d6dd3abea..0d29593b0 100644 --- a/key.c +++ b/key.c @@ -49,9 +49,8 @@ key_new(int type) Key *k; RSA *rsa; DSA *dsa; - k = xmalloc(sizeof(*k)); + k = xcalloc(1, sizeof(*k)); k->type = type; - k->flags = 0; k->dsa = NULL; k->rsa = NULL; switch (k->type) { @@ -231,8 +230,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) char *retval; u_int i; - retval = xmalloc(dgst_raw_len * 3 + 1); - retval[0] = '\0'; + retval = xcalloc(1, dgst_raw_len * 3 + 1); for (i = 0; i < dgst_raw_len; i++) { char hex[4]; snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); @@ -254,7 +252,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) char *retval; rounds = (dgst_raw_len / 2) + 1; - retval = xmalloc(sizeof(char) * (rounds*6)); + retval = xcalloc((rounds * 6), sizeof(char)); retval[j++] = 'x'; for (i = 0; i < rounds; i++) { u_int idx0, idx1, idx2, idx3, idx4; @@ -824,7 +822,7 @@ key_demote(const Key *k) { Key *pk; - pk = xmalloc(sizeof(*pk)); + pk = xcalloc(1, sizeof(*pk)); pk->type = k->type; pk->flags = k->flags; pk->dsa = NULL; diff --git a/misc.c b/misc.c index 1949dd4b3..bf7b1ed66 100644 --- a/misc.c +++ b/misc.c @@ -172,9 +172,8 @@ strdelim(char **s) struct passwd * pwcopy(struct passwd *pw) { - struct passwd *copy = xmalloc(sizeof(*copy)); + struct passwd *copy = xcalloc(1, sizeof(*copy)); - memset(copy, 0, sizeof(*copy)); copy->pw_name = xstrdup(pw->pw_name); copy->pw_passwd = xstrdup(pw->pw_passwd); copy->pw_gecos = xstrdup(pw->pw_gecos); @@ -697,8 +696,7 @@ tohex(const u_char *d, u_int l) u_int i, hl; hl = l * 2 + 1; - r = xmalloc(hl); - *r = '\0'; + r = xcalloc(1, hl); for (i = 0; i < l; i++) { snprintf(b, sizeof(b), "%02x", d[i]); strlcat(r, b, hl); diff --git a/moduli.c b/moduli.c index d53806ea6..f6f15a2a4 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.13 2006/03/25 00:05:41 djm Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -301,21 +301,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) largewords = (largememory << SHIFT_MEGAWORD); } - TinySieve = calloc(tinywords, sizeof(u_int32_t)); - if (TinySieve == NULL) { - error("Insufficient memory for tiny sieve: need %u bytes", - tinywords << SHIFT_BYTE); - exit(1); - } + TinySieve = xcalloc(tinywords, sizeof(u_int32_t)); tinybits = tinywords << SHIFT_WORD; - SmallSieve = calloc(smallwords, sizeof(u_int32_t)); - if (SmallSieve == NULL) { - error("Insufficient memory for small sieve: need %u bytes", - smallwords << SHIFT_BYTE); - xfree(TinySieve); - exit(1); - } + SmallSieve = xcalloc(smallwords, sizeof(u_int32_t)); smallbits = smallwords << SHIFT_WORD; /* diff --git a/monitor.c b/monitor.c index 97b420fc3..7409be32b 100644 --- a/monitor.c +++ b/monitor.c @@ -1625,8 +1625,7 @@ mm_get_kex(Buffer *m) void *blob; u_int bloblen; - kex = xmalloc(sizeof(*kex)); - memset(kex, 0, sizeof(*kex)); + kex = xcalloc(1, sizeof(*kex)); kex->session_id = buffer_get_string(m, &kex->session_id_len); if ((session_id2 == NULL) || (kex->session_id_len != session_id2_len) || @@ -1796,9 +1795,8 @@ monitor_init(void) struct monitor *mon; int pair[2]; - mon = xmalloc(sizeof(*mon)); + mon = xcalloc(1, sizeof(*mon)); - mon->m_pid = 0; monitor_socketpair(pair); mon->m_recvfd = pair[0]; diff --git a/monitor_wrap.c b/monitor_wrap.c index e5a65491d..cd340360a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -859,8 +859,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char *)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); + *prompts = xcalloc(*numprompts, sizeof(char *)); + *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*echo_on)[0] = 0; } @@ -953,11 +953,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); - len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; - p = xmalloc(len); - strlcpy(p, challenge, len); - strlcat(p, SKEY_PROMPT, len); - (*prompts)[0] = p; + xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); xfree(challenge); return (0); diff --git a/packet.c b/packet.c index 0121f8aee..40c6b1d2b 100644 --- a/packet.c +++ b/packet.c @@ -877,7 +877,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) char buf[8192]; DBG(debug("packet_read()")); - setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) * + setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), sizeof(fd_mask)); /* Since we are blocking, ensure that all written packets have been sent. */ @@ -1419,7 +1419,7 @@ packet_write_wait(void) { fd_set *setp; - setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) * + setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), sizeof(fd_mask)); packet_write_poll(); while (packet_have_data_to_write()) { diff --git a/scard.c b/scard.c index 7cffc2d4e..c0c22aa73 100644 --- a/scard.c +++ b/scard.c @@ -382,7 +382,7 @@ sc_get_keys(const char *id, const char *pin) key_free(k); return NULL; } - keys = xmalloc((nkeys+1) * sizeof(Key *)); + keys = xcalloc((nkeys+1), sizeof(Key *)); n = key_new(KEY_RSA1); BN_copy(n->rsa->n, k->rsa->n); diff --git a/sftp-server.c b/sftp-server.c index cf3458120..a6add52aa 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -712,7 +712,7 @@ process_readdir(void) Stat *stats; int nstats = 10, count = 0, i; - stats = xmalloc(nstats * sizeof(Stat)); + stats = xcalloc(nstats, sizeof(Stat)); while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { nstats *= 2; diff --git a/ssh-agent.c b/ssh-agent.c index 7feb898dd..67bde5560 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -109,8 +109,8 @@ int max_fd = 0; pid_t parent_pid = -1; /* pathname and directory for AUTH_SOCKET */ -char socket_name[1024]; -char socket_dir[1024]; +char socket_name[MAXPATHLEN]; +char socket_dir[MAXPATHLEN]; /* locking */ int locked = 0; @@ -803,10 +803,7 @@ new_socket(sock_type type, int fd) } old_alloc = sockets_alloc; new_alloc = sockets_alloc + 10; - if (sockets) - sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); - else - sockets = xmalloc(new_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; sockets_alloc = new_alloc; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c7296938b..07b679442 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -54,7 +54,7 @@ int maxfd; extern char *__progname; fd_set *read_wait; -size_t read_wait_size; +size_t read_wait_nfdset; int ncon; int nonfatal_fatal = 0; jmp_buf kexjmp; @@ -634,10 +634,10 @@ conloop(void) } else seltime.tv_sec = seltime.tv_usec = 0; - r = xmalloc(read_wait_size); - memcpy(r, read_wait, read_wait_size); - e = xmalloc(read_wait_size); - memcpy(e, read_wait, read_wait_size); + r = xcalloc(read_wait_nfdset, sizeof(fd_mask)); + e = xcalloc(read_wait_nfdset, sizeof(fd_mask)); + memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask)); + memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask)); while (select(maxfd, r, NULL, e, &seltime) == -1 && (errno == EAGAIN || errno == EINTR)) @@ -804,12 +804,10 @@ main(int argc, char **argv) fatal("%s: not enough file descriptors", __progname); if (maxfd > fdlim_get(0)) fdlim_set(maxfd); - fdcon = xmalloc(maxfd * sizeof(con)); - memset(fdcon, 0, maxfd * sizeof(con)); + fdcon = xcalloc(maxfd, sizeof(con)); - read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask); - read_wait = xmalloc(read_wait_size); - memset(read_wait, 0, read_wait_size); + read_wait_nfdset = howmany(maxfd, NFDBITS); + read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); if (fopt_count) { Linebuf *lb; diff --git a/ssh.c b/ssh.c index 0c950745b..f34be679c 100644 --- a/ssh.c +++ b/ssh.c @@ -687,7 +687,7 @@ main(int ac, char **av) if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xmalloc(sensitive_data.nkeys * + sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); PRIV_START; @@ -1250,7 +1250,8 @@ env_permitted(char *env) int i; char name[1024], *cp; - strlcpy(name, env, sizeof(name)); + if (strlcpy(name, env, sizeof(name)) >= sizeof(name)) + fatal("env_permitted: name too long"); if ((cp = strchr(name, '=')) == NULL) return (0); diff --git a/sshconnect.c b/sshconnect.c index 33961e4dc..8d4928a82 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -68,7 +68,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) int pin[2], pout[2]; pid_t pid; char strport[NI_MAXSERV]; - size_t len; /* Convert the port number into a string. */ snprintf(strport, sizeof strport, "%hu", port); @@ -80,10 +79,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) * Use "exec" to avoid "sh -c" processes on some platforms * (e.g. Solaris) */ - len = strlen(proxy_command) + 6; - tmp = xmalloc(len); - strlcpy(tmp, "exec ", len); - strlcat(tmp, proxy_command, len); + xasprintf(&tmp, "exec %s", proxy_command); command_string = percent_expand(tmp, "h", host, "p", strport, (char *)NULL); xfree(tmp); @@ -211,7 +207,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, fd_set *fdset; struct timeval tv; socklen_t optlen; - int fdsetsz, optval, rc, result = -1; + int optval, rc, result = -1; if (timeout <= 0) return (connect(sockfd, serv_addr, addrlen)); @@ -225,10 +221,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, if (errno != EINPROGRESS) return (-1); - fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); - - memset(fdset, 0, fdsetsz); + fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS), + sizeof(fd_mask)); FD_SET(sockfd, fdset); tv.tv_sec = timeout; tv.tv_usec = 0; @@ -957,8 +951,7 @@ ssh_put_password(char *password) return; } size = roundup(strlen(password) + 1, 32); - padded = xmalloc(size); - memset(padded, 0, size); + padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); memset(padded, 0, size); diff --git a/sshconnect2.c b/sshconnect2.c index f8d21489e..c3501c2a5 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1029,8 +1029,7 @@ pubkey_prepare(Authctxt *authctxt) if (key && key->type == KEY_RSA1) continue; options.identity_keys[i] = NULL; - id = xmalloc(sizeof(*id)); - memset(id, 0, sizeof(*id)); + id = xcalloc(1, sizeof(*id)); id->key = key; id->filename = xstrdup(options.identity_files[i]); TAILQ_INSERT_TAIL(&files, id, next); @@ -1054,8 +1053,7 @@ pubkey_prepare(Authctxt *authctxt) } } if (!found && !options.identities_only) { - id = xmalloc(sizeof(*id)); - memset(id, 0, sizeof(*id)); + id = xcalloc(1, sizeof(*id)); id->key = key; id->filename = comment; id->ac = ac; @@ -1336,9 +1334,7 @@ userauth_hostbased(Authctxt *authctxt) return 0; } len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); + xasprintf(&chost, "%s.", p); debug2("userauth_hostbased: chost %s", chost); xfree(p); diff --git a/sshd.c b/sshd.c index bb830161e..28e8c1aa3 100644 --- a/sshd.c +++ b/sshd.c @@ -891,7 +891,7 @@ main(int ac, char **av) { extern char *optarg; extern int optind; - int opt, j, i, fdsetsz, on = 1; + int opt, j, i, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; pid_t pid; socklen_t fromlen; @@ -1110,7 +1110,7 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); /* load private host keys */ - sensitive_data.host_keys = xmalloc(options.num_host_key_files * + sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; @@ -1212,7 +1212,7 @@ main(int ac, char **av) debug("setgroups() failed: %.200s", strerror(errno)); if (rexec_flag) { - rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2)); + rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); for (i = 0; i < rexec_argc; i++) { debug("rexec_argv[%d]='%s'", i, saved_argv[i]); rexec_argv[i] = saved_argv[i]; @@ -1391,7 +1391,7 @@ main(int ac, char **av) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; /* pipes connected to unauthenticated childs */ - startup_pipes = xmalloc(options.max_startups * sizeof(int)); + startup_pipes = xcalloc(options.max_startups, sizeof(int)); for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; @@ -1404,9 +1404,8 @@ main(int ac, char **av) sighup_restart(); if (fdset != NULL) xfree(fdset); - fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); - memset(fdset, 0, fdsetsz); + fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), + sizeof(fd_mask)); for (i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); @@ -1713,8 +1712,7 @@ main(int ac, char **av) packet_set_nonblocking(); /* allocate authentication context */ - authctxt = xmalloc(sizeof(*authctxt)); - memset(authctxt, 0, sizeof(*authctxt)); + authctxt = xcalloc(1, sizeof(*authctxt)); authctxt->loginmsg = &loginmsg; diff --git a/uuencode.c b/uuencode.c index 314eb92f3..feda6a016 100644 --- a/uuencode.c +++ b/uuencode.c @@ -57,9 +57,14 @@ uudecode(const char *src, u_char *target, size_t targsize) void dump_base64(FILE *fp, u_char *data, u_int len) { - char *buf = xmalloc(2*len); + char *buf;; int i, n; + if (len > 65536) { + fprintf(fp, "dump_base64: len > 65536\n"); + return; + } + buf = xmalloc(2*len); n = uuencode(data, len, buf, 2*len); for (i = 0; i < n; i++) { fprintf(fp, "%c", buf[i]); diff --git a/xmalloc.c b/xmalloc.c index 64e439853..6d56781d9 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -30,6 +30,22 @@ xmalloc(size_t size) return ptr; } +void * +xcalloc(size_t nmemb, size_t size) +{ + void *ptr; + + if (nmemb && size && SIZE_T_MAX / nmemb < size) + fatal("xcalloc: nmemb * size > SIZE_T_MAX"); + if (size == 0 || nmemb == 0) + fatal("xcalloc: zero size"); + ptr = calloc(nmemb, size); + if (ptr == NULL) + fatal("xcalloc: out of memory (allocating %lu bytes)", + (u_long)(size * nmemb)); + return ptr; +} + void * xrealloc(void *ptr, size_t new_size) { @@ -65,3 +81,19 @@ xstrdup(const char *str) strlcpy(cp, str, len); return cp; } + +int +xasprintf(char **ret, const char *fmt, ...) +{ + va_list ap; + int i; + + va_start(ap, fmt); + i = vasprintf(ret, fmt, ap); + va_end(ap); + + if (i < 0 || *ret == NULL) + fatal("xasprintf: could not allocate memory"); + + return (i); +} diff --git a/xmalloc.h b/xmalloc.h index 7ac4b13d6..b6d521a66 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.9 2002/06/19 00:27:55 deraadt Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.10 2006/03/25 00:05:41 djm Exp $ */ /* * Author: Tatu Ylonen @@ -20,8 +20,12 @@ #define XMALLOC_H void *xmalloc(size_t); +void *xcalloc(size_t, size_t); void *xrealloc(void *, size_t); void xfree(void *); char *xstrdup(const char *); +int xasprintf(char **, const char *, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); #endif /* XMALLOC_H */ -- cgit v1.2.3 From 36812092ecb11a25ca9d6d87fdeaf53e371c5043 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:22:47 +1100 Subject: - djm@cvs.openbsd.org 2006/03/25 01:13:23 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@ --- ChangeLog | 12 +++++++++++- auth-pam.c | 4 ++-- buffer.c | 2 +- channels.c | 17 +++++++++++------ deattack.c | 2 +- misc.c | 2 +- scp.c | 2 +- session.c | 6 +++--- sftp-client.c | 3 +-- sftp-server.c | 2 +- ssh-agent.c | 2 +- ssh-rand-helper.c | 4 ++-- ssh-rsa.c | 2 +- uidswap.c | 4 ++-- xmalloc.c | 10 +++++++--- xmalloc.h | 4 ++-- 16 files changed, 48 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20d034a6e..9d129a183 100644 --- a/ChangeLog +++ b/ChangeLog @@ -118,6 +118,16 @@ to die feedback and ok deraadt@ + - djm@cvs.openbsd.org 2006/03/25 01:13:23 + [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] + [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] + [uidswap.c] + change OpenSSH's xrealloc() function from being xrealloc(p, new_size) + to xrealloc(p, new_nmemb, new_itemsize). + + realloc is particularly prone to integer overflows because it is + almost always allocating "n * size" bytes, so this is a far safer + API; ok deraadt@ 20060325 - OpenBSD CVS Sync @@ -4375,4 +4385,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4273 2006/03/26 03:19:21 djm Exp $ +$Id: ChangeLog,v 1.4274 2006/03/26 03:22:47 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 3d64de76a..c12f413e7 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -703,7 +703,7 @@ sshpam_query(void *ctx, char **name, char **info, case PAM_PROMPT_ECHO_OFF: *num = 1; len = plen + mlen + 1; - **prompts = xrealloc(**prompts, len); + **prompts = xrealloc(**prompts, 1, len); strlcpy(**prompts + plen, msg, len - plen); plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); @@ -713,7 +713,7 @@ sshpam_query(void *ctx, char **name, char **info, case PAM_TEXT_INFO: /* accumulate messages */ len = plen + mlen + 2; - **prompts = xrealloc(**prompts, len); + **prompts = xrealloc(**prompts, 1, len); strlcpy(**prompts + plen, msg, len - plen); plen += mlen; strlcat(**prompts + plen, "\n", len - plen); diff --git a/buffer.c b/buffer.c index 08682e0f1..1666f742e 100644 --- a/buffer.c +++ b/buffer.c @@ -109,7 +109,7 @@ restart: if (newlen > BUFFER_MAX_LEN) fatal("buffer_append_space: alloc %u not supported", newlen); - buffer->buf = xrealloc(buffer->buf, newlen); + buffer->buf = xrealloc(buffer->buf, 1, newlen); buffer->alloc = newlen; goto restart; /* NOTREACHED */ diff --git a/channels.c b/channels.c index 0e7d5cf58..5706833a9 100644 --- a/channels.c +++ b/channels.c @@ -266,8 +266,8 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, if (channels_alloc > 10000) fatal("channel_new: internal error: channels_alloc %d " "too big.", channels_alloc); - channels = xrealloc(channels, - (channels_alloc + 10) * sizeof(Channel *)); + channels = xrealloc(channels, channels_alloc + 10, + sizeof(Channel *)); channels_alloc += 10; debug2("channel: expanding %d", channels_alloc); for (i = found; i < channels_alloc; i++) @@ -1789,15 +1789,20 @@ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, u_int *nallocp, int rekeying) { - u_int n, sz; + u_int n, sz, nfdset; n = MAX(*maxfdp, channel_max_fd); - sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); + nfdset = howmany(n+1, NFDBITS); + /* Explicitly test here, because xrealloc isn't always called */ + if (nfdset && SIZE_T_MAX / nfdset < sizeof(fd_mask)) + fatal("channel_prepare_select: max_fd (%d) is too large", n); + sz = nfdset * sizeof(fd_mask); + /* perhaps check sz < nalloc/2 and shrink? */ if (*readsetp == NULL || sz > *nallocp) { - *readsetp = xrealloc(*readsetp, sz); - *writesetp = xrealloc(*writesetp, sz); + *readsetp = xrealloc(*readsetp, nfdset, sizeof(fd_mask)); + *writesetp = xrealloc(*writesetp, nfdset, sizeof(fd_mask)); *nallocp = sz; } *maxfdp = n; diff --git a/deattack.c b/deattack.c index 746ff5d43..ff9ca4dd5 100644 --- a/deattack.c +++ b/deattack.c @@ -97,7 +97,7 @@ detect_attack(u_char *buf, u_int32_t len) n = l; } else { if (l > n) { - h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); + h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE); n = l; } } diff --git a/misc.c b/misc.c index bf7b1ed66..96d90dec9 100644 --- a/misc.c +++ b/misc.c @@ -425,7 +425,7 @@ addargs(arglist *args, char *fmt, ...) } else if (args->num+2 >= nalloc) nalloc *= 2; - args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc, sizeof(char *)); args->nalloc = nalloc; args->list[args->num++] = cp; args->list[args->num] = NULL; diff --git a/scp.c b/scp.c index bf9db97cf..3068b8d32 100644 --- a/scp.c +++ b/scp.c @@ -1190,7 +1190,7 @@ allocbuf(BUF *bp, int fd, int blksize) if (bp->buf == NULL) bp->buf = xmalloc(size); else - bp->buf = xrealloc(bp->buf, size); + bp->buf = xrealloc(bp->buf, 1, size); memset(bp->buf, 0, size); bp->cnt = size; return (bp); diff --git a/session.c b/session.c index b00caa547..f0a0bdd2f 100644 --- a/session.c +++ b/session.c @@ -837,7 +837,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, if (envsize >= 1000) fatal("child_set_env: too many env vars"); envsize += 50; - env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + env = (*envp) = xrealloc(env, envsize, sizeof(char *)); *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ @@ -1941,8 +1941,8 @@ session_env_req(Session *s) for (i = 0; i < options.num_accept_env; i++) { if (match_pattern(name, options.accept_env[i])) { debug2("Setting env %d: %s=%s", s->num_env, name, val); - s->env = xrealloc(s->env, sizeof(*s->env) * - (s->num_env + 1)); + s->env = xrealloc(s->env, s->num_env + 1, + sizeof(*s->env)); s->env[s->num_env].name = name; s->env[s->num_env].val = val; s->num_env++; diff --git a/sftp-client.c b/sftp-client.c index c34f919a4..8b4d67b58 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -393,8 +393,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, printf("%s\n", longname); if (dir) { - *dir = xrealloc(*dir, sizeof(**dir) * - (ents + 2)); + *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); (*dir)[ents] = xmalloc(sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); (*dir)[ents]->longname = xstrdup(longname); diff --git a/sftp-server.c b/sftp-server.c index a6add52aa..52b7323c2 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -716,7 +716,7 @@ process_readdir(void) while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { nstats *= 2; - stats = xrealloc(stats, nstats * sizeof(Stat)); + stats = xrealloc(stats, nstats, sizeof(Stat)); } /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, diff --git a/ssh-agent.c b/ssh-agent.c index 67bde5560..042b18f54 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -803,7 +803,7 @@ new_socket(sock_type type, int fd) } old_alloc = sockets_alloc; new_alloc = sockets_alloc + 10; - sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); + sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0])); for (i = old_alloc; i < new_alloc; i++) sockets[i].type = AUTH_UNUSED; sockets_alloc = new_alloc; diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index bdf73ec48..662f70080 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -768,7 +768,7 @@ prng_read_commands(char *cmdfilename) */ if (cur_cmd == num_cmds) { num_cmds *= 2; - entcmd = xrealloc(entcmd, num_cmds * + entcmd = xrealloc(entcmd, num_cmds, sizeof(entropy_cmd_t)); } } @@ -777,7 +777,7 @@ prng_read_commands(char *cmdfilename) memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t)); /* trim to size */ - entropy_cmds = xrealloc(entcmd, (cur_cmd + 1) * + entropy_cmds = xrealloc(entcmd, (cur_cmd + 1), sizeof(entropy_cmd_t)); debug("Loaded %d entropy commands from %.100s", cur_cmd, diff --git a/ssh-rsa.c b/ssh-rsa.c index ce4195fea..55fb7ba59 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -144,7 +144,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, u_int diff = modlen - len; debug("ssh_rsa_verify: add padding: modlen %u > len %u", modlen, len); - sigblob = xrealloc(sigblob, modlen); + sigblob = xrealloc(sigblob, 1, modlen); memmove(sigblob + diff, sigblob, len); memset(sigblob, 0, diff); len = modlen; diff --git a/uidswap.c b/uidswap.c index ca0894806..305895a44 100644 --- a/uidswap.c +++ b/uidswap.c @@ -76,7 +76,7 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); if (saved_egroupslen > 0) { saved_egroups = xrealloc(saved_egroups, - saved_egroupslen * sizeof(gid_t)); + saved_egroupslen, sizeof(gid_t)); if (getgroups(saved_egroupslen, saved_egroups) < 0) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ @@ -95,7 +95,7 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); if (user_groupslen > 0) { user_groups = xrealloc(user_groups, - user_groupslen * sizeof(gid_t)); + user_groupslen, sizeof(gid_t)); if (getgroups(user_groupslen, user_groups) < 0) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ diff --git a/xmalloc.c b/xmalloc.c index 6d56781d9..d5d7b6bc5 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -35,7 +35,7 @@ xcalloc(size_t nmemb, size_t size) { void *ptr; - if (nmemb && size && SIZE_T_MAX / nmemb < size) + if (nmemb && size && SIZE_T_MAX / nmemb < size) fatal("xcalloc: nmemb * size > SIZE_T_MAX"); if (size == 0 || nmemb == 0) fatal("xcalloc: zero size"); @@ -47,10 +47,13 @@ xcalloc(size_t nmemb, size_t size) } void * -xrealloc(void *ptr, size_t new_size) +xrealloc(void *ptr, size_t nmemb, size_t size) { void *new_ptr; + size_t new_size = nmemb * size; + if (nmemb && size && SIZE_T_MAX / nmemb < size) + fatal("xrealloc: nmemb * size > SIZE_T_MAX"); if (new_size == 0) fatal("xrealloc: zero size"); if (ptr == NULL) @@ -58,7 +61,8 @@ xrealloc(void *ptr, size_t new_size) else new_ptr = realloc(ptr, new_size); if (new_ptr == NULL) - fatal("xrealloc: out of memory (new_size %lu bytes)", (u_long) new_size); + fatal("xrealloc: out of memory (new_size %lu bytes)", + (u_long) new_size); return new_ptr; } diff --git a/xmalloc.h b/xmalloc.h index b6d521a66..ef29787bd 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.10 2006/03/25 00:05:41 djm Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.11 2006/03/25 01:13:23 djm Exp $ */ /* * Author: Tatu Ylonen @@ -21,7 +21,7 @@ void *xmalloc(size_t); void *xcalloc(size_t, size_t); -void *xrealloc(void *, size_t); +void *xrealloc(void *, size_t, size_t); void xfree(void *); char *xstrdup(const char *); int xasprintf(char **, const char *, ...) -- cgit v1.2.3 From 55b04f1d77cdf503bf4c87e7a1ebf7d663b42554 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:23:17 +1100 Subject: - djm@cvs.openbsd.org 2006/03/25 01:30:23 [sftp.c] "abormally" is a perfectly cromulent word, but "abnormally" is better --- ChangeLog | 5 ++++- sftp.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d129a183..62ffb4690 100644 --- a/ChangeLog +++ b/ChangeLog @@ -128,6 +128,9 @@ realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@ + - djm@cvs.openbsd.org 2006/03/25 01:30:23 + [sftp.c] + "abormally" is a perfectly cromulent word, but "abnormally" is better 20060325 - OpenBSD CVS Sync @@ -4385,4 +4388,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4274 2006/03/26 03:22:47 djm Exp $ +$Id: ChangeLog,v 1.4275 2006/03/26 03:23:17 djm Exp $ diff --git a/sftp.c b/sftp.c index 194d22710..868794a76 100644 --- a/sftp.c +++ b/sftp.c @@ -244,7 +244,7 @@ local_do_shell(const char *args) if (errno != EINTR) fatal("Couldn't wait for child: %s", strerror(errno)); if (!WIFEXITED(status)) - error("Shell exited abormally"); + error("Shell exited abnormally"); else if (WEXITSTATUS(status)) error("Shell exited with status %d", WEXITSTATUS(status)); } -- cgit v1.2.3 From 57c30117c1c97c069bc38af45b4a504a39866e74 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:24:48 +1100 Subject: - djm@cvs.openbsd.org 2006/03/25 13:17:03 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files --- ChangeLog | 6 +++++- atomicio.c | 1 + auth-bsdauth.c | 1 + auth-chall.c | 1 + auth-options.c | 1 + auth-passwd.c | 1 + auth-rh-rsa.c | 1 + auth-rhosts.c | 1 + auth-rsa.c | 1 + auth-skey.c | 1 + auth.c | 1 + auth1.c | 1 + auth2-chall.c | 1 + auth2-hostbased.c | 1 + auth2-kbdint.c | 1 + auth2-none.c | 1 + auth2-passwd.c | 1 + auth2-pubkey.c | 1 + auth2.c | 1 + authfd.c | 1 + authfile.c | 1 + bufaux.c | 1 + buffer.c | 1 + canohost.c | 1 + channels.c | 1 + cipher-3des1.c | 1 + cipher-bf1.c | 1 + cipher-ctr.c | 1 + cipher.c | 1 + cleanup.c | 1 + clientloop.c | 1 + compat.c | 1 + compress.c | 1 + deattack.c | 1 + dh.c | 1 + dispatch.c | 1 + fatal.c | 1 + groupaccess.c | 1 + hostfile.c | 1 + kex.c | 1 + kexdh.c | 1 + kexdhc.c | 1 + kexdhs.c | 1 + kexgex.c | 1 + kexgexc.c | 1 + kexgexs.c | 1 + key.c | 1 + log.c | 1 + mac.c | 1 + match.c | 1 + md-sha256.c | 1 + misc.c | 1 + monitor.c | 1 + monitor_fdpass.c | 1 + monitor_mm.c | 1 + monitor_wrap.c | 1 + msg.c | 1 + nchan.c | 1 + packet.c | 1 + progressmeter.c | 1 + readconf.c | 1 + readpass.c | 1 + rsa.c | 1 + scard.c | 1 + scp.c | 1 + servconf.c | 1 + serverloop.c | 1 + session.c | 1 + sftp-client.c | 1 + sftp-common.c | 1 + sftp-glob.c | 1 + sftp-server.c | 1 + sftp.c | 1 + ssh-add.c | 1 + ssh-agent.c | 1 + ssh-dss.c | 1 + ssh-keygen.c | 1 + ssh-keyscan.c | 1 + ssh-keysign.c | 1 + ssh-rsa.c | 1 + ssh.c | 1 + sshconnect.c | 1 + sshconnect1.c | 1 + sshconnect2.c | 1 + sshd.c | 1 + sshlogin.c | 1 + sshpty.c | 1 + sshtty.c | 1 + ttymodes.c | 1 + uidswap.c | 1 + uuencode.c | 1 + xmalloc.c | 1 + 92 files changed, 96 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 62ffb4690..98b6cc356 100644 --- a/ChangeLog +++ b/ChangeLog @@ -131,6 +131,10 @@ - djm@cvs.openbsd.org 2006/03/25 01:30:23 [sftp.c] "abormally" is a perfectly cromulent word, but "abnormally" is better + - djm@cvs.openbsd.org 2006/03/25 13:17:03 + [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c uuencode.c xmalloc.c] + Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that + Theo nuked - our scripts to sync -portable need them in the files 20060325 - OpenBSD CVS Sync @@ -4388,4 +4392,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4275 2006/03/26 03:23:17 djm Exp $ +$Id: ChangeLog,v 1.4276 2006/03/26 03:24:48 djm Exp $ diff --git a/atomicio.c b/atomicio.c index afe306b1b..87fb9fe75 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,3 +1,4 @@ +/* $OpenBSD: atomicio.c,v 1.16 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 2ccbc9d43..c309e4a11 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-bsdauth.c,v 1.9 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/auth-chall.c b/auth-chall.c index 7707023a4..023e7ee01 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-chall.c,v 1.11 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/auth-options.c b/auth-options.c index 77488a49d..56d598412 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-options.c,v 1.35 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/auth-passwd.c b/auth-passwd.c index df202dde3..2ebcc5fc4 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-passwd.c,v 1.36 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index f9c386dba..c8bdfa26c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-rh-rsa.c,v 1.40 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/auth-rhosts.c b/auth-rhosts.c index 098893563..ce72adb7d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-rhosts.c,v 1.37 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/auth-rsa.c b/auth-rsa.c index effff5d2a..a906eb2d6 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-rsa.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/auth-skey.c b/auth-skey.c index 3e6a06db7..9c981ec83 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-skey.c,v 1.23 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/auth.c b/auth.c index aa6d66075..bf2948a84 100644 --- a/auth.c +++ b/auth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth1.c b/auth1.c index 2f8e13e05..6a6cff862 100644 --- a/auth1.c +++ b/auth1.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth1.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved diff --git a/auth2-chall.c b/auth2-chall.c index d54ee2856..09412aa4a 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-chall.c,v 1.27 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 251828496..8d5f38353 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-hostbased.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth2-kbdint.c b/auth2-kbdint.c index 1b902e4cb..796714eec 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-kbdint.c,v 1.4 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth2-none.c b/auth2-none.c index 19cc2b1b7..3fdf09a3a 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-none.c,v 1.10 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth2-passwd.c b/auth2-passwd.c index 41507af1d..a1e77c41c 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-passwd.c,v 1.7 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth2-pubkey.c b/auth2-pubkey.c index a59c37993..8786014f2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2-pubkey.c,v 1.12 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/auth2.c b/auth2.c index 9d3263e55..8f7ec0d6d 100644 --- a/auth2.c +++ b/auth2.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth2.c,v 1.110 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/authfd.c b/authfd.c index fc322b983..935143765 100644 --- a/authfd.c +++ b/authfd.c @@ -1,3 +1,4 @@ +/* $OpenBSD: authfd.c,v 1.72 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/authfile.c b/authfile.c index 55c66d1e3..b95b9470b 100644 --- a/authfile.c +++ b/authfile.c @@ -1,3 +1,4 @@ +/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/bufaux.c b/bufaux.c index 19f6708f0..b7c9f2ecd 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,3 +1,4 @@ +/* $OpenBSD: bufaux.c,v 1.39 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/buffer.c b/buffer.c index 1666f742e..de404e602 100644 --- a/buffer.c +++ b/buffer.c @@ -1,3 +1,4 @@ +/* $OpenBSD: buffer.c,v 1.26 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/canohost.c b/canohost.c index b1c35e99e..35ae9bede 100644 --- a/canohost.c +++ b/canohost.c @@ -1,3 +1,4 @@ +/* $OpenBSD: canohost.c,v 1.53 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/channels.c b/channels.c index 5706833a9..c838b8534 100644 --- a/channels.c +++ b/channels.c @@ -1,3 +1,4 @@ +/* $OpenBSD: channels.c,v 1.244 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/cipher-3des1.c b/cipher-3des1.c index 53b5a2958..c2c0bf811 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cipher-3des1.c,v 1.4 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * diff --git a/cipher-bf1.c b/cipher-bf1.c index e7246650b..b6aa0152a 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cipher-bf1.c,v 1.3 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * diff --git a/cipher-ctr.c b/cipher-ctr.c index 9615f5aa6..be82fd3a9 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cipher-ctr.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl * diff --git a/cipher.c b/cipher.c index 15397db03..c42963897 100644 --- a/cipher.c +++ b/cipher.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cipher.c,v 1.79 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/cleanup.c b/cleanup.c index 7b40ca781..dcf456830 100644 --- a/cleanup.c +++ b/cleanup.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cleanup.c,v 1.3 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl * diff --git a/clientloop.c b/clientloop.c index aa4ebb3aa..c136dae37 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,3 +1,4 @@ +/* $OpenBSD: clientloop.c,v 1.160 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/compat.c b/compat.c index 24d9a7f38..1573ed64e 100644 --- a/compat.c +++ b/compat.c @@ -1,3 +1,4 @@ +/* $OpenBSD: compat.c,v 1.73 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * diff --git a/compress.c b/compress.c index 6f8d6b775..8aba84efa 100644 --- a/compress.c +++ b/compress.c @@ -1,3 +1,4 @@ +/* $OpenBSD: compress.c,v 1.23 2006/03/25 13:17:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/deattack.c b/deattack.c index ff9ca4dd5..2adf185e8 100644 --- a/deattack.c +++ b/deattack.c @@ -1,3 +1,4 @@ +/* $OpenBSD: deattack.c,v 1.26 2006/03/25 13:17:01 djm Exp $ */ /* * Cryptographic attack detector for ssh - source code * diff --git a/dh.c b/dh.c index e8ce3d1a9..4db3b0b2a 100644 --- a/dh.c +++ b/dh.c @@ -1,3 +1,4 @@ +/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * diff --git a/dispatch.c b/dispatch.c index 3f96c726b..eac07b1b3 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,3 +1,4 @@ +/* $OpenBSD: dispatch.c,v 1.18 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/fatal.c b/fatal.c index 78b51cd8b..7f58970fb 100644 --- a/fatal.c +++ b/fatal.c @@ -1,3 +1,4 @@ +/* $OpenBSD: fatal.c,v 1.5 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/groupaccess.c b/groupaccess.c index 2328bf453..83c573def 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,3 +1,4 @@ +/* $OpenBSD: groupaccess.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * diff --git a/hostfile.c b/hostfile.c index c80578440..39ff197a7 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,3 +1,4 @@ +/* $OpenBSD: hostfile.c,v 1.40 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/kex.c b/kex.c index 030df6be0..6a5fd264b 100644 --- a/kex.c +++ b/kex.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kex.c,v 1.71 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * diff --git a/kexdh.c b/kexdh.c index f34214062..2d13127b8 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexdh.c,v 1.22 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/kexdhc.c b/kexdhc.c index 23abeb50d..1f1c5ea4f 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexdhc.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/kexdhs.c b/kexdhs.c index be815e46b..d139f5c7b 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexdhs.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/kexgex.c b/kexgex.c index b306821cc..5ab6745a3 100644 --- a/kexgex.c +++ b/kexgex.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexgex.c,v 1.26 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/kexgexc.c b/kexgexc.c index 50c5a32e5..f871f972e 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexgexc.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/kexgexs.c b/kexgexs.c index e3d0eacc5..0141c6d0f 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kexgexs.c,v 1.4 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/key.c b/key.c index 0d29593b0..8e6ccc2bf 100644 --- a/key.c +++ b/key.c @@ -1,3 +1,4 @@ +/* $OpenBSD: key.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/log.c b/log.c index 58ba8591c..3a404918b 100644 --- a/log.c +++ b/log.c @@ -1,3 +1,4 @@ +/* $OpenBSD: log.c,v 1.31 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/mac.c b/mac.c index f03100ac9..c155dbd3f 100644 --- a/mac.c +++ b/mac.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mac.c,v 1.9 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/match.c b/match.c index e08afdeb0..c0e5bf424 100644 --- a/match.c +++ b/match.c @@ -1,3 +1,4 @@ +/* $OpenBSD: match.c,v 1.24 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/md-sha256.c b/md-sha256.c index 8ea0ac433..33deb780a 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -1,3 +1,4 @@ +/* $OpenBSD: md-sha256.c,v 1.3 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2005 Damien Miller * diff --git a/misc.c b/misc.c index 96d90dec9..daeb86c82 100644 --- a/misc.c +++ b/misc.c @@ -1,3 +1,4 @@ +/* $OpenBSD: misc.c,v 1.51 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005 Damien Miller. All rights reserved. diff --git a/monitor.c b/monitor.c index 7409be32b..d672aeb72 100644 --- a/monitor.c +++ b/monitor.c @@ -1,3 +1,4 @@ +/* $OpenBSD: monitor.c,v 1.76 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl diff --git a/monitor_fdpass.c b/monitor_fdpass.c index dec90d18b..4ce9eae19 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,3 +1,4 @@ +/* $OpenBSD: monitor_fdpass.c,v 1.8 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. diff --git a/monitor_mm.c b/monitor_mm.c index e8de71fea..222751628 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: monitor_mm.c,v 1.11 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. diff --git a/monitor_wrap.c b/monitor_wrap.c index cd340360a..f2fbd99ee 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,3 +1,4 @@ +/* $OpenBSD: monitor_wrap.c,v 1.44 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl diff --git a/msg.c b/msg.c index 662db4cdb..2c0a67269 100644 --- a/msg.c +++ b/msg.c @@ -1,3 +1,4 @@ +/* $OpenBSD: msg.c,v 1.10 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/nchan.c b/nchan.c index ca9a56b59..1f4b39671 100644 --- a/nchan.c +++ b/nchan.c @@ -1,3 +1,4 @@ +/* $OpenBSD: nchan.c,v 1.53 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * diff --git a/packet.c b/packet.c index 40c6b1d2b..71da5454e 100644 --- a/packet.c +++ b/packet.c @@ -1,3 +1,4 @@ +/* $OpenBSD: packet.c,v 1.128 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/progressmeter.c b/progressmeter.c index ff99acf71..d145a724a 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,3 +1,4 @@ +/* $OpenBSD: progressmeter.c,v 1.29 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * diff --git a/readconf.c b/readconf.c index e2e10d9d6..87e41e0c4 100644 --- a/readconf.c +++ b/readconf.c @@ -1,3 +1,4 @@ +/* $OpenBSD: readconf.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/readpass.c b/readpass.c index 4236c43c7..c3d36a028 100644 --- a/readpass.c +++ b/readpass.c @@ -1,3 +1,4 @@ +/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/rsa.c b/rsa.c index 507b73c9c..6ca05b3d2 100644 --- a/rsa.c +++ b/rsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rsa.c,v 1.26 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/scard.c b/scard.c index c0c22aa73..0a6ec816d 100644 --- a/scard.c +++ b/scard.c @@ -1,3 +1,4 @@ +/* $OpenBSD: scard.c,v 1.32 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/scp.c b/scp.c index 3068b8d32..2f89aa49e 100644 --- a/scp.c +++ b/scp.c @@ -1,3 +1,4 @@ +/* $OpenBSD: scp.c,v 1.139 2006/03/25 13:17:02 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). diff --git a/servconf.c b/servconf.c index 1443e832e..43372e20f 100644 --- a/servconf.c +++ b/servconf.c @@ -1,3 +1,4 @@ +/* $OpenBSD: servconf.c,v 1.150 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved diff --git a/serverloop.c b/serverloop.c index 36c40ec59..97ad65b26 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,3 +1,4 @@ +/* $OpenBSD: serverloop.c,v 1.134 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/session.c b/session.c index f0a0bdd2f..8b837d07d 100644 --- a/session.c +++ b/session.c @@ -1,3 +1,4 @@ +/* $OpenBSD: session.c,v 1.202 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved diff --git a/sftp-client.c b/sftp-client.c index 8b4d67b58..5788aa6ad 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sftp-client.c,v 1.63 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * diff --git a/sftp-common.c b/sftp-common.c index 4222f58d6..2e680e9f3 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sftp-common.c,v 1.13 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. diff --git a/sftp-glob.c b/sftp-glob.c index cee44fc4c..3d092d133 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sftp-glob.c,v 1.19 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * diff --git a/sftp-server.c b/sftp-server.c index 52b7323c2..e58aa59c8 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sftp-server.c,v 1.56 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * diff --git a/sftp.c b/sftp.c index 868794a76..f5212ed4f 100644 --- a/sftp.c +++ b/sftp.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sftp.c,v 1.79 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * diff --git a/ssh-add.c b/ssh-add.c index 2944cceeb..ff85af031 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-add.c,v 1.79 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/ssh-agent.c b/ssh-agent.c index 042b18f54..c169d226f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-agent.c,v 1.134 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/ssh-dss.c b/ssh-dss.c index 8250266fa..d16f75e63 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-dss.c,v 1.21 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/ssh-keygen.c b/ssh-keygen.c index e8a1d4b4b..84f13c42f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-keygen.c,v 1.141 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 07b679442..dc47a9576 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-keyscan.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * diff --git a/ssh-keysign.c b/ssh-keysign.c index a96babfa5..1f78c7a05 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-keysign.c,v 1.22 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/ssh-rsa.c b/ssh-rsa.c index 55fb7ba59..4580c0644 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-rsa.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * diff --git a/ssh.c b/ssh.c index f34be679c..00995e5dc 100644 --- a/ssh.c +++ b/ssh.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh.c,v 1.273 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshconnect.c b/sshconnect.c index 8d4928a82..5cf107794 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshconnect.c,v 1.180 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshconnect1.c b/sshconnect1.c index a39441120..9b86c7ce1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshconnect2.c b/sshconnect2.c index c3501c2a5..a826ad0f4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshconnect2.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/sshd.c b/sshd.c index 28e8c1aa3..a206db245 100644 --- a/sshd.c +++ b/sshd.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshd.c,v 1.330 2006/03/25 13:17:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshlogin.c b/sshlogin.c index 95b850acb..72c8252d1 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshlogin.c,v 1.16 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshpty.c b/sshpty.c index 9ac4903ef..a15df0414 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshpty.c,v 1.19 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshtty.c b/sshtty.c index 528177b4b..7cb848d2c 100644 --- a/sshtty.c +++ b/sshtty.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sshtty.c,v 1.10 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/ttymodes.c b/ttymodes.c index 40d536e2c..92fecb415 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ttymodes.c,v 1.23 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/uidswap.c b/uidswap.c index 305895a44..6208be5bd 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,3 +1,4 @@ +/* $OpenBSD: uidswap.c,v 1.26 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/uuencode.c b/uuencode.c index feda6a016..7dde55967 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,3 +1,4 @@ +/* $OpenBSD: uuencode.c,v 1.20 2006/03/25 13:17:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * diff --git a/xmalloc.c b/xmalloc.c index d5d7b6bc5..9bfa9e6f8 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,3 +1,4 @@ +/* $OpenBSD: xmalloc.c,v 1.20 2006/03/25 13:17:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 48c4ed2b78a831b068529eefd8a002c431a76232 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:25:05 +1100 Subject: oops, rewrap --- ChangeLog | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 98b6cc356..2a12ec18d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -132,7 +132,22 @@ [sftp.c] "abormally" is a perfectly cromulent word, but "abnormally" is better - djm@cvs.openbsd.org 2006/03/25 13:17:03 - [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c uuencode.c xmalloc.c] + [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] + [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] + [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] + [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] + [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] + [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] + [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] + [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] + [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] + [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] + [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] + [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] + [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] + [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] + [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files @@ -4392,4 +4407,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4276 2006/03/26 03:24:48 djm Exp $ +$Id: ChangeLog,v 1.4277 2006/03/26 03:25:05 djm Exp $ -- cgit v1.2.3 From 8ba29fe72d68c6044b0383bc56931f05f8f35b68 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:25:19 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 [auth-rsa.c authfd.c packet.c] needed casts (always will be needed) --- ChangeLog | 5 ++++- auth-rsa.c | 4 ++-- authfd.c | 4 ++-- packet.c | 4 ++-- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a12ec18d..1866546e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -150,6 +150,9 @@ [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files + - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 + [auth-rsa.c authfd.c packet.c] + needed casts (always will be needed) 20060325 - OpenBSD CVS Sync @@ -4407,4 +4410,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4277 2006/03/26 03:25:05 djm Exp $ +$Id: ChangeLog,v 1.4278 2006/03/26 03:25:19 djm Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index a906eb2d6..c331c267d 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.67 2006/03/25 18:29:35 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -140,7 +140,7 @@ auth_rsa_challenge_dialog(Key *key) /* Wait for a response. */ packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE); for (i = 0; i < 16; i++) - response[i] = packet_get_char(); + response[i] = (u_char)packet_get_char(); packet_check_eom(); success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); diff --git a/authfd.c b/authfd.c index 935143765..2654892d0 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.72 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.73 2006/03/25 18:29:35 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -396,7 +396,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, * fatal error if the packet is corrupt. */ for (i = 0; i < 16; i++) - response[i] = buffer_get_char(&buffer); + response[i] = (u_char)buffer_get_char(&buffer); } buffer_free(&buffer); return success; diff --git a/packet.c b/packet.c index 71da5454e..fceeef666 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.128 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.129 2006/03/25 18:29:35 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1549,7 +1549,7 @@ packet_send_ignore(int nbytes) for (i = 0; i < nbytes; i++) { if (i % 4 == 0) rnd = arc4random(); - packet_put_char(rnd & 0xff); + packet_put_char((u_char)rnd & 0xff); rnd >>= 8; } } -- cgit v1.2.3 From 90fdfaf69c9c62476689ccd2dbafe1cce56ee1bd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:25:37 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 [clientloop.c serverloop.c] spacing --- ChangeLog | 5 ++++- clientloop.c | 10 +++++----- serverloop.c | 6 +++--- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1866546e2..8c859c205 100644 --- a/ChangeLog +++ b/ChangeLog @@ -153,6 +153,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 [auth-rsa.c authfd.c packet.c] needed casts (always will be needed) + - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 + [clientloop.c serverloop.c] + spacing 20060325 - OpenBSD CVS Sync @@ -4410,4 +4413,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4278 2006/03/26 03:25:19 djm Exp $ +$Id: ChangeLog,v 1.4279 2006/03/26 03:25:37 djm Exp $ diff --git a/clientloop.c b/clientloop.c index c136dae37..7745c4dd8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.160 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.161 2006/03/25 18:30:55 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -582,7 +582,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) } static void -client_process_net_input(fd_set * readset) +client_process_net_input(fd_set *readset) { int len; char buf[8192]; @@ -690,7 +690,7 @@ client_extra_session2_setup(int id, void *arg) } static void -client_process_control(fd_set * readset) +client_process_control(fd_set *readset) { Buffer m; Channel *c; @@ -1184,7 +1184,7 @@ Supported escape sequences:\r\n\ } static void -client_process_input(fd_set * readset) +client_process_input(fd_set *readset) { int len; char buf[8192]; @@ -1237,7 +1237,7 @@ client_process_input(fd_set * readset) } static void -client_process_output(fd_set * writeset) +client_process_output(fd_set *writeset) { int len; char buf[100]; diff --git a/serverloop.c b/serverloop.c index 97ad65b26..021ba68c0 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.134 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.135 2006/03/25 18:30:55 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -355,7 +355,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * in buffers and processed later. */ static void -process_input(fd_set * readset) +process_input(fd_set *readset) { int len; char buf[16384]; @@ -414,7 +414,7 @@ process_input(fd_set * readset) * Sends data from internal buffers to client program stdin. */ static void -process_output(fd_set * writeset) +process_output(fd_set *writeset) { struct termios tio; u_char *data; -- cgit v1.2.3 From a1690d08b4ce6a1a40786048a6299c2b2d60507f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:27:35 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 [sshlogin.c sshlogin.h] nicer size_t and time_t types --- ChangeLog | 5 ++++- sshlogin.c | 8 ++++---- sshlogin.h | 7 +++---- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8c859c205..5efa17b7c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -156,6 +156,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 [clientloop.c serverloop.c] spacing + - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 + [sshlogin.c sshlogin.h] + nicer size_t and time_t types 20060325 - OpenBSD CVS Sync @@ -4413,4 +4416,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4279 2006/03/26 03:25:37 djm Exp $ +$Id: ChangeLog,v 1.4280 2006/03/26 03:27:35 djm Exp $ diff --git a/sshlogin.c b/sshlogin.c index 72c8252d1..4f65b5e91 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.16 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.17 2006/03/25 18:36:15 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,15 +54,15 @@ extern ServerOptions options; * information is not available. This must be called before record_login. * The host the user logged in from will be returned in buf. */ -u_long +time_t get_last_login_time(uid_t uid, const char *logname, - char *buf, u_int bufsize) + char *buf, size_t bufsize) { struct logininfo li; login_get_lastlog(&li, uid); strlcpy(buf, li.hostname, bufsize); - return li.tv_sec; + return (time_t)li.tv_sec; } /* diff --git a/sshlogin.h b/sshlogin.h index 1c8bfad32..a3d0dd492 100644 --- a/sshlogin.h +++ b/sshlogin.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $ */ +/* $OpenBSD: sshlogin.h,v 1.5 2006/03/25 18:36:15 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -14,11 +14,10 @@ #ifndef SSHLOGIN_H #define SSHLOGIN_H -void -record_login(pid_t, const char *, const char *, uid_t, +void record_login(pid_t, const char *, const char *, uid_t, const char *, struct sockaddr *, socklen_t); void record_logout(pid_t, const char *, const char *); -u_long get_last_login_time(uid_t, const char *, char *, u_int); +time_t get_last_login_time(uid_t, const char *, char *, u_int); #ifdef LOGIN_NEEDS_UTMPX void record_utmp_only(pid_t, const char *, const char *, const char *, -- cgit v1.2.3 From 5f340065fc047741448e814c7c30018e8012293b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:27:57 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 [ssh-keygen.c] cast strtonum() result to right type --- ChangeLog | 5 ++++- ssh-keygen.c | 11 ++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5efa17b7c..b1f0fa654 100644 --- a/ChangeLog +++ b/ChangeLog @@ -159,6 +159,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 [sshlogin.c sshlogin.h] nicer size_t and time_t types + - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 + [ssh-keygen.c] + cast strtonum() result to right type 20060325 - OpenBSD CVS Sync @@ -4416,4 +4419,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4280 2006/03/26 03:27:35 djm Exp $ +$Id: ChangeLog,v 1.4281 2006/03/26 03:27:57 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 84f13c42f..25c2cfd84 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.141 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.142 2006/03/25 18:40:14 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1075,7 +1075,7 @@ main(int ac, char **av) "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = strtonum(optarg, 768, 32768, &errstr); + bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -1162,19 +1162,20 @@ main(int ac, char **av) rr_hostname = optarg; break; case 'W': - generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); + generator_wanted = (u_int32_t)strtonum(optarg, 1, + UINT_MAX, &errstr); if (errstr) fatal("Desired generator has bad value: %s (%s)", optarg, errstr); break; case 'a': - trials = strtonum(optarg, 1, UINT_MAX, &errstr); + trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); if (errstr) fatal("Invalid number of trials: %s (%s)", optarg, errstr); break; case 'M': - memory = strtonum(optarg, 1, UINT_MAX, &errstr); + memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); if (errstr) { fatal("Memory limit is %s: %s", errstr, optarg); } -- cgit v1.2.3 From 1c13bd8d799ced6e2e8234a1d2409c30e7d67815 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:28:14 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 [ssh-agent.c] mark two more signal handlers ARGSUSED --- ChangeLog | 5 ++++- ssh-agent.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b1f0fa654..6ca0156c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -162,6 +162,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 [ssh-keygen.c] cast strtonum() result to right type + - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 + [ssh-agent.c] + mark two more signal handlers ARGSUSED 20060325 - OpenBSD CVS Sync @@ -4419,4 +4422,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4281 2006/03/26 03:27:57 djm Exp $ +$Id: ChangeLog,v 1.4282 2006/03/26 03:28:14 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index c169d226f..eb99effd0 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.134 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.135 2006/03/25 18:41:45 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -962,6 +962,7 @@ cleanup_exit(int i) _exit(i); } +/*ARGSUSED*/ static void cleanup_handler(int sig) { @@ -969,6 +970,7 @@ cleanup_handler(int sig) _exit(2); } +/*ARGSUSED*/ static void check_parent_exists(int sig) { -- cgit v1.2.3 From 08d61505d7229aaa5484439b2f2e98add3052afe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:28:32 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 [channels.c] use strtonum() instead of atoi() [limit X screens to 400, sorry] --- ChangeLog | 5 ++++- channels.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6ca0156c7..da5a1ded5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -165,6 +165,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 [ssh-agent.c] mark two more signal handlers ARGSUSED + - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 + [channels.c] + use strtonum() instead of atoi() [limit X screens to 400, sorry] 20060325 - OpenBSD CVS Sync @@ -4422,4 +4425,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4282 2006/03/26 03:28:14 djm Exp $ +$Id: ChangeLog,v 1.4283 2006/03/26 03:28:32 djm Exp $ diff --git a/channels.c b/channels.c index c838b8534..70ffd7b33 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.244 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.245 2006/03/25 18:43:30 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -3079,7 +3079,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, if (cp) cp = strchr(cp, '.'); if (cp) - screen_number = atoi(cp + 1); + screen_number = (u_int)strtonum(cp + 1, 0, 400, NULL); else screen_number = 0; -- cgit v1.2.3 From a0fdce9a47dfa572fde97e1a2ee9b33efb9fd549 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:28:50 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 [bufaux.c channels.c packet.c] remove (char *) casts to a function that accepts void * for the arg --- ChangeLog | 5 ++++- bufaux.c | 4 ++-- channels.c | 10 +++++----- packet.c | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index da5a1ded5..407649967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -168,6 +168,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 [channels.c] use strtonum() instead of atoi() [limit X screens to 400, sorry] + - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 + [bufaux.c channels.c packet.c] + remove (char *) casts to a function that accepts void * for the arg 20060325 - OpenBSD CVS Sync @@ -4425,4 +4428,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4283 2006/03/26 03:28:32 djm Exp $ +$Id: ChangeLog,v 1.4284 2006/03/26 03:28:50 djm Exp $ diff --git a/bufaux.c b/bufaux.c index b7c9f2ecd..21a2badf1 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.39 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.40 2006/03/25 18:56:54 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -71,7 +71,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) PUT_16BIT(msg, bits); buffer_append(buffer, msg, 2); /* Store the binary data. */ - buffer_append(buffer, (char *)buf, oi); + buffer_append(buffer, buf, oi); memset(buf, 0, bin_size); xfree(buf); diff --git a/channels.c b/channels.c index 70ffd7b33..57634a21d 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.245 2006/03/25 18:43:30 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.246 2006/03/25 18:56:54 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -988,7 +988,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) s4_rsp.command = 90; /* cd: req granted */ s4_rsp.dest_port = 0; /* ignored */ s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */ - buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp)); + buffer_append(&c->output, &s4_rsp, sizeof(s4_rsp)); return 1; } @@ -1097,9 +1097,9 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY; dest_port = 0; /* ignored */ - buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp)); - buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr)); - buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port)); + buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); + buffer_append(&c->output, &dest_addr, sizeof(struct in_addr)); + buffer_append(&c->output, &dest_port, sizeof(dest_port)); return 1; } diff --git a/packet.c b/packet.c index fceeef666..5eb2c1c9e 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.129 2006/03/25 18:29:35 deraadt Exp $ */ +/* $OpenBSD: packet.c,v 1.130 2006/03/25 18:56:55 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -788,7 +788,7 @@ packet_send2_wrapped(void) buffer_len(&outgoing_packet)); /* append unencrypted MAC */ if (mac && mac->enabled) - buffer_append(&output, (char *)macbuf, mac->mac_len); + buffer_append(&output, macbuf, mac->mac_len); #ifdef PACKET_DEBUG fprintf(stderr, "encrypted: "); buffer_dump(&output); -- cgit v1.2.3 From e3b21a5f59105174ba923beea8132fc20335130a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:29:06 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 [channels.c] delete cast not required --- ChangeLog | 5 ++++- channels.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 407649967..00ce8ee55 100644 --- a/ChangeLog +++ b/ChangeLog @@ -171,6 +171,9 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 [bufaux.c channels.c packet.c] remove (char *) casts to a function that accepts void * for the arg + - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 + [channels.c] + delete cast not required 20060325 - OpenBSD CVS Sync @@ -4428,4 +4431,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4284 2006/03/26 03:28:50 djm Exp $ +$Id: ChangeLog,v 1.4285 2006/03/26 03:29:06 djm Exp $ diff --git a/channels.c b/channels.c index 57634a21d..87e681319 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.246 2006/03/25 18:56:54 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.247 2006/03/25 18:58:10 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1049,7 +1049,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) debug2("channel %d: socks5 post auth", c->self); if (have < sizeof(s5_req)+1) return 0; /* need more */ - memcpy((char *)&s5_req, p, sizeof(s5_req)); + memcpy(&s5_req, p, sizeof(s5_req)); if (s5_req.version != 0x05 || s5_req.command != SSH_SOCKS5_CONNECT || s5_req.reserved != 0x00) { -- cgit v1.2.3 From 51096383e9bff34c80c9bab424e207767792e782 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:30:00 +1100 Subject: - djm@cvs.openbsd.org 2006/03/25 22:22:43 [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@ --- ChangeLog | 14 +++++++++++++- atomicio.h | 2 +- auth-options.h | 2 +- auth.h | 2 +- auth2-gss.c | 2 +- authfd.h | 2 +- authfile.h | 2 +- bufaux.h | 2 +- buffer.h | 2 +- canohost.h | 2 +- channels.h | 2 +- cipher.h | 2 +- clientloop.h | 2 +- compat.h | 2 +- compress.h | 2 +- crc32.c | 2 +- crc32.h | 2 +- deattack.h | 2 +- dh.h | 2 +- dispatch.h | 2 +- dns.c | 2 +- dns.h | 2 +- getput.h | 2 +- groupaccess.h | 2 +- gss-genr.c | 2 +- gss-serv-krb5.c | 2 +- gss-serv.c | 2 +- hostfile.h | 2 +- includes.h | 2 +- kex.h | 2 +- key.h | 2 +- log.h | 2 +- mac.h | 2 +- match.h | 2 +- misc.h | 2 +- monitor.h | 2 +- monitor_fdpass.h | 2 +- monitor_mm.h | 2 +- monitor_wrap.h | 2 +- msg.h | 2 +- myproposal.h | 2 +- packet.h | 2 +- pathnames.h | 2 +- progressmeter.h | 2 +- readconf.h | 2 +- rsa.h | 2 +- scard.h | 2 +- servconf.h | 2 +- serverloop.h | 2 +- session.h | 2 +- sftp-common.h | 2 +- sftp.h | 2 +- ssh-gss.h | 2 +- ssh.h | 2 +- ssh1.h | 2 +- ssh2.h | 2 +- sshconnect.h | 2 +- sshlogin.h | 2 +- sshpty.h | 2 +- ttymodes.h | 2 +- uidswap.h | 2 +- uuencode.h | 2 +- xmalloc.h | 2 +- 63 files changed, 75 insertions(+), 63 deletions(-) diff --git a/ChangeLog b/ChangeLog index 00ce8ee55..6ebc160b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -174,6 +174,18 @@ - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 [channels.c] delete cast not required + - djm@cvs.openbsd.org 2006/03/25 22:22:43 + [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] + [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] + [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] + [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] + [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] + [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] + [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] + [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] + [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] + [ttymodes.h uidswap.h uuencode.h xmalloc.h] + standardise spacing in $OpenBSD$ tags; requested by deraadt@ 20060325 - OpenBSD CVS Sync @@ -4431,4 +4443,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4285 2006/03/26 03:29:06 djm Exp $ +$Id: ChangeLog,v 1.4286 2006/03/26 03:30:00 djm Exp $ diff --git a/atomicio.h b/atomicio.h index 7eccf206b..ddb63ee85 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */ +/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */ /* * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. diff --git a/auth-options.h b/auth-options.h index 3cd02a71f..d34b5f190 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: auth-options.h,v 1.14 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/auth.h b/auth.h index 8b814ba6a..c69de34e5 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.51 2005/06/06 11:20:36 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.52 2006/03/25 22:22:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/auth2-gss.c b/auth2-gss.c index bbb6db964..03210673b 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.13 2006/03/20 04:07:22 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.14 2006/03/25 22:22:42 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/authfd.h b/authfd.h index 0a6a4e3ec..8ad8f2e71 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.35 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/authfile.h b/authfile.h index a16caa7a8..967f582d4 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.11 2006/03/13 10:26:52 dtucker Exp $ */ +/* $OpenBSD: authfile.h,v 1.12 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/bufaux.h b/bufaux.h index f5efaed3e..8a5359855 100644 --- a/bufaux.h +++ b/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */ +/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/buffer.h b/buffer.h index 2b20eed52..abdaea349 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */ +/* $OpenBSD: buffer.h,v 1.14 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/canohost.h b/canohost.h index df1f125e5..e33e8941b 100644 --- a/canohost.h +++ b/canohost.h @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.h,v 1.8 2001/06/26 17:27:23 markus Exp $ */ +/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/channels.h b/channels.h index a97dd9007..ee1d260fd 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.83 2005/12/30 15:56:37 reyk Exp $ */ +/* $OpenBSD: channels.h,v 1.84 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/cipher.h b/cipher.h index 6bb5719b0..49bbc1682 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.35 2004/07/28 09:40:29 markus Exp $ */ +/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/clientloop.h b/clientloop.h index 64cd956d2..beec62f70 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.15 2006/02/07 01:42:00 stevesk Exp $ */ +/* $OpenBSD: clientloop.h,v 1.16 2006/03/25 22:22:42 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/compat.h b/compat.h index cf92dbdee..83d469d53 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. diff --git a/compress.h b/compress.h index e364f4bdc..418d6fd2c 100644 --- a/compress.h +++ b/compress.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compress.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/crc32.c b/crc32.c index ac627b57a..2da6360bd 100644 --- a/crc32.c +++ b/crc32.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */ +/* $OpenBSD: crc32.c,v 1.10 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. diff --git a/crc32.h b/crc32.h index a2fb58493..5d7131aff 100644 --- a/crc32.h +++ b/crc32.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */ +/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. diff --git a/deattack.h b/deattack.h index 7bb6100d0..627598104 100644 --- a/deattack.h +++ b/deattack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.h,v 1.8 2006/03/22 21:27:15 djm Exp $ */ +/* $OpenBSD: deattack.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ /* * Cryptographic attack detector for ssh - Header file diff --git a/dh.h b/dh.h index 723dd08e4..8e580ee87 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. diff --git a/dispatch.h b/dispatch.h index a82e2165b..b33288f66 100644 --- a/dispatch.h +++ b/dispatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.h,v 1.9 2002/01/11 13:39:36 markus Exp $ */ +/* $OpenBSD: dispatch.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/dns.c b/dns.c index 83d4d895a..69084b57d 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.18 2006/03/20 18:41:43 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.19 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. diff --git a/dns.h b/dns.h index 0aa1c28f2..305ca07fb 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */ +/* $OpenBSD: dns.h,v 1.7 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. diff --git a/getput.h b/getput.h index 20cf8f20b..e37c3b6aa 100644 --- a/getput.h +++ b/getput.h @@ -1,4 +1,4 @@ -/* $OpenBSD: getput.h,v 1.8 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: getput.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/groupaccess.h b/groupaccess.h index ede4805c2..2bde125c2 100644 --- a/groupaccess.h +++ b/groupaccess.h @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.h,v 1.4 2001/06/26 17:27:23 markus Exp $ */ +/* $OpenBSD: groupaccess.h,v 1.5 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. diff --git a/gss-genr.c b/gss-genr.c index 9cedfcdc3..4c10f1aab 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.8 2006/03/25 00:05:41 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.9 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 5a9b2cdd3..9b1792a62 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.5 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/gss-serv.c b/gss-serv.c index c1e17cdc5..53ec634e8 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.15 2006/03/20 04:08:18 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.16 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/hostfile.h b/hostfile.h index d6330752e..d1983b3e0 100644 --- a/hostfile.h +++ b/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */ +/* $OpenBSD: hostfile.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/includes.h b/includes.h index 363be3ac5..00076f639 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.38 2006/03/19 18:51:18 deraadt Exp $ */ +/* $OpenBSD: includes.h,v 1.39 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/kex.h b/kex.h index 25dabbaaa..597b54810 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.40 2006/03/19 18:53:12 deraadt Exp $ */ +/* $OpenBSD: kex.h,v 1.41 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. diff --git a/key.h b/key.h index 50df8500b..ee78d48d5 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: key.h,v 1.24 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. diff --git a/log.h b/log.h index 2b3c3090f..21437cff6 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.11 2004/06/21 22:02:58 djm Exp $ */ +/* $OpenBSD: log.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/mac.h b/mac.h index 43b485dd9..960cc5c50 100644 --- a/mac.h +++ b/mac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */ +/* $OpenBSD: mac.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/match.h b/match.h index a0764e001..d1d538654 100644 --- a/match.h +++ b/match.h @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */ +/* $OpenBSD: match.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/misc.h b/misc.h index 0a1a09a68..f20cb60bc 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.30 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/monitor.h b/monitor.h index 13ce3e1ca..464009ad8 100644 --- a/monitor.h +++ b/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.13 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: monitor.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/monitor_fdpass.h b/monitor_fdpass.h index 31d080e21..12c67ec2d 100644 --- a/monitor_fdpass.h +++ b/monitor_fdpass.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/monitor_mm.h b/monitor_mm.h index a1323b9a8..3499c7521 100644 --- a/monitor_mm.h +++ b/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/monitor_wrap.h b/monitor_wrap.h index 8ecfdc0e3..c06e30606 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.15 2006/03/20 18:14:02 deraadt Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/msg.h b/msg.h index 0d3ea0658..b0cb9b52b 100644 --- a/msg.h +++ b/msg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $ */ +/* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/myproposal.h b/myproposal.h index f564b0d96..e246e0dd9 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.20 2006/03/19 18:53:12 deraadt Exp $ */ +/* $OpenBSD: myproposal.h,v 1.21 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/packet.h b/packet.h index 04123046a..21ff45067 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.44 2006/02/07 01:42:00 stevesk Exp $ */ +/* $OpenBSD: packet.h,v 1.45 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/pathnames.h b/pathnames.h index cf42625a4..f2571e274 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.15 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: pathnames.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/progressmeter.h b/progressmeter.h index bfb9a0b77..10bab99ba 100644 --- a/progressmeter.h +++ b/progressmeter.h @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */ +/* $OpenBSD: progressmeter.h,v 1.2 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2002 Nils Nordman. All rights reserved. * diff --git a/readconf.h b/readconf.h index 4565b2c2c..7fc2ea47c 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.68 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: readconf.h,v 1.69 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/rsa.h b/rsa.h index 957d86552..b841ea4e1 100644 --- a/rsa.h +++ b/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.15 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: rsa.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/scard.h b/scard.h index 9ba20a361..146182261 100644 --- a/scard.h +++ b/scard.h @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.h,v 1.12 2003/06/12 19:12:03 markus Exp $ */ +/* $OpenBSD: scard.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/servconf.h b/servconf.h index ab82c8f57..73604a98e 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.72 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: servconf.h,v 1.73 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/serverloop.h b/serverloop.h index f419198d1..7311558f9 100644 --- a/serverloop.h +++ b/serverloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.h,v 1.5 2001/06/27 02:12:53 markus Exp $ */ +/* $OpenBSD: serverloop.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/session.h b/session.h index 2b8175c41..bdac05934 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.26 2006/03/20 18:26:55 deraadt Exp $ */ +/* $OpenBSD: session.h,v 1.27 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. diff --git a/sftp-common.h b/sftp-common.h index 72be6e61c..88c76c17e 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.7 2006/02/20 17:19:54 stevesk Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.8 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/sftp.h b/sftp.h index 675c6086e..610c0b758 100644 --- a/sftp.h +++ b/sftp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.h,v 1.4 2002/02/13 00:59:23 djm Exp $ */ +/* $OpenBSD: sftp.h,v 1.5 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/ssh-gss.h b/ssh-gss.h index 52fb49a6f..d3fd79bf2 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.5 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * diff --git a/ssh.h b/ssh.h index 07592415b..ed5fb9aaa 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $ */ +/* $OpenBSD: ssh.h,v 1.77 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/ssh1.h b/ssh1.h index 1741c229a..353d93041 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */ +/* $OpenBSD: ssh1.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/ssh2.h b/ssh2.h index fb491c918..cf56bc4ee 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.9 2003/05/14 00:52:59 markus Exp $ */ +/* $OpenBSD: ssh2.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/sshconnect.h b/sshconnect.h index e7c7a2b34..3786ba56e 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.18 2005/12/06 22:38:28 reyk Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/sshlogin.h b/sshlogin.h index a3d0dd492..f840461cf 100644 --- a/sshlogin.h +++ b/sshlogin.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.h,v 1.5 2006/03/25 18:36:15 deraadt Exp $ */ +/* $OpenBSD: sshlogin.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/sshpty.h b/sshpty.h index 9a39e4a13..f61a5e71e 100644 --- a/sshpty.h +++ b/sshpty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.h,v 1.7 2006/03/20 18:14:02 deraadt Exp $ */ +/* $OpenBSD: sshpty.h,v 1.8 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/ttymodes.h b/ttymodes.h index 481282cd7..4d848fe3a 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: ttymodes.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/uidswap.h b/uidswap.h index 0726980d0..967ea9c4d 100644 --- a/uidswap.h +++ b/uidswap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.h,v 1.9 2001/06/26 17:27:25 markus Exp $ */ +/* $OpenBSD: uidswap.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/uuencode.h b/uuencode.h index 08e87c4bc..bb98bf8d6 100644 --- a/uuencode.h +++ b/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: uuencode.h,v 1.11 2006/03/25 22:22:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/xmalloc.h b/xmalloc.h index ef29787bd..27f25d584 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.11 2006/03/25 01:13:23 djm Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ /* * Author: Tatu Ylonen -- cgit v1.2.3 From b3cdc220c402b790c7003816d7e1eafb31e107c1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Mar 2006 14:30:33 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 [uuencode.c] typo --- ChangeLog | 5 ++++- uuencode.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6ebc160b2..93c321c95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -186,6 +186,9 @@ [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@ + - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 + [uuencode.c] + typo 20060325 - OpenBSD CVS Sync @@ -4443,4 +4446,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4286 2006/03/26 03:30:00 djm Exp $ +$Id: ChangeLog,v 1.4287 2006/03/26 03:30:33 djm Exp $ diff --git a/uuencode.c b/uuencode.c index 7dde55967..398aeefe1 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.20 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: uuencode.c,v 1.21 2006/03/26 01:31:48 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -58,7 +58,7 @@ uudecode(const char *src, u_char *target, size_t targsize) void dump_base64(FILE *fp, u_char *data, u_int len) { - char *buf;; + char *buf; int i, n; if (len > 65536) { -- cgit v1.2.3 From da380becc6d9cc00c7e4c892354d93cd1fc12431 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:09:17 +1100 Subject: - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 [xmalloc.c] we can do the size & nmemb check before the integer overflow check; evol --- ChangeLog | 9 ++++++++- xmalloc.c | 10 +++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 93c321c95..7bbc6ce82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060331 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 + [xmalloc.c] + we can do the size & nmemb check before the integer overflow check; + evol + 20060326 - OpenBSD CVS Sync - jakob@cvs.openbsd.org 2006/03/15 08:46:44 @@ -4446,4 +4453,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4287 2006/03/26 03:30:33 djm Exp $ +$Id: ChangeLog,v 1.4288 2006/03/31 12:09:17 djm Exp $ diff --git a/xmalloc.c b/xmalloc.c index 9bfa9e6f8..110d8cb7f 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.20 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.21 2006/03/27 01:21:18 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,10 +36,10 @@ xcalloc(size_t nmemb, size_t size) { void *ptr; - if (nmemb && size && SIZE_T_MAX / nmemb < size) - fatal("xcalloc: nmemb * size > SIZE_T_MAX"); if (size == 0 || nmemb == 0) fatal("xcalloc: zero size"); + if (SIZE_T_MAX / nmemb < size) + fatal("xcalloc: nmemb * size > SIZE_T_MAX"); ptr = calloc(nmemb, size); if (ptr == NULL) fatal("xcalloc: out of memory (allocating %lu bytes)", @@ -53,10 +53,10 @@ xrealloc(void *ptr, size_t nmemb, size_t size) void *new_ptr; size_t new_size = nmemb * size; - if (nmemb && size && SIZE_T_MAX / nmemb < size) - fatal("xrealloc: nmemb * size > SIZE_T_MAX"); if (new_size == 0) fatal("xrealloc: zero size"); + if (SIZE_T_MAX / nmemb < size) + fatal("xrealloc: nmemb * size > SIZE_T_MAX"); if (ptr == NULL) new_ptr = malloc(new_size); else -- cgit v1.2.3 From 5a73c1a34d7ed75295da703c835464746474d297 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:09:41 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 [dh.c] use strtonum() instead of atoi(), limit dhg size to 64k; ok djm --- ChangeLog | 5 ++++- dh.c | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7bbc6ce82..6cfa9b84f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [xmalloc.c] we can do the size & nmemb check before the integer overflow check; evol + - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 + [dh.c] + use strtonum() instead of atoi(), limit dhg size to 64k; ok djm 20060326 - OpenBSD CVS Sync @@ -4453,4 +4456,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4288 2006/03/31 12:09:17 djm Exp $ +$Id: ChangeLog,v 1.4289 2006/03/31 12:09:41 djm Exp $ diff --git a/dh.c b/dh.c index 4db3b0b2a..b32a7efb5 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -44,6 +44,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) { char *cp, *arg; char *strsize, *gen, *prime; + const char *errstr = NULL; cp = line; if ((arg = strdelim(&cp)) == NULL) @@ -68,7 +69,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) goto fail; strsize = strsep(&cp, " "); /* size */ if (cp == NULL || *strsize == '\0' || - (dhg->size = atoi(strsize)) == 0) + (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || + errstr) goto fail; /* The whole group is one bit larger */ dhg->size++; -- cgit v1.2.3 From 2b5a0de9034a0f5943be129039dc56caee23fd94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:10:31 +1100 Subject: - djm@cvs.openbsd.org 2006/03/27 23:15:46 [sftp.c] always use a format string for addargs; spotted by mouring@ --- ChangeLog | 5 ++++- sftp.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6cfa9b84f..e3894ffc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 [dh.c] use strtonum() instead of atoi(), limit dhg size to 64k; ok djm + - djm@cvs.openbsd.org 2006/03/27 23:15:46 + [sftp.c] + always use a format string for addargs; spotted by mouring@ 20060326 - OpenBSD CVS Sync @@ -4456,4 +4459,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4289 2006/03/31 12:09:41 djm Exp $ +$Id: ChangeLog,v 1.4290 2006/03/31 12:10:31 djm Exp $ diff --git a/sftp.c b/sftp.c index f5212ed4f..31b71db2b 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.79 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.80 2006/03/27 23:15:46 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1468,7 +1468,7 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, ssh_program); + addargs(&args, "%s", ssh_program); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); -- cgit v1.2.3 From ddd63ab1d0acaa41a41d0afe9f79adc38ecbd7a7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:10:51 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 [README.tun ssh.c] spacing --- ChangeLog | 5 ++++- README.tun | 8 ++++---- ssh.c | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index e3894ffc5..b477b0e51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - djm@cvs.openbsd.org 2006/03/27 23:15:46 [sftp.c] always use a format string for addargs; spotted by mouring@ + - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 + [README.tun ssh.c] + spacing 20060326 - OpenBSD CVS Sync @@ -4459,4 +4462,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4290 2006/03/31 12:10:31 djm Exp $ +$Id: ChangeLog,v 1.4291 2006/03/31 12:10:51 djm Exp $ diff --git a/README.tun b/README.tun index d814f396d..5e1cb074c 100644 --- a/README.tun +++ b/README.tun @@ -87,12 +87,12 @@ combination with layer 2 tunneling and Ethernet bridging. | Client |------( Internet )-----| access.somewhere.net | +--------+ ( ) +----------------------+ : 192.168.1.78 | - :............................. +-------+ + :............................. +-------+ Forwarded ssh connection : | dmzgw | Layer 2 tunnel : +-------+ : | : | - : +------------+ + : +------------+ :......| sshgateway | | +------------+ --- real connection Bridge -> | +----------+ @@ -104,7 +104,7 @@ combination with layer 2 tunneling and Ethernet bridging. Finally connect to the OpenSSH server to establish the tunnel by using the following command: - + ssh sshgateway It is also possible to tell the client to fork into the background after @@ -129,4 +129,4 @@ interconnect corporate networks. Reyk Floeter -$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $ +$OpenBSD: README.tun,v 1.4 2006/03/28 00:12:31 deraadt Exp $ diff --git a/ssh.c b/ssh.c index 00995e5dc..7e0a8ba4b 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.273 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.274 2006/03/28 00:12:31 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -688,7 +688,7 @@ main(int ac, char **av) if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xcalloc(sensitive_data.nkeys, + sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); PRIV_START; -- cgit v1.2.3 From 57c4e875f88ee7e6eac35e522be51618020cdaa7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:11:07 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 [channels.c] do not accept unreasonable X ports numbers; ok djm --- ChangeLog | 5 ++++- channels.c | 16 ++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index b477b0e51..473347ad2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 [README.tun ssh.c] spacing + - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 + [channels.c] + do not accept unreasonable X ports numbers; ok djm 20060326 - OpenBSD CVS Sync @@ -4462,4 +4465,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4291 2006/03/31 12:10:51 djm Exp $ +$Id: ChangeLog,v 1.4292 2006/03/31 12:11:07 djm Exp $ diff --git a/channels.c b/channels.c index 87e681319..248addedf 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.247 2006/03/25 18:58:10 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.248 2006/03/28 01:52:28 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2886,12 +2886,12 @@ connect_local_xsocket(u_int dnr) int x11_connect_display(void) { - int display_number, sock = 0; + u_int display_number; const char *display; char buf[1024], *cp; struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; - int gaierr; + int gaierr, sock = 0; /* Try to open a socket for the local X server. */ display = getenv("DISPLAY"); @@ -2911,7 +2911,7 @@ x11_connect_display(void) if (strncmp(display, "unix:", 5) == 0 || display[0] == ':') { /* Connect to the unix domain socket. */ - if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) { + if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) { error("Could not parse display number from DISPLAY: %.100s", display); return -1; @@ -2936,7 +2936,7 @@ x11_connect_display(void) } *cp = 0; /* buf now contains the host name. But first we parse the display number. */ - if (sscanf(cp + 1, "%d", &display_number) != 1) { + if (sscanf(cp + 1, "%u", &display_number) != 1) { error("Could not parse display number from DISPLAY: %.100s", display); return -1; @@ -2946,7 +2946,7 @@ x11_connect_display(void) memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", 6000 + display_number); + snprintf(strport, sizeof strport, "%u", 6000 + display_number); if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) { error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); return -1; @@ -2960,7 +2960,7 @@ x11_connect_display(void) } /* Connect it to the display. */ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - debug2("connect %.100s port %d: %.100s", buf, + debug2("connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno)); close(sock); continue; @@ -2970,7 +2970,7 @@ x11_connect_display(void) } freeaddrinfo(aitop); if (!ai) { - error("connect %.100s port %d: %.100s", buf, 6000 + display_number, + error("connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno)); return -1; } -- cgit v1.2.3 From 89c3fe4a9e937338a235976a11c5411d33309460 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:11:28 +1100 Subject: - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 [ssh-agent.c] use strtonum() to parse the pid from the file, and range check it better; ok djm --- ChangeLog | 6 +++++- ssh-agent.c | 16 ++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 473347ad2..a4ca1e9e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 [channels.c] do not accept unreasonable X ports numbers; ok djm + - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 + [ssh-agent.c] + use strtonum() to parse the pid from the file, and range check it + better; ok djm 20060326 - OpenBSD CVS Sync @@ -4465,4 +4469,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4292 2006/03/31 12:11:07 djm Exp $ +$Id: ChangeLog,v 1.4293 2006/03/31 12:11:28 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index eb99effd0..162760ac2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.135 2006/03/25 18:41:45 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.136 2006/03/28 01:53:43 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1077,20 +1077,24 @@ main(int ac, char **av) if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); - if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0) + if (shell != NULL && + strncmp(shell + strlen(shell) - 3, "csh", 3) == 0) c_flag = 1; } if (k_flag) { + const char *errstr = NULL; + pidstr = getenv(SSH_AGENTPID_ENV_NAME); if (pidstr == NULL) { fprintf(stderr, "%s not set, cannot kill agent\n", SSH_AGENTPID_ENV_NAME); exit(1); } - pid = atoi(pidstr); - if (pid < 1) { - fprintf(stderr, "%s=\"%s\", which is not a good PID\n", - SSH_AGENTPID_ENV_NAME, pidstr); + pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); + if (errstr) { + fprintf(stderr, + "%s=\"%s\", which is not a good PID: %s\n", + SSH_AGENTPID_ENV_NAME, pidstr, errstr); exit(1); } if (kill(pid, SIGTERM) == -1) { -- cgit v1.2.3 From d79b424e8ad424a44119f327e5ab1f79cd35649c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:11:44 +1100 Subject: - djm@cvs.openbsd.org 2006/03/30 09:41:25 [channels.c] ARGSUSED for dispatch table-driven functions --- ChangeLog | 5 ++++- channels.c | 13 ++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4ca1e9e3..85648b98e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ [ssh-agent.c] use strtonum() to parse the pid from the file, and range check it better; ok djm + - djm@cvs.openbsd.org 2006/03/30 09:41:25 + [channels.c] + ARGSUSED for dispatch table-driven functions 20060326 - OpenBSD CVS Sync @@ -4469,4 +4472,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4293 2006/03/31 12:11:28 djm Exp $ +$Id: ChangeLog,v 1.4294 2006/03/31 12:11:44 djm Exp $ diff --git a/channels.c b/channels.c index 248addedf..fccb9098e 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.248 2006/03/28 01:52:28 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.249 2006/03/30 09:41:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1945,6 +1945,8 @@ channel_output_poll(void) /* -- protocol input */ + +/* ARGSUSED */ void channel_input_data(int type, u_int32_t seq, void *ctxt) { @@ -2004,6 +2006,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) xfree(data); } +/* ARGSUSED */ void channel_input_extended_data(int type, u_int32_t seq, void *ctxt) { @@ -2050,6 +2053,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) xfree(data); } +/* ARGSUSED */ void channel_input_ieof(int type, u_int32_t seq, void *ctxt) { @@ -2073,6 +2077,7 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt) } +/* ARGSUSED */ void channel_input_close(int type, u_int32_t seq, void *ctxt) { @@ -2111,6 +2116,7 @@ channel_input_close(int type, u_int32_t seq, void *ctxt) } /* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ +/* ARGSUSED */ void channel_input_oclose(int type, u_int32_t seq, void *ctxt) { @@ -2123,6 +2129,7 @@ channel_input_oclose(int type, u_int32_t seq, void *ctxt) chan_rcvd_oclose(c); } +/* ARGSUSED */ void channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) { @@ -2139,6 +2146,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) channel_free(c); } +/* ARGSUSED */ void channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) { @@ -2186,6 +2194,7 @@ reason2txt(int reason) return "unknown reason"; } +/* ARGSUSED */ void channel_input_open_failure(int type, u_int32_t seq, void *ctxt) { @@ -2217,6 +2226,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) channel_free(c); } +/* ARGSUSED */ void channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { @@ -2241,6 +2251,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) c->remote_window += adjust; } +/* ARGSUSED */ void channel_input_port_open(int type, u_int32_t seq, void *ctxt) { -- cgit v1.2.3 From 3f9418893e1254bda3b87e7d3af7029d11b0a6c7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:13:02 +1100 Subject: - djm@cvs.openbsd.org 2006/03/30 09:58:16 [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] replace {GET,PUT}_XXBIT macros with functionally similar functions, silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@ --- ChangeLog | 9 +++++- authfd.c | 8 ++--- bufaux.c | 20 ++++++------- deattack.c | 6 ++-- gss-serv.c | 8 ++--- mac.c | 6 ++-- misc.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---- misc.h | 24 +++++++++++++-- monitor_wrap.c | 8 ++--- msg.c | 8 ++--- packet.c | 15 +++++----- sftp-client.c | 6 ++-- sftp-server.c | 9 +++--- ssh-agent.c | 5 ++-- 14 files changed, 166 insertions(+), 59 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85648b98e..827719c9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,13 @@ - djm@cvs.openbsd.org 2006/03/30 09:41:25 [channels.c] ARGSUSED for dispatch table-driven functions + - djm@cvs.openbsd.org 2006/03/30 09:58:16 + [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] + [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] + replace {GET,PUT}_XXBIT macros with functionally similar functions, + silencing a heap of lint warnings. also allows them to use + __bounded__ checking which can't be applied to macros; requested + by and feedback from deraadt@ 20060326 - OpenBSD CVS Sync @@ -4472,4 +4479,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4294 2006/03/31 12:11:44 djm Exp $ +$Id: ChangeLog,v 1.4295 2006/03/31 12:13:02 djm Exp $ diff --git a/authfd.c b/authfd.c index 2654892d0..0fa69bd2a 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.73 2006/03/25 18:29:35 deraadt Exp $ */ +/* $OpenBSD: authfd.c,v 1.74 2006/03/30 09:58:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,7 +47,6 @@ #include "buffer.h" #include "bufaux.h" #include "xmalloc.h" -#include "getput.h" #include "key.h" #include "authfd.h" #include "cipher.h" @@ -55,6 +54,7 @@ #include "compat.h" #include "log.h" #include "atomicio.h" +#include "misc.h" static int agent_present = 0; @@ -122,7 +122,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply /* Get the length of the message, and format it in the buffer. */ len = buffer_len(request); - PUT_32BIT(buf, len); + put_u32(buf, len); /* Send the length and then the packet to the agent. */ if (atomicio(vwrite, auth->fd, buf, 4) != 4 || @@ -141,7 +141,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply } /* Extract the length, and check it for sanity. */ - len = GET_32BIT(buf); + len = get_u32(buf); if (len > 256 * 1024) fatal("Authentication response too long: %u", len); diff --git a/bufaux.c b/bufaux.c index 21a2badf1..4f9a89881 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.40 2006/03/25 18:56:54 deraadt Exp $ */ +/* $OpenBSD: bufaux.c,v 1.41 2006/03/30 09:58:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,8 +42,8 @@ #include #include "bufaux.h" #include "xmalloc.h" -#include "getput.h" #include "log.h" +#include "misc.h" /* * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed @@ -68,7 +68,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) } /* Store the number of bits in the buffer in two bytes, msb first. */ - PUT_16BIT(msg, bits); + put_u16(msg, bits); buffer_append(buffer, msg, 2); /* Store the binary data. */ buffer_append(buffer, buf, oi); @@ -100,7 +100,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) error("buffer_get_bignum_ret: invalid length"); return (-1); } - bits = GET_16BIT(buf); + bits = get_u16(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; if (bytes > 8 * 1024) { @@ -219,7 +219,7 @@ buffer_get_short_ret(u_short *ret, Buffer *buffer) if (buffer_get_ret(buffer, (char *) buf, 2) == -1) return (-1); - *ret = GET_16BIT(buf); + *ret = get_u16(buf); return (0); } @@ -241,7 +241,7 @@ buffer_get_int_ret(u_int *ret, Buffer *buffer) if (buffer_get_ret(buffer, (char *) buf, 4) == -1) return (-1); - *ret = GET_32BIT(buf); + *ret = get_u32(buf); return (0); } @@ -263,7 +263,7 @@ buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) if (buffer_get_ret(buffer, (char *) buf, 8) == -1) return (-1); - *ret = GET_64BIT(buf); + *ret = get_u64(buf); return (0); } @@ -286,7 +286,7 @@ buffer_put_short(Buffer *buffer, u_short value) { char buf[2]; - PUT_16BIT(buf, value); + put_u16(buf, value); buffer_append(buffer, buf, 2); } @@ -295,7 +295,7 @@ buffer_put_int(Buffer *buffer, u_int value) { char buf[4]; - PUT_32BIT(buf, value); + put_u32(buf, value); buffer_append(buffer, buf, 4); } @@ -304,7 +304,7 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) { char buf[8]; - PUT_64BIT(buf, value); + put_u64(buf, value); buffer_append(buffer, buf, 8); } diff --git a/deattack.c b/deattack.c index 2adf185e8..fa397e6e8 100644 --- a/deattack.c +++ b/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.26 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: deattack.c,v 1.27 2006/03/30 09:58:15 djm Exp $ */ /* * Cryptographic attack detector for ssh - source code * @@ -23,8 +23,8 @@ #include "deattack.h" #include "log.h" #include "crc32.h" -#include "getput.h" #include "xmalloc.h" +#include "misc.h" /* SSH Constants */ #define SSH_MAXBLOCKS (32 * 1024) @@ -42,7 +42,7 @@ /* Hash function (Input keys are cipher results) */ -#define HASH(x) GET_32BIT(x) +#define HASH(x) get_u32(x) #define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE)) diff --git a/gss-serv.c b/gss-serv.c index 53ec634e8..5e43ffe58 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.16 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.17 2006/03/30 09:58:15 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -35,7 +35,7 @@ #include "session.h" #include "servconf.h" #include "xmalloc.h" -#include "getput.h" +#include "misc.h" #include "ssh-gss.h" @@ -153,7 +153,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) * second without. */ - oidl = GET_16BIT(tok+2); /* length including next two bytes */ + oidl = get_u16(tok+2); /* length including next two bytes */ oidl = oidl-2; /* turn it into the _real_ length of the variable OID */ /* @@ -170,7 +170,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) if (ename->length < offset+4) return GSS_S_FAILURE; - name->length = GET_32BIT(tok+offset); + name->length = get_u32(tok+offset); offset += 4; if (ename->length < offset+name->length) diff --git a/mac.c b/mac.c index c155dbd3f..02bcc31ed 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.9 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.10 2006/03/30 09:58:15 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -28,11 +28,11 @@ #include #include "xmalloc.h" -#include "getput.h" #include "log.h" #include "cipher.h" #include "kex.h" #include "mac.h" +#include "misc.h" struct { char *name; @@ -83,7 +83,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) if (mac->mac_len > sizeof(m)) fatal("mac_compute: mac too long"); HMAC_Init(&c, mac->key, mac->key_len, mac->md); - PUT_32BIT(b, seqno); + put_u32(b, seqno); HMAC_Update(&c, b, sizeof(b)); HMAC_Update(&c, data, datalen); HMAC_Final(&c, m, NULL); diff --git a/misc.c b/misc.c index daeb86c82..158d4878f 100644 --- a/misc.c +++ b/misc.c @@ -1,7 +1,7 @@ -/* $OpenBSD: misc.c,v 1.51 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.52 2006/03/30 09:58:15 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2005 Damien Miller. All rights reserved. + * Copyright (c) 2005,2006 Damien Miller. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -691,17 +691,100 @@ sanitise_stdfd(void) } char * -tohex(const u_char *d, u_int l) +tohex(const void *vp, size_t l) { + const u_char *p = (const u_char *)vp; char b[3], *r; - u_int i, hl; + size_t i, hl; + + if (l > 65536) + return xstrdup("tohex: length > 65536"); hl = l * 2 + 1; r = xcalloc(1, hl); for (i = 0; i < l; i++) { - snprintf(b, sizeof(b), "%02x", d[i]); + snprintf(b, sizeof(b), "%02x", p[i]); strlcat(r, b, hl); } return (r); } +u_int64_t +get_u64(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int64_t v; + + v = (u_int64_t)p[0] << 56; + v |= (u_int64_t)p[1] << 48; + v |= (u_int64_t)p[2] << 40; + v |= (u_int64_t)p[3] << 32; + v |= (u_int64_t)p[4] << 24; + v |= (u_int64_t)p[5] << 16; + v |= (u_int64_t)p[6] << 8; + v |= (u_int64_t)p[7]; + + return (v); +} + +u_int32_t +get_u32(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int32_t v; + + v = (u_int32_t)p[0] << 24; + v |= (u_int32_t)p[1] << 16; + v |= (u_int32_t)p[2] << 8; + v |= (u_int32_t)p[3]; + + return (v); +} + +u_int16_t +get_u16(const void *vp) +{ + const u_char *p = (const u_char *)vp; + u_int16_t v; + + v = (u_int16_t)p[0] << 8; + v |= (u_int16_t)p[1]; + + return (v); +} + +void +put_u64(void *vp, u_int64_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 56) & 0xff; + p[1] = (u_char)(v >> 48) & 0xff; + p[2] = (u_char)(v >> 40) & 0xff; + p[3] = (u_char)(v >> 32) & 0xff; + p[4] = (u_char)(v >> 24) & 0xff; + p[5] = (u_char)(v >> 16) & 0xff; + p[6] = (u_char)(v >> 8) & 0xff; + p[7] = (u_char)v & 0xff; +} + +void +put_u32(void *vp, u_int32_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 24) & 0xff; + p[1] = (u_char)(v >> 16) & 0xff; + p[2] = (u_char)(v >> 8) & 0xff; + p[3] = (u_char)v & 0xff; +} + + +void +put_u16(void *vp, u_int16_t v) +{ + u_char *p = (u_char *)vp; + + p[0] = (u_char)(v >> 8) & 0xff; + p[1] = (u_char)v & 0xff; +} diff --git a/misc.h b/misc.h index f20cb60bc..bbd66ef10 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.30 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.31 2006/03/30 09:58:15 djm Exp $ */ /* * Author: Tatu Ylonen @@ -12,6 +12,9 @@ * called by a name other than "ssh" or "Secure Shell". */ +#ifndef _MISC_H +#define _MISC_H + /* misc.c */ char *chop(char *); @@ -27,7 +30,7 @@ char *colon(char *); long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); -char *tohex(const u_char *, u_int); +char *tohex(const void *, size_t); void sanitise_stdfd(void); struct passwd *pwcopy(struct passwd *); @@ -67,3 +70,20 @@ int tun_open(int, int); #define SSH_TUNID_ANY 0x7fffffff #define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) #define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) + +/* Functions to extract or store big-endian words of various sizes */ +u_int64_t get_u64(const void *) + __attribute__((__bounded__( __minbytes__, 1, 8))); +u_int32_t get_u32(const void *) + __attribute__((__bounded__( __minbytes__, 1, 4))); +u_int16_t get_u16(const void *) + __attribute__((__bounded__( __minbytes__, 1, 2))); +void put_u64(void *, u_int64_t) + __attribute__((__bounded__( __minbytes__, 1, 8))); +void put_u32(void *, u_int32_t) + __attribute__((__bounded__( __minbytes__, 1, 4))); +void put_u16(void *, u_int16_t) + __attribute__((__bounded__( __minbytes__, 1, 2))); + +#endif /* _MISC_H */ + diff --git a/monitor_wrap.c b/monitor_wrap.c index f2fbd99ee..8cfc8cc08 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.44 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.45 2006/03/30 09:58:15 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -52,7 +52,7 @@ #include "xmalloc.h" #include "atomicio.h" #include "monitor_fdpass.h" -#include "getput.h" +#include "misc.h" #include "servconf.h" #include "auth.h" @@ -91,7 +91,7 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) debug3("%s entering: type %d", __func__, type); - PUT_32BIT(buf, mlen + 1); + put_u32(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write: %s", __func__, strerror(errno)); @@ -112,7 +112,7 @@ mm_request_receive(int sock, Buffer *m) cleanup_exit(255); fatal("%s: read: %s", __func__, strerror(errno)); } - msg_len = GET_32BIT(buf); + msg_len = get_u32(buf); if (msg_len > 256 * 1024) fatal("%s: read: bad msg_len %d", __func__, msg_len); buffer_clear(m); diff --git a/msg.c b/msg.c index 2c0a67269..fb08df548 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.10 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: msg.c,v 1.11 2006/03/30 09:58:15 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -25,10 +25,10 @@ #include "includes.h" #include "buffer.h" -#include "getput.h" #include "log.h" #include "atomicio.h" #include "msg.h" +#include "misc.h" int ssh_msg_send(int fd, u_char type, Buffer *m) @@ -38,7 +38,7 @@ ssh_msg_send(int fd, u_char type, Buffer *m) debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff); - PUT_32BIT(buf, mlen + 1); + put_u32(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) { error("ssh_msg_send: write"); @@ -64,7 +64,7 @@ ssh_msg_recv(int fd, Buffer *m) error("ssh_msg_recv: read: header"); return (-1); } - msg_len = GET_32BIT(buf); + msg_len = get_u32(buf); if (msg_len > 256 * 1024) { error("ssh_msg_recv: read: bad msg_len %u", msg_len); return (-1); diff --git a/packet.c b/packet.c index 5eb2c1c9e..ea0a82e21 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.130 2006/03/25 18:56:55 deraadt Exp $ */ +/* $OpenBSD: packet.c,v 1.131 2006/03/30 09:58:16 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,7 +48,6 @@ #include "packet.h" #include "bufaux.h" #include "crc32.h" -#include "getput.h" #include "compress.h" #include "deattack.h" @@ -559,7 +558,7 @@ packet_send1(void) /* Add check bytes. */ checksum = ssh_crc32(buffer_ptr(&outgoing_packet), buffer_len(&outgoing_packet)); - PUT_32BIT(buf, checksum); + put_u32(buf, checksum); buffer_append(&outgoing_packet, buf, 4); #ifdef PACKET_DEBUG @@ -568,7 +567,7 @@ packet_send1(void) #endif /* Append to output. */ - PUT_32BIT(buf, len); + put_u32(buf, len); buffer_append(&output, buf, 4); cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet), @@ -771,7 +770,7 @@ packet_send2_wrapped(void) /* packet_length includes payload, padding and padding length field */ packet_length = buffer_len(&outgoing_packet) - 4; cp = buffer_ptr(&outgoing_packet); - PUT_32BIT(cp, packet_length); + put_u32(cp, packet_length); cp[4] = padlen; DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); @@ -969,7 +968,7 @@ packet_read_poll1(void) return SSH_MSG_NONE; /* Get length of incoming packet. */ cp = buffer_ptr(&input); - len = GET_32BIT(cp); + len = get_u32(cp); if (len < 1 + 2 + 2 || len > 256 * 1024) packet_disconnect("Bad packet length %u.", len); padded_len = (len + 8) & ~7; @@ -1017,7 +1016,7 @@ packet_read_poll1(void) len, buffer_len(&incoming_packet)); cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4; - stored_checksum = GET_32BIT(cp); + stored_checksum = get_u32(cp); if (checksum != stored_checksum) packet_disconnect("Corrupted check bytes on input."); buffer_consume_end(&incoming_packet, 4); @@ -1066,7 +1065,7 @@ packet_read_poll2(u_int32_t *seqnr_p) cipher_crypt(&receive_context, cp, buffer_ptr(&input), block_size); cp = buffer_ptr(&incoming_packet); - packet_length = GET_32BIT(cp); + packet_length = get_u32(cp); if (packet_length < 1 + 4 || packet_length > 256 * 1024) { #ifdef PACKET_DEBUG buffer_dump(&incoming_packet); diff --git a/sftp-client.c b/sftp-client.c index 5788aa6ad..c71c66f33 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.63 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.64 2006/03/30 09:58:16 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -32,11 +32,11 @@ #include "buffer.h" #include "bufaux.h" -#include "getput.h" #include "xmalloc.h" #include "log.h" #include "atomicio.h" #include "progressmeter.h" +#include "misc.h" #include "sftp.h" #include "sftp-common.h" @@ -66,7 +66,7 @@ send_msg(int fd, Buffer *m) fatal("Outbound message too long %u", buffer_len(m)); /* Send length first */ - PUT_32BIT(mlen, buffer_len(m)); + put_u32(mlen, buffer_len(m)); if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); diff --git a/sftp-server.c b/sftp-server.c index e58aa59c8..e842341cb 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.56 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.57 2006/03/30 09:58:16 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -23,7 +23,6 @@ #include "buffer.h" #include "bufaux.h" -#include "getput.h" #include "log.h" #include "xmalloc.h" #include "misc.h" @@ -172,7 +171,7 @@ handle_to_string(int handle, char **stringp, int *hlenp) if (stringp == NULL || hlenp == NULL) return -1; *stringp = xmalloc(sizeof(int32_t)); - PUT_32BIT(*stringp, handle); + put_u32(*stringp, handle); *hlenp = sizeof(int32_t); return 0; } @@ -184,7 +183,7 @@ handle_from_string(const char *handle, u_int hlen) if (hlen != sizeof(int32_t)) return -1; - val = GET_32BIT(handle); + val = get_u32(handle); if (handle_is_ok(val, HANDLE_FILE) || handle_is_ok(val, HANDLE_DIR)) return val; @@ -950,7 +949,7 @@ process(void) if (buf_len < 5) return; /* Incomplete message. */ cp = buffer_ptr(&iqueue); - msg_len = GET_32BIT(cp); + msg_len = get_u32(cp); if (msg_len > SFTP_MAX_MSG_LENGTH) { error("bad message "); exit(11); diff --git a/ssh-agent.c b/ssh-agent.c index 162760ac2..681c30235 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.136 2006/03/28 01:53:43 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.137 2006/03/30 09:58:16 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,7 +56,6 @@ #include "buffer.h" #include "bufaux.h" #include "xmalloc.h" -#include "getput.h" #include "key.h" #include "authfd.h" #include "compat.h" @@ -692,7 +691,7 @@ process_message(SocketEntry *e) if (buffer_len(&e->input) < 5) return; /* Incomplete message. */ cp = buffer_ptr(&e->input); - msg_len = GET_32BIT(cp); + msg_len = get_u32(cp); if (msg_len > 256 * 1024) { close_socket(e); return; -- cgit v1.2.3 From 6b1d53c2b090130440c3459876c0033c4e5a466a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:13:21 +1100 Subject: - djm@cvs.openbsd.org 2006/03/30 10:41:25 [ssh.c ssh_config.5] add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ --- ChangeLog | 6 +++++- ssh.c | 22 ++++++++++++++++------ ssh_config.5 | 17 +++++++++++++++-- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 827719c9c..792d4fd68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@ + - djm@cvs.openbsd.org 2006/03/30 10:41:25 + [ssh.c ssh_config.5] + add percent escape chars to the IdentityFile option, bz #1159 based + on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ 20060326 - OpenBSD CVS Sync @@ -4479,4 +4483,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4295 2006/03/31 12:13:02 djm Exp $ +$Id: ChangeLog,v 1.4296 2006/03/31 12:13:21 djm Exp $ diff --git a/ssh.c b/ssh.c index 7e0a8ba4b..5eddd41d5 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.274 2006/03/28 00:12:31 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -647,15 +647,15 @@ main(int ac, char **av) options.control_path = NULL; if (options.control_path != NULL) { - char me[NI_MAXHOST]; + char thishost[NI_MAXHOST]; - if (gethostname(me, sizeof(me)) == -1) + if (gethostname(thishost, sizeof(thishost)) == -1) fatal("gethostname: %s", strerror(errno)); snprintf(buf, sizeof(buf), "%d", options.port); cp = tilde_expand_filename(options.control_path, original_real_uid); options.control_path = percent_expand(cp, "p", buf, "h", host, - "r", options.user, "l", me, (char *)NULL); + "r", options.user, "l", thishost, (char *)NULL); xfree(cp); } if (mux_command != 0 && options.control_path == NULL) @@ -1194,9 +1194,10 @@ ssh_session2(void) static void load_public_identity_files(void) { - char *filename; + char *filename, *cp, thishost[NI_MAXHOST]; int i = 0; Key *public; + struct passwd *pw; #ifdef SMARTCARD Key **keys; @@ -1220,9 +1221,18 @@ load_public_identity_files(void) xfree(keys); } #endif /* SMARTCARD */ + if ((pw = getpwuid(original_real_uid)) == NULL) + fatal("load_public_identity_files: getpwuid failed"); + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("load_public_identity_files: gethostname: %s", + strerror(errno)); for (; i < options.num_identity_files; i++) { - filename = tilde_expand_filename(options.identity_files[i], + cp = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = percent_expand(cp, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + xfree(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); diff --git a/ssh_config.5 b/ssh_config.5 index 5b02ef821..9c621336e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.89 2006/03/14 16:32:48 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.90 2006/03/30 10:41:25 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -548,8 +548,21 @@ and for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. +.Pp The file name may use the tilde -syntax to refer to a user's home directory. +syntax to refer to a user's home directory or one of the following +escape characters: +.Ql %d +(local user's home directory), +.Ql %u +(local user name), +.Ql %l +(local host name), +.Ql %h +(remote host name) or +.Ql %h +(remote user name). +.Pp It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. -- cgit v1.2.3 From e23209f4349343d75c66fd8c71a57942d8827f54 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:13:35 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 [ssh-keygen.c] Correctly handle truncated files while converting keys; ok djm@ --- ChangeLog | 5 ++++- ssh-keygen.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 792d4fd68..baae286ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,9 @@ [ssh.c ssh_config.5] add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ + - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 + [ssh-keygen.c] + Correctly handle truncated files while converting keys; ok djm@ 20060326 - OpenBSD CVS Sync @@ -4483,4 +4486,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4296 2006/03/31 12:13:21 djm Exp $ +$Id: ChangeLog,v 1.4297 2006/03/31 12:13:35 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 25c2cfd84..ef417514a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.142 2006/03/25 18:40:14 deraadt Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.143 2006/03/30 11:05:17 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -331,6 +331,8 @@ get_line(FILE *fp, char *line, size_t len) line[pos++] = c; line[pos] = '\0'; } + if (c == EOF) + return -1; return pos; } -- cgit v1.2.3 From 7a8f5b330dc7a98e7144ec119a7b5b0737a26708 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:14:23 +1100 Subject: - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 [auth.c monitor.c] Prevent duplicate log messages when privsep=yes; ok djm@ --- ChangeLog | 5 ++++- auth.c | 6 +++++- monitor.c | 18 ++++++++++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index baae286ae..9ca87fda0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 [ssh-keygen.c] Correctly handle truncated files while converting keys; ok djm@ + - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 + [auth.c monitor.c] + Prevent duplicate log messages when privsep=yes; ok djm@ 20060326 - OpenBSD CVS Sync @@ -4486,4 +4489,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4297 2006/03/31 12:13:35 djm Exp $ +$Id: ChangeLog,v 1.4298 2006/03/31 12:14:23 djm Exp $ diff --git a/auth.c b/auth.c index bf2948a84..e43c81658 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.67 2006/03/30 11:40:21 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,6 +61,7 @@ /* import */ extern ServerOptions options; +extern int use_privsep; extern Buffer loginmsg; /* Debugging messages */ @@ -237,6 +238,9 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) void (*authlog) (const char *fmt,...) = verbose; char *authmsg; + if (use_privsep && !mm_is_monitor() && !authctxt->postponed) + return; + /* Raise logging level */ if (authenticated == 1 || !authctxt->valid || diff --git a/monitor.c b/monitor.c index d672aeb72..894523da3 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.76 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.77 2006/03/30 11:40:21 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -179,6 +179,7 @@ struct mon_table { #define MON_ISAUTH 0x0004 /* Required for Authentication */ #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ #define MON_ONCE 0x0010 /* Disable after calling */ +#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) @@ -239,8 +240,8 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, - {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, - {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, + {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, + {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, #ifdef BSD_AUTH @@ -334,6 +335,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { + auth_method = "unknown"; authenticated = monitor_read(pmonitor, mon_dispatch, &ent); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) @@ -356,7 +358,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #endif } - if (ent->flags & MON_AUTHDECIDE) { + if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { auth_log(authctxt, authenticated, auth_method, compat20 ? " ssh2" : ""); if (!authenticated) @@ -366,6 +368,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); + if (strcmp(auth_method, "unknown") == 0) + fatal("%s: authentication method name unknown", __func__); debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); @@ -992,17 +996,20 @@ mm_answer_keyallowed(int sock, Buffer *m) case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); + auth_method = "publickey"; break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "hostbased"; break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); + auth_method = "rsa"; break; default: fatal("%s: unknown key type %d", __func__, type); @@ -1023,6 +1030,8 @@ mm_answer_keyallowed(int sock, Buffer *m) hostbased_cuser = cuser; hostbased_chost = chost; } else { + /* Log failed attempt */ + auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); xfree(blob); xfree(cuser); xfree(chost); @@ -1390,6 +1399,7 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m) debug3("%s entering", __func__); + auth_method = "rsa"; if (options.rsa_authentication && authctxt->valid) { if ((client_n = BN_new()) == NULL) fatal("%s: BN_new", __func__); -- cgit v1.2.3 From c6437cf00a43e45f238928aea1af86457a9e262e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:14:41 +1100 Subject: - jmc@cvs.openbsd.org 2006/03/31 09:09:30 [ssh_config.5] kill trailing whitespace; --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9ca87fda0..2a43234ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 [auth.c monitor.c] Prevent duplicate log messages when privsep=yes; ok djm@ + - jmc@cvs.openbsd.org 2006/03/31 09:09:30 + [ssh_config.5] + kill trailing whitespace; 20060326 - OpenBSD CVS Sync @@ -4489,4 +4492,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4298 2006/03/31 12:14:23 djm Exp $ +$Id: ChangeLog,v 1.4299 2006/03/31 12:14:41 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 9c621336e..a1c2a5fbe 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.90 2006/03/30 10:41:25 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.91 2006/03/31 09:09:30 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -550,7 +550,7 @@ Additionally, any identities represented by the authentication agent will be used for authentication. .Pp The file name may use the tilde -syntax to refer to a user's home directory or one of the following +syntax to refer to a user's home directory or one of the following escape characters: .Ql %d (local user's home directory), -- cgit v1.2.3 From dfc6183f13d8c0d033d5b259eeb888b4f1236c2d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 31 Mar 2006 23:14:57 +1100 Subject: - djm@cvs.openbsd.org 2006/03/31 09:13:56 [ssh_config.5] remote user escape is %r not %h; spotted by jmc@ --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a43234ca..c9d436915 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,9 @@ - jmc@cvs.openbsd.org 2006/03/31 09:09:30 [ssh_config.5] kill trailing whitespace; + - djm@cvs.openbsd.org 2006/03/31 09:13:56 + [ssh_config.5] + remote user escape is %r not %h; spotted by jmc@ 20060326 - OpenBSD CVS Sync @@ -4492,4 +4495,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4299 2006/03/31 12:14:41 djm Exp $ +$Id: ChangeLog,v 1.4300 2006/03/31 12:14:57 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index a1c2a5fbe..7744e95f9 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.91 2006/03/31 09:09:30 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.92 2006/03/31 09:13:56 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -560,7 +560,7 @@ escape characters: (local host name), .Ql %h (remote host name) or -.Ql %h +.Ql %r (remote user name). .Pp It is possible to have -- cgit v1.2.3 From 2eaf37d899a55c253ad42d13534a824bce9c8ed2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 18 Apr 2006 15:13:16 +1000 Subject: - (djm) Reorder IP options check so that it isn't broken by mapped addresses; bz #1179 reported by markw wtech-llc.com; ok dtucker@ --- ChangeLog | 7 ++++++- canohost.c | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c9d436915..5328aa9c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060418 + - (djm) Reorder IP options check so that it isn't broken by + mapped addresses; bz #1179 reported by markw wtech-llc.com; + ok dtucker@ + 20060331 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 @@ -4495,4 +4500,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4300 2006/03/31 12:14:57 djm Exp $ +$Id: ChangeLog,v 1.4301 2006/04/18 05:13:16 djm Exp $ diff --git a/canohost.c b/canohost.c index 35ae9bede..34b751a72 100644 --- a/canohost.c +++ b/canohost.c @@ -45,6 +45,9 @@ get_remote_hostname(int sock, int use_dns) cleanup_exit(255); } + if (from.ss_family == AF_INET) + check_ip_options(sock, ntop); + ipv64_normalise_mapped(&from, &fromlen); if (from.ss_family == AF_INET6) @@ -54,9 +57,6 @@ get_remote_hostname(int sock, int use_dns) NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); - if (from.ss_family == AF_INET) - check_ip_options(sock, ntop); - if (!use_dns) return xstrdup(ntop); -- cgit v1.2.3 From 73b42d2bb058da914828b53f2951954560a5b6eb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Apr 2006 21:26:08 +1000 Subject: - (djm) [Makefile.in configure.ac session.c sshpty.c] [contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@ --- ChangeLog | 14 +++- Makefile.in | 5 +- configure.ac | 22 +++++- contrib/redhat/sshd.init | 9 +++ openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/port-linux.c | 165 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-linux.h | 27 +++++++ session.c | 4 + sshpty.c | 4 + 10 files changed, 247 insertions(+), 10 deletions(-) create mode 100644 openbsd-compat/port-linux.c create mode 100644 openbsd-compat/port-linux.h diff --git a/ChangeLog b/ChangeLog index 5328aa9c4..92a2f25d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,14 @@ +20060421 + - (djm) [Makefile.in configure.ac session.c sshpty.c] + [contrib/redhat/sshd.init openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] + [openbsd-compat/port-linux.h] Add support for SELinux, setting + the execution and TTY contexts. based on patch from Daniel Walsh, + bz #880; ok dtucker@ + 20060418 - - (djm) Reorder IP options check so that it isn't broken by - mapped addresses; bz #1179 reported by markw wtech-llc.com; + - (djm) [canohost.c] Reorder IP options check so that it isn't broken + by mapped addresses; bz #1179 reported by markw wtech-llc.com; ok dtucker@ 20060331 @@ -4500,4 +4508,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4301 2006/04/18 05:13:16 djm Exp $ +$Id: ChangeLog,v 1.4302 2006/04/22 11:26:08 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 57475f003..9bc25e7a7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.276 2006/03/15 02:09:18 djm Exp $ +# $Id: Makefile.in,v 1.277 2006/04/22 11:26:08 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBSELINUX=@LIBSELINUX@ LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ @@ -136,7 +137,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 9e037ab0e..093c17643 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.338 2006/03/15 21:14:34 dtucker Exp $ +# $Id: configure.ac,v 1.339 2006/04/22 11:26:08 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.338 $) +AC_REVISION($Revision: 1.339 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3000,6 +3000,23 @@ int main() [#include ]) ]) +# Check whether user wants SELinux support +SELINUX_MSG="no" +LIBSELINUX="" +AC_ARG_WITH(selinux, + [ --with-selinux Enable SELinux support], + [ if test "x$withval" != "xno" ; then + AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) + SELINUX_MSG="yes" + AC_CHECK_HEADER([selinux/selinux.h], , + AC_MSG_ERROR(SELinux support requires selinux.h header)) + AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], + AC_MSG_ERROR(SELinux support requires libselinux library)) + AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + fi ] +) +AC_SUBST(LIBSELINUX) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, @@ -3818,6 +3835,7 @@ fi echo " Manpage format: $MANTYPE" echo " PAM support: $PAM_MSG" echo " KerberosV support: $KRB5_MSG" +echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 4ee8630c3..e5d837cbc 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -35,6 +35,9 @@ do_rsa1_keygen() { if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA1_KEY.pub + fi success $"RSA1 key generation" echo else @@ -51,6 +54,9 @@ do_rsa_keygen() { if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA_KEY.pub + fi success $"RSA key generation" echo else @@ -67,6 +73,9 @@ do_dsa_keygen() { if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $DSA_KEY.pub + fi success $"DSA key generation" echo else diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index f1a706241..67e521bfe 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.38 2006/03/15 02:09:20 djm Exp $ +# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o port-uw.o port-tun.o +PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 432b183e7..eda9c49eb 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.35 2006/03/15 11:25:55 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.36 2006/04/22 11:26:08 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -185,6 +185,7 @@ char *shadow_pw(struct passwd *pw); #include "bsd-cray.h" #include "bsd-cygwin_util.h" #include "port-irix.h" +#include "port-linux.h" #include "port-aix.h" #include "port-uw.h" #include "port-tun.h" diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c new file mode 100644 index 000000000..54ec2910e --- /dev/null +++ b/openbsd-compat/port-linux.c @@ -0,0 +1,165 @@ +/* $Id: port-linux.c,v 1.1 2006/04/22 11:26:08 djm Exp $ */ + +/* + * Copyright (c) 2005 Daniel Walsh + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Linux-specific portability code - just SELinux support at present + */ + +#include "includes.h" + +#ifdef WITH_SELINUX +#include "log.h" +#include "port-linux.h" + +#include +#include +#include + +/* Wrapper around is_selinux_enabled() to log its return value once only */ +static int +ssh_selinux_enabled(void) +{ + static int enabled = -1; + + if (enabled == -1) { + enabled = is_selinux_enabled(); + debug("SELinux support %s", enabled ? "enabled" : "disabled"); + } + + return (enabled); +} + +/* Return the default security context for the given username */ +static security_context_t +ssh_selinux_getctxbyname(char *pwname) +{ + security_context_t sc; + char *sename = NULL, *lvl = NULL; + int r; + +#ifdef HAVE_GETSEUSERBYNAME + if (getseuserbyname(pwname, &sename, &lvl) != 0) + return NULL; +#else + sename = pwname; + lvl = NULL; +#endif + +#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL + r = get_default_context_with_level(sename, lvl, NULL, &sc); +#else + r = get_default_context(sename, NULL, &sc); +#endif + + if (r != 0) { + switch (security_getenforce()) { + case -1: + fatal("%s: ssh_selinux_getctxbyname: " + "security_getenforce() failed", __func__); + case 0: + error("%s: Failed to get default SELinux security " + "context for %s", __func__, pwname); + default: + fatal("%s: Failed to get default SELinux security " + "context for %s (in enforcing mode)", + __func__, pwname); + } + } + +#ifdef HAVE_GETSEUSERBYNAME + if (sename != NULL) + xfree(sename); + if (lvl != NULL) + xfree(lvl); +#endif + + return (sc); +} + +/* Set the execution context to the default for the specified user */ +void +ssh_selinux_setup_exec_context(char *pwname) +{ + security_context_t user_ctx = NULL; + + if (!ssh_selinux_enabled()) + return; + + debug3("%s: setting execution context", __func__); + + user_ctx = ssh_selinux_getctxbyname(pwname); + if (setexeccon(user_ctx) != 0) { + switch (security_getenforce()) { + case -1: + fatal("%s: security_getenforce() failed", __func__); + case 0: + error("%s: Failed to set SELinux execution " + "context for %s", __func__, pwname); + default: + fatal("%s: Failed to set SELinux execution context " + "for %s (in enforcing mode)", __func__, pwname); + } + } + if (user_ctx != NULL) + freecon(user_ctx); + + debug3("%s: done", __func__); +} + +/* Set the TTY context for the specified user */ +void +ssh_selinux_setup_pty(char *pwname, const char *tty) +{ + security_context_t new_tty_ctx = NULL; + security_context_t user_ctx = NULL; + security_context_t old_tty_ctx = NULL; + + if (!ssh_selinux_enabled()) + return; + + debug3("%s: setting TTY context on %s", __func__, tty); + + user_ctx = ssh_selinux_getctxbyname(pwname); + + /* XXX: should these calls fatal() upon failure in enforcing mode? */ + + if (getfilecon(tty, &old_tty_ctx) == -1) { + error("%s: getfilecon: %s", __func__, strerror(errno)); + goto out; + } + + if (security_compute_relabel(user_ctx, old_tty_ctx, + SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { + error("%s: security_compute_relabel: %s", + __func__, strerror(errno)); + goto out; + } + + if (setfilecon(tty, new_tty_ctx) != 0) + error("%s: setfilecon: %s", __func__, strerror(errno)); + out: + if (new_tty_ctx != NULL) + freecon(new_tty_ctx); + if (old_tty_ctx != NULL) + freecon(old_tty_ctx); + if (user_ctx != NULL) + freecon(user_ctx); + debug3("%s: done", __func__); +} +#endif /* WITH_SELINUX */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h new file mode 100644 index 000000000..05e520e1c --- /dev/null +++ b/openbsd-compat/port-linux.h @@ -0,0 +1,27 @@ +/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */ + +/* + * Copyright (c) 2006 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_LINUX_H +#define _PORT_LINUX_H + +#ifdef WITH_SELINUX +void ssh_selinux_setup_pty(char *, const char *); +void ssh_selinux_setup_exec_context(char *); +#endif + +#endif /* ! _PORT_LINUX_H */ diff --git a/session.c b/session.c index 8b837d07d..bba3fa21f 100644 --- a/session.c +++ b/session.c @@ -1352,6 +1352,10 @@ do_setusercontext(struct passwd *pw) #endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); + +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif } static void diff --git a/sshpty.c b/sshpty.c index a15df0414..0e49e9a16 100644 --- a/sshpty.c +++ b/sshpty.c @@ -210,6 +210,10 @@ pty_setowner(struct passwd *pw, const char *tty) fatal("stat(%.100s) failed: %.100s", tty, strerror(errno)); +#ifdef WITH_SELINUX + ssh_selinux_setup_pty(pw->pw_name, tty); +#endif + if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(tty, pw->pw_uid, gid) < 0) { if (errno == EROFS && -- cgit v1.2.3 From 07aa132a5e32f5c08694afabf5ebb14fb7c66006 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:04:27 +1000 Subject: - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 [scp.c] minimal lint cleanup (unused crud, and some size_t); ok djm --- ChangeLog | 8 +++++++- scp.c | 20 ++++++++++++-------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92a2f25d6..fb737717b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060423 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 + [scp.c] + minimal lint cleanup (unused crud, and some size_t); ok djm + 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] [contrib/redhat/sshd.init openbsd-compat/Makefile.in] @@ -4508,4 +4514,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4302 2006/04/22 11:26:08 djm Exp $ +$Id: ChangeLog,v 1.4303 2006/04/23 02:04:27 djm Exp $ diff --git a/scp.c b/scp.c index 2f89aa49e..6c8bbcdb7 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.139 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.140 2006/04/01 05:42:20 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -92,6 +92,8 @@ extern char *__progname; +int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); + void bwlimit(int); /* Struct for addargs */ @@ -177,7 +179,7 @@ do_local_cmd(arglist *a) */ int -do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) +do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; @@ -244,7 +246,6 @@ typedef struct { BUF *allocbuf(BUF *, int, int); void lostconn(int); -void nospace(void); int okname(char *); void run_err(const char *,...); void verifydir(char *); @@ -419,9 +420,10 @@ main(int argc, char **argv) void toremote(char *targ, int argc, char **argv) { - int i, len; char *bp, *host, *src, *suser, *thost, *tuser, *arg; arglist alist; + size_t len; + int i; memset(&alist, '\0', sizeof(alist)); alist.list = NULL; @@ -491,7 +493,7 @@ toremote(char *targ, int argc, char **argv) (void) snprintf(bp, len, "%s -t %s", cmd, targ); host = cleanhostname(thost); if (do_cmd(host, tuser, bp, &remin, - &remout, argc) < 0) + &remout) < 0) exit(1); if (response() < 0) exit(1); @@ -505,9 +507,10 @@ toremote(char *targ, int argc, char **argv) void tolocal(int argc, char **argv) { - int i, len; char *bp, *host, *src, *suser; arglist alist; + size_t len; + int i; memset(&alist, '\0', sizeof(alist)); alist.list = NULL; @@ -542,7 +545,7 @@ tolocal(int argc, char **argv) len = strlen(src) + CMDNEEDS + 20; bp = xmalloc(len); (void) snprintf(bp, len, "%s -f %s", cmd, src); - if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) { + if (do_cmd(host, suser, bp, &remin, &remout) < 0) { (void) xfree(bp); ++errs; continue; @@ -787,7 +790,8 @@ sink(int argc, char **argv) BUF *bp; off_t i; size_t j, count; - int amt, exists, first, mask, mode, ofd, omode; + int amt, exists, first, ofd; + mode_t mode, omode, mask; off_t size, statbytes; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; -- cgit v1.2.3 From 7a656f792207bacd1148eb962919202908d83e9c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:04:46 +1000 Subject: - djm@cvs.openbsd.org 2006/04/01 05:50:29 [scp.c] xasprintification; ok deraadt@ --- ChangeLog | 5 ++++- scp.c | 12 +++--------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb737717b..4aec5c5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 [scp.c] minimal lint cleanup (unused crud, and some size_t); ok djm + - djm@cvs.openbsd.org 2006/04/01 05:50:29 + [scp.c] + xasprintification; ok deraadt@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4514,4 +4517,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4303 2006/04/23 02:04:27 djm Exp $ +$Id: ChangeLog,v 1.4304 2006/04/23 02:04:46 djm Exp $ diff --git a/scp.c b/scp.c index 6c8bbcdb7..2778f8f80 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.140 2006/04/01 05:42:20 deraadt Exp $ */ +/* $OpenBSD: scp.c,v 1.141 2006/04/01 05:50:29 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -422,7 +422,6 @@ toremote(char *targ, int argc, char **argv) { char *bp, *host, *src, *suser, *thost, *tuser, *arg; arglist alist; - size_t len; int i; memset(&alist, '\0', sizeof(alist)); @@ -488,9 +487,7 @@ toremote(char *targ, int argc, char **argv) errs = 1; } else { /* local to remote */ if (remin == -1) { - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void) snprintf(bp, len, "%s -t %s", cmd, targ); + xasprintf(&bp, "%s -t %s", cmd, targ); host = cleanhostname(thost); if (do_cmd(host, tuser, bp, &remin, &remout) < 0) @@ -509,7 +506,6 @@ tolocal(int argc, char **argv) { char *bp, *host, *src, *suser; arglist alist; - size_t len; int i; memset(&alist, '\0', sizeof(alist)); @@ -542,9 +538,7 @@ tolocal(int argc, char **argv) suser = pwd->pw_name; } host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void) snprintf(bp, len, "%s -f %s", cmd, src); + xasprintf(&bp, "%s -f %s", cmd, src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) { (void) xfree(bp); ++errs; -- cgit v1.2.3 From 3db78468024de933202248e0a89bd22d5364f4fe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:05:16 +1000 Subject: - djm@cvs.openbsd.org 2006/04/01 05:51:34 [atomicio.c] ANSIfy; requested deraadt@ --- atomicio.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/atomicio.c b/atomicio.c index 87fb9fe75..996beff2f 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.16 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */ /* * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. @@ -33,11 +33,7 @@ * ensure all of data on socket comes through. f==read || f==vwrite */ size_t -atomicio(f, fd, _s, n) - ssize_t (*f) (int, void *, size_t); - int fd; - void *_s; - size_t n; +atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) { char *s = _s; size_t pos = 0; -- cgit v1.2.3 From 603e68f1a29c954f0c08a08b3f429956008ac244 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:05:32 +1000 Subject: - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 [ssh-keysign.c] sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ --- ChangeLog | 8 +++++++- ssh-keysign.c | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4aec5c5c9..33abee3b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,12 @@ - djm@cvs.openbsd.org 2006/04/01 05:50:29 [scp.c] xasprintification; ok deraadt@ + - djm@cvs.openbsd.org 2006/04/01 05:51:34 + [atomicio.c] + ANSIfy; requested deraadt@ + - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 + [ssh-keysign.c] + sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4517,4 +4523,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4304 2006/04/23 02:04:46 djm Exp $ +$Id: ChangeLog,v 1.4305 2006/04/23 02:05:32 djm Exp $ diff --git a/ssh-keysign.c b/ssh-keysign.c index 1f78c7a05..017af5307 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.22 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.23 2006/04/02 08:34:52 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -68,9 +68,9 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, buffer_init(&b); buffer_append(&b, data, datalen); - /* session id, currently limited to SHA1 (20 bytes) */ + /* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */ p = buffer_get_string(&b, &len); - if (len != 20) + if (len != 20 && len != 32) fail++; xfree(p); -- cgit v1.2.3 From 63e437f053bec9e227ba11e5e6205cd1e217baac Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:05:46 +1000 Subject: - djm@cvs.openbsd.org 2006/04/03 07:10:38 [gss-genr.c] GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 by dleonard AT vintela.com. use xasprintf() to simplify code while in there; "looks right" deraadt@ --- ChangeLog | 7 ++++++- gss-genr.c | 9 +++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33abee3b8..360cf61b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,11 @@ - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 [ssh-keysign.c] sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ + - djm@cvs.openbsd.org 2006/04/03 07:10:38 + [gss-genr.c] + GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 + by dleonard AT vintela.com. use xasprintf() to simplify code while in + there; "looks right" deraadt@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4523,4 +4528,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4305 2006/04/23 02:05:32 djm Exp $ +$Id: ChangeLog,v 1.4306 2006/04/23 02:05:46 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index 4c10f1aab..3d630ab82 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.9 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.10 2006/04/03 07:10:38 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -205,10 +205,11 @@ OM_uint32 ssh_gssapi_import_name(Gssctxt *ctx, const char *host) { gss_buffer_desc gssbuf; + char *val; - gssbuf.length = sizeof("host@") + strlen(host); - gssbuf.value = xmalloc(gssbuf.length); - snprintf(gssbuf.value, gssbuf.length, "host@%s", host); + xasprintf(&val, "host@%s", host); + gssbuf.value = val; + gssbuf.length = strlen(gssbuf.value); if ((ctx->major = gss_import_name(&ctx->minor, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) -- cgit v1.2.3 From 499a0d5ada82acbf8a5c5d496dbf0b4570dde1af Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:06:03 +1000 Subject: - djm@cvs.openbsd.org 2006/04/16 00:48:52 [buffer.c buffer.h channels.c] Fix condition where we could exit with a fatal error when an input buffer became too large and the remote end had advertised a big window. The problem was a mismatch in the backoff math between the channels code and the buffer code, so make a buffer_check_alloc() function that the channels code can use to propsectivly check whether an incremental allocation will succeed. bz #1131, debugged with the assistance of cove AT wildpackets.com; ok dtucker@ deraadt@ --- ChangeLog | 11 ++++++++++- buffer.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++------------- buffer.h | 7 +++---- channels.c | 8 +++----- 4 files changed, 64 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 360cf61b3..d3abc2b68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,15 @@ GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 by dleonard AT vintela.com. use xasprintf() to simplify code while in there; "looks right" deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:48:52 + [buffer.c buffer.h channels.c] + Fix condition where we could exit with a fatal error when an input + buffer became too large and the remote end had advertised a big window. + The problem was a mismatch in the backoff math between the channels code + and the buffer code, so make a buffer_check_alloc() function that the + channels code can use to propsectivly check whether an incremental + allocation will succeed. bz #1131, debugged with the assistance of + cove AT wildpackets.com; ok dtucker@ deraadt@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4528,4 +4537,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4306 2006/04/23 02:05:46 djm Exp $ +$Id: ChangeLog,v 1.4307 2006/04/23 02:06:03 djm Exp $ diff --git a/buffer.c b/buffer.c index de404e602..ba718daf2 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.26 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: buffer.c,v 1.27 2006/04/16 00:48:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,10 @@ #include "buffer.h" #include "log.h" +#define BUFFER_MAX_CHUNK 0x100000 +#define BUFFER_MAX_LEN 0xa00000 +#define BUFFER_ALLOCSZ 0x008000 + /* Initializes the buffer structure. */ void @@ -66,6 +70,23 @@ buffer_append(Buffer *buffer, const void *data, u_int len) memcpy(p, data, len); } +static int +buffer_compact(Buffer *buffer) +{ + /* + * If the buffer is quite empty, but all data is at the end, move the + * data to the beginning. + */ + if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) { + memmove(buffer->buf, buffer->buf + buffer->offset, + buffer->end - buffer->offset); + buffer->end -= buffer->offset; + buffer->offset = 0; + return (1); + } + return (0); +} + /* * Appends space to the buffer, expanding the buffer if necessary. This does * not actually copy the data into the buffer, but instead returns a pointer @@ -93,20 +114,13 @@ restart: buffer->end += len; return p; } - /* - * If the buffer is quite empty, but all data is at the end, move the - * data to the beginning and retry. - */ - if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) { - memmove(buffer->buf, buffer->buf + buffer->offset, - buffer->end - buffer->offset); - buffer->end -= buffer->offset; - buffer->offset = 0; + + /* Compact data back to the start of the buffer if necessary */ + if (buffer_compact(buffer)) goto restart; - } - /* Increase the size of the buffer and retry. */ - newlen = buffer->alloc + len + 32768; + /* Increase the size of the buffer and retry. */ + newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ); if (newlen > BUFFER_MAX_LEN) fatal("buffer_append_space: alloc %u not supported", newlen); @@ -116,6 +130,27 @@ restart: /* NOTREACHED */ } +/* + * Check whether an allocation of 'len' will fit in the buffer + * This must follow the same math as buffer_append_space + */ +int +buffer_check_alloc(Buffer *buffer, u_int len) +{ + if (buffer->offset == buffer->end) { + buffer->offset = 0; + buffer->end = 0; + } + restart: + if (buffer->end + len < buffer->alloc) + return (1); + if (buffer_compact(buffer)) + goto restart; + if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN) + return (1); + return (0); +} + /* Returns the number of bytes of data in the buffer. */ u_int diff --git a/buffer.h b/buffer.h index abdaea349..43414ae99 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.14 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.15 2006/04/16 00:48:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -23,9 +23,6 @@ typedef struct { u_int end; /* Offset of last byte containing data. */ } Buffer; -#define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0xa00000 - void buffer_init(Buffer *); void buffer_clear(Buffer *); void buffer_free(Buffer *); @@ -36,6 +33,8 @@ void *buffer_ptr(Buffer *); void buffer_append(Buffer *, const void *, u_int); void *buffer_append_space(Buffer *, u_int); +int buffer_check_alloc(Buffer *, u_int); + void buffer_get(Buffer *, void *, u_int); void buffer_consume(Buffer *, u_int); diff --git a/channels.c b/channels.c index fccb9098e..2fa997edc 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.249 2006/03/30 09:41:25 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.250 2006/04/16 00:48:52 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -747,12 +747,10 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); - /* check buffer limits */ - limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF)); - if (c->istate == CHAN_INPUT_OPEN && limit > 0 && - buffer_len(&c->input) < limit) + buffer_len(&c->input) < limit && + buffer_check_alloc(&c->input, CHAN_RBUF)) FD_SET(c->rfd, readset); if (c->ostate == CHAN_OUTPUT_OPEN || c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { -- cgit v1.2.3 From 6aa139c41ff22f9c91a934a73013265ea0a64afc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:06:20 +1000 Subject: - djm@cvs.openbsd.org 2006/04/16 00:52:55 [atomicio.c atomicio.h] introduce atomiciov() function that wraps readv/writev to retry interrupted transfers like atomicio() does for read/write; feedback deraadt@ dtucker@ stevesk@ ok deraadt@ --- ChangeLog | 7 ++++++- atomicio.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- atomicio.h | 18 +++++++++++++++++- 3 files changed, 77 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3abc2b68..812312bd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,11 @@ channels code can use to propsectivly check whether an incremental allocation will succeed. bz #1131, debugged with the assistance of cove AT wildpackets.com; ok dtucker@ deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:52:55 + [atomicio.c atomicio.h] + introduce atomiciov() function that wraps readv/writev to retry + interrupted transfers like atomicio() does for read/write; + feedback deraadt@ dtucker@ stevesk@ ok deraadt@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4537,4 +4542,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4307 2006/04/23 02:06:03 djm Exp $ +$Id: ChangeLog,v 1.4308 2006/04/23 02:06:20 djm Exp $ diff --git a/atomicio.c b/atomicio.c index 996beff2f..de5363aa3 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,5 +1,6 @@ -/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.18 2006/04/16 00:52:55 djm Exp $ */ /* + * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. * All rights reserved. @@ -59,3 +60,55 @@ atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) } return (pos); } + +/* + * ensure all of data on socket comes through. f==readv || f==writev + */ +size_t +atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, + const struct iovec *_iov, int iovcnt) +{ + size_t pos = 0, rem; + ssize_t res; + struct iovec iov_array[IOV_MAX], *iov = iov_array; + + if (iovcnt > IOV_MAX) { + errno = EINVAL; + return 0; + } + /* Make a copy of the iov array because we may modify it below */ + memcpy(iov, _iov, iovcnt * sizeof(*_iov)); + + for (; iovcnt > 0 && iov[0].iov_len > 0;) { + res = (f) (fd, iov, iovcnt); + switch (res) { + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + return 0; + case 0: + errno = EPIPE; + return pos; + default: + rem = (size_t)res; + pos += rem; + /* skip completed iov entries */ + while (iovcnt > 0 && rem >= iov[0].iov_len) { + rem -= iov[0].iov_len; + iov++; + iovcnt--; + } + /* This shouldn't happen... */ + if (rem > iov[0].iov_len || (rem > 0 && iovcnt <= 0)) { + errno = EFAULT; + return 0; + } + if (iovcnt == 0) + break; + /* update pointer in partially complete iov */ + iov[0].iov_base = ((char *)iov[0].iov_base) + rem; + iov[0].iov_len -= rem; + } + } + return pos; +} diff --git a/atomicio.h b/atomicio.h index ddb63ee85..03bf065e2 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,6 +1,7 @@ -/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: atomicio.h,v 1.8 2006/04/16 00:52:55 djm Exp $ */ /* + * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. * All rights reserved. * @@ -25,9 +26,24 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef _ATOMICIO_H +#define _ATOMICIO_H + +#include +#include +#include + /* * Ensure all of data on socket comes through. f==read || f==vwrite */ size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); #define vwrite (ssize_t (*)(int, void *, size_t))write + +/* + * ensure all of data on socket comes through. f==readv || f==writev + */ +size_t atomiciov(ssize_t (*)(int, const struct iovec *, int), + int, const struct iovec *, int); + +#endif /* _ATOMICIO_H */ -- cgit v1.2.3 From 58ca98bfe12b65f4d445dc05b422f672c51caa4b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:06:35 +1000 Subject: - djm@cvs.openbsd.org 2006/04/16 00:54:10 [sftp-client.c] avoid making a tiny 4-byte write to send the packet length of sftp commands, which would result in a separate tiny packet on the wire by using atomiciov(writev, ...) to write the length and the command in one pass; ok deraadt@ --- ChangeLog | 8 +++++++- sftp-client.c | 13 ++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 812312bd9..0a597a4fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,12 @@ introduce atomiciov() function that wraps readv/writev to retry interrupted transfers like atomicio() does for read/write; feedback deraadt@ dtucker@ stevesk@ ok deraadt@ + - djm@cvs.openbsd.org 2006/04/16 00:54:10 + [sftp-client.c] + avoid making a tiny 4-byte write to send the packet length of sftp + commands, which would result in a separate tiny packet on the wire by + using atomiciov(writev, ...) to write the length and the command in one + pass; ok deraadt@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4542,4 +4548,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4308 2006/04/23 02:06:20 djm Exp $ +$Id: ChangeLog,v 1.4309 2006/04/23 02:06:35 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index c71c66f33..8778439b9 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.64 2006/03/30 09:58:16 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.65 2006/04/16 00:54:10 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -61,16 +61,19 @@ static void send_msg(int fd, Buffer *m) { u_char mlen[4]; + struct iovec iov[2]; if (buffer_len(m) > SFTP_MAX_MSG_LENGTH) fatal("Outbound message too long %u", buffer_len(m)); /* Send length first */ put_u32(mlen, buffer_len(m)); - if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen)) - fatal("Couldn't send packet: %s", strerror(errno)); - - if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m)) + iov[0].iov_base = mlen; + iov[0].iov_len = sizeof(mlen); + iov[1].iov_base = buffer_ptr(m); + iov[1].iov_len = buffer_len(m); + + if (atomiciov(writev, fd, iov, 2) != buffer_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); buffer_clear(m); -- cgit v1.2.3 From b5ea7e7c037be2702fa1664b762aff2e019dcb0e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:06:49 +1000 Subject: - djm@cvs.openbsd.org 2006/04/16 07:59:00 [atomicio.c] reorder sanity test so that it cannot dereference past the end of the iov array; well spotted canacar@! --- ChangeLog | 6 +++++- atomicio.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a597a4fe..b2a607098 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,10 @@ commands, which would result in a separate tiny packet on the wire by using atomiciov(writev, ...) to write the length and the command in one pass; ok deraadt@ + - djm@cvs.openbsd.org 2006/04/16 07:59:00 + [atomicio.c] + reorder sanity test so that it cannot dereference past the end of the + iov array; well spotted canacar@! 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4548,4 +4552,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4309 2006/04/23 02:06:35 djm Exp $ +$Id: ChangeLog,v 1.4310 2006/04/23 02:06:49 djm Exp $ diff --git a/atomicio.c b/atomicio.c index de5363aa3..3939785df 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.18 2006/04/16 00:52:55 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.19 2006/04/16 07:59:00 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -99,7 +99,7 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, iovcnt--; } /* This shouldn't happen... */ - if (rem > iov[0].iov_len || (rem > 0 && iovcnt <= 0)) { + if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) { errno = EFAULT; return 0; } -- cgit v1.2.3 From 58629fad824ebe0a10974930778beff455f41aea Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:08:19 +1000 Subject: - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 [bufaux.c bufbn.c] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@ --- ChangeLog | 8 ++- bufaux.c | 165 +------------------------------------------------ bufbn.c | 209 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 217 insertions(+), 165 deletions(-) create mode 100644 bufbn.c diff --git a/ChangeLog b/ChangeLog index b2a607098..551845a5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,12 @@ [atomicio.c] reorder sanity test so that it cannot dereference past the end of the iov array; well spotted canacar@! + - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 + [bufaux.c bufbn.c] + Move Buffer bignum functions into their own file, bufbn.c. This means + that sftp and sftp-server (which use the Buffer functions in bufaux.c + but not the bignum ones) no longer need to be linked with libcrypto. + ok markus@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4552,4 +4558,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4310 2006/04/23 02:06:49 djm Exp $ +$Id: ChangeLog,v 1.4311 2006/04/23 02:08:19 djm Exp $ diff --git a/bufaux.c b/bufaux.c index 4f9a89881..4c9cb662c 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.41 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.42 2006/04/18 10:44:28 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,169 +45,6 @@ #include "log.h" #include "misc.h" -/* - * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed - * by (bits+7)/8 bytes of binary data, msb first. - */ -int -buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) -{ - int bits = BN_num_bits(value); - int bin_size = (bits + 7) / 8; - u_char *buf = xmalloc(bin_size); - int oi; - char msg[2]; - - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf); - if (oi != bin_size) { - error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bin_size); - xfree(buf); - return (-1); - } - - /* Store the number of bits in the buffer in two bytes, msb first. */ - put_u16(msg, bits); - buffer_append(buffer, msg, 2); - /* Store the binary data. */ - buffer_append(buffer, buf, oi); - - memset(buf, 0, bin_size); - xfree(buf); - - return (0); -} - -void -buffer_put_bignum(Buffer *buffer, const BIGNUM *value) -{ - if (buffer_put_bignum_ret(buffer, value) == -1) - fatal("buffer_put_bignum: buffer error"); -} - -/* - * Retrieves an BIGNUM from the buffer. - */ -int -buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) -{ - u_int bits, bytes; - u_char buf[2], *bin; - - /* Get the number for bits. */ - if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { - error("buffer_get_bignum_ret: invalid length"); - return (-1); - } - bits = get_u16(buf); - /* Compute the number of binary bytes that follow. */ - bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) { - error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); - return (-1); - } - if (buffer_len(buffer) < bytes) { - error("buffer_get_bignum_ret: input buffer too small"); - return (-1); - } - bin = buffer_ptr(buffer); - BN_bin2bn(bin, bytes, value); - if (buffer_consume_ret(buffer, bytes) == -1) { - error("buffer_get_bignum_ret: buffer_consume failed"); - return (-1); - } - return (0); -} - -void -buffer_get_bignum(Buffer *buffer, BIGNUM *value) -{ - if (buffer_get_bignum_ret(buffer, value) == -1) - fatal("buffer_get_bignum: buffer error"); -} - -/* - * Stores an BIGNUM in the buffer in SSH2 format. - */ -int -buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) -{ - u_int bytes; - u_char *buf; - int oi; - u_int hasnohigh = 0; - - if (BN_is_zero(value)) { - buffer_put_int(buffer, 0); - return 0; - } - if (value->neg) { - error("buffer_put_bignum2_ret: negative numbers not supported"); - return (-1); - } - bytes = BN_num_bytes(value) + 1; /* extra padding byte */ - if (bytes < 2) { - error("buffer_put_bignum2_ret: BN too small"); - return (-1); - } - buf = xmalloc(bytes); - buf[0] = 0x00; - /* Get the value of in binary */ - oi = BN_bn2bin(value, buf+1); - if (oi < 0 || (u_int)oi != bytes - 1) { - error("buffer_put_bignum2_ret: BN_bn2bin() failed: " - "oi %d != bin_size %d", oi, bytes); - xfree(buf); - return (-1); - } - hasnohigh = (buf[1] & 0x80) ? 0 : 1; - buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); - memset(buf, 0, bytes); - xfree(buf); - return (0); -} - -void -buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) -{ - if (buffer_put_bignum2_ret(buffer, value) == -1) - fatal("buffer_put_bignum2: buffer error"); -} - -int -buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) -{ - u_int len; - u_char *bin; - - if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { - error("buffer_get_bignum2_ret: invalid bignum"); - return (-1); - } - - if (len > 0 && (bin[0] & 0x80)) { - error("buffer_get_bignum2_ret: negative numbers not supported"); - xfree(bin); - return (-1); - } - if (len > 8 * 1024) { - error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); - xfree(bin); - return (-1); - } - BN_bin2bn(bin, len, value); - xfree(bin); - return (0); -} - -void -buffer_get_bignum2(Buffer *buffer, BIGNUM *value) -{ - if (buffer_get_bignum2_ret(buffer, value) == -1) - fatal("buffer_get_bignum2: buffer error"); -} - /* * Returns integers from the buffer (msb first). */ diff --git a/bufbn.c b/bufbn.c new file mode 100644 index 000000000..56f4f6d5b --- /dev/null +++ b/bufbn.c @@ -0,0 +1,209 @@ +/* $OpenBSD: bufbn.c,v 1.1 2006/04/18 10:44:28 dtucker Exp $*/ +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * Auxiliary functions for storing and retrieving various data types to/from + * Buffers. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + * + * + * SSH2 packet format added by Markus Friedl + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include "bufaux.h" +#include "xmalloc.h" +#include "log.h" +#include "misc.h" + +/* + * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed + * by (bits+7)/8 bytes of binary data, msb first. + */ +int +buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) +{ + int bits = BN_num_bits(value); + int bin_size = (bits + 7) / 8; + u_char *buf = xmalloc(bin_size); + int oi; + char msg[2]; + + /* Get the value of in binary */ + oi = BN_bn2bin(value, buf); + if (oi != bin_size) { + error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", + oi, bin_size); + xfree(buf); + return (-1); + } + + /* Store the number of bits in the buffer in two bytes, msb first. */ + put_u16(msg, bits); + buffer_append(buffer, msg, 2); + /* Store the binary data. */ + buffer_append(buffer, buf, oi); + + memset(buf, 0, bin_size); + xfree(buf); + + return (0); +} + +void +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum_ret(buffer, value) == -1) + fatal("buffer_put_bignum: buffer error"); +} + +/* + * Retrieves an BIGNUM from the buffer. + */ +int +buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) +{ + u_int bits, bytes; + u_char buf[2], *bin; + + /* Get the number for bits. */ + if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { + error("buffer_get_bignum_ret: invalid length"); + return (-1); + } + bits = get_u16(buf); + /* Compute the number of binary bytes that follow. */ + bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) { + error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); + return (-1); + } + if (buffer_len(buffer) < bytes) { + error("buffer_get_bignum_ret: input buffer too small"); + return (-1); + } + bin = buffer_ptr(buffer); + BN_bin2bn(bin, bytes, value); + if (buffer_consume_ret(buffer, bytes) == -1) { + error("buffer_get_bignum_ret: buffer_consume failed"); + return (-1); + } + return (0); +} + +void +buffer_get_bignum(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum_ret(buffer, value) == -1) + fatal("buffer_get_bignum: buffer error"); +} + +/* + * Stores an BIGNUM in the buffer in SSH2 format. + */ +int +buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) +{ + u_int bytes; + u_char *buf; + int oi; + u_int hasnohigh = 0; + + if (BN_is_zero(value)) { + buffer_put_int(buffer, 0); + return 0; + } + if (value->neg) { + error("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); + } + bytes = BN_num_bytes(value) + 1; /* extra padding byte */ + if (bytes < 2) { + error("buffer_put_bignum2_ret: BN too small"); + return (-1); + } + buf = xmalloc(bytes); + buf[0] = 0x00; + /* Get the value of in binary */ + oi = BN_bn2bin(value, buf+1); + if (oi < 0 || (u_int)oi != bytes - 1) { + error("buffer_put_bignum2_ret: BN_bn2bin() failed: " + "oi %d != bin_size %d", oi, bytes); + xfree(buf); + return (-1); + } + hasnohigh = (buf[1] & 0x80) ? 0 : 1; + buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); + memset(buf, 0, bytes); + xfree(buf); + return (0); +} + +void +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum2_ret(buffer, value) == -1) + fatal("buffer_put_bignum2: buffer error"); +} + +int +buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) +{ + u_int len; + u_char *bin; + + if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { + error("buffer_get_bignum2_ret: invalid bignum"); + return (-1); + } + + if (len > 0 && (bin[0] & 0x80)) { + error("buffer_get_bignum2_ret: negative numbers not supported"); + xfree(bin); + return (-1); + } + if (len > 8 * 1024) { + error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); + xfree(bin); + return (-1); + } + BN_bin2bn(bin, len, value); + xfree(bin); + return (0); +} + +void +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum2_ret(buffer, value) == -1) + fatal("buffer_get_bignum2: buffer error"); +} -- cgit v1.2.3 From 97c91f688fa8f8d67bbe2e0aa0feb912fc3c00ef Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:08:37 +1000 Subject: - djm@cvs.openbsd.org 2006/04/20 09:27:09 [auth.h clientloop.c dispatch.c dispatch.h kex.h] replace the last non-sig_atomic_t flag used in a signal handler with a sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@ --- ChangeLog | 7 ++++++- auth.h | 4 ++-- clientloop.c | 4 ++-- dispatch.c | 4 ++-- dispatch.h | 4 ++-- kex.h | 4 ++-- 6 files changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 551845a5a..8131cd6cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,11 @@ that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@ + - djm@cvs.openbsd.org 2006/04/20 09:27:09 + [auth.h clientloop.c dispatch.c dispatch.h kex.h] + replace the last non-sig_atomic_t flag used in a signal handler with a + sig_atomic_t, unfortunately with some knock-on effects in other (non- + signal) contexts in which it is used; ok markus@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4558,4 +4563,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4311 2006/04/23 02:08:19 djm Exp $ +$Id: ChangeLog,v 1.4312 2006/04/23 02:08:37 djm Exp $ diff --git a/auth.h b/auth.h index c69de34e5..adbfdd2e5 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.52 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.53 2006/04/20 09:27:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -48,7 +48,7 @@ typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; struct Authctxt { - int success; + sig_atomic_t success; int postponed; /* authentication needs another step */ int valid; /* user exists and is allowed to login */ int attempt; diff --git a/clientloop.c b/clientloop.c index 7745c4dd8..d317b79f4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.161 2006/03/25 18:30:55 deraadt Exp $ */ +/* $OpenBSD: clientloop.c,v 1.162 2006/04/20 09:27:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -131,7 +131,7 @@ static volatile sig_atomic_t received_signal = 0; static int in_non_blocking_mode = 0; /* Common data for the client loop code. */ -static int quit_pending; /* Set to non-zero to quit the client loop. */ +static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ static int escape_char; /* Escape character. */ static int escape_pending; /* Last character was the escape character */ static int last_was_cr; /* Last character was a newline. */ diff --git a/dispatch.c b/dispatch.c index eac07b1b3..4f965a62d 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.18 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: dispatch.c,v 1.19 2006/04/20 09:27:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -76,7 +76,7 @@ dispatch_set(int type, dispatch_fn *fn) dispatch[type] = fn; } void -dispatch_run(int mode, int *done, void *ctxt) +dispatch_run(int mode, volatile sig_atomic_t *done, void *ctxt) { for (;;) { int type; diff --git a/dispatch.h b/dispatch.h index b33288f66..4bca8a5a0 100644 --- a/dispatch.h +++ b/dispatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: dispatch.h,v 1.11 2006/04/20 09:27:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -33,6 +33,6 @@ typedef void dispatch_fn(int, u_int32_t, void *); void dispatch_init(dispatch_fn *); void dispatch_set(int, dispatch_fn *); void dispatch_range(u_int, u_int, dispatch_fn *); -void dispatch_run(int, int *, void *); +void dispatch_run(int, volatile sig_atomic_t *, void *); void dispatch_protocol_error(int, u_int32_t, void *); void dispatch_protocol_ignore(int, u_int32_t, void *); diff --git a/kex.h b/kex.h index 597b54810..137c3d8eb 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.41 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.42 2006/04/20 09:27:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -114,7 +114,7 @@ struct Kex { int kex_type; Buffer my; Buffer peer; - int done; + sig_atomic_t done; int flags; const EVP_MD *evp_md; char *client_version_string; -- cgit v1.2.3 From 56e5e6ad115e9f9e072237a6cc95997d610d1bc0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:08:59 +1000 Subject: - markus@cvs.openbsd.org 2006/04/20 09:47:59 [sshconnect.c] simplify; ok djm@ --- ChangeLog | 5 ++++- sshconnect.c | 29 +++++++++-------------------- 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8131cd6cf..552e780ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,9 @@ replace the last non-sig_atomic_t flag used in a signal handler with a sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@ + - markus@cvs.openbsd.org 2006/04/20 09:47:59 + [sshconnect.c] + simplify; ok djm@ 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4563,4 +4566,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4312 2006/04/23 02:08:37 djm Exp $ +$Id: ChangeLog,v 1.4313 2006/04/23 02:08:59 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 5cf107794..5f2ad1cfa 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.180 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.181 2006/04/20 09:47:59 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -306,17 +306,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, fatal("%s: %.100s: %s", __progname, host, gai_strerror(gaierr)); - /* - * Try to connect several times. On some machines, the first time - * will sometimes fail. In general socket code appears to behave - * quite magically on many machines. - */ - for (attempt = 0; ;) { + for (attempt = 0; attempt < connection_attempts; attempt++) { if (attempt > 0) debug("Trying again..."); - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ + /* + * Loop through addresses for this host, and try each one in + * sequence until the connection succeeds. + */ for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; @@ -343,21 +340,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, } else { debug("connect to address %s port %s: %s", ntop, strport, strerror(errno)); - /* - * Close the failed socket; there appear to - * be some problems when reusing a socket for - * which connect() has already returned an - * error. - */ close(sock); + sock = -1; } } - if (ai) + if (sock != -1) break; /* Successful connection. */ - attempt++; - if (attempt >= connection_attempts) - break; /* Sleep a moment before retrying. */ sleep(1); } @@ -365,7 +354,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, freeaddrinfo(aitop); /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) { + if (sock == -1) { error("ssh: connect to host %s port %s: %s", host, strport, strerror(errno)); return (-1); -- cgit v1.2.3 From 525a0b090fc03d38bb760c858a5a5958cd0bc276 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:10:49 +1000 Subject: - djm@cvs.openbsd.org 2006/04/20 21:53:44 [includes.h session.c sftp.c] Switch from using pipes to socketpairs for communication between sftp/scp and ssh, and between sshd and its subprocesses. This saves a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this decision on a per-platform basis) --- ChangeLog | 9 ++++++++- includes.h | 2 +- session.c | 2 +- sftp.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 552e780ee..02e675c4e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,13 @@ - markus@cvs.openbsd.org 2006/04/20 09:47:59 [sshconnect.c] simplify; ok djm@ + - djm@cvs.openbsd.org 2006/04/20 21:53:44 + [includes.h session.c sftp.c] + Switch from using pipes to socketpairs for communication between + sftp/scp and ssh, and between sshd and its subprocesses. This saves + a file descriptor per session and apparently makes userland ppp over + ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this + decision on a per-platform basis) 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4566,4 +4573,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4313 2006/04/23 02:08:59 djm Exp $ +$Id: ChangeLog,v 1.4314 2006/04/23 02:10:49 djm Exp $ diff --git a/includes.h b/includes.h index 00076f639..c038f410e 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.39 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: includes.h,v 1.40 2006/04/20 21:53:44 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/session.c b/session.c index bba3fa21f..caf750ab4 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.202 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: session.c,v 1.203 2006/04/20 21:53:44 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved diff --git a/sftp.c b/sftp.c index 31b71db2b..0cc3a470e 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.80 2006/03/27 23:15:46 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.81 2006/04/20 21:53:44 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * -- cgit v1.2.3 From 2282c6e305ab16f116133428da64f9f292afd04f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:11:57 +1000 Subject: - djm@cvs.openbsd.org 2006/04/22 04:06:51 [uidswap.c] use setres[ug]id() to permanently revoke privileges; ok deraadt@ (ID Sync only - portable already uses setres[ug]id() whenever possible) --- ChangeLog | 6 +++++- uidswap.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 02e675c4e..861e97b8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,10 @@ a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this decision on a per-platform basis) + - djm@cvs.openbsd.org 2006/04/22 04:06:51 + [uidswap.c] + use setres[ug]id() to permanently revoke privileges; ok deraadt@ + (ID Sync only - portable already uses setres[ug]id() whenever possible) 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4573,4 +4577,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4314 2006/04/23 02:10:49 djm Exp $ +$Id: ChangeLog,v 1.4315 2006/04/23 02:11:57 djm Exp $ diff --git a/uidswap.c b/uidswap.c index 6208be5bd..6dc1680db 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.26 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 08d4b0ca5d6534c1efdf16aa3cfe353eb2b41130 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:12:24 +1000 Subject: - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 [crc32.c] remove extra spaces --- ChangeLog | 5 ++++- crc32.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 861e97b8a..a1c6df163 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,9 @@ [uidswap.c] use setres[ug]id() to permanently revoke privileges; ok deraadt@ (ID Sync only - portable already uses setres[ug]id() whenever possible) + - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 + [crc32.c] + remove extra spaces 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4577,4 +4580,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4315 2006/04/23 02:11:57 djm Exp $ +$Id: ChangeLog,v 1.4316 2006/04/23 02:12:24 djm Exp $ diff --git a/crc32.c b/crc32.c index 2da6360bd..c192eb4d6 100644 --- a/crc32.c +++ b/crc32.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crc32.c,v 1.10 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -99,7 +99,7 @@ ssh_crc32(const u_char *buf, u_int32_t size) u_int32_t i, crc; crc = 0; - for (i = 0; i < size; i++) + for (i = 0; i < size; i++) crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8); return crc; } -- cgit v1.2.3 From f53429bebf0cc5e00f117f5602a30c58b55d7018 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:15:08 +1000 Subject: - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 [bufaux.c bufbn.c Makefile.in] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@ --- Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.in b/Makefile.in index 9bc25e7a7..10be20d3f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.277 2006/04/22 11:26:08 djm Exp $ +# $Id: Makefile.in,v 1.278 2006/04/23 02:15:08 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -63,7 +63,7 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) -LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ +LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ -- cgit v1.2.3 From 2bdd1c117c82ecbf1949e39fcaf984e5fdd6d911 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:28:53 +1000 Subject: - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get sig_atomic_t --- ChangeLog | 4 +++- auth.h | 2 ++ dispatch.h | 3 +++ kex.h | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a1c6df163..eaeab4897 100644 --- a/ChangeLog +++ b/ChangeLog @@ -69,6 +69,8 @@ - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 [crc32.c] remove extra spaces + - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get + sig_atomic_t 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4580,4 +4582,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4316 2006/04/23 02:12:24 djm Exp $ +$Id: ChangeLog,v 1.4317 2006/04/23 02:28:53 djm Exp $ diff --git a/auth.h b/auth.h index adbfdd2e5..5f9fb6f10 100644 --- a/auth.h +++ b/auth.h @@ -28,6 +28,8 @@ #ifndef AUTH_H #define AUTH_H +#include + #include "key.h" #include "hostfile.h" #include "buffer.h" diff --git a/dispatch.h b/dispatch.h index 4bca8a5a0..3e3d1a1ad 100644 --- a/dispatch.h +++ b/dispatch.h @@ -23,6 +23,9 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include + enum { DISPATCH_BLOCK, DISPATCH_NONBLOCK diff --git a/kex.h b/kex.h index 137c3d8eb..a4a8af33e 100644 --- a/kex.h +++ b/kex.h @@ -26,6 +26,7 @@ #ifndef KEX_H #define KEX_H +#include #include #include "buffer.h" #include "cipher.h" -- cgit v1.2.3 From 7b50b2030b8f2a1de46f0f89c491afcdca43230b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 23 Apr 2006 12:31:27 +1000 Subject: missing file --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index eaeab4897..145cea8a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,7 +42,7 @@ reorder sanity test so that it cannot dereference past the end of the iov array; well spotted canacar@! - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 - [bufaux.c bufbn.c] + [bufaux.c bufbn.c Makefile.in] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. @@ -4582,4 +4582,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4317 2006/04/23 02:28:53 djm Exp $ +$Id: ChangeLog,v 1.4318 2006/04/23 02:31:27 djm Exp $ -- cgit v1.2.3 From 596d33801f6d703c1e45c74df6f6d6fe7ee085bb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 3 May 2006 19:01:09 +1000 Subject: - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h and double including it on IRIX 5.3 causes problems. From Georg Schwarz, "no objections" tim@ --- ChangeLog | 7 ++++++- packet.c | 1 - 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 145cea8a6..49e831187 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060503 + - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h + and double including it on IRIX 5.3 causes problems. From Georg Schwarz, + "no objections" tim@ + 20060423 - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 @@ -4582,4 +4587,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4318 2006/04/23 02:31:27 djm Exp $ +$Id: ChangeLog,v 1.4319 2006/05/03 09:01:09 dtucker Exp $ diff --git a/packet.c b/packet.c index ea0a82e21..bc0baf3fc 100644 --- a/packet.c +++ b/packet.c @@ -40,7 +40,6 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -#include #include #include "xmalloc.h" -- cgit v1.2.3 From d8093e49bf06813a8c97cbc90810f4863388af77 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 4 May 2006 16:24:34 +1000 Subject: - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@ --- ChangeLog | 9 ++++++++- auth-pam.c | 14 +++++++------- groupaccess.c | 4 ++-- monitor.c | 2 +- monitor_wrap.c | 7 +++++-- openbsd-compat/bsd-cygwin_util.c | 2 +- openbsd-compat/setproctitle.c | 2 +- scard-opensc.c | 4 +++- session.c | 2 +- ssh-rand-helper.c | 3 +-- sshd.c | 2 +- 11 files changed, 31 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49e831187..fe0536a78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060504 + - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c + session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c + openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) + in Portable-only code; since calloc zeros, remove now-redundant memsets. + Also add a couple of sanity checks. With & ok djm@ + 20060503 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h and double including it on IRIX 5.3 causes problems. From Georg Schwarz, @@ -4587,4 +4594,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4319 2006/05/03 09:01:09 dtucker Exp $ +$Id: ChangeLog,v 1.4320 2006/05/04 06:24:34 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index c12f413e7..5ddc8bec3 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -288,7 +288,10 @@ import_environments(Buffer *b) /* Import environment from subprocess */ num_env = buffer_get_int(b); - sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); + if (num_env > 1024) + fatal("%s: received %u environment variables, expected <= 1024", + __func__, num_env); + sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); debug3("PAM: num env strings %d", num_env); for(i = 0; i < num_env; i++) sshpam_env[i] = buffer_get_string(b, NULL); @@ -335,9 +338,8 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); - if ((reply = malloc(n * sizeof(*reply))) == NULL) + if ((reply = calloc(n, sizeof(*reply))) == NULL) return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); buffer_init(&buffer); for (i = 0; i < n; ++i) { @@ -533,9 +535,8 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); - if ((reply = malloc(n * sizeof(*reply))) == NULL) + if ((reply = calloc(n, sizeof(*reply))) == NULL) return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { @@ -935,9 +936,8 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) return (PAM_CONV_ERR); - if ((reply = malloc(n * sizeof(*reply))) == NULL) + if ((reply = calloc(n, sizeof(*reply))) == NULL) return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { diff --git a/groupaccess.c b/groupaccess.c index 83c573def..2a85cb375 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -52,8 +52,8 @@ ga_init(const char *user, gid_t base) ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); #endif - groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid)); - groups_byname = xmalloc(ngroups * sizeof(*groups_byname)); + groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid)); + groups_byname = xcalloc(ngroups, sizeof(*groups_byname)); if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) logit("getgrouplist: groups list too small"); diff --git a/monitor.c b/monitor.c index 894523da3..4b8287d85 100644 --- a/monitor.c +++ b/monitor.c @@ -924,7 +924,7 @@ mm_answer_pam_respond(int sock, Buffer *m) sshpam_authok = NULL; num = buffer_get_int(m); if (num > 0) { - resp = xmalloc(num * sizeof(char *)); + resp = xcalloc(num, sizeof(char *)); for (i = 0; i < num; ++i) resp[i] = buffer_get_string(m, NULL); ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); diff --git a/monitor_wrap.c b/monitor_wrap.c index 8cfc8cc08..332652895 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -776,8 +776,11 @@ mm_sshpam_query(void *ctx, char **name, char **info, *name = buffer_get_string(&m, NULL); *info = buffer_get_string(&m, NULL); *num = buffer_get_int(&m); - *prompts = xmalloc((*num + 1) * sizeof(char *)); - *echo_on = xmalloc((*num + 1) * sizeof(u_int)); + if (*num > PAM_MAX_NUM_MSG) + fatal("%s: recieved %u PAM messages, expected <= %u", + __func__, *num, PAM_MAX_NUM_MSG); + *prompts = xcalloc((*num + 1), sizeof(char *)); + *echo_on = xcalloc((*num + 1), sizeof(u_int)); for (i = 0; i < *num; ++i) { (*prompts)[i] = buffer_get_string(&m, NULL); (*echo_on)[i] = buffer_get_int(&m); diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 8f3acee26..b408dde2d 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -268,7 +268,7 @@ fetch_windows_environment(void) char **e, **p; unsigned int i, idx = 0; - p = xmalloc((WENV_SIZ + 1) * sizeof(char *)); + p = xcalloc(WENV_SIZ + 1, sizeof(char *)); for (e = environ; *e != NULL; ++e) { for (i = 0; i < WENV_SIZ; ++i) { if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 6e2b19bb4..95b662e4d 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -80,7 +80,7 @@ compat_init_setproctitle(int argc, char *argv[]) /* Fail if we can't allocate room for the new environment */ for (i = 0; envp[i] != NULL; i++) ; - if ((environ = malloc(sizeof(*environ) * (i + 1))) == NULL) { + if ((environ = calloc(i + 1, sizeof(*environ))) == NULL) { environ = envp; /* put it back */ return; } diff --git a/scard-opensc.c b/scard-opensc.c index dd2c28df2..7a496dff8 100644 --- a/scard-opensc.c +++ b/scard-opensc.c @@ -455,7 +455,9 @@ sc_get_keys(const char *id, const char *pin) } key_count = r; } - keys = xmalloc(sizeof(Key *) * (key_count*2+1)); + if (key_count > 1024) + fatal("Too many keys (%u), expected <= 1024", key_count); + keys = xcalloc(key_count * 2 + 1, sizeof(Key *)); for (i = 0; i < key_count; i++) { sc_pkcs15_object_t *tmp_obj = NULL; cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; diff --git a/session.c b/session.c index caf750ab4..87e7ee6e3 100644 --- a/session.c +++ b/session.c @@ -984,7 +984,7 @@ do_setup_env(Session *s, const char *shell) /* Initialize the environment. */ envsize = 100; - env = xmalloc(envsize * sizeof(char *)); + env = xcalloc(envsize, sizeof(char *)); env[0] = NULL; #ifdef HAVE_CYGWIN diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 662f70080..3a4a165fa 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -674,8 +674,7 @@ prng_read_commands(char *cmdfilename) } num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); - memset(entcmd, '\0', num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t)); /* Read in file */ cur_cmd = linenum = 0; diff --git a/sshd.c b/sshd.c index a206db245..e707cf654 100644 --- a/sshd.c +++ b/sshd.c @@ -921,7 +921,7 @@ main(int ac, char **av) /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; - saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1)); + saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); for (i = 0; i < ac; i++) saved_argv[i] = xstrdup(av[i]); saved_argv[i] = NULL; -- cgit v1.2.3 From 232b76f9f8b883db9ff7e7a3a9942ad7a28119e0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 6 May 2006 17:41:51 +1000 Subject: - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ --- ChangeLog | 10 +++++++++- authfile.c | 8 ++++++-- authfile.h | 4 ++-- ssh.c | 8 ++++---- sshconnect1.c | 13 +++++++------ sshconnect2.c | 12 +++++++----- 6 files changed, 35 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index fe0536a78..d99a94176 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20050506 + - (dtucker) OpenBSD CVS Syn + - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 + [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] + Prevent ssh from trying to open private keys with bad permissions more than + once or prompting for their passphrases (which it subsequently ignores + anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ + 20060504 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c @@ -4594,4 +4602,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4320 2006/05/04 06:24:34 dtucker Exp $ +$Id: ChangeLog,v 1.4321 2006/05/06 07:41:51 dtucker Exp $ diff --git a/authfile.c b/authfile.c index b95b9470b..b1a28528f 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -538,7 +538,7 @@ key_perm_ok(int fd, const char *filename) Key * key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp) + char **commentp, int *perm_ok) { int fd; @@ -546,10 +546,14 @@ key_load_private_type(int type, const char *filename, const char *passphrase, if (fd < 0) return NULL; if (!key_perm_ok(fd, filename)) { + if (perm_ok != NULL) + *perm_ok = 0; error("bad permissions: ignore key: %s", filename); close(fd); return NULL; } + if (perm_ok != NULL) + *perm_ok = 1; switch (type) { case KEY_RSA1: return key_load_private_rsa1(fd, filename, passphrase, diff --git a/authfile.h b/authfile.h index 967f582d4..a6c74934d 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.12 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -19,7 +19,7 @@ int key_save_private(Key *, const char *, const char *, const char *); Key *key_load_public(const char *, char **); Key *key_load_public_type(int, const char *, char **); Key *key_load_private(const char *, const char *, char **); -Key *key_load_private_type(int, const char *, const char *, char **); +Key *key_load_private_type(int, const char *, const char *, char **, int *); Key *key_load_private_pem(int, int, const char *, char **); int key_perm_ok(int, const char *); diff --git a/ssh.c b/ssh.c index 5eddd41d5..01303dc97 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -693,11 +693,11 @@ main(int ac, char **av) PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, NULL); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); sensitive_data.keys[2] = key_load_private_type(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL); + _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && diff --git a/sshconnect1.c b/sshconnect1.c index 9b86c7ce1..5467f04bf 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -197,7 +197,7 @@ try_rsa_authentication(int idx) BIGNUM *challenge; Key *public, *private; char buf[300], *passphrase, *comment, *authfile; - int i, type, quit; + int i, perm_ok = 1, type, quit; public = options.identity_keys[idx]; authfile = options.identity_files[idx]; @@ -243,15 +243,16 @@ try_rsa_authentication(int idx) if (public->flags & KEY_FLAG_EXT) private = public; else - private = key_load_private_type(KEY_RSA1, authfile, "", NULL); - if (private == NULL && !options.batch_mode) { + private = key_load_private_type(KEY_RSA1, authfile, "", NULL, + &perm_ok); + if (private == NULL && !options.batch_mode && perm_ok) { snprintf(buf, sizeof(buf), "Enter passphrase for RSA key '%.100s': ", comment); for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(buf, 0); if (strcmp(passphrase, "") != 0) { private = key_load_private_type(KEY_RSA1, - authfile, passphrase, NULL); + authfile, passphrase, NULL, NULL); quit = 0; } else { debug2("no passphrase given, try next key"); @@ -268,7 +269,7 @@ try_rsa_authentication(int idx) xfree(comment); if (private == NULL) { - if (!options.batch_mode) + if (!options.batch_mode && perm_ok) error("Bad passphrase."); /* Send a dummy response packet to avoid protocol error. */ diff --git a/sshconnect2.c b/sshconnect2.c index a826ad0f4..6fdcf8a1c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.152 2006/04/25 08:02:27 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -970,14 +970,16 @@ load_identity_file(char *filename) { Key *private; char prompt[300], *passphrase; - int quit, i; + int perm_ok, quit, i; struct stat st; if (stat(filename, &st) < 0) { debug3("no such identity: %s", filename); return NULL; } - private = key_load_private_type(KEY_UNSPEC, filename, "", NULL); + private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); + if (!perm_ok) + return NULL; if (private == NULL) { if (options.batch_mode) return NULL; @@ -986,8 +988,8 @@ load_identity_file(char *filename) for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(prompt, 0); if (strcmp(passphrase, "") != 0) { - private = key_load_private_type(KEY_UNSPEC, filename, - passphrase, NULL); + private = key_load_private_type(KEY_UNSPEC, + filename, passphrase, NULL, NULL); quit = 0; } else { debug2("no passphrase given, try next key"); -- cgit v1.2.3 From 31cde6828d7772c5ea06c882a17c06fc42845d79 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 6 May 2006 17:43:33 +1000 Subject: - djm@cvs.openbsd.org 2006/05/04 14:55:23 [dh.c] tighter DH exponent checks here too; feedback and ok markus@ --- ChangeLog | 5 ++++- dh.c | 21 +++++++++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d99a94176..2fe39cb25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ + - djm@cvs.openbsd.org 2006/05/04 14:55:23 + [dh.c] + tighter DH exponent checks here too; feedback and ok markus@ 20060504 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c @@ -4602,4 +4605,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4321 2006/05/06 07:41:51 dtucker Exp $ +$Id: ChangeLog,v 1.4322 2006/05/06 07:43:33 dtucker Exp $ diff --git a/dh.c b/dh.c index b32a7efb5..b3f4ceef1 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */ +/* $OpenBSD: dh.c,v 1.36 2006/05/04 14:55:23 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -181,19 +181,36 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) int i; int n = BN_num_bits(dh_pub); int bits_set = 0; + BIGNUM *tmp; if (dh_pub->neg) { logit("invalid public DH value: negativ"); return 0; } + if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ + logit("invalid public DH value: <= 1"); + return 0; + } + + if ((tmp = BN_new()) == NULL) + return (-1); + if (!BN_sub(tmp, dh->p, BN_value_one()) || + BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ + BN_clear_free(tmp); + logit("invalid public DH value: >= p-1"); + return 0; + } + BN_clear_free(tmp); + for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ - if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) + if (bits_set > 1) return 1; + logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); return 0; } -- cgit v1.2.3 From f779f672eb8914b3221396afd476ccc708b91b8d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 6 May 2006 17:48:48 +1000 Subject: - djm@cvs.openbsd.org 2006/04/01 05:37:46 [OVERVIEW] $OpenBSD$ in here too --- ChangeLog | 5 ++++- OVERVIEW | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2fe39cb25..e55280a4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ - djm@cvs.openbsd.org 2006/05/04 14:55:23 [dh.c] tighter DH exponent checks here too; feedback and ok markus@ + - djm@cvs.openbsd.org 2006/04/01 05:37:46 + [OVERVIEW] + $OpenBSD$ in here too 20060504 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c @@ -4605,4 +4608,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4322 2006/05/06 07:43:33 dtucker Exp $ +$Id: ChangeLog,v 1.4323 2006/05/06 07:48:48 dtucker Exp $ diff --git a/OVERVIEW b/OVERVIEW index d1a768c10..64b6f75fa 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -162,8 +162,8 @@ these programs. - There are several other files in the distribution that contain various auxiliary routines: ssh.h the main header file for ssh (various definitions) - getput.h byte-order independent storage of integers includes.h includes most system headers. Lots of #ifdefs. - tildexpand.c expand tilde in file names uidswap.c uid-swapping xmalloc.c "safe" malloc routines + +$OpenBSD: OVERVIEW,v 1.10 2006/04/01 05:37:46 djm Exp $ -- cgit v1.2.3 From 43ff44e7dbe28d913506df2673550e91b8003ca6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 6 May 2006 18:40:53 +1000 Subject: - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 [auth-krb5.c] Add $OpenBSD$ in comment here too --- ChangeLog | 5 ++++- auth-krb5.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e55280a4d..1e1bfade5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ - djm@cvs.openbsd.org 2006/04/01 05:37:46 [OVERVIEW] $OpenBSD$ in here too + - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 + [auth-krb5.c] + Add $OpenBSD$ in comment here too 20060504 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c @@ -4608,4 +4611,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4323 2006/05/06 07:48:48 dtucker Exp $ +$Id: ChangeLog,v 1.4324 2006/05/06 08:40:53 dtucker Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index 8bdc64edf..7bce7778b 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -1,3 +1,4 @@ +/* $OpenBSD: auth-krb5.c,v 1.18 2006/05/06 08:35:40 dtucker Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * -- cgit v1.2.3 From 13c539a4dcfa7a7fb34bbd43478aa913e27b8ba6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 15 May 2006 17:15:56 +1000 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of _res, prevents problems on some platforms that have _res as a global but don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by georg.schwarz at freenet.de, ok djm@. --- ChangeLog | 8 +++++++- openbsd-compat/getrrsetbyname.c | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1e1bfade5..0a9110633 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050515 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of + _res, prevents problems on some platforms that have _res as a global but + don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by + georg.schwarz at freenet.de, ok djm@. + 20050506 - (dtucker) OpenBSD CVS Syn - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 @@ -4611,4 +4617,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4324 2006/05/06 08:40:53 dtucker Exp $ +$Id: ChangeLog,v 1.4325 2006/05/15 07:15:56 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index bea6aea3b..8dc744703 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -60,6 +60,10 @@ extern int h_errno; # undef _THREAD_PRIVATE #endif #define _THREAD_PRIVATE(a,b,c) (c) + +/* to avoid conflicts where a platform already has _res */ +#define _res _compat_res + struct __res_state _res; /* Necessary functions and macros */ -- cgit v1.2.3 From cefd8bb36d307a671fbbe5358d94c97910edf7c6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 15 May 2006 17:17:29 +1000 Subject: - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative default. Patch originally from tim@, ok djm --- ChangeLog | 4 +++- defines.h | 12 +++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a9110633..a26f06323 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ _res, prevents problems on some platforms that have _res as a global but don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by georg.schwarz at freenet.de, ok djm@. + - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative + default. Patch originally from tim@, ok djm 20050506 - (dtucker) OpenBSD CVS Syn @@ -4617,4 +4619,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4325 2006/05/15 07:15:56 dtucker Exp $ +$Id: ChangeLog,v 1.4326 2006/05/15 07:17:29 dtucker Exp $ diff --git a/defines.h b/defines.h index 9ecf18d5a..f2fdd3cad 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.131 2006/03/15 02:02:28 djm Exp $ */ +/* $Id: defines.h,v 1.132 2006/05/15 07:17:30 dtucker Exp $ */ /* Constants */ @@ -731,6 +731,16 @@ struct winsize { # undef HAVE_MMAP #endif +#ifndef IOV_MAX +# if defined(_XOPEN_IOV_MAX) +# define IOV_MAX _XOPEN_IOV_MAX +# elif defined(DEF_IOV_MAX) +# define IOV_MAX DEF_IOV_MAX +# else +# define IOV_MAX 16 +# endif +#endif + /* some system headers on HP-UX define YES/NO */ #ifdef YES # undef YES -- cgit v1.2.3 From 2c77b7f1c14795012db49b46d70fa423bdc09a80 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 15 May 2006 17:22:33 +1000 Subject: - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and do not allow kbdint again after the PAM account check fails. ok djm@ --- ChangeLog | 4 +++- auth-pam.c | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index a26f06323..0a7212f59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ georg.schwarz at freenet.de, ok djm@. - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative default. Patch originally from tim@, ok djm + - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and + do not allow kbdint again after the PAM account check fails. ok djm@ 20050506 - (dtucker) OpenBSD CVS Syn @@ -4619,4 +4621,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4326 2006/05/15 07:17:29 dtucker Exp $ +$Id: ChangeLog,v 1.4327 2006/05/15 07:22:33 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 5ddc8bec3..16e7c21e3 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -445,8 +445,10 @@ sshpam_thread(void *ctxtp) goto auth_fail; if (compat20) { - if (!do_pam_account()) + if (!do_pam_account()) { + sshpam_err = PAM_ACCT_EXPIRED; goto auth_fail; + } if (sshpam_authctxt->force_pwchange) { sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK); @@ -488,7 +490,10 @@ sshpam_thread(void *ctxtp) buffer_put_cstring(&buffer, pam_strerror(sshpam_handle, sshpam_err)); /* XXX - can't do much about an error here */ - ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); + if (sshpam_err == PAM_ACCT_EXPIRED) + ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); + else + ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); pthread_exit(NULL); @@ -643,8 +648,11 @@ sshpam_init_ctx(Authctxt *authctxt) int socks[2]; debug3("PAM: %s entering", __func__); - /* Refuse to start if we don't have PAM enabled */ - if (!options.use_pam) + /* + * Refuse to start if we don't have PAM enabled or do_pam_account + * has previously failed. + */ + if (!options.use_pam || sshpam_account_status == 0) return NULL; /* Initialize PAM */ @@ -721,8 +729,11 @@ sshpam_query(void *ctx, char **name, char **info, plen++; xfree(msg); break; + case PAM_ACCT_EXPIRED: + sshpam_account_status = 0; + /* FALLTHROUGH */ case PAM_AUTH_ERR: - debug3("PAM: PAM_AUTH_ERR"); + debug3("PAM: %s", pam_strerror(sshpam_handle, type)); if (**prompts != NULL && strlen(**prompts) != 0) { *info = **prompts; **prompts = NULL; -- cgit v1.2.3 From 73373877db052f11bf73349e8ce3d698105b109b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 15 May 2006 17:24:25 +1000 Subject: typo --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a7212f59..ea73cf2ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,7 @@ do not allow kbdint again after the PAM account check fails. ok djm@ 20050506 - - (dtucker) OpenBSD CVS Syn + - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] Prevent ssh from trying to open private keys with bad permissions more than @@ -4621,4 +4621,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4327 2006/05/15 07:22:33 dtucker Exp $ +$Id: ChangeLog,v 1.4328 2006/05/15 07:24:25 dtucker Exp $ -- cgit v1.2.3 From f58b29d51508057e729cd142396e28505bae50ab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 May 2006 22:24:56 +1000 Subject: - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file pointer leak. From kjhall at us.ibm.com, found by coverity. --- ChangeLog | 6 +++++- ssh-rand-helper.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea73cf2ac..8dc22c86b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050517 + - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file + pointer leak. From kjhall at us.ibm.com, found by coverity. + 20050515 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of _res, prevents problems on some platforms that have _res as a global but @@ -4621,4 +4625,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4328 2006/05/15 07:24:25 dtucker Exp $ +$Id: ChangeLog,v 1.4329 2006/05/17 12:24:56 dtucker Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 3a4a165fa..d88a246eb 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -573,7 +573,8 @@ prng_write_seedfile(void) /* Try to ensure that the parent directory is there */ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); - mkdir(filename, 0700); + if (mkdir(filename, 0700) < 0) + fatal("mkdir: %s", strerror(errno)); snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); @@ -782,6 +783,7 @@ prng_read_commands(char *cmdfilename) debug("Loaded %d entropy commands from %.100s", cur_cmd, cmdfilename); + fclose(f); return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0; } -- cgit v1.2.3 From f14b2aa6725f93dce537a0d693d3562c53a85b19 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 May 2006 18:26:40 +1000 Subject: - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor and slave, we can remove the special-case handling in the audit hook in auth_log. --- ChangeLog | 13 +++++++++---- auth.c | 38 ++------------------------------------ monitor.c | 2 ++ 3 files changed, 13 insertions(+), 40 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8dc22c86b..767208bf3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,13 @@ -20050517 +20060521 + - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor + and slave, we can remove the special-case handling in the audit hook in + auth_log. + +20060517 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file pointer leak. From kjhall at us.ibm.com, found by coverity. -20050515 +20060515 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of _res, prevents problems on some platforms that have _res as a global but don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by @@ -12,7 +17,7 @@ - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and do not allow kbdint again after the PAM account check fails. ok djm@ -20050506 +20060506 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] @@ -4625,4 +4630,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4329 2006/05/17 12:24:56 dtucker Exp $ +$Id: ChangeLog,v 1.4330 2006/05/21 08:26:40 dtucker Exp $ diff --git a/auth.c b/auth.c index e43c81658..ffa94e886 100644 --- a/auth.c +++ b/auth.c @@ -271,42 +271,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) get_canonical_hostname(options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS - if (authenticated == 0 && !authctxt->postponed) { - ssh_audit_event_t event; - - debug3("audit failed auth attempt, method %s euid %d", - method, (int)geteuid()); - /* - * Because the auth loop is used in both monitor and slave, - * we must be careful to send each event only once and with - * enough privs to write the event. - */ - event = audit_classify_auth(method); - switch(event) { - case SSH_AUTH_FAIL_NONE: - case SSH_AUTH_FAIL_PASSWD: - case SSH_AUTH_FAIL_KBDINT: - if (geteuid() == 0) - audit_event(event); - break; - case SSH_AUTH_FAIL_PUBKEY: - case SSH_AUTH_FAIL_HOSTBASED: - case SSH_AUTH_FAIL_GSSAPI: - /* - * This is required to handle the case where privsep - * is enabled but it's root logging in, since - * use_privsep won't be cleared until after a - * successful login. - */ - if (geteuid() == 0) - audit_event(event); - else - PRIVSEP(audit_event(event)); - break; - default: - error("unknown authentication audit event %d", event); - } - } + if (authenticated == 0 && !authctxt->postponed) + audit_event(audit_classify_auth(method)); #endif } diff --git a/monitor.c b/monitor.c index 4b8287d85..08919ddfc 100644 --- a/monitor.c +++ b/monitor.c @@ -909,6 +909,7 @@ mm_answer_pam_query(int sock, Buffer *m) xfree(prompts); if (echo_on != NULL) xfree(echo_on); + auth_method = "keyboard-interactive/pam"; mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); return (0); } @@ -951,6 +952,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) (sshpam_device.free_ctx)(sshpam_ctxt); buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); + auth_method = "keyboard-interactive/pam"; return (sshpam_authok == sshpam_ctxt); } #endif -- cgit v1.2.3 From e250a94e697134f463eb51fbe9c8a22e1973198d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 12:59:53 +1000 Subject: - djm@cvs.openbsd.org 2006/05/08 10:49:48 [sshconnect2.c] uint32_t -> u_int32_t (which we use everywhere else) (Id sync only - portable already had this) --- ChangeLog | 9 ++++++++- sshconnect2.c | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 767208bf3..6b5c74b5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060613 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/05/08 10:49:48 + [sshconnect2.c] + uint32_t -> u_int32_t (which we use everywhere else) + (Id sync only - portable already had this) + 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor and slave, we can remove the special-case handling in the audit hook in @@ -4630,4 +4637,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4330 2006/05/21 08:26:40 dtucker Exp $ +$Id: ChangeLog,v 1.4331 2006/06/13 02:59:53 djm Exp $ diff --git a/sshconnect2.c b/sshconnect2.c index 6fdcf8a1c..53cf25762 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.152 2006/04/25 08:02:27 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * -- cgit v1.2.3 From 24fd8ddd61bbbb4d1a5accb9b8bf640904e12be5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:00:09 +1000 Subject: - markus@cvs.openbsd.org 2006/05/16 09:00:00 [clientloop.c] missing free; from Kylene Hall --- ChangeLog | 5 ++++- clientloop.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6b5c74b5a..a4579b916 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [sshconnect2.c] uint32_t -> u_int32_t (which we use everywhere else) (Id sync only - portable already had this) + - markus@cvs.openbsd.org 2006/05/16 09:00:00 + [clientloop.c] + missing free; from Kylene Hall 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4637,4 +4640,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4331 2006/06/13 02:59:53 djm Exp $ +$Id: ChangeLog,v 1.4332 2006/06/13 03:00:09 djm Exp $ diff --git a/clientloop.c b/clientloop.c index d317b79f4..a9572134a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.162 2006/04/20 09:27:09 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.163 2006/05/16 09:00:00 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -844,6 +844,7 @@ client_process_control(fd_set *readset) debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__, cctx->want_tty, cctx->want_subsys, cmd); + xfree(cmd); /* Gather fds from client */ new_fd[0] = mm_receive_fd(client_fd); -- cgit v1.2.3 From 40b5985fe0b2b8e0b78d7bf7f19bcab6018f0a64 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:00:25 +1000 Subject: - markus@cvs.openbsd.org 2006/05/17 12:43:34 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] fix leak; coverity via Kylene Jo Hall --- ChangeLog | 5 ++++- scp.c | 6 ++++-- sftp.c | 5 ++--- ssh-agent.c | 4 ++-- ssh-keygen.c | 6 ++++-- sshconnect.c | 3 ++- 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4579b916..ff7e97ceb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - markus@cvs.openbsd.org 2006/05/16 09:00:00 [clientloop.c] missing free; from Kylene Hall + - markus@cvs.openbsd.org 2006/05/17 12:43:34 + [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] + fix leak; coverity via Kylene Jo Hall 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4640,4 +4643,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4332 2006/06/13 03:00:09 djm Exp $ +$Id: ChangeLog,v 1.4333 2006/06/13 03:00:25 djm Exp $ diff --git a/scp.c b/scp.c index 2778f8f80..e5332972c 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.141 2006/04/01 05:50:29 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.142 2006/05/17 12:43:34 markus Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -193,7 +193,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) * Reserve two descriptors so that the real pipes won't get * descriptors 0 and 1 because that will screw up dup2 below. */ - pipe(reserved); + if (pipe(reserved) < 0) + fatal("pipe: %s", strerror(errno)); /* Create a socket pair for communicating with ssh. */ if (pipe(pin) < 0) @@ -499,6 +500,7 @@ toremote(char *targ, int argc, char **argv) source(1, argv + i); } } + xfree(arg); } void diff --git a/sftp.c b/sftp.c index 0cc3a470e..22fa6ad2a 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.81 2006/04/20 21:53:44 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.82 2006/05/17 12:43:34 markus Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -548,6 +548,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) if (g.gl_matchc == 1 && dst) { /* If directory specified, append filename */ + xfree(tmp); if (is_dir(dst)) { if (infer_path(g.gl_pathv[0], &tmp)) { err = 1; @@ -572,8 +573,6 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) out: xfree(abs_src); - if (abs_dst) - xfree(abs_dst); globfree(&g); return(err); } diff --git a/ssh-agent.c b/ssh-agent.c index 681c30235..656e399d4 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.137 2006/03/30 09:58:16 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.138 2006/05/17 12:43:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -315,8 +315,8 @@ process_sign_request2(SocketEntry *e) Identity *id = lookup_identity(key, 2); if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); + key_free(key); } - key_free(key); buffer_init(&msg); if (ok == 0) { buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); diff --git a/ssh-keygen.c b/ssh-keygen.c index ef417514a..e06ae1a52 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.143 2006/03/30 11:05:17 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.144 2006/05/17 12:43:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -514,8 +514,10 @@ do_fingerprint(struct passwd *pw) xfree(fp); exit(0); } - if (comment) + if (comment) { xfree(comment); + comment = NULL; + } f = fopen(identity_file, "r"); if (f != NULL) { diff --git a/sshconnect.c b/sshconnect.c index 5f2ad1cfa..e855f1926 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.181 2006/04/20 09:47:59 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -928,6 +928,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, ssh_kex(host, hostaddr); ssh_userauth1(local_user, server_user, host, sensitive); } + xfree(local_user); } void -- cgit v1.2.3 From ad6b14d274762b466746519205aec9faae2f3cc3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:00:41 +1000 Subject: - miod@cvs.openbsd.org 2006/05/18 21:27:25 [kexdhc.c kexgexc.c] paramter -> parameter --- ChangeLog | 5 ++++- kexdhc.c | 4 ++-- kexgexc.c | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ff7e97ceb..ae7b7562e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - markus@cvs.openbsd.org 2006/05/17 12:43:34 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] fix leak; coverity via Kylene Jo Hall + - miod@cvs.openbsd.org 2006/05/18 21:27:25 + [kexdhc.c kexgexc.c] + paramter -> parameter 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4643,4 +4646,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4333 2006/06/13 03:00:25 djm Exp $ +$Id: ChangeLog,v 1.4334 2006/06/13 03:00:41 djm Exp $ diff --git a/kexdhc.c b/kexdhc.c index 1f1c5ea4f..f5f01196f 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.6 2006/05/18 21:27:25 miod Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -82,7 +82,7 @@ kexdh_client(Kex *kex) if (kex->verify_host_key(server_host_key) == -1) fatal("server_host_key verification failed"); - /* DH paramter f, server public DH key */ + /* DH parameter f, server public DH key */ if ((dh_server_pub = BN_new()) == NULL) fatal("dh_server_pub == NULL"); packet_get_bignum2(dh_server_pub); diff --git a/kexgexc.c b/kexgexc.c index f871f972e..9da184488 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.6 2006/05/18 21:27:25 miod Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -120,7 +120,7 @@ kexgex_client(Kex *kex) if (kex->verify_host_key(server_host_key) == -1) fatal("server_host_key verification failed"); - /* DH paramter f, server public DH key */ + /* DH parameter f, server public DH key */ if ((dh_server_pub = BN_new()) == NULL) fatal("dh_server_pub == NULL"); packet_get_bignum2(dh_server_pub); -- cgit v1.2.3 From 658f9455386fb81d03429a00976986ac18ba4d5e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:00:55 +1000 Subject: - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 [ssh_config.5] Add gssapi-with-mic to PreferredAuthentications default list; ok jmc --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae7b7562e..54f18b659 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - miod@cvs.openbsd.org 2006/05/18 21:27:25 [kexdhc.c kexgexc.c] paramter -> parameter + - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 + [ssh_config.5] + Add gssapi-with-mic to PreferredAuthentications default list; ok jmc 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4646,4 +4649,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4334 2006/06/13 03:00:41 djm Exp $ +$Id: ChangeLog,v 1.4335 2006/06/13 03:00:55 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 7744e95f9..5f66cd9d8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.92 2006/03/31 09:13:56 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.93 2006/05/29 12:54:08 dtucker Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -678,7 +678,7 @@ This allows a client to prefer one method (e.g.\& over another method (e.g.\& .Cm password ) The default for this option is: -.Dq hostbased,publickey,keyboard-interactive,password . +.Dq gssapi-with-mic,hostbased,publickey,keyboard-interactive,password . .It Cm Protocol Specifies the protocol versions .Xr ssh 1 -- cgit v1.2.3 From 81a38928eb2728efb36e970259dde8f108c08db7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:01:09 +1000 Subject: - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 [ssh_config] Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample ssh_config. ok markus@ --- ChangeLog | 6 +++++- ssh_config | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 54f18b659..0d9449ec6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 [ssh_config.5] Add gssapi-with-mic to PreferredAuthentications default list; ok jmc + - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 + [ssh_config] + Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample + ssh_config. ok markus@ 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4649,4 +4653,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4335 2006/06/13 03:00:55 djm Exp $ +$Id: ChangeLog,v 1.4336 2006/06/13 03:01:09 djm Exp $ diff --git a/ssh_config b/ssh_config index 7bc8762d6..177521caa 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ +# $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -24,6 +24,8 @@ # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any -- cgit v1.2.3 From 3c6ed7bbd569a33d31533587e41b8ff87d282de0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:01:41 +1000 Subject: - jmc@cvs.openbsd.org 2006/05/29 16:10:03 [ssh_config.5] oops - previous was too long; split the list of auths up --- ChangeLog | 9 ++++++--- ssh_config.5 | 9 +++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0d9449ec6..d130a420f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,8 +18,11 @@ Add gssapi-with-mic to PreferredAuthentications default list; ok jmc - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 [ssh_config] - Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample - ssh_config. ok markus@ + Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in + sample ssh_config. ok markus@ + - jmc@cvs.openbsd.org 2006/05/29 16:10:03 + [ssh_config.5] + oops - previous was too long; split the list of auths up 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4653,4 +4656,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4336 2006/06/13 03:01:09 djm Exp $ +$Id: ChangeLog,v 1.4337 2006/06/13 03:01:41 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 5f66cd9d8..0d40fd63e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.93 2006/05/29 12:54:08 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -678,7 +678,12 @@ This allows a client to prefer one method (e.g.\& over another method (e.g.\& .Cm password ) The default for this option is: -.Dq gssapi-with-mic,hostbased,publickey,keyboard-interactive,password . +.Do gssapi-with-mic , +hostbased, +publickey, +keyboard-interactive, +password +.Dc . .It Cm Protocol Specifies the protocol versions .Xr ssh 1 -- cgit v1.2.3 From fbc94c857a263bbee6580b6229502dcea0250c14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:03:16 +1000 Subject: - jmc@cvs.openbsd.org 2006/05/29 16:13:23 [ssh.1] add GSSAPI to the list of authentication methods supported; --- ChangeLog | 9 ++++++++- ssh.1 | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d130a420f..8124065c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,13 @@ - jmc@cvs.openbsd.org 2006/05/29 16:10:03 [ssh_config.5] oops - previous was too long; split the list of auths up + - mk@cvs.openbsd.org 2006/05/30 11:46:38 + [ssh-add.c] + Sync usage() with man page and reality. + ok deraadt dtucker + - jmc@cvs.openbsd.org 2006/05/29 16:13:23 + [ssh.1] + add GSSAPI to the list of authentication methods supported; 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4656,4 +4663,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4337 2006/06/13 03:01:41 djm Exp $ +$Id: ChangeLog,v 1.4338 2006/06/13 03:03:16 djm Exp $ diff --git a/ssh.1 b/ssh.1 index dab09c84e..874a5d2fe 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.259 2006/03/22 21:16:24 jakob Exp $ +.\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -666,6 +666,7 @@ Protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. .Pp The methods available for authentication are: +GSSAPI-based authentication, host-based authentication, public key authentication, challenge-response authentication, -- cgit v1.2.3 From 7b1e757b28a19eafd5f834307ea7c4493210095d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:03:34 +1000 Subject: - mk@cvs.openbsd.org 2006/05/30 11:46:38 [ssh-add.c] Sync usage() with man page and reality. ok deraadt dtucker --- ChangeLog | 6 +++++- ssh-add.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8124065c3..0557b0fdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ - jmc@cvs.openbsd.org 2006/05/29 16:13:23 [ssh.1] add GSSAPI to the list of authentication methods supported; + - mk@cvs.openbsd.org 2006/05/30 11:46:38 + [ssh-add.c] + Sync usage() with man page and reality. + ok deraadt dtucker 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4663,4 +4667,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4338 2006/06/13 03:03:16 djm Exp $ +$Id: ChangeLog,v 1.4339 2006/06/13 03:03:34 djm Exp $ diff --git a/ssh-add.c b/ssh-add.c index ff85af031..836cb5f9c 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.79 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.80 2006/05/30 11:46:38 mk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -299,7 +299,7 @@ do_file(AuthenticationConnection *ac, int deleting, char *file) static void usage(void) { - fprintf(stderr, "Usage: %s [options]\n", __progname); + fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname); fprintf(stderr, "Options:\n"); fprintf(stderr, " -l List fingerprints of all identities.\n"); fprintf(stderr, " -L List public key parameters of all identities.\n"); -- cgit v1.2.3 From eb13e556e58a52a3ff0c734a8690ad41686cf92c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:03:53 +1000 Subject: - markus@cvs.openbsd.org 2006/06/01 09:21:48 [sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@ --- ChangeLog | 6 +++++- sshd.c | 10 ++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0557b0fdb..7dfcb45e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,10 @@ [ssh-add.c] Sync usage() with man page and reality. ok deraadt dtucker + - markus@cvs.openbsd.org 2006/06/01 09:21:48 + [sshd.c] + call get_remote_ipaddr() early; fixes logging after client disconnects; + report mpf@; ok dtucker@ 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4667,4 +4671,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4339 2006/06/13 03:03:34 djm Exp $ +$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $ diff --git a/sshd.c b/sshd.c index e707cf654..2bdda7298 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.330 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.331 2006/06/01 09:21:48 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1671,7 +1671,13 @@ main(int ac, char **av) * We use get_canonical_hostname with usedns = 0 instead of * get_remote_ipaddr here so IP options will be checked. */ - remote_ip = get_canonical_hostname(0); + (void) get_canonical_hostname(0); + /* + * The rest of the code depends on the fact that + * get_remote_ipaddr() caches the remote ip, even if + * the socket goes away. + */ + remote_ip = get_remote_ipaddr(); #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); -- cgit v1.2.3 From 6b4069ad563ce578cbfa6f90e76b462d26483e67 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:05:15 +1000 Subject: - markus@cvs.openbsd.org 2006/06/06 10:20:20 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm --- ChangeLog | 6 +++++- readpass.c | 6 +++--- sshconnect.c | 5 ++--- sshconnect.h | 22 +++++++++++++--------- sshconnect2.c | 6 +++--- uidswap.c | 4 +++- 6 files changed, 29 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7dfcb45e5..7c30a33ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,10 @@ [sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@ + - markus@cvs.openbsd.org 2006/06/06 10:20:20 + [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] + replace remaining setuid() calls with permanently_set_uid() and + check seteuid() return values; report Marcus Meissner; ok dtucker djm 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4671,4 +4675,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $ +$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $ diff --git a/readpass.c b/readpass.c index c3d36a028..60e4a902f 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include "pathnames.h" #include "log.h" #include "ssh.h" +#include "uidswap.h" static char * ssh_askpass(char *askpass, const char *msg) @@ -60,8 +61,7 @@ ssh_askpass(char *askpass, const char *msg) return NULL; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); diff --git a/sshconnect.c b/sshconnect.c index e855f1926..41ad82f9f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -97,8 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) char *argv[10]; /* Child. Permanently give up superuser privileges. */ - seteuid(original_real_uid); - setuid(original_real_uid); + permanently_set_uid(getpwuid(original_real_uid)); /* Redirect stdin and stdout. */ close(pin[1]); diff --git a/sshconnect.h b/sshconnect.h index 3786ba56e..692d27567 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -54,16 +54,20 @@ int ssh_local_cmd(const char *); /* * Macros to raise/lower permissions. */ -#define PRIV_START do { \ - int save_errno = errno; \ - (void)seteuid(original_effective_uid); \ - errno = save_errno; \ +#define PRIV_START do { \ + int save_errno = errno; \ + if (seteuid(original_effective_uid) != 0) \ + fatal("PRIV_START: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) -#define PRIV_END do { \ - int save_errno = errno; \ - (void)seteuid(original_real_uid); \ - errno = save_errno; \ +#define PRIV_END do { \ + int save_errno = errno; \ + if (seteuid(original_real_uid) != 0) \ + fatal("PRIV_END: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) #endif diff --git a/sshconnect2.c b/sshconnect2.c index 53cf25762..c97738c7b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -53,6 +53,7 @@ #include "canohost.h" #include "msg.h" #include "pathnames.h" +#include "uidswap.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -1252,8 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, return -1; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) fatal("ssh_keysign: dup2: %s", strerror(errno)); diff --git a/uidswap.c b/uidswap.c index 6dc1680db..ba2d20942 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -169,6 +169,8 @@ permanently_set_uid(struct passwd *pw) uid_t old_uid = getuid(); gid_t old_gid = getgid(); + if (pw == NULL) + fatal("permanently_set_uid: no user given"); if (temporarily_use_uid_effective) fatal("permanently_set_uid: temporarily_use_uid effective"); debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, -- cgit v1.2.3 From 2e5fe88ebe5a09477a655a36b047063282bfd86c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:10:00 +1000 Subject: - markus@cvs.openbsd.org 2006/06/08 14:45:49 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] do not set the gid, noted by solar; ok djm --- ChangeLog | 5 ++++- readpass.c | 4 ++-- sshconnect.c | 4 ++-- sshconnect2.c | 4 ++-- uidswap.c | 37 ++++++++++++++++++++++++++++++++++++- uidswap.h | 3 ++- 6 files changed, 48 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7c30a33ac..0ce7f8c6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm + - markus@cvs.openbsd.org 2006/06/08 14:45:49 + [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] + do not set the gid, noted by solar; ok djm 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4675,4 +4678,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $ +$Id: ChangeLog,v 1.4342 2006/06/13 03:10:00 djm Exp $ diff --git a/readpass.c b/readpass.c index 60e4a902f..34d70b07a 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */ +/* $OpenBSD: readpass.c,v 1.39 2006/06/08 14:45:49 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -61,7 +61,7 @@ ssh_askpass(char *askpass, const char *msg) return NULL; } if (pid == 0) { - permanently_set_uid(getpwuid(getuid())); + permanently_drop_suid(getuid()); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); diff --git a/sshconnect.c b/sshconnect.c index 41ad82f9f..c76572662 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.184 2006/06/08 14:45:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -97,7 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) char *argv[10]; /* Child. Permanently give up superuser privileges. */ - permanently_set_uid(getpwuid(original_real_uid)); + permanently_drop_suid(original_real_uid); /* Redirect stdin and stdout. */ close(pin[1]); diff --git a/sshconnect2.c b/sshconnect2.c index c97738c7b..4f96dcfc4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.155 2006/06/08 14:45:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -1253,7 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, return -1; } if (pid == 0) { - permanently_set_uid(getpwuid(getuid())); + permanently_drop_suid(getuid()); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) fatal("ssh_keysign: dup2: %s", strerror(errno)); diff --git a/uidswap.c b/uidswap.c index ba2d20942..e5b0595ac 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */ +/* $OpenBSD: uidswap.c,v 1.29 2006/06/08 14:45:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,6 +123,41 @@ temporarily_use_uid(struct passwd *pw) strerror(errno)); } +void +permanently_drop_suid(uid_t uid) +{ + uid_t old_uid = getuid(); + + debug("permanently_drop_suid: %u", (u_int)uid); +#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) + if (setresuid(uid, uid, uid) < 0) + fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); +#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) + if (setreuid(uid, uid) < 0) + fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno)); +#else +# ifndef SETEUID_BREAKS_SETUID + if (seteuid(uid) < 0) + fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno)); +# endif + if (setuid(uid) < 0) + fatal("setuid %u: %.100s", (u_int)uid, strerror(errno)); +#endif + +#ifndef HAVE_CYGWIN + /* Try restoration of UID if changed (test clearing of saved uid) */ + if (old_uid != uid && + (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) + fatal("%s: was able to restore old [e]uid", __func__); +#endif + + /* Verify UID drop was successful */ + if (getuid() != uid || geteuid() != uid) { + fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", + __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid); + } +} + /* * Restores to the original (privileged) uid. */ diff --git a/uidswap.h b/uidswap.h index 967ea9c4d..f827782d5 100644 --- a/uidswap.h +++ b/uidswap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: uidswap.h,v 1.11 2006/06/08 14:45:49 markus Exp $ */ /* * Author: Tatu Ylonen @@ -18,5 +18,6 @@ void temporarily_use_uid(struct passwd *); void restore_uid(void); void permanently_set_uid(struct passwd *); +void permanently_drop_suid(uid_t); #endif /* UIDSWAP_H */ -- cgit v1.2.3 From a6680a4e35f08f490cba8477c990964ce9ff0a9d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:10:18 +1000 Subject: - djm@cvs.openbsd.org 2006/06/13 01:18:36 [ssh-agent.c] always use a format string, even when printing a constant - djm@cvs.openbsd.org 2006/06/13 02:17:07 [ssh-agent.c] revert; i am on drugs. spotted by alexander AT beard.se --- ChangeLog | 8 +++++++- ssh-agent.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ce7f8c6b..c8bd1ae9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,12 @@ - markus@cvs.openbsd.org 2006/06/08 14:45:49 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] do not set the gid, noted by solar; ok djm + - djm@cvs.openbsd.org 2006/06/13 01:18:36 + [ssh-agent.c] + always use a format string, even when printing a constant + - djm@cvs.openbsd.org 2006/06/13 02:17:07 + [ssh-agent.c] + revert; i am on drugs. spotted by alexander AT beard.se 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4678,4 +4684,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4342 2006/06/13 03:10:00 djm Exp $ +$Id: ChangeLog,v 1.4343 2006/06/13 03:10:18 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index 656e399d4..db3935ec7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.138 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.140 2006/06/13 02:17:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 643460803f5c8c5a9bec9455a62d8a5217699f43 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:15:54 +1000 Subject: - (djm) [getput.h] This file has been replaced by functions in misc.c --- ChangeLog | 3 ++- getput.h | 58 ---------------------------------------------------------- 2 files changed, 2 insertions(+), 59 deletions(-) delete mode 100644 getput.h diff --git a/ChangeLog b/ChangeLog index c8bd1ae9d..30cd23659 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ 20060613 + - (djm) [getput.h] This file has been replaced by functions in misc.c - OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/05/08 10:49:48 [sshconnect2.c] @@ -4684,4 +4685,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4343 2006/06/13 03:10:18 djm Exp $ +$Id: ChangeLog,v 1.4344 2006/06/13 03:15:54 djm Exp $ diff --git a/getput.h b/getput.h deleted file mode 100644 index e37c3b6aa..000000000 --- a/getput.h +++ /dev/null @@ -1,58 +0,0 @@ -/* $OpenBSD: getput.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Macros for storing and retrieving data in msb first and lsb first order. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef GETPUT_H -#define GETPUT_H - -/*------------ macros for storing/extracting msb first words -------------*/ - -#define GET_64BIT(cp) (((u_int64_t)(u_char)(cp)[0] << 56) | \ - ((u_int64_t)(u_char)(cp)[1] << 48) | \ - ((u_int64_t)(u_char)(cp)[2] << 40) | \ - ((u_int64_t)(u_char)(cp)[3] << 32) | \ - ((u_int64_t)(u_char)(cp)[4] << 24) | \ - ((u_int64_t)(u_char)(cp)[5] << 16) | \ - ((u_int64_t)(u_char)(cp)[6] << 8) | \ - ((u_int64_t)(u_char)(cp)[7])) - -#define GET_32BIT(cp) (((u_long)(u_char)(cp)[0] << 24) | \ - ((u_long)(u_char)(cp)[1] << 16) | \ - ((u_long)(u_char)(cp)[2] << 8) | \ - ((u_long)(u_char)(cp)[3])) - -#define GET_16BIT(cp) (((u_long)(u_char)(cp)[0] << 8) | \ - ((u_long)(u_char)(cp)[1])) - -#define PUT_64BIT(cp, value) do { \ - (cp)[0] = (value) >> 56; \ - (cp)[1] = (value) >> 48; \ - (cp)[2] = (value) >> 40; \ - (cp)[3] = (value) >> 32; \ - (cp)[4] = (value) >> 24; \ - (cp)[5] = (value) >> 16; \ - (cp)[6] = (value) >> 8; \ - (cp)[7] = (value); } while (0) - -#define PUT_32BIT(cp, value) do { \ - (cp)[0] = (value) >> 24; \ - (cp)[1] = (value) >> 16; \ - (cp)[2] = (value) >> 8; \ - (cp)[3] = (value); } while (0) - -#define PUT_16BIT(cp, value) do { \ - (cp)[0] = (value) >> 8; \ - (cp)[1] = (value); } while (0) - -#endif /* GETPUT_H */ -- cgit v1.2.3 From 3eb4834489426bd796da90299b2f8174b744dddd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Jun 2006 21:05:12 +1000 Subject: - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@ --- ChangeLog | 7 ++++++- INSTALL | 12 +++++++----- README.platform | 14 +++++++++++++- configure.ac | 10 ++++++++-- openbsd-compat/port-tun.c | 4 ++++ 5 files changed, 38 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 30cd23659..327fec1d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060623 + - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add + tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch + from reyk@, tested by anil@ + 20060613 - (djm) [getput.h] This file has been replaced by functions in misc.c - OpenBSD CVS Sync @@ -4685,4 +4690,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4344 2006/06/13 03:15:54 djm Exp $ +$Id: ChangeLog,v 1.4345 2006/06/23 11:05:12 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 38f39473f..efc7b47d0 100644 --- a/INSTALL +++ b/INSTALL @@ -57,9 +57,10 @@ installed. No other S/Key library is currently known to be supported. http://www.sparc.spb.su/solaris/skey/ LibEdit: -sftp now supports command-line editing via NetBSD's libedit. If your -platform has it available natively you can use that, alternatively -you might try these multi-platform ports: + +sftp supports command-line editing via NetBSD's libedit. If your platform +has it available natively you can use that, alternatively you might try +these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ @@ -210,7 +211,8 @@ for sshd, ssh and ssh-agent. ------------------------- $ make survey -[check the contents and make sure there's no sensitive information] +[check the contents of the file "survey" to ensure there's no information +that you consider sensitive] $ make send-survey This will send configuration information for the currently configured @@ -227,4 +229,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ +$Id: INSTALL,v 1.72 2006/06/23 11:05:13 dtucker Exp $ diff --git a/README.platform b/README.platform index 4c18a3278..b7dc3f91c 100644 --- a/README.platform +++ b/README.platform @@ -30,6 +30,18 @@ gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl, openssl-devel, zlib, minres, minires-devel. +Darwin and MacOS X +------------------ +Darwin does not provide a tun(4) driver required for OpenSSH-based +virtual private networks. The BSD manpage still exists, but the driver +has been removed in recent releases of Darwin and MacOS X. + +Nevertheless, tunnel support is known to work with Darwin 8 and +MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode +using a third party driver. More information is available at: + http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ + + Solaris ------- If you enable BSM auditing on Solaris, you need to update audit_event(4) @@ -55,4 +67,4 @@ account stacks which will prevent authentication entirely, but will still return the output from pam_nologin to the client. -$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $ +$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 093c17643..c3cb68f28 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.339 2006/04/22 11:26:08 djm Exp $ +# $Id: configure.ac,v 1.340 2006/06/23 11:05:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.339 $) +AC_REVISION($Revision: 1.340 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -231,6 +231,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, [Define if your resolver libs need this for getrrsetbyname]) + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_DEFINE(SSH_TUN_COMPAT_AF, 1, + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases @@ -682,6 +687,7 @@ AC_CHECK_HEADERS( \ login.h \ maillock.h \ ndir.h \ + net/if_tun.h \ netdb.h \ netgroup.h \ pam/pam_appl.h \ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index d09fe3d06..6e1fed969 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -29,6 +29,7 @@ * settings. * * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device * SSH_TUN_COMPAT_AF Translate the OpenBSD address family * SSH_TUN_PREPEND_AF Prepend/remove the address family */ @@ -96,7 +97,10 @@ sys_tun_open(int tun, int mode) #ifdef SSH_TUN_FREEBSD #include #include + +#ifdef HAVE_NET_IF_TUN_H #include +#endif int sys_tun_open(int tun, int mode) -- cgit v1.2.3 From 9afe115f0ac738204d4edb66b9353a765826ae46 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Jun 2006 21:24:12 +1000 Subject: - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes on the pty slave as zero-length reads on the pty master, which sshd interprets as the descriptor closing. Since most things don't do zero length writes this rarely matters, but occasionally it happens, and when it does the SSH pty session appears to hang, so we add a special case for this condition. ok djm@ --- ChangeLog | 9 ++++++++- channels.c | 5 +++++ configure.ac | 5 +++-- serverloop.c | 10 ++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 327fec1d6..dfaa46795 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@ + - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX + 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes + on the pty slave as zero-length reads on the pty master, which sshd + interprets as the descriptor closing. Since most things don't do zero + length writes this rarely matters, but occasionally it happens, and when + it does the SSH pty session appears to hang, so we add a special case for + this condition. ok djm@ 20060613 - (djm) [getput.h] This file has been replaced by functions in misc.c @@ -4690,4 +4697,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4345 2006/06/23 11:05:12 dtucker Exp $ +$Id: ChangeLog,v 1.4346 2006/06/23 11:24:12 dtucker Exp $ diff --git a/channels.c b/channels.c index 2fa997edc..239e9dd83 100644 --- a/channels.c +++ b/channels.c @@ -1415,10 +1415,15 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) if (c->rfd != -1 && FD_ISSET(c->rfd, readset)) { + errno = 0; len = read(c->rfd, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; +#ifndef PTY_ZEROREAD if (len <= 0) { +#else + if (len < 0 || (len == 0 && errno != 0)) { +#endif debug2("channel %d: read<=0 rfd %d len %d", c->self, c->rfd, len); if (c->type != SSH_CHANNEL_OPEN) { diff --git a/configure.ac b/configure.ac index c3cb68f28..259b5c288 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.340 2006/06/23 11:05:13 dtucker Exp $ +# $Id: configure.ac,v 1.341 2006/06/23 11:24:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.340 $) +AC_REVISION($Revision: 1.341 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -190,6 +190,7 @@ case "$host" in supported by bsd-setproctitle.c]) AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, [AIX 5.2 and 5.3 (and presumably newer) require this]) + AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd]) ;; *-*-cygwin*) check_for_libcrypt_later=1 diff --git a/serverloop.c b/serverloop.c index 021ba68c0..c1eb28853 100644 --- a/serverloop.c +++ b/serverloop.c @@ -387,10 +387,15 @@ process_input(fd_set *readset) /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { + errno = 0; len = read(fdout, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ +#ifdef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if (len < 0 || (len == 0 && errno != 0)) { +#endif fdout_eof = 1; } else { buffer_append(&stdout_buffer, buf, len); @@ -399,10 +404,15 @@ process_input(fd_set *readset) } /* Read and buffer any available stderr data from the program. */ if (!fderr_eof && FD_ISSET(fderr, readset)) { + errno = 0; len = read(fderr, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ +#ifdef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if (len < 0 || (len == 0 && errno != 0)) { +#endif fderr_eof = 1; } else { buffer_append(&stderr_buffer, buf, len); -- cgit v1.2.3 From 0249f93c4d9c552cdcaf2dec7af1f2fc20fdcbaa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Jun 2006 12:10:07 +1000 Subject: - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. Works around limitation in Solaris' passwd program for changing passwords where the username is longer than 8 characters. ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index dfaa46795..b5635b423 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060624 + - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. + Works around limitation in Solaris' passwd program for changing passwords + where the username is longer than 8 characters. ok djm@ + 20060623 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch @@ -4697,4 +4702,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4346 2006/06/23 11:24:12 dtucker Exp $ +$Id: ChangeLog,v 1.4347 2006/06/24 02:10:07 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 259b5c288..f6cd7bb95 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.341 2006/06/23 11:24:13 dtucker Exp $ +# $Id: configure.ac,v 1.342 2006/06/24 02:10:07 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.341 $) +AC_REVISION($Revision: 1.342 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -410,6 +410,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SSHD_ACQUIRES_CTTY, 1, [Define if sshd somehow reacquires a controlling TTY after setsid()]) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd + in case the name is longer than 8 chars]) external_path_file=/etc/default/login # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" -- cgit v1.2.3 From 03890e44cd4814c2a9909febe5130fef722c7f4b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Jun 2006 16:58:45 +1000 Subject: - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug #1102 workaround. --- ChangeLog | 4 +++- serverloop.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b5635b423..a33bc464b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. Works around limitation in Solaris' passwd program for changing passwords where the username is longer than 8 characters. ok djm@ + - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug + #1102 workaround. 20060623 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add @@ -4702,4 +4704,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4347 2006/06/24 02:10:07 dtucker Exp $ +$Id: ChangeLog,v 1.4348 2006/06/24 06:58:45 dtucker Exp $ diff --git a/serverloop.c b/serverloop.c index c1eb28853..e370f63a3 100644 --- a/serverloop.c +++ b/serverloop.c @@ -391,7 +391,7 @@ process_input(fd_set *readset) len = read(fdout, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ -#ifdef PTY_ZEROREAD +#ifndef PTY_ZEROREAD } else if (len <= 0) { #else } else if (len < 0 || (len == 0 && errno != 0)) { @@ -408,7 +408,7 @@ process_input(fd_set *readset) len = read(fderr, buf, sizeof(buf)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) { /* do nothing */ -#ifdef PTY_ZEROREAD +#ifndef PTY_ZEROREAD } else if (len <= 0) { #else } else if (len < 0 || (len == 0 && errno != 0)) { -- cgit v1.2.3 From 144e8d60cd3dcfdbf23c6df06617adf28b1235b8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Jun 2006 08:25:25 +1000 Subject: - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys only, otherwise sshd can hang exiting non-interactive sessions. --- ChangeLog | 6 +++++- channels.c | 3 ++- serverloop.c | 6 ++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index a33bc464b..10ffed226 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060625 + - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys + only, otherwise sshd can hang exiting non-interactive sessions. + 20060624 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. Works around limitation in Solaris' passwd program for changing passwords @@ -4704,4 +4708,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4348 2006/06/24 06:58:45 dtucker Exp $ +$Id: ChangeLog,v 1.4349 2006/06/24 22:25:25 dtucker Exp $ diff --git a/channels.c b/channels.c index 239e9dd83..9642a56ee 100644 --- a/channels.c +++ b/channels.c @@ -1422,7 +1422,8 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) #ifndef PTY_ZEROREAD if (len <= 0) { #else - if (len < 0 || (len == 0 && errno != 0)) { + if ((!c->isatty && len <= 0) || + (c->isatty && (len < 0 || (len == 0 && errno != 0)))) { #endif debug2("channel %d: read<=0 rfd %d len %d", c->self, c->rfd, len); diff --git a/serverloop.c b/serverloop.c index e370f63a3..18f1a10bd 100644 --- a/serverloop.c +++ b/serverloop.c @@ -394,7 +394,8 @@ process_input(fd_set *readset) #ifndef PTY_ZEROREAD } else if (len <= 0) { #else - } else if (len < 0 || (len == 0 && errno != 0)) { + } else if ((!isatty(fdout) && len <= 0) || + (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) { #endif fdout_eof = 1; } else { @@ -411,7 +412,8 @@ process_input(fd_set *readset) #ifndef PTY_ZEROREAD } else if (len <= 0) { #else - } else if (len < 0 || (len == 0 && errno != 0)) { + } else if ((!isatty(fderr) && len <= 0) || + (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) { #endif fderr_eof = 1; } else { -- cgit v1.2.3 From 8b272ab09b722222cc4d6bb79fe6d7812c0b2f7f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 27 Jun 2006 11:20:28 +1000 Subject: - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems with autoconf 2.60. Patch from vapier at gentoo.org. --- ChangeLog | 6 +++++- configure.ac | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 10ffed226..01fa36e83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060627 + - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems + with autoconf 2.60. Patch from vapier at gentoo.org. + 20060625 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys only, otherwise sshd can hang exiting non-interactive sessions. @@ -4708,4 +4712,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4349 2006/06/24 22:25:25 dtucker Exp $ +$Id: ChangeLog,v 1.4350 2006/06/27 01:20:28 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f6cd7bb95..3179ff3e7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.342 2006/06/24 02:10:07 dtucker Exp $ +# $Id: configure.ac,v 1.343 2006/06/27 01:20:29 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.342 $) +AC_REVISION($Revision: 1.343 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1623,6 +1623,7 @@ main(void) AC_MSG_RESULT(no) AC_DEFINE(BROKEN_GETADDRINFO) ], + [ AC_MSG_RESULT(cross-compiling, assuming no) ] ) -- cgit v1.2.3 From 66c32d5caa533560a16638ab688772833e602d28 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Jun 2006 10:51:32 +1000 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf declaration too. Patch from russ at sludge.net. --- ChangeLog | 6 +++++- openbsd-compat/openbsd-compat.h | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 01fa36e83..09c459200 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060630 + - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf + declaration too. Patch from russ at sludge.net. + 20060627 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems with autoconf 2.60. Patch from vapier at gentoo.org. @@ -4712,4 +4716,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4350 2006/06/27 01:20:28 dtucker Exp $ +$Id: ChangeLog,v 1.4351 2006/06/30 00:51:32 dtucker Exp $ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index eda9c49eb..37c979fa4 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.36 2006/04/22 11:26:08 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.37 2006/06/30 00:51:32 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -154,7 +154,7 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *); /* #include XXX needed? For size_t */ #ifndef HAVE_SNPRINTF -int snprintf(char *, size_t, const char *, ...); +int snprintf(char *, size_t, SNPRINTF_CONST char *, ...); #endif #ifndef HAVE_STRTOLL -- cgit v1.2.3 From 7243f9db6034bc9fac9d9b88217cc465b3ded3ca Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Jun 2006 11:47:49 +1000 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, prevents warnings on platforms where _res is in the system headers. --- ChangeLog | 4 +++- openbsd-compat/getrrsetbyname.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 09c459200..9dad80a70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060630 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf declaration too. Patch from russ at sludge.net. + - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, + prevents warnings on platforms where _res is in the system headers. 20060627 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems @@ -4716,4 +4718,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4351 2006/06/30 00:51:32 dtucker Exp $ +$Id: ChangeLog,v 1.4352 2006/06/30 01:47:49 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 8dc744703..a855ad6d5 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -62,6 +62,9 @@ extern int h_errno; #define _THREAD_PRIVATE(a,b,c) (c) /* to avoid conflicts where a platform already has _res */ +#ifdef _res +# undef _res +#endif #define _res _compat_res struct __res_state _res; -- cgit v1.2.3 From db4c54bed101d48e0fc844e8b8d37ec025d9f50d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Jun 2006 16:20:58 +1000 Subject: - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which version. --- ChangeLog | 4 +++- INSTALL | 12 +++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9dad80a70..1b4ac886d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ declaration too. Patch from russ at sludge.net. - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, prevents warnings on platforms where _res is in the system headers. + - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which + version. 20060627 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems @@ -4718,4 +4720,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4352 2006/06/30 01:47:49 dtucker Exp $ +$Id: ChangeLog,v 1.4353 2006/06/30 06:20:58 dtucker Exp $ diff --git a/INSTALL b/INSTALL index efc7b47d0..616e0ba83 100644 --- a/INSTALL +++ b/INSTALL @@ -12,6 +12,8 @@ http://www.openssl.org/ (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 Blowfish) do not work correctly.) +The remaining items are optional. + OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard on Redhat and Debian Linux, Solaris and HP-UX 11. @@ -65,6 +67,14 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +Autoconf: + +If you modify configure.ac then you will need autoconf-2.59 to rebuild +the automatically generated files by running "autoreconf". + +http://www.gnu.org/software/autoconf/ + + 2. Building / Installation -------------------------- @@ -229,4 +239,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.72 2006/06/23 11:05:13 dtucker Exp $ +$Id: INSTALL,v 1.73 2006/06/30 06:20:59 dtucker Exp $ -- cgit v1.2.3 From daf6ff431264dc15650633c3de190cd6fa1ea710 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 5 Jul 2006 21:35:48 +1000 Subject: - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the target already exists. --- ChangeLog | 6 +++++- ssh-rand-helper.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1b4ac886d..8f7d74546 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060705 + - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the + target already exists. + 20060630 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf declaration too. Patch from russ at sludge.net. @@ -4720,4 +4724,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4353 2006/06/30 06:20:58 dtucker Exp $ +$Id: ChangeLog,v 1.4354 2006/07/05 11:35:48 dtucker Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index d88a246eb..605de72f9 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -573,8 +573,8 @@ prng_write_seedfile(void) /* Try to ensure that the parent directory is there */ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); - if (mkdir(filename, 0700) < 0) - fatal("mkdir: %s", strerror(errno)); + if (mkdir(filename, 0700) < 0 && errno != EEXIST) + fatal("mkdir %.200s: %s", filename, strerror(errno)); snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); -- cgit v1.2.3 From ee9ee9175c7fea9f98a95933256252cd7727e941 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 5 Jul 2006 22:47:21 +1000 Subject: whitespace --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8f7d74546..566571724 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4724,4 +4724,5 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4354 2006/07/05 11:35:48 dtucker Exp $ +$Id: ChangeLog,v 1.4355 2006/07/05 12:47:21 djm Exp $ + -- cgit v1.2.3 From 365e18db51c23a9894332c753ccd4e3fa35bdb25 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 5 Jul 2006 22:48:07 +1000 Subject: whitespace --- ChangeLog | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 566571724..8f57ef9b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4724,5 +4724,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4355 2006/07/05 12:47:21 djm Exp $ - +$Id: ChangeLog,v 1.4356 2006/07/05 12:48:07 djm Exp $ -- cgit v1.2.3 From bdc121279f15b13b103c15555591f784886d0011 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 6 Jul 2006 11:56:25 +1000 Subject: - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so configure would not select the correct libpath linker flags. --- ChangeLog | 7 ++++++- configure.ac | 11 ++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8f57ef9b6..e438b495f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060706 + - (dtucker) [configure.ac] Try AIX blibpath test in different order when + compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so + configure would not select the correct libpath linker flags. + 20060705 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the target already exists. @@ -4724,4 +4729,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4356 2006/07/05 12:48:07 djm Exp $ +$Id: ChangeLog,v 1.4357 2006/07/06 01:56:25 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3179ff3e7..252e7a993 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.343 2006/06/27 01:20:29 dtucker Exp $ +# $Id: configure.ac,v 1.344 2006/07/06 01:56:25 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.343 $) +AC_REVISION($Revision: 1.344 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -135,7 +135,12 @@ case "$host" in blibpath="/usr/lib:/lib" fi saved_LDFLAGS="$LDFLAGS" - for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do + if test "$GCC" = "yes"; then + flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" + else + flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," + fi + for tryflags in $flags ;do if (test -z "$blibflags"); then LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" AC_TRY_LINK([], [], [blibflags=$tryflags]) -- cgit v1.2.3 From f32f55259c1209903bac2845cf70e3464158c42d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 6 Jul 2006 19:12:08 +1000 Subject: - (dtucker) [INSTALL] A bit more info on autoconf. --- ChangeLog | 3 ++- INSTALL | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e438b495f..13102343e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so configure would not select the correct libpath linker flags. + - (dtucker) [INSTALL] A bit more info on autoconf. 20060705 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the @@ -4729,4 +4730,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4357 2006/07/06 01:56:25 dtucker Exp $ +$Id: ChangeLog,v 1.4358 2006/07/06 09:12:08 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 616e0ba83..186938c14 100644 --- a/INSTALL +++ b/INSTALL @@ -69,7 +69,8 @@ http://sourceforge.net/projects/libedit/ Autoconf: -If you modify configure.ac then you will need autoconf-2.59 to rebuild +If you modify configure.ac or configure doesn't exist (eg if you checked +the code out of CVS yourself) then you will need autoconf-2.59 to rebuild the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ @@ -239,4 +240,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.73 2006/06/30 06:20:59 dtucker Exp $ +$Id: INSTALL,v 1.74 2006/07/06 09:12:08 dtucker Exp $ -- cgit v1.2.3 From e34c96aea139680ffe8101b6527e45420811e0c0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 10 Jul 2006 12:55:24 +1000 Subject: - (dtucker) [INSTALL] New autoconf version: 2.60. --- ChangeLog | 5 ++++- INSTALL | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13102343e..b95525db2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060710 + - (dtucker) [INSTALL] New autoconf version: 2.60. + 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so @@ -4730,4 +4733,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4358 2006/07/06 09:12:08 dtucker Exp $ +$Id: ChangeLog,v 1.4359 2006/07/10 02:55:24 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 186938c14..3f0adfa1d 100644 --- a/INSTALL +++ b/INSTALL @@ -70,7 +70,7 @@ http://sourceforge.net/projects/libedit/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.59 to rebuild +the code out of CVS yourself) then you will need autoconf-2.60 to rebuild the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ @@ -240,4 +240,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.74 2006/07/06 09:12:08 dtucker Exp $ +$Id: INSTALL,v 1.75 2006/07/10 02:55:24 dtucker Exp $ -- cgit v1.2.3 From 1e88ea655634749a847c9426a08b635f6198f085 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:15:56 +1000 Subject: - OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/06/14 10:50:42 [sshconnect.c] limit the number of pre-banner characters we will accept; ok markus@ --- ChangeLog | 6 +++++- sshconnect.c | 8 +++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b95525db2..013e23e60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20060710 - (dtucker) [INSTALL] New autoconf version: 2.60. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/06/14 10:50:42 + [sshconnect.c] + limit the number of pre-banner characters we will accept; ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4733,4 +4737,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4359 2006/07/10 02:55:24 dtucker Exp $ +$Id: ChangeLog,v 1.4360 2006/07/10 10:15:56 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index c76572662..e26efa4dc 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.184 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.185 2006/06/14 10:50:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -385,10 +385,10 @@ ssh_exchange_identification(void) int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); int minor1 = PROTOCOL_MINOR_1; - u_int i; + u_int i, n; /* Read other side's version identification. */ - for (;;) { + for (n = 0;;) { for (i = 0; i < sizeof(buf) - 1; i++) { size_t len = atomicio(read, connection_in, &buf[i], 1); @@ -405,6 +405,8 @@ ssh_exchange_identification(void) buf[i + 1] = 0; break; } + if (++n > 65536) + fatal("ssh_exchange_identification: No banner received"); } buf[sizeof(buf) - 1] = 0; if (strncmp(buf, "SSH-", 4) == 0) -- cgit v1.2.3 From 43020951adc182bb98ac2b3c539fbca86622166d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:16:12 +1000 Subject: - djm@cvs.openbsd.org 2006/06/26 10:36:15 [clientloop.c] mention optional bind_address in runtime port forwarding setup command-line help. patch from santhi.amirta AT gmail.com --- ChangeLog | 6 +++++- clientloop.c | 14 +++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 013e23e60..4a3ee6670 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ - djm@cvs.openbsd.org 2006/06/14 10:50:42 [sshconnect.c] limit the number of pre-banner characters we will accept; ok markus@ + - djm@cvs.openbsd.org 2006/06/26 10:36:15 + [clientloop.c] + mention optional bind_address in runtime port forwarding setup + command-line help. patch from santhi.amirta AT gmail.com 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4737,4 +4741,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4360 2006/07/10 10:15:56 djm Exp $ +$Id: ChangeLog,v 1.4361 2006/07/10 10:16:12 djm Exp $ diff --git a/clientloop.c b/clientloop.c index a9572134a..b99ba03c0 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.163 2006/05/16 09:00:00 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.164 2006/06/26 10:36:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -925,12 +925,16 @@ process_cmdline(void) if (*s == 'h' || *s == 'H' || *s == '?') { logit("Commands:"); - logit(" -Lport:host:hostport Request local forward"); - logit(" -Rport:host:hostport Request remote forward"); - logit(" -KRhostport Cancel remote forward"); + logit(" -L[bind_address:]port:host:hostport " + "Request local forward"); + logit(" -R[bind_address:]port:host:hostport " + "Request remote forward"); + logit(" -KR[bind_address:]hostport " + "Cancel remote forward"); if (!options.permit_local_command) goto out; - logit(" !args Execute local command"); + logit(" !args " + "Execute local command"); goto out; } -- cgit v1.2.3 From 991dba43e17f7e4c8706158ecee32f2bfd18cac4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:16:27 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 [ssh.1 ssh.c ssh_config.5 sshd_config.5] more details and clarity for tun(4) device forwarding; ok and help jmc@ --- ChangeLog | 6 +++++- ssh.1 | 38 +++++++++++++++++++++++++------------- ssh.c | 4 ++-- ssh_config.5 | 38 +++++++++++++++++++++++++++++--------- sshd_config.5 | 15 +++++++++++---- 5 files changed, 72 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a3ee6670..f31d44bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ [clientloop.c] mention optional bind_address in runtime port forwarding setup command-line help. patch from santhi.amirta AT gmail.com + - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 + [ssh.1 ssh.c ssh_config.5 sshd_config.5] + more details and clarity for tun(4) device forwarding; ok and help + jmc@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4741,4 +4745,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4361 2006/07/10 10:16:12 djm Exp $ +$Id: ChangeLog,v 1.4362 2006/07/10 10:16:27 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 874a5d2fe..4067a9362 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -78,7 +78,8 @@ .Oc .Op Fl S Ar ctl_path .Bk -words -.Op Fl w Ar tunnel : Ns Ar tunnel +.Oo Fl w Ar local_tun Ns +.Op : Ns Ar remote_tun Oc .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Ek @@ -588,24 +589,35 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl w Ar tunnel : Ns Ar tunnel -Requests a +.It Fl w Xo +.Ar local_tun Ns Op : Ns Ar remote_tun +.Xc +Requests +tunnel +device forwarding with the specified .Xr tun 4 -device on the client -(first -.Ar tunnel -arg) -and server -(second -.Ar tunnel -arg). +devices between the client +.Pq Ar local_tun +and the server +.Pq Ar remote_tun . +.Pp The devices may be specified by numerical ID or the keyword .Dq any , which uses the next available tunnel device. +If +.Ar remote_tun +is not specified, it defaults to +.Dq any . See also the .Cm Tunnel -directive in +and +.Cm TunnelDevice +directives in .Xr ssh_config 5 . +If the +.Cm Tunnel +directive is unset, it is set to the default tunnel mode, which is +.Dq point-to-point . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. diff --git a/ssh.c b/ssh.c index 01303dc97..9d50e42fd 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.277 2006/07/02 17:12:58 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -176,7 +176,7 @@ usage(void) " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [-w tunnel:tunnel] [user@]hostname [command]\n" +" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" ); exit(255); } diff --git a/ssh_config.5 b/ssh_config.5 index 0d40fd63e..68ec311b2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -931,24 +931,44 @@ This is important in scripts, and many users want it too. To disable TCP keepalive messages, the value should be set to .Dq no . .It Cm Tunnel -Request starting +Request .Xr tun 4 device forwarding between the client and the server. -This option also allows requesting layer 2 (ethernet) -instead of layer 3 (point-to-point) tunneling from the server. The argument must be .Dq yes , -.Dq point-to-point , -.Dq ethernet , +.Dq point-to-point +(layer 3), +.Dq ethernet +(layer 2), or .Dq no . +Specifying +.Dq yes +requests the default tunnel mode, which is +.Dq point-to-point . The default is .Dq no . .It Cm TunnelDevice -Force a specified +Specifies the .Xr tun 4 -device on the client. -Without this option, the next available device will be used. +devices to open on the client +.Pq Ar local_tun +and the server +.Pq Ar remote_tun . +.Pp +The argument must be +.Sm off +.Ar local_tun Op : Ar remote_tun . +.Sm on +The devices may be specified by numerical ID or the keyword +.Dq any , +which uses the next available tunnel device. +If +.Ar remote_tun +is not specified, it defaults to +.Dq any . +The default is +.Dq any:any . .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be diff --git a/sshd_config.5 b/sshd_config.5 index aad28f4c8..836add94f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.57 2006/03/14 16:32:48 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.58 2006/07/02 17:12:58 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -537,10 +537,17 @@ Specifies whether device forwarding is allowed. The argument must be .Dq yes , -.Dq point-to-point , -.Dq ethernet , -or +.Dq point-to-point +(layer 3), +.Dq ethernet +(layer 2), or .Dq no . +Specifying +.Dq yes +permits both +.Dq point-to-point +and +.Dq ethernet . The default is .Dq no . .It Cm PermitUserEnvironment -- cgit v1.2.3 From 5d3ac7f7eeb8a5d060e5dcdd6f33af1cec909d96 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:17:55 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 [gss-serv-krb5.c gss-serv.c] no "servconf.h" needed here (gss-serv-krb5.c change not applied, portable needs the server options) --- ChangeLog | 6 +++++- gss-serv-krb5.c | 2 +- gss-serv.c | 3 +-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f31d44bcd..830c39487 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ [ssh.1 ssh.c ssh_config.5 sshd_config.5] more details and clarity for tun(4) device forwarding; ok and help jmc@ + - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 + [gss-serv-krb5.c gss-serv.c] + no "servconf.h" needed here + (gss-serv-krb5.c change not applied, portable needs the server options) 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4745,4 +4749,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4362 2006/07/10 10:16:27 djm Exp $ +$Id: ChangeLog,v 1.4363 2006/07/10 10:17:55 djm Exp $ diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 9b1792a62..eae29b2ae 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.5 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.6 2006/07/02 18:36:47 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/gss-serv.c b/gss-serv.c index 5e43ffe58..4ce536d99 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.17 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.18 2006/07/02 18:36:47 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -33,7 +33,6 @@ #include "log.h" #include "channels.h" #include "session.h" -#include "servconf.h" #include "xmalloc.h" #include "misc.h" -- cgit v1.2.3 From 427a1d57bb6110dcf2b8fcdcabe566b8290a942a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:20:33 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] move #include out of includes.h (portable needed uidswap.c too) --- ChangeLog | 6 +++++- groupaccess.c | 6 +++++- groupaccess.h | 4 ++-- includes.h | 2 +- session.c | 3 ++- sftp-common.c | 4 +++- sshpty.c | 3 ++- uidswap.c | 2 ++ 8 files changed, 22 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 830c39487..e2c585fc7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ [gss-serv-krb5.c gss-serv.c] no "servconf.h" needed here (gss-serv-krb5.c change not applied, portable needs the server options) + - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 + [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] + move #include out of includes.h + (portable needed uidswap.c too) 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4749,4 +4753,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4363 2006/07/10 10:17:55 djm Exp $ +$Id: ChangeLog,v 1.4364 2006/07/10 10:20:33 djm Exp $ diff --git a/groupaccess.c b/groupaccess.c index 2a85cb375..2b7117b70 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.9 2006/07/02 22:45:59 stevesk Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -25,6 +25,10 @@ #include "includes.h" +#include + +#include + #include "groupaccess.h" #include "xmalloc.h" #include "match.h" diff --git a/groupaccess.h b/groupaccess.h index 2bde125c2..b0baccfbf 100644 --- a/groupaccess.h +++ b/groupaccess.h @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.h,v 1.5 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: groupaccess.h,v 1.6 2006/07/02 22:45:59 stevesk Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. @@ -27,7 +27,7 @@ #ifndef GROUPACCESS_H #define GROUPACCESS_H -#include +#include int ga_init(const char *, gid_t); int ga_match(char * const *, int); diff --git a/includes.h b/includes.h index c038f410e..3953d91a9 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.40 2006/04/20 21:53:44 djm Exp $ */ +/* $OpenBSD: includes.h,v 1.41 2006/07/02 22:45:59 stevesk Exp $ */ /* * Author: Tatu Ylonen diff --git a/session.c b/session.c index 87e7ee6e3..3bc3651e5 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.203 2006/04/20 21:53:44 djm Exp $ */ +/* $OpenBSD: session.c,v 1.204 2006/07/02 22:45:59 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -42,6 +42,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sftp-common.c b/sftp-common.c index 2e680e9f3..8c794a05f 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.13 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.14 2006/07/02 22:45:59 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -29,6 +29,8 @@ #include #include +#include + #include "buffer.h" #include "bufaux.h" #include "log.h" diff --git a/sshpty.c b/sshpty.c index 0e49e9a16..92f86e7a1 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.19 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: sshpty.c,v 1.20 2006/07/02 22:45:59 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,7 @@ #include #include +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/uidswap.c b/uidswap.c index e5b0595ac..32441828d 100644 --- a/uidswap.c +++ b/uidswap.c @@ -14,6 +14,8 @@ #include "includes.h" +#include + #include "log.h" #include "uidswap.h" #include "xmalloc.h" -- cgit v1.2.3 From 57e8ad3f5e54101db9a0f11b19da56041cc22603 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:20:52 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 [clientloop.c ssh.1] use -KR[bind_address:]port here; ok djm@ --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- ssh.1 | 6 ++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e2c585fc7..14509b2ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] move #include out of includes.h (portable needed uidswap.c too) + - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 + [clientloop.c ssh.1] + use -KR[bind_address:]port here; ok djm@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4753,4 +4756,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4364 2006/07/10 10:20:33 djm Exp $ +$Id: ChangeLog,v 1.4365 2006/07/10 10:20:52 djm Exp $ diff --git a/clientloop.c b/clientloop.c index b99ba03c0..fb66a6e40 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.164 2006/06/26 10:36:15 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.165 2006/07/02 23:01:55 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -929,7 +929,7 @@ process_cmdline(void) "Request local forward"); logit(" -R[bind_address:]port:host:hostport " "Request remote forward"); - logit(" -KR[bind_address:]hostport " + logit(" -KR[bind_address:]port " "Cancel remote forward"); if (!options.permit_local_command) goto out; diff --git a/ssh.1 b/ssh.1 index 4067a9362..f44b6f29a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.262 2006/07/02 23:01:55 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -885,7 +885,9 @@ and options (see above). It also allows the cancellation of existing remote port-forwardings using -.Fl KR Ar hostport . +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port . +.Sm on .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand -- cgit v1.2.3 From b757677d02e37da719b92331f23e02acb7079337 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:23:39 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 [includes.h ssh.c sshconnect.c sshd.c] move #include "version.h" out of includes.h; ok markus@ --- ChangeLog | 5 ++++- includes.h | 3 +-- ssh.c | 3 ++- sshconnect.c | 3 ++- sshd.c | 3 ++- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 14509b2ac..f1f14712d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 [clientloop.c ssh.1] use -KR[bind_address:]port here; ok djm@ + - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 + [includes.h ssh.c sshconnect.c sshd.c] + move #include "version.h" out of includes.h; ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4756,4 +4759,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4365 2006/07/10 10:20:52 djm Exp $ +$Id: ChangeLog,v 1.4366 2006/07/10 10:23:39 djm Exp $ diff --git a/includes.h b/includes.h index 3953d91a9..bb6febfe3 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.41 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.42 2006/07/03 08:54:20 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -188,7 +188,6 @@ #include "defines.h" -#include "version.h" #include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/bsd-nextstep.h" diff --git a/ssh.c b/ssh.c index 9d50e42fd..47b1b7195 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.277 2006/07/02 17:12:58 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.278 2006/07/03 08:54:20 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -86,6 +86,7 @@ #include "msg.h" #include "monitor_fdpass.h" #include "uidswap.h" +#include "version.h" #ifdef SMARTCARD #include "scard.h" diff --git a/sshconnect.c b/sshconnect.c index e26efa4dc..776460f43 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.185 2006/06/14 10:50:42 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.186 2006/07/03 08:54:20 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,7 @@ #include "atomicio.h" #include "misc.h" #include "dns.h" +#include "version.h" char *client_version_string = NULL; char *server_version_string = NULL; diff --git a/sshd.c b/sshd.c index 2bdda7298..4c0231d76 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.331 2006/06/01 09:21:48 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.332 2006/07/03 08:54:20 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -97,6 +97,7 @@ #include "monitor.h" #include "monitor_wrap.h" #include "monitor_fdpass.h" +#include "version.h" #ifdef LIBWRAP #include -- cgit v1.2.3 From efc04e70b8261a7be7818772f03974eb38ae6622 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:26:27 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 [channels.c includes.h] move #include out of includes.h; old ok djm@ (portable needed session.c too) --- ChangeLog | 6 +++++- channels.c | 6 +++++- includes.h | 3 +-- session.c | 1 + 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f1f14712d..9c923a67f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 [includes.h ssh.c sshconnect.c sshd.c] move #include "version.h" out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 + [channels.c includes.h] + move #include out of includes.h; old ok djm@ + (portable needed session.c too) 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4759,4 +4763,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4366 2006/07/10 10:23:39 djm Exp $ +$Id: ChangeLog,v 1.4367 2006/07/10 10:26:27 djm Exp $ diff --git a/channels.c b/channels.c index 9642a56ee..5796a8bb9 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.250 2006/04/16 00:48:52 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.251 2006/07/03 17:59:32 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,10 @@ #include #include #include +#include + +#include +#include #include diff --git a/includes.h b/includes.h index bb6febfe3..c3f0671ec 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.42 2006/07/03 08:54:20 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.43 2006/07/03 17:59:32 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -131,7 +131,6 @@ #include #include /* For typedefs */ -#include #if defined(HAVE_NETDB_H) # include #endif diff --git a/session.c b/session.c index 3bc3651e5..cb0e8267c 100644 --- a/session.c +++ b/session.c @@ -47,6 +47,7 @@ #include #endif #include +#include #include "ssh.h" #include "ssh1.h" -- cgit v1.2.3 From 8ec8c3e98a07be51e0a136170f02b7ebab0f28ca Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:35:38 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] [serverloop.c sshconnect.c uuencode.c] move #include out of includes.h; ok deraadt@ (also ssh-rand-helper.c logintest.c loginrec.c) --- ChangeLog | 7 ++++++- canohost.c | 6 +++++- hostfile.c | 6 +++++- includes.h | 3 +-- loginrec.c | 3 +++ logintest.c | 4 ++++ misc.c | 6 +++++- packet.c | 6 +++++- readconf.c | 5 ++++- serverloop.c | 5 ++++- ssh-rand-helper.c | 3 +++ sshconnect.c | 5 ++++- uuencode.c | 6 +++++- 13 files changed, 54 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c923a67f..70f96ef77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,11 @@ [channels.c includes.h] move #include out of includes.h; old ok djm@ (portable needed session.c too) + - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 + [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] + [serverloop.c sshconnect.c uuencode.c] + move #include out of includes.h; ok deraadt@ + (also ssh-rand-helper.c logintest.c loginrec.c) 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4763,4 +4768,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4367 2006/07/10 10:26:27 djm Exp $ +$Id: ChangeLog,v 1.4368 2006/07/10 10:35:38 djm Exp $ diff --git a/canohost.c b/canohost.c index 34b751a72..787d338d4 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.53 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.54 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,10 @@ #include "includes.h" +#include + +#include + #include #include "packet.h" diff --git a/hostfile.c b/hostfile.c index 39ff197a7..a6714b6e1 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.40 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.41 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,10 @@ #include "includes.h" +#include + +#include + #include #include diff --git a/includes.h b/includes.h index c3f0671ec..51b6a0b84 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.43 2006/07/03 17:59:32 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.44 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -129,7 +129,6 @@ #include /* for grantpt() and friends */ #endif -#include #include /* For typedefs */ #if defined(HAVE_NETDB_H) # include diff --git a/loginrec.c b/loginrec.c index c2498e1e3..76ddc2000 100644 --- a/loginrec.c +++ b/loginrec.c @@ -149,6 +149,9 @@ #include #include +#include + +#include #include "ssh.h" #include "xmalloc.h" diff --git a/logintest.c b/logintest.c index 1159274f8..7e9fbbfbb 100644 --- a/logintest.c +++ b/logintest.c @@ -31,6 +31,10 @@ #include #include +#include + +#include + #include #include #include diff --git a/misc.c b/misc.c index 158d4878f..63c7ddf1e 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.52 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.53 2006/07/05 02:42:09 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -27,7 +27,11 @@ #include "includes.h" #include +#include + +#include #include + #ifdef HAVE_PATHS_H # include #endif diff --git a/packet.c b/packet.c index bc0baf3fc..ba2843786 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.131 2006/03/30 09:58:16 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.132 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,10 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" +#include + +#include +#include #include #include "xmalloc.h" diff --git a/readconf.c b/readconf.c index 87e41e0c4..df5e566a5 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.152 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,6 +16,9 @@ #include #include +#include + +#include #include diff --git a/serverloop.c b/serverloop.c index 18f1a10bd..a0832679c 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.135 2006/03/25 18:30:55 deraadt Exp $ */ +/* $OpenBSD: serverloop.c,v 1.136 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,9 @@ #include #include +#include + +#include #include #include diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 605de72f9..d8da7d3c0 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -28,6 +28,9 @@ #include #include #include +#include + +#include #ifdef HAVE_SYS_UN_H # include diff --git a/sshconnect.c b/sshconnect.c index 776460f43..7f9c09b91 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.186 2006/07/03 08:54:20 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.187 2006/07/05 02:42:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,9 @@ #include #include #include +#include + +#include #include #ifdef HAVE_PATHS_H diff --git a/uuencode.c b/uuencode.c index 398aeefe1..b8dcaeae6 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.21 2006/03/26 01:31:48 deraadt Exp $ */ +/* $OpenBSD: uuencode.c,v 1.22 2006/07/05 02:42:09 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,6 +25,10 @@ #include "includes.h" +#include + +#include + #include "xmalloc.h" #include "uuencode.h" -- cgit v1.2.3 From 917f9b6b6eb560e205a787bd8f38d4b9741c9a9f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:36:47 +1000 Subject: - djm@cvs.openbsd.org 2006/07/06 10:47:05 [servconf.c servconf.h session.c sshd_config.5] support arguments to Subsystem commands; ok markus@ --- ChangeLog | 5 ++++- servconf.c | 14 +++++++++++++- servconf.h | 3 ++- session.c | 11 ++++++----- sshd_config.5 | 6 +++--- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70f96ef77..2e45ea652 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,9 @@ [serverloop.c sshconnect.c uuencode.c] move #include out of includes.h; ok deraadt@ (also ssh-rand-helper.c logintest.c loginrec.c) + - djm@cvs.openbsd.org 2006/07/06 10:47:05 + [servconf.c servconf.h session.c sshd_config.5] + support arguments to Subsystem commands; ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4768,4 +4771,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4368 2006/07/10 10:35:38 djm Exp $ +$Id: ChangeLog,v 1.4369 2006/07/10 10:36:47 djm Exp $ diff --git a/servconf.c b/servconf.c index 43372e20f..af0ad1a35 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.150 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.151 2006/07/06 10:47:05 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -446,6 +446,7 @@ process_server_config_line(ServerOptions *options, char *line, ServerOpCodes opcode; u_short port; u_int i; + size_t len; cp = line; if ((arg = strdelim(&cp)) == NULL) @@ -901,6 +902,17 @@ parse_flag: fatal("%s line %d: Missing subsystem command.", filename, linenum); options->subsystem_command[options->num_subsystems] = xstrdup(arg); + + /* Collect arguments (separate to executable) */ + p = xstrdup(arg); + len = strlen(p) + 1; + while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { + len += 1 + strlen(arg); + p = xrealloc(p, 1, len); + strlcat(p, " ", len); + strlcat(p, arg, len); + } + options->subsystem_args[options->num_subsystems] = p; options->num_subsystems++; break; diff --git a/servconf.h b/servconf.h index 73604a98e..671050e4c 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.73 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.74 2006/07/06 10:47:05 djm Exp $ */ /* * Author: Tatu Ylonen @@ -111,6 +111,7 @@ typedef struct { u_int num_subsystems; char *subsystem_name[MAX_SUBSYSTEMS]; char *subsystem_command[MAX_SUBSYSTEMS]; + char *subsystem_args[MAX_SUBSYSTEMS]; u_int num_accept_env; char *accept_env[MAX_ACCEPT_ENV]; diff --git a/session.c b/session.c index cb0e8267c..899c3a16b 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.204 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.205 2006/07/06 10:47:05 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1841,7 +1841,7 @@ session_subsystem_req(Session *s) struct stat st; u_int len; int success = 0; - char *cmd, *subsys = packet_get_string(&len); + char *prog, *cmd, *subsys = packet_get_string(&len); u_int i; packet_check_eom(); @@ -1849,9 +1849,10 @@ session_subsystem_req(Session *s) for (i = 0; i < options.num_subsystems; i++) { if (strcmp(subsys, options.subsystem_name[i]) == 0) { - cmd = options.subsystem_command[i]; - if (stat(cmd, &st) < 0) { - error("subsystem: cannot stat %s: %s", cmd, + prog = options.subsystem_command[i]; + cmd = options.subsystem_args[i]; + if (stat(prog, &st) < 0) { + error("subsystem: cannot stat %s: %s", prog, strerror(errno)); break; } diff --git a/sshd_config.5 b/sshd_config.5 index 836add94f..3b639b17d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.58 2006/07/02 17:12:58 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.59 2006/07/06 10:47:05 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -643,8 +643,8 @@ The default is .Dq yes . .It Cm Subsystem Configures an external subsystem (e.g. file transfer daemon). -Arguments should be a subsystem name and a command to execute upon subsystem -request. +Arguments should be a subsystem name and a command (with optional arguments) +to execute upon subsystem request. The command .Xr sftp-server 8 implements the -- cgit v1.2.3 From fef95ad81645250b83f7c83233648471d8d0edab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:46:55 +1000 Subject: - djm@cvs.openbsd.org 2006/07/06 10:47:57 [sftp-server.8 sftp-server.c] add commandline options to enable logging of transactions; ok markus@ --- ChangeLog | 5 +- sftp-server.8 | 31 +++++- sftp-server.c | 317 +++++++++++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 295 insertions(+), 58 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e45ea652..e3e7ce825 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,9 @@ - djm@cvs.openbsd.org 2006/07/06 10:47:05 [servconf.c servconf.h session.c sshd_config.5] support arguments to Subsystem commands; ok markus@ + - djm@cvs.openbsd.org 2006/07/06 10:47:57 + [sftp-server.8 sftp-server.c] + add commandline options to enable logging of transactions; ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4771,4 +4774,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4369 2006/07/10 10:36:47 djm Exp $ +$Id: ChangeLog,v 1.4370 2006/07/10 10:46:55 djm Exp $ diff --git a/sftp-server.8 b/sftp-server.8 index 42f5d437c..da68e45fb 100644 --- a/sftp-server.8 +++ b/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp-server.8,v 1.10 2003/10/08 08:27:36 jmc Exp $ +.\" $OpenBSD: sftp-server.8,v 1.11 2006/07/06 10:47:57 djm Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" @@ -30,6 +30,8 @@ .Nd SFTP server subsystem .Sh SYNOPSIS .Nm sftp-server +.Op Fl f Ar log_facility +.Op Fl l Ar log_level .Sh DESCRIPTION .Nm is a program that speaks the server side of SFTP protocol @@ -40,9 +42,36 @@ is not intended to be called directly, but from using the .Cm Subsystem option. +.Pp +Command-line flags to +.Nm +should be specified in the +.Cm Subsystem +declaration. See .Xr sshd_config 5 for more information. +.Pp +Valid options are: +.Bl -tag -width Ds +.It Fl f Ar log_facility +Specifies the facility code that is used when logging messages from +.Nm . +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +The default is AUTH. +.It Fl l Ar log_level +Specifies which messages will be logged by +.Nm . +The possible values are: +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. +INFO and VERBOSE log transactions that +.Nm +performs on behalf of the client. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of debugging output. +The default is ERROR. +.El .Sh SEE ALSO .Xr sftp 1 , .Xr ssh 1 , diff --git a/sftp-server.c b/sftp-server.c index e842341cb..e882216b1 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.57 2006/03/30 09:58:16 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.58 2006/07/06 10:47:57 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -26,6 +26,7 @@ #include "log.h" #include "xmalloc.h" #include "misc.h" +#include "uidswap.h" #include "sftp.h" #include "sftp-common.h" @@ -34,9 +35,13 @@ #define get_int64() buffer_get_int64(&iqueue); #define get_int() buffer_get_int(&iqueue); #define get_string(lenp) buffer_get_string(&iqueue, lenp); -#define TRACE debug -extern char *__progname; +/* Our verbosity */ +LogLevel log_level = SYSLOG_LEVEL_ERROR; + +/* Our client */ +struct passwd *pw = NULL; +char *client_addr = NULL; /* input and output queue */ Buffer iqueue; @@ -108,6 +113,33 @@ flags_from_portable(int pflags) return flags; } +static const char * +string_from_portable(int pflags) +{ + static char ret[128]; + + *ret = '\0'; + +#define PAPPEND(str) { \ + if (*ret != '\0') \ + strlcat(ret, ",", sizeof(ret)); \ + strlcat(ret, str, sizeof(ret)); \ + } + + if (pflags & SSH2_FXF_READ) + PAPPEND("READ") + if (pflags & SSH2_FXF_WRITE) + PAPPEND("WRITE") + if (pflags & SSH2_FXF_CREAT) + PAPPEND("CREATE") + if (pflags & SSH2_FXF_TRUNC) + PAPPEND("TRUNCATE") + if (pflags & SSH2_FXF_EXCL) + PAPPEND("EXCL") + + return ret; +} + static Attrib * get_attrib(void) { @@ -122,6 +154,7 @@ struct Handle { DIR *dirp; int fd; char *name; + u_int64_t bytes_read, bytes_write; }; enum { @@ -152,6 +185,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp) handles[i].dirp = dirp; handles[i].fd = fd; handles[i].name = xstrdup(name); + handles[i].bytes_read = handles[i].bytes_write = 0; return i; } } @@ -215,6 +249,36 @@ handle_to_fd(int handle) return -1; } +static void +handle_update_read(int handle, ssize_t bytes) +{ + if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0) + handles[handle].bytes_read += bytes; +} + +static void +handle_update_write(int handle, ssize_t bytes) +{ + if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0) + handles[handle].bytes_write += bytes; +} + +static u_int64_t +handle_bytes_read(int handle) +{ + if (handle_is_ok(handle, HANDLE_FILE)) + return (handles[handle].bytes_read); + return 0; +} + +static u_int64_t +handle_bytes_write(int handle) +{ + if (handle_is_ok(handle, HANDLE_FILE)) + return (handles[handle].bytes_write); + return 0; +} + static int handle_close(int handle) { @@ -234,6 +298,31 @@ handle_close(int handle) return ret; } +static void +handle_log_close(int handle, char *emsg) +{ + if (handle_is_ok(handle, HANDLE_FILE)) { + logit("%s%sclose \"%s\" bytes read %llu written %llu", + emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", + handle_to_name(handle), + handle_bytes_read(handle), handle_bytes_write(handle)); + } else { + logit("%s%sclosedir \"%s\"", + emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", + handle_to_name(handle)); + } +} + +static void +handle_log_exit(void) +{ + u_int i; + + for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) + if (handles[i].use != HANDLE_UNUSED) + handle_log_close(i, "forced"); +} + static int get_handle(void) { @@ -260,10 +349,9 @@ send_msg(Buffer *m) buffer_consume(m, mlen); } -static void -send_status(u_int32_t id, u_int32_t status) +static const char * +status_to_message(u_int32_t status) { - Buffer msg; const char *status_messages[] = { "Success", /* SSH_FX_OK */ "End of file", /* SSH_FX_EOF */ @@ -276,15 +364,24 @@ send_status(u_int32_t id, u_int32_t status) "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */ "Unknown error" /* Others */ }; + return (status_messages[MIN(status,SSH2_FX_MAX)]); +} - TRACE("sent status id %u error %u", id, status); +static void +send_status(u_int32_t id, u_int32_t status) +{ + Buffer msg; + + debug3("request %u: sent status %u", id, status); + if (log_level > SYSLOG_LEVEL_VERBOSE || + (status != SSH2_FX_OK && status != SSH2_FX_EOF)) + logit("sent status %s", status_to_message(status)); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_STATUS); buffer_put_int(&msg, id); buffer_put_int(&msg, status); if (version >= 3) { - buffer_put_cstring(&msg, - status_messages[MIN(status,SSH2_FX_MAX)]); + buffer_put_cstring(&msg, status_to_message(status)); buffer_put_cstring(&msg, ""); } send_msg(&msg); @@ -306,7 +403,7 @@ send_data_or_handle(char type, u_int32_t id, const char *data, int dlen) static void send_data(u_int32_t id, const char *data, int dlen) { - TRACE("sent data id %u len %d", id, dlen); + debug("request %u: sent data len %d", id, dlen); send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); } @@ -317,7 +414,7 @@ send_handle(u_int32_t id, int handle) int hlen; handle_to_string(handle, &string, &hlen); - TRACE("sent handle id %u handle %d", id, handle); + debug("request %u: sent handle handle %d", id, handle); send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); xfree(string); } @@ -332,7 +429,7 @@ send_names(u_int32_t id, int count, const Stat *stats) buffer_put_char(&msg, SSH2_FXP_NAME); buffer_put_int(&msg, id); buffer_put_int(&msg, count); - TRACE("sent names id %u count %d", id, count); + debug("request %u: sent names count %d", id, count); for (i = 0; i < count; i++) { buffer_put_cstring(&msg, stats[i].name); buffer_put_cstring(&msg, stats[i].long_name); @@ -347,7 +444,7 @@ send_attrib(u_int32_t id, const Attrib *a) { Buffer msg; - TRACE("sent attrib id %u have 0x%x", id, a->flags); + debug("request %u: sent attrib have 0x%x", id, a->flags); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_ATTRS); buffer_put_int(&msg, id); @@ -364,7 +461,7 @@ process_init(void) Buffer msg; version = get_int(); - TRACE("client version %d", version); + verbose("received client version %d", version); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_VERSION); buffer_put_int(&msg, SSH2_FILEXFER_VERSION); @@ -381,12 +478,14 @@ process_open(void) int handle, fd, flags, mode, status = SSH2_FX_FAILURE; id = get_int(); + debug3("request %u: open flags %d", id, pflags); name = get_string(NULL); pflags = get_int(); /* portable flags */ a = get_attrib(); flags = flags_from_portable(pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; - TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); + logit("open \"%s\" flags %s mode 0%o", + name, string_from_portable(pflags), mode); fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); @@ -412,7 +511,8 @@ process_close(void) id = get_int(); handle = get_handle(); - TRACE("close id %u handle %d", id, handle); + debug3("request %u: close handle %u", id, handle); + handle_log_close(handle, NULL); ret = handle_close(handle); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -431,11 +531,11 @@ process_read(void) off = get_int64(); len = get_int(); - TRACE("read id %u handle %d off %llu len %d", id, handle, - (unsigned long long)off, len); + debug("request %u: read \"%s\" (handle %d) off %llu len %d", + id, handle_to_name(handle), handle, (unsigned long long)off, len); if (len > sizeof buf) { len = sizeof buf; - logit("read change len %d", len); + debug2("read change len %d", len); } fd = handle_to_fd(handle); if (fd >= 0) { @@ -451,6 +551,7 @@ process_read(void) } else { send_data(id, buf, ret); status = SSH2_FX_OK; + handle_update_read(handle, ret); } } } @@ -472,8 +573,8 @@ process_write(void) off = get_int64(); data = get_string(&len); - TRACE("write id %u handle %d off %llu len %d", id, handle, - (unsigned long long)off, len); + debug("request %u: write \"%s\" (handle %d) off %llu len %d", + id, handle_to_name(handle), handle, (unsigned long long)off, len); fd = handle_to_fd(handle); if (fd >= 0) { if (lseek(fd, off, SEEK_SET) < 0) { @@ -487,8 +588,9 @@ process_write(void) status = errno_to_portable(errno); } else if ((size_t)ret == len) { status = SSH2_FX_OK; + handle_update_write(handle, ret); } else { - logit("nothing at all written"); + debug2("nothing at all written"); } } } @@ -507,7 +609,8 @@ process_do_stat(int do_lstat) id = get_int(); name = get_string(NULL); - TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name); + debug3("request %u: %sstat", id, do_lstat ? "l" : ""); + verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); ret = do_lstat ? lstat(name, &st) : stat(name, &st); if (ret < 0) { status = errno_to_portable(errno); @@ -543,7 +646,8 @@ process_fstat(void) id = get_int(); handle = get_handle(); - TRACE("fstat id %u handle %d", id, handle); + debug("request %u: fstat \"%s\" (handle %u)", + id, handle_to_name(handle), handle); fd = handle_to_fd(handle); if (fd >= 0) { ret = fstat(fd, &st); @@ -582,23 +686,33 @@ process_setstat(void) id = get_int(); name = get_string(NULL); a = get_attrib(); - TRACE("setstat id %u name %s", id, name); + debug("request %u: setstat name \"%s\"", id, name); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + logit("set \"%s\" size %llu", name, a->size); ret = truncate(name, a->size); if (ret == -1) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + logit("set \"%s\" mode %04o", name, a->perm); ret = chmod(name, a->perm & 0777); if (ret == -1) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + char buf[64]; + time_t t = a->mtime; + + strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", + localtime(&t)); + logit("set \"%s\" modtime %s", name, buf); ret = utimes(name, attrib_to_tv(a)); if (ret == -1) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + logit("set \"%s\" owner %lu group %lu", name, + (u_long)a->uid, (u_long)a->gid); ret = chown(name, a->uid, a->gid); if (ret == -1) status = errno_to_portable(errno); @@ -614,23 +728,25 @@ process_fsetstat(void) u_int32_t id; int handle, fd, ret; int status = SSH2_FX_OK; - char *name; id = get_int(); handle = get_handle(); a = get_attrib(); - TRACE("fsetstat id %u handle %d", id, handle); + debug("request %u: fsetstat handle %d", id, handle); fd = handle_to_fd(handle); - name = handle_to_name(handle); - if (fd < 0 || name == NULL) { + if (fd < 0) { status = SSH2_FX_FAILURE; } else { + char *name = handle_to_name(handle); + if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { + logit("set \"%s\" size %llu", name, a->size); ret = ftruncate(fd, a->size); if (ret == -1) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + logit("set \"%s\" mode %04o", name, a->perm); #ifdef HAVE_FCHMOD ret = fchmod(fd, a->perm & 0777); #else @@ -640,6 +756,12 @@ process_fsetstat(void) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { + char buf[64]; + time_t t = a->mtime; + + strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", + localtime(&t)); + logit("set \"%s\" modtime %s", name, buf); #ifdef HAVE_FUTIMES ret = futimes(fd, attrib_to_tv(a)); #else @@ -649,6 +771,8 @@ process_fsetstat(void) status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + logit("set \"%s\" owner %lu group %lu", name, + (u_long)a->uid, (u_long)a->gid); #ifdef HAVE_FCHOWN ret = fchown(fd, a->uid, a->gid); #else @@ -671,7 +795,8 @@ process_opendir(void) id = get_int(); path = get_string(NULL); - TRACE("opendir id %u path %s", id, path); + debug3("request %u: opendir", id); + logit("opendir \"%s\"", path); dirp = opendir(path); if (dirp == NULL) { status = errno_to_portable(errno); @@ -701,14 +826,15 @@ process_readdir(void) id = get_int(); handle = get_handle(); - TRACE("readdir id %u handle %d", id, handle); + debug("request %u: readdir \"%s\" (handle %d)", id, + handle_to_name(handle), handle); dirp = handle_to_dir(handle); path = handle_to_name(handle); if (dirp == NULL || path == NULL) { send_status(id, SSH2_FX_FAILURE); } else { struct stat st; - char pathname[1024]; + char pathname[MAXPATHLEN]; Stat *stats; int nstats = 10, count = 0, i; @@ -755,7 +881,8 @@ process_remove(void) id = get_int(); name = get_string(NULL); - TRACE("remove id %u name %s", id, name); + debug3("request %u: remove", id); + logit("remove name \"%s\"", name); ret = unlink(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -775,7 +902,8 @@ process_mkdir(void) a = get_attrib(); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm & 0777 : 0777; - TRACE("mkdir id %u name %s mode 0%o", id, name, mode); + debug3("request %u: mkdir", id); + logit("mkdir name \"%s\" mode 0%o", name, mode); ret = mkdir(name, mode); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -791,7 +919,8 @@ process_rmdir(void) id = get_int(); name = get_string(NULL); - TRACE("rmdir id %u name %s", id, name); + debug3("request %u: rmdir", id); + logit("rmdir name \"%s\"", name); ret = rmdir(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -811,7 +940,8 @@ process_realpath(void) xfree(path); path = xstrdup("."); } - TRACE("realpath id %u path %s", id, path); + debug3("request %u: realpath", id); + verbose("realpath \"%s\"", path); if (realpath(path, resolvedname) == NULL) { send_status(id, errno_to_portable(errno)); } else { @@ -834,7 +964,8 @@ process_rename(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("rename id %u old %s new %s", id, oldpath, newpath); + debug3("request %u: rename", id); + logit("rename old \"%s\" new \"%s\"", oldpath, newpath); status = SSH2_FX_FAILURE; if (lstat(oldpath, &sb) == -1) status = errno_to_portable(errno); @@ -889,7 +1020,8 @@ process_readlink(void) id = get_int(); path = get_string(NULL); - TRACE("readlink id %u path %s", id, path); + debug3("request %u: readlink", id); + verbose("readlink \"%s\"", path); if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1) send_status(id, errno_to_portable(errno)); else { @@ -913,7 +1045,8 @@ process_symlink(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("symlink id %u old %s new %s", id, oldpath, newpath); + debug3("request %u: symlink", id); + logit("symlink old \"%s\" new \"%s\"", oldpath, newpath); /* this will fail if 'newpath' exists */ ret = symlink(oldpath, newpath); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; @@ -951,8 +1084,9 @@ process(void) cp = buffer_ptr(&iqueue); msg_len = get_u32(cp); if (msg_len > SFTP_MAX_MSG_LENGTH) { - error("bad message "); - exit(11); + error("bad message from %s local user %s", + client_addr, pw->pw_name); + cleanup_exit(11); } if (buf_len < msg_len + 4) return; @@ -1026,7 +1160,7 @@ process(void) } /* discard the remaining bytes from the current packet */ if (buf_len < buffer_len(&iqueue)) - fatal("iqueue grows"); + fatal("iqueue grew unexpectedly"); consumed = buf_len - buffer_len(&iqueue); if (msg_len < consumed) fatal("msg_len %d < consumed %d", msg_len, consumed); @@ -1034,24 +1168,94 @@ process(void) buffer_consume(&iqueue, msg_len - consumed); } +/* Cleanup handler that logs active handles upon normal exit */ +void +cleanup_exit(int i) +{ + if (pw != NULL && client_addr != NULL) { + handle_log_exit(); + logit("session closed for local user %s from [%s]", + pw->pw_name, client_addr); + } + _exit(i); +} + +static void +usage(void) +{ + extern char *__progname; + + fprintf(stderr, + "usage: %s [-he] [-l log_level] [-f log_facility]\n", __progname); + exit(1); +} + int -main(int ac, char **av) +main(int argc, char **argv) { fd_set *rset, *wset; - int in, out, max; + int in, out, max, ch, skipargs = 0, log_stderr = 0; ssize_t len, olen, set_size; + SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; + char *cp; + + extern int optind; + extern char *optarg; + extern char *__progname; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - /* XXX should use getopt */ + __progname = ssh_get_progname(argv[0]); + log_init(__progname, log_level, log_facility, log_stderr); + + while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) { + switch (ch) { + case 'c': + /* + * Ignore all arguments if we are invoked as a + * shell using "sftp-server -c command" + */ + skipargs = 1; + break; + case 'e': + log_stderr = 1; + break; + case 'l': + log_level = log_level_number(optarg); + if (log_level == SYSLOG_LEVEL_NOT_SET) + error("Invalid log level \"%s\"", optarg); + break; + case 'f': + log_facility = log_facility_number(optarg); + if (log_level == SYSLOG_FACILITY_NOT_SET) + error("Invalid log facility \"%s\"", optarg); + break; + case 'h': + default: + usage(); + } + } - __progname = ssh_get_progname(av[0]); - handle_init(); + log_init(__progname, log_level, log_facility, log_stderr); -#ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); -#endif + if ((cp = getenv("SSH_CONNECTION")) != NULL) { + client_addr = xstrdup(cp); + if ((cp = strchr(client_addr, ' ')) == NULL) + fatal("Malformed SSH_CONNECTION variable: \"%s\"", + getenv("SSH_CONNECTION")); + *cp = '\0'; + } else + client_addr = xstrdup("UNKNOWN"); + + if ((pw = getpwuid(getuid())) == NULL) + fatal("No user found for uid %lu", (u_long)getuid()); + pw = pwcopy(pw); + + logit("session opened for local user %s from [%s]", + pw->pw_name, client_addr); + + handle_init(); in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); @@ -1086,7 +1290,8 @@ main(int ac, char **av) if (select(max+1, rset, wset, NULL, NULL) < 0) { if (errno == EINTR) continue; - exit(2); + error("select: %s", strerror(errno)); + cleanup_exit(2); } /* copy stdin to iqueue */ @@ -1095,10 +1300,10 @@ main(int ac, char **av) len = read(in, buf, sizeof buf); if (len == 0) { debug("read eof"); - exit(0); + cleanup_exit(0); } else if (len < 0) { - error("read error"); - exit(1); + error("read: %s", strerror(errno)); + cleanup_exit(1); } else { buffer_append(&iqueue, buf, len); } @@ -1107,8 +1312,8 @@ main(int ac, char **av) if (FD_ISSET(out, wset)) { len = write(out, buffer_ptr(&oqueue), olen); if (len < 0) { - error("write error"); - exit(1); + error("write: %s", strerror(errno)); + cleanup_exit(1); } else { buffer_consume(&oqueue, len); } -- cgit v1.2.3 From 9f2abc47ebd58c974f51718f31009b49a001c0d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:53:08 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include out of includes.h; ok markus@ --- ChangeLog | 11 ++++++++++- auth-options.c | 6 +++++- auth-options.h | 6 +++++- auth-passwd.c | 6 +++++- auth-rh-rsa.c | 6 +++++- auth-rhosts.c | 3 ++- auth-rsa.c | 4 +++- auth.c | 3 ++- auth.h | 10 +++++++--- auth2-hostbased.c | 6 +++++- auth2-pubkey.c | 4 +++- auth2.c | 6 +++++- includes.h | 4 +--- loginrec.c | 2 ++ misc.c | 4 +++- misc.h | 6 +++++- monitor.c | 3 ++- monitor_wrap.c | 6 +++++- monitor_wrap.h | 7 ++++++- scp.c | 3 ++- serverloop.c | 3 ++- session.c | 3 ++- session.h | 6 +++++- sftp-common.c | 3 ++- sftp-server.c | 1 + ssh-add.c | 4 +++- ssh-keygen.c | 5 ++++- ssh-keysign.c | 3 ++- ssh-rand-helper.c | 1 + ssh.c | 3 ++- sshconnect.c | 3 ++- sshconnect.h | 6 +++++- sshd.c | 3 ++- sshpty.c | 3 ++- sshpty.h | 5 ++++- uidswap.c | 6 +++++- uidswap.h | 6 +++++- 37 files changed, 132 insertions(+), 38 deletions(-) diff --git a/ChangeLog b/ChangeLog index e3e7ce825..a4a75e57b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,15 @@ - djm@cvs.openbsd.org 2006/07/06 10:47:57 [sftp-server.8 sftp-server.c] add commandline options to enable logging of transactions; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 + [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] + [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] + [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] + [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] + [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] + [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] + [uidswap.h] + move #include out of includes.h; ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4774,4 +4783,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4370 2006/07/10 10:46:55 djm Exp $ +$Id: ChangeLog,v 1.4371 2006/07/10 10:53:08 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 56d598412..473fb8bf7 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.35 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.36 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -12,6 +12,10 @@ #include "includes.h" +#include + +#include + #include "xmalloc.h" #include "match.h" #include "log.h" diff --git a/auth-options.h b/auth-options.h index d34b5f190..cd2b030cd 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.14 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: auth-options.h,v 1.15 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,10 @@ #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H +#include + +#include + /* Linked list of custom environment strings */ struct envstring { struct envstring *next; diff --git a/auth-passwd.c b/auth-passwd.c index 2ebcc5fc4..3cf86dcbd 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.36 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.37 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,10 @@ #include "includes.h" +#include + +#include + #include "packet.h" #include "buffer.h" #include "log.h" diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index c8bdfa26c..8fa21e12c 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rh-rsa.c,v 1.40 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-rh-rsa.c,v 1.41 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,6 +15,10 @@ #include "includes.h" +#include + +#include + #include "packet.h" #include "uidswap.h" #include "log.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index ce72adb7d..d50ea3a01 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.37 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.38 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -22,6 +22,7 @@ #ifdef HAVE_NETGROUP_H # include #endif +#include #include "packet.h" #include "uidswap.h" diff --git a/auth-rsa.c b/auth-rsa.c index c331c267d..867597642 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.67 2006/03/25 18:29:35 deraadt Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.68 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -22,6 +22,8 @@ #include #include +#include + #include "rsa.h" #include "packet.h" #include "xmalloc.h" diff --git a/auth.c b/auth.c index ffa94e886..0c8894c99 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.67 2006/03/30 11:40:21 dtucker Exp $ */ +/* $OpenBSD: auth.c,v 1.68 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -31,6 +31,7 @@ #ifdef HAVE_PATHS_H # include #endif +#include #ifdef HAVE_LOGIN_H #include #endif diff --git a/auth.h b/auth.h index 5f9fb6f10..6688c3dc5 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.53 2006/04/20 09:27:09 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.54 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -28,10 +28,11 @@ #ifndef AUTH_H #define AUTH_H +#include + #include +#include -#include "key.h" -#include "hostfile.h" #include "buffer.h" #include @@ -45,6 +46,9 @@ #include #endif +#include "key.h" +#include "hostfile.h" + typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 8d5f38353..56bf0be13 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.9 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,6 +25,10 @@ #include "includes.h" +#include + +#include + #include "ssh2.h" #include "xmalloc.h" #include "packet.h" diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 8786014f2..7962dcef2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.12 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.13 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,8 @@ #include #include +#include + #include "ssh.h" #include "ssh2.h" #include "xmalloc.h" diff --git a/auth2.c b/auth2.c index 8f7ec0d6d..ad57c64e6 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.110 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.111 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,6 +25,10 @@ #include "includes.h" +#include + +#include + #include "ssh2.h" #include "xmalloc.h" #include "packet.h" diff --git a/includes.h b/includes.h index 51b6a0b84..55ca7bedd 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.44 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.45 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -27,8 +27,6 @@ #include #include #include -#include -#include #include #include diff --git a/loginrec.c b/loginrec.c index 76ddc2000..42f022fd9 100644 --- a/loginrec.c +++ b/loginrec.c @@ -153,6 +153,8 @@ #include +#include + #include "ssh.h" #include "xmalloc.h" #include "loginrec.h" diff --git a/misc.c b/misc.c index 63c7ddf1e..b7316519d 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.53 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.54 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -27,6 +27,7 @@ #include "includes.h" #include +#include #include #include @@ -34,6 +35,7 @@ #ifdef HAVE_PATHS_H # include +#include #endif #ifdef SSH_TUN_OPENBSD #include diff --git a/misc.h b/misc.h index bbd66ef10..f96328662 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.31 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,10 @@ #ifndef _MISC_H #define _MISC_H +#include + +#include + /* misc.c */ char *chop(char *); diff --git a/monitor.c b/monitor.c index 08919ddfc..72176f9aa 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.77 2006/03/30 11:40:21 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.78 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -33,6 +33,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #ifdef SKEY diff --git a/monitor_wrap.c b/monitor_wrap.c index 332652895..22b1fe854 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.45 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.46 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -27,9 +27,13 @@ #include "includes.h" +#include + #include #include +#include + #include "ssh.h" #include "dh.h" #include "kex.h" diff --git a/monitor_wrap.h b/monitor_wrap.h index c06e30606..0f3b211c9 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.17 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,6 +27,11 @@ #ifndef _MM_WRAP_H_ #define _MM_WRAP_H_ + +#include + +#include + #include "key.h" #include "buffer.h" diff --git a/scp.c b/scp.c index e5332972c..cfe2165e6 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.142 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: scp.c,v 1.143 2006/07/06 16:03:53 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -81,6 +81,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/serverloop.c b/serverloop.c index a0832679c..14baecae1 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.136 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.137 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,6 +43,7 @@ #include +#include #include #include diff --git a/session.c b/session.c index 899c3a16b..9115c5aa1 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.205 2006/07/06 10:47:05 djm Exp $ */ +/* $OpenBSD: session.c,v 1.206 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -46,6 +46,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #include diff --git a/session.h b/session.h index bdac05934..c3a12821f 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.27 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: session.h,v 1.28 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,10 @@ #ifndef SESSION_H #define SESSION_H +#include + +#include + #define TTYSZ 64 typedef struct Session Session; struct Session { diff --git a/sftp-common.c b/sftp-common.c index 8c794a05f..92ce90661 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.14 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.15 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -30,6 +30,7 @@ #include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp-server.c b/sftp-server.c index e882216b1..b95cb96c2 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -20,6 +20,7 @@ #include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/ssh-add.c b/ssh-add.c index 836cb5f9c..1cc10295f 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.80 2006/05/30 11:46:38 mk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.81 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,6 +42,8 @@ #include +#include + #include "ssh.h" #include "rsa.h" #include "log.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index e06ae1a52..b10e42ec8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.144 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.145 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -20,6 +20,9 @@ #include #include +#include +#include + #include "xmalloc.h" #include "key.h" #include "rsa.h" diff --git a/ssh-keysign.c b/ssh-keysign.c index 017af5307..751d49a90 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.23 2006/04/02 08:34:52 dtucker Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.24 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #include diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index d8da7d3c0..feb1bfb18 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -36,6 +36,7 @@ # include #endif +#include #include #include diff --git a/ssh.c b/ssh.c index 47b1b7195..d9837f162 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.278 2006/07/03 08:54:20 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.279 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index 7f9c09b91..3bc455eb4 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.187 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -26,6 +26,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include "ssh.h" #include "xmalloc.h" diff --git a/sshconnect.h b/sshconnect.h index 692d27567..c1b07390b 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.21 2006/07/06 16:03:53 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,6 +26,10 @@ #ifndef SSHCONNECT_H #define SSHCONNECT_H +#include + +#include + typedef struct Sensitive Sensitive; struct Sensitive { Key **keys; diff --git a/sshd.c b/sshd.c index 4c0231d76..790d27576 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.332 2006/07/03 08:54:20 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.333 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #include diff --git a/sshpty.c b/sshpty.c index 92f86e7a1..973c2d2d8 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.20 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.21 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ #ifdef HAVE_PATHS_H # include #endif +#include #include #ifdef HAVE_UTIL_H # include diff --git a/sshpty.h b/sshpty.h index f61a5e71e..a7b337474 100644 --- a/sshpty.h +++ b/sshpty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.h,v 1.8 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sshpty.h,v 1.9 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -17,6 +17,9 @@ #ifndef SSHPTY_H #define SSHPTY_H +#include + +#include #include struct termios get_saved_tio(void); diff --git a/uidswap.c b/uidswap.c index 32441828d..2ac5d7f91 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.29 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: uidswap.c,v 1.30 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,10 @@ #include "includes.h" +#include + +#include + #include #include "log.h" diff --git a/uidswap.h b/uidswap.h index f827782d5..436c10f75 100644 --- a/uidswap.h +++ b/uidswap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.h,v 1.11 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: uidswap.h,v 1.12 2006/07/06 16:03:53 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,10 @@ #ifndef UIDSWAP_H #define UIDSWAP_H +#include + +#include + void temporarily_use_uid(struct passwd *); void restore_uid(void); void permanently_set_uid(struct passwd *); -- cgit v1.2.3 From 69996104fe4d5897e12eed9f6c7b6eacee0d2725 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:53:31 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 [ssh-keygen.c] move #include "dns.h" up --- ChangeLog | 5 ++++- ssh-keygen.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4a75e57b..5b4cfc717 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,9 @@ [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 + [ssh-keygen.c] + move #include "dns.h" up 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4783,4 +4786,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4371 2006/07/10 10:53:08 djm Exp $ +$Id: ChangeLog,v 1.4372 2006/07/10 10:53:31 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index b10e42ec8..aa2030ea7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.145 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.146 2006/07/06 16:22:39 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -35,11 +35,11 @@ #include "misc.h" #include "match.h" #include "hostfile.h" +#include "dns.h" #ifdef SMARTCARD #include "scard.h" #endif -#include "dns.h" /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 -- cgit v1.2.3 From 58059aef053a0b925c70b9804930e3fe17edfac8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 20:53:45 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 [monitor_wrap.h] typo in comment --- ChangeLog | 5 ++++- monitor_wrap.h | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b4cfc717..c0b850342 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,9 @@ - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 [ssh-keygen.c] move #include "dns.h" up + - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 + [monitor_wrap.h] + typo in comment 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4786,4 +4789,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4372 2006/07/10 10:53:31 djm Exp $ +$Id: ChangeLog,v 1.4373 2006/07/10 10:53:45 djm Exp $ diff --git a/monitor_wrap.h b/monitor_wrap.h index 0f3b211c9..4366b8ed0 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.17 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.18 2006/07/06 17:36:37 stevesk Exp $ */ /* * Copyright 2002 Niels Provos @@ -116,4 +116,4 @@ void *mm_zalloc(struct mm_master *, u_int, u_int); void mm_zfree(struct mm_master *, void *); void mm_init_compression(struct mm_master *); -#endif /* _MM_H_ */ +#endif /* _MM_WRAP_H_ */ -- cgit v1.2.3 From e3b60b524edcc55d71e7ccb0958fd69a0e525f30 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:08:03 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include out of includes.h --- ChangeLog | 7 ++++++- authfd.c | 3 ++- canohost.c | 3 ++- clientloop.c | 3 ++- dns.c | 5 ++++- dns.h | 5 ++++- includes.h | 3 +-- monitor.c | 1 + monitor_fdpass.c | 4 +++- nchan.c | 5 ++++- packet.c | 3 ++- servconf.c | 5 ++++- session.c | 1 + sftp.c | 3 ++- ssh-agent.c | 4 +++- ssh-keygen.c | 1 + ssh-keyscan.c | 2 +- ssh.c | 3 ++- sshconnect.h | 3 ++- sshd.c | 3 ++- sshlogin.c | 2 +- sshlogin.h | 5 ++++- 22 files changed, 54 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index c0b850342..162881faa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,11 @@ - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 [monitor_wrap.h] typo in comment + - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 + [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] + [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] + [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] + move #include out of includes.h 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4789,4 +4794,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4373 2006/07/10 10:53:45 djm Exp $ +$Id: ChangeLog,v 1.4374 2006/07/10 11:08:03 djm Exp $ diff --git a/authfd.c b/authfd.c index 0fa69bd2a..0d2b09ecc 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.74 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.75 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,7 @@ #include #include +#include #include diff --git a/canohost.c b/canohost.c index 787d338d4..538b141b1 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.54 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.55 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,7 @@ #include "includes.h" +#include #include #include diff --git a/clientloop.c b/clientloop.c index fb66a6e40..c59d573c5 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.165 2006/07/02 23:01:55 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.166 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -65,6 +65,7 @@ #ifdef HAVE_SYS_STAT_H # include #endif +#include #include #include diff --git a/dns.c b/dns.c index 69084b57d..504b5d72e 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.19 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.20 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -27,6 +27,9 @@ #include "includes.h" +#include +#include + #include #include "xmalloc.h" diff --git a/dns.h b/dns.h index 305ca07fb..818750384 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.7 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.8 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -27,6 +27,9 @@ #include "includes.h" +#include +#include + #ifndef DNS_H #define DNS_H diff --git a/includes.h b/includes.h index 55ca7bedd..417d7c01b 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.45 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.46 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -87,7 +87,6 @@ #endif #include -#include #ifdef HAVE_SYS_TIME_H # include /* For timersub */ #endif diff --git a/monitor.c b/monitor.c index 72176f9aa..4a295d312 100644 --- a/monitor.c +++ b/monitor.c @@ -28,6 +28,7 @@ #include "includes.h" #include +#include #include #ifdef HAVE_PATHS_H diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 4ce9eae19..546f7010f 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.8 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.9 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -26,6 +26,8 @@ #include "includes.h" +#include +#include #include #include "log.h" diff --git a/nchan.c b/nchan.c index 1f4b39671..58b0e98d5 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.53 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.54 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -25,6 +25,9 @@ #include "includes.h" +#include +#include + #include "ssh1.h" #include "ssh2.h" #include "buffer.h" diff --git a/packet.c b/packet.c index ba2843786..f04d6fac9 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.132 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.133 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,7 @@ #include "includes.h" +#include #include "openbsd-compat/sys-queue.h" #include diff --git a/servconf.c b/servconf.c index af0ad1a35..c5b933ab9 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.151 2006/07/06 10:47:05 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.152 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -12,6 +12,9 @@ #include "includes.h" +#include +#include + #include "ssh.h" #include "log.h" #include "servconf.h" diff --git a/session.c b/session.c index 9115c5aa1..8b1a9ed94 100644 --- a/session.c +++ b/session.c @@ -39,6 +39,7 @@ #ifdef HAVE_SYS_STAT_H # include #endif +#include #include #include diff --git a/sftp.c b/sftp.c index 22fa6ad2a..a6c22aa67 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.82 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: sftp.c,v 1.83 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -22,6 +22,7 @@ # include #endif #include +#include #include #ifdef HAVE_PATHS_H diff --git a/ssh-agent.c b/ssh-agent.c index db3935ec7..87e94b0ea 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.140 2006/06/13 02:17:07 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.141 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,11 +38,13 @@ #include #include +#include #ifdef HAVE_SYS_UN_H # include #endif #include "openbsd-compat/sys-queue.h" #include + #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-keygen.c b/ssh-keygen.c index aa2030ea7..afa718a96 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -15,6 +15,7 @@ #include "includes.h" #include +#include #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index dc47a9576..85ee168e7 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.65 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * diff --git a/ssh.c b/ssh.c index d9837f162..ee4f92f92 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.279 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.280 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,6 +48,7 @@ #endif #include #include +#include #include #include diff --git a/sshconnect.h b/sshconnect.h index c1b07390b..0b3896f9d 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.21 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.22 2006/07/08 21:47:12 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -27,6 +27,7 @@ #define SSHCONNECT_H #include +#include #include diff --git a/sshd.c b/sshd.c index 790d27576..4131f1699 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.333 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.334 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ # include #endif #include +#include #include #ifdef HAVE_PATHS_H diff --git a/sshlogin.c b/sshlogin.c index 4f65b5e91..a472b511c 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -119,7 +119,7 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid, #ifdef LOGIN_NEEDS_UTMPX void record_utmp_only(pid_t pid, const char *ttyname, const char *user, - const char *host, struct sockaddr * addr, socklen_t addrlen) + const char *host, struct sockaddr *addr, socklen_t addrlen) { struct logininfo *li; diff --git a/sshlogin.h b/sshlogin.h index f840461cf..c0f9cd300 100644 --- a/sshlogin.h +++ b/sshlogin.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sshlogin.h,v 1.7 2006/07/08 21:47:12 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -14,6 +14,9 @@ #ifndef SSHLOGIN_H #define SSHLOGIN_H +#include +#include + void record_login(pid_t, const char *, const char *, uid_t, const char *, struct sockaddr *, socklen_t); void record_logout(pid_t, const char *, const char *); -- cgit v1.2.3 From e33b60343b7cef82ec229d7bfec008d3a932f2ad Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:08:34 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 [monitor.c session.c] missed these from last commit: move #include out of includes.h --- ChangeLog | 6 +++++- monitor.c | 3 ++- session.c | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 162881faa..9d93ab4a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,10 @@ [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 + [monitor.c session.c] + missed these from last commit: + move #include out of includes.h 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4794,4 +4798,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4374 2006/07/10 11:08:03 djm Exp $ +$Id: ChangeLog,v 1.4375 2006/07/10 11:08:34 djm Exp $ diff --git a/monitor.c b/monitor.c index 4a295d312..f01f921ae 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.78 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.79 2006/07/08 21:48:53 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -30,6 +30,7 @@ #include #include #include +#include #ifdef HAVE_PATHS_H #include diff --git a/session.c b/session.c index 8b1a9ed94..0a321be30 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.206 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.207 2006/07/08 21:48:53 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved -- cgit v1.2.3 From 194a1cb0189e41db76feb9363a89fe716f7cad97 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:09:22 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 [log.c] move user includes after /usr/include files --- ChangeLog | 5 ++++- log.c | 8 ++++---- monitor.c | 1 - 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d93ab4a1..3acb62484 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ [monitor.c session.c] missed these from last commit: move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 + [log.c] + move user includes after /usr/include files 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4798,4 +4801,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4375 2006/07/10 11:08:34 djm Exp $ +$Id: ChangeLog,v 1.4376 2006/07/10 11:09:22 djm Exp $ diff --git a/log.c b/log.c index 3a404918b..f7f92bcac 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.31 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: log.c,v 1.32 2006/07/08 23:30:06 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,14 +36,14 @@ #include "includes.h" -#include "log.h" -#include "xmalloc.h" - #include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) # include #endif +#include "log.h" +#include "xmalloc.h" + static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; static int log_facility = LOG_AUTH; diff --git a/monitor.c b/monitor.c index f01f921ae..73306948a 100644 --- a/monitor.c +++ b/monitor.c @@ -30,7 +30,6 @@ #include #include #include -#include #ifdef HAVE_PATHS_H #include -- cgit v1.2.3 From 57cf638577052cfec0d4bce197c5597588a8b813 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:13:46 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] [sshlogin.c sshpty.c] move #include out of includes.h --- ChangeLog | 8 +++++++- auth2-none.c | 4 +++- authfd.c | 4 +++- authfile.c | 4 +++- includes.h | 3 +-- misc.c | 3 ++- monitor.c | 3 ++- readpass.c | 3 ++- scp.c | 3 ++- serverloop.c | 3 ++- sftp-client.c | 6 ++++-- sftp-server.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 3 ++- ssh-keygen.c | 3 ++- ssh-keysign.c | 3 ++- ssh.c | 3 ++- sshd.c | 3 ++- sshlogin.c | 4 +++- sshpty.c | 3 ++- 20 files changed, 50 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3acb62484..f690573b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -68,6 +68,12 @@ - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 [log.c] move user includes after /usr/include files + - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 + [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] + [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] + [sshlogin.c sshpty.c] + move #include out of includes.h 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4801,4 +4807,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4376 2006/07/10 11:09:22 djm Exp $ +$Id: ChangeLog,v 1.4377 2006/07/10 11:13:46 djm Exp $ diff --git a/auth2-none.c b/auth2-none.c index 3fdf09a3a..d6738175f 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.10 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.11 2006/07/09 15:15:10 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,8 @@ #include #include +#include + #include "auth.h" #include "xmalloc.h" #include "packet.h" diff --git a/authfd.c b/authfd.c index 0d2b09ecc..5cec7a97c 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.75 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: authfd.c,v 1.76 2006/07/09 15:15:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,6 +43,8 @@ #include +#include + #include "ssh.h" #include "rsa.h" #include "buffer.h" diff --git a/authfile.c b/authfile.c index b1a28528f..e928b0b0e 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */ +/* $OpenBSD: authfile.c,v 1.68 2006/07/09 15:15:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,8 @@ #include #include +#include + #include "cipher.h" #include "xmalloc.h" #include "buffer.h" diff --git a/includes.h b/includes.h index 417d7c01b..6e8f5416f 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.46 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.47 2006/07/09 15:15:10 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -23,7 +23,6 @@ #include #include #include -#include /* For O_NONBLOCK */ #include #include #include diff --git a/misc.c b/misc.c index b7316519d..2abb14051 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.54 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -33,6 +33,7 @@ #include #include +#include #ifdef HAVE_PATHS_H # include #include diff --git a/monitor.c b/monitor.c index 73306948a..b06cecf7d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.79 2006/07/08 21:48:53 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.80 2006/07/09 15:15:10 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -31,6 +31,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/readpass.c b/readpass.c index 34d70b07a..b83b6f5ee 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.39 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: readpass.c,v 1.40 2006/07/09 15:15:10 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/scp.c b/scp.c index cfe2165e6..600df161a 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.143 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.144 2006/07/09 15:15:10 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -81,6 +81,7 @@ #include #include +#include #include #include diff --git a/serverloop.c b/serverloop.c index 14baecae1..09063ab8c 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.137 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.138 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,6 +43,7 @@ #include +#include #include #include #include diff --git a/sftp-client.c b/sftp-client.c index 8778439b9..e10361e93 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.65 2006/04/16 00:54:10 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.66 2006/07/09 15:15:11 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -26,7 +26,9 @@ #ifdef HAVE_SYS_STAT_H # include #endif -# include + +#include +#include #include "openbsd-compat/sys-queue.h" diff --git a/sftp-server.c b/sftp-server.c index b95cb96c2..0c6f4c24e 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.58 2006/07/06 10:47:57 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.59 2006/07/09 15:15:11 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -20,6 +20,7 @@ #include #include +#include #include #include "buffer.h" diff --git a/ssh-add.c b/ssh-add.c index 1cc10295f..f8db1eb3d 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.81 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.82 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,6 +42,7 @@ #include +#include #include #include "ssh.h" diff --git a/ssh-agent.c b/ssh-agent.c index 87e94b0ea..57c7380f3 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.141 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.142 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include "openbsd-compat/sys-queue.h" #include +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-keygen.c b/ssh-keygen.c index afa718a96..b6959ca11 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.146 2006/07/06 16:22:39 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.147 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -21,6 +21,7 @@ #include #include +#include #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index 751d49a90..02c10e2e9 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.24 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.25 2006/07/09 15:15:11 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -24,6 +24,7 @@ */ #include "includes.h" +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/ssh.c b/ssh.c index ee4f92f92..d5c067018 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.280 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.281 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sshd.c b/sshd.c index 4131f1699..591622fd0 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.334 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.335 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sshlogin.c b/sshlogin.c index a472b511c..9b5ce1fde 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.17 2006/03/25 18:36:15 deraadt Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.18 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,8 @@ #include "includes.h" +#include + #include "loginrec.h" #include "log.h" #include "buffer.h" diff --git a/sshpty.c b/sshpty.c index 973c2d2d8..7f4e8bc16 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.21 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.22 2006/07/09 15:15:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H # include -- cgit v1.2.3 From 211838d8e22bf1af0bacb7619ba541c5d4f3650a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:14:00 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 [ssh-add.c] use O_RDONLY vs. 0 in open(); no binary change --- ChangeLog | 5 ++++- ssh-add.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f690573b9..8d628c5fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -74,6 +74,9 @@ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] [sshlogin.c sshpty.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 + [ssh-add.c] + use O_RDONLY vs. 0 in open(); no binary change 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4807,4 +4810,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4377 2006/07/10 11:13:46 djm Exp $ +$Id: ChangeLog,v 1.4378 2006/07/10 11:14:00 djm Exp $ diff --git a/ssh-add.c b/ssh-add.c index f8db1eb3d..07de9246e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.82 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.83 2006/07/09 15:27:59 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -135,7 +135,7 @@ add_file(AuthenticationConnection *ac, const char *filename) char msg[1024]; int fd, perms_ok, ret = -1; - if ((fd = open(filename, 0)) < 0) { + if ((fd = open(filename, O_RDONLY)) < 0) { perror(filename); return -1; } -- cgit v1.2.3 From c718c743c1b64ba20b009f2dfe6cad465a7a4a78 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:31:00 +1000 Subject: - djm@cvs.openbsd.org 2006/07/10 11:24:54 [sftp-server.c] remove optind - it isn't used here --- ChangeLog | 5 ++++- sftp-server.c | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8d628c5fa..74f07f35e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -77,6 +77,9 @@ - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 [ssh-add.c] use O_RDONLY vs. 0 in open(); no binary change + - djm@cvs.openbsd.org 2006/07/10 11:24:54 + [sftp-server.c] + remove optind - it isn't used here 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4810,4 +4813,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4378 2006/07/10 11:14:00 djm Exp $ +$Id: ChangeLog,v 1.4379 2006/07/10 11:31:00 djm Exp $ diff --git a/sftp-server.c b/sftp-server.c index 0c6f4c24e..31be27b4f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.59 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.60 2006/07/10 11:24:54 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1201,7 +1201,6 @@ main(int argc, char **argv) SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp; - extern int optind; extern char *optarg; extern char *__progname; -- cgit v1.2.3 From 6444fe996b2789327e28057e69bd3ece371f784d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:31:27 +1000 Subject: - djm@cvs.openbsd.org 2006/07/10 11:25:53 [sftp-server.c] don't log variables that aren't yet set --- ChangeLog | 5 ++++- sftp-server.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74f07f35e..9646e8c42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,6 +80,9 @@ - djm@cvs.openbsd.org 2006/07/10 11:24:54 [sftp-server.c] remove optind - it isn't used here + - djm@cvs.openbsd.org 2006/07/10 11:25:53 + [sftp-server.c] + don't log variables that aren't yet set 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4813,4 +4816,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4379 2006/07/10 11:31:00 djm Exp $ +$Id: ChangeLog,v 1.4380 2006/07/10 11:31:27 djm Exp $ diff --git a/sftp-server.c b/sftp-server.c index 31be27b4f..e7193859e 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.60 2006/07/10 11:24:54 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.61 2006/07/10 11:25:53 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -480,9 +480,9 @@ process_open(void) int handle, fd, flags, mode, status = SSH2_FX_FAILURE; id = get_int(); - debug3("request %u: open flags %d", id, pflags); name = get_string(NULL); pflags = get_int(); /* portable flags */ + debug3("request %u: open flags %d", id, pflags); a = get_attrib(); flags = flags_from_portable(pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; -- cgit v1.2.3 From a1738e4c65108b9c549c66c3a668a04b86c1530c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 21:33:04 +1000 Subject: - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h --- ChangeLog | 6 +++++- loginrec.c | 1 + openbsd-compat/glob.c | 1 + openbsd-compat/mktemp.c | 1 + openbsd-compat/openbsd-compat.h | 8 ++++---- openbsd-compat/port-tun.c | 3 +++ openbsd-compat/readpassphrase.c | 1 + openbsd-compat/xcrypt.c | 3 +++ ssh-rand-helper.c | 1 + sshd.c | 1 + 10 files changed, 21 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9646e8c42..30356693d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -83,6 +83,10 @@ - djm@cvs.openbsd.org 2006/07/10 11:25:53 [sftp-server.c] don't log variables that aren't yet set + - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] + [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] + [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] + [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4816,4 +4820,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4380 2006/07/10 11:31:27 djm Exp $ +$Id: ChangeLog,v 1.4381 2006/07/10 11:33:04 djm Exp $ diff --git a/loginrec.c b/loginrec.c index 42f022fd9..a27a3ae61 100644 --- a/loginrec.c +++ b/loginrec.c @@ -153,6 +153,7 @@ #include +#include #include #include "ssh.h" diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index fd3d86c4c..439d2f50d 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -38,6 +38,7 @@ #include #include #include +#include static long get_arg_max(void) diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 53a50c512..75a339156 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -37,6 +37,7 @@ #include #include +#include #include #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 37c979fa4..6231e03a2 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.37 2006/06/30 00:51:32 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.38 2006/07/10 11:33:05 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -31,6 +31,9 @@ #include "includes.h" +#include +#include + /* OpenBSD function replacements */ #include "base64.h" #include "sigact.h" @@ -131,8 +134,6 @@ int BSDgetopt(int argc, char * const *argv, const char *opts); #include "bsd-misc.h" #include "bsd-waitpid.h" -/*#include XXX Still needed? * For uid_t, gid_t * */ - #ifndef HAVE_GETPEEREID int getpeereid(int , uid_t *, gid_t *); #endif @@ -177,7 +178,6 @@ void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); - /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 6e1fed969..a87b809d5 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -16,9 +16,12 @@ #include "includes.h" +#include #include #include +#include + #include "log.h" #include "misc.h" #include "bufaux.h" diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 95e26dcd4..95c0af815 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #ifdef TCSASOFT diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 9afa0b9f2..5d260f2c2 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -24,6 +24,9 @@ #include "includes.h" +#include +#include + # ifdef HAVE_CRYPT_H # include # endif diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index feb1bfb18..ebee90014 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -36,6 +36,7 @@ # include #endif +#include #include #include diff --git a/sshd.c b/sshd.c index 591622fd0..602116edf 100644 --- a/sshd.c +++ b/sshd.c @@ -56,6 +56,7 @@ #ifdef HAVE_PATHS_H #include #endif +#include #include #include -- cgit v1.2.3 From 3d1a9f4d5dfed0d2607b7cb36e1608255a669a17 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 22:19:53 +1000 Subject: - djm@cvs.openbsd.org 2006/07/10 12:03:20 [scp.c] duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@ --- ChangeLog | 7 ++++++- scp.c | 12 +++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 30356693d..e411230f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -87,6 +87,11 @@ [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/07/10 12:03:20 + [scp.c] + duplicate argv at the start of main() because it gets modified later; + pointed out by deraadt@ ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4820,4 +4825,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4381 2006/07/10 11:33:04 djm Exp $ +$Id: ChangeLog,v 1.4382 2006/07/10 12:19:53 djm Exp $ diff --git a/scp.c b/scp.c index 600df161a..6fe246d8c 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.144 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.145 2006/07/10 12:03:20 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -272,15 +272,21 @@ void usage(void); int main(int argc, char **argv) { - int ch, fflag, tflag, status; + int ch, fflag, tflag, status, n; double speed; - char *targ, *endp; + char *targ, *endp, **newargv; extern char *optarg; extern int optind; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + /* Copy argv, because we modify it */ + newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv)); + for (n = 0; n < argc; n++) + newargv[n] = xstrdup(argv[n]); + argv = newargv; + __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); -- cgit v1.2.3 From 0f07707267fd3911bcf95b48125b522f9e222c64 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 10 Jul 2006 22:21:02 +1000 Subject: - djm@cvs.openbsd.org 2006/07/10 12:08:08 [channels.c] fix misparsing of SOCKS 5 packets that could result in a crash; reported by mk@ ok markus@ --- ChangeLog | 6 +++++- channels.c | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index e411230f2..beb4a4fa2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -92,6 +92,10 @@ [scp.c] duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@ + - djm@cvs.openbsd.org 2006/07/10 12:08:08 + [channels.c] + fix misparsing of SOCKS 5 packets that could result in a crash; + reported by mk@ ok markus@ 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4825,4 +4829,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4382 2006/07/10 12:19:53 djm Exp $ +$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $ diff --git a/channels.c b/channels.c index 5796a8bb9..cd68efded 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.251 2006/07/03 17:59:32 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.252 2006/07/10 12:08:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1014,7 +1014,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) } s5_req, s5_rsp; u_int16_t dest_port; u_char *p, dest_addr[255+1]; - u_int have, i, found, nmethods, addrlen, af; + u_int have, need, i, found, nmethods, addrlen, af; debug2("channel %d: decode socks5", c->self); p = buffer_ptr(&c->input); @@ -1075,7 +1075,10 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp); return -1; } - if (have < 4 + addrlen + 2) + need = sizeof(s5_req) + addrlen + 2; + if (s5_req.atyp == SSH_SOCKS5_DOMAIN) + need++; + if (have < need) return 0; buffer_consume(&c->input, sizeof(s5_req)); if (s5_req.atyp == SSH_SOCKS5_DOMAIN) -- cgit v1.2.3 From da3455356100dbcb5d1ff9f0556386ca5f788795 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 10 Jul 2006 23:04:19 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 [misc.c misc.h sshd.8 sshconnect.c] Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@. --- ChangeLog | 10 +++++++++- misc.c | 20 +++++++++++++++++++- misc.h | 3 ++- sshconnect.c | 25 +++++++++++++++---------- sshd.8 | 9 ++++++++- 5 files changed, 53 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index beb4a4fa2..56cee8708 100644 --- a/ChangeLog +++ b/ChangeLog @@ -96,6 +96,14 @@ [channels.c] fix misparsing of SOCKS 5 packets that could result in a crash; reported by mk@ ok markus@ + - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 + [misc.c misc.h sshd.8 sshconnect.c] + Add port identifier to known_hosts for non-default ports, based originally + on a patch from Devin Nate in bz#910. + For any connection using the default port or using a HostKeyAlias the + format is unchanged, otherwise the host name or address is enclosed + within square brackets in the same format as sshd's ListenAddress. + Tested by many, ok markus@. 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4829,4 +4837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $ +$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $ diff --git a/misc.c b/misc.c index 2abb14051..a65b1fded 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -45,6 +45,7 @@ #include "misc.h" #include "log.h" #include "xmalloc.h" +#include "ssh.h" /* remove newline at end of string */ char * @@ -336,6 +337,23 @@ convtime(const char *s) return total; } +/* + * Returns a standardized host+port identifier string. + * Caller must free returned string. + */ +char * +put_host_port(const char *host, u_short port) +{ + char *hoststr; + + if (port == 0 || port == SSH_DEFAULT_PORT) + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); + debug3("put_host_port: %s", hoststr); + return hoststr; +} + /* * Search for next delimiter between hostnames/addresses and ports. * Argument may be modified (for termination). diff --git a/misc.h b/misc.h index f96328662..139a62e05 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); int a2tun(const char *, int *); +char *put_host_port(const char *, u_short); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); diff --git a/sshconnect.c b/sshconnect.c index 3bc455eb4..f8450eadf 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -514,12 +514,12 @@ confirm(const char *prompt) * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ static int -check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, +check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) { Key *file_key; const char *type = key_type(host_key); - char *ip = NULL; + char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; @@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("check_host_key: getnameinfo failed"); - ip = xstrdup(ntop); + ip = put_host_port(ntop, options.port); } else { ip = xstrdup(""); } @@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, * Turn off check_host_ip if the connection is to localhost, via proxy * command or if we don't have a hostname to compare with */ - if (options.check_host_ip && - (local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) + if (options.check_host_ip && (local || + strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) options.check_host_ip = 0; /* - * Allow the user to record the key under a different name. This is - * useful for ssh tunneling over forwarded connections or if you run - * multiple sshd's on different ports on the same machine. + * Allow the user to record the key under a different name or + * differentiate a non-standard port. This is useful for ssh + * tunneling over forwarded connections or if you run multiple + * sshd's on different ports on the same machine. */ if (options.host_key_alias != NULL) { - host = options.host_key_alias; + host = xstrdup(options.host_key_alias); debug("using hostkeyalias: %s", host); + } else { + host = put_host_port(hostname, options.port); } /* @@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, } xfree(ip); + xfree(host); return 0; fail: xfree(ip); + xfree(host); return -1; } diff --git a/sshd.8 b/sshd.8 index 0bfd68505..f614b8dc3 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -588,6 +588,13 @@ A pattern may also be preceded by to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. +A hostname or address may optionally be enclosed within +.Ql \&[ +and +.Ql \&] +brackets then followed by +.Ql \&: +and and a non-standard port number. .Pp Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. -- cgit v1.2.3 From 4e880e632be69861af52a90dcdf337deb60ca536 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 11 Jul 2006 00:20:51 +1000 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include for struct sockaddr on platforms that use the fake-rfc stuff. --- ChangeLog | 4 +++- openbsd-compat/openbsd-compat.h | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 56cee8708..6c4cf92c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,8 @@ format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@. + - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include + for struct sockaddr on platforms that use the fake-rfc stuff. 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4837,4 +4839,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $ +$Id: ChangeLog,v 1.4385 2006/07/10 14:20:51 dtucker Exp $ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 6231e03a2..8b885178c 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.38 2006/07/10 11:33:05 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.39 2006/07/10 14:20:52 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -34,6 +34,8 @@ #include #include +#include + /* OpenBSD function replacements */ #include "base64.h" #include "sigact.h" -- cgit v1.2.3 From 44c828fe29e61126ae5ff9e71e1a76a55f5fa34b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 11 Jul 2006 18:00:06 +1000 Subject: - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally include paths.h. Fixes build error on Solaris. --- ChangeLog | 7 ++++++- configure.ac | 5 +++-- openbsd-compat/bsd-openpty.c | 10 ++++++++++ openbsd-compat/daemon.c | 10 ++++++++++ 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6c4cf92c0..9ca297bf6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060711 + - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c + openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally + include paths.h. Fixes build error on Solaris. + 20060710 - (dtucker) [INSTALL] New autoconf version: 2.60. - OpenBSD CVS Sync @@ -4839,4 +4844,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4385 2006/07/10 14:20:51 dtucker Exp $ +$Id: ChangeLog,v 1.4386 2006/07/11 08:00:06 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 252e7a993..c6d56bf4a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.344 2006/07/06 01:56:25 dtucker Exp $ +# $Id: configure.ac,v 1.345 2006/07/11 08:00:06 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.344 $) +AC_REVISION($Revision: 1.345 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -686,6 +686,7 @@ AC_CHECK_HEADERS( \ dirent.h \ endian.h \ features.h \ + fcntl.h \ floatingpoint.h \ getopt.h \ glob.h \ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 28929de67..0b77a1da9 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -35,6 +35,16 @@ #include "includes.h" #if !defined(HAVE_OPENPTY) +#include + +#ifdef HAVE_SYS_STAT_H +# include +#endif + +#ifdef HAVE_FCNTL_H +# include +#endif + #ifdef HAVE_UTIL_H # include #endif /* HAVE_UTIL_H */ diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index f8a0680bf..f380139d3 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c @@ -34,6 +34,16 @@ #ifndef HAVE_DAEMON +#include + +#ifdef HAVE_SYS_STAT_H +# include +#endif + +#ifdef HAVE_FCNTL_H +# include +#endif + int daemon(int nochdir, int noclose) { -- cgit v1.2.3 From 2ee50c5cce20c67a4e67d2b56b1833ba4227975a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 11 Jul 2006 18:55:05 +1000 Subject: - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally include paths.h. Fixes build error on Solaris. --- ssh-keygen.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index b6959ca11..4e42d0cfc 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -22,7 +22,9 @@ #include #include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include "xmalloc.h" -- cgit v1.2.3 From e0e4aad1fdd8770283798eede1297f363b43498d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 11 Jul 2006 19:01:51 +1000 Subject: - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably others). --- ChangeLog | 4 +++- entropy.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ca297bf6..78a23fe4f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally include paths.h. Fixes build error on Solaris. + - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably + others). 20060710 - (dtucker) [INSTALL] New autoconf version: 2.60. @@ -4844,4 +4846,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4386 2006/07/11 08:00:06 dtucker Exp $ +$Id: ChangeLog,v 1.4387 2006/07/11 09:01:51 dtucker Exp $ diff --git a/entropy.c b/entropy.c index d60583b34..b98e3c859 100644 --- a/entropy.c +++ b/entropy.c @@ -27,6 +27,14 @@ #include #include +#ifdef HAVE_SYS_STAT_H +# include +#endif + +#ifdef HAVE_FCNTL_H +# include +#endif + #include #include #include -- cgit v1.2.3 From 248469bc8d6c001596fdd3a83c1ffc63ae466e5b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 14:14:31 +1000 Subject: - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably more. --- ChangeLog | 7 ++++++- configure.ac | 17 +++++++++++++++-- defines.h | 8 ++++---- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 78a23fe4f..b2c8cda3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060712 + - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK + if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably + more. + 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally @@ -4846,4 +4851,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4387 2006/07/11 09:01:51 dtucker Exp $ +$Id: ChangeLog,v 1.4388 2006/07/12 04:14:31 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c6d56bf4a..19446b3bd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.345 2006/07/11 08:00:06 dtucker Exp $ +# $Id: configure.ac,v 1.346 2006/07/12 04:14:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.345 $) +AC_REVISION($Revision: 1.346 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1285,6 +1285,19 @@ AC_CHECK_DECL(tcsendbreak, AC_CHECK_DECLS(h_errno, , ,[#include ]) +AC_CHECK_DECLS(SHUT_RD, , ,[#include ]) + +AC_CHECK_DECLS(O_NONBLOCK, , , + [ +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_FCNTL_H +# include +#endif + ]) + AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) diff --git a/defines.h b/defines.h index f2fdd3cad..4dccc9172 100644 --- a/defines.h +++ b/defines.h @@ -25,12 +25,12 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.132 2006/05/15 07:17:30 dtucker Exp $ */ +/* $Id: defines.h,v 1.133 2006/07/12 04:14:31 dtucker Exp $ */ /* Constants */ -#ifndef SHUT_RDWR +#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 enum { SHUT_RD = 0, /* No more receptions. */ @@ -90,8 +90,8 @@ enum #endif #endif -#ifndef O_NONBLOCK /* Non Blocking Open */ -# define O_NONBLOCK 00004 +#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0 +# define O_NONBLOCK 00004 /* Non Blocking Open */ #endif #ifndef S_ISDIR -- cgit v1.2.3 From 250f1a69013c87c4adae9322f09a509e4e4b393c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 19:01:29 +1000 Subject: rewrap --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b2c8cda3a..7e8392a43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ 20060712 - - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK - if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably - more. + - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and + O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old + Linuxes and probably more. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4851,4 +4851,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4388 2006/07/12 04:14:31 dtucker Exp $ +$Id: ChangeLog,v 1.4389 2006/07/12 09:01:29 dtucker Exp $ -- cgit v1.2.3 From 128a0894a5ec604572f2acc34f016f8f144b9780 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 19:02:56 +1000 Subject: - (dtucker) [configure.ac] OpenBSD needs before for SHUT_RD. --- ChangeLog | 4 +++- configure.ac | 10 +++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7e8392a43..1f11e32bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably more. + - (dtucker) [configure.ac] OpenBSD needs before + for SHUT_RD. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4851,4 +4853,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4389 2006/07/12 09:01:29 dtucker Exp $ +$Id: ChangeLog,v 1.4390 2006/07/12 09:02:56 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 19446b3bd..3373dadc7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.346 2006/07/12 04:14:31 dtucker Exp $ +# $Id: configure.ac,v 1.347 2006/07/12 09:02:57 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.346 $) +AC_REVISION($Revision: 1.347 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1285,7 +1285,11 @@ AC_CHECK_DECL(tcsendbreak, AC_CHECK_DECLS(h_errno, , ,[#include ]) -AC_CHECK_DECLS(SHUT_RD, , ,[#include ]) +AC_CHECK_DECLS(SHUT_RD, , , + [ +#include +#include + ]) AC_CHECK_DECLS(O_NONBLOCK, , , [ -- cgit v1.2.3 From 686852f665376c2287c716f8d388b42c1727210b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 19:05:56 +1000 Subject: - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs before . --- ChangeLog | 4 +++- openbsd-compat/port-tun.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1f11e32bc..ba0b72033 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ Linuxes and probably more. - (dtucker) [configure.ac] OpenBSD needs before for SHUT_RD. + - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs before + . 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4853,4 +4855,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4390 2006/07/12 09:02:56 dtucker Exp $ +$Id: ChangeLog,v 1.4391 2006/07/12 09:05:56 dtucker Exp $ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index a87b809d5..bee6b160c 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -18,6 +18,7 @@ #include #include +#include #include #include -- cgit v1.2.3 From a5362458d0e1d2387a05f5c7c29e4f5b87501824 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:07:08 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 [sftp-glob.c sftp-common.h sftp.c] buffer.h only needed in sftp-common.h and remove some unneeded user includes; ok djm@ --- ChangeLog | 7 ++++++- sftp-common.h | 4 +++- sftp-glob.c | 5 +---- sftp.c | 3 +-- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index ba0b72033..6964eb523 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,11 @@ for SHUT_RD. - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs before . + - (dtucker) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 + [sftp-glob.c sftp-common.h sftp.c] + buffer.h only needed in sftp-common.h and remove some unneeded + user includes; ok djm@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4855,4 +4860,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4391 2006/07/12 09:05:56 dtucker Exp $ +$Id: ChangeLog,v 1.4392 2006/07/12 12:07:08 dtucker Exp $ diff --git a/sftp-common.h b/sftp-common.h index 88c76c17e..9a64dc522 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.8 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.9 2006/07/10 16:01:57 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -28,6 +28,8 @@ #include #include +#include "buffer.h" + /* Maximum packet that we are willing to send/accept */ #define SFTP_MAX_MSG_LENGTH (256 * 1024) diff --git a/sftp-glob.c b/sftp-glob.c index 3d092d133..0342de47d 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.19 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.20 2006/07/10 16:01:57 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -24,10 +24,7 @@ #include -#include "buffer.h" -#include "bufaux.h" #include "xmalloc.h" -#include "log.h" #include "sftp.h" #include "sftp-common.h" diff --git a/sftp.c b/sftp.c index a6c22aa67..27099ef06 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.83 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.84 2006/07/10 16:01:57 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -35,7 +35,6 @@ typedef void EditLine; #endif #include -#include "buffer.h" #include "xmalloc.h" #include "log.h" #include "pathnames.h" -- cgit v1.2.3 From 11318476842a01eef47ceff67f31afc06cf2eaa5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:07:59 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/10 16:04:21 [sshd.8] s/and and/and/ --- ChangeLog | 5 ++++- sshd.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6964eb523..ba787e050 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ [sftp-glob.c sftp-common.h sftp.c] buffer.h only needed in sftp-common.h and remove some unneeded user includes; ok djm@ + - jmc@cvs.openbsd.org 2006/07/10 16:04:21 + [sshd.8] + s/and and/and/ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4860,4 +4863,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4392 2006/07/12 12:07:08 dtucker Exp $ +$Id: ChangeLog,v 1.4393 2006/07/12 12:07:59 dtucker Exp $ diff --git a/sshd.8 b/sshd.8 index f614b8dc3..48be5a760 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -594,7 +594,7 @@ and .Ql \&] brackets then followed by .Ql \&: -and and a non-standard port number. +and a non-standard port number. .Pp Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. -- cgit v1.2.3 From 5d19626a0476f40e9320541194391d7eb51038d3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:15:16 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c auth.c packet.c log.c] move #include out of includes.h; ok markus@ --- ChangeLog | 6 +++++- auth.c | 4 ++-- fatal.c | 4 +++- includes.h | 4 +--- log.c | 3 ++- log.h | 4 +++- misc.c | 4 +++- packet.c | 4 +++- readpass.c | 3 ++- scp.c | 3 ++- ssh-keyscan.c | 3 ++- xmalloc.c | 4 +++- 12 files changed, 31 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index ba787e050..f152f91ad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ - jmc@cvs.openbsd.org 2006/07/10 16:04:21 [sshd.8] s/and and/and/ + - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 + [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c + auth.c packet.c log.c] + move #include out of includes.h; ok markus@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4863,4 +4867,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4393 2006/07/12 12:07:59 dtucker Exp $ +$Id: ChangeLog,v 1.4394 2006/07/12 12:15:16 dtucker Exp $ diff --git a/auth.c b/auth.c index 0c8894c99..6901c936a 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.68 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.69 2006/07/10 16:37:36 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -38,10 +38,10 @@ #ifdef USE_SHADOW #include #endif - #ifdef HAVE_LIBGEN_H #include #endif +#include #include "xmalloc.h" #include "match.h" diff --git a/fatal.c b/fatal.c index 7f58970fb..1f2cd0bc8 100644 --- a/fatal.c +++ b/fatal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fatal.c,v 1.5 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: fatal.c,v 1.6 2006/07/10 16:37:36 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include "log.h" /* Fatal messages. This function never returns. */ diff --git a/includes.h b/includes.h index 6e8f5416f..22a2c5944 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.47 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.48 2006/07/10 16:37:36 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -20,12 +20,10 @@ #define _GNU_SOURCE /* activate extra prototypes for glibc */ -#include #include #include #include #include -#include #include #include diff --git a/log.c b/log.c index f7f92bcac..8702c3e52 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.32 2006/07/08 23:30:06 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.33 2006/07/10 16:37:36 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,6 +36,7 @@ #include "includes.h" +#include #include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) # include diff --git a/log.h b/log.h index 21437cff6..9e1a2fcdb 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: log.h,v 1.13 2006/07/10 16:37:36 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -15,6 +15,8 @@ #ifndef SSH_LOG_H #define SSH_LOG_H +#include + #include /* Needed for LOG_AUTHPRIV (if present) */ /* Supported syslog facilities and levels. */ diff --git a/misc.c b/misc.c index a65b1fded..4d6576ad6 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.57 2006/07/10 16:37:36 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -30,6 +30,8 @@ #include #include +#include + #include #include diff --git a/packet.c b/packet.c index f04d6fac9..b4f3aea14 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.133 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.134 2006/07/10 16:37:36 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +47,8 @@ #include #include +#include + #include "xmalloc.h" #include "buffer.h" #include "packet.h" diff --git a/readpass.c b/readpass.c index b83b6f5ee..0da75ac11 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.40 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.41 2006/07/10 16:37:36 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -32,6 +32,7 @@ #ifdef HAVE_PATHS_H # include #endif +#include #include "xmalloc.h" #include "misc.h" diff --git a/scp.c b/scp.c index 6fe246d8c..c15fbbc2a 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.145 2006/07/10 12:03:20 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.146 2006/07/10 16:37:36 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -84,6 +84,7 @@ #include #include #include +#include #include "xmalloc.h" #include "atomicio.h" diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 85ee168e7..76c2ed13c 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.65 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.66 2006/07/10 16:37:36 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -11,6 +11,7 @@ #include "openbsd-compat/sys-queue.h" #include +#include #include diff --git a/xmalloc.c b/xmalloc.c index 110d8cb7f..8f9c3e12e 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.21 2006/03/27 01:21:18 deraadt Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.22 2006/07/10 16:37:36 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,6 +15,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "log.h" -- cgit v1.2.3 From 284706a7555b3640c78854fc64010ce956e19339 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:16:23 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 [ssh.c] Only copy the part of environment variable that we actually use. Prevents ssh bailing when SendEnv is used and an environment variable with a really long value exists. ok djm@ --- ChangeLog | 7 ++++++- ssh.c | 13 ++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f152f91ad..b5c849806 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c auth.c packet.c log.c] move #include out of includes.h; ok markus@ + - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 + [ssh.c] + Only copy the part of environment variable that we actually use. Prevents + ssh bailing when SendEnv is used and an environment variable with a really + long value exists. ok djm@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4867,4 +4872,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4394 2006/07/12 12:15:16 dtucker Exp $ +$Id: ChangeLog,v 1.4395 2006/07/12 12:16:23 dtucker Exp $ diff --git a/ssh.c b/ssh.c index d5c067018..bd92206d4 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.281 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.282 2006/07/11 10:12:07 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1262,15 +1262,14 @@ control_client_sigrelay(int signo) static int env_permitted(char *env) { - int i; + int i, ret; char name[1024], *cp; - if (strlcpy(name, env, sizeof(name)) >= sizeof(name)) - fatal("env_permitted: name too long"); - if ((cp = strchr(name, '=')) == NULL) + if ((cp = strchr(env, '=')) == NULL || cp == env) return (0); - - *cp = '\0'; + ret = snprintf(name, sizeof(name), "%.*s", (cp - env), env); + if (ret <= 0 || (size_t)ret >= sizeof(name)) + fatal("env_permitted: name '%.100s...' too long", env); for (i = 0; i < options.num_send_env; i++) if (match_pattern(name, options.send_env[i])) -- cgit v1.2.3 From e7d4b19f755c0d33122ef373e54b69e6b93cb0b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:17:10 +1000 Subject: - markus@cvs.openbsd.org 2006/07/11 18:50:48 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c channels.h readconf.c] add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc --- ChangeLog | 8 +++++++- channels.c | 17 ++++++++++------- channels.h | 6 +++--- clientloop.c | 9 ++++++--- readconf.c | 11 ++++++++++- readconf.h | 3 ++- session.c | 8 ++++++-- ssh.1 | 3 ++- ssh.c | 27 +++++++++++++++++++++------ ssh_config.5 | 13 ++++++++++++- 10 files changed, 79 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index b5c849806..74bfb0d3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,12 @@ Only copy the part of environment variable that we actually use. Prevents ssh bailing when SendEnv is used and an environment variable with a really long value exists. ok djm@ + - markus@cvs.openbsd.org 2006/07/11 18:50:48 + [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c + channels.h readconf.c] + add ExitOnForwardFailure: terminate the connection if ssh(1) + cannot set up all requested dynamic, local, and remote port + forwardings. ok djm, dtucker, stevesk, jmc 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4872,4 +4878,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4395 2006/07/12 12:16:23 dtucker Exp $ +$Id: ChangeLog,v 1.4396 2006/07/12 12:17:10 dtucker Exp $ diff --git a/channels.c b/channels.c index cd68efded..51718578b 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.252 2006/07/10 12:08:08 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.253 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2481,7 +2481,7 @@ channel_setup_remote_fwd_listener(const char *listen_address, * the secure channel to host:port from local side. */ -void +int channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { @@ -2525,7 +2525,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, success = 1; break; case SSH_SMSG_FAILURE: - logit("Warning: Server denied remote port forwarding."); break; default: /* Unknown packet */ @@ -2539,6 +2538,7 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, permitted_opens[num_permitted_opens].listen_port = listen_port; num_permitted_opens++; } + return (success ? 0 : -1); } /* @@ -2578,12 +2578,13 @@ channel_request_rforward_cancel(const char *host, u_short port) /* * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates * listening for the port, and sends back a success reply (or disconnect - * message if there was an error). This never returns if there was an error. + * message if there was an error). */ -void +int channel_input_port_forward_request(int is_root, int gateway_ports) { u_short port, host_port; + int success = 0; char *hostname; /* Get arguments from the packet. */ @@ -2605,11 +2606,13 @@ channel_input_port_forward_request(int is_root, int gateway_ports) #endif /* Initiate forwarding */ - channel_setup_local_fwd_listener(NULL, port, hostname, + success = channel_setup_local_fwd_listener(NULL, port, hostname, host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); + + return (success ? 0 : -1); } /* @@ -2628,7 +2631,7 @@ void channel_add_permitted_opens(char *host, int port) { if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_request_remote_forwarding: too many forwards"); + fatal("channel_add_permitted_opens: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host); diff --git a/channels.h b/channels.h index ee1d260fd..d21319a2b 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.84 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.85 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen @@ -208,10 +208,10 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); void channel_clear_permitted_opens(void); -void channel_input_port_forward_request(int, int); +int channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); -void channel_request_remote_forwarding(const char *, u_short, +int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, const char *, u_short, int); diff --git a/clientloop.c b/clientloop.c index c59d573c5..6cb2a7ac7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.166 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.167 2006/07/11 18:50:47 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -996,9 +996,12 @@ process_cmdline(void) goto out; } } else { - channel_request_remote_forwarding(fwd.listen_host, + if (channel_request_remote_forwarding(fwd.listen_host, fwd.listen_port, fwd.connect_host, - fwd.connect_port); + fwd.connect_port) < 0) { + logit("Port forwarding failed."); + goto out; + } } logit("Forwarding port."); diff --git a/readconf.c b/readconf.c index df5e566a5..d25f93012 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.152 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.153 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -102,6 +102,7 @@ typedef enum { oBadOption, oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, + oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -132,6 +133,7 @@ static struct { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "forwardx11trusted", oForwardX11Trusted }, + { "exitonforwardfailure", oExitOnForwardFailure }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, @@ -386,6 +388,10 @@ parse_flag: intptr = &options->gateway_ports; goto parse_flag; + case oExitOnForwardFailure: + intptr = &options->exit_on_forward_failure; + goto parse_flag; + case oUsePrivilegedPort: intptr = &options->use_privileged_port; goto parse_flag; @@ -987,6 +993,7 @@ initialize_options(Options * options) options->forward_agent = -1; options->forward_x11 = -1; options->forward_x11_trusted = -1; + options->exit_on_forward_failure = -1; options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; @@ -1067,6 +1074,8 @@ fill_default_options(Options * options) options->forward_x11 = 0; if (options->forward_x11_trusted == -1) options->forward_x11_trusted = 0; + if (options->exit_on_forward_failure == -1) + options->exit_on_forward_failure = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->gateway_ports == -1) diff --git a/readconf.h b/readconf.h index 7fc2ea47c..e99b1ff25 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.69 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.70 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen @@ -34,6 +34,7 @@ typedef struct { int forward_agent; /* Forward authentication agent. */ int forward_x11; /* Forward X11 display. */ int forward_x11_trusted; /* Trust Forward X11 display. */ + int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ int use_privileged_port; /* Don't use privileged port if false. */ diff --git a/session.c b/session.c index 0a321be30..33be91545 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.207 2006/07/08 21:48:53 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.208 2006/07/11 18:50:48 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -338,7 +338,11 @@ do_authenticated1(Authctxt *authctxt) break; } debug("Received TCP/IP port forwarding request."); - channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); + if (channel_input_port_forward_request(s->pw->pw_uid == 0, + options.gateway_ports) < 0) { + debug("Port forwarding failed."); + break; + } success = 1; break; diff --git a/ssh.1 b/ssh.1 index f44b6f29a..6e41bcd8b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.262 2006/07/02 23:01:55 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -449,6 +449,7 @@ For full details of the options listed below, and their possible values, see .It ControlPath .It DynamicForward .It EscapeChar +.It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 .It ForwardX11Trusted diff --git a/ssh.c b/ssh.c index bd92206d4..2e0ef2f9f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.282 2006/07/11 10:12:07 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.283 2006/07/11 18:50:48 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -817,6 +817,8 @@ ssh_init_forwarding(void) options.local_forwards[i].connect_port, options.gateway_ports); } + if (i > 0 && success != i && options.exit_on_forward_failure) + fatal("Could not request local forwarding."); if (i > 0 && success == 0) error("Could not request local forwarding."); @@ -829,11 +831,17 @@ ssh_init_forwarding(void) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - channel_request_remote_forwarding( + if (channel_request_remote_forwarding( options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port); + options.remote_forwards[i].connect_port) < 0) { + if (options.exit_on_forward_failure) + fatal("Could not request remote forwarding."); + else + logit("Warning: Could not request remote " + "forwarding."); + } } } @@ -1015,9 +1023,16 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen " - "port %d", options.remote_forwards[i].listen_port); + if (type == SSH2_MSG_REQUEST_FAILURE) { + if (options.exit_on_forward_failure) + fatal("Error: remote port forwarding failed for " + "listen port %d", + options.remote_forwards[i].listen_port); + else + logit("Warning: remote port forwarding failed for " + "listen port %d", + options.remote_forwards[i].listen_port); + } } static void diff --git a/ssh_config.5 b/ssh_config.5 index 68ec311b2..55ca55303 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.96 2006/07/11 18:50:48 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -385,6 +385,17 @@ followed by a letter, or to disable the escape character entirely (making the connection transparent for binary data). +.It Cm ExitOnForwardFailure +Specifies whether +.Xr ssh 1 +should terminate the connection if it cannot set up all requested +dynamic, local, and remote port forwardings. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -- cgit v1.2.3 From 39972493467dd9a32a117e85bcbff9aa1e7f3c8d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:22:46 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include out of includes.h; ok markus@ --- ChangeLog | 9 ++++++++- atomicio.c | 4 +++- auth.c | 3 ++- canohost.c | 3 ++- channels.c | 3 ++- clientloop.c | 3 ++- includes.h | 3 +-- misc.c | 3 ++- monitor.c | 3 ++- monitor_fdpass.c | 4 +++- monitor_mm.c | 4 +++- monitor_wrap.c | 3 ++- msg.c | 4 +++- nchan.c | 4 +++- packet.c | 3 ++- progressmeter.c | 3 ++- readconf.c | 3 ++- readpass.c | 3 ++- scp.c | 3 ++- serverloop.c | 3 ++- session.c | 3 ++- sftp-client.c | 3 ++- sftp-server.c | 3 ++- sftp.c | 4 +++- ssh-agent.c | 3 ++- ssh-keygen.c | 3 ++- sshconnect.c | 3 ++- sshconnect2.c | 4 +++- sshd.c | 3 ++- sshlogin.c | 3 ++- sshpty.c | 3 ++- ttymodes.c | 3 ++- uidswap.c | 3 ++- 33 files changed, 78 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74bfb0d3b..32603360d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,13 @@ add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc + - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 + [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c + sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c + includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c + sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c + ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] + move #include out of includes.h; ok markus@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4878,4 +4885,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4396 2006/07/12 12:17:10 dtucker Exp $ +$Id: ChangeLog,v 1.4397 2006/07/12 12:22:46 dtucker Exp $ diff --git a/atomicio.c b/atomicio.c index 3939785df..bf1c0fd18 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.19 2006/04/16 07:59:00 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.20 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -28,6 +28,8 @@ #include "includes.h" +#include + #include "atomicio.h" /* diff --git a/auth.c b/auth.c index 6901c936a..e5ddc79da 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.69 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.70 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/canohost.c b/canohost.c index 538b141b1..4566e2ab1 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.55 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.56 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -20,6 +20,7 @@ #include #include +#include #include "packet.h" #include "xmalloc.h" diff --git a/channels.c b/channels.c index 51718578b..555067255 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.253 2006/07/11 18:50:47 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.254 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/clientloop.c b/clientloop.c index 6cb2a7ac7..978289b61 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.167 2006/07/11 18:50:47 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.168 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,6 +69,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/includes.h b/includes.h index 22a2c5944..08d34486b 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.48 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.49 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -21,7 +21,6 @@ #define _GNU_SOURCE /* activate extra prototypes for glibc */ #include -#include #include #include #include diff --git a/misc.c b/misc.c index 4d6576ad6..fba085d9b 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.57 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.58 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -35,6 +35,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H # include diff --git a/monitor.c b/monitor.c index b06cecf7d..a5263d746 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.80 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.81 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -31,6 +31,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H #include diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 546f7010f..9d319ac1a 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.9 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.10 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -30,6 +30,8 @@ #include #include +#include + #include "log.h" #include "monitor_fdpass.h" diff --git a/monitor_mm.c b/monitor_mm.c index 222751628..dc0dbda76 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.11 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.12 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -26,6 +26,8 @@ #include "includes.h" +#include + #ifdef HAVE_SYS_MMAN_H #include #endif diff --git a/monitor_wrap.c b/monitor_wrap.c index 22b1fe854..9ec60b6af 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.46 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.47 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -32,6 +32,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/msg.c b/msg.c index fb08df548..4344a1312 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.11 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: msg.c,v 1.12 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -24,6 +24,8 @@ */ #include "includes.h" +#include + #include "buffer.h" #include "log.h" #include "atomicio.h" diff --git a/nchan.c b/nchan.c index 58b0e98d5..43816a65b 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.54 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: nchan.c,v 1.55 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -28,6 +28,8 @@ #include #include +#include + #include "ssh1.h" #include "ssh2.h" #include "buffer.h" diff --git a/packet.c b/packet.c index b4f3aea14..e153a7c1b 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.134 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.135 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +47,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/progressmeter.c b/progressmeter.c index d145a724a..98a30e11b 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.29 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.30 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -27,6 +27,7 @@ #include +#include #include #include "progressmeter.h" diff --git a/readconf.c b/readconf.c index d25f93012..d2e172303 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.153 2006/07/11 18:50:48 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.154 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -21,6 +21,7 @@ #include #include +#include #include "ssh.h" #include "xmalloc.h" diff --git a/readpass.c b/readpass.c index 0da75ac11..63197c915 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.41 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.42 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H # include diff --git a/scp.c b/scp.c index c15fbbc2a..5e3a93ed5 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.146 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.147 2006/07/11 20:07:25 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -81,6 +81,7 @@ #include #include +#include #include #include #include diff --git a/serverloop.c b/serverloop.c index 09063ab8c..83138aec2 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.138 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.139 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,6 +43,7 @@ #include +#include #include #include #include diff --git a/session.c b/session.c index 33be91545..5441a4762 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.208 2006/07/11 18:50:48 markus Exp $ */ +/* $OpenBSD: session.c,v 1.209 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -43,6 +43,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H #include diff --git a/sftp-client.c b/sftp-client.c index e10361e93..8fe0c0fe5 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.66 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.67 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -27,6 +27,7 @@ # include #endif +#include #include #include diff --git a/sftp-server.c b/sftp-server.c index e7193859e..29503246e 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.61 2006/07/10 11:25:53 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.62 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -20,6 +20,7 @@ #include #include +#include #include #include diff --git a/sftp.c b/sftp.c index 27099ef06..649f08e5d 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.84 2006/07/10 16:01:57 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.85 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -25,6 +25,8 @@ #include #include +#include + #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-agent.c b/ssh-agent.c index 57c7380f3..4421fa424 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.142 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.143 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include "openbsd-compat/sys-queue.h" #include +#include #include #ifdef HAVE_PATHS_H # include diff --git a/ssh-keygen.c b/ssh-keygen.c index 4e42d0cfc..1c506059c 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.147 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.148 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -21,6 +21,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H # include diff --git a/sshconnect.c b/sshconnect.c index f8450eadf..c9d6221d8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.190 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sshconnect2.c b/sshconnect2.c index 4f96dcfc4..04ea8dfc1 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.155 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.156 2006/07/11 20:07:25 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -29,6 +29,8 @@ #include #include +#include + #include "openbsd-compat/sys-queue.h" #include "ssh.h" diff --git a/sshd.c b/sshd.c index 602116edf..f3fe9d184 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.335 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.336 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H #include diff --git a/sshlogin.c b/sshlogin.c index 9b5ce1fde..808ad605e 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.18 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.19 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,7 @@ #include "includes.h" +#include #include #include "loginrec.h" diff --git a/sshpty.c b/sshpty.c index 7f4e8bc16..10dae0328 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.22 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.23 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,7 @@ #include #include +#include #include #include #ifdef HAVE_PATHS_H diff --git a/ttymodes.c b/ttymodes.c index 92fecb415..b46305430 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.23 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.24 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include "includes.h" +#include #include #include "packet.h" diff --git a/uidswap.c b/uidswap.c index 2ac5d7f91..e97cd7059 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.30 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: uidswap.c,v 1.31 2006/07/11 20:07:25 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,6 +16,7 @@ #include +#include #include #include -- cgit v1.2.3 From 57f4224677c5678d6256df865ea858de9ad915f3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:23:35 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 [ssh.c] cast asterisk field precision argument to int to remove warning; ok markus@ --- ChangeLog | 6 +++++- ssh.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 32603360d..e1cccbe44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include out of includes.h; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 + [ssh.c] + cast asterisk field precision argument to int to remove warning; + ok markus@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4885,4 +4889,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4397 2006/07/12 12:22:46 dtucker Exp $ +$Id: ChangeLog,v 1.4398 2006/07/12 12:23:35 dtucker Exp $ diff --git a/ssh.c b/ssh.c index 2e0ef2f9f..100c095dc 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.283 2006/07/11 18:50:48 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.284 2006/07/11 20:16:43 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1282,7 +1282,7 @@ env_permitted(char *env) if ((cp = strchr(env, '=')) == NULL || cp == env) return (0); - ret = snprintf(name, sizeof(name), "%.*s", (cp - env), env); + ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env); if (ret <= 0 || (size_t)ret >= sizeof(name)) fatal("env_permitted: name '%.100s...' too long", env); -- cgit v1.2.3 From ba724050263c0bca0a7dffa26462d046c4df7e01 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:24:22 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 [authfile.c ssh.c] need here also (it's also included in ) --- ChangeLog | 5 ++++- authfile.c | 3 ++- ssh.c | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e1cccbe44..2710249f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ [ssh.c] cast asterisk field precision argument to int to remove warning; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 + [authfile.c ssh.c] + need here also (it's also included in ) 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4889,4 +4892,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4398 2006/07/12 12:23:35 dtucker Exp $ +$Id: ChangeLog,v 1.4399 2006/07/12 12:24:22 dtucker Exp $ diff --git a/authfile.c b/authfile.c index e928b0b0e..cf3d3d9e1 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.68 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.69 2006/07/11 20:27:56 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include #include +#include #include #include "cipher.h" diff --git a/ssh.c b/ssh.c index 100c095dc..9961baf6e 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.284 2006/07/11 20:16:43 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.285 2006/07/11 20:27:56 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H #include -- cgit v1.2.3 From 4515047e47f26377a46f480ed5929e8ccfa18720 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:34:17 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 [sshd.c servconf.h servconf.c sshd_config.5 auth.c] Add support for conditional directives to sshd_config via a "Match" keyword, which works similarly to the "Host" directive in ssh_config. Lines after a Match line override the default set in the main section if the condition on the Match line is true, eg AllowTcpForwarding yes Match User anoncvs AllowTcpForwarding no will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@ --- ChangeLog | 14 ++- auth.c | 5 +- servconf.c | 356 ++++++++++++++++++++++++++++++++++++++++++---------------- servconf.h | 11 +- sshd.c | 17 ++- sshd_config.5 | 23 +++- 6 files changed, 314 insertions(+), 112 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2710249f2..5d86e4451 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,18 @@ - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 [authfile.c ssh.c] need here also (it's also included in ) + - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 + [sshd.c servconf.h servconf.c sshd_config.5 auth.c] + Add support for conditional directives to sshd_config via a "Match" + keyword, which works similarly to the "Host" directive in ssh_config. + Lines after a Match line override the default set in the main section + if the condition on the Match line is true, eg + AllowTcpForwarding yes + Match User anoncvs + AllowTcpForwarding no + will allow port forwarding by all users except "anoncvs". + Currently only a very small subset of directives are supported. + ok djm@ 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4892,4 +4904,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4399 2006/07/12 12:24:22 dtucker Exp $ +$Id: ChangeLog,v 1.4400 2006/07/12 12:34:17 dtucker Exp $ diff --git a/auth.c b/auth.c index e5ddc79da..3bca8dc21 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.70 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.71 2006/07/12 11:34:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -467,6 +467,9 @@ getpwnamallow(const char *user) #endif struct passwd *pw; + parse_server_match_config(&options, user, + get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + pw = getpwnam(user); if (pw == NULL) { logit("Invalid user %.100s from %.100s", diff --git a/servconf.c b/servconf.c index c5b933ab9..42ec340f3 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.152 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.153 2006/07/12 11:34:58 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -25,12 +25,14 @@ #include "cipher.h" #include "kex.h" #include "mac.h" +#include "match.h" static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); /* Use of privilege separation or not */ extern int use_privsep; +extern Buffer cfg; /* Initializes the server options to their default values. */ @@ -105,9 +107,6 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file2 = NULL; options->num_accept_env = 0; options->permit_tun = -1; - - /* Needs to be accessable in many places */ - use_privsep = -1; } void @@ -277,110 +276,116 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; +#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ +#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ +#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) + /* Textual representation of the tokens. */ static struct { const char *name; ServerOpCodes opcode; + u_int flags; } keywords[] = { /* Portable-specific options */ #ifdef USE_PAM - { "usepam", sUsePAM }, + { "usepam", sUsePAM, SSHCFG_GLOBAL }, #else - { "usepam", sUnsupported }, + { "usepam", sUnsupported, SSHCFG_GLOBAL }, #endif - { "pamauthenticationviakbdint", sDeprecated }, + { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, /* Standard Options */ - { "port", sPort }, - { "hostkey", sHostKeyFile }, - { "hostdsakey", sHostKeyFile }, /* alias */ - { "pidfile", sPidFile }, - { "serverkeybits", sServerKeyBits }, - { "logingracetime", sLoginGraceTime }, - { "keyregenerationinterval", sKeyRegenerationTime }, - { "permitrootlogin", sPermitRootLogin }, - { "syslogfacility", sLogFacility }, - { "loglevel", sLogLevel }, - { "rhostsauthentication", sDeprecated }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "hostbasedauthentication", sHostbasedAuthentication }, - { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, - { "rsaauthentication", sRSAAuthentication }, - { "pubkeyauthentication", sPubkeyAuthentication }, - { "dsaauthentication", sPubkeyAuthentication }, /* alias */ + { "port", sPort, SSHCFG_GLOBAL }, + { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, + { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ + { "pidfile", sPidFile, SSHCFG_GLOBAL }, + { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, + { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, + { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, + { "permitrootlogin", sPermitRootLogin, SSHCFG_GLOBAL }, + { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, + { "loglevel", sLogLevel, SSHCFG_GLOBAL }, + { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, + { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL }, + { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL }, + { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, + { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL }, + { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, + { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ #ifdef KRB5 - { "kerberosauthentication", sKerberosAuthentication }, - { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, - { "kerberosticketcleanup", sKerberosTicketCleanup }, + { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL }, + { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, + { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, #ifdef USE_AFS - { "kerberosgetafstoken", sKerberosGetAFSToken }, + { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, #else - { "kerberosgetafstoken", sUnsupported }, + { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif #else - { "kerberosauthentication", sUnsupported }, - { "kerberosorlocalpasswd", sUnsupported }, - { "kerberosticketcleanup", sUnsupported }, - { "kerberosgetafstoken", sUnsupported }, + { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL }, + { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, + { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, + { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif - { "kerberostgtpassing", sUnsupported }, - { "afstokenpassing", sUnsupported }, + { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, + { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication }, - { "gssapicleanupcredentials", sGssCleanupCreds }, + { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL }, + { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, #else - { "gssapiauthentication", sUnsupported }, - { "gssapicleanupcredentials", sUnsupported }, + { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL }, + { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, #endif - { "passwordauthentication", sPasswordAuthentication }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, - { "challengeresponseauthentication", sChallengeResponseAuthentication }, - { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ - { "checkmail", sDeprecated }, - { "listenaddress", sListenAddress }, - { "addressfamily", sAddressFamily }, - { "printmotd", sPrintMotd }, - { "printlastlog", sPrintLastLog }, - { "ignorerhosts", sIgnoreRhosts }, - { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, - { "x11forwarding", sX11Forwarding }, - { "x11displayoffset", sX11DisplayOffset }, - { "x11uselocalhost", sX11UseLocalhost }, - { "xauthlocation", sXAuthLocation }, - { "strictmodes", sStrictModes }, - { "permitemptypasswords", sEmptyPasswd }, - { "permituserenvironment", sPermitUserEnvironment }, - { "uselogin", sUseLogin }, - { "compression", sCompression }, - { "tcpkeepalive", sTCPKeepAlive }, - { "keepalive", sTCPKeepAlive }, /* obsolete alias */ - { "allowtcpforwarding", sAllowTcpForwarding }, - { "allowusers", sAllowUsers }, - { "denyusers", sDenyUsers }, - { "allowgroups", sAllowGroups }, - { "denygroups", sDenyGroups }, - { "ciphers", sCiphers }, - { "macs", sMacs }, - { "protocol", sProtocol }, - { "gatewayports", sGatewayPorts }, - { "subsystem", sSubsystem }, - { "maxstartups", sMaxStartups }, - { "maxauthtries", sMaxAuthTries }, - { "banner", sBanner }, - { "usedns", sUseDNS }, - { "verifyreversemapping", sDeprecated }, - { "reversemappingcheck", sDeprecated }, - { "clientaliveinterval", sClientAliveInterval }, - { "clientalivecountmax", sClientAliveCountMax }, - { "authorizedkeysfile", sAuthorizedKeysFile }, - { "authorizedkeysfile2", sAuthorizedKeysFile2 }, - { "useprivilegeseparation", sUsePrivilegeSeparation}, - { "acceptenv", sAcceptEnv }, - { "permittunnel", sPermitTunnel }, - { NULL, sBadOption } + { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL }, + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL }, + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, + { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ + { "checkmail", sDeprecated, SSHCFG_GLOBAL }, + { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, + { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, + { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, + { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, + { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, + { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, + { "x11forwarding", sX11Forwarding, SSHCFG_GLOBAL }, + { "x11displayoffset", sX11DisplayOffset, SSHCFG_GLOBAL }, + { "x11uselocalhost", sX11UseLocalhost, SSHCFG_GLOBAL }, + { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, + { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, + { "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL }, + { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, + { "uselogin", sUseLogin, SSHCFG_GLOBAL }, + { "compression", sCompression, SSHCFG_GLOBAL }, + { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, + { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ + { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, + { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, + { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, + { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, + { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, + { "ciphers", sCiphers, SSHCFG_GLOBAL }, + { "macs", sMacs, SSHCFG_GLOBAL }, + { "protocol", sProtocol, SSHCFG_GLOBAL }, + { "gatewayports", sGatewayPorts, SSHCFG_ALL }, + { "subsystem", sSubsystem, SSHCFG_GLOBAL }, + { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, + { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL }, + { "banner", sBanner, SSHCFG_GLOBAL }, + { "usedns", sUseDNS, SSHCFG_GLOBAL }, + { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, + { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, + { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, + { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, + { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, + { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, + { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL }, + { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, + { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, + { NULL, sBadOption, 0 } }; /* @@ -389,13 +394,15 @@ static struct { static ServerOpCodes parse_token(const char *cp, const char *filename, - int linenum) + int linenum, u_int *flags) { u_int i; for (i = 0; keywords[i].name; i++) - if (strcasecmp(cp, keywords[i].name) == 0) + if (strcasecmp(cp, keywords[i].name) == 0) { + *flags = keywords[i].flags; return keywords[i].opcode; + } error("%s: line %d: Bad configuration option: %s", filename, linenum, cp); @@ -440,15 +447,112 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) options->listen_addrs = aitop; } +/* + * The strategy for the Match blocks is that the config file is parsed twice. + * + * The first time is at startup. activep is initialized to 1 and the + * directives in the global context are processed and acted on. Hitting a + * Match directive unsets activep and the directives inside the block are + * checked for syntax only. + * + * The second time is after a connection has been established but before + * authentication. activep is initialized to 2 and global config directives + * are ignored since they have already been processed. If the criteria in a + * Match block is met, activep is set and the subsequent directives + * processed and actioned until EOF or another Match block unsets it. Any + * options set are copied into the main server config. + * + * Potential additions/improvements: + * - Add Match support for pre-kex directives, eg Protocol, Ciphers. + * + * - Add a Tag directive (idea from David Leonard) ala pf, eg: + * Match Address 192.168.0.* + * Tag trusted + * Match Group wheel + * Tag trusted + * Match Tag trusted + * AllowTcpForwarding yes + * GatewayPorts clientspecified + * [...] + * + * - Add a PermittedChannelRequests directive + * Match Group shell + * PermittedChannelRequests session,forwarded-tcpip + */ + +static int +match_cfg_line(char **condition, int line, const char *user, const char *host, + const char *address) +{ + int result = 1; + char *arg, *attrib, *cp = *condition; + size_t len; + + if (user == NULL) + debug3("checking syntax for 'Match %s'", cp); + else + debug3("checking match for '%s' user %s host %s addr %s", cp, + user ? user : "(null)", host ? host : "(null)", + address ? address : "(null)"); + + while ((attrib = strdelim(&cp)) && *attrib != '\0') { + if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { + error("Missing Match criteria for %s", attrib); + return -1; + } + len = strlen(arg); + if (strcasecmp(attrib, "user") == 0) { + if (!user) { + result = 0; + continue; + } + if (match_pattern_list(user, arg, len, 0) != 1) + result = 0; + else + debug("user %.100s matched 'User %.100s' at " + "line %d", user, arg, line); + } else if (strcasecmp(attrib, "host") == 0) { + if (!host) { + result = 0; + continue; + } + if (match_hostname(host, arg, len) != 1) + result = 0; + else + debug("connection from %.100s matched 'Host " + "%.100s' at line %d", host, arg, line); + } else if (strcasecmp(attrib, "address") == 0) { + debug("address '%s' arg '%s'", address, arg); + if (!address) { + result = 0; + continue; + } + if (match_hostname(address, arg, len) != 1) + result = 0; + else + debug("connection from %.100s matched 'Address " + "%.100s' at line %d", address, arg, line); + } else { + error("Unsupported Match attribute %s", attrib); + return -1; + } + } + if (user != NULL) + debug3("match %sfound", result ? "" : "not "); + *condition = cp; + return result; +} + int process_server_config_line(ServerOptions *options, char *line, - const char *filename, int linenum) + const char *filename, int linenum, int *activep, const char *user, + const char *host, const char *address) { char *cp, **charptr, *arg, *p; - int *intptr, value, n; + int cmdline = 0, *intptr, value, n; ServerOpCodes opcode; u_short port; - u_int i; + u_int i, flags = 0; size_t len; cp = line; @@ -461,7 +565,25 @@ process_server_config_line(ServerOptions *options, char *line, return 0; intptr = NULL; charptr = NULL; - opcode = parse_token(arg, filename, linenum); + opcode = parse_token(arg, filename, linenum, &flags); + + if (activep == NULL) { /* We are processing a command line directive */ + cmdline = 1; + activep = &cmdline; + } + if (*activep && opcode != sMatch) + debug3("%s:%d setting %s %s", filename, linenum, arg, cp); + if (*activep == 0 && !(flags & SSHCFG_MATCH)) { + if (user == NULL) { + fatal("%s line %d: Directive '%s' is not allowed " + "within a Match block", filename, linenum, arg); + } else { /* this is a directive we have already processed */ + while (arg) + arg = strdelim(&cp); + return 0; + } + } + switch (opcode) { /* Portable-specific options */ case sUsePAM: @@ -499,7 +621,7 @@ parse_int: fatal("%s line %d: missing integer value.", filename, linenum); value = atoi(arg); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break; @@ -579,7 +701,7 @@ parse_filename: if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", filename, linenum); - if (*charptr == NULL) { + if (*activep && *charptr == NULL) { *charptr = tilde_expand_filename(arg, getuid()); /* increase optional counter */ if (intptr != NULL) @@ -630,7 +752,7 @@ parse_flag: else fatal("%s line %d: Bad yes/no argument: %s", filename, linenum, arg); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break; @@ -895,6 +1017,10 @@ parse_flag: if (!arg || *arg == '\0') fatal("%s line %d: Missing subsystem name.", filename, linenum); + if (!*activep) { + arg = strdelim(&cp); + break; + } for (i = 0; i < options->num_subsystems; i++) if (strcmp(arg, options->subsystem_name[i]) == 0) fatal("%s line %d: Subsystem '%s' already defined.", @@ -977,6 +1103,8 @@ parse_flag: if (options->num_accept_env >= MAX_ACCEPT_ENV) fatal("%s line %d: too many allow env.", filename, linenum); + if (!*activep) + break; options->accept_env[options->num_accept_env++] = xstrdup(arg); } @@ -1004,6 +1132,17 @@ parse_flag: *intptr = value; break; + case sMatch: + if (cmdline) + fatal("Match directive not supported as a command-line " + "option"); + value = match_cfg_line(&cp, linenum, user, host, address); + if (value < 0) + fatal("%s line %d: Bad Match condition", filename, + linenum); + *activep = value; + break; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1060,18 +1199,41 @@ load_server_config(const char *filename, Buffer *conf) } void -parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) +parse_server_match_config(ServerOptions *options, const char *user, + const char *host, const char *address) +{ + ServerOptions mo; + + initialize_server_options(&mo); + parse_server_config(&mo, "reprocess config", &cfg, user, host, address); + copy_set_server_options(options, &mo); +} + +/* Copy any (supported) values that are set */ +void +copy_set_server_options(ServerOptions *dst, ServerOptions *src) +{ + if (src->allow_tcp_forwarding != -1) + dst->allow_tcp_forwarding = src->allow_tcp_forwarding; + if (src->gateway_ports != -1) + dst->gateway_ports = src->gateway_ports; +} + +void +parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, + const char *user, const char *host, const char *address) { - int linenum, bad_options = 0; + int active, linenum, bad_options = 0; char *cp, *obuf, *cbuf; debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); obuf = cbuf = xstrdup(buffer_ptr(conf)); + active = user ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { if (process_server_config_line(options, cp, filename, - linenum++) != 0) + linenum++, &active, user, host, address) != 0) bad_options++; } xfree(obuf); diff --git a/servconf.h b/servconf.h index 671050e4c..a74716e6f 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.74 2006/07/06 10:47:05 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.75 2006/07/12 11:34:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -142,8 +142,13 @@ typedef struct { void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); -int process_server_config_line(ServerOptions *, char *, const char *, int); +int process_server_config_line(ServerOptions *, char *, const char *, int, + int *, const char *, const char *, const char *); void load_server_config(const char *, Buffer *); -void parse_server_config(ServerOptions *, const char *, Buffer *); +void parse_server_config(ServerOptions *, const char *, Buffer *, + const char *, const char *, const char *); +void parse_server_match_config(ServerOptions *, const char *, const char *, + const char *); +void copy_set_server_options(ServerOptions *, ServerOptions *); #endif /* SERVCONF_H */ diff --git a/sshd.c b/sshd.c index f3fe9d184..497525df8 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.336 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.337 2006/07/12 11:34:58 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -219,12 +219,15 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ -int use_privsep; +int use_privsep = -1; struct monitor *pmonitor = NULL; /* global authentication context */ Authctxt *the_authctxt = NULL; +/* sshd_config buffer */ +Buffer cfg; + /* message to be displayed after login */ Buffer loginmsg; @@ -916,7 +919,6 @@ main(int ac, char **av) Key *key; Authctxt *authctxt; int ret, key_used = 0; - Buffer cfg; #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); @@ -1036,7 +1038,7 @@ main(int ac, char **av) case 'o': line = xstrdup(optarg); if (process_server_config_line(&options, line, - "command-line", 0) != 0) + "command-line", 0, NULL, NULL, NULL, NULL) != 0) exit(1); xfree(line); break; @@ -1094,11 +1096,8 @@ main(int ac, char **av) else load_server_config(config_file_name, &cfg); - parse_server_config(&options, - rexeced_flag ? "rexec" : config_file_name, &cfg); - - if (!rexec_flag) - buffer_free(&cfg); + parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, + &cfg, NULL, NULL, NULL); seed_rng(); diff --git a/sshd_config.5 b/sshd_config.5 index 3b639b17d..0b2646027 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.59 2006/07/06 10:47:05 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.60 2006/07/12 11:34:58 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -463,6 +463,27 @@ for data integrity protection. Multiple algorithms must be comma-separated. The default is: .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . +.It Cm Match +Introduces a conditional block. Keywords on lines following a +.Cm Match +block are only applied if all of the criteria on the +.Cm Match +are satisfied. +The the arguments to +.Cm Match +block are one or more criteria-pattern pairs. +The available criteria are +.Cm User , +.Cm Host , +and +.Cm Address . +Only a subset of keywords may be used on the lines following a +.Cm Match +keyword. +Available keywords are +.Cm AllowTcpForwarding , +and +.Cm GatewayPorts . .It Cm MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. -- cgit v1.2.3 From c931c433f60a515af4cd463815ad3f9cf75ba3d9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:35:51 +1000 Subject: - (dtucker) [openbsd-compat/xmmap.c] Include . --- ChangeLog | 3 ++- openbsd-compat/xmmap.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5d86e4451..eff2102d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,7 @@ will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@ + - (dtucker) [openbsd-compat/xmmap.c] Include . 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4904,4 +4905,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4400 2006/07/12 12:34:17 dtucker Exp $ +$Id: ChangeLog,v 1.4401 2006/07/12 12:35:51 dtucker Exp $ diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 68ac91192..7d5cc812c 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.7 2006/03/15 02:02:31 djm Exp $ */ +/* $Id: xmmap.c,v 1.8 2006/07/12 12:35:52 dtucker Exp $ */ #include "includes.h" @@ -33,6 +33,8 @@ #endif #include +#include + #include "log.h" void *xmmap(size_t size) -- cgit v1.2.3 From 2c1a02a8d03069163d8cae21484f4e5656e904fe Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:40:50 +1000 Subject: - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include . --- ChangeLog | 6 ++++-- loginrec.c | 1 + openbsd-compat/bindresvport.c | 2 ++ openbsd-compat/glob.c | 2 ++ openbsd-compat/mktemp.c | 2 ++ openbsd-compat/port-tun.c | 1 + openbsd-compat/readpassphrase.c | 1 + openbsd-compat/strtonum.c | 1 + 8 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index eff2102d5..4f585990b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,7 +55,9 @@ will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@ - - (dtucker) [openbsd-compat/xmmap.c] Include . + - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c + openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c + openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include . 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4905,4 +4907,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4401 2006/07/12 12:35:51 dtucker Exp $ +$Id: ChangeLog,v 1.4402 2006/07/12 12:40:50 dtucker Exp $ diff --git a/loginrec.c b/loginrec.c index a27a3ae61..8299b79e4 100644 --- a/loginrec.c +++ b/loginrec.c @@ -153,6 +153,7 @@ #include +#include #include #include diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index 7f48fd03a..2c16233c9 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -36,6 +36,8 @@ #include "includes.h" +#include + #define STARTPORT 600 #define ENDPORT (IPPORT_RESERVED - 1) #define NPORTS (ENDPORT - STARTPORT + 1) diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 439d2f50d..bba4c0976 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -34,10 +34,12 @@ /* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ #include "includes.h" + #include #include #include #include +#include #include static long diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 75a339156..b8b0793a6 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -37,8 +37,10 @@ #include #include + #include #include +#include #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index bee6b160c..9806eec7d 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -21,6 +21,7 @@ #include #include +#include #include #include "log.h" diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 95c0af815..fd9731ac6 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -31,6 +31,7 @@ #include #include #include +#include #ifdef TCSASOFT # define _T_FLUSH (TCSAFLUSH|TCSASOFT) diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c index 8ad0d0058..35c5c18b9 100644 --- a/openbsd-compat/strtonum.c +++ b/openbsd-compat/strtonum.c @@ -22,6 +22,7 @@ #include "includes.h" #ifndef HAVE_STRTONUM #include +#include #define INVALID 1 #define TOOSMALL 2 -- cgit v1.2.3 From 767e4134f13ed22a941f2fb747026b0881f9e827 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:43:28 +1000 Subject: - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. --- ChangeLog | 3 ++- openbsd-compat/setproctitle.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4f585990b..72c56bebc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,7 @@ - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include . + - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4907,4 +4908,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4402 2006/07/12 12:40:50 dtucker Exp $ +$Id: ChangeLog,v 1.4403 2006/07/12 12:43:28 dtucker Exp $ diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 95b662e4d..32e987deb 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -35,6 +35,7 @@ #ifndef HAVE_SETPROCTITLE +#include #include #ifdef HAVE_SYS_PSTAT_H #include -- cgit v1.2.3 From deecec98c76efc3022658e8233ac6536849372e4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 22:44:34 +1000 Subject: - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. --- ChangeLog | 3 ++- ssh-keyscan.c | 1 + ssh-rand-helper.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 72c56bebc..72ae6946a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,6 +59,7 @@ openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include . - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. + - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4908,4 +4909,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4403 2006/07/12 12:43:28 dtucker Exp $ +$Id: ChangeLog,v 1.4404 2006/07/12 12:44:34 dtucker Exp $ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 76c2ed13c..a612dd1b9 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -11,6 +11,7 @@ #include "openbsd-compat/sys-queue.h" #include +#include #include #include diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index ebee90014..3a2903669 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -36,6 +36,7 @@ # include #endif +#include #include #include #include -- cgit v1.2.3 From 5998ed03aadef4c9681e90b669ddd1c5d7a9247b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 23:10:33 +1000 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. --- ChangeLog | 3 ++- openbsd-compat/openbsd-compat.h | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 72ae6946a..d5e8afede 100644 --- a/ChangeLog +++ b/ChangeLog @@ -60,6 +60,7 @@ openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include . - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. + - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4909,4 +4910,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4404 2006/07/12 12:44:34 dtucker Exp $ +$Id: ChangeLog,v 1.4405 2006/07/12 13:10:33 dtucker Exp $ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 8b885178c..18249d81e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.39 2006/07/10 14:20:52 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.40 2006/07/12 13:10:34 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -168,6 +168,10 @@ long long strtoll(const char *, char **, int); long long strtonum(const char *, long long, long long, const char **); #endif +#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) +# include +#endif + #ifndef HAVE_VASPRINTF int vasprintf(char **, const char *, va_list); #endif -- cgit v1.2.3 From 2eaea99054fd65ad03f1fe9679a318253eaa8dd6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 12 Jul 2006 23:41:33 +1000 Subject: - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c openbsd-compat/rresvport.c] More errno.h. --- ChangeLog | 5 ++++- openbsd-compat/bsd-asprintf.c | 3 +++ openbsd-compat/port-aix.c | 1 + openbsd-compat/rresvport.c | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d5e8afede..478b816fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,9 @@ - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. + - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c + openbsd-compat/rresvport.c] More errno.h. + 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c @@ -4910,4 +4913,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4405 2006/07/12 13:10:33 dtucker Exp $ +$Id: ChangeLog,v 1.4406 2006/07/12 13:41:33 dtucker Exp $ diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c index 5ca01f80f..1178296f8 100644 --- a/openbsd-compat/bsd-asprintf.c +++ b/openbsd-compat/bsd-asprintf.c @@ -21,6 +21,9 @@ #ifndef HAVE_VASPRINTF +#include +#include + #ifndef VA_COPY # ifdef HAVE_VA_COPY # define VA_COPY(dest, src) va_copy(dest, src) diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 81d8124e0..33be00c2b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -33,6 +33,7 @@ #ifdef _AIX +#include #include #include #include "port-aix.h" diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index 71cf6e6eb..fc029f46f 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -35,6 +35,8 @@ #ifndef HAVE_RRESVPORT_AF +#include + #if 0 int rresvport(int *alport) -- cgit v1.2.3 From 341dae59c8e0f0367100e617e049cec4023be427 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 Jul 2006 08:45:14 +1000 Subject: - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h --- ChangeLog | 6 ++++-- auth-krb5.c | 1 + auth-pam.c | 2 ++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 478b816fe..1945b8cd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060713 + - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h + 20060712 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old @@ -64,7 +67,6 @@ - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c openbsd-compat/rresvport.c] More errno.h. - 20060711 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally @@ -4913,4 +4915,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4406 2006/07/12 13:41:33 dtucker Exp $ +$Id: ChangeLog,v 1.4407 2006/07/12 22:45:14 dtucker Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index 7bce7778b..8beacc0d4 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -40,6 +40,7 @@ #include "auth.h" #ifdef KRB5 +#include #include extern ServerOptions options; diff --git a/auth-pam.c b/auth-pam.c index 16e7c21e3..cb8754ec7 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -51,6 +51,8 @@ #include #include #include + +#include #include #ifdef USE_PAM -- cgit v1.2.3 From d04f357ac24a6d40176cd53e58d0256b5130d98e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 13:46:50 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/12 13:39:55 [sshd_config.5] - new sentence, new line - s/The the/The/ - kill a bad comma --- ChangeLog | 10 +++++++++- sshd_config.5 | 9 +++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1945b8cd4..4f75fe5b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060724 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/07/12 13:39:55 + [sshd_config.5] + - new sentence, new line + - s/The the/The/ + - kill a bad comma + 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4915,4 +4923,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4407 2006/07/12 22:45:14 dtucker Exp $ +$Id: ChangeLog,v 1.4408 2006/07/24 03:46:50 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 0b2646027..4db92814c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.60 2006/07/12 11:34:58 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.61 2006/07/12 13:39:55 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -464,12 +464,13 @@ Multiple algorithms must be comma-separated. The default is: .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . .It Cm Match -Introduces a conditional block. Keywords on lines following a +Introduces a conditional block. +Keywords on lines following a .Cm Match block are only applied if all of the criteria on the .Cm Match are satisfied. -The the arguments to +The arguments to .Cm Match block are one or more criteria-pattern pairs. The available criteria are @@ -481,7 +482,7 @@ Only a subset of keywords may be used on the lines following a .Cm Match keyword. Available keywords are -.Cm AllowTcpForwarding , +.Cm AllowTcpForwarding and .Cm GatewayPorts . .It Cm MaxAuthTries -- cgit v1.2.3 From be43ebf97579d13e108256c6440cb22a08f12ebc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 13:51:51 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 [auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] move #include out of includes.h; ok djm@ --- ChangeLog | 5 ++++- auth-options.c | 5 ++++- canohost.c | 5 ++++- channels.c | 5 ++++- dns.c | 4 +++- includes.h | 5 +---- logintest.c | 4 +++- openbsd-compat/fake-rfc2553.h | 7 +++++-- openbsd-compat/port-aix.c | 3 +++ readconf.c | 5 ++++- servconf.c | 6 +++++- ssh-keygen.c | 3 +++ ssh-keyscan.c | 7 +++++-- ssh.c | 5 ++++- sshconnect.c | 5 ++++- sshd.c | 5 ++++- 16 files changed, 60 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4f75fe5b1..16c419c1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ - new sentence, new line - s/The the/The/ - kill a bad comma + - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 + [auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] + move #include out of includes.h; ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4923,4 +4926,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4408 2006/07/24 03:46:50 djm Exp $ +$Id: ChangeLog,v 1.4409 2006/07/24 03:51:51 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 473fb8bf7..0b11151cf 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.36 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-options.c,v 1.37 2006/07/12 22:28:51 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,9 @@ #include +#if defined(HAVE_NETDB_H) +# include +#endif #include #include "xmalloc.h" diff --git a/canohost.c b/canohost.c index 4566e2ab1..da5131de3 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.56 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.57 2006/07/12 22:28:51 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -21,6 +21,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #include "packet.h" #include "xmalloc.h" diff --git a/channels.c b/channels.c index 555067255..2021bad53 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.254 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.255 2006/07/12 22:28:51 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,6 +50,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #include #include "ssh.h" diff --git a/dns.c b/dns.c index 504b5d72e..16954a6a1 100644 --- a/dns.c +++ b/dns.c @@ -30,7 +30,9 @@ #include #include -#include +#if defined(HAVE_NETDB_H) +# include +#endif #include "xmalloc.h" #include "key.h" diff --git a/includes.h b/includes.h index 08d34486b..7a3396c16 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.49 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.50 2006/07/12 22:28:51 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -123,9 +123,6 @@ #endif #include /* For typedefs */ -#if defined(HAVE_NETDB_H) -# include -#endif #ifdef HAVE_RPC_TYPES_H # include /* For INADDR_LOOPBACK */ #endif diff --git a/logintest.c b/logintest.c index 7e9fbbfbb..0de928bec 100644 --- a/logintest.c +++ b/logintest.c @@ -40,7 +40,9 @@ #include #include #include -#include +#if defined(HAVE_NETDB_H) +# include +#endif #ifdef HAVE_TIME_H #include #endif diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index cbcf7f727..5c2ce5b1b 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.12 2005/08/03 05:36:21 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.13 2006/07/24 03:51:52 djm Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -41,7 +41,10 @@ #define _FAKE_RFC2553_H #include "includes.h" -#include "sys/types.h" +#include +#if defined(HAVE_NETDB_H) +# include +#endif /* * First, socket and INET6 related definitions diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 33be00c2b..6fd593aad 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -34,6 +34,9 @@ #ifdef _AIX #include +#if defined(HAVE_NETDB_H) +# include +#endif #include #include #include "port-aix.h" diff --git a/readconf.c b/readconf.c index d2e172303..4f790e246 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.154 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.155 2006/07/12 22:28:52 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -22,6 +22,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #include "ssh.h" #include "xmalloc.h" diff --git a/servconf.c b/servconf.c index 42ec340f3..20e3f1a86 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.153 2006/07/12 11:34:58 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.154 2006/07/12 22:28:52 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -15,6 +15,10 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif + #include "ssh.h" #include "log.h" #include "servconf.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index 1c506059c..b217c55e8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -23,6 +23,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-keyscan.c b/ssh-keyscan.c index a612dd1b9..38c37e579 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.66 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.67 2006/07/12 22:28:52 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -11,12 +11,15 @@ #include "openbsd-compat/sys-queue.h" #include +#if defined(HAVE_NETDB_H) +# include +#endif #include #include +#include #include -#include #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" diff --git a/ssh.c b/ssh.c index 9961baf6e..701c40543 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.285 2006/07/11 20:27:56 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.286 2006/07/12 22:28:52 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,9 @@ #include #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #ifdef HAVE_PATHS_H #include #endif diff --git a/sshconnect.c b/sshconnect.c index c9d6221d8..fe9b4842c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.190 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.191 2006/07/12 22:28:52 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -24,6 +24,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #ifdef HAVE_PATHS_H #include #endif diff --git a/sshd.c b/sshd.c index 497525df8..3da176da1 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.337 2006/07/12 11:34:58 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.338 2006/07/12 22:28:52 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,9 @@ #include #include +#if defined(HAVE_NETDB_H) +# include +#endif #ifdef HAVE_PATHS_H #include #endif -- cgit v1.2.3 From 939878b95f6448e9933976f920a42f09e7f70fab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 13:52:06 +1000 Subject: tidy --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 16c419c1d..ad47d1996 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,8 @@ - s/The the/The/ - kill a bad comma - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 - [auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] + [auth-options.c canohost.c channels.c includes.h readconf.c] + [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] move #include out of includes.h; ok djm@ 20060713 @@ -4926,4 +4927,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4409 2006/07/24 03:51:51 djm Exp $ +$Id: ChangeLog,v 1.4410 2006/07/24 03:52:06 djm Exp $ -- cgit v1.2.3 From 2d00e63cb889a3b23b6d443ecb0921e34fb0a934 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 13:53:19 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 [includes.h ssh.c ssh-rand-helper.c] move #include out of includes.h --- ChangeLog | 5 ++++- includes.h | 3 +-- ssh-rand-helper.c | 1 + ssh.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad47d1996..b4dbb2b28 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ [auth-options.c canohost.c channels.c includes.h readconf.c] [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] move #include out of includes.h; ok djm@ + - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 + [includes.h ssh.c ssh-rand-helper.c] + move #include out of includes.h 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4927,4 +4930,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4410 2006/07/24 03:52:06 djm Exp $ +$Id: ChangeLog,v 1.4411 2006/07/24 03:53:19 djm Exp $ diff --git a/includes.h b/includes.h index 7a3396c16..fbd22e9a1 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.50 2006/07/12 22:28:51 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.51 2006/07/12 22:42:32 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -24,7 +24,6 @@ #include #include #include -#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 3a2903669..fb6fc2814 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -29,6 +29,7 @@ #include #include #include +#include #include diff --git a/ssh.c b/ssh.c index 701c40543..461b39817 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.286 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.287 2006/07/12 22:42:32 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,6 +62,7 @@ #endif #include #include +#include #include #include -- cgit v1.2.3 From def915b0ff0228254da4b2f2442bab16aba414d4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 13:55:56 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 [monitor_wrap.h] don't need incompletely-typed 'struct passwd' now with #include ; ok markus@ --- ChangeLog | 6 +++++- monitor_wrap.h | 3 +-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b4dbb2b28..12fa3c6e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 [includes.h ssh.c ssh-rand-helper.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 + [monitor_wrap.h] + don't need incompletely-typed 'struct passwd' now with + #include ; ok markus@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4930,4 +4934,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4411 2006/07/24 03:53:19 djm Exp $ +$Id: ChangeLog,v 1.4412 2006/07/24 03:55:56 djm Exp $ diff --git a/monitor_wrap.h b/monitor_wrap.h index 4366b8ed0..fd5cccd08 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.18 2006/07/06 17:36:37 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.19 2006/07/14 01:15:28 stevesk Exp $ */ /* * Copyright 2002 Niels Provos @@ -42,7 +42,6 @@ enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY} struct monitor; struct mm_master; -struct passwd; struct Authctxt; int mm_is_monitor(void); -- cgit v1.2.3 From e6b3b610ece508f565a114a60f6ce0edb70a5dd2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:01:23 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] [sshconnect.c sshlogin.c sshpty.c uidswap.c] move #include out of includes.h --- ChangeLog | 9 ++++++++- authfd.c | 3 ++- authfile.c | 3 ++- channels.c | 3 ++- cleanup.c | 5 +++-- clientloop.c | 3 ++- groupaccess.c | 3 ++- includes.h | 3 +-- log.c | 3 ++- misc.c | 3 ++- msg.c | 5 ++++- packet.c | 3 ++- progressmeter.c | 4 +++- readconf.c | 3 ++- readpass.c | 3 ++- scp.c | 3 ++- servconf.c | 3 ++- sftp-client.c | 3 ++- sftp-server.c | 3 ++- sftp.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 3 ++- ssh-keygen.c | 3 ++- ssh-keyscan.c | 3 ++- ssh-keysign.c | 3 ++- ssh.c | 3 ++- sshconnect.c | 3 ++- sshlogin.c | 5 ++++- sshpty.c | 3 ++- uidswap.c | 3 ++- 30 files changed, 71 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12fa3c6e2..046cadc84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ [monitor_wrap.h] don't need incompletely-typed 'struct passwd' now with #include ; ok markus@ + - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 + [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] + [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] + [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] + [sshconnect.c sshlogin.c sshpty.c uidswap.c] + move #include out of includes.h 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4934,4 +4941,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4412 2006/07/24 03:55:56 djm Exp $ +$Id: ChangeLog,v 1.4413 2006/07/24 04:01:23 djm Exp $ diff --git a/authfd.c b/authfd.c index 5cec7a97c..f8b7ed71f 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.76 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: authfd.c,v 1.77 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ #include #include +#include #include "ssh.h" #include "rsa.h" diff --git a/authfile.c b/authfile.c index cf3d3d9e1..53397ea53 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.69 2006/07/11 20:27:56 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.70 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +47,7 @@ #include #include +#include #include "cipher.h" #include "xmalloc.h" diff --git a/channels.c b/channels.c index 2021bad53..fbbae9ed7 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.255 2006/07/12 22:28:51 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.256 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ # include #endif #include +#include #include "ssh.h" #include "ssh1.h" diff --git a/cleanup.c b/cleanup.c index dcf456830..4e6c79ce7 100644 --- a/cleanup.c +++ b/cleanup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cleanup.c,v 1.3 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: cleanup.c,v 1.4 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2003 Markus Friedl * @@ -14,7 +14,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" + +#include #include "log.h" diff --git a/clientloop.c b/clientloop.c index 978289b61..9398dc989 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.168 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.169 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -75,6 +75,7 @@ #endif #include #include +#include #include "ssh.h" #include "ssh1.h" diff --git a/groupaccess.c b/groupaccess.c index 2b7117b70..41f419740 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.9 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.10 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #include "groupaccess.h" #include "xmalloc.h" diff --git a/includes.h b/includes.h index fbd22e9a1..da89decdd 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.51 2006/07/12 22:42:32 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.52 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -56,7 +56,6 @@ #ifdef HAVE_PATHS # include #endif -#include /* For STDIN_FILENO, etc */ /* *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively diff --git a/log.c b/log.c index 8702c3e52..4ad7cfff7 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.33 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.34 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,7 @@ #include #include +#include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) # include #endif diff --git a/misc.c b/misc.c index fba085d9b..e9c5ddf8b 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.58 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.59 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include #include diff --git a/msg.c b/msg.c index 4344a1312..5c535d1af 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.12 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: msg.c,v 1.13 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -24,7 +24,10 @@ */ #include "includes.h" +#include + #include +#include #include "buffer.h" #include "log.h" diff --git a/packet.c b/packet.c index e153a7c1b..ce652cfd8 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.135 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.136 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ #include #include +#include #include "xmalloc.h" #include "buffer.h" diff --git a/progressmeter.c b/progressmeter.c index 98a30e11b..cc5f664ab 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.30 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.31 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -25,10 +25,12 @@ #include "includes.h" +#include #include #include #include +#include #include "progressmeter.h" #include "atomicio.h" diff --git a/readconf.c b/readconf.c index 4f790e246..73271e84e 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.155 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.156 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -25,6 +25,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include "ssh.h" #include "xmalloc.h" diff --git a/readpass.c b/readpass.c index 63197c915..725ae5789 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.42 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.43 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ # include #endif #include +#include #include "xmalloc.h" #include "misc.h" diff --git a/scp.c b/scp.c index 5e3a93ed5..03f815fbe 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.147 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.148 2006/07/17 01:31:09 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -86,6 +86,7 @@ #include #include #include +#include #include "xmalloc.h" #include "atomicio.h" diff --git a/servconf.c b/servconf.c index 20e3f1a86..330e79143 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.154 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.155 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -18,6 +18,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include "ssh.h" #include "log.h" diff --git a/sftp-client.c b/sftp-client.c index 8fe0c0fe5..5ba4f0a9f 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.67 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.68 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -30,6 +30,7 @@ #include #include #include +#include #include "openbsd-compat/sys-queue.h" diff --git a/sftp-server.c b/sftp-server.c index 29503246e..923cc8c19 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.62 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.63 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -23,6 +23,7 @@ #include #include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp.c b/sftp.c index 649f08e5d..1a88f33f9 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.85 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.86 2006/07/17 01:31:09 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -36,6 +36,7 @@ typedef void EditLine; #endif #include +#include #include "xmalloc.h" #include "log.h" diff --git a/ssh-add.c b/ssh-add.c index 07de9246e..974a1629b 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.83 2006/07/09 15:27:59 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.84 2006/07/17 01:31:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ #include #include +#include #include "ssh.h" #include "rsa.h" diff --git a/ssh-agent.c b/ssh-agent.c index 4421fa424..621b09771 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.143 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.144 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -51,6 +51,7 @@ # include #endif #include +#include #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index b217c55e8..56ad725d8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.148 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.149 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -30,6 +30,7 @@ # include #endif #include +#include #include "xmalloc.h" #include "key.h" diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 38c37e579..fd71f7224 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.67 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.68 2006/07/17 01:31:10 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -17,6 +17,7 @@ #include #include #include +#include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index 02c10e2e9..b558e54f7 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.25 2006/07/09 15:15:11 stevesk Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.26 2006/07/17 01:31:10 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #endif #include +#include #include #include diff --git a/ssh.c b/ssh.c index 461b39817..e482eb1b5 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.287 2006/07/12 22:42:32 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.288 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -63,6 +63,7 @@ #include #include #include +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index fe9b4842c..1c69044ea 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.191 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.192 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -31,6 +31,7 @@ #include #endif #include +#include #include "ssh.h" #include "xmalloc.h" diff --git a/sshlogin.c b/sshlogin.c index 808ad605e..335069313 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.19 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.20 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,8 +41,11 @@ #include "includes.h" +#include + #include #include +#include #include "loginrec.h" #include "log.h" diff --git a/sshpty.c b/sshpty.c index 10dae0328..931c91f47 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.23 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.24 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -30,6 +30,7 @@ #ifdef HAVE_UTIL_H # include #endif /* HAVE_UTIL_H */ +#include #include "sshpty.h" #include "log.h" diff --git a/uidswap.c b/uidswap.c index e97cd7059..2fe5feaed 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.31 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: uidswap.c,v 1.32 2006/07/17 01:31:10 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include -- cgit v1.2.3 From 98299261eb970688a7bad346491cffdf2a7f6072 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:01:43 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 [auth-options.c] Use '\0' rather than 0 to terminates strings; ok djm@ --- ChangeLog | 5 ++++- auth-options.c | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 046cadc84..c3069df12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] [sshconnect.c sshlogin.c sshpty.c uidswap.c] move #include out of includes.h + - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 + [auth-options.c] + Use '\0' rather than 0 to terminates strings; ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4941,4 +4944,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4413 2006/07/24 04:01:23 djm Exp $ +$Id: ChangeLog,v 1.4414 2006/07/24 04:01:43 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 0b11151cf..7e6bfeb40 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.37 2006/07/12 22:28:51 stevesk Exp $ */ +/* $OpenBSD: auth-options.c,v 1.38 2006/07/17 12:02:24 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -138,7 +138,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) forced_command = NULL; goto bad_option; } - forced_command[i] = 0; + forced_command[i] = '\0'; auth_debug_add("Forced command: %.900s", forced_command); opts++; goto next_option; @@ -170,7 +170,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(s); goto bad_option; } - s[i] = 0; + s[i] = '\0'; auth_debug_add("Adding to environment: %.900s", s); debug("Adding to environment: %.900s", s); opts++; @@ -207,7 +207,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(patterns); goto bad_option; } - patterns[i] = 0; + patterns[i] = '\0'; opts++; if (match_host_and_ip(remote_host, remote_ip, patterns) != 1) { @@ -252,7 +252,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(patterns); goto bad_option; } - patterns[i] = 0; + patterns[i] = '\0'; opts++; p = patterns; host = hpdelim(&p); @@ -300,7 +300,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) forced_tun_device = -1; goto bad_option; } - tun[i] = 0; + tun[i] = '\0'; forced_tun_device = a2tun(tun, NULL); xfree(tun); if (forced_tun_device == SSH_TUNID_ERR) { -- cgit v1.2.3 From 9b439df18a9d56683584811ce38dcf72acd4cb20 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:04:00 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 [channels.c channels.h servconf.c sshd_config.5] Add PermitOpen directive to sshd_config which is equivalent to the "permitopen" key option. Allows server admin to allow TCP port forwarding only two specific host/port pairs. Useful when combined with Match. If permitopen is used in both sshd_config and a key option, both must allow a given connection before it will be permitted. Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@. --- ChangeLog | 13 ++++++++++++- channels.c | 50 +++++++++++++++++++++++++++++++++++++++++++++----- channels.h | 4 +++- servconf.c | 29 +++++++++++++++++++++++++++-- sshd_config.5 | 36 +++++++++++++++++++++++++++++++++--- 5 files changed, 120 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3069df12..2e28a43f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,17 @@ - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 [auth-options.c] Use '\0' rather than 0 to terminates strings; ok djm@ + - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 + [channels.c channels.h servconf.c sshd_config.5] + Add PermitOpen directive to sshd_config which is equivalent to the + "permitopen" key option. Allows server admin to allow TCP port + forwarding only two specific host/port pairs. Useful when combined + with Match. + If permitopen is used in both sshd_config and a key option, both + must allow a given connection before it will be permitted. + Note that users can still use external forwarders such as netcat, + so to be those must be controlled too for the limits to be effective. + Feedback & ok djm@, man page corrections & ok jmc@. 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4944,4 +4955,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4414 2006/07/24 04:01:43 djm Exp $ +$Id: ChangeLog,v 1.4415 2006/07/24 04:04:00 djm Exp $ diff --git a/channels.c b/channels.c index fbbae9ed7..9aaf7e9d7 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.256 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.257 2006/07/17 12:06:00 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -106,11 +106,18 @@ typedef struct { u_short listen_port; /* Remote side should listen port number. */ } ForwardPermission; -/* List of all permitted host/port pairs to connect. */ +/* List of all permitted host/port pairs to connect by the user. */ static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; -/* Number of permitted host/port pairs in the array. */ +/* List of all permitted host/port pairs to connect by the admin. */ +static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; + +/* Number of permitted host/port pairs in the array permitted by the user. */ static int num_permitted_opens = 0; + +/* Number of permitted host/port pair in the array permitted by the admin. */ +static int num_adm_permitted_opens = 0; + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -2646,6 +2653,19 @@ channel_add_permitted_opens(char *host, int port) all_opens_permitted = 0; } +void +channel_add_adm_permitted_opens(char *host, int port) +{ + if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) + fatal("channel_add_adm_permitted_opens: too many forwards"); + debug("allow port forwarding to host %s port %d", host, port); + + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = xstrdup(host); + permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; + num_adm_permitted_opens++; +} + void channel_clear_permitted_opens(void) { @@ -2655,7 +2675,17 @@ channel_clear_permitted_opens(void) if (permitted_opens[i].host_to_connect != NULL) xfree(permitted_opens[i].host_to_connect); num_permitted_opens = 0; +} + +void +channel_clear_adm_permitted_opens(void) +{ + int i; + for (i = 0; i < num_adm_permitted_opens; i++) + if (permitted_adm_opens[i].host_to_connect != NULL) + xfree(permitted_adm_opens[i].host_to_connect); + num_adm_permitted_opens = 0; } /* return socket to remote host, port */ @@ -2734,7 +2764,7 @@ channel_connect_by_listen_address(u_short listen_port) int channel_connect_to(const char *host, u_short port) { - int i, permit; + int i, permit, permit_adm = 1; permit = all_opens_permitted; if (!permit) { @@ -2743,9 +2773,19 @@ channel_connect_to(const char *host, u_short port) permitted_opens[i].port_to_connect == port && strcmp(permitted_opens[i].host_to_connect, host) == 0) permit = 1; + } + if (num_adm_permitted_opens > 0) { + permit_adm = 0; + for (i = 0; i < num_adm_permitted_opens; i++) + if (permitted_adm_opens[i].host_to_connect != NULL && + permitted_adm_opens[i].port_to_connect == port && + strcmp(permitted_adm_opens[i].host_to_connect, host) + == 0) + permit_adm = 1; } - if (!permit) { + + if (!permit || !permit_adm) { logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); return -1; diff --git a/channels.h b/channels.h index d21319a2b..c473b730c 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.85 2006/07/11 18:50:47 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.86 2006/07/17 12:06:00 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -207,7 +207,9 @@ int channel_find_open(void); void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); +void channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); +void channel_clear_adm_permitted_opens(void); int channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); diff --git a/servconf.c b/servconf.c index 330e79143..4f5cb19db 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.155 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.156 2006/07/17 12:06:00 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -31,6 +31,7 @@ #include "kex.h" #include "mac.h" #include "match.h" +#include "channels.h" static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); @@ -281,7 +282,7 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, + sMatch, sPermitOpen, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -390,6 +391,8 @@ static struct { { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL }, { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, + { "match", sMatch, SSHCFG_ALL }, + { "permitopen", sPermitOpen, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1148,6 +1151,28 @@ parse_flag: *activep = value; break; + case sPermitOpen: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing PermitOpen specification", + filename, linenum); + if (strcmp(arg, "any") == 0) { + if (*activep) + channel_clear_adm_permitted_opens(); + break; + } + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: missing host in PermitOpen", + filename, linenum); + p = cleanhostname(p); + if (arg == NULL || (port = a2port(arg)) == 0) + fatal("%s line %d: bad port number in PermitOpen", + filename, linenum); + if (*activep) + channel_add_adm_permitted_opens(p, port); + break; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); diff --git a/sshd_config.5 b/sshd_config.5 index 4db92814c..c9515234d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.61 2006/07/12 13:39:55 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.62 2006/07/17 12:06:00 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -482,9 +482,10 @@ Only a subset of keywords may be used on the lines following a .Cm Match keyword. Available keywords are -.Cm AllowTcpForwarding +.Cm AllowTcpForwarding , +.Cm GatewayPorts , and -.Cm GatewayPorts . +.Cm PermitOpen . .It Cm MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. @@ -524,6 +525,35 @@ When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is .Dq no . +.It Cm PermitOpen +Specifies the destinations to which TCP port forwarding is permitted. +The forwarding specification must be one of the following forms: +.Pp +.Bl -item -offset indent -compact +.It +.Cm PermitOpen +.Sm off +.Ar host : port +.Sm on +.It +.Cm PermitOpen +.Sm off +.Ar IPv4_addr : port +.Sm on +.It +.Cm PermitOpen +.Sm off +.Ar \&[ IPv6_addr \&] : port +.Sm on +.El +.Pp +Multiple instances of +.Cm PermitOpen +are permitted. +An argument of +.Dq any +can be used to remove all restrictions and permit any forwarding requests. +By default all port forward requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using .Xr ssh 1 . -- cgit v1.2.3 From 65bc2c402871ef0603b1f99afb323da953212232 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:04:16 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/18 07:50:40 [sshd_config.5] tweak; ok dtucker --- ChangeLog | 5 ++++- sshd_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e28a43f8..bde3e3843 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ Note that users can still use external forwarders such as netcat, so to be those must be controlled too for the limits to be effective. Feedback & ok djm@, man page corrections & ok jmc@. + - jmc@cvs.openbsd.org 2006/07/18 07:50:40 + [sshd_config.5] + tweak; ok dtucker 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4955,4 +4958,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4415 2006/07/24 04:04:00 djm Exp $ +$Id: ChangeLog,v 1.4416 2006/07/24 04:04:16 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index c9515234d..5f14f2017 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.62 2006/07/17 12:06:00 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.63 2006/07/18 07:50:40 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -553,7 +553,7 @@ are permitted. An argument of .Dq any can be used to remove all restrictions and permit any forwarding requests. -By default all port forward requests are permitted. +By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using .Xr ssh 1 . -- cgit v1.2.3 From 22d47abbe3378539bd775f3ee19190406991e4bc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:04:36 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/18 07:56:28 [scp.1] replace DIAGNOSTICS with .Ex; --- ChangeLog | 5 ++++- scp.1 | 7 +++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index bde3e3843..f29eace14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ - jmc@cvs.openbsd.org 2006/07/18 07:50:40 [sshd_config.5] tweak; ok dtucker + - jmc@cvs.openbsd.org 2006/07/18 07:56:28 + [scp.1] + replace DIAGNOSTICS with .Ex; 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4958,4 +4961,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4416 2006/07/24 04:04:16 djm Exp $ +$Id: ChangeLog,v 1.4417 2006/07/24 04:04:36 djm Exp $ diff --git a/scp.1 b/scp.1 index d9b1f8e8f..43662abea 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.39 2006/01/20 00:14:55 dtucker Exp $ +.\" $OpenBSD: scp.1,v 1.40 2006/07/18 07:56:28 jmc Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -198,9 +198,8 @@ to print debugging messages about their progress. This is helpful in debugging connection, authentication, and configuration problems. .El -.Sh DIAGNOSTICS -.Nm -exits with 0 on success or >0 if an error occurred. +.Pp +.Ex -std scp .Sh SEE ALSO .Xr rcp 1 , .Xr sftp 1 , -- cgit v1.2.3 From 393821ad720050c014ef2dc62c519f66684c099c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:04:53 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/18 08:03:09 [ssh-agent.1 sshd_config.5] mark up angle brackets; --- ChangeLog | 5 ++++- ssh-agent.1 | 6 +++--- sshd_config.5 | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index f29eace14..9bd2a7cbd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,9 @@ - jmc@cvs.openbsd.org 2006/07/18 07:56:28 [scp.1] replace DIAGNOSTICS with .Ex; + - jmc@cvs.openbsd.org 2006/07/18 08:03:09 + [ssh-agent.1 sshd_config.5] + mark up angle brackets; 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4961,4 +4964,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4417 2006/07/24 04:04:36 djm Exp $ +$Id: ChangeLog,v 1.4418 2006/07/24 04:04:53 djm Exp $ diff --git a/ssh-agent.1 b/ssh-agent.1 index fd6bd3f6c..f1b877790 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.43 2005/11/28 06:02:56 dtucker Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.44 2006/07/18 08:03:09 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,7 +70,7 @@ The options are as follows: Bind the agent to the unix-domain socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXXXX/agent. . +.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . .It Fl c Generate C-shell commands on .Dv stdout . @@ -185,7 +185,7 @@ Contains the protocol version 1 RSA authentication identity of the user. Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXXXX/agent. +.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/sshd_config.5 b/sshd_config.5 index 5f14f2017..cbc2176ff 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.63 2006/07/18 07:50:40 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.64 2006/07/18 08:03:09 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -879,7 +879,7 @@ is a positive integer value and is one of the following: .Pp .Bl -tag -width Ds -compact -offset indent -.It Cm +.It Aq Cm none seconds .It Cm s | Cm S seconds -- cgit v1.2.3 From 8c23403b5141b2cc570a8b55805855eea93d875a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:05:08 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 [sshd_config.5] Clarify description of Match, with minor correction from jmc@ --- ChangeLog | 5 ++++- sshd_config.5 | 11 ++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bd2a7cbd..6eda0ee69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ - jmc@cvs.openbsd.org 2006/07/18 08:03:09 [ssh-agent.1 sshd_config.5] mark up angle brackets; + - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 + [sshd_config.5] + Clarify description of Match, with minor correction from jmc@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4964,4 +4967,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4418 2006/07/24 04:04:53 djm Exp $ +$Id: ChangeLog,v 1.4419 2006/07/24 04:05:08 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index cbc2176ff..02996a2ed 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.64 2006/07/18 08:03:09 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.65 2006/07/18 08:22:23 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -465,14 +465,15 @@ The default is: .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . .It Cm Match Introduces a conditional block. -Keywords on lines following a +If all of the criteria on the .Cm Match -block are only applied if all of the criteria on the +line are satisfied, the keywords on the following lines override those +set in the global section of the config file, until either another .Cm Match -are satisfied. +line or the end of the file. The arguments to .Cm Match -block are one or more criteria-pattern pairs. +are one or more criteria-pattern pairs. The available criteria are .Cm User , .Cm Host , -- cgit v1.2.3 From f757d22e8b72b04d5a9228e2075649ded14314db Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:05:24 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 [dh.c] remove unneeded includes; ok djm@ --- ChangeLog | 5 ++++- dh.c | 8 +------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6eda0ee69..11e218d4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 [sshd_config.5] Clarify description of Match, with minor correction from jmc@ + - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 + [dh.c] + remove unneeded includes; ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4967,4 +4970,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4419 2006/07/24 04:05:08 djm Exp $ +$Id: ChangeLog,v 1.4420 2006/07/24 04:05:24 djm Exp $ diff --git a/dh.c b/dh.c index b3f4ceef1..ff31ca991 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.36 2006/05/04 14:55:23 djm Exp $ */ +/* $OpenBSD: dh.c,v 1.37 2006/07/18 22:27:55 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -25,15 +25,9 @@ #include "includes.h" -#include "xmalloc.h" - #include #include -#include -#include "buffer.h" -#include "cipher.h" -#include "kex.h" #include "dh.h" #include "pathnames.h" #include "log.h" -- cgit v1.2.3 From d1de9950e5ae91584aa955a4f85c9c7579aa76af Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:05:48 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 [servconf.c sshd_config.5] Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to Match. ok djm@ --- ChangeLog | 6 +++++- servconf.c | 14 ++++++++++---- sshd_config.5 | 7 +++++-- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 11e218d4b..e42f8a786 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,10 @@ - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 [dh.c] remove unneeded includes; ok djm@ + - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 + [servconf.c sshd_config.5] + Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to + Match. ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4970,4 +4974,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4420 2006/07/24 04:05:24 djm Exp $ +$Id: ChangeLog,v 1.4421 2006/07/24 04:05:48 djm Exp $ diff --git a/servconf.c b/servconf.c index 4f5cb19db..bc457eebe 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.156 2006/07/17 12:06:00 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.157 2006/07/19 08:56:41 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -357,9 +357,9 @@ static struct { { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, - { "x11forwarding", sX11Forwarding, SSHCFG_GLOBAL }, - { "x11displayoffset", sX11DisplayOffset, SSHCFG_GLOBAL }, - { "x11uselocalhost", sX11UseLocalhost, SSHCFG_GLOBAL }, + { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, + { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, + { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL }, @@ -1247,6 +1247,12 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src) dst->allow_tcp_forwarding = src->allow_tcp_forwarding; if (src->gateway_ports != -1) dst->gateway_ports = src->gateway_ports; + if (src->x11_display_offset != -1) + dst->x11_display_offset = src->x11_display_offset; + if (src->x11_forwarding != -1) + dst->x11_forwarding = src->x11_forwarding; + if (src->x11_use_localhost != -1) + dst->x11_use_localhost = src->x11_use_localhost; } void diff --git a/sshd_config.5 b/sshd_config.5 index 02996a2ed..9196b761e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.65 2006/07/18 08:22:23 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -485,8 +485,11 @@ keyword. Available keywords are .Cm AllowTcpForwarding , .Cm GatewayPorts , +.Cm PermitOpen , +.Cm X11DisplayOffset , +.Cm X11Forwarding , and -.Cm PermitOpen . +.Cm X11UseLocalHost . .It Cm MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. -- cgit v1.2.3 From e275443f66aab6d46356d6940b8a8b291cab4f9e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:06:47 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@ --- ChangeLog | 7 ++++++- servconf.c | 22 ++++++++++++++++++++-- servconf.h | 4 +++- session.c | 10 +++++++--- sshd.8 | 5 ++++- sshd_config | 8 +++++++- sshd_config.5 | 15 ++++++++++++++- 7 files changed, 61 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index e42f8a786..0ae5d3f6c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,11 @@ [servconf.c sshd_config.5] Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to Match. ok djm@ + - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 + [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] + Add ForceCommand keyword to sshd_config, equivalent to the "command=" + key option, man page entry and example in sshd_config. + Feedback & ok djm@, man page corrections & ok jmc@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4974,4 +4979,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4421 2006/07/24 04:05:48 djm Exp $ +$Id: ChangeLog,v 1.4422 2006/07/24 04:06:47 djm Exp $ diff --git a/servconf.c b/servconf.c index bc457eebe..e2c1d4458 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.157 2006/07/19 08:56:41 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.158 2006/07/19 13:07:10 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -113,6 +113,7 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file2 = NULL; options->num_accept_env = 0; options->permit_tun = -1; + options->adm_forced_command = NULL; } void @@ -282,7 +283,7 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, + sMatch, sPermitOpen, sForceCommand, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -393,6 +394,7 @@ static struct { { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, + { "forcecommand", sForceCommand, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -551,6 +553,8 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, return result; } +#define WHITESPACE " \t\r\n" + int process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum, int *activep, const char *user, @@ -1173,6 +1177,15 @@ parse_flag: channel_add_adm_permitted_opens(p, port); break; + case sForceCommand: + if (cp == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); + if (*activep && options->adm_forced_command == NULL) + options->adm_forced_command = xstrdup(cp + len); + return 0; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1247,6 +1260,11 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src) dst->allow_tcp_forwarding = src->allow_tcp_forwarding; if (src->gateway_ports != -1) dst->gateway_ports = src->gateway_ports; + if (src->adm_forced_command != NULL) { + if (dst->adm_forced_command != NULL) + xfree(dst->adm_forced_command); + dst->adm_forced_command = src->adm_forced_command; + } if (src->x11_display_offset != -1) dst->x11_display_offset = src->x11_display_offset; if (src->x11_forwarding != -1) diff --git a/servconf.h b/servconf.h index a74716e6f..41dce7686 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.75 2006/07/12 11:34:58 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.76 2006/07/19 13:07:10 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -135,6 +135,8 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; + char *adm_forced_command; + int use_pam; /* Enable auth via PAM */ int permit_tun; diff --git a/session.c b/session.c index 5441a4762..e189acdf2 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.209 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.210 2006/07/19 13:07:10 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -672,10 +672,14 @@ do_pre_login(Session *s) void do_exec(Session *s, const char *command) { - if (forced_command) { + if (options.adm_forced_command) { + original_command = command; + command = options.adm_forced_command; + debug("Forced command (config) '%.900s'", command); + } else if (forced_command) { original_command = command; command = forced_command; - debug("Forced command '%.900s'", command); + debug("Forced command (key option) '%.900s'", command); } #ifdef SSH_AUDIT_EVENTS diff --git a/sshd.8 b/sshd.8 index 48be5a760..778ea906b 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -481,6 +481,9 @@ to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. Note that this option applies to shell, command or subsystem execution. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when diff --git a/sshd_config b/sshd_config index 57f9a17bb..6a3cad886 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ +# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -104,3 +104,9 @@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/sshd_config.5 b/sshd_config.5 index 9196b761e..26c895f7a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.67 2006/07/19 13:07:10 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -283,6 +283,18 @@ See in .Xr ssh_config 5 for more information on patterns. +.It Cm ForceCommand +Forces the execution of the command specified by +.Cm ForceCommand , +ignoring any command supplied by the client. +The command is invoked by using the user's login shell with the -c option. +This applies to shell, command, or subsystem execution. +It is most useful inside a +.Cm Match +block. +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -484,6 +496,7 @@ Only a subset of keywords may be used on the lines following a keyword. Available keywords are .Cm AllowTcpForwarding , +.Cm ForceCommand , .Cm GatewayPorts , .Cm PermitOpen , .Cm X11DisplayOffset , -- cgit v1.2.3 From 1cdde6f536ec50d7165ff56843c99655c95a68eb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:07:35 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 [auth1.c serverloop.c session.c sshconnect2.c] missed some needed #include when KERBEROS5=no; issue from massimo@cedoc.mo.it --- ChangeLog | 6 +++++- auth1.c | 6 +++++- serverloop.c | 3 ++- session.c | 6 ++++-- sshconnect2.c | 3 ++- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ae5d3f6c..50937e3b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,10 @@ Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@ + - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 + [auth1.c serverloop.c session.c sshconnect2.c] + missed some needed #include when KERBEROS5=no; issue from + massimo@cedoc.mo.it 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4979,4 +4983,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4422 2006/07/24 04:06:47 djm Exp $ +$Id: ChangeLog,v 1.4423 2006/07/24 04:07:35 djm Exp $ diff --git a/auth1.c b/auth1.c index 6a6cff862..089291882 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.67 2006/07/20 15:26:14 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -12,6 +12,10 @@ #include "includes.h" +#include + +#include + #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" diff --git a/serverloop.c b/serverloop.c index 83138aec2..1ca3e673f 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.139 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.140 2006/07/20 15:26:15 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,6 +48,7 @@ #include #include #include +#include #include "xmalloc.h" #include "packet.h" diff --git a/session.c b/session.c index e189acdf2..be65086ae 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.210 2006/07/19 13:07:10 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.211 2006/07/20 15:26:15 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -43,6 +43,8 @@ #include #include +#include + #include #include #ifdef HAVE_PATHS_H @@ -50,7 +52,7 @@ #endif #include #include -#include +#include #include "ssh.h" #include "ssh1.h" diff --git a/sshconnect2.c b/sshconnect2.c index 04ea8dfc1..f55002bdf 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.156 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.157 2006/07/20 15:26:15 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include "openbsd-compat/sys-queue.h" -- cgit v1.2.3 From a765cf4b66ba116626c317204ac317607fe0c848 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:08:13 +1000 Subject: - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 [channels.c channels.h servconf.c servconf.h sshd_config.5] Make PermitOpen take a list of permitted ports and act more like most other keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@ --- ChangeLog | 7 ++++++- channels.c | 8 ++++---- channels.h | 4 ++-- servconf.c | 32 ++++++++++++++++++++------------ servconf.h | 4 +++- sshd_config.5 | 6 ++---- 6 files changed, 37 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 50937e3b3..04fa8c25a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,11 @@ [auth1.c serverloop.c session.c sshconnect2.c] missed some needed #include when KERBEROS5=no; issue from massimo@cedoc.mo.it + - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 + [channels.c channels.h servconf.c servconf.h sshd_config.5] + Make PermitOpen take a list of permitted ports and act more like most + other keywords (ie the first match is the effective setting). This + also makes it easier to override a previously set PermitOpen. ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4983,4 +4988,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4423 2006/07/24 04:07:35 djm Exp $ +$Id: ChangeLog,v 1.4424 2006/07/24 04:08:13 djm Exp $ diff --git a/channels.c b/channels.c index 9aaf7e9d7..c6c5c8899 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.257 2006/07/17 12:06:00 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.258 2006/07/21 12:43:36 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2653,17 +2653,17 @@ channel_add_permitted_opens(char *host, int port) all_opens_permitted = 0; } -void +int channel_add_adm_permitted_opens(char *host, int port) { if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_add_adm_permitted_opens: too many forwards"); - debug("allow port forwarding to host %s port %d", host, port); + debug("config allows port forwarding to host %s port %d", host, port); permitted_adm_opens[num_adm_permitted_opens].host_to_connect = xstrdup(host); permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port; - num_adm_permitted_opens++; + return ++num_adm_permitted_opens; } void diff --git a/channels.h b/channels.h index c473b730c..ed719f724 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.86 2006/07/17 12:06:00 dtucker Exp $ */ +/* $OpenBSD: channels.h,v 1.87 2006/07/21 12:43:36 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -207,7 +207,7 @@ int channel_find_open(void); void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); -void channel_add_adm_permitted_opens(char *, int); +int channel_add_adm_permitted_opens(char *, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); int channel_input_port_forward_request(int, int); diff --git a/servconf.c b/servconf.c index e2c1d4458..46558b690 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.158 2006/07/19 13:07:10 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.159 2006/07/21 12:43:36 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -113,6 +113,7 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file2 = NULL; options->num_accept_env = 0; options->permit_tun = -1; + options->num_permitted_opens = -1; options->adm_forced_command = NULL; } @@ -1161,20 +1162,27 @@ parse_flag: fatal("%s line %d: missing PermitOpen specification", filename, linenum); if (strcmp(arg, "any") == 0) { - if (*activep) + if (*activep) { channel_clear_adm_permitted_opens(); + options->num_permitted_opens = 0; + } break; } - p = hpdelim(&arg); - if (p == NULL) - fatal("%s line %d: missing host in PermitOpen", - filename, linenum); - p = cleanhostname(p); - if (arg == NULL || (port = a2port(arg)) == 0) - fatal("%s line %d: bad port number in PermitOpen", - filename, linenum); - if (*activep) - channel_add_adm_permitted_opens(p, port); + for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: missing host in PermitOpen", + filename, linenum); + p = cleanhostname(p); + if (arg == NULL || (port = a2port(arg)) == 0) + fatal("%s line %d: bad port number in " + "PermitOpen", filename, linenum); + if (*activep && options->num_permitted_opens == -1) { + channel_clear_adm_permitted_opens(); + options->num_permitted_opens = + channel_add_adm_permitted_opens(p, port); + } + } break; case sForceCommand: diff --git a/servconf.h b/servconf.h index 41dce7686..0add6518d 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.76 2006/07/19 13:07:10 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.77 2006/07/21 12:43:36 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -140,6 +140,8 @@ typedef struct { int use_pam; /* Enable auth via PAM */ int permit_tun; + + int num_permitted_opens; } ServerOptions; void initialize_server_options(ServerOptions *); diff --git a/sshd_config.5 b/sshd_config.5 index 26c895f7a..ff5457dff 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.67 2006/07/19 13:07:10 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.68 2006/07/21 12:43:36 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -564,9 +564,7 @@ The forwarding specification must be one of the following forms: .Sm on .El .Pp -Multiple instances of -.Cm PermitOpen -are permitted. +Multiple forwards may be specified by separating them with whitespace. An argument of .Dq any can be used to remove all restrictions and permit any forwarding requests. -- cgit v1.2.3 From 8473dd85fecc428a904d3c2cfba3dc0ec93fc14e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:08:32 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 [channels.c] more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ --- ChangeLog | 5 ++++- channels.c | 18 +++++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 04fa8c25a..9fd67c662 100644 --- a/ChangeLog +++ b/ChangeLog @@ -70,6 +70,9 @@ Make PermitOpen take a list of permitted ports and act more like most other keywords (ie the first match is the effective setting). This also makes it easier to override a previously set PermitOpen. ok djm@ + - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 + [channels.c] + more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4988,4 +4991,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4424 2006/07/24 04:08:13 djm Exp $ +$Id: ChangeLog,v 1.4425 2006/07/24 04:08:32 djm Exp $ diff --git a/channels.c b/channels.c index c6c5c8899..e44a2ab4f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.258 2006/07/21 12:43:36 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.259 2006/07/21 21:13:30 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -736,12 +736,14 @@ typedef void chan_fn(Channel *c, fd_set *readset, fd_set *writeset); chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE]; chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE]; +/* ARGSUSED */ static void channel_pre_listener(Channel *c, fd_set *readset, fd_set *writeset) { FD_SET(c->sock, readset); } +/* ARGSUSED */ static void channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset) { @@ -796,6 +798,7 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) FD_SET(c->ctl_fd, readset); } +/* ARGSUSED */ static void channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset) { @@ -808,6 +811,7 @@ channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset) } } +/* ARGSUSED */ static void channel_pre_output_draining(Channel *c, fd_set *readset, fd_set *writeset) { @@ -937,6 +941,7 @@ channel_pre_x11_open(Channel *c, fd_set *readset, fd_set *writeset) } /* try to decode a socks4 header */ +/* ARGSUSED */ static int channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1015,6 +1020,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) #define SSH_SOCKS5_CONNECT 0x01 #define SSH_SOCKS5_SUCCESS 0x00 +/* ARGSUSED */ static int channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1165,6 +1171,7 @@ channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset) } /* This is our fake X11 server socket. */ +/* ARGSUSED */ static void channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1290,6 +1297,7 @@ channel_set_reuseaddr(int fd) /* * This socket is listening for connections to a forwarded TCP/IP port. */ +/* ARGSUSED */ static void channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1347,6 +1355,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) * This is the authentication agent socket listening for connections from * clients. */ +/* ARGSUSED */ static void channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1380,6 +1389,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) } } +/* ARGSUSED */ static void channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1426,6 +1436,7 @@ channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset) } } +/* ARGSUSED */ static int channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1473,6 +1484,7 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) return 1; } +/* ARGSUSED */ static int channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1605,6 +1617,7 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) return 1; } +/* ARGSUSED */ static int channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset) { @@ -1667,6 +1680,7 @@ channel_post_open(Channel *c, fd_set *readset, fd_set *writeset) channel_check_window(c); } +/* ARGSUSED */ static void channel_post_output_drain_13(Channel *c, fd_set *readset, fd_set *writeset) { @@ -3054,6 +3068,7 @@ x11_connect_display(void) * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */ +/* ARGSUSED */ void x11_input_open(int type, u_int32_t seq, void *ctxt) { @@ -3097,6 +3112,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) } /* dummy protocol handler that denies SSH-1 requests (agent/x11) */ +/* ARGSUSED */ void deny_input_open(int type, u_int32_t seq, void *ctxt) { -- cgit v1.2.3 From ee0d0db7da76138417186ed3b5b76dbb2a873cd8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:08:50 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 [progressmeter.c] ARGSUSED for signal handler --- ChangeLog | 5 ++++- progressmeter.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9fd67c662..49fccbec4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -73,6 +73,9 @@ - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 [channels.c] more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ + - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 + [progressmeter.c] + ARGSUSED for signal handler 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4991,4 +4994,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4425 2006/07/24 04:08:32 djm Exp $ +$Id: ChangeLog,v 1.4426 2006/07/24 04:08:50 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c index cc5f664ab..c8c3f1b32 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.31 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.32 2006/07/21 21:26:55 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -222,6 +222,7 @@ refresh_progress_meter(void) last_update = now; } +/*ARGSUSED*/ static void update_progress_meter(int ignore) { -- cgit v1.2.3 From 5598b4f125f07ec0865ec56cddeb80c44e3d2d6a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:09:40 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 [includes.h moduli.c progressmeter.c scp.c sftp-common.c] [sftp-server.c ssh-agent.c sshlogin.c] move #include out of includes.h --- ChangeLog | 6 +++++- includes.h | 3 +-- moduli.c | 11 ++++++++--- progressmeter.c | 3 ++- scp.c | 3 ++- sftp-common.c | 3 ++- sftp-server.c | 3 ++- ssh-agent.c | 3 ++- sshlogin.c | 3 ++- 9 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49fccbec4..636d309b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -76,6 +76,10 @@ - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 [progressmeter.c] ARGSUSED for signal handler + - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 + [includes.h moduli.c progressmeter.c scp.c sftp-common.c] + [sftp-server.c ssh-agent.c sshlogin.c] + move #include out of includes.h 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4994,4 +4998,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4426 2006/07/24 04:08:50 djm Exp $ +$Id: ChangeLog,v 1.4427 2006/07/24 04:09:40 djm Exp $ diff --git a/includes.h b/includes.h index da89decdd..da526bc72 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.52 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.53 2006/07/22 19:08:54 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -23,7 +23,6 @@ #include #include #include -#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/moduli.c b/moduli.c index f6f15a2a4..9d4aedd5b 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.13 2006/03/25 00:05:41 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.14 2006/07/22 19:08:54 stevesk Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -38,11 +38,16 @@ */ #include "includes.h" -#include "xmalloc.h" -#include "log.h" + +#include #include +#include + +#include "xmalloc.h" +#include "log.h" + /* * File output defines */ diff --git a/progressmeter.c b/progressmeter.c index c8c3f1b32..c70e9939a 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.32 2006/07/21 21:26:55 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.33 2006/07/22 19:08:54 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include "progressmeter.h" diff --git a/scp.c b/scp.c index 03f815fbe..72c4ee430 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.148 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.149 2006/07/22 19:08:54 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -86,6 +86,7 @@ #include #include #include +#include #include #include "xmalloc.h" diff --git a/sftp-common.c b/sftp-common.c index 92ce90661..6fd0d76b6 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.15 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.16 2006/07/22 19:08:54 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp-server.c b/sftp-server.c index 923cc8c19..3c254e332 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.63 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.64 2006/07/22 19:08:54 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -24,6 +24,7 @@ #include #include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/ssh-agent.c b/ssh-agent.c index 621b09771..a0713b238 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.144 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.145 2006/07/22 19:08:54 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -51,6 +51,7 @@ # include #endif #include +#include #include #include diff --git a/sshlogin.c b/sshlogin.c index 335069313..ea313e800 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.20 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.21 2006/07/22 19:08:54 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include #include +#include #include #include "loginrec.h" -- cgit v1.2.3 From e3476ed03bf9beca3ad0e5447dc9422a546d19ec Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:13:33 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include out of includes.h --- ChangeLog | 17 ++++++++++++++++- atomicio.c | 3 ++- auth-options.c | 3 ++- auth-passwd.c | 3 ++- auth-rhosts.c | 3 ++- auth-rsa.c | 3 ++- auth.c | 3 ++- auth1.c | 3 ++- auth2-chall.c | 4 +++- auth2-hostbased.c | 3 ++- auth2-passwd.c | 4 +++- auth2.c | 3 ++- authfd.c | 3 ++- authfile.c | 3 ++- bufaux.c | 5 ++++- bufbn.c | 5 ++++- buffer.c | 4 +++- canohost.c | 3 ++- channels.c | 3 ++- cipher-3des1.c | 5 ++++- cipher-bf1.c | 5 ++++- cipher-ctr.c | 4 +++- cipher.c | 8 +++++--- clientloop.c | 3 ++- compat.c | 4 +++- deattack.c | 4 +++- dh.c | 4 +++- dns.c | 3 ++- gss-genr.c | 4 +++- gss-serv.c | 4 +++- hostfile.c | 3 ++- includes.h | 3 +-- kex.c | 4 +++- kexdhc.c | 4 +++- kexdhs.c | 4 +++- kexgexc.c | 4 +++- kexgexs.c | 4 +++- key.c | 4 +++- log.c | 3 ++- mac.c | 4 +++- match.c | 3 ++- md-sha256.c | 2 +- misc.c | 3 ++- moduli.c | 3 ++- monitor.c | 3 ++- monitor_fdpass.c | 3 ++- monitor_mm.c | 3 ++- monitor_wrap.c | 3 ++- msg.c | 3 ++- nchan.c | 3 ++- packet.c | 3 ++- progressmeter.c | 3 ++- readconf.c | 3 ++- readpass.c | 3 ++- rsa.c | 4 +++- scp.c | 3 ++- servconf.c | 3 ++- serverloop.c | 3 ++- session.c | 3 ++- sftp-client.c | 3 ++- sftp-common.c | 3 ++- sftp-glob.c | 5 +++-- sftp-server.c | 5 +++-- sftp.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 9 +++++---- ssh-dss.c | 4 +++- ssh-keygen.c | 3 ++- ssh-keyscan.c | 8 +++++--- ssh-keysign.c | 3 ++- ssh-rsa.c | 4 +++- ssh.c | 3 ++- sshconnect.c | 3 ++- sshconnect1.c | 4 +++- sshconnect2.c | 3 ++- sshd.c | 3 ++- sshlogin.c | 3 ++- sshpty.c | 3 ++- ttymodes.c | 3 ++- uidswap.c | 3 ++- xmalloc.c | 3 ++- 81 files changed, 213 insertions(+), 91 deletions(-) diff --git a/ChangeLog b/ChangeLog index 636d309b9..000c57828 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,6 +80,21 @@ [includes.h moduli.c progressmeter.c scp.c sftp-common.c] [sftp-server.c ssh-agent.c sshlogin.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 + [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] + [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] + [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] + [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] + [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] + [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] + [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] + [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] + [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] + [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] + [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] + [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] + move #include out of includes.h 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -4998,4 +5013,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4427 2006/07/24 04:09:40 djm Exp $ +$Id: ChangeLog,v 1.4428 2006/07/24 04:13:33 djm Exp $ diff --git a/atomicio.c b/atomicio.c index bf1c0fd18..009ce1d11 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.20 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: atomicio.c,v 1.21 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -29,6 +29,7 @@ #include "includes.h" #include +#include #include "atomicio.h" diff --git a/auth-options.c b/auth-options.c index 7e6bfeb40..33c62641b 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.38 2006/07/17 12:02:24 dtucker Exp $ */ +/* $OpenBSD: auth-options.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ # include #endif #include +#include #include "xmalloc.h" #include "match.h" diff --git a/auth-passwd.c b/auth-passwd.c index 3cf86dcbd..e5edc9336 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.37 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.38 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,7 @@ #include #include +#include #include "packet.h" #include "buffer.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index d50ea3a01..c14604dc4 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.38 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ # include #endif #include +#include #include "packet.h" #include "uidswap.h" diff --git a/auth-rsa.c b/auth-rsa.c index 867597642..65c77805f 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.68 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.69 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ #include #include +#include #include "rsa.h" #include "packet.h" diff --git a/auth.c b/auth.c index 3bca8dc21..0f1d530e7 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.71 2006/07/12 11:34:58 dtucker Exp $ */ +/* $OpenBSD: auth.c,v 1.72 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -43,6 +43,7 @@ #include #endif #include +#include #include "xmalloc.h" #include "match.h" diff --git a/auth1.c b/auth1.c index 089291882..034010fda 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.67 2006/07/20 15:26:14 stevesk Exp $ */ +/* $OpenBSD: auth1.c,v 1.68 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -14,6 +14,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/auth2-chall.c b/auth2-chall.c index 09412aa4a..ad6b7233f 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.27 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.28 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -25,6 +25,8 @@ */ #include "includes.h" +#include + #include "ssh2.h" #include "auth.h" #include "buffer.h" diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 56bf0be13..5cb617e1c 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.9 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.10 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #include "ssh2.h" #include "xmalloc.h" diff --git a/auth2-passwd.c b/auth2-passwd.c index a1e77c41c..a1b65da50 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.7 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.8 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "packet.h" #include "log.h" diff --git a/auth2.c b/auth2.c index ad57c64e6..83d5224c9 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.111 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth2.c,v 1.112 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include +#include #include "ssh2.h" #include "xmalloc.h" diff --git a/authfd.c b/authfd.c index f8b7ed71f..52766bcd2 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.77 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: authfd.c,v 1.78 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/authfile.c b/authfile.c index 53397ea53..8421665b8 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.70 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.71 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +47,7 @@ #include #include +#include #include #include "cipher.h" diff --git a/bufaux.c b/bufaux.c index 4c9cb662c..a384cc685 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.42 2006/04/18 10:44:28 dtucker Exp $ */ +/* $OpenBSD: bufaux.c,v 1.43 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,9 @@ #include "includes.h" #include + +#include + #include "bufaux.h" #include "xmalloc.h" #include "log.h" diff --git a/bufbn.c b/bufbn.c index 56f4f6d5b..aa42ea62b 100644 --- a/bufbn.c +++ b/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.1 2006/04/18 10:44:28 dtucker Exp $*/ +/* $OpenBSD: bufbn.c,v 1.2 2006/07/22 20:48:22 stevesk Exp $*/ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,9 @@ #include "includes.h" #include + +#include + #include "bufaux.h" #include "xmalloc.h" #include "log.h" diff --git a/buffer.c b/buffer.c index ba718daf2..8c9f534f8 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.27 2006/04/16 00:48:52 djm Exp $ */ +/* $OpenBSD: buffer.c,v 1.28 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "buffer.h" #include "log.h" diff --git a/canohost.c b/canohost.c index da5131de3..97b5a78f9 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.57 2006/07/12 22:28:51 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.58 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -24,6 +24,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include "packet.h" #include "xmalloc.h" diff --git a/channels.c b/channels.c index e44a2ab4f..8cf4242fe 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.259 2006/07/21 21:13:30 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.260 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,6 +53,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include #include diff --git a/cipher-3des1.c b/cipher-3des1.c index c2c0bf811..2e8735d54 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.4 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.5 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -26,6 +26,9 @@ #include "includes.h" #include + +#include + #include "xmalloc.h" #include "log.h" diff --git a/cipher-bf1.c b/cipher-bf1.c index b6aa0152a..95b4e5e93 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-bf1.c,v 1.3 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: cipher-bf1.c,v 1.4 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -26,6 +26,9 @@ #include "includes.h" #include + +#include + #include "xmalloc.h" #include "log.h" diff --git a/cipher-ctr.c b/cipher-ctr.c index be82fd3a9..105d0bd5b 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-ctr.c,v 1.8 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: cipher-ctr.c,v 1.9 2006/07/22 20:48:22 stevesk Exp $ */ /* * Copyright (c) 2003 Markus Friedl * @@ -16,6 +16,8 @@ */ #include "includes.h" +#include + #include #include "log.h" diff --git a/cipher.c b/cipher.c index c42963897..20fa59c6a 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.79 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.80 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,12 +37,14 @@ #include "includes.h" +#include + +#include + #include "xmalloc.h" #include "log.h" #include "cipher.h" -#include - /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" diff --git a/clientloop.c b/clientloop.c index 9398dc989..0c700dbd4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.169 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.170 2006/07/22 20:48:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -74,6 +74,7 @@ #include #endif #include +#include #include #include diff --git a/compat.c b/compat.c index 1573ed64e..35e429a5f 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.73 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.74 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include "buffer.h" #include "packet.h" #include "xmalloc.h" diff --git a/deattack.c b/deattack.c index fa397e6e8..57a747da5 100644 --- a/deattack.c +++ b/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.27 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: deattack.c,v 1.28 2006/07/22 20:48:23 stevesk Exp $ */ /* * Cryptographic attack detector for ssh - source code * @@ -20,6 +20,8 @@ #include "includes.h" +#include + #include "deattack.h" #include "log.h" #include "crc32.h" diff --git a/dh.c b/dh.c index ff31ca991..b37195f41 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.37 2006/07/18 22:27:55 stevesk Exp $ */ +/* $OpenBSD: dh.c,v 1.38 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -28,6 +28,8 @@ #include #include +#include + #include "dh.h" #include "pathnames.h" #include "log.h" diff --git a/dns.c b/dns.c index 16954a6a1..5f123a2ee 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.20 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.21 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -33,6 +33,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include "xmalloc.h" #include "key.h" diff --git a/gss-genr.c b/gss-genr.c index 3d630ab82..0497657c0 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.10 2006/04/03 07:10:38 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,6 +28,8 @@ #ifdef GSSAPI +#include + #include "xmalloc.h" #include "bufaux.h" #include "log.h" diff --git a/gss-serv.c b/gss-serv.c index 4ce536d99..c033aad4f 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.18 2006/07/02 18:36:47 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.19 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,6 +28,8 @@ #ifdef GSSAPI +#include + #include "bufaux.h" #include "auth.h" #include "log.h" diff --git a/hostfile.c b/hostfile.c index a6714b6e1..c067f5e11 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.41 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: hostfile.c,v 1.42 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,6 +43,7 @@ #include #include +#include #include #include diff --git a/includes.h b/includes.h index da526bc72..7a7bd8176 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.53 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: includes.h,v 1.54 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -22,7 +22,6 @@ #include #include -#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/kex.c b/kex.c index 6a5fd264b..007173388 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.71 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.72 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -27,6 +27,8 @@ #include +#include + #include "ssh2.h" #include "xmalloc.h" #include "buffer.h" diff --git a/kexdhc.c b/kexdhc.c index f5f01196f..dbbd9bbd0 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.6 2006/05/18 21:27:25 miod Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.7 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "key.h" #include "kex.h" diff --git a/kexdhs.c b/kexdhs.c index d139f5c7b..c64cd77cb 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.5 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.6 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "key.h" #include "kex.h" diff --git a/kexgexc.c b/kexgexc.c index 9da184488..fb2049ea7 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.6 2006/05/18 21:27:25 miod Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.7 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "key.h" #include "kex.h" diff --git a/kexgexs.c b/kexgexs.c index 0141c6d0f..72b66230f 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.4 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.5 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,8 @@ #include "includes.h" +#include + #include "xmalloc.h" #include "key.h" #include "kex.h" diff --git a/key.c b/key.c index 8e6ccc2bf..e6868de6d 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: key.c,v 1.65 2006/07/22 20:48:23 stevesk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,6 +36,8 @@ #include +#include + #include "xmalloc.h" #include "key.h" #include "rsa.h" diff --git a/log.c b/log.c index 4ad7cfff7..8a308c2f8 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.34 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.35 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,7 @@ #include "includes.h" #include +#include #include #include #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) diff --git a/mac.c b/mac.c index 02bcc31ed..a59e7edf1 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.10 2006/03/30 09:58:15 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -27,6 +27,8 @@ #include +#include + #include "xmalloc.h" #include "log.h" #include "cipher.h" diff --git a/match.c b/match.c index c0e5bf424..8f12ef539 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.24 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: match.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,7 @@ #include "includes.h" #include +#include #include "match.h" #include "xmalloc.h" diff --git a/md-sha256.c b/md-sha256.c index 33deb780a..063a1014f 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md-sha256.c,v 1.3 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: md-sha256.c,v 1.4 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2005 Damien Miller * diff --git a/misc.c b/misc.c index e9c5ddf8b..4c202db2a 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.59 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.60 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include #include diff --git a/moduli.c b/moduli.c index 9d4aedd5b..4d5576a1f 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.14 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: moduli.c,v 1.15 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -43,6 +43,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/monitor.c b/monitor.c index a5263d746..3799d8862 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.81 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.82 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -38,6 +38,7 @@ #endif #include #include +#include #ifdef SKEY #include diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 9d319ac1a..d3e65cbaa 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.10 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include "log.h" #include "monitor_fdpass.h" diff --git a/monitor_mm.c b/monitor_mm.c index dc0dbda76..b6da6927f 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.12 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.13 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -27,6 +27,7 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_MMAN_H #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 9ec60b6af..3728e5f55 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.47 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.48 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -34,6 +34,7 @@ #include #include +#include #include "ssh.h" #include "dh.h" diff --git a/msg.c b/msg.c index 5c535d1af..322472668 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.13 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: msg.c,v 1.14 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include #include +#include #include #include "buffer.h" diff --git a/nchan.c b/nchan.c index 43816a65b..78908c3c6 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.55 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: nchan.c,v 1.56 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #include +#include #include "ssh1.h" #include "ssh2.h" diff --git a/packet.c b/packet.c index ce652cfd8..8250b3bc8 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.136 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.137 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/progressmeter.c b/progressmeter.c index c70e9939a..19dc917c9 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.33 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.34 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include diff --git a/readconf.c b/readconf.c index 73271e84e..432b80ed0 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.156 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.157 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -25,6 +25,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include #include "ssh.h" diff --git a/readpass.c b/readpass.c index 725ae5789..1982fb6c5 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.43 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.44 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ # include #endif #include +#include #include #include "xmalloc.h" diff --git a/rsa.c b/rsa.c index 6ca05b3d2..c656291ed 100644 --- a/rsa.c +++ b/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.26 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: rsa.c,v 1.27 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,6 +62,8 @@ #include "includes.h" +#include + #include "rsa.h" #include "log.h" #include "xmalloc.h" diff --git a/scp.c b/scp.c index 72c4ee430..5ff6cac9a 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.149 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.150 2006/07/22 20:48:23 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -86,6 +86,7 @@ #include #include #include +#include #include #include diff --git a/servconf.c b/servconf.c index 46558b690..ce44b5f60 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.159 2006/07/21 12:43:36 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.160 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -18,6 +18,7 @@ #if defined(HAVE_NETDB_H) # include #endif +#include #include #include "ssh.h" diff --git a/serverloop.c b/serverloop.c index 1ca3e673f..ba1e0dad7 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.140 2006/07/20 15:26:15 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.141 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +47,7 @@ #include #include #include +#include #include #include diff --git a/session.c b/session.c index be65086ae..c2730a425 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.211 2006/07/20 15:26:15 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.212 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -52,6 +52,7 @@ #endif #include #include +#include #include #include "ssh.h" diff --git a/sftp-client.c b/sftp-client.c index 5ba4f0a9f..84dae58d2 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.68 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.69 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -30,6 +30,7 @@ #include #include #include +#include #include #include "openbsd-compat/sys-queue.h" diff --git a/sftp-common.c b/sftp-common.c index 6fd0d76b6..2f3a90971 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.16 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.17 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include #include "buffer.h" diff --git a/sftp-glob.c b/sftp-glob.c index 0342de47d..f8549ea76 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.20 2006/07/10 16:01:57 stevesk Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.21 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -21,8 +21,9 @@ #ifdef HAVE_SYS_STAT_H # include #endif - + #include +#include #include "xmalloc.h" diff --git a/sftp-server.c b/sftp-server.c index 3c254e332..6067f0203 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.64 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.65 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -23,8 +23,9 @@ #include #include #include -#include +#include #include +#include #include "buffer.h" #include "bufaux.h" diff --git a/sftp.c b/sftp.c index 1a88f33f9..2da6c722f 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.86 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.87 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -36,6 +36,7 @@ typedef void EditLine; #endif #include +#include #include #include "xmalloc.h" diff --git a/ssh-add.c b/ssh-add.c index 974a1629b..f79ffb915 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.84 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.85 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/ssh-agent.c b/ssh-agent.c index a0713b238..5bf4dbc18 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.145 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.146 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,9 @@ #include "openbsd-compat/sys-queue.h" #include +#include +#include + #include #include #ifdef HAVE_PATHS_H @@ -52,11 +55,9 @@ #endif #include #include +#include #include -#include -#include - #include "ssh.h" #include "rsa.h" #include "buffer.h" diff --git a/ssh-dss.c b/ssh-dss.c index d16f75e63..a8d45a2b4 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.21 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.22 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,8 @@ #include #include +#include + #include "xmalloc.h" #include "buffer.h" #include "bufaux.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index 56ad725d8..f2d37129b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.149 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.150 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -30,6 +30,7 @@ # include #endif #include +#include #include #include "xmalloc.h" diff --git a/ssh-keyscan.c b/ssh-keyscan.c index fd71f7224..30df75166 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.68 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.69 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -11,16 +11,18 @@ #include "openbsd-compat/sys-queue.h" #include + +#include + #if defined(HAVE_NETDB_H) # include #endif #include #include #include +#include #include -#include - #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" diff --git a/ssh-keysign.c b/ssh-keysign.c index b558e54f7..435b839fa 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.26 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.27 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #endif #include +#include #include #include diff --git a/ssh-rsa.c b/ssh-rsa.c index 4580c0644..236f77aac 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.38 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -19,6 +19,8 @@ #include #include +#include + #include "xmalloc.h" #include "log.h" #include "buffer.h" diff --git a/ssh.c b/ssh.c index e482eb1b5..d0d9457c2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.288 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.289 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -63,6 +63,7 @@ #include #include #include +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index 1c69044ea..f33cf52b1 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.192 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.193 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -31,6 +31,7 @@ #include #endif #include +#include #include #include "ssh.h" diff --git a/sshconnect1.c b/sshconnect1.c index 5467f04bf..ab5216214 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.66 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,8 @@ #include #include +#include + #include "ssh.h" #include "ssh1.h" #include "xmalloc.h" diff --git a/sshconnect2.c b/sshconnect2.c index f55002bdf..41be0b91c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.157 2006/07/20 15:26:15 stevesk Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.158 2006/07/22 20:48:23 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include "openbsd-compat/sys-queue.h" diff --git a/sshd.c b/sshd.c index 3da176da1..6428f42a0 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.338 2006/07/12 22:28:52 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.339 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -63,6 +63,7 @@ #include #include #include +#include #include #include diff --git a/sshlogin.c b/sshlogin.c index ea313e800..8d811facd 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.21 2006/07/22 19:08:54 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.22 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include #include +#include #include #include diff --git a/sshpty.c b/sshpty.c index 931c91f47..719a79303 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.24 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -26,6 +26,7 @@ # include #endif #include +#include #include #ifdef HAVE_UTIL_H # include diff --git a/ttymodes.c b/ttymodes.c index b46305430..680909b22 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.24 2006/07/11 20:07:25 stevesk Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -46,6 +46,7 @@ #include "includes.h" #include +#include #include #include "packet.h" diff --git a/uidswap.c b/uidswap.c index 2fe5feaed..255f9142c 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.32 2006/07/17 01:31:10 stevesk Exp $ */ +/* $OpenBSD: uidswap.c,v 1.33 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include #include diff --git a/xmalloc.c b/xmalloc.c index 8f9c3e12e..e7a14866b 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.22 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.23 2006/07/22 20:48:23 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,6 +16,7 @@ #include "includes.h" #include +#include #include "xmalloc.h" #include "log.h" -- cgit v1.2.3 From d8337c5e609b3bafda0008aef2636d6f17c622ef Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:14:19 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 [auth.h dispatch.c kex.h sftp-client.c] #include for sig_atomic_t; need this prior to move --- ChangeLog | 6 +++++- auth.h | 3 ++- dispatch.c | 4 +++- kex.h | 5 ++++- sftp-client.c | 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 000c57828..7f7679402 100644 --- a/ChangeLog +++ b/ChangeLog @@ -95,6 +95,10 @@ [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 + [auth.h dispatch.c kex.h sftp-client.c] + #include for sig_atomic_t; need this prior to + move 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5013,4 +5017,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4428 2006/07/24 04:13:33 djm Exp $ +$Id: ChangeLog,v 1.4429 2006/07/24 04:14:19 djm Exp $ diff --git a/auth.h b/auth.h index 6688c3dc5..65250138f 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.54 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth.h,v 1.55 2006/07/23 01:11:05 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -32,6 +32,7 @@ #include #include +#include #include "buffer.h" #include diff --git a/dispatch.c b/dispatch.c index 4f965a62d..c1d98a78e 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.19 2006/04/20 09:27:09 djm Exp $ */ +/* $OpenBSD: dispatch.c,v 1.20 2006/07/23 01:11:05 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -24,6 +24,8 @@ */ #include "includes.h" +#include + #include "ssh1.h" #include "ssh2.h" #include "log.h" diff --git a/kex.h b/kex.h index a4a8af33e..a48c5c885 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.42 2006/04/20 09:27:09 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.43 2006/07/23 01:11:05 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -28,6 +28,9 @@ #include #include + +#include + #include "buffer.h" #include "cipher.h" #include "key.h" diff --git a/sftp-client.c b/sftp-client.c index 84dae58d2..9e7011ffd 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.69 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.70 2006/07/23 01:11:05 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * -- cgit v1.2.3 From b8fe89c4d97ea9a5d7efb2c60108b8a7644f6a49 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:51:00 +1000 Subject: - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED --- ChangeLog | 15 ++++++++++++++- acss.c | 5 ++++- auth-krb5.c | 2 ++ auth-options.c | 4 +--- auth-pam.c | 11 ++++++++--- auth-shadow.c | 1 + canohost.c | 4 +--- channels.c | 4 +--- cipher-acss.c | 3 +++ defines.h | 7 +------ dns.c | 4 +--- gss-genr.c | 1 + gss-serv-krb5.c | 2 ++ gss-serv.c | 1 + log.h | 2 ++ loginrec.c | 2 ++ logintest.c | 4 +--- openbsd-compat/bindresvport.c | 1 + openbsd-compat/bsd-arc4random.c | 4 ++++ openbsd-compat/bsd-misc.c | 1 + openbsd-compat/getrrsetbyname.c | 2 ++ openbsd-compat/glob.c | 2 ++ openbsd-compat/mktemp.c | 1 + openbsd-compat/port-linux.c | 5 ++++- openbsd-compat/port-tun.c | 2 ++ openbsd-compat/readpassphrase.c | 2 ++ openbsd-compat/setproctitle.c | 1 + openbsd-compat/xmmap.c | 4 +++- readconf.c | 4 +--- servconf.c | 4 +--- ssh-keygen.c | 4 +--- ssh-keyscan.c | 4 +--- ssh-keysign.c | 2 +- ssh-rand-helper.c | 2 ++ ssh.c | 4 +--- sshconnect.c | 4 +--- sshd.c | 4 +--- 37 files changed, 79 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f7679402..d2cd9b597 100644 --- a/ChangeLog +++ b/ChangeLog @@ -99,6 +99,19 @@ [auth.h dispatch.c kex.h sftp-client.c] #include for sig_atomic_t; need this prior to move + - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] + [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] + [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] + [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] + [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] + [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] + [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] + [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] + [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] + [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] + make the portable tree compile again - sprinkle unistd.h and string.h + back in. Don't redefine __unused, as it turned out to be used in + headers on Linux, and replace its use in auth-pam.c with ARGSUSED 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5017,4 +5030,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4429 2006/07/24 04:14:19 djm Exp $ +$Id: ChangeLog,v 1.4430 2006/07/24 04:51:00 djm Exp $ diff --git a/acss.c b/acss.c index 99efde071..86e2c01a8 100644 --- a/acss.c +++ b/acss.c @@ -1,4 +1,4 @@ -/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */ +/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */ /* * Copyright (c) 2004 The OpenBSD project * @@ -16,6 +16,9 @@ */ #include "includes.h" + +#include + #include #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L) diff --git a/auth-krb5.c b/auth-krb5.c index 8beacc0d4..676b8ab1f 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -41,6 +41,8 @@ #ifdef KRB5 #include +#include +#include #include extern ServerOptions options; diff --git a/auth-options.c b/auth-options.c index 33c62641b..cd904967a 100644 --- a/auth-options.c +++ b/auth-options.c @@ -14,9 +14,7 @@ #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include diff --git a/auth-pam.c b/auth-pam.c index cb8754ec7..6ce9db12b 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -54,6 +54,8 @@ #include #include +#include +#include #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -152,14 +154,16 @@ sshpam_sigchld_handler(int sig) fatal("PAM: authentication thread exited uncleanly"); } +/* ARGSUSED */ static void -pthread_exit(void *value __unused) +pthread_exit(void *value) { _exit(0); } +/* ARGSUSED */ static int -pthread_create(sp_pthread_t *thread, const void *attr __unused, +pthread_create(sp_pthread_t *thread, const void *attr, void *(*thread_start)(void *), void *arg) { pid_t pid; @@ -191,8 +195,9 @@ pthread_cancel(sp_pthread_t thread) return (kill(thread, SIGTERM)); } +/* ARGSUSED */ static int -pthread_join(sp_pthread_t thread, void **value __unused) +pthread_join(sp_pthread_t thread, void **value) { int status; diff --git a/auth-shadow.c b/auth-shadow.c index c8d5dd3c1..7cd69c21f 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -26,6 +26,7 @@ #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include +#include #include "auth.h" #include "buffer.h" diff --git a/canohost.c b/canohost.c index 97b5a78f9..b40cbf603 100644 --- a/canohost.c +++ b/canohost.c @@ -21,9 +21,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include "packet.h" diff --git a/channels.c b/channels.c index 8cf4242fe..895c43f6a 100644 --- a/channels.c +++ b/channels.c @@ -50,9 +50,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include #include diff --git a/cipher-acss.c b/cipher-acss.c index 90b51a4d1..cb0bf736c 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -15,8 +15,11 @@ */ #include "includes.h" + #include +#include + #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include "acss.h" diff --git a/defines.h b/defines.h index 4dccc9172..7b0a302a5 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.133 2006/07/12 04:14:31 dtucker Exp $ */ +/* $Id: defines.h,v 1.134 2006/07/24 04:51:01 djm Exp $ */ /* Constants */ @@ -143,16 +143,11 @@ including rpc/rpc.h breaks Solaris 6 #define INADDR_LOOPBACK ((u_long)0x7f000001) #endif -#ifndef __unused -#define __unused -#endif - /* Types */ /* If sys/types.h does not supply intXX_t, supply them ourselves */ /* (or die trying) */ - #ifndef HAVE_U_INT typedef unsigned int u_int; #endif diff --git a/dns.c b/dns.c index 5f123a2ee..c9368b96b 100644 --- a/dns.c +++ b/dns.c @@ -30,9 +30,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include "xmalloc.h" diff --git a/gss-genr.c b/gss-genr.c index 0497657c0..522fedab3 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -29,6 +29,7 @@ #ifdef GSSAPI #include +#include #include "xmalloc.h" #include "bufaux.h" diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index eae29b2ae..7b78cfe0a 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -29,6 +29,8 @@ #ifdef GSSAPI #ifdef KRB5 +#include + #include "auth.h" #include "xmalloc.h" #include "log.h" diff --git a/gss-serv.c b/gss-serv.c index c033aad4f..b5c5538fe 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -29,6 +29,7 @@ #ifdef GSSAPI #include +#include #include "bufaux.h" #include "auth.h" diff --git a/log.h b/log.h index 9e1a2fcdb..15ebc93b5 100644 --- a/log.h +++ b/log.h @@ -15,6 +15,8 @@ #ifndef SSH_LOG_H #define SSH_LOG_H +#include "includes.h" + #include #include /* Needed for LOG_AUTHPRIV (if present) */ diff --git a/loginrec.c b/loginrec.c index 8299b79e4..955d42e8f 100644 --- a/loginrec.c +++ b/loginrec.c @@ -156,6 +156,8 @@ #include #include #include +#include +#include #include "ssh.h" #include "xmalloc.h" diff --git a/logintest.c b/logintest.c index 0de928bec..7e9fbbfbb 100644 --- a/logintest.c +++ b/logintest.c @@ -40,9 +40,7 @@ #include #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #ifdef HAVE_TIME_H #include #endif diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index 2c16233c9..ef0eff3b6 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -37,6 +37,7 @@ #include "includes.h" #include +#include #define STARTPORT 600 #define ENDPORT (IPPORT_RESERVED - 1) diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 46e0a020f..c1aecfe99 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -15,6 +15,10 @@ */ #include "includes.h" + +#include +#include + #include "log.h" #ifndef HAVE_ARC4RANDOM diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index d2d9ad771..e6128f9a7 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -17,6 +17,7 @@ #include "includes.h" +#include #include #include "xmalloc.h" diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index a855ad6d5..70ef1850d 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -49,6 +49,8 @@ #ifndef HAVE_GETRRSETBYNAME +#include + #include "getrrsetbyname.h" #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index bba4c0976..b4873932a 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -41,6 +41,8 @@ #include #include #include +#include +#include static long get_arg_max(void) diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index b8b0793a6..2285c84df 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -41,6 +41,7 @@ #include #include #include +#include #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 54ec2910e..5e2e878dc 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.1 2006/04/22 11:26:08 djm Exp $ */ +/* $Id: port-linux.c,v 1.2 2006/07/24 04:51:01 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -23,6 +23,9 @@ #include "includes.h" +#include +#include + #ifdef WITH_SELINUX #include "log.h" #include "port-linux.h" diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 9806eec7d..f6a6aa9e1 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -23,6 +23,8 @@ #include #include +#include +#include #include "log.h" #include "misc.h" diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index fd9731ac6..11bd8f646 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -32,6 +32,8 @@ #include #include #include +#include +#include #ifdef TCSASOFT # define _T_FLUSH (TCSAFLUSH|TCSASOFT) diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 32e987deb..7fec73f89 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -40,6 +40,7 @@ #ifdef HAVE_SYS_PSTAT_H #include #endif +#include #define SPT_NONE 0 /* don't use it at all */ #define SPT_PSTAT 1 /* use pstat(PSTAT_SETCMD, ...) */ diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 7d5cc812c..1293dcab0 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.8 2006/07/12 12:35:52 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.9 2006/07/24 04:51:01 djm Exp $ */ #include "includes.h" @@ -34,6 +34,8 @@ #include #include +#include +#include #include "log.h" diff --git a/readconf.c b/readconf.c index 432b80ed0..6fe372796 100644 --- a/readconf.c +++ b/readconf.c @@ -22,9 +22,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include diff --git a/servconf.c b/servconf.c index ce44b5f60..dca9508ab 100644 --- a/servconf.c +++ b/servconf.c @@ -15,9 +15,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index f2d37129b..17236a55a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -23,9 +23,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #ifdef HAVE_PATHS_H # include #endif diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 30df75166..6b706f0af 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -14,9 +14,7 @@ #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #include #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index 435b839fa..89b8e4342 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -148,7 +148,7 @@ main(int argc, char **argv) { Buffer b; Options options; - Key *keys[2], *key; + Key *keys[2], *key = NULL; struct passwd *pw; int key_fd[2], i, found, version = 2, fd; u_char *signature, *data; diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index fb6fc2814..121fa52fa 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -41,6 +41,8 @@ #include #include #include +#include +#include #include #include diff --git a/ssh.c b/ssh.c index d0d9457c2..df787e45f 100644 --- a/ssh.c +++ b/ssh.c @@ -54,9 +54,7 @@ #include #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sshconnect.c b/sshconnect.c index f33cf52b1..21c5203c6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -24,9 +24,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #ifdef HAVE_PATHS_H #include #endif diff --git a/sshd.c b/sshd.c index 6428f42a0..cc1ebd8d9 100644 --- a/sshd.c +++ b/sshd.c @@ -54,9 +54,7 @@ #include #include -#if defined(HAVE_NETDB_H) -# include -#endif +#include #ifdef HAVE_PATHS_H #include #endif -- cgit v1.2.3 From 8b373baf13f9bec712ad01a0242241bc6529f5f4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:55:47 +1000 Subject: - (djm) [openbsd-compat/glob.c] Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles on OpenBSD (or other platforms with a decent glob implementation) with -Werror --- ChangeLog | 6 +++++- openbsd-compat/glob.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d2cd9b597..be85b0c52 100644 --- a/ChangeLog +++ b/ChangeLog @@ -112,6 +112,10 @@ make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED + - (djm) [openbsd-compat/glob.c] + Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles + on OpenBSD (or other platforms with a decent glob implementation) with + -Werror 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5030,4 +5034,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4430 2006/07/24 04:51:00 djm Exp $ +$Id: ChangeLog,v 1.4431 2006/07/24 04:55:47 djm Exp $ diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index b4873932a..907235353 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -44,6 +44,9 @@ #include #include +#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ + !defined(GLOB_HAS_GL_MATCHC) + static long get_arg_max(void) { @@ -56,9 +59,6 @@ get_arg_max(void) #endif } -#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) - /* * glob(3) -- a superset of the one defined in POSIX 1003.2. * -- cgit v1.2.3 From 874bc4883206d253640cb1a9704c5a1161093bcb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 14:58:07 +1000 Subject: - (djm) [uuencode.c] Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on some platforms --- ChangeLog | 5 ++++- uuencode.c | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index be85b0c52..f97c7acba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -116,6 +116,9 @@ Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles on OpenBSD (or other platforms with a decent glob implementation) with -Werror + - (djm) [uuencode.c] + Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on + some platforms 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5034,4 +5037,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4431 2006/07/24 04:55:47 djm Exp $ +$Id: ChangeLog,v 1.4432 2006/07/24 04:58:07 djm Exp $ diff --git a/uuencode.c b/uuencode.c index b8dcaeae6..3128309cc 100644 --- a/uuencode.c +++ b/uuencode.c @@ -29,6 +29,8 @@ #include +#include + #include "xmalloc.h" #include "uuencode.h" -- cgit v1.2.3 From ad5ecbf07227a5c7e1423adf7c68c6cfb05bbd1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 15:03:06 +1000 Subject: - (djm) [session.c] fix compile error with -Werror -Wall: 'path' is only used in do_setup_env() if HAVE_LOGIN_CAP is not defined --- ChangeLog | 7 +++++-- session.c | 5 ++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f97c7acba..aa3d0ae9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -119,7 +119,10 @@ - (djm) [uuencode.c] Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on some platforms - + - (djm) [session.c] + fix compile error with -Werror -Wall: 'path' is only used in + do_setup_env() if HAVE_LOGIN_CAP is not defined + 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5037,4 +5040,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4432 2006/07/24 04:58:07 djm Exp $ +$Id: ChangeLog,v 1.4433 2006/07/24 05:03:06 djm Exp $ diff --git a/session.c b/session.c index c2730a425..0c20d9e8a 100644 --- a/session.c +++ b/session.c @@ -995,8 +995,11 @@ do_setup_env(Session *s, const char *shell) { char buf[256]; u_int i, envsize; - char **env, *laddr, *path = NULL; + char **env, *laddr; struct passwd *pw = s->pw; +#ifndef HAVE_LOGIN_CAP + char *path = NULL; +#endif /* Initialize the environment. */ envsize = 100; -- cgit v1.2.3 From 62da44f0644f5d1cc7fa3b6b967482b5d2f15aa2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 15:08:35 +1000 Subject: - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] [openbsd-compat/rresvport.c] These look to need string.h and/or unistd.h (based on a grep for function names) --- ChangeLog | 11 +++++++++-- openbsd-compat/basename.c | 1 + openbsd-compat/bsd-closefrom.c | 2 ++ openbsd-compat/bsd-cray.c | 4 +++- openbsd-compat/bsd-openpty.c | 2 ++ openbsd-compat/bsd-snprintf.c | 2 ++ openbsd-compat/fake-rfc2553.c | 1 + openbsd-compat/port-aix.c | 2 ++ openbsd-compat/port-irix.c | 3 +++ openbsd-compat/rresvport.c | 1 + 10 files changed, 26 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa3d0ae9b..9e9ecfa6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,7 +122,14 @@ - (djm) [session.c] fix compile error with -Werror -Wall: 'path' is only used in do_setup_env() if HAVE_LOGIN_CAP is not defined - + - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] + [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] + [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] + [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] + [openbsd-compat/rresvport.c] + These look to need string.h and/or unistd.h (based on a grep for function + names) + 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5040,4 +5047,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4433 2006/07/24 05:03:06 djm Exp $ +$Id: ChangeLog,v 1.4434 2006/07/24 05:08:35 djm Exp $ diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c index ad040e139..4b10cb84b 100644 --- a/openbsd-compat/basename.c +++ b/openbsd-compat/basename.c @@ -20,6 +20,7 @@ #include "includes.h" #ifndef HAVE_BASENAME +#include char * basename(const char *path) diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 7509d2835..3f17302d1 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -25,6 +25,8 @@ #include #include #include +#include +#include #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index d1f1c059c..8093f6d54 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ + * $Id: bsd-cray.c,v 1.15 2006/07/24 05:08:36 djm Exp $ * * bsd-cray.c * @@ -53,6 +53,8 @@ #include #include #include +#include +#include #include #include #include diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 0b77a1da9..a2f2fda60 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -57,6 +57,8 @@ #endif #include +#include +#include #ifndef O_NOCTTY #define O_NOCTTY 0 diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index c30cd1223..9fdf4d3f0 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -108,6 +108,8 @@ #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) +#include + #ifdef HAVE_LONG_DOUBLE # define LDOUBLE long double #else diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index aae016bf7..08a7cb66c 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -36,6 +36,7 @@ */ #include "includes.h" +#include #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 6fd593aad..2d56e7e4a 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -38,6 +38,8 @@ # include #endif #include +#include +#include #include #include "port-aix.h" diff --git a/openbsd-compat/port-irix.c b/openbsd-compat/port-irix.c index aa6db1cf8..eaa91a4b5 100644 --- a/openbsd-compat/port-irix.c +++ b/openbsd-compat/port-irix.c @@ -29,6 +29,9 @@ defined(WITH_IRIX_JOBS) || \ defined(WITH_IRIX_ARRAY) +#include +#include + #ifdef WITH_IRIX_PROJECT # include #endif /* WITH_IRIX_PROJECT */ diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index fc029f46f..c10391872 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -36,6 +36,7 @@ #ifndef HAVE_RRESVPORT_AF #include +#include #if 0 int -- cgit v1.2.3 From 24f2a42e53d084486e93e45d96c9d6178c583043 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 15:30:18 +1000 Subject: - (djm) [Makefile.in] Remove generated openbsd-compat/regress/Makefile in distclean target --- ChangeLog | 4 +++- Makefile.in | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e9ecfa6a..b26426265 100644 --- a/ChangeLog +++ b/ChangeLog @@ -129,6 +129,8 @@ [openbsd-compat/rresvport.c] These look to need string.h and/or unistd.h (based on a grep for function names) + - (djm) [Makefile.in] + Remove generated openbsd-compat/regress/Makefile in distclean target 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5047,4 +5049,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4434 2006/07/24 05:08:35 djm Exp $ +$Id: ChangeLog,v 1.4435 2006/07/24 05:30:18 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 10be20d3f..fe510028f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.278 2006/04/23 02:15:08 djm Exp $ +# $Id: Makefile.in,v 1.279 2006/07/24 05:30:19 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -203,7 +203,8 @@ clean: regressclean distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds + rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) -- cgit v1.2.3 From 7b1877c803021430818ad7bd6bff504f0de1658f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 24 Jul 2006 15:31:41 +1000 Subject: - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] Sync regress tests to -current; include dtucker@'s new cfgmatch and forcecommand tests. Add cipher-speed.sh test (not linked in yet) --- ChangeLog | 6 ++- regress/Makefile | 10 +++-- regress/agent-getpeereid.sh | 7 ++- regress/cfgmatch.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++ regress/cipher-speed.sh | 47 ++++++++++++++++++++ regress/forcecommand.sh | 42 ++++++++++++++++++ regress/forwarding.sh | 32 +++++++++++++- 7 files changed, 242 insertions(+), 7 deletions(-) create mode 100644 regress/cfgmatch.sh create mode 100644 regress/cipher-speed.sh create mode 100644 regress/forcecommand.sh diff --git a/ChangeLog b/ChangeLog index b26426265..9e9bb3068 100644 --- a/ChangeLog +++ b/ChangeLog @@ -131,6 +131,10 @@ names) - (djm) [Makefile.in] Remove generated openbsd-compat/regress/Makefile in distclean target + - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] + [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] + Sync regress tests to -current; include dtucker@'s new cfgmatch and + forcecommand tests. Add cipher-speed.sh test (not linked in yet) 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5049,4 +5053,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4435 2006/07/24 05:30:18 djm Exp $ +$Id: ChangeLog,v 1.4436 2006/07/24 05:31:41 djm Exp $ diff --git a/regress/Makefile b/regress/Makefile index 4f47bc3fd..539956398 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.36 2005/03/04 08:48:46 djm Exp $ +# $OpenBSD: Makefile,v 1.42 2006/07/19 13:34:52 dtucker Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -40,7 +40,9 @@ LTESTS= connect \ forwarding \ multiplex \ reexec \ - brokenkeys + brokenkeys \ + cfgmatch \ + forcecommand USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ @@ -49,8 +51,8 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.scp ssh_proxy_envpass \ - remote_pid + scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ + sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 6186a8d48..e5fcedda7 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.2 2005/11/14 21:25:56 grunk Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.3 2006/07/06 12:01:53 grunk Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -12,6 +12,11 @@ then echo "skipped (not supported on this platform)" exit 0 fi +if [ -z "$SUDO" ]; then + echo "skipped: need SUDO to switch to uid $UNPRIV" + exit 0 +fi + trace "start agent" eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh new file mode 100644 index 000000000..3a789faab --- /dev/null +++ b/regress/cfgmatch.sh @@ -0,0 +1,105 @@ +# $OpenBSD: cfgmatch.sh,v 1.2 2006/07/22 01:50:00 dtucker Exp $ +# Placed in the Public Domain. + +tid="sshd_config match" + +pidfile=$OBJ/remote_pid +fwdport=3301 +fwd="-L $fwdport:127.0.0.1:$PORT" + +stop_client() +{ + pid=`cat $pidfile` + if [ ! -z "$pid" ]; then + kill $pid + fi +} + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config +echo "Match Address 127.0.0.1" >>$OBJ/sshd_config +echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config + +echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy +echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy +echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy + +start_sshd + +#set -x + +# Test Match + PermitOpen in sshd_config. This should be permitted +for p in 1 2; do + rm -f $pidfile + trace "match permitopen localhost proto $p" + ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ + "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ + fail "match permitopen proto $p sshd failed" + sleep 1; + ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match permitopen permit proto $p" + stop_client +done + +# Same but from different source. This should not be permitted +for p in 1 2; do + rm -f $pidfile + trace "match permitopen proxy proto $p" + ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ + "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ + fail "match permitopen proxy proto $p sshd failed" + sleep 1; + ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ + fail "match permitopen deny proto $p" + stop_client +done + +# Retry previous with key option, should also be denied. +echo -n 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER +for p in 1 2; do + rm -f $pidfile + trace "match permitopen proxy w/key opts proto $p" + ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ + "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ + fail "match permitopen w/key opt proto $p sshd failed" + sleep 1; + ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ + fail "match permitopen deny w/key opt proto $p" + stop_client +done + +# Test both sshd_config and key options permitting the same dst/port pair. +# Should be permitted. +for p in 1 2; do + rm -f $pidfile + trace "match permitopen localhost proto $p" + ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ + "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ + fail "match permitopen proto $p sshd failed" + sleep 1; + ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match permitopen permit proto $p" + stop_client +done + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy +echo "Match User $USER" >>$OBJ/sshd_proxy +echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy + +# Test that a Match overrides a PermitOpen in the global section +for p in 1 2; do + rm -f $pidfile + trace "match permitopen proxy w/key opts proto $p" + ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ + "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ + fail "match override permitopen proto $p sshd failed" + sleep 1; + ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ + fail "match override permitopen proto $p" + stop_client +done diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh new file mode 100644 index 000000000..592511143 --- /dev/null +++ b/regress/cipher-speed.sh @@ -0,0 +1,47 @@ +# $OpenBSD: cipher-speed.sh,v 1.2 2005/05/24 04:09:54 djm Exp $ +# Placed in the Public Domain. + +tid="cipher speed" + +getbytes () +{ + sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' +} + +tries="1 2" +DATA=/bin/ls +DATA=/bsd + +macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" +ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc + arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr" + +for c in $ciphers; do for m in $macs; do + trace "proto 2 cipher $c mac $m" + for x in $tries; do + echo -n "$c/$m:\t" + ( ${SSH} -o 'compression no' \ + -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ + exec sh -c \'"dd of=/dev/null obs=32k"\' \ + < ${DATA} ) 2>&1 | getbytes + + if [ $? -ne 0 ]; then + fail "ssh -2 failed with mac $m cipher $c" + fi + done +done; done + +ciphers="3des blowfish" +for c in $ciphers; do + trace "proto 1 cipher $c" + for x in $tries; do + echo -n "$c:\t" + ( ${SSH} -o 'compression no' \ + -F $OBJ/ssh_proxy -1 -c $c somehost \ + exec sh -c \'"dd of=/dev/null obs=32k"\' \ + < ${DATA} ) 2>&1 | getbytes + if [ $? -ne 0 ]; then + fail "ssh -1 failed with cipher $c" + fi + done +done diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh new file mode 100644 index 000000000..796e7c2c0 --- /dev/null +++ b/regress/forcecommand.sh @@ -0,0 +1,42 @@ +# $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ +# Placed in the Public Domain. + +tid="forced command" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +echo -n 'command="true" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="true" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +for p in 1 2; do + trace "forced command in key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +echo -n 'command="false" ' >$OBJ/authorized_keys_$USER +cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER +echo -n 'command="false" ' >>$OBJ/authorized_keys_$USER +cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command in sshd_config overrides key option proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "ForceCommand false" >> $OBJ/sshd_proxy +echo "Match User $USER" >> $OBJ/sshd_proxy +echo " ForceCommand true" >> $OBJ/sshd_proxy + +for p in 1 2; do + trace "forced command with match proto $p" + ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || + fail "forced command in key proto $p" +done diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 3b171144f..9ffbb3dd4 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.5 2005/03/10 10:20:39 dtucker Exp $ +# $OpenBSD: forwarding.sh,v 1.6 2006/07/11 18:51:21 markus Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -33,6 +33,36 @@ for p in 1 2; do sleep 10 done +for p in 1 2; do +for d in L R; do + trace "exit on -$d forward failure, proto $p" + + # this one should succeed + ${SSH} -$p -F $OBJ/ssh_config \ + -$d ${base}01:127.0.0.1:$PORT \ + -$d ${base}02:127.0.0.1:$PORT \ + -$d ${base}03:127.0.0.1:$PORT \ + -$d ${base}04:127.0.0.1:$PORT \ + -oExitOnForwardFailure=yes somehost true + if [ $? != 0 ]; then + fail "connection failed, should not" + else + # this one should fail + ${SSH} -q -$p -F $OBJ/ssh_config \ + -$d ${base}01:127.0.0.1:$PORT \ + -$d ${base}02:127.0.0.1:$PORT \ + -$d ${base}03:127.0.0.1:$PORT \ + -$d ${base}01:127.0.0.1:$PORT \ + -$d ${base}04:127.0.0.1:$PORT \ + -oExitOnForwardFailure=yes somehost true + r=$? + if [ $r != 255 ]; then + fail "connection not termintated, but should ($r)" + fi + fi +done +done + for p in 1 2; do trace "simple clear forwarding proto $p" ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true -- cgit v1.2.3 From 22c58b02423985004345d147193e4e112c75461b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jul 2006 23:19:40 +1000 Subject: - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including system headers before defines.h will cause conflicting definitions. --- ChangeLog | 4 +++- cleanup.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9e9bb3068..8982fe417 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,6 +135,8 @@ [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] Sync regress tests to -current; include dtucker@'s new cfgmatch and forcecommand tests. Add cipher-speed.sh test (not linked in yet) + - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including + system headers before defines.h will cause conflicting definitions. 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5053,4 +5055,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4436 2006/07/24 05:31:41 djm Exp $ +$Id: ChangeLog,v 1.4437 2006/07/24 13:19:40 dtucker Exp $ diff --git a/cleanup.c b/cleanup.c index 4e6c79ce7..0d9f2a6d2 100644 --- a/cleanup.c +++ b/cleanup.c @@ -15,6 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "config.h" + #include #include "log.h" -- cgit v1.2.3 From 28e9ad1bed41dd0a7ed9f8df64f97207e14c1072 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jul 2006 23:50:23 +1000 Subject: - (dtucker) [regress/forcecommand.sh] Portablize. --- ChangeLog | 3 ++- regress/forcecommand.sh | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8982fe417..77af8bef7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -137,6 +137,7 @@ forcecommand tests. Add cipher-speed.sh test (not linked in yet) - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including system headers before defines.h will cause conflicting definitions. + - (dtucker) [regress/forcecommand.sh] Portablize. 20060713 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h @@ -5055,4 +5056,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4437 2006/07/24 13:19:40 dtucker Exp $ +$Id: ChangeLog,v 1.4438 2006/07/24 13:50:23 dtucker Exp $ diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 796e7c2c0..99e51a60f 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh @@ -5,9 +5,9 @@ tid="forced command" cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak -echo -n 'command="true" ' >$OBJ/authorized_keys_$USER +echon 'command="true" ' >$OBJ/authorized_keys_$USER cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echo -n 'command="true" ' >>$OBJ/authorized_keys_$USER +echon 'command="true" ' >>$OBJ/authorized_keys_$USER cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER for p in 1 2; do @@ -16,9 +16,9 @@ for p in 1 2; do fail "forced command in key proto $p" done -echo -n 'command="false" ' >$OBJ/authorized_keys_$USER +echon 'command="false" ' >$OBJ/authorized_keys_$USER cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echo -n 'command="false" ' >>$OBJ/authorized_keys_$USER +echon 'command="false" ' >>$OBJ/authorized_keys_$USER cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy -- cgit v1.2.3 From 94346f85967e54ceec7b643eb7e74f4814fd75d7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 25 Jul 2006 19:52:07 +1000 Subject: - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. --- ChangeLog | 5 ++++- openbsd-compat/xmmap.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 77af8bef7..d4a4e7b6c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060725 + - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. + 20060724 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/07/12 13:39:55 @@ -5056,4 +5059,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4438 2006/07/24 13:50:23 dtucker Exp $ +$Id: ChangeLog,v 1.4439 2006/07/25 09:52:07 dtucker Exp $ diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 1293dcab0..6a1708e5d 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.9 2006/07/24 04:51:01 djm Exp $ */ +/* $Id: xmmap.c,v 1.10 2006/07/25 09:52:08 dtucker Exp $ */ #include "includes.h" @@ -32,6 +32,9 @@ #include #endif #include +#ifdef HAVE_FCNTL_H +# include +#endif #include #include -- cgit v1.2.3 From 88fdc83d4c56340fb4d39557fcd2d6fb55cb6f30 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Aug 2006 23:33:54 +1000 Subject: - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. --- ChangeLog | 5 ++++- openbsd-compat/daemon.c | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d4a4e7b6c..128057cbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060802 + - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. + 20060725 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. @@ -5059,4 +5062,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4439 2006/07/25 09:52:07 dtucker Exp $ +$Id: ChangeLog,v 1.4440 2006/08/02 13:33:54 dtucker Exp $ diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index f380139d3..e3a6886bd 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c @@ -44,6 +44,10 @@ # include #endif +#ifdef HAVE_UNISTD_H +# include +#endif + int daemon(int nochdir, int noclose) { -- cgit v1.2.3 From f1f4bdd1aaec7d4d0f0fa787a7b6d16906ca34fa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 4 Aug 2006 19:44:23 +1000 Subject: - (dtucker) [configure.ac] The "crippled AES" test does not work on recent versions of Solaris, so use AC_LINK_IFELSE to actually link the test program rather than just compiling it. Spotted by dlg@. --- ChangeLog | 7 ++++++- configure.ac | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 128057cbf..d3077fbda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060804 + - (dtucker) [configure.ac] The "crippled AES" test does not work on recent + versions of Solaris, so use AC_LINK_IFELSE to actually link the test program + rather than just compiling it. Spotted by dlg@. + 20060802 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. @@ -5062,4 +5067,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4440 2006/08/02 13:33:54 dtucker Exp $ +$Id: ChangeLog,v 1.4441 2006/08/04 09:44:23 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3373dadc7..31dac052e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.347 2006/07/12 09:02:57 dtucker Exp $ +# $Id: configure.ac,v 1.348 2006/08/04 09:44:23 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.347 $) +AC_REVISION($Revision: 1.348 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1892,7 +1892,7 @@ int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} # Check for OpenSSL without EVP_aes_{192,256}_cbc AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) -AC_COMPILE_IFELSE( +AC_LINK_IFELSE( [AC_LANG_SOURCE([[ #include #include -- cgit v1.2.3 From 437edb9e6657e1c51cb7565d29ca0002d4947954 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 09:11:13 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 [sshconnect.c] disable tunnel forwarding when no strict host key checking and key changed; ok djm@ markus@ dtucker@ --- ChangeLog | 9 ++++++++- sshconnect.c | 9 +++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3077fbda..1d718224c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060805 + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 + [sshconnect.c] + disable tunnel forwarding when no strict host key checking + and key changed; ok djm@ markus@ dtucker@ + 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent versions of Solaris, so use AC_LINK_IFELSE to actually link the test program @@ -5067,4 +5074,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4441 2006/08/04 09:44:23 dtucker Exp $ +$Id: ChangeLog,v 1.4442 2006/08/04 23:11:13 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 21c5203c6..06844eb71 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.193 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.194 2006/07/24 13:58:22 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -782,7 +782,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, /* * If strict host key checking has not been requested, allow * the connection but without MITM-able authentication or - * agent forwarding. + * forwarding. */ if (options.password_authentication) { error("Password authentication is disabled to avoid " @@ -817,6 +817,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, options.num_local_forwards = options.num_remote_forwards = 0; } + if (options.tun_open != SSH_TUNMODE_NO) { + error("Tunnel forwarding is disabled to avoid " + "man-in-the-middle attacks."); + options.tun_open = SSH_TUNMODE_NO; + } /* * XXX Should permit the user to change to use the new id. * This could be done by converting the host key to an -- cgit v1.2.3 From 7c6e4b059c29c695d3c411f5fa83abe953225e21 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 09:33:15 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 [scard.c] need #include --- ChangeLog | 5 ++++- scard.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1d718224c..ae91a5b7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [sshconnect.c] disable tunnel forwarding when no strict host key checking and key changed; ok djm@ markus@ dtucker@ + - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 + [scard.c] + need #include 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5074,4 +5077,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4442 2006/08/04 23:11:13 djm Exp $ +$Id: ChangeLog,v 1.4443 2006/08/04 23:33:15 djm Exp $ diff --git a/scard.c b/scard.c index 0a6ec816d..237a4e438 100644 --- a/scard.c +++ b/scard.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.c,v 1.32 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: scard.c,v 1.33 2006/07/25 02:01:34 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -27,7 +27,9 @@ #if defined(SMARTCARD) && defined(USE_SECTOK) #include + #include +#include #include "key.h" #include "log.h" -- cgit v1.2.3 From 9aec91948d134745c29ff63d32d46ac2c367306a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 10:57:45 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] move #include out of includes.h --- ChangeLog | 6 +++++- channels.c | 5 ++++- clientloop.c | 7 +++++-- includes.h | 8 +------- packet.c | 5 ++++- scp.c | 5 ++++- serverloop.c | 5 ++++- sftp-client.c | 5 ++++- sftp-server.c | 5 ++++- ssh-agent.c | 5 ++++- ssh-keyscan.c | 5 ++++- sshconnect.c | 5 ++++- sshd.c | 5 ++++- 13 files changed, 51 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae91a5b7a..fbed54378 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 [scard.c] need #include + - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 + [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] + [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] + move #include out of includes.h 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5077,4 +5081,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4443 2006/08/04 23:33:15 djm Exp $ +$Id: ChangeLog,v 1.4444 2006/08/05 00:57:45 djm Exp $ diff --git a/channels.c b/channels.c index 895c43f6a..f59afe01b 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.260 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.261 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,9 @@ #include #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include diff --git a/clientloop.c b/clientloop.c index 0c700dbd4..e38089c1e 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.170 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.171 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,11 +62,14 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_STAT_H # include #endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include -#include #include #include diff --git a/includes.h b/includes.h index 7a7bd8176..fc85e6778 100644 --- a/includes.h +++ b/includes.h @@ -20,6 +20,7 @@ #define _GNU_SOURCE /* activate extra prototypes for glibc */ +#include #include #include @@ -69,19 +70,12 @@ # include #endif #ifdef HAVE_UTMPX_H -# ifdef HAVE_TV_IN_UTMPX -# include -# endif # include #endif #ifdef HAVE_LASTLOG_H # include #endif -#include -#ifdef HAVE_SYS_TIME_H -# include /* For timersub */ -#endif #ifdef HAVE_SYS_SELECT_H # include #endif diff --git a/packet.c b/packet.c index 8250b3bc8..a20e4ed02 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.137 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.138 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,6 +42,9 @@ #include #include "openbsd-compat/sys-queue.h" #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include diff --git a/scp.c b/scp.c index 5ff6cac9a..cf8db8f34 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.150 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.151 2006/07/25 02:59:21 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -77,6 +77,9 @@ #ifdef HAVE_SYS_STAT_H # include #endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include diff --git a/serverloop.c b/serverloop.c index ba1e0dad7..1772992e8 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.141 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.142 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,9 @@ #include #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include diff --git a/sftp-client.c b/sftp-client.c index 9e7011ffd..b00dc70bd 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.70 2006/07/23 01:11:05 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.71 2006/07/25 02:59:21 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -26,6 +26,9 @@ #ifdef HAVE_SYS_STAT_H # include #endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include diff --git a/sftp-server.c b/sftp-server.c index 6067f0203..13ba8e625 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.65 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.66 2006/07/25 02:59:21 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -18,6 +18,9 @@ #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include diff --git a/ssh-agent.c b/ssh-agent.c index 5bf4dbc18..e4b620483 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.146 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.147 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,9 @@ #include #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #ifdef HAVE_SYS_UN_H # include #endif diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 6b706f0af..e47460a8a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.69 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.70 2006/07/25 02:59:21 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -11,6 +11,9 @@ #include "openbsd-compat/sys-queue.h" #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include diff --git a/sshconnect.c b/sshconnect.c index 06844eb71..4301fb20f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.194 2006/07/24 13:58:22 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.195 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,9 @@ #include #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include diff --git a/sshd.c b/sshd.c index cc1ebd8d9..82a37ef46 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.339 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.340 2006/07/25 02:59:21 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,6 +50,9 @@ #endif #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include -- cgit v1.2.3 From 8dbffe7904c4e28b7a741064a468f1cd98c0ad81 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:02:17 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include out of includes.h --- ChangeLog | 9 ++++++++- atomicio.c | 4 +++- auth.c | 3 ++- authfile.c | 3 ++- buffer.c | 4 +++- clientloop.c | 3 ++- dh.c | 4 +++- groupaccess.c | 3 ++- gss-genr.c | 4 +++- includes.h | 1 - kex.c | 4 +++- kexgexs.c | 4 +++- misc.c | 3 ++- monitor.c | 3 ++- monitor_mm.c | 9 +++++---- packet.c | 3 ++- scp.c | 3 ++- serverloop.c | 3 ++- session.c | 5 +++-- sftp-client.c | 3 ++- sftp-common.c | 3 ++- sftp-server.c | 3 ++- sftp.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 5 +++-- ssh-keygen.c | 3 ++- sshlogin.c | 3 ++- uidswap.c | 3 ++- xmalloc.c | 4 +++- 29 files changed, 74 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index fbed54378..9d02af420 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,13 @@ [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 + [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] + [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] + [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] + [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] + [uidswap.c xmalloc.c] + move #include out of includes.h 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5081,4 +5088,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4444 2006/08/05 00:57:45 djm Exp $ +$Id: ChangeLog,v 1.4445 2006/08/05 01:02:17 djm Exp $ diff --git a/atomicio.c b/atomicio.c index 009ce1d11..4ff990fd3 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.21 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: atomicio.c,v 1.22 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -28,6 +28,8 @@ #include "includes.h" +#include + #include #include diff --git a/auth.c b/auth.c index 0f1d530e7..0089a1dd9 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.72 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.73 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include #include +#include #include #ifdef HAVE_PATHS_H diff --git a/authfile.c b/authfile.c index 8421665b8..e01a08aac 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.71 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.72 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,6 +40,7 @@ #include #include +#include #include #include diff --git a/buffer.c b/buffer.c index 8c9f534f8..c6e8a8d48 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.28 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: buffer.c,v 1.29 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,8 @@ #include "includes.h" +#include + #include #include "xmalloc.h" diff --git a/clientloop.c b/clientloop.c index e38089c1e..ca7b9060a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.171 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.172 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -63,6 +63,7 @@ #include #include +#include #ifdef HAVE_SYS_STAT_H # include #endif diff --git a/dh.c b/dh.c index b37195f41..bad0a3480 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.38 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: dh.c,v 1.39 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include diff --git a/groupaccess.c b/groupaccess.c index 41f419740..3431691b9 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.10 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.11 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -26,6 +26,7 @@ #include "includes.h" #include +#include #include #include diff --git a/gss-genr.c b/gss-genr.c index 522fedab3..93dbeeebb 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.12 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,6 +28,8 @@ #ifdef GSSAPI +#include + #include #include diff --git a/includes.h b/includes.h index fc85e6778..9dc284a69 100644 --- a/includes.h +++ b/includes.h @@ -82,7 +82,6 @@ #ifdef HAVE_SYS_BSDTTY_H # include #endif -#include /* For MAXPATHLEN and roundup() */ #ifdef HAVE_STDINT_H # include #endif diff --git a/kex.c b/kex.c index 007173388..5c1be6ede 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.72 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: kex.c,v 1.73 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include diff --git a/kexgexs.c b/kexgexs.c index 72b66230f..2bd7ee948 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.5 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.6 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,8 @@ #include "includes.h" +#include + #include #include "xmalloc.h" diff --git a/misc.c b/misc.c index 4c202db2a..fc3fcca44 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.60 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.61 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -29,6 +29,7 @@ #include #include #include +#include #include #include diff --git a/monitor.c b/monitor.c index 3799d8862..ab716bdf0 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.82 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.83 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -28,6 +28,7 @@ #include "includes.h" #include +#include #include #include diff --git a/monitor_mm.c b/monitor_mm.c index b6da6927f..89a8c9b49 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.13 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.14 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -26,12 +26,13 @@ #include "includes.h" -#include -#include - #ifdef HAVE_SYS_MMAN_H #include #endif +#include + +#include +#include #include "ssh.h" #include "xmalloc.h" diff --git a/packet.c b/packet.c index a20e4ed02..875f9eb32 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.138 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.139 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,7 @@ #include #include "openbsd-compat/sys-queue.h" +#include #include #ifdef HAVE_SYS_TIME_H # include diff --git a/scp.c b/scp.c index cf8db8f34..fa481d67b 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.151 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.152 2006/07/26 02:35:17 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -74,6 +74,7 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_STAT_H # include #endif diff --git a/serverloop.c b/serverloop.c index 1772992e8..77c4a5a27 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.142 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.143 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,7 @@ #include "includes.h" #include +#include #include #include #ifdef HAVE_SYS_TIME_H diff --git a/session.c b/session.c index 0c20d9e8a..11620f855 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.212 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.213 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -36,12 +36,13 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_STAT_H # include #endif #include -#include #include +#include #include diff --git a/sftp-client.c b/sftp-client.c index b00dc70bd..4416afa4c 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.71 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.72 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -23,6 +23,7 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_STAT_H # include #endif diff --git a/sftp-common.c b/sftp-common.c index 2f3a90971..da907ff01 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.17 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.18 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -28,6 +28,7 @@ #include #include +#include #include #include diff --git a/sftp-server.c b/sftp-server.c index 13ba8e625..02c897c11 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.66 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.67 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -17,6 +17,7 @@ #include "includes.h" #include +#include #include #ifdef HAVE_SYS_TIME_H # include diff --git a/sftp.c b/sftp.c index 2da6c722f..761091ec3 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.87 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.88 2006/07/26 02:35:17 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -22,6 +22,7 @@ # include #endif #include +#include #include #include diff --git a/ssh-add.c b/ssh-add.c index f79ffb915..520f23ca5 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.85 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.86 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,7 @@ #include #include +#include #include diff --git a/ssh-agent.c b/ssh-agent.c index e4b620483..ed48c56d4 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.147 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.148 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,8 @@ #include "includes.h" #include +#include +#include #include #include #ifdef HAVE_SYS_TIME_H @@ -46,7 +48,6 @@ # include #endif #include "openbsd-compat/sys-queue.h" -#include #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 17236a55a..8b48fbda0 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.150 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.151 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -17,6 +17,7 @@ #include #include #include +#include #include #include diff --git a/sshlogin.c b/sshlogin.c index 8d811facd..4b2808206 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.22 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.23 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,6 +42,7 @@ #include "includes.h" #include +#include #include #include diff --git a/uidswap.c b/uidswap.c index 255f9142c..878258704 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.33 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: uidswap.c,v 1.34 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,6 +15,7 @@ #include "includes.h" #include +#include #include #include diff --git a/xmalloc.c b/xmalloc.c index e7a14866b..511a9e12a 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.23 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.24 2006/07/26 02:35:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,6 +15,8 @@ #include "includes.h" +#include + #include #include -- cgit v1.2.3 From e7a1e5cf630d635b253f0c0bada8c8886436297f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:34:19 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include out of includes.h --- ChangeLog | 9 ++++++++- authfd.c | 3 ++- authfile.c | 3 ++- canohost.c | 3 ++- channels.c | 3 ++- clientloop.c | 3 ++- compat.c | 3 ++- dh.c | 3 ++- hostfile.c | 9 +++++---- includes.h | 1 - kex.c | 3 ++- log.c | 3 ++- misc.c | 3 ++- moduli.c | 3 ++- monitor.c | 3 ++- packet.c | 3 ++- readpass.c | 3 ++- scp.c | 3 ++- servconf.c | 3 ++- session.c | 3 ++- sftp-server.c | 3 ++- sftp.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 3 ++- ssh-keygen.c | 3 ++- ssh-keyscan.c | 5 +++-- ssh-keysign.c | 3 ++- ssh.c | 3 ++- sshconnect.c | 3 ++- sshconnect1.c | 3 ++- sshd.c | 3 ++- xmalloc.c | 3 ++- 32 files changed, 72 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d02af420..b9a3ca2fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,13 @@ [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 + [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] + [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] + [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] + [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] + [sshconnect1.c sshd.c xmalloc.c] + move #include out of includes.h 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5088,4 +5095,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4445 2006/08/05 01:02:17 djm Exp $ +$Id: ChangeLog,v 1.4446 2006/08/05 01:34:19 djm Exp $ diff --git a/authfd.c b/authfd.c index 52766bcd2..f8ee8051d 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.78 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: authfd.c,v 1.79 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ #include #include +#include #include #include diff --git a/authfile.c b/authfile.c index e01a08aac..7231be55f 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.72 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.73 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,6 +48,7 @@ #include #include +#include #include #include diff --git a/canohost.c b/canohost.c index b40cbf603..681139cdf 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.58 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.59 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -22,6 +22,7 @@ #include #include #include +#include #include #include "packet.h" diff --git a/channels.c b/channels.c index f59afe01b..b8c4e7e74 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.261 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.262 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ #include #include +#include #include #include #include diff --git a/clientloop.c b/clientloop.c index ca7b9060a..46f52e1a2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.172 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.173 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,7 @@ #include #endif #include +#include #include #include #include diff --git a/compat.c b/compat.c index 35e429a5f..e1a8b2bfd 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.74 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: compat.c,v 1.75 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -25,6 +25,7 @@ #include "includes.h" +#include #include #include "buffer.h" diff --git a/dh.c b/dh.c index bad0a3480..1ebd3f48e 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.39 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: dh.c,v 1.40 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include "dh.h" diff --git a/hostfile.c b/hostfile.c index c067f5e11..33516a64c 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.42 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: hostfile.c,v 1.43 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,12 +42,13 @@ #include -#include -#include - #include #include +#include +#include +#include + #include "match.h" #include "key.h" #include "hostfile.h" diff --git a/includes.h b/includes.h index 9dc284a69..215c00879 100644 --- a/includes.h +++ b/includes.h @@ -22,7 +22,6 @@ #include #include -#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/kex.c b/kex.c index 5c1be6ede..4b1dda814 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.73 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: kex.c,v 1.74 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include +#include #include #include "ssh2.h" diff --git a/log.c b/log.c index 8a308c2f8..68cbfc7d9 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.35 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.36 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,7 @@ #include "includes.h" #include +#include #include #include #include diff --git a/misc.c b/misc.c index fc3fcca44..c251139f0 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.61 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.62 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -32,6 +32,7 @@ #include #include +#include #include #include diff --git a/moduli.c b/moduli.c index 4d5576a1f..7b6a7b89f 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.15 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: moduli.c,v 1.16 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -43,6 +43,7 @@ #include +#include #include #include diff --git a/monitor.c b/monitor.c index ab716bdf0..325179854 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.83 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.84 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -39,6 +39,7 @@ #endif #include #include +#include #include #ifdef SKEY diff --git a/packet.c b/packet.c index 875f9eb32..2c980d25e 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.139 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.140 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,6 +53,7 @@ #include #include +#include #include #include diff --git a/readpass.c b/readpass.c index 1982fb6c5..78b136f33 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.44 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.45 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ # include #endif #include +#include #include #include diff --git a/scp.c b/scp.c index fa481d67b..a807338bf 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.152 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.153 2006/07/26 13:57:17 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include diff --git a/servconf.c b/servconf.c index dca9508ab..05f47355c 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.160 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.161 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -16,6 +16,7 @@ #include #include +#include #include #include diff --git a/session.c b/session.c index 11620f855..2ddc5bd27 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.213 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.214 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -53,6 +53,7 @@ #endif #include #include +#include #include #include diff --git a/sftp-server.c b/sftp-server.c index 02c897c11..abc9539e4 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.67 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.68 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include diff --git a/sftp.c b/sftp.c index 761091ec3..ca91bc50b 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.88 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.89 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -37,6 +37,7 @@ typedef void EditLine; #endif #include +#include #include #include diff --git a/ssh-add.c b/ssh-add.c index 520f23ca5..eccc8ce45 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.86 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.87 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include #include +#include #include #include diff --git a/ssh-agent.c b/ssh-agent.c index ed48c56d4..478f8d1ee 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.148 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.149 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,6 +58,7 @@ # include #endif #include +#include #include #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 8b48fbda0..6383d7479 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.151 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.152 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -29,6 +29,7 @@ # include #endif #include +#include #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index e47460a8a..3d8cc7e4a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.70 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.71 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -19,8 +19,9 @@ #include #include -#include #include +#include +#include #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index 89b8e4342..89fdbda36 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.27 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.28 2006/07/26 13:57:17 stevesk Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #endif #include +#include #include #include diff --git a/ssh.c b/ssh.c index df787e45f..e08239c61 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.289 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.290 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,6 +61,7 @@ #include #include #include +#include #include #include diff --git a/sshconnect.c b/sshconnect.c index 4301fb20f..d70410a8e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.195 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.196 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -32,6 +32,7 @@ #include #endif #include +#include #include #include diff --git a/sshconnect1.c b/sshconnect1.c index ab5216214..37024e750 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.66 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.67 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/sshd.c b/sshd.c index 82a37ef46..9fa179933 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.340 2006/07/25 02:59:21 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.341 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -64,6 +64,7 @@ #include #include #include +#include #include #include diff --git a/xmalloc.c b/xmalloc.c index 511a9e12a..77e2d27c7 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.24 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.25 2006/07/26 13:57:17 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include #include "xmalloc.h" -- cgit v1.2.3 From 858bb7dc7c41816e0c779b1bda09324b9ea97ddf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:34:51 +1000 Subject: - jmc@cvs.openbsd.org 2006/07/27 08:00:50 [ssh_config.5] avoid confusing wording in HashKnownHosts: originally spotted by alan amesbury; ok deraadt --- ChangeLog | 7 ++++++- ssh_config.5 | 7 ++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b9a3ca2fb..54fa577b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,11 @@ [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include out of includes.h + - jmc@cvs.openbsd.org 2006/07/27 08:00:50 + [ssh_config.5] + avoid confusing wording in HashKnownHosts: + originally spotted by alan amesbury; + ok deraadt 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5095,4 +5100,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4446 2006/08/05 01:34:19 djm Exp $ +$Id: ChangeLog,v 1.4447 2006/08/05 01:34:51 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 55ca55303..20c58934a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.96 2006/07/11 18:50:48 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -497,8 +497,9 @@ but they do not reveal identifying information should the file's contents be disclosed. The default is .Dq no . -Note that hashing of names and addresses will not be retrospectively applied -to existing known hosts files, but these may be manually hashed using +Note that existing names and addresses in known hosts files +will not be converted automatically, +but may be manually hashed using .Xr ssh-keygen 1 . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key -- cgit v1.2.3 From 1a5b4041fbe92b13bea046bd683a1dd887514605 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:35:23 +1000 Subject: - stevesk@cvs.openbsd.org 2006/07/30 20:15:19 [atomicio.h] order includes to KNF --- ChangeLog | 7 ++++++- atomicio.h | 5 +++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 54fa577b3..74dfec38f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,11 @@ avoid confusing wording in HashKnownHosts: originally spotted by alan amesbury; ok deraadt + - jmc@cvs.openbsd.org 2006/07/27 08:00:50 + [ssh_config.5] + avoid confusing wording in HashKnownHosts: + originally spotted by alan amesbury; + ok deraadt 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5100,4 +5105,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4447 2006/08/05 01:34:51 djm Exp $ +$Id: ChangeLog,v 1.4448 2006/08/05 01:35:23 djm Exp $ diff --git a/atomicio.h b/atomicio.h index 03bf065e2..05b97ab8b 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.8 2006/04/16 00:52:55 djm Exp $ */ +/* $OpenBSD: atomicio.h,v 1.9 2006/07/30 20:15:19 stevesk Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. @@ -30,9 +30,10 @@ #define _ATOMICIO_H #include -#include #include +#include + /* * Ensure all of data on socket comes through. f==read || f==vwrite */ -- cgit v1.2.3 From da828395979bad8b4b5019b7b08c7477c706cc94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:35:45 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 [sshconnect.c] Allow fallback to known_hosts entries without port qualifiers for non-standard ports too, so that all existing known_hosts entries will be recognised. Requested by, feedback and ok markus@ --- ChangeLog | 7 ++++++- sshconnect.c | 34 +++++++++++++++++++++++++--------- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74dfec38f..a97e77aaf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,11 @@ avoid confusing wording in HashKnownHosts: originally spotted by alan amesbury; ok deraadt + - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 + [sshconnect.c] + Allow fallback to known_hosts entries without port qualifiers for + non-standard ports too, so that all existing known_hosts entries will be + recognised. Requested by, feedback and ok markus@ 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5105,4 +5110,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4448 2006/08/05 01:35:23 djm Exp $ +$Id: ChangeLog,v 1.4449 2006/08/05 01:35:45 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index d70410a8e..54e664830 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.196 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.197 2006/08/01 11:34:36 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -521,9 +521,13 @@ confirm(const char *prompt) * check whether the supplied host key is valid, return -1 if the key * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ +#define RDRW 0 +#define RDONLY 1 +#define ROQUIET 2 static int -check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, - int readonly, const char *user_hostfile, const char *system_hostfile) +check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, + Key *host_key, int readonly, const char *user_hostfile, + const char *system_hostfile) { Key *file_key; const char *type = key_type(host_key); @@ -578,7 +582,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("check_host_key: getnameinfo failed"); - ip = put_host_port(ntop, options.port); + ip = put_host_port(ntop, port); } else { ip = xstrdup(""); } @@ -600,7 +604,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, host = xstrdup(options.host_key_alias); debug("using hostkeyalias: %s", host); } else { - host = put_host_port(hostname, options.port); + host = put_host_port(hostname, port); } /* @@ -669,6 +673,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, } break; case HOST_NEW: + if (options.host_key_alias == NULL && port != 0 && + port != SSH_DEFAULT_PORT) { + debug("checking without port identifier"); + if (check_host_key(hostname, hostaddr, 0, host_key, 2, + user_hostfile, system_hostfile) == 0) { + debug("found matching key w/out port"); + break; + } + } if (readonly) goto fail; /* The host is new. */ @@ -748,6 +761,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, "list of known hosts.", hostp, type); break; case HOST_CHANGED: + if (readonly == ROQUIET) + goto fail; if (options.check_host_ip && host_ip_differ) { char *key_msg; if (ip_status == HOST_NEW) @@ -906,12 +921,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) /* return ok if the key can be found in an old keyfile */ if (stat(options.system_hostfile2, &st) == 0 || stat(options.user_hostfile2, &st) == 0) { - if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1, - options.user_hostfile2, options.system_hostfile2) == 0) + if (check_host_key(host, hostaddr, options.port, host_key, + RDONLY, options.user_hostfile2, + options.system_hostfile2) == 0) return 0; } - return check_host_key(host, hostaddr, host_key, /*readonly*/ 0, - options.user_hostfile, options.system_hostfile); + return check_host_key(host, hostaddr, options.port, host_key, + RDRW, options.user_hostfile, options.system_hostfile); } /* -- cgit v1.2.3 From a7a73ee35d030c817b3eea5c6c3a75c765ca8e69 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:37:59 +1000 Subject: - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include out of includes.h --- ChangeLog | 13 ++++++++++++- auth-passwd.c | 3 ++- auth-rhosts.c | 3 ++- auth-rsa.c | 3 ++- auth.c | 3 ++- auth.h | 3 ++- auth1.c | 3 ++- auth2-chall.c | 3 ++- auth2-pubkey.c | 3 ++- authfile.c | 3 ++- buffer.c | 3 ++- canohost.c | 3 ++- channels.c | 3 ++- clientloop.c | 3 ++- dh.c | 3 ++- dns.c | 3 ++- dns.h | 4 +++- hostfile.c | 3 ++- includes.h | 1 - kex.c | 3 ++- kexdhc.c | 3 ++- kexgexc.c | 3 ++- kexgexs.c | 3 ++- key.c | 3 ++- key.h | 4 +++- log.c | 3 ++- misc.c | 3 ++- misc.h | 3 ++- moduli.c | 3 ++- monitor_wrap.c | 3 ++- packet.c | 3 ++- progressmeter.c | 3 ++- readconf.c | 3 ++- readpass.c | 3 ++- scp.c | 3 ++- servconf.c | 3 ++- session.c | 3 ++- sftp-client.c | 3 ++- sftp-common.c | 3 ++- sftp-server.c | 3 ++- sftp.c | 3 ++- ssh-add.c | 3 ++- ssh-agent.c | 3 ++- ssh-keygen.c | 3 ++- ssh-keyscan.c | 3 ++- ssh.c | 3 ++- sshconnect.c | 3 ++- sshconnect1.c | 3 ++- sshconnect2.c | 3 ++- sshd.c | 3 ++- sshlogin.c | 3 ++- sshtty.c | 3 ++- uuencode.c | 3 ++- uuencode.h | 5 ++++- xmalloc.c | 3 ++- 55 files changed, 122 insertions(+), 55 deletions(-) diff --git a/ChangeLog b/ChangeLog index a97e77aaf..de401547e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,17 @@ Allow fallback to known_hosts entries without port qualifiers for non-standard ports too, so that all existing known_hosts entries will be recognised. Requested by, feedback and ok markus@ + - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 + [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] + [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] + [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] + [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] + [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] + [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] + [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] + [uuencode.h xmalloc.c] + move #include out of includes.h 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5110,4 +5121,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4449 2006/08/05 01:35:45 djm Exp $ +$Id: ChangeLog,v 1.4450 2006/08/05 01:37:59 djm Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index e5edc9336..f8df17e6a 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.38 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.39 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,7 @@ #include #include +#include #include #include "packet.h" diff --git a/auth-rhosts.c b/auth-rhosts.c index c14604dc4..8dc4ede05 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.40 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ # include #endif #include +#include #include #include "packet.h" diff --git a/auth-rsa.c b/auth-rsa.c index 65c77805f..f3e27e9fa 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.69 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.70 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ #include #include +#include #include #include "rsa.h" diff --git a/auth.c b/auth.c index 0089a1dd9..88a8e22ef 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.73 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.74 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -44,6 +44,7 @@ #include #endif #include +#include #include #include "xmalloc.h" diff --git a/auth.h b/auth.h index 65250138f..2c7499573 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.55 2006/07/23 01:11:05 stevesk Exp $ */ +/* $OpenBSD: auth.h,v 1.56 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -33,6 +33,7 @@ #include #include #include +#include #include "buffer.h" #include diff --git a/auth1.c b/auth1.c index 034010fda..2c5585768 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.68 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth1.c,v 1.69 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -14,6 +14,7 @@ #include +#include #include #include diff --git a/auth2-chall.c b/auth2-chall.c index ad6b7233f..89b261e61 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.28 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.29 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -25,6 +25,7 @@ */ #include "includes.h" +#include #include #include "ssh2.h" diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 7962dcef2..41763f763 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.13 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.14 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include #include +#include #include "ssh.h" #include "ssh2.h" diff --git a/authfile.c b/authfile.c index 7231be55f..f1d47b00b 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.73 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.74 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,6 +48,7 @@ #include #include +#include #include #include #include diff --git a/buffer.c b/buffer.c index c6e8a8d48..25868b94d 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.29 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: buffer.c,v 1.30 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,6 +16,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/canohost.c b/canohost.c index 681139cdf..c236617d7 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.59 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.60 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -22,6 +22,7 @@ #include #include #include +#include #include #include diff --git a/channels.c b/channels.c index b8c4e7e74..80cb32461 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.262 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.263 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ #include #include +#include #include #include #include diff --git a/clientloop.c b/clientloop.c index 46f52e1a2..f9ffa2bb7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.173 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.174 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,7 @@ #include #endif #include +#include #include #include #include diff --git a/dh.c b/dh.c index 1ebd3f48e..4ca949138 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.40 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: dh.c,v 1.41 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include diff --git a/dns.c b/dns.c index c9368b96b..008fc596f 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.21 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.22 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -31,6 +31,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/dns.h b/dns.h index 818750384..8f9601824 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.8 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: dns.h,v 1.9 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -30,6 +30,8 @@ #include #include +#include + #ifndef DNS_H #define DNS_H diff --git a/hostfile.c b/hostfile.c index 33516a64c..7ac69e776 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.43 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: hostfile.c,v 1.44 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -46,6 +46,7 @@ #include #include +#include #include #include diff --git a/includes.h b/includes.h index 215c00879..9b6a63fb3 100644 --- a/includes.h +++ b/includes.h @@ -21,7 +21,6 @@ #define _GNU_SOURCE /* activate extra prototypes for glibc */ #include -#include #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ diff --git a/kex.c b/kex.c index 4b1dda814..3525307c3 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.74 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: kex.c,v 1.75 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -29,6 +29,7 @@ #include +#include #include #include diff --git a/kexdhc.c b/kexdhc.c index dbbd9bbd0..9d123e748 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.7 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.8 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,7 @@ #include "includes.h" +#include #include #include "xmalloc.h" diff --git a/kexgexc.c b/kexgexc.c index fb2049ea7..9c618ec6c 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.7 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.8 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,7 @@ #include "includes.h" +#include #include #include "xmalloc.h" diff --git a/kexgexs.c b/kexgexs.c index 2bd7ee948..0b01ed800 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.6 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.7 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -28,6 +28,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/key.c b/key.c index e6868de6d..745c474f9 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.65 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: key.c,v 1.66 2006/08/01 23:22:47 stevesk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,6 +36,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/key.h b/key.h index ee78d48d5..57af279b8 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.24 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: key.h,v 1.25 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,6 +29,8 @@ #include #include +#include + typedef struct Key Key; enum types { KEY_RSA1, diff --git a/log.c b/log.c index 68cbfc7d9..871bc2c42 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.36 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.37 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,7 @@ #include "includes.h" #include +#include #include #include #include diff --git a/misc.c b/misc.c index c251139f0..ef2014f61 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.62 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.63 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -32,6 +32,7 @@ #include #include +#include #include #include #include diff --git a/misc.h b/misc.h index 139a62e05..1dded7215 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.34 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -18,6 +18,7 @@ #include #include +#include /* misc.c */ diff --git a/moduli.c b/moduli.c index 7b6a7b89f..a164b4f5d 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.16 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: moduli.c,v 1.17 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -43,6 +43,7 @@ #include +#include #include #include #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 3728e5f55..27e2fc7c3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.48 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.49 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -34,6 +34,7 @@ #include #include +#include #include #include "ssh.h" diff --git a/packet.c b/packet.c index 2c980d25e..acf72f77e 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.140 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.141 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,6 +53,7 @@ #include #include +#include #include #include #include diff --git a/progressmeter.c b/progressmeter.c index 19dc917c9..cbbb34023 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.34 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.35 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include #include diff --git a/readconf.c b/readconf.c index 6fe372796..9975c9d32 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.157 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.158 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ #include #include #include +#include #include #include diff --git a/readpass.c b/readpass.c index 78b136f33..8af5d444d 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.45 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.46 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ # include #endif #include +#include #include #include #include diff --git a/scp.c b/scp.c index a807338bf..8d9de0135 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.153 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.154 2006/08/01 23:22:47 stevesk Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include diff --git a/servconf.c b/servconf.c index 05f47355c..4edc80efe 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.161 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.162 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -16,6 +16,7 @@ #include #include +#include #include #include #include diff --git a/session.c b/session.c index 2ddc5bd27..a6d5ad257 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.214 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.215 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -53,6 +53,7 @@ #endif #include #include +#include #include #include #include diff --git a/sftp-client.c b/sftp-client.c index 4416afa4c..b7b126d21 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.72 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.73 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -34,6 +34,7 @@ #include #include #include +#include #include #include diff --git a/sftp-common.c b/sftp-common.c index da907ff01..3faed373e 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.18 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.19 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -32,6 +32,7 @@ #include #include +#include #include #include diff --git a/sftp-server.c b/sftp-server.c index abc9539e4..c0839782d 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.68 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.69 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include diff --git a/sftp.c b/sftp.c index ca91bc50b..82ef58019 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.89 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.90 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -38,6 +38,7 @@ typedef void EditLine; #endif #include #include +#include #include #include diff --git a/ssh-add.c b/ssh-add.c index eccc8ce45..a8d98fd1f 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.87 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.88 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,6 +45,7 @@ #include #include +#include #include #include #include diff --git a/ssh-agent.c b/ssh-agent.c index 478f8d1ee..54c2b9c47 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.149 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.150 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,6 +58,7 @@ # include #endif #include +#include #include #include #include diff --git a/ssh-keygen.c b/ssh-keygen.c index 6383d7479..d8b793e81 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.152 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.153 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -29,6 +29,7 @@ # include #endif #include +#include #include #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3d8cc7e4a..701540841 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.71 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.72 2006/08/01 23:22:47 stevesk Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include diff --git a/ssh.c b/ssh.c index e08239c61..8dc987214 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.290 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.291 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include diff --git a/sshconnect.c b/sshconnect.c index 54e664830..af75bba8d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.197 2006/08/01 11:34:36 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.198 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -32,6 +32,7 @@ #include #endif #include +#include #include #include #include diff --git a/sshconnect1.c b/sshconnect1.c index 37024e750..f0eee3bdf 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.67 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.68 2006/08/01 23:22:47 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include #include diff --git a/sshconnect2.c b/sshconnect2.c index 41be0b91c..27e5442e9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.158 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.159 2006/08/01 23:22:48 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include diff --git a/sshd.c b/sshd.c index 9fa179933..5cefd1024 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.341 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.342 2006/08/01 23:22:48 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -64,6 +64,7 @@ #include #include #include +#include #include #include diff --git a/sshlogin.c b/sshlogin.c index 4b2808206..b01fde091 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.23 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.24 2006/08/01 23:22:48 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -46,6 +46,7 @@ #include #include +#include #include #include #include diff --git a/sshtty.c b/sshtty.c index 7cb848d2c..70668afde 100644 --- a/sshtty.c +++ b/sshtty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshtty.c,v 1.10 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: sshtty.c,v 1.11 2006/08/01 23:22:48 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,7 @@ #include "includes.h" +#include #include #include "sshpty.h" diff --git a/uuencode.c b/uuencode.c index 3128309cc..8a6742e95 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.22 2006/07/05 02:42:09 stevesk Exp $ */ +/* $OpenBSD: uuencode.c,v 1.23 2006/08/01 23:22:48 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include "xmalloc.h" #include "uuencode.h" diff --git a/uuencode.h b/uuencode.h index bb98bf8d6..df09eb59b 100644 --- a/uuencode.h +++ b/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.11 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: uuencode.h,v 1.12 2006/08/01 23:22:48 stevesk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,6 +26,9 @@ #ifndef UUENCODE_H #define UUENCODE_H + +#include + int uuencode(const u_char *, u_int, char *, size_t); int uudecode(const char *, u_char *, size_t); void dump_base64(FILE *, u_char *, u_int); diff --git a/xmalloc.c b/xmalloc.c index 77e2d27c7..6aea495ef 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.25 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.26 2006/08/01 23:22:48 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include #include -- cgit v1.2.3 From 4dec5d75daab22c31f6f67d9e83594076ae3eda7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 11:38:40 +1000 Subject: - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] clean extra spaces --- ChangeLog | 5 ++++- authfile.c | 4 ++-- channels.c | 4 ++-- progressmeter.c | 4 ++-- scard.c | 10 +++++----- servconf.c | 6 +++--- ssh.c | 4 ++-- 7 files changed, 20 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index de401547e..b955ea8a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,9 @@ [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include out of includes.h + - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 + [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] + clean extra spaces 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5121,4 +5124,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4450 2006/08/05 01:37:59 djm Exp $ +$Id: ChangeLog,v 1.4451 2006/08/05 01:38:40 djm Exp $ diff --git a/authfile.c b/authfile.c index f1d47b00b..400e60b39 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.74 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.75 2006/08/01 23:36:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -195,7 +195,7 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, return 0; } fp = fdopen(fd, "w"); - if (fp == NULL ) { + if (fp == NULL) { error("fdopen %s failed: %s.", filename, strerror(errno)); close(fd); return 0; diff --git a/channels.c b/channels.c index 80cb32461..fb4d287d6 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.263 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.264 2006/08/01 23:36:11 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1052,7 +1052,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) return 0; /* look for method: "NO AUTHENTICATION REQUIRED" */ for (found = 0, i = 2 ; i < nmethods + 2; i++) { - if (p[i] == SSH_SOCKS5_NOAUTH ) { + if (p[i] == SSH_SOCKS5_NOAUTH) { found = 1; break; } diff --git a/progressmeter.c b/progressmeter.c index cbbb34023..e8534fa2f 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.35 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.36 2006/08/01 23:36:12 stevesk Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -164,7 +164,7 @@ refresh_progress_meter(void) len = 0; if (len >= file_len + 1) len = file_len; - for (i = len; i < file_len; i++ ) + for (i = len; i < file_len; i++) buf[i] = ' '; buf[file_len] = '\0'; } diff --git a/scard.c b/scard.c index 237a4e438..e22da596f 100644 --- a/scard.c +++ b/scard.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.c,v 1.33 2006/07/25 02:01:34 stevesk Exp $ */ +/* $OpenBSD: scard.c,v 1.34 2006/08/01 23:36:12 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -127,7 +127,7 @@ sc_init(void) if (status == SCARD_ERROR_NOCARD) { return SCARD_ERROR_NOCARD; } - if (status < 0 ) { + if (status < 0) { error("sc_open failed"); return status; } @@ -217,7 +217,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, olen = len = sw = 0; if (sc_fd < 0) { status = sc_init(); - if (status < 0 ) + if (status < 0) goto err; } if (padding != RSA_PKCS1_PADDING) @@ -257,7 +257,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, len = sw = 0; if (sc_fd < 0) { status = sc_init(); - if (status < 0 ) + if (status < 0) goto err; } if (padding != RSA_PKCS1_PADDING) @@ -380,7 +380,7 @@ sc_get_keys(const char *id, const char *pin) key_free(k); return NULL; } - if (status < 0 ) { + if (status < 0) { error("sc_read_pubkey failed"); key_free(k); return NULL; diff --git a/servconf.c b/servconf.c index 4edc80efe..b1fc45c50 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.162 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.163 2006/08/01 23:36:12 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -961,7 +961,7 @@ parse_flag: case sDenyUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_deny_users >= MAX_DENY_USERS) - fatal( "%s line %d: too many deny users.", + fatal("%s line %d: too many deny users.", filename, linenum); options->deny_users[options->num_deny_users++] = xstrdup(arg); @@ -1096,7 +1096,7 @@ parse_flag: */ case sAuthorizedKeysFile: case sAuthorizedKeysFile2: - charptr = (opcode == sAuthorizedKeysFile ) ? + charptr = (opcode == sAuthorizedKeysFile) ? &options->authorized_keys_file : &options->authorized_keys_file2; goto parse_filename; diff --git a/ssh.c b/ssh.c index 8dc987214..10dd8777a 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.291 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.292 2006/08/01 23:36:12 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1229,7 +1229,7 @@ load_public_identity_files(void) if (options.smartcard_device != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && - (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { + (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) { int count = 0; for (i = 0; keys[i] != NULL; i++) { count++; -- cgit v1.2.3 From d783435315d8e604998925d5e47b663a500ed252 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 12:39:39 +1000 Subject: - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy") --- ChangeLog | 30 +++++++++++++++++++++++++++++- OVERVIEW | 3 +-- atomicio.c | 3 ++- atomicio.h | 7 +------ auth-bsdauth.c | 11 ++++++++++- auth-chall.c | 8 ++++++-- auth-krb5.c | 11 +++++++++-- auth-options.c | 12 ++++++++++-- auth-options.h | 6 +----- auth-passwd.c | 5 ++++- auth-rh-rsa.c | 8 ++++++-- auth-rhosts.c | 6 +++++- auth-rsa.c | 11 ++++++++--- auth-skey.c | 5 ++++- auth.c | 10 +++++++--- auth.h | 11 +---------- auth1.c | 8 +++++++- auth2-chall.c | 9 +++++++-- auth2-gss.c | 14 +++++++------- auth2-hostbased.c | 12 ++++++++---- auth2-kbdint.c | 9 +++++++-- auth2-none.c | 10 ++++++++-- auth2-passwd.c | 11 ++++++++++- auth2-pubkey.c | 12 ++++++++---- auth2.c | 10 +++++++--- authfd.c | 7 ++++--- authfd.h | 4 +--- authfile.c | 6 +++--- bufaux.c | 7 +++++-- bufbn.c | 7 +++++-- buffer.c | 3 ++- buffer.h | 38 +++++++++++++++++++++++++++++++++++++- canohost.c | 5 +++-- channels.c | 9 +++++---- channels.h | 4 +--- cipher-3des1.c | 4 +++- cipher-bf1.c | 4 +++- cipher-ctr.c | 6 ++++-- cipher.c | 5 ++++- cleanup.c | 5 ++++- clientloop.c | 8 ++++---- compat.c | 7 +++++-- compress.c | 6 +++++- deattack.c | 8 ++++++-- dh.c | 2 +- dispatch.c | 6 +++++- dns.c | 2 +- dns.h | 9 +-------- fatal.c | 4 +++- groupaccess.c | 5 +++-- groupaccess.h | 4 +--- gss-genr.c | 6 ++++-- gss-serv-krb5.c | 9 +++++++-- gss-serv.c | 10 +++++++--- hostfile.c | 4 ++-- includes.h | 3 --- kex.c | 12 ++++++------ kex.h | 8 +------- kexdh.c | 9 +++++++-- kexdhc.c | 7 ++++++- kexdhs.c | 9 ++++++++- kexgex.c | 8 ++++++-- kexgexc.c | 7 ++++++- kexgexs.c | 8 +++++++- key.c | 6 ++++-- key.h | 4 +--- log.c | 6 ++++-- log.h | 8 +------- loginrec.c | 4 +++- loginrec.h | 4 ---- mac.c | 7 ++++++- match.c | 6 ++++-- md-sha256.c | 4 +++- misc.c | 6 +++--- misc.h | 7 +------ moduli.c | 3 ++- monitor.c | 15 ++++++++++----- monitor_fdpass.c | 3 ++- monitor_mm.c | 7 +++++-- monitor_mm.h | 3 +-- monitor_wrap.c | 25 +++++++++++++------------ monitor_wrap.h | 10 +--------- msg.c | 6 +++++- nchan.c | 3 ++- openbsd-compat/port-aix.c | 7 +++++-- openbsd-compat/port-tun.h | 2 -- packet.c | 8 +++----- progressmeter.c | 3 ++- readconf.c | 7 +++++-- readconf.h | 4 +--- readpass.c | 2 +- rsa.c | 6 ++++-- scard.c | 8 +++++--- scard.h | 4 +--- scp.c | 3 ++- servconf.c | 8 ++++++-- servconf.h | 4 +--- serverloop.c | 8 ++++++-- session.c | 15 ++++++++------- session.h | 6 +----- sftp-client.c | 12 ++++++------ sftp-common.c | 6 +++--- sftp-common.h | 7 +------ sftp-glob.c | 4 ++-- sftp-server.c | 12 +++++++----- sftp.c | 6 ++++-- ssh-add.c | 5 +++-- ssh-agent.c | 5 ++--- ssh-dss.c | 5 +++-- ssh-gss.h | 4 +--- ssh-keygen.c | 3 +-- ssh-keyscan.c | 7 ++++--- ssh-keysign.c | 6 +++--- ssh-rsa.c | 6 ++++-- ssh.c | 7 +++---- ssh.h | 16 +--------------- sshconnect.c | 6 ++++-- sshconnect.h | 11 +---------- sshconnect1.c | 14 ++++++++++---- sshconnect2.c | 9 ++++++--- sshd.c | 18 +++++++++++------- sshlogin.c | 4 +++- sshlogin.h | 9 +-------- sshpty.c | 7 ++++--- sshpty.h | 10 +--------- sshtty.c | 4 +++- ttymodes.c | 6 ++++-- uidswap.c | 5 ++--- uidswap.h | 11 +---------- uuencode.c | 4 +--- uuencode.h | 8 +------- xmalloc.c | 3 +-- xmalloc.h | 7 +------ 133 files changed, 584 insertions(+), 412 deletions(-) diff --git a/ChangeLog b/ChangeLog index b955ea8a4..7f48d236e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,34 @@ - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] clean extra spaces + - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 + [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] + [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] + [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] + [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] + [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] + [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] + [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] + [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] + [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] + [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] + [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] + [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] + [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] + [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] + [serverloop.c session.c session.h sftp-client.c sftp-common.c] + [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] + [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] + [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] + [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] + [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] + [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] + almost entirely get rid of the culture of ".h files that include .h files" + ok djm, sort of ok stevesk + makes the pain stop in one easy step + NB. portable commit contains everything *except* removing includes.h, as + that will take a fair bit more work as we move headers that are required + for portability workarounds to defines.h. (also, this step wasn't "easy") 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5124,4 +5152,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4451 2006/08/05 01:38:40 djm Exp $ +$Id: ChangeLog,v 1.4452 2006/08/05 02:39:39 djm Exp $ diff --git a/OVERVIEW b/OVERVIEW index 64b6f75fa..2e1cc0ba3 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -162,8 +162,7 @@ these programs. - There are several other files in the distribution that contain various auxiliary routines: ssh.h the main header file for ssh (various definitions) - includes.h includes most system headers. Lots of #ifdefs. uidswap.c uid-swapping xmalloc.c "safe" malloc routines -$OpenBSD: OVERVIEW,v 1.10 2006/04/01 05:37:46 djm Exp $ +$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $ diff --git a/atomicio.c b/atomicio.c index 4ff990fd3..f651a292c 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.22 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: atomicio.c,v 1.23 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -29,6 +29,7 @@ #include "includes.h" #include +#include #include #include diff --git a/atomicio.h b/atomicio.h index 05b97ab8b..2fcd25d43 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.9 2006/07/30 20:15:19 stevesk Exp $ */ +/* $OpenBSD: atomicio.h,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. @@ -29,11 +29,6 @@ #ifndef _ATOMICIO_H #define _ATOMICIO_H -#include -#include - -#include - /* * Ensure all of data on socket comes through. f==read || f==vwrite */ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index c309e4a11..f718e5d38 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-bsdauth.c,v 1.9 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -22,12 +22,21 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" +#include + #ifdef BSD_AUTH #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "log.h" +#include "buffer.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" static void * diff --git a/auth-chall.c b/auth-chall.c index 023e7ee01..9c1079a17 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-chall.c,v 1.11 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,9 +25,13 @@ #include "includes.h" +#include + +#include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "log.h" -#include "xmalloc.h" #include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ diff --git a/auth-krb5.c b/auth-krb5.c index 676b8ab1f..868288126 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-krb5.c,v 1.18 2006/05/06 08:35:40 dtucker Exp $ */ +/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * @@ -30,13 +30,20 @@ #include "includes.h" +#include +#include +#include + +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "packet.h" -#include "xmalloc.h" #include "log.h" +#include "buffer.h" #include "servconf.h" #include "uidswap.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #ifdef KRB5 diff --git a/auth-options.c b/auth-options.c index cd904967a..ca5e1c931 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -17,17 +17,25 @@ #include #include #include +#include +#include #include "xmalloc.h" #include "match.h" #include "log.h" #include "canohost.h" +#include "buffer.h" #include "channels.h" #include "auth-options.h" #include "servconf.h" #include "misc.h" -#include "monitor_wrap.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "monitor_wrap.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; diff --git a/auth-options.h b/auth-options.h index cd2b030cd..853f8b517 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.15 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -15,10 +15,6 @@ #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H -#include - -#include - /* Linked list of custom environment strings */ struct envstring { struct envstring *next; diff --git a/auth-passwd.c b/auth-passwd.c index f8df17e6a..be6283796 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.39 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,11 +43,14 @@ #include #include #include +#include #include "packet.h" #include "buffer.h" #include "log.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "auth-options.h" diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 8fa21e12c..eca750275 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rh-rsa.c,v 1.41 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: auth-rh-rsa.c,v 1.42 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,17 +18,21 @@ #include #include +#include #include "packet.h" #include "uidswap.h" #include "log.h" +#include "buffer.h" #include "servconf.h" #include "key.h" #include "hostfile.h" #include "pathnames.h" #include "auth.h" #include "canohost.h" - +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" /* import */ diff --git a/auth-rhosts.c b/auth-rhosts.c index 8dc4ede05..cd0a7967a 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.40 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -25,13 +25,17 @@ #include #include #include +#include #include "packet.h" +#include "buffer.h" #include "uidswap.h" #include "pathnames.h" #include "log.h" #include "servconf.h" #include "canohost.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" /* import */ diff --git a/auth-rsa.c b/auth-rsa.c index f3e27e9fa..1c66b86a4 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.70 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -26,18 +26,23 @@ #include #include +#include "xmalloc.h" #include "rsa.h" #include "packet.h" -#include "xmalloc.h" #include "ssh1.h" #include "uidswap.h" #include "match.h" +#include "buffer.h" #include "auth-options.h" #include "pathnames.h" #include "log.h" #include "servconf.h" -#include "auth.h" +#include "key.h" #include "hostfile.h" +#include "auth.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "ssh.h" #include "misc.h" diff --git a/auth-skey.c b/auth-skey.c index 9c981ec83..d49e59b75 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-skey.c,v 1.23 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth-skey.c,v 1.24 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -22,10 +22,13 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" #ifdef SKEY +#include + #include #include "xmalloc.h" diff --git a/auth.c b/auth.c index 88a8e22ef..fba32eb96 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.74 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth.c,v 1.75 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -51,17 +51,21 @@ #include "match.h" #include "groupaccess.h" #include "log.h" +#include "buffer.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "auth-options.h" #include "canohost.h" -#include "buffer.h" -#include "bufaux.h" #include "uidswap.h" #include "misc.h" #include "bufaux.h" #include "packet.h" #include "loginrec.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" /* import */ diff --git a/auth.h b/auth.h index 2c7499573..26158b9dd 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.56 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -28,14 +28,8 @@ #ifndef AUTH_H #define AUTH_H -#include - -#include -#include #include -#include -#include "buffer.h" #include #ifdef HAVE_LOGIN_CAP @@ -48,9 +42,6 @@ #include #endif -#include "key.h" -#include "hostfile.h" - typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; diff --git a/auth1.c b/auth1.c index 2c5585768..34dcf6266 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.69 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -17,6 +17,7 @@ #include #include #include +#include #include "xmalloc.h" #include "rsa.h" @@ -26,10 +27,15 @@ #include "log.h" #include "servconf.h" #include "compat.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "channels.h" #include "session.h" #include "uidswap.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "buffer.h" diff --git a/auth2-chall.c b/auth2-chall.c index 89b261e61..8358140b9 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.29 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.30 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -23,16 +23,21 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" +#include + #include #include +#include "xmalloc.h" #include "ssh2.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "buffer.h" #include "packet.h" -#include "xmalloc.h" #include "dispatch.h" #include "log.h" #include "servconf.h" diff --git a/auth2-gss.c b/auth2-gss.c index 03210673b..67144e495 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.14 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -26,18 +26,20 @@ #include "includes.h" -#ifdef GSSAPI +#include +#include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "ssh2.h" -#include "xmalloc.h" #include "log.h" #include "dispatch.h" +#include "buffer.h" #include "servconf.h" #include "packet.h" -#include "monitor_wrap.h" - #include "ssh-gss.h" +#include "monitor_wrap.h" extern ServerOptions options; @@ -291,5 +293,3 @@ Authmethod method_gssapi = { userauth_gssapi, &options.gss_authentication }; - -#endif /* GSSAPI */ diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 5cb617e1c..663dec5d9 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.10 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -29,18 +29,22 @@ #include #include +#include -#include "ssh2.h" #include "xmalloc.h" +#include "ssh2.h" #include "packet.h" #include "buffer.h" #include "log.h" #include "servconf.h" #include "compat.h" -#include "bufaux.h" -#include "auth.h" #include "key.h" +#include "hostfile.h" +#include "auth.h" #include "canohost.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "pathnames.h" diff --git a/auth2-kbdint.c b/auth2-kbdint.c index 796714eec..901596484 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.4 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,11 +25,16 @@ #include "includes.h" +#include + +#include "xmalloc.h" #include "packet.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "log.h" +#include "buffer.h" #include "servconf.h" -#include "xmalloc.h" /* import */ extern ServerOptions options; diff --git a/auth2-none.c b/auth2-none.c index d6738175f..1e4afa0e7 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.11 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,14 +30,20 @@ #include -#include "auth.h" #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "auth.h" #include "packet.h" #include "log.h" +#include "buffer.h" #include "servconf.h" #include "atomicio.h" #include "compat.h" #include "ssh2.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" /* import */ diff --git a/auth2-passwd.c b/auth2-passwd.c index a1b65da50..421c5c25d 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.8 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,12 +25,21 @@ #include "includes.h" +#include + #include +#include #include "xmalloc.h" #include "packet.h" #include "log.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" +#include "buffer.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "servconf.h" diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 41763f763..9863cd9e6 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.14 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -30,22 +30,26 @@ #include #include +#include +#include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -#include "xmalloc.h" #include "packet.h" #include "buffer.h" #include "log.h" #include "servconf.h" #include "compat.h" -#include "bufaux.h" -#include "auth.h" #include "key.h" +#include "hostfile.h" +#include "auth.h" #include "pathnames.h" #include "uidswap.h" #include "auth-options.h" #include "canohost.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "misc.h" diff --git a/auth2.c b/auth2.c index 83d5224c9..2d880b57c 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.112 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,23 +28,27 @@ #include #include +#include #include -#include "ssh2.h" #include "xmalloc.h" +#include "ssh2.h" #include "packet.h" #include "log.h" +#include "buffer.h" #include "servconf.h" #include "compat.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "dispatch.h" #include "pathnames.h" -#include "monitor_wrap.h" #include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" #endif +#include "monitor_wrap.h" /* import */ extern ServerOptions options; diff --git a/authfd.c b/authfd.c index f8ee8051d..5c910df13 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.79 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: authfd.c,v 1.80 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,16 +43,17 @@ #include +#include #include #include +#include #include #include +#include "xmalloc.h" #include "ssh.h" #include "rsa.h" #include "buffer.h" -#include "bufaux.h" -#include "xmalloc.h" #include "key.h" #include "authfd.h" #include "cipher.h" diff --git a/authfd.h b/authfd.h index 8ad8f2e71..3da256112 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.35 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,8 +16,6 @@ #ifndef AUTHFD_H #define AUTHFD_H -#include "buffer.h" - /* Messages for the authentication agent connection. */ #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 #define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 diff --git a/authfile.c b/authfile.c index 400e60b39..675085646 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.75 2006/08/01 23:36:11 stevesk Exp $ */ +/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -53,10 +54,9 @@ #include #include -#include "cipher.h" #include "xmalloc.h" +#include "cipher.h" #include "buffer.h" -#include "bufaux.h" #include "key.h" #include "ssh.h" #include "log.h" diff --git a/bufaux.c b/bufaux.c index a384cc685..cbdc22c64 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.43 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: bufaux.c,v 1.44 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,12 +39,15 @@ #include "includes.h" +#include + #include #include +#include -#include "bufaux.h" #include "xmalloc.h" +#include "buffer.h" #include "log.h" #include "misc.h" diff --git a/bufbn.c b/bufbn.c index aa42ea62b..6cf65d372 100644 --- a/bufbn.c +++ b/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.2 2006/07/22 20:48:22 stevesk Exp $*/ +/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,12 +39,15 @@ #include "includes.h" +#include + #include #include +#include -#include "bufaux.h" #include "xmalloc.h" +#include "buffer.h" #include "log.h" #include "misc.h" diff --git a/buffer.c b/buffer.c index 25868b94d..e02e1e35c 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.30 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: buffer.c,v 1.31 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -18,6 +18,7 @@ #include #include +#include #include "xmalloc.h" #include "buffer.h" diff --git a/buffer.h b/buffer.h index 43414ae99..ecc4aea83 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.15 2006/04/16 00:48:52 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -46,4 +46,40 @@ int buffer_get_ret(Buffer *, void *, u_int); int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); +#include + +void buffer_put_bignum(Buffer *, const BIGNUM *); +void buffer_put_bignum2(Buffer *, const BIGNUM *); +void buffer_get_bignum(Buffer *, BIGNUM *); +void buffer_get_bignum2(Buffer *, BIGNUM *); + +u_short buffer_get_short(Buffer *); +void buffer_put_short(Buffer *, u_short); + +u_int buffer_get_int(Buffer *); +void buffer_put_int(Buffer *, u_int); + +u_int64_t buffer_get_int64(Buffer *); +void buffer_put_int64(Buffer *, u_int64_t); + +int buffer_get_char(Buffer *); +void buffer_put_char(Buffer *, int); + +void *buffer_get_string(Buffer *, u_int *); +void buffer_put_string(Buffer *, const void *, u_int); +void buffer_put_cstring(Buffer *, const char *); + +#define buffer_skip_string(b) \ + do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0) + +int buffer_put_bignum_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum_ret(Buffer *, BIGNUM *); +int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum2_ret(Buffer *, BIGNUM *); +int buffer_get_short_ret(u_short *, Buffer *); +int buffer_get_int_ret(u_int *, Buffer *); +int buffer_get_int64_ret(u_int64_t *, Buffer *); +void *buffer_get_string_ret(Buffer *, u_int *); +int buffer_get_char_ret(char *, Buffer *); + #endif /* BUFFER_H */ diff --git a/canohost.c b/canohost.c index c236617d7..dd3972e8d 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.60 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: canohost.c,v 1.61 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -25,9 +25,10 @@ #include #include #include +#include -#include "packet.h" #include "xmalloc.h" +#include "packet.h" #include "log.h" #include "canohost.h" diff --git a/channels.c b/channels.c index fb4d287d6..dfa1e591b 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.264 2006/08/01 23:36:11 stevesk Exp $ */ +/* $OpenBSD: channels.c,v 1.265 2006/08/03 03:34:41 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,8 +41,8 @@ #include "includes.h" -#include #include +#include #include #include #ifdef HAVE_SYS_TIME_H @@ -59,21 +59,22 @@ #include #include #include +#include +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "packet.h" -#include "xmalloc.h" #include "log.h" #include "misc.h" +#include "buffer.h" #include "channels.h" #include "compat.h" #include "canohost.h" #include "key.h" #include "authfd.h" #include "pathnames.h" -#include "bufaux.h" /* -- channel core */ diff --git a/channels.h b/channels.h index ed719f724..2674f096e 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.87 2006/07/21 12:43:36 dtucker Exp $ */ +/* $OpenBSD: channels.h,v 1.88 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -38,8 +38,6 @@ #ifndef CHANNEL_H #define CHANNEL_H -#include "buffer.h" - /* Definitions for channel types. */ #define SSH_CHANNEL_X11_LISTENER 1 /* Listening for inet X11 conn. */ #define SSH_CHANNEL_PORT_LISTENER 2 /* Listening on a port. */ diff --git a/cipher-3des1.c b/cipher-3des1.c index 2e8735d54..61798bfde 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.5 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.6 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include diff --git a/cipher-bf1.c b/cipher-bf1.c index 95b4e5e93..eb4c04777 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-bf1.c,v 1.4 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: cipher-bf1.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include diff --git a/cipher-ctr.c b/cipher-ctr.c index 105d0bd5b..9733b7d56 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-ctr.c,v 1.9 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl * @@ -16,12 +16,14 @@ */ #include "includes.h" +#include + #include #include -#include "log.h" #include "xmalloc.h" +#include "log.h" /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" diff --git a/cipher.c b/cipher.c index 20fa59c6a..b264063c4 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.80 2006/07/22 20:48:22 stevesk Exp $ */ +/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,9 +37,12 @@ #include "includes.h" +#include + #include #include +#include #include "xmalloc.h" #include "log.h" diff --git a/cleanup.c b/cleanup.c index 0d9f2a6d2..c41ef1c6a 100644 --- a/cleanup.c +++ b/cleanup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cleanup.c,v 1.4 2006/07/17 01:31:09 stevesk Exp $ */ +/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl * @@ -17,7 +17,10 @@ #include "config.h" +#include + #include +#include #include "log.h" diff --git a/clientloop.c b/clientloop.c index f9ffa2bb7..132d75a44 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.174 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -82,20 +82,20 @@ #include #include #include +#include #include +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" -#include "xmalloc.h" #include "packet.h" #include "buffer.h" #include "compat.h" #include "channels.h" #include "dispatch.h" -#include "buffer.h" -#include "bufaux.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "log.h" #include "readconf.h" diff --git a/compat.c b/compat.c index e1a8b2bfd..da67f9410 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.75 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -25,12 +25,15 @@ #include "includes.h" +#include + #include #include +#include +#include "xmalloc.h" #include "buffer.h" #include "packet.h" -#include "xmalloc.h" #include "compat.h" #include "log.h" #include "match.h" diff --git a/compress.c b/compress.c index 8aba84efa..f5d30b8a6 100644 --- a/compress.c +++ b/compress.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compress.c,v 1.23 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: compress.c,v 1.24 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,6 +14,10 @@ #include "includes.h" +#include + +#include + #include "log.h" #include "buffer.h" #include "zlib.h" diff --git a/deattack.c b/deattack.c index 57a747da5..b4fed7f85 100644 --- a/deattack.c +++ b/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.28 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: deattack.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ /* * Cryptographic attack detector for ssh - source code * @@ -20,12 +20,16 @@ #include "includes.h" +#include + #include +#include +#include +#include "xmalloc.h" #include "deattack.h" #include "log.h" #include "crc32.h" -#include "xmalloc.h" #include "misc.h" /* SSH Constants */ diff --git a/dh.c b/dh.c index 4ca949138..925eedddf 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.41 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * diff --git a/dispatch.c b/dispatch.c index c1d98a78e..d6b63be4b 100644 --- a/dispatch.c +++ b/dispatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.20 2006/07/23 01:11:05 stevesk Exp $ */ +/* $OpenBSD: dispatch.c,v 1.21 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -22,9 +22,13 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" +#include + #include +#include #include "ssh1.h" #include "ssh2.h" diff --git a/dns.c b/dns.c index 008fc596f..229210835 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.22 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. diff --git a/dns.h b/dns.h index 8f9601824..b2633a1fe 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.9 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: dns.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -25,13 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "includes.h" - -#include -#include - -#include - #ifndef DNS_H #define DNS_H diff --git a/fatal.c b/fatal.c index 1f2cd0bc8..5e5aa3fe1 100644 --- a/fatal.c +++ b/fatal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fatal.c,v 1.6 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include "log.h" diff --git a/groupaccess.c b/groupaccess.c index 3431691b9..e73f62b22 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.11 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -30,9 +30,10 @@ #include #include +#include -#include "groupaccess.h" #include "xmalloc.h" +#include "groupaccess.h" #include "match.h" #include "log.h" diff --git a/groupaccess.h b/groupaccess.h index b0baccfbf..04b449894 100644 --- a/groupaccess.h +++ b/groupaccess.h @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.h,v 1.6 2006/07/02 22:45:59 stevesk Exp $ */ +/* $OpenBSD: groupaccess.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. @@ -27,8 +27,6 @@ #ifndef GROUPACCESS_H #define GROUPACCESS_H -#include - int ga_init(const char *, gid_t); int ga_match(char * const *, int); void ga_free(void); diff --git a/gss-genr.c b/gss-genr.c index 93dbeeebb..da39479e1 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.12 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,13 +28,15 @@ #ifdef GSSAPI +#include #include +#include #include #include #include "xmalloc.h" -#include "bufaux.h" +#include "buffer.h" #include "log.h" #include "ssh2.h" diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 7b78cfe0a..006bedad9 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.6 2006/07/02 18:36:47 stevesk Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,13 +29,18 @@ #ifdef GSSAPI #ifdef KRB5 +#include + #include -#include "auth.h" #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "auth.h" #include "log.h" #include "servconf.h" +#include "buffer.h" #include "ssh-gss.h" extern ServerOptions options; diff --git a/gss-serv.c b/gss-serv.c index b5c5538fe..296f63a89 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.19 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -28,15 +28,19 @@ #ifdef GSSAPI +#include + #include #include -#include "bufaux.h" +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "log.h" #include "channels.h" #include "session.h" -#include "xmalloc.h" #include "misc.h" #include "ssh-gss.h" diff --git a/hostfile.c b/hostfile.c index 7ac69e776..08ba44264 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.44 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: hostfile.c,v 1.45 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,11 +50,11 @@ #include #include +#include "xmalloc.h" #include "match.h" #include "key.h" #include "hostfile.h" #include "log.h" -#include "xmalloc.h" static int extract_salt(const char *s, u_int l, char *salt, size_t salt_len) diff --git a/includes.h b/includes.h index 9b6a63fb3..8e600567d 100644 --- a/includes.h +++ b/includes.h @@ -25,9 +25,6 @@ #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ #endif -#ifdef HAVE_GETOPT_H -# include -#endif #ifdef HAVE_BSTRING_H # include #endif diff --git a/kex.c b/kex.c index 3525307c3..0c36519a1 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.75 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -27,21 +27,21 @@ #include -#include - +#include #include #include #include -#include "ssh2.h" +#include + #include "xmalloc.h" +#include "ssh2.h" #include "buffer.h" -#include "bufaux.h" #include "packet.h" #include "compat.h" #include "cipher.h" -#include "kex.h" #include "key.h" +#include "kex.h" #include "log.h" #include "mac.h" #include "match.h" diff --git a/kex.h b/kex.h index a48c5c885..b1b20f500 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.43 2006/07/23 01:11:05 stevesk Exp $ */ +/* $OpenBSD: kex.h,v 1.44 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,12 +29,6 @@ #include #include -#include - -#include "buffer.h" -#include "cipher.h" -#include "key.h" - #define KEX_DH1 "diffie-hellman-group1-sha1" #define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" diff --git a/kexdh.c b/kexdh.c index 2d13127b8..56e22f5bc 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.22 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,11 +25,16 @@ #include "includes.h" +#include + +#include + #include #include "buffer.h" -#include "bufaux.h" #include "ssh2.h" +#include "key.h" +#include "cipher.h" #include "kex.h" void diff --git a/kexdhc.c b/kexdhc.c index 9d123e748..bf875ae07 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.8 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,11 +25,16 @@ #include "includes.h" +#include + #include #include +#include #include "xmalloc.h" +#include "buffer.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "log.h" #include "packet.h" diff --git a/kexdhs.c b/kexdhs.c index c64cd77cb..7d2c21eed 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.6 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,15 +25,22 @@ #include "includes.h" +#include #include +#include #include "xmalloc.h" +#include "buffer.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "log.h" #include "packet.h" #include "dh.h" #include "ssh2.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" void diff --git a/kexgex.c b/kexgex.c index 5ab6745a3..b60ab5c53 100644 --- a/kexgex.c +++ b/kexgex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgex.c,v 1.26 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,10 +26,14 @@ #include "includes.h" +#include + #include +#include #include "buffer.h" -#include "bufaux.h" +#include "key.h" +#include "cipher.h" #include "kex.h" #include "ssh2.h" diff --git a/kexgexc.c b/kexgexc.c index 9c618ec6c..fc48880d4 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.8 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,11 +26,16 @@ #include "includes.h" +#include + #include #include +#include #include "xmalloc.h" +#include "buffer.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "log.h" #include "packet.h" diff --git a/kexgexs.c b/kexgexs.c index 0b01ed800..7599f2af4 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.7 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -30,15 +30,21 @@ #include #include +#include #include "xmalloc.h" +#include "buffer.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "log.h" #include "packet.h" #include "dh.h" #include "ssh2.h" #include "compat.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" void diff --git a/key.c b/key.c index 745c474f9..40aab20ea 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.66 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -32,8 +32,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" +#include + #include #include @@ -44,7 +47,6 @@ #include "rsa.h" #include "uuencode.h" #include "buffer.h" -#include "bufaux.h" #include "log.h" Key * diff --git a/key.h b/key.h index 57af279b8..6873dd793 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.25 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,8 +29,6 @@ #include #include -#include - typedef struct Key Key; enum types { KEY_RSA1, diff --git a/log.c b/log.c index 871bc2c42..6eac73743 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.37 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: log.c,v 1.38 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,6 +36,8 @@ #include "includes.h" +#include + #include #include #include @@ -46,8 +48,8 @@ # include #endif -#include "log.h" #include "xmalloc.h" +#include "log.h" static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; diff --git a/log.h b/log.h index 15ebc93b5..a8e788a2d 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.13 2006/07/10 16:37:36 stevesk Exp $ */ +/* $OpenBSD: log.h,v 1.14 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -15,12 +15,6 @@ #ifndef SSH_LOG_H #define SSH_LOG_H -#include "includes.h" - -#include - -#include /* Needed for LOG_AUTHPRIV (if present) */ - /* Supported syslog facilities and levels. */ typedef enum { SYSLOG_FACILITY_DAEMON, diff --git a/loginrec.c b/loginrec.c index 955d42e8f..7850312b6 100644 --- a/loginrec.c +++ b/loginrec.c @@ -159,8 +159,10 @@ #include #include -#include "ssh.h" #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "ssh.h" #include "loginrec.h" #include "log.h" #include "atomicio.h" diff --git a/loginrec.h b/loginrec.h index 4fe24ac2a..859e1a630 100644 --- a/loginrec.h +++ b/loginrec.h @@ -31,10 +31,6 @@ #include "includes.h" -#include -#include -#include - /** ** you should use the login_* calls to work around platform dependencies **/ diff --git a/mac.c b/mac.c index a59e7edf1..edf9b69bd 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,13 +25,18 @@ #include "includes.h" +#include + #include #include +#include #include "xmalloc.h" #include "log.h" #include "cipher.h" +#include "buffer.h" +#include "key.h" #include "kex.h" #include "mac.h" #include "misc.h" diff --git a/match.c b/match.c index 8f12ef539..e3c993073 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: match.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,11 +37,13 @@ #include "includes.h" +#include + #include #include -#include "match.h" #include "xmalloc.h" +#include "match.h" /* * Returns true if the given string matches the pattern (which may contain ? diff --git a/md-sha256.c b/md-sha256.c index 063a1014f..8c1b3b92d 100644 --- a/md-sha256.c +++ b/md-sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md-sha256.c,v 1.4 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2005 Damien Miller * @@ -18,6 +18,8 @@ /* EVP wrapper for SHA256 */ #include "includes.h" + +#include #include #if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) diff --git a/misc.c b/misc.c index ef2014f61..78bca2fae 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.63 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -26,8 +26,8 @@ #include "includes.h" -#include #include +#include #include #include @@ -50,9 +50,9 @@ #include #endif +#include "xmalloc.h" #include "misc.h" #include "log.h" -#include "xmalloc.h" #include "ssh.h" /* remove newline at end of string */ diff --git a/misc.h b/misc.h index 1dded7215..072470bad 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.34 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -15,11 +15,6 @@ #ifndef _MISC_H #define _MISC_H -#include - -#include -#include - /* misc.c */ char *chop(char *); diff --git a/moduli.c b/moduli.c index a164b4f5d..e18929bad 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.17 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -46,6 +46,7 @@ #include #include #include +#include #include #include "xmalloc.h" diff --git a/monitor.c b/monitor.c index 325179854..595aae1a8 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.84 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.85 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -30,6 +30,7 @@ #include #include #include +#include "openbsd-compat/sys-tree.h" #include #include @@ -48,8 +49,13 @@ #include +#include "xmalloc.h" #include "ssh.h" +#include "key.h" +#include "buffer.h" +#include "hostfile.h" #include "auth.h" +#include "cipher.h" #include "kex.h" #include "dh.h" #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ @@ -70,17 +76,16 @@ #include "servconf.h" #include "monitor.h" #include "monitor_mm.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "monitor_fdpass.h" -#include "xmalloc.h" #include "misc.h" -#include "buffer.h" -#include "bufaux.h" #include "compat.h" #include "ssh2.h" #ifdef GSSAPI -#include "ssh-gss.h" static Gssctxt *gsscontext = NULL; #endif diff --git a/monitor_fdpass.c b/monitor_fdpass.c index d3e65cbaa..c5fc4c397 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.11 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -32,6 +32,7 @@ #include #include +#include #include "log.h" #include "monitor_fdpass.h" diff --git a/monitor_mm.c b/monitor_mm.c index 89a8c9b49..dab747532 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.c,v 1.14 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -26,16 +26,19 @@ #include "includes.h" +#include #ifdef HAVE_SYS_MMAN_H #include #endif #include +#include "openbsd-compat/sys-tree.h" #include +#include #include -#include "ssh.h" #include "xmalloc.h" +#include "ssh.h" #include "log.h" #include "monitor_mm.h" diff --git a/monitor_mm.h b/monitor_mm.h index 3499c7521..36a07a06d 100644 --- a/monitor_mm.h +++ b/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,7 +27,6 @@ #ifndef _MM_H_ #define _MM_H_ -#include "openbsd-compat/sys-tree.h" struct mm_share { RB_ENTRY(mm_share) next; diff --git a/monitor_wrap.c b/monitor_wrap.c index 27e2fc7c3..52ea17592 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.49 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.50 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -29,21 +29,25 @@ #include -#include -#include - #include #include +#include #include #include +#include +#include + +#include "xmalloc.h" #include "ssh.h" #include "dh.h" +#include "buffer.h" +#include "key.h" +#include "cipher.h" #include "kex.h" +#include "hostfile.h" #include "auth.h" #include "auth-options.h" -#include "buffer.h" -#include "bufaux.h" #include "packet.h" #include "mac.h" #include "log.h" @@ -55,21 +59,18 @@ #include "zlib.h" #endif #include "monitor.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" -#include "xmalloc.h" #include "atomicio.h" #include "monitor_fdpass.h" #include "misc.h" #include "servconf.h" -#include "auth.h" #include "channels.h" #include "session.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif - /* Imports */ extern int compat20; extern Newkeys *newkeys[]; diff --git a/monitor_wrap.h b/monitor_wrap.h index fd5cccd08..329189c2a 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.19 2006/07/14 01:15:28 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 2002 Niels Provos @@ -28,13 +28,6 @@ #ifndef _MM_WRAP_H_ #define _MM_WRAP_H_ -#include - -#include - -#include "key.h" -#include "buffer.h" - extern int use_privsep; #define PRIVSEP(x) (use_privsep ? mm_##x : x) @@ -61,7 +54,6 @@ int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); BIGNUM *mm_auth_rsa_generate_challenge(Key *); #ifdef GSSAPI -#include "ssh-gss.h" OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); diff --git a/msg.c b/msg.c index 322472668..cd5f98c4f 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.14 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: msg.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -22,13 +22,17 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" #include +#include #include +#include #include #include +#include #include "buffer.h" #include "log.h" diff --git a/nchan.c b/nchan.c index 78908c3c6..ad461f4af 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.56 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include "ssh1.h" #include "ssh2.h" diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 2d56e7e4a..a7ced57e9 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -25,11 +25,14 @@ * */ #include "includes.h" + +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "ssh.h" #include "log.h" -#include "xmalloc.h" -#include "buffer.h" #ifdef _AIX diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h index 86d9272b4..9f7a98614 100644 --- a/openbsd-compat/port-tun.h +++ b/openbsd-compat/port-tun.h @@ -17,8 +17,6 @@ #ifndef _PORT_TUN_H #define _PORT_TUN_H -#include "channels.h" - #if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) # define CUSTOM_SYS_TUN_OPEN int sys_tun_open(int, int); diff --git a/packet.c b/packet.c index acf72f77e..f2e03f800 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.141 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: packet.c,v 1.142 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -57,22 +57,20 @@ #include #include #include +#include #include "xmalloc.h" #include "buffer.h" #include "packet.h" -#include "bufaux.h" #include "crc32.h" - #include "compress.h" #include "deattack.h" #include "channels.h" - #include "compat.h" #include "ssh1.h" #include "ssh2.h" - #include "cipher.h" +#include "key.h" #include "kex.h" #include "mac.h" #include "log.h" diff --git a/progressmeter.c b/progressmeter.c index e8534fa2f..0f95222d2 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.36 2006/08/01 23:36:12 stevesk Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -27,6 +27,7 @@ #include #include +#include #include #include diff --git a/readconf.c b/readconf.c index 9975c9d32..c57ea0c82 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.158 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,19 +23,22 @@ #include #include #include +#include #include #include #include -#include "ssh.h" #include "xmalloc.h" +#include "ssh.h" #include "compat.h" #include "cipher.h" #include "pathnames.h" #include "log.h" +#include "key.h" #include "readconf.h" #include "match.h" #include "misc.h" +#include "buffer.h" #include "kex.h" #include "mac.h" diff --git a/readconf.h b/readconf.h index e99b1ff25..d484f258e 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.70 2006/07/11 18:50:48 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.71 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,8 +16,6 @@ #ifndef READCONF_H #define READCONF_H -#include "key.h" - /* Data structure for representing a forwarding request. */ typedef struct { diff --git a/readpass.c b/readpass.c index 8af5d444d..bd144c2e3 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.46 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: readpass.c,v 1.47 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * diff --git a/rsa.c b/rsa.c index c656291ed..875b486c4 100644 --- a/rsa.c +++ b/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.27 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,11 +62,13 @@ #include "includes.h" +#include + #include +#include "xmalloc.h" #include "rsa.h" #include "log.h" -#include "xmalloc.h" void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) diff --git a/scard.c b/scard.c index e22da596f..a2d28cba1 100644 --- a/scard.c +++ b/scard.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.c,v 1.34 2006/08/01 23:36:12 stevesk Exp $ */ +/* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -26,14 +26,16 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -#include +#include #include #include +#include + +#include "xmalloc.h" #include "key.h" #include "log.h" -#include "xmalloc.h" #include "misc.h" #include "scard.h" diff --git a/scard.h b/scard.h index 146182261..82efe4839 100644 --- a/scard.h +++ b/scard.h @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: scard.h,v 1.14 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -27,8 +27,6 @@ #ifndef SCARD_H #define SCARD_H -#include "key.h" - #define SCARD_ERROR_FAIL -1 #define SCARD_ERROR_NOCARD -2 #define SCARD_ERROR_APPLET -3 diff --git a/scp.c b/scp.c index 8d9de0135..56a3e79ff 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.154 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -82,6 +82,7 @@ # include #endif #include +#include #include #include diff --git a/servconf.c b/servconf.c index b1fc45c50..5884b95be 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.163 2006/08/01 23:36:12 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.164 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -19,16 +19,20 @@ #include #include #include +#include #include +#include +#include "xmalloc.h" #include "ssh.h" #include "log.h" +#include "buffer.h" #include "servconf.h" -#include "xmalloc.h" #include "compat.h" #include "pathnames.h" #include "misc.h" #include "cipher.h" +#include "key.h" #include "kex.h" #include "mac.h" #include "match.h" diff --git a/servconf.h b/servconf.h index 0add6518d..2593b1cd1 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.77 2006/07/21 12:43:36 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,8 +16,6 @@ #ifndef SERVCONF_H #define SERVCONF_H -#include "buffer.h" - #define MAX_PORTS 256 /* Max # ports. */ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ diff --git a/serverloop.c b/serverloop.c index 77c4a5a27..6e5fdc2d8 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.143 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: serverloop.c,v 1.144 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -54,6 +54,7 @@ #include #include #include +#include #include "xmalloc.h" #include "packet.h" @@ -66,13 +67,16 @@ #include "compat.h" #include "ssh1.h" #include "ssh2.h" +#include "key.h" +#include "cipher.h" +#include "kex.h" +#include "hostfile.h" #include "auth.h" #include "session.h" #include "dispatch.h" #include "auth-options.h" #include "serverloop.h" #include "misc.h" -#include "kex.h" extern ServerOptions options; diff --git a/session.c b/session.c index a6d5ad257..1d63f9f50 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.215 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.216 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -58,10 +58,10 @@ #include #include +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" -#include "xmalloc.h" #include "sshpty.h" #include "packet.h" #include "buffer.h" @@ -69,7 +69,12 @@ #include "uidswap.h" #include "compat.h" #include "channels.h" -#include "bufaux.h" +#include "key.h" +#include "cipher.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "hostfile.h" #include "auth.h" #include "auth-options.h" #include "pathnames.h" @@ -86,10 +91,6 @@ #include #endif -#ifdef GSSAPI -#include "ssh-gss.h" -#endif - /* func */ Session *session_new(void); diff --git a/session.h b/session.h index c3a12821f..ee9338e4f 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.28 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: session.h,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -26,10 +26,6 @@ #ifndef SESSION_H #define SESSION_H -#include - -#include - #define TTYSZ 64 typedef struct Session Session; struct Session { diff --git a/sftp-client.c b/sftp-client.c index b7b126d21..e31b2cfaf 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.73 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.74 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -24,25 +24,25 @@ #include #include +#include "openbsd-compat/sys-queue.h" #ifdef HAVE_SYS_STAT_H # include #endif #ifdef HAVE_SYS_TIME_H # include #endif +#include #include #include #include +#include #include #include #include -#include "openbsd-compat/sys-queue.h" - -#include "buffer.h" -#include "bufaux.h" #include "xmalloc.h" +#include "buffer.h" #include "log.h" #include "atomicio.h" #include "progressmeter.h" @@ -82,7 +82,7 @@ send_msg(int fd, Buffer *m) iov[0].iov_len = sizeof(mlen); iov[1].iov_base = buffer_ptr(m); iov[1].iov_len = buffer_len(m); - + if (atomiciov(writev, fd, iov, 2) != buffer_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); diff --git a/sftp-common.c b/sftp-common.c index 3faed373e..7ebadcc53 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.19 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -35,11 +35,11 @@ #include #include #include +#include +#include "xmalloc.h" #include "buffer.h" -#include "bufaux.h" #include "log.h" -#include "xmalloc.h" #include "sftp.h" #include "sftp-common.h" diff --git a/sftp-common.h b/sftp-common.h index 9a64dc522..9b5848462 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.9 2006/07/10 16:01:57 stevesk Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,11 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include -#include - -#include "buffer.h" - /* Maximum packet that we are willing to send/accept */ #define SFTP_MAX_MSG_LENGTH (256 * 1024) diff --git a/sftp-glob.c b/sftp-glob.c index f8549ea76..cdc270827 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.21 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -26,8 +26,8 @@ #include #include "xmalloc.h" - #include "sftp.h" +#include "buffer.h" #include "sftp-common.h" #include "sftp-client.h" diff --git a/sftp-server.c b/sftp-server.c index c0839782d..c57958b0f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.69 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.70 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -14,6 +14,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" #include @@ -30,13 +31,14 @@ #include #include #include +#include #include #include +#include +#include "xmalloc.h" #include "buffer.h" -#include "bufaux.h" #include "log.h" -#include "xmalloc.h" #include "misc.h" #include "uidswap.h" @@ -135,7 +137,7 @@ string_from_portable(int pflags) #define PAPPEND(str) { \ if (*ret != '\0') \ strlcat(ret, ",", sizeof(ret)); \ - strlcat(ret, str, sizeof(ret)); \ + strlcat(ret, str, sizeof(ret)); \ } if (pflags & SSH2_FXF_READ) @@ -1225,7 +1227,7 @@ main(int argc, char **argv) case 'c': /* * Ignore all arguments if we are invoked as a - * shell using "sftp-server -c command" + * shell using "sftp-server -c command" */ skipargs = 1; break; diff --git a/sftp.c b/sftp.c index 82ef58019..cf3dea048 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.90 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.91 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -18,10 +18,10 @@ #include "includes.h" #include +#include #ifdef HAVE_SYS_STAT_H # include #endif -#include #include #include #include @@ -41,6 +41,7 @@ typedef void EditLine; #include #include #include +#include #include "xmalloc.h" #include "log.h" @@ -48,6 +49,7 @@ typedef void EditLine; #include "misc.h" #include "sftp.h" +#include "buffer.h" #include "sftp-common.h" #include "sftp-client.h" diff --git a/ssh-add.c b/ssh-add.c index a8d98fd1f..518f47066 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.88 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,11 +50,12 @@ #include #include +#include "xmalloc.h" #include "ssh.h" #include "rsa.h" #include "log.h" -#include "xmalloc.h" #include "key.h" +#include "buffer.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" diff --git a/ssh-agent.c b/ssh-agent.c index 54c2b9c47..e43faae42 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.150 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.151 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -64,11 +64,10 @@ #include #include +#include "xmalloc.h" #include "ssh.h" #include "rsa.h" #include "buffer.h" -#include "bufaux.h" -#include "xmalloc.h" #include "key.h" #include "authfd.h" #include "compat.h" diff --git a/ssh-dss.c b/ssh-dss.c index a8d45a2b4..448f704f6 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.22 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include "includes.h" +#include + #include #include @@ -32,7 +34,6 @@ #include "xmalloc.h" #include "buffer.h" -#include "bufaux.h" #include "compat.h" #include "log.h" #include "key.h" diff --git a/ssh-gss.h b/ssh-gss.h index d3fd79bf2..0837c9b76 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -28,8 +28,6 @@ #ifdef GSSAPI -#include "buffer.h" - #ifdef HAVE_GSSAPI_H #include #elif defined(HAVE_GSSAPI_GSSAPI_H) diff --git a/ssh-keygen.c b/ssh-keygen.c index d8b793e81..c607e257e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.153 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -40,7 +40,6 @@ #include "authfile.h" #include "uuencode.h" #include "buffer.h" -#include "bufaux.h" #include "pathnames.h" #include "log.h" #include "misc.h" diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 701540841..64d4d0870 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.72 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.73 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -23,20 +23,21 @@ #include #include #include +#include #include #include #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" +#include "buffer.h" #include "key.h" +#include "cipher.h" #include "kex.h" #include "compat.h" #include "myproposal.h" #include "packet.h" #include "dispatch.h" -#include "buffer.h" -#include "bufaux.h" #include "log.h" #include "atomicio.h" #include "misc.h" diff --git a/ssh-keysign.c b/ssh-keysign.c index 89fdbda36..1ddb2a058 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.28 2006/07/26 13:57:17 stevesk Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -22,6 +22,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" #include @@ -37,14 +38,13 @@ #include #include +#include "xmalloc.h" #include "log.h" #include "key.h" #include "ssh.h" #include "ssh2.h" #include "misc.h" -#include "xmalloc.h" #include "buffer.h" -#include "bufaux.h" #include "authfile.h" #include "msg.h" #include "canohost.h" diff --git a/ssh-rsa.c b/ssh-rsa.c index 236f77aac..28444c1f9 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.38 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.39 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -14,8 +14,11 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" +#include + #include #include @@ -24,7 +27,6 @@ #include "xmalloc.h" #include "log.h" #include "buffer.h" -#include "bufaux.h" #include "key.h" #include "compat.h" #include "ssh.h" diff --git a/ssh.c b/ssh.c index 10dd8777a..07a4ca3c8 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.292 2006/08/01 23:36:12 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.293 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,15 +69,14 @@ #include #include +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "compat.h" #include "cipher.h" -#include "xmalloc.h" #include "packet.h" #include "buffer.h" -#include "bufaux.h" #include "channels.h" #include "key.h" #include "authfd.h" @@ -1256,7 +1255,7 @@ load_public_identity_files(void) cp = tilde_expand_filename(options.identity_files[i], original_real_uid); filename = percent_expand(cp, "d", pw->pw_dir, - "u", pw->pw_name, "l", thishost, "h", host, + "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); xfree(cp); public = key_load_public(filename, NULL); diff --git a/ssh.h b/ssh.h index ed5fb9aaa..186cfff96 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.77 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -12,18 +12,6 @@ * called by a name other than "ssh" or "Secure Shell". */ -#ifndef SSH_H -#define SSH_H - -#include /* For struct sockaddr_in */ -#include /* For struct pw */ -#include /* For va_list */ -#include /* For LOG_AUTH and friends */ -#include /* For struct sockaddr_storage */ -#ifdef HAVE_SYS_SELECT_H -# include -#endif - /* Cipher used for encrypting authentication files. */ #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES @@ -112,5 +100,3 @@ /* Listen backlog for sshd, ssh-agent and forwarding sockets */ #define SSH_LISTEN_BACKLOG 128 - -#endif /* SSH_H */ diff --git a/sshconnect.c b/sshconnect.c index af75bba8d..71ca4ec52 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.198 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.199 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,8 +37,10 @@ #include #include -#include "ssh.h" #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "ssh.h" #include "rsa.h" #include "buffer.h" #include "packet.h" diff --git a/sshconnect.h b/sshconnect.h index 0b3896f9d..4e66bbffc 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.22 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -23,13 +23,6 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef SSHCONNECT_H -#define SSHCONNECT_H - -#include -#include - -#include typedef struct Sensitive Sensitive; struct Sensitive { @@ -74,5 +67,3 @@ int ssh_local_cmd(const char *); strerror(errno)); \ errno = save_errno; \ } while (0) - -#endif diff --git a/sshconnect1.c b/sshconnect1.c index f0eee3bdf..51f1f8088 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.68 2006/08/01 23:22:47 stevesk Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,30 +15,36 @@ #include "includes.h" +#include +#include + #include #include #include #include #include +#include +#include +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" -#include "xmalloc.h" #include "rsa.h" #include "buffer.h" #include "packet.h" +#include "key.h" +#include "cipher.h" #include "kex.h" #include "uidswap.h" #include "log.h" #include "readconf.h" -#include "key.h" #include "authfd.h" #include "sshconnect.h" #include "authfile.h" #include "misc.h" -#include "cipher.h" #include "canohost.h" +#include "hostfile.h" #include "auth.h" /* Session id for the current session. */ diff --git a/sshconnect2.c b/sshconnect2.c index 27e5442e9..e58d078c4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.159 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.160 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -26,24 +26,27 @@ #include "includes.h" #include +#include #include #include #include +#include +#include #include #include #include #include "openbsd-compat/sys-queue.h" +#include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -#include "xmalloc.h" #include "buffer.h" #include "packet.h" #include "compat.h" -#include "bufaux.h" #include "cipher.h" +#include "key.h" #include "kex.h" #include "myproposal.h" #include "sshconnect.h" diff --git a/sshd.c b/sshd.c index 5cefd1024..52c21e500 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.342 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.343 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,14 +45,15 @@ #include "includes.h" #include +#include +#include #ifdef HAVE_SYS_STAT_H # include #endif -#include -#include #ifdef HAVE_SYS_TIME_H # include #endif +#include "openbsd-compat/sys-tree.h" #include #include @@ -77,28 +78,28 @@ #include #endif +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" -#include "xmalloc.h" #include "rsa.h" #include "sshpty.h" #include "packet.h" #include "log.h" +#include "buffer.h" #include "servconf.h" #include "uidswap.h" #include "compat.h" -#include "buffer.h" -#include "bufaux.h" #include "cipher.h" -#include "kex.h" #include "key.h" +#include "kex.h" #include "dh.h" #include "myproposal.h" #include "authfile.h" #include "pathnames.h" #include "atomicio.h" #include "canohost.h" +#include "hostfile.h" #include "auth.h" #include "misc.h" #include "msg.h" @@ -107,6 +108,9 @@ #include "session.h" #include "monitor_mm.h" #include "monitor.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "monitor_wrap.h" #include "monitor_fdpass.h" #include "version.h" diff --git a/sshlogin.c b/sshlogin.c index b01fde091..fba8a4d24 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.24 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.25 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,9 +43,11 @@ #include #include +#include #include #include +#include #include #include #include diff --git a/sshlogin.h b/sshlogin.h index c0f9cd300..500d3fefd 100644 --- a/sshlogin.h +++ b/sshlogin.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.h,v 1.7 2006/07/08 21:47:12 stevesk Exp $ */ +/* $OpenBSD: sshlogin.h,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -11,11 +11,6 @@ * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". */ -#ifndef SSHLOGIN_H -#define SSHLOGIN_H - -#include -#include void record_login(pid_t, const char *, const char *, uid_t, const char *, struct sockaddr *, socklen_t); @@ -26,5 +21,3 @@ time_t get_last_login_time(uid_t, const char *, char *, u_int); void record_utmp_only(pid_t, const char *, const char *, const char *, struct sockaddr *, socklen_t); #endif - -#endif diff --git a/sshpty.c b/sshpty.c index 719a79303..79c62ee9c 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: sshpty.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,8 +14,8 @@ #include "includes.h" -#include #include +#include #include #include @@ -26,11 +26,12 @@ # include #endif #include +#include #include #include #ifdef HAVE_UTIL_H # include -#endif /* HAVE_UTIL_H */ +#endif #include #include "sshpty.h" diff --git a/sshpty.h b/sshpty.h index a7b337474..7fac622d9 100644 --- a/sshpty.h +++ b/sshpty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.h,v 1.9 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshpty.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -14,12 +14,6 @@ * called by a name other than "ssh" or "Secure Shell". */ -#ifndef SSHPTY_H -#define SSHPTY_H - -#include - -#include #include struct termios get_saved_tio(void); @@ -31,5 +25,3 @@ void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); void pty_change_window_size(int, u_int, u_int, u_int, u_int); void pty_setowner(struct passwd *, const char *); - -#endif /* SSHPTY_H */ diff --git a/sshtty.c b/sshtty.c index 70668afde..04567669b 100644 --- a/sshtty.c +++ b/sshtty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshtty.c,v 1.11 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: sshtty.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,8 +37,10 @@ #include "includes.h" +#include #include #include +#include #include "sshpty.h" diff --git a/ttymodes.c b/ttymodes.c index 680909b22..d8e2c553a 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.25 2006/07/22 20:48:23 stevesk Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -45,16 +45,18 @@ #include "includes.h" +#include + #include #include #include +#include #include "packet.h" #include "log.h" #include "ssh1.h" #include "compat.h" #include "buffer.h" -#include "bufaux.h" #define TTY_OP_END 0 /* diff --git a/uidswap.c b/uidswap.c index 878258704..91d878c30 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.34 2006/07/26 02:35:17 stevesk Exp $ */ +/* $OpenBSD: uidswap.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,13 +14,12 @@ #include "includes.h" -#include #include - #include #include #include #include +#include #include diff --git a/uidswap.h b/uidswap.h index 436c10f75..1c1163d75 100644 --- a/uidswap.h +++ b/uidswap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.h,v 1.12 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -12,16 +12,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -#ifndef UIDSWAP_H -#define UIDSWAP_H - -#include - -#include - void temporarily_use_uid(struct passwd *); void restore_uid(void); void permanently_set_uid(struct passwd *); void permanently_drop_suid(uid_t); - -#endif /* UIDSWAP_H */ diff --git a/uuencode.c b/uuencode.c index 8a6742e95..a13949585 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.23 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: uuencode.c,v 1.24 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -26,9 +26,7 @@ #include "includes.h" #include - #include - #include #include diff --git a/uuencode.h b/uuencode.h index df09eb59b..fec55b491 100644 --- a/uuencode.h +++ b/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.12 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: uuencode.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -24,12 +24,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef UUENCODE_H -#define UUENCODE_H - -#include - int uuencode(const u_char *, u_int, char *, size_t); int uudecode(const char *, u_char *, size_t); void dump_base64(FILE *, u_char *, u_int); -#endif diff --git a/xmalloc.c b/xmalloc.c index 6aea495ef..9985b4cc2 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.26 2006/08/01 23:22:48 stevesk Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,7 +16,6 @@ #include "includes.h" #include - #include #include #include diff --git a/xmalloc.h b/xmalloc.h index 27f25d584..fb217a45c 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,9 +16,6 @@ * called by a name other than "ssh" or "Secure Shell". */ -#ifndef XMALLOC_H -#define XMALLOC_H - void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xrealloc(void *, size_t, size_t); @@ -27,5 +24,3 @@ char *xstrdup(const char *); int xasprintf(char **, const char *, ...) __attribute__((__format__ (printf, 2, 3))) __attribute__((__nonnull__ (2))); - -#endif /* XMALLOC_H */ -- cgit v1.2.3 From 9ab00b44c17c89955bad6bf105e89b21c51bbe8e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 12:40:11 +1000 Subject: - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 [monitor.c session.c ssh-agent.c] spaces --- ChangeLog | 5 ++++- monitor.c | 6 +++--- session.c | 4 ++-- ssh-agent.c | 4 ++-- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7f48d236e..d37f894ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -82,6 +82,9 @@ NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy") + - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 + [monitor.c session.c ssh-agent.c] + spaces 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5152,4 +5155,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4452 2006/08/05 02:39:39 djm Exp $ +$Id: ChangeLog,v 1.4453 2006/08/05 02:40:11 djm Exp $ diff --git a/monitor.c b/monitor.c index 595aae1a8..5df45ce45 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.85 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: monitor.c,v 1.86 2006/08/04 20:46:05 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1266,7 +1266,7 @@ mm_session_close(Session *s) { debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); if (s->ttyfd != -1) { - debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); session_pty_cleanup2(s); } s->used = 0; @@ -1326,7 +1326,7 @@ mm_answer_pty(int sock, Buffer *m) /* no need to dup() because nobody closes ptyfd */ s->ptymaster = s->ptyfd; - debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); return (0); diff --git a/session.c b/session.c index 1d63f9f50..1eb66f440 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.216 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1598,7 +1598,7 @@ do_child(Session *s, const char *command) do_rc_files(s, shell); /* restore SIGPIPE for child */ - signal(SIGPIPE, SIG_DFL); + signal(SIGPIPE, SIG_DFL); if (options.use_login) { launch_login(pw, hostname); diff --git a/ssh-agent.c b/ssh-agent.c index e43faae42..6bc1e541a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.151 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.152 2006/08/04 20:46:05 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1015,7 +1015,7 @@ int main(int ac, char **av) { int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; - int sock, fd, ch; + int sock, fd, ch; u_int nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; -- cgit v1.2.3 From 2ab323e0bd531926542784fdada06358d52cc020 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 12:43:32 +1000 Subject: - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c --- ChangeLog | 3 ++- auth-pam.c | 7 +++++++ defines.h | 15 +-------------- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index d37f894ff..f859f08ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -85,6 +85,7 @@ - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 [monitor.c session.c ssh-agent.c] spaces + - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5155,4 +5156,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4453 2006/08/05 02:40:11 djm Exp $ +$Id: ChangeLog,v 1.4454 2006/08/05 02:43:32 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 6ce9db12b..a67eaa309 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -71,6 +71,13 @@ # define sshpam_const const /* LinuxPAM, OpenPAM */ #endif +/* Ambiguity in spec: is it an array of pointers or a pointer to an array? */ +#ifdef PAM_SUN_CODEBASE +# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member) +#else +# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) +#endif + #include "auth.h" #include "auth-pam.h" #include "buffer.h" diff --git a/defines.h b/defines.h index 7b0a302a5..bcd4fc39b 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.134 2006/07/24 04:51:01 djm Exp $ */ +/* $Id: defines.h,v 1.135 2006/08/05 02:43:33 djm Exp $ */ /* Constants */ @@ -528,19 +528,6 @@ struct winsize { # define optarg BSDoptarg #endif -/* In older versions of libpam, pam_strerror takes a single argument */ -#ifdef HAVE_OLD_PAM -# define PAM_STRERROR(a,b) pam_strerror((b)) -#else -# define PAM_STRERROR(a,b) pam_strerror((a),(b)) -#endif - -#ifdef PAM_SUN_CODEBASE -# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member) -#else -# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) -#endif - #if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) # undef HAVE_GETADDRINFO #endif -- cgit v1.2.3 From 4cbfe8ebebb1fb345bddab629768ad95885846d6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 12:49:30 +1000 Subject: - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit --- ChangeLog | 5 ++++- auth-pam.c | 1 - auth.c | 1 - entropy.c | 1 - openbsd-compat/port-tun.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index f859f08ab..57c9d0225 100644 --- a/ChangeLog +++ b/ChangeLog @@ -86,6 +86,9 @@ [monitor.c session.c ssh-agent.c] spaces - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c + - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] + remove last traces of bufaux.h - it was merged into buffer.h in the big + includes.h commit 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5156,4 +5159,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4454 2006/08/05 02:43:32 djm Exp $ +$Id: ChangeLog,v 1.4455 2006/08/05 02:49:30 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index a67eaa309..695198493 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -81,7 +81,6 @@ #include "auth.h" #include "auth-pam.h" #include "buffer.h" -#include "bufaux.h" #include "canohost.h" #include "log.h" #include "monitor_wrap.h" diff --git a/auth.c b/auth.c index fba32eb96..f2aee8fdb 100644 --- a/auth.c +++ b/auth.c @@ -60,7 +60,6 @@ #include "canohost.h" #include "uidswap.h" #include "misc.h" -#include "bufaux.h" #include "packet.h" #include "loginrec.h" #ifdef GSSAPI diff --git a/entropy.c b/entropy.c index b98e3c859..f0331a84e 100644 --- a/entropy.c +++ b/entropy.c @@ -46,7 +46,6 @@ #include "pathnames.h" #include "log.h" #include "buffer.h" -#include "bufaux.h" /* * Portable OpenSSH PRNG seeding: diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index f6a6aa9e1..d2ea03874 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -28,7 +28,7 @@ #include "log.h" #include "misc.h" -#include "bufaux.h" +#include "buffer.h" /* * This is the portable version of the SSH tunnel forwarding, it -- cgit v1.2.3 From 36cbe41ceb9aeccbbd11bdf49588ddc8136a8f4f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 12:54:24 +1000 Subject: - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec --- ChangeLog | 3 ++- auth.c | 2 ++ sshlogin.c | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 57c9d0225..47069e286 100644 --- a/ChangeLog +++ b/ChangeLog @@ -89,6 +89,7 @@ - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit + - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5159,4 +5160,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4455 2006/08/05 02:49:30 djm Exp $ +$Id: ChangeLog,v 1.4456 2006/08/05 02:54:24 djm Exp $ diff --git a/auth.c b/auth.c index f2aee8fdb..5a02a4364 100644 --- a/auth.c +++ b/auth.c @@ -29,6 +29,8 @@ #include #include +#include + #include #ifdef HAVE_PATHS_H # include diff --git a/sshlogin.c b/sshlogin.c index fba8a4d24..0059ff8d0 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -45,6 +45,8 @@ #include #include +#include + #include #include #include -- cgit v1.2.3 From 2a7bf6e7c790accc0eea7f52c82a138edae87a7f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 13:23:49 +1000 Subject: ignore generated Makefile --- openbsd-compat/regress/.cvsignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 openbsd-compat/regress/.cvsignore diff --git a/openbsd-compat/regress/.cvsignore b/openbsd-compat/regress/.cvsignore new file mode 100644 index 000000000..f3c7a7c5d --- /dev/null +++ b/openbsd-compat/regress/.cvsignore @@ -0,0 +1 @@ +Makefile -- cgit v1.2.3 From 475d61e1043604c0e65211361af08b99003af0d0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 13:26:13 +1000 Subject: ignore built test binaries too --- openbsd-compat/regress/.cvsignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openbsd-compat/regress/.cvsignore b/openbsd-compat/regress/.cvsignore index f3c7a7c5d..afbf7cc3f 100644 --- a/openbsd-compat/regress/.cvsignore +++ b/openbsd-compat/regress/.cvsignore @@ -1 +1,5 @@ Makefile +snprintftest +strduptest +strtonumtest + -- cgit v1.2.3 From d04db59ad929d289c2dcaa466989659bbc449f6b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 13:27:29 +1000 Subject: - (djm) [openbsd-compat/regress/snprintftest.c] [openbsd-compat/regress/strduptest.c] Add missing includes so they pass compilation with "-Wall -Werror" --- ChangeLog | 5 ++++- openbsd-compat/regress/snprintftest.c | 1 + openbsd-compat/regress/strduptest.c | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 47069e286..180f4403b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -90,6 +90,9 @@ remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec + - (djm) [openbsd-compat/regress/snprintftest.c] + [openbsd-compat/regress/strduptest.c] Add missing includes so they pass + compilation with "-Wall -Werror" 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5160,4 +5163,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4456 2006/08/05 02:54:24 djm Exp $ +$Id: ChangeLog,v 1.4457 2006/08/05 03:27:29 djm Exp $ diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c index e25bf223f..8879244b5 100644 --- a/openbsd-compat/regress/snprintftest.c +++ b/openbsd-compat/regress/snprintftest.c @@ -21,6 +21,7 @@ #include #include #include +#include static int failed = 0; diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c index 664a48ef4..7f6d779be 100644 --- a/openbsd-compat/regress/strduptest.c +++ b/openbsd-compat/regress/strduptest.c @@ -14,6 +14,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include +#include + static int fail = 0; void -- cgit v1.2.3 From 75bb664458d5a825824607841819b9a40d9bfdb5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Aug 2006 14:07:20 +1000 Subject: - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more includes for Linux in --- ChangeLog | 5 ++++- auth-pam.c | 11 ++++++++--- auth-shadow.c | 2 ++ auth2-none.c | 1 + cleanup.c | 2 +- openbsd-compat/port-tun.c | 1 + openbsd-compat/port-tun.h | 2 ++ sshd.c | 1 + 8 files changed, 20 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 180f4403b..f1b99d9e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -93,6 +93,9 @@ - (djm) [openbsd-compat/regress/snprintftest.c] [openbsd-compat/regress/strduptest.c] Add missing includes so they pass compilation with "-Wall -Werror" + - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] + [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more + includes for Linux in 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5163,4 +5166,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4457 2006/08/05 03:27:29 djm Exp $ +$Id: ChangeLog,v 1.4458 2006/08/05 04:07:20 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 695198493..8e9361caa 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -78,19 +78,24 @@ # define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) #endif +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "auth-pam.h" -#include "buffer.h" #include "canohost.h" #include "log.h" -#include "monitor_wrap.h" #include "msg.h" #include "packet.h" #include "misc.h" #include "servconf.h" #include "ssh2.h" -#include "xmalloc.h" #include "auth-options.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "monitor_wrap.h" extern ServerOptions options; extern Buffer loginmsg; diff --git a/auth-shadow.c b/auth-shadow.c index 7cd69c21f..52447fe4a 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -28,6 +28,8 @@ #include #include +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "buffer.h" #include "log.h" diff --git a/auth2-none.c b/auth2-none.c index 1e4afa0e7..8cbef5278 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -29,6 +29,7 @@ #include #include +#include #include "xmalloc.h" #include "key.h" diff --git a/cleanup.c b/cleanup.c index c41ef1c6a..238f965e6 100644 --- a/cleanup.c +++ b/cleanup.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "config.h" +#include "includes.h" #include diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index d2ea03874..3e73d8c0e 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -29,6 +29,7 @@ #include "log.h" #include "misc.h" #include "buffer.h" +#include "channels.h" /* * This is the portable version of the SSH tunnel forwarding, it diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h index 9f7a98614..c53df01fc 100644 --- a/openbsd-compat/port-tun.h +++ b/openbsd-compat/port-tun.h @@ -17,6 +17,8 @@ #ifndef _PORT_TUN_H #define _PORT_TUN_H +struct Channel; + #if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) # define CUSTOM_SYS_TUN_OPEN int sys_tun_open(int, int); diff --git a/sshd.c b/sshd.c index 52c21e500..9f14c3354 100644 --- a/sshd.c +++ b/sshd.c @@ -68,6 +68,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From 90659f8166455cdde9126d0cc0d8388e300dd65c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 14:46:27 +1000 Subject: - (dtucker) [cleanup.c] Need defines.h for __dead. --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f1b99d9e2..b7050c5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -96,6 +96,7 @@ - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more includes for Linux in + - (dtucker) [cleanup.c] Need defines.h for __dead. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5166,4 +5167,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4458 2006/08/05 04:07:20 djm Exp $ +$Id: ChangeLog,v 1.4459 2006/08/05 04:46:27 dtucker Exp $ -- cgit v1.2.3 From 8c6fedaf22799ac3bfcaad8f6020ec9d5f4d834d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 15:24:59 +1000 Subject: - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. --- ChangeLog | 3 ++- auth2-gss.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b7050c5c9..c3641cff8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,7 @@ [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more includes for Linux in - (dtucker) [cleanup.c] Need defines.h for __dead. + - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5167,4 +5168,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4459 2006/08/05 04:46:27 dtucker Exp $ +$Id: ChangeLog,v 1.4460 2006/08/05 05:24:59 dtucker Exp $ diff --git a/auth2-gss.c b/auth2-gss.c index 67144e495..d88bc4273 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -26,6 +26,8 @@ #include "includes.h" +#ifdef GSSAPI + #include #include "xmalloc.h" @@ -293,3 +295,5 @@ Authmethod method_gssapi = { userauth_gssapi, &options.gss_authentication }; + +#endif /* GSSAPI */ -- cgit v1.2.3 From e7eec90f387c1d8cde3f6f1e543866a62caaa8a4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 15:47:26 +1000 Subject: - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of #include stdarg.h, needed for log.h. --- ChangeLog | 4 +++- openbsd-compat/bsd-arc4random.c | 2 ++ openbsd-compat/port-tun.c | 1 + openbsd-compat/xmmap.c | 5 +++-- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3641cff8..8835fec20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -98,6 +98,8 @@ includes for Linux in - (dtucker) [cleanup.c] Need defines.h for __dead. - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. + - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of + #include stdarg.h, needed for log.h. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5168,4 +5170,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4460 2006/08/05 05:24:59 dtucker Exp $ +$Id: ChangeLog,v 1.4461 2006/08/05 05:47:26 dtucker Exp $ diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index c1aecfe99..d45fb182a 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -17,7 +17,9 @@ #include "includes.h" #include + #include +#include #include "log.h" diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 3e73d8c0e..cadc331e1 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -23,6 +23,7 @@ #include #include +#include #include #include diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 6a1708e5d..95d5055b5 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.10 2006/07/25 09:52:08 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.11 2006/08/05 05:47:27 dtucker Exp $ */ #include "includes.h" @@ -32,11 +32,12 @@ #include #endif #include + #ifdef HAVE_FCNTL_H # include #endif - #include +#include #include #include -- cgit v1.2.3 From ecf28ba7aaf85952b46caf2d1d1a3700a9f80807 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 15:50:20 +1000 Subject: - (dtucker) [entropy.c] Needs unistd.h too. --- ChangeLog | 3 ++- entropy.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8835fec20..b6d25c389 100644 --- a/ChangeLog +++ b/ChangeLog @@ -100,6 +100,7 @@ - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of #include stdarg.h, needed for log.h. + - (dtucker) [entropy.c] Needs unistd.h too. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5170,4 +5171,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4461 2006/08/05 05:47:26 dtucker Exp $ +$Id: ChangeLog,v 1.4462 2006/08/05 05:50:20 dtucker Exp $ diff --git a/entropy.c b/entropy.c index f0331a84e..c89e0b528 100644 --- a/entropy.c +++ b/entropy.c @@ -34,6 +34,7 @@ #ifdef HAVE_FCNTL_H # include #endif +#include #include #include -- cgit v1.2.3 From 4c65543c89f89b25b44ff509bfc49f6e940a128e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 15:57:40 +1000 Subject: - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. --- ChangeLog | 3 ++- ssh-rand-helper.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b6d25c389..c125d69b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -101,6 +101,7 @@ - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of #include stdarg.h, needed for log.h. - (dtucker) [entropy.c] Needs unistd.h too. + - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5171,4 +5172,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4462 2006/08/05 05:50:20 dtucker Exp $ +$Id: ChangeLog,v 1.4463 2006/08/05 05:57:40 dtucker Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 121fa52fa..10c9905b1 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -29,6 +29,8 @@ #include #include #include + +#include #include #include -- cgit v1.2.3 From d8aec107fec09a5e943d5ad96d364823b48249d8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 16:12:15 +1000 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. --- ChangeLog | 3 ++- openbsd-compat/getrrsetbyname.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c125d69b3..942884818 100644 --- a/ChangeLog +++ b/ChangeLog @@ -102,6 +102,7 @@ #include stdarg.h, needed for log.h. - (dtucker) [entropy.c] Needs unistd.h too. - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. + - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5172,4 +5173,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4463 2006/08/05 05:57:40 dtucker Exp $ +$Id: ChangeLog,v 1.4464 2006/08/05 06:12:15 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 70ef1850d..40155d5ab 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -49,6 +49,7 @@ #ifndef HAVE_GETRRSETBYNAME +#include #include #include "getrrsetbyname.h" -- cgit v1.2.3 From 8a15f01affbe332970fd8f8b07d3e6d8f7e6acb2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 16:27:20 +1000 Subject: - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, otherwise it is implicitly declared as returning an int. --- ChangeLog | 4 +++- openbsd-compat/strtonum.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 942884818..959211fb6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -103,6 +103,8 @@ - (dtucker) [entropy.c] Needs unistd.h too. - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. + - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, + otherwise it is implicitly declared as returning an int. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5173,4 +5175,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4464 2006/08/05 06:12:15 dtucker Exp $ +$Id: ChangeLog,v 1.4465 2006/08/05 06:27:20 dtucker Exp $ diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c index 35c5c18b9..87f2f24b2 100644 --- a/openbsd-compat/strtonum.c +++ b/openbsd-compat/strtonum.c @@ -20,7 +20,9 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ #include "includes.h" + #ifndef HAVE_STRTONUM +#include #include #include -- cgit v1.2.3 From 1a3d6e7bdd1d0a329f40034e7674dcc03e845bf3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 18:46:47 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 [auth2-none.c sshd.c monitor_wrap.c] Add headers required to build with KERBEROS5=no. ok djm@ --- ChangeLog | 6 +++++- auth2-none.c | 3 ++- monitor_wrap.c | 4 +++- sshd.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 959211fb6..56afd72cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -105,6 +105,10 @@ - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, otherwise it is implicitly declared as returning an int. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 + [auth2-none.c sshd.c monitor_wrap.c] + Add headers required to build with KERBEROS5=no. ok djm@ 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5175,4 +5179,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4465 2006/08/05 06:27:20 dtucker Exp $ +$Id: ChangeLog,v 1.4466 2006/08/05 08:46:47 dtucker Exp $ diff --git a/auth2-none.c b/auth2-none.c index 8cbef5278..f455bdde3 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include #include +#include #include #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 52ea17592..6678462d5 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.50 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.51 2006/08/05 07:52:52 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -28,12 +28,14 @@ #include "includes.h" #include +#include #include #include #include #include #include +#include #include #include diff --git a/sshd.c b/sshd.c index 9f14c3354..ca418e36f 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.343 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshd.c,v 1.344 2006/08/05 07:52:52 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 260cb3519db3bdc3722b76638edfcecfd885608b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 18:48:01 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 [auth-skey.c] Add headers required to build with -DSKEY. ok djm@ --- ChangeLog | 5 ++++- auth-skey.c | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 56afd72cd..9f8b4a026 100644 --- a/ChangeLog +++ b/ChangeLog @@ -109,6 +109,9 @@ - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 [auth2-none.c sshd.c monitor_wrap.c] Add headers required to build with KERBEROS5=no. ok djm@ + - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 + [auth-skey.c] + Add headers required to build with -DSKEY. ok djm@ 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5179,4 +5182,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4466 2006/08/05 08:46:47 dtucker Exp $ +$Id: ChangeLog,v 1.4467 2006/08/05 08:48:01 dtucker Exp $ diff --git a/auth-skey.c b/auth-skey.c index d49e59b75..78e216340 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-skey.c,v 1.24 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth-skey.c,v 1.25 2006/08/05 08:00:33 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -29,9 +29,14 @@ #include +#include +#include + #include #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "monitor_wrap.h" -- cgit v1.2.3 From d6a23f20572f2abc9c1935da6b68b1979f8f83de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 18:50:35 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 [monitor_wrap.c auth-skey.c auth2-chall.c] Zap unused variables in -DSKEY code. ok djm@ --- ChangeLog | 5 ++++- auth-skey.c | 5 ++--- auth2-chall.c | 2 +- monitor_wrap.c | 5 ++--- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f8b4a026..45939e6d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -112,6 +112,9 @@ - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 [auth-skey.c] Add headers required to build with -DSKEY. ok djm@ + - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 + [monitor_wrap.c auth-skey.c auth2-chall.c] + Zap unused variables in -DSKEY code. ok djm@ 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5182,4 +5185,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4467 2006/08/05 08:48:01 dtucker Exp $ +$Id: ChangeLog,v 1.4468 2006/08/05 08:50:35 dtucker Exp $ diff --git a/auth-skey.c b/auth-skey.c index 78e216340..147dab825 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-skey.c,v 1.25 2006/08/05 08:00:33 dtucker Exp $ */ +/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -51,8 +51,7 @@ skey_query(void *ctx, char **name, char **infotxt, u_int* numprompts, char ***prompts, u_int **echo_on) { Authctxt *authctxt = ctx; - char challenge[1024], *p; - int len; + char challenge[1024]; struct skey skey; if (_compat_skeychallenge(&skey, authctxt->user, challenge, diff --git a/auth2-chall.c b/auth2-chall.c index 8358140b9..b091957b1 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.30 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. diff --git a/monitor_wrap.c b/monitor_wrap.c index 6678462d5..c00a0f7cb 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.51 2006/08/05 07:52:52 dtucker Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.52 2006/08/05 08:28:24 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -941,9 +941,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int len; u_int success; - char *p, *challenge; + char *challenge; debug3("%s: entering", __func__); -- cgit v1.2.3 From f676c57958c8e9a743f54a95479db478248d6fd0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 18:51:08 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 [packet.c] Typo in comment --- ChangeLog | 5 ++++- packet.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 45939e6d8..37e6532af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -115,6 +115,9 @@ - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 [monitor_wrap.c auth-skey.c auth2-chall.c] Zap unused variables in -DSKEY code. ok djm@ + - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 + [packet.c] + Typo in comment 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5185,4 +5188,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4468 2006/08/05 08:50:35 dtucker Exp $ +$Id: ChangeLog,v 1.4469 2006/08/05 08:51:08 dtucker Exp $ diff --git a/packet.c b/packet.c index f2e03f800..a4cb3324e 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.142 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: packet.c,v 1.143 2006/08/05 08:34:04 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -676,7 +676,7 @@ set_newkeys(int mode) /* * Delayed compression for SSH2 is enabled after authentication: - * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, + * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. */ static void -- cgit v1.2.3 From 92350103fcf406d054a698ab2ea34feb4bfff6fc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 19:08:16 +1000 Subject: - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile on Cygwin. --- ChangeLog | 4 +++- openbsd-compat/bsd-cygwin_util.c | 9 +++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 37e6532af..ce2ee60d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -118,6 +118,8 @@ - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 [packet.c] Typo in comment + - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile + on Cygwin. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5188,4 +5190,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4469 2006/08/05 08:51:08 dtucker Exp $ +$Id: ChangeLog,v 1.4470 2006/08/05 09:08:16 dtucker Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index b408dde2d..4d31ef3b5 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -31,11 +31,16 @@ #ifdef HAVE_CYGWIN -#include -#include +#include +#include #include #include + +#include +#include +#include #include + #include "xmalloc.h" #define is_winnt (GetVersion() < 0x80000000) -- cgit v1.2.3 From 2b4e38b71276ac990a97bcfd0917d2514e85011b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 19:18:08 +1000 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. --- ChangeLog | 3 ++- openbsd-compat/fake-rfc2553.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ce2ee60d9..ec6294787 100644 --- a/ChangeLog +++ b/ChangeLog @@ -120,6 +120,7 @@ Typo in comment - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile on Cygwin. + - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5190,4 +5191,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4470 2006/08/05 09:08:16 dtucker Exp $ +$Id: ChangeLog,v 1.4471 2006/08/05 09:18:08 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index 08a7cb66c..b69f7f13f 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -38,6 +38,9 @@ #include "includes.h" #include +#include +#include + #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) -- cgit v1.2.3 From 6e1a9aa9b9aa39fba068d5fd071bd145da34519b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Aug 2006 19:56:00 +1000 Subject: - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. --- ChangeLog | 3 ++- auth-skey.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ec6294787..46516a661 100644 --- a/ChangeLog +++ b/ChangeLog @@ -121,6 +121,7 @@ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile on Cygwin. - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. + - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5191,4 +5192,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4471 2006/08/05 09:18:08 dtucker Exp $ +$Id: ChangeLog,v 1.4472 2006/08/05 09:56:00 dtucker Exp $ diff --git a/auth-skey.c b/auth-skey.c index 147dab825..25073dbae 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -38,6 +38,7 @@ #include "key.h" #include "hostfile.h" #include "auth.h" +#include "ssh-gss.h" #include "monitor_wrap.h" static void * -- cgit v1.2.3 From 79ba868fbed5c55b11f5c4930aaaf0d6339eb48a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Aug 2006 00:05:09 +1000 Subject: - (dtucker) [audit.c audit.h] Repair headers. --- ChangeLog | 3 ++- audit.c | 4 +++- audit.h | 4 +--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46516a661..1a14d8da2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -122,6 +122,7 @@ on Cygwin. - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. + - (dtucker) [audit.c audit.h] Repair headers. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5192,4 +5193,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4472 2006/08/05 09:56:00 dtucker Exp $ +$Id: ChangeLog,v 1.4473 2006/08/05 14:05:09 dtucker Exp $ diff --git a/audit.c b/audit.c index c77d0c012..8c3ec5a6a 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */ +/* $Id: audit.c,v 1.4 2006/08/05 14:05:10 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -30,6 +30,8 @@ #include "audit.h" #include "log.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" /* diff --git a/audit.h b/audit.h index 78e58966f..695f72354 100644 --- a/audit.h +++ b/audit.h @@ -1,4 +1,4 @@ -/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ +/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -24,8 +24,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "auth.h" - #ifndef _SSH_AUDIT_H # define _SSH_AUDIT_H enum ssh_audit_event_type { -- cgit v1.2.3 From 3e714514e8cf6d1686ecb958c195f60e0a2d6d8f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Aug 2006 00:12:54 +1000 Subject: - (dtucker) [audit-bsm.c] Add additional headers now required. --- ChangeLog | 3 ++- audit-bsm.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1a14d8da2..d74f67d94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -123,6 +123,7 @@ - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. - (dtucker) [audit.c audit.h] Repair headers. + - (dtucker) [audit-bsm.c] Add additional headers now required. 20060804 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent @@ -5193,4 +5194,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4473 2006/08/05 14:05:09 dtucker Exp $ +$Id: ChangeLog,v 1.4474 2006/08/05 14:12:54 dtucker Exp $ diff --git a/audit-bsm.c b/audit-bsm.c index c2679d3da..c9a1779d4 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.2 2006/08/05 14:12:54 dtucker Exp $ */ /* * TODO @@ -39,6 +39,8 @@ #include "ssh.h" #include "log.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "xmalloc.h" -- cgit v1.2.3 From 32ab2ae3f352447537c959c2df785b8160a642d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Aug 2006 21:23:27 +1000 Subject: - (dtucker) [defines.h] With the includes.h changes we no longer get the name clash on "YES" so we can remove the workaround for it. --- ChangeLog | 6 +++++- defines.h | 10 +--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index d74f67d94..60a1fd753 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2006086 + - (dtucker) [defines.h] With the includes.h changes we no longer get the + name clash on "YES" so we can remove the workaround for it. + 20060805 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 @@ -5194,4 +5198,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4474 2006/08/05 14:12:54 dtucker Exp $ +$Id: ChangeLog,v 1.4475 2006/08/06 11:23:27 dtucker Exp $ diff --git a/defines.h b/defines.h index bcd4fc39b..fdc43cd92 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.135 2006/08/05 02:43:33 djm Exp $ */ +/* $Id: defines.h,v 1.136 2006/08/06 11:23:28 dtucker Exp $ */ /* Constants */ @@ -723,12 +723,4 @@ struct winsize { # endif #endif -/* some system headers on HP-UX define YES/NO */ -#ifdef YES -# undef YES -#endif -#ifdef NO -# undef NO -#endif - #endif /* _DEFINES_H */ -- cgit v1.2.3 From f78fb54412e34c2647c1bc9f895af00620f42730 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Aug 2006 21:25:24 +1000 Subject: - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, glob.c}] Include stdlib.h for malloc and friends in compat code. --- ChangeLog | 4 +++- openbsd-compat/bsd-asprintf.c | 1 + openbsd-compat/bsd-openpty.c | 2 ++ openbsd-compat/bsd-snprintf.c | 2 ++ openbsd-compat/glob.c | 2 ++ 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 60a1fd753..1efc7ba36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 2006086 - (dtucker) [defines.h] With the includes.h changes we no longer get the name clash on "YES" so we can remove the workaround for it. + - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, + glob.c}] Include stdlib.h for malloc and friends in compat code. 20060805 - (djm) OpenBSD CVS Sync @@ -5198,4 +5200,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4475 2006/08/06 11:23:27 dtucker Exp $ +$Id: ChangeLog,v 1.4476 2006/08/06 11:25:24 dtucker Exp $ diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c index 1178296f8..67480139e 100644 --- a/openbsd-compat/bsd-asprintf.c +++ b/openbsd-compat/bsd-asprintf.c @@ -23,6 +23,7 @@ #include #include +#include #ifndef VA_COPY # ifdef HAVE_VA_COPY diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index a2f2fda60..c0cde6b1f 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -37,6 +37,8 @@ #include +#include + #ifdef HAVE_SYS_STAT_H # include #endif diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index 9fdf4d3f0..47cbcff67 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -108,6 +108,8 @@ #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) +#include +#include #include #ifdef HAVE_LONG_DOUBLE diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 907235353..ec16b1108 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -37,10 +37,12 @@ #include #include + #include #include #include #include +#include #include #include -- cgit v1.2.3 From 0e5143e88e769b91cdd5b19e36a1d2403acc8e22 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 7 Aug 2006 11:26:36 +1000 Subject: - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings on Solaris 10 --- ChangeLog | 8 ++++++-- openbsd-compat/bsd-getpeereid.c | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1efc7ba36..5d51f2e61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ -2006086 +20060806 + - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings + on Solaris 10 + +20060806 - (dtucker) [defines.h] With the includes.h changes we no longer get the name clash on "YES" so we can remove the workaround for it. - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, @@ -5200,4 +5204,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4476 2006/08/06 11:25:24 dtucker Exp $ +$Id: ChangeLog,v 1.4477 2006/08/07 01:26:36 djm Exp $ diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c index d94489d1d..bdae8b637 100644 --- a/openbsd-compat/bsd-getpeereid.c +++ b/openbsd-compat/bsd-getpeereid.c @@ -18,6 +18,11 @@ #if !defined(HAVE_GETPEEREID) +#include +#include + +#include + #if defined(SO_PEERCRED) int getpeereid(int s, uid_t *euid, gid_t *gid) -- cgit v1.2.3 From 533418138fb05d29483c702fbc7bb69bca4e1756 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Aug 2006 18:21:32 +1000 Subject: - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. --- ChangeLog | 5 ++++- LICENCE | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5d51f2e61..b4945700d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060815 + - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. + 20060806 - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings on Solaris 10 @@ -5204,4 +5207,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4477 2006/08/07 01:26:36 djm Exp $ +$Id: ChangeLog,v 1.4478 2006/08/15 08:21:32 dtucker Exp $ diff --git a/LICENCE b/LICENCE index ac3634f22..17d94aef5 100644 --- a/LICENCE +++ b/LICENCE @@ -287,6 +287,7 @@ OpenSSH contains no GPL code. Internet Software Consortium. Todd C. Miller + Reyk Floeter * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above -- cgit v1.2.3 From 56799c3f2aaa86df71534cd25dd9e6d05782fa5f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 16 Aug 2006 11:40:45 +1000 Subject: - (djm) [audit-bsm.c] Sprinkle in some headers --- ChangeLog | 5 ++++- audit-bsm.c | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b4945700d..188512306 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060816 + - (djm) [audit-bsm.c] Sprinkle in some headers + 20060815 - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. @@ -5207,4 +5210,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4478 2006/08/15 08:21:32 dtucker Exp $ +$Id: ChangeLog,v 1.4479 2006/08/16 01:40:45 djm Exp $ diff --git a/audit-bsm.c b/audit-bsm.c index c9a1779d4..50241b32f 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.2 2006/08/05 14:12:54 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.3 2006/08/16 01:40:45 djm Exp $ */ /* * TODO @@ -37,6 +37,10 @@ #include "includes.h" #if defined(USE_BSM_AUDIT) +#include + +#include + #include "ssh.h" #include "log.h" #include "key.h" -- cgit v1.2.3 From e6b641a9a13d664fb7b98227218a0b3f65dfd40c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 17 Aug 2006 18:55:27 +1000 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] Include stdlib.h for malloc and friends. --- ChangeLog | 6 +++++- openbsd-compat/fake-rfc2553.c | 2 ++ openbsd-compat/setproctitle.c | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 188512306..911fd3716 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060817 + - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] + Include stdlib.h for malloc and friends. + 20060816 - (djm) [audit-bsm.c] Sprinkle in some headers @@ -5210,4 +5214,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4479 2006/08/16 01:40:45 djm Exp $ +$Id: ChangeLog,v 1.4480 2006/08/17 08:55:27 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c index b69f7f13f..b6ea3d21e 100644 --- a/openbsd-compat/fake-rfc2553.c +++ b/openbsd-compat/fake-rfc2553.c @@ -36,6 +36,8 @@ */ #include "includes.h" + +#include #include #include diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 7fec73f89..b511f6649 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -36,6 +36,7 @@ #ifndef HAVE_SETPROCTITLE #include +#include #include #ifdef HAVE_SYS_PSTAT_H #include -- cgit v1.2.3 From 3083bc2b52fe00b5c5fe87dd3638969835dab0e8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 17 Aug 2006 19:35:49 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl for closefrom() on AIX. Pointed out by William Ahern. --- ChangeLog | 4 +++- configure.ac | 10 ++++++++-- openbsd-compat/bsd-closefrom.c | 7 +++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 911fd3716..3f253c021 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] Include stdlib.h for malloc and friends. + - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl + for closefrom() on AIX. Pointed out by William Ahern. 20060816 - (djm) [audit-bsm.c] Sprinkle in some headers @@ -5214,4 +5216,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4480 2006/08/17 08:55:27 dtucker Exp $ +$Id: ChangeLog,v 1.4481 2006/08/17 09:35:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 31dac052e..7a296ae8b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.348 2006/08/04 09:44:23 dtucker Exp $ +# $Id: configure.ac,v 1.349 2006/08/17 09:35:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.348 $) +AC_REVISION($Revision: 1.349 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -180,6 +180,12 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) + AC_CHECK_DECL(F_CLOSEM, + AC_DEFINE(USE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), + [], + [ #include + #include ] + ) check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.]) AC_DEFINE(SETEUID_BREAKS_SETUID, 1, diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 3f17302d1..e7a521e43 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -22,6 +22,9 @@ #include #include #include +#ifdef HAVE_FCNTL_H +# include +#endif #include #include #include @@ -76,6 +79,10 @@ closefrom(int lowfd) } (void) closedir(dirp); } else +#elif defined(USE_FCNTL_CLOSEM) + if (fcntl(lowfd, F_CLOSEM, 0) != -1) { + return; + } else #endif { /* -- cgit v1.2.3 From c889ffdbc6329f21d2437b3c3d17eba0960969fc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 17 Aug 2006 19:40:35 +1000 Subject: - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress test for closefrom() in compat code. --- ChangeLog | 4 ++- openbsd-compat/regress/Makefile.in | 7 ++-- openbsd-compat/regress/closefromtest.c | 60 ++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 openbsd-compat/regress/closefromtest.c diff --git a/ChangeLog b/ChangeLog index 3f253c021..1f37e7477 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ Include stdlib.h for malloc and friends. - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl for closefrom() on AIX. Pointed out by William Ahern. + - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress + test for closefrom() in compat code. 20060816 - (djm) [audit-bsm.c] Sprinkle in some headers @@ -5216,4 +5218,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4481 2006/08/17 09:35:49 dtucker Exp $ +$Id: ChangeLog,v 1.4482 2006/08/17 09:40:35 dtucker Exp $ diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index 51383a777..3a0a4c4da 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.1 2006/02/19 11:50:20 dtucker Exp $ +# $Id: Makefile.in,v 1.2 2006/08/17 09:40:35 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -14,7 +14,7 @@ LIBS=@LIBS@ LDFLAGS=-L.. -lopenbsd-compat @LDFLAGS@ LIBCOMPAT=../libopenbsd-compat.a -TESTPROGS=strtonumtest strduptest snprintftest +TESTPROGS=closefromtest strtonumtest strduptest snprintftest all: t-exec ${OTHERTESTS} @@ -32,6 +32,9 @@ strtonumtest: strtonumtest.c $(LIBCOMPAT) strduptest: strduptest.c $(LIBCOMPAT) $(CC) $(CFLAGS) $(CPPFLAGS) -o strduptest $< $(LDFLAGS) +closefromtest: closefromtest.c $(LIBCOMPAT) + $(CC) $(CFLAGS) $(CPPFLAGS) -o closefromtest $< $(LDFLAGS) + clean: rm -f *.o *.a core $(TESTPROGS) valid.out diff --git a/openbsd-compat/regress/closefromtest.c b/openbsd-compat/regress/closefromtest.c new file mode 100644 index 000000000..feb1b567d --- /dev/null +++ b/openbsd-compat/regress/closefromtest.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2006 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include +#include + +#define NUM_OPENS 10 + +void +fail(char *msg) +{ + fprintf(stderr, "closefrom: %s\n", msg); + exit(1); +} + +int +main(void) +{ + int i, max, fds[NUM_OPENS]; + char buf[512]; + + for (i = 0; i < NUM_OPENS; i++) + if ((fds[i] = open("/dev/null", "r")) == -1) + exit(0); /* can't test */ + max = i - 1; + + /* should close last fd only */ + closefrom(fds[max]); + if (close(fds[max]) != -1) + fail("failed to close highest fd"); + + /* make sure we can still use remaining descriptors */ + for (i = 0; i < max; i++) + if (read(fds[i], buf, sizeof(buf)) == -1) + fail("closed descriptors it should not have"); + + /* should close all fds */ + closefrom(fds[0]); + for (i = 0; i < NUM_OPENS; i++) + if (close(fds[i]) != -1) + fail("failed to close from lowest fd"); +} -- cgit v1.2.3 From d018b2e9c88f6669c68f3343dbbf53e6084e8ff7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Aug 2006 18:51:20 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with closefrom.c from sudo. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- openbsd-compat/bsd-closefrom.c | 20 +++++++++++--------- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1f37e7477..599e7eca1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060818 + - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with + closefrom.c from sudo. + 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] Include stdlib.h for malloc and friends. @@ -5218,4 +5222,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4482 2006/08/17 09:40:35 dtucker Exp $ +$Id: ChangeLog,v 1.4483 2006/08/18 08:51:20 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 7a296ae8b..f8e6cd4ce 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.349 2006/08/17 09:35:49 dtucker Exp $ +# $Id: configure.ac,v 1.350 2006/08/18 08:51:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.349 $) +AC_REVISION($Revision: 1.350 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -181,7 +181,7 @@ case "$host" in ) AC_CHECK_FUNCS(setauthdb) AC_CHECK_DECL(F_CLOSEM, - AC_DEFINE(USE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), + AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), [], [ #include #include ] diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index e7a521e43..4b72920d6 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Todd C. Miller + * Copyright (c) 2004-2005 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -52,12 +52,19 @@ #endif #ifndef lint -static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $"; #endif /* lint */ /* * Close all file descriptors greater than or equal to lowfd. */ +#ifdef HAVE_FCNTL_CLOSEM +void +closefrom(int lowfd) +{ + (void) fcntl(lowfd, F_CLOSEM, 0); +} +#else void closefrom(int lowfd) { @@ -70,7 +77,7 @@ closefrom(int lowfd) /* Check for a /proc/$$/fd directory. */ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { + if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { while ((dent = readdir(dirp)) != NULL) { fd = strtol(dent->d_name, &endp, 10); if (dent->d_name != endp && *endp == '\0' && @@ -79,10 +86,6 @@ closefrom(int lowfd) } (void) closedir(dirp); } else -#elif defined(USE_FCNTL_CLOSEM) - if (fcntl(lowfd, F_CLOSEM, 0) != -1) { - return; - } else #endif { /* @@ -102,6 +105,5 @@ closefrom(int lowfd) (void) close((int) fd); } } - +#endif /* !HAVE_FCNTL_CLOSEM */ #endif /* HAVE_CLOSEFROM */ - -- cgit v1.2.3 From 43d3ccdbddde9f73e35622248067a050a289480d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Aug 2006 19:49:58 +1000 Subject: - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. --- ChangeLog | 3 ++- openbsd-compat/bsd-closefrom.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 599e7eca1..42da7a05c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060818 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with closefrom.c from sudo. + - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5222,4 +5223,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4483 2006/08/18 08:51:20 dtucker Exp $ +$Id: ChangeLog,v 1.4484 2006/08/18 09:49:58 dtucker Exp $ diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 4b72920d6..9380b33a7 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -51,7 +51,7 @@ # define OPEN_MAX 256 #endif -#ifndef lint +#if 0 __unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $"; #endif /* lint */ -- cgit v1.2.3 From ec4e4daa6c9010aee4d0a6c6d49f740e1b0f4013 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Aug 2006 20:09:32 +1000 Subject: - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. --- ChangeLog | 3 ++- openbsd-compat/regress/snprintftest.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42da7a05c..c03112b81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with closefrom.c from sudo. - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. + - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5223,4 +5224,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4484 2006/08/18 09:49:58 dtucker Exp $ +$Id: ChangeLog,v 1.4485 2006/08/18 10:09:32 dtucker Exp $ diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c index 8879244b5..4ca63e180 100644 --- a/openbsd-compat/regress/snprintftest.c +++ b/openbsd-compat/regress/snprintftest.c @@ -28,7 +28,7 @@ static int failed = 0; static void fail(const char *m) { - fprintf(stderr, "%s", m); + fprintf(stderr, "snprintftest: %s\n", m); failed = 1; } -- cgit v1.2.3 From 637c80aa6f1bbbb93935fe102790820e8bec3a27 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 18 Aug 2006 20:56:18 +1000 Subject: - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the test progs instead; they work better than what we have. --- ChangeLog | 4 +++- openbsd-compat/regress/Makefile.in | 11 +---------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index c03112b81..4c5e3b9ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ closefrom.c from sudo. - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. + - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the + test progs instead; they work better than what we have. 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5224,4 +5226,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4485 2006/08/18 10:09:32 dtucker Exp $ +$Id: ChangeLog,v 1.4486 2006/08/18 10:56:18 dtucker Exp $ diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index 3a0a4c4da..22dab2837 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.2 2006/08/17 09:40:35 dtucker Exp $ +# $Id: Makefile.in,v 1.3 2006/08/18 10:56:19 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -26,15 +26,6 @@ t-exec: $(TESTPROGS) done @echo finished compat regress tests -strtonumtest: strtonumtest.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) -o strtonumtest $< $(LDFLAGS) - -strduptest: strduptest.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) -o strduptest $< $(LDFLAGS) - -closefromtest: closefromtest.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) -o closefromtest $< $(LDFLAGS) - clean: rm -f *.o *.a core $(TESTPROGS) valid.out -- cgit v1.2.3 From 63b94128cbfeb8a7e979baae7f3b29a171e4ab18 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:21:46 +1000 Subject: - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 [compress.c monitor.c monitor_wrap.c] "zlib.h" can be ; ok djm@ markus@ --- ChangeLog | 6 +++++- compress.c | 4 ++-- monitor.c | 3 ++- monitor_wrap.c | 3 ++- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4c5e3b9ce..f1b2c891c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the test progs instead; they work better than what we have. + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 + [compress.c monitor.c monitor_wrap.c] + "zlib.h" can be ; ok djm@ markus@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5226,4 +5230,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4486 2006/08/18 10:56:18 dtucker Exp $ +$Id: ChangeLog,v 1.4487 2006/08/18 14:21:46 djm Exp $ diff --git a/compress.c b/compress.c index f5d30b8a6..c058d2224 100644 --- a/compress.c +++ b/compress.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compress.c,v 1.24 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: compress.c,v 1.25 2006/08/06 01:13:32 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -17,10 +17,10 @@ #include #include +#include #include "log.h" #include "buffer.h" -#include "zlib.h" #include "compress.h" z_stream incoming_stream; diff --git a/monitor.c b/monitor.c index 5df45ce45..9e6bcc85f 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.86 2006/08/04 20:46:05 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.87 2006/08/06 01:13:32 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -42,6 +42,7 @@ #include #include #include +#include #ifdef SKEY #include diff --git a/monitor_wrap.c b/monitor_wrap.c index c00a0f7cb..5d6ad25f4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.52 2006/08/05 08:28:24 dtucker Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.53 2006/08/06 01:13:32 stevesk Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -36,6 +36,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From 1c89ce074920a11ac1eb2093867e50c869d05480 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:22:40 +1000 Subject: - miod@cvs.openbsd.org 2006/08/12 20:46:46 [monitor.c monitor_wrap.c] Revert previous include file ordering change, for ssh to compile under gcc2 (or until openssl include files are cleaned of parameter names in function prototypes) --- ChangeLog | 7 ++++++- monitor.c | 3 +-- monitor_wrap.c | 3 +-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index f1b2c891c..674d2b9e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,11 @@ - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 [compress.c monitor.c monitor_wrap.c] "zlib.h" can be ; ok djm@ markus@ + - miod@cvs.openbsd.org 2006/08/12 20:46:46 + [monitor.c monitor_wrap.c] + Revert previous include file ordering change, for ssh to compile under + gcc2 (or until openssl include files are cleaned of parameter names + in function prototypes) 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5230,4 +5235,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4487 2006/08/18 14:21:46 djm Exp $ +$Id: ChangeLog,v 1.4488 2006/08/18 14:22:40 djm Exp $ diff --git a/monitor.c b/monitor.c index 9e6bcc85f..83b3765a0 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.87 2006/08/06 01:13:32 stevesk Exp $ */ +/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -42,7 +42,6 @@ #include #include #include -#include #ifdef SKEY #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 5d6ad25f4..431b3e495 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.53 2006/08/06 01:13:32 stevesk Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -36,7 +36,6 @@ #include #include #include -#include #include #include -- cgit v1.2.3 From 565ca3f60058f22d083572930833aaff2292ac20 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:23:15 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 [servconf.c servconf.h sshd_config.5] Add ability to match groups to Match keyword in sshd_config. Feedback djm@, stevesk@, ok stevesk@. --- ChangeLog | 6 +++++- servconf.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- servconf.h | 3 ++- sshd_config.5 | 3 ++- 4 files changed, 64 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 674d2b9e3..328f0c116 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ Revert previous include file ordering change, for ssh to compile under gcc2 (or until openssl include files are cleaned of parameter names in function prototypes) + - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 + [servconf.c servconf.h sshd_config.5] + Add ability to match groups to Match keyword in sshd_config. Feedback + djm@, stevesk@, ok stevesk@. 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5235,4 +5239,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4488 2006/08/18 14:22:40 djm Exp $ +$Id: ChangeLog,v 1.4489 2006/08/18 14:23:15 djm Exp $ diff --git a/servconf.c b/servconf.c index 5884b95be..1f80de22d 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.164 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -37,6 +38,7 @@ #include "mac.h" #include "match.h" #include "channels.h" +#include "groupaccess.h" static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); @@ -496,6 +498,51 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) * PermittedChannelRequests session,forwarded-tcpip */ +static int +match_cfg_line_group(const char *grps, int line, const char *user) +{ + int result = 0; + u_int ngrps = 0; + char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS]; + struct passwd *pw; + + /* + * Even if we do not have a user yet, we still need to check for + * valid syntax. + */ + arg = cp = xstrdup(grps); + while ((p = strsep(&cp, ",")) != NULL && *p != '\0') { + if (ngrps >= MAX_MATCH_GROUPS) { + error("line %d: too many groups in Match Group", line); + result = -1; + goto out; + } + grplist[ngrps++] = p; + } + + if (user == NULL) + goto out; + + if ((pw = getpwnam(user)) == NULL) { + debug("Can't match group at line %d because user %.100s does " + "not exist", line, user); + } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { + debug("Can't Match group because user %.100s not in any group " + "at line %d", user, line); + } else if (ga_match(grplist, ngrps) != 1) { + debug("user %.100s does not match group %.100s at line %d", + user, arg, line); + } else { + debug("user %.100s matched group %.100s at line %d", user, + arg, line); + result = 1; + } +out: + ga_free(); + xfree(arg); + return result; +} + static int match_cfg_line(char **condition, int line, const char *user, const char *host, const char *address) @@ -527,6 +574,13 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, else debug("user %.100s matched 'User %.100s' at " "line %d", user, arg, line); + } else if (strcasecmp(attrib, "group") == 0) { + switch (match_cfg_line_group(arg, line, user)) { + case -1: + return -1; + case 0: + result = 0; + } } else if (strcasecmp(attrib, "host") == 0) { if (!host) { result = 0; diff --git a/servconf.h b/servconf.h index 2593b1cd1..ad496f64b 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.78 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -25,6 +25,7 @@ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ +#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ /* permit_root_login */ #define PERMIT_NOT_SET -1 diff --git a/sshd_config.5 b/sshd_config.5 index ff5457dff..3c20c1faa 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.68 2006/07/21 12:43:36 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.69 2006/08/14 12:40:25 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -488,6 +488,7 @@ The arguments to are one or more criteria-pattern pairs. The available criteria are .Cm User , +.Cm Group , .Cm Host , and .Cm Address . -- cgit v1.2.3 From a1f6840a4fa1fd48ecbf5a3ebb2c3b18f3a6c587 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:31:39 +1000 Subject: - djm@cvs.openbsd.org 2006/08/16 11:47:15 [sshd.c] factor inetd connection, TCP listen and main TCP accept loop out of main() into separate functions to improve readability; ok markus@ --- ChangeLog | 6 +- sshd.c | 637 ++++++++++++++++++++++++++++++++------------------------------ 2 files changed, 337 insertions(+), 306 deletions(-) diff --git a/ChangeLog b/ChangeLog index 328f0c116..34aad31f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ [servconf.c servconf.h sshd_config.5] Add ability to match groups to Match keyword in sshd_config. Feedback djm@, stevesk@, ok stevesk@. + - djm@cvs.openbsd.org 2006/08/16 11:47:15 + [sshd.c] + factor inetd connection, TCP listen and main TCP accept loop out of + main() into separate functions to improve readability; ok markus@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5239,4 +5243,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4489 2006/08/18 14:23:15 djm Exp $ +$Id: ChangeLog,v 1.4490 2006/08/18 14:31:39 djm Exp $ diff --git a/sshd.c b/sshd.c index ca418e36f..7065d471b 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.344 2006/08/05 07:52:52 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.345 2006/08/16 11:47:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -905,6 +905,322 @@ recv_rexec_state(int fd, Buffer *conf) debug3("%s: done", __func__); } +/* Accept a connection from inetd */ +static void +server_accept_inetd(int *sock_in, int *sock_out) +{ + int fd; + + startup_pipe = -1; + if (rexeced_flag) { + close(REEXEC_CONFIG_PASS_FD); + *sock_in = *sock_out = dup(STDIN_FILENO); + if (!debug_flag) { + startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); + close(REEXEC_STARTUP_PIPE_FD); + } + } else { + *sock_in = dup(STDIN_FILENO); + *sock_out = dup(STDOUT_FILENO); + } + /* + * We intentionally do not close the descriptors 0, 1, and 2 + * as our code for setting the descriptors won't work if + * ttyfd happens to be one of those. + */ + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + if (fd > STDOUT_FILENO) + close(fd); + } + debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); +} + +/* + * Listen for TCP connections + */ +static void +server_listen(void) +{ + int ret, listen_sock, on = 1; + struct addrinfo *ai; + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + + for (ai = options.listen_addrs; ai; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + if (num_listen_socks >= MAX_LISTEN_SOCKS) + fatal("Too many listen sockets. " + "Enlarge MAX_LISTEN_SOCKS"); + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, + ntop, sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + error("getnameinfo failed: %.100s", + (ret != EAI_SYSTEM) ? gai_strerror(ret) : + strerror(errno)); + continue; + } + /* Create socket for listening. */ + listen_sock = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol); + if (listen_sock < 0) { + /* kernel may not support ipv6 */ + verbose("socket: %.100s", strerror(errno)); + continue; + } + if (set_nonblock(listen_sock) == -1) { + close(listen_sock); + continue; + } + /* + * Set socket options. + * Allow local port reuse in TIME_WAIT. + */ + if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, + &on, sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + + debug("Bind to port %s on %s.", strport, ntop); + + /* Bind the socket to the desired port. */ + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + error("Bind to port %s on %s failed: %.200s.", + strport, ntop, strerror(errno)); + close(listen_sock); + continue; + } + listen_socks[num_listen_socks] = listen_sock; + num_listen_socks++; + + /* Start listening on the port. */ + if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) + fatal("listen on [%s]:%s: %.100s", + ntop, strport, strerror(errno)); + logit("Server listening on %s port %s.", ntop, strport); + } + freeaddrinfo(options.listen_addrs); + + if (!num_listen_socks) + fatal("Cannot bind any address."); +} + +/* + * The main TCP accept loop. Note that, for the non-debug case, returns + * from this function are in a forked subprocess. + */ +static void +server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) +{ + fd_set *fdset; + int i, j, ret, maxfd; + int key_used = 0, startups = 0; + int startup_p[2] = { -1 , -1 }; + struct sockaddr_storage from; + socklen_t fromlen; + pid_t pid; + + /* setup fd set for accept */ + fdset = NULL; + maxfd = 0; + for (i = 0; i < num_listen_socks; i++) + if (listen_socks[i] > maxfd) + maxfd = listen_socks[i]; + /* pipes connected to unauthenticated childs */ + startup_pipes = xcalloc(options.max_startups, sizeof(int)); + for (i = 0; i < options.max_startups; i++) + startup_pipes[i] = -1; + + /* + * Stay listening for connections until the system crashes or + * the daemon is killed with a signal. + */ + for (;;) { + if (received_sighup) + sighup_restart(); + if (fdset != NULL) + xfree(fdset); + fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), + sizeof(fd_mask)); + + for (i = 0; i < num_listen_socks; i++) + FD_SET(listen_socks[i], fdset); + for (i = 0; i < options.max_startups; i++) + if (startup_pipes[i] != -1) + FD_SET(startup_pipes[i], fdset); + + /* Wait in select until there is a connection. */ + ret = select(maxfd+1, fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) + error("select: %.100s", strerror(errno)); + if (received_sigterm) { + logit("Received signal %d; terminating.", + (int) received_sigterm); + close_listen_socks(); + unlink(options.pid_file); + exit(255); + } + if (key_used && key_do_regen) { + generate_ephemeral_server_key(); + key_used = 0; + key_do_regen = 0; + } + if (ret < 0) + continue; + + for (i = 0; i < options.max_startups; i++) + if (startup_pipes[i] != -1 && + FD_ISSET(startup_pipes[i], fdset)) { + /* + * the read end of the pipe is ready + * if the child has closed the pipe + * after successful authentication + * or if the child has died + */ + close(startup_pipes[i]); + startup_pipes[i] = -1; + startups--; + } + for (i = 0; i < num_listen_socks; i++) { + if (!FD_ISSET(listen_socks[i], fdset)) + continue; + fromlen = sizeof(from); + *newsock = accept(listen_socks[i], + (struct sockaddr *)&from, &fromlen); + if (*newsock < 0) { + if (errno != EINTR && errno != EWOULDBLOCK) + error("accept: %.100s", strerror(errno)); + continue; + } + if (unset_nonblock(*newsock) == -1) { + close(*newsock); + continue; + } + if (drop_connection(startups) == 1) { + debug("drop connection #%d", startups); + close(*newsock); + continue; + } + if (pipe(startup_p) == -1) { + close(*newsock); + continue; + } + + if (rexec_flag && socketpair(AF_UNIX, + SOCK_STREAM, 0, config_s) == -1) { + error("reexec socketpair: %s", + strerror(errno)); + close(*newsock); + close(startup_p[0]); + close(startup_p[1]); + continue; + } + + for (j = 0; j < options.max_startups; j++) + if (startup_pipes[j] == -1) { + startup_pipes[j] = startup_p[0]; + if (maxfd < startup_p[0]) + maxfd = startup_p[0]; + startups++; + break; + } + + /* + * Got connection. Fork a child to handle it, unless + * we are in debugging mode. + */ + if (debug_flag) { + /* + * In debugging mode. Close the listening + * socket, and start processing the + * connection without forking. + */ + debug("Server will not fork when running in debugging mode."); + close_listen_socks(); + *sock_in = *newsock; + *sock_out = *newsock; + close(startup_p[0]); + close(startup_p[1]); + startup_pipe = -1; + pid = getpid(); + if (rexec_flag) { + send_rexec_state(config_s[0], + &cfg); + close(config_s[0]); + } + break; + } + + /* + * Normal production daemon. Fork, and have + * the child process the connection. The + * parent continues listening. + */ + if ((pid = fork()) == 0) { + /* + * Child. Close the listening and + * max_startup sockets. Start using + * the accepted socket. Reinitialize + * logging (since our pid has changed). + * We break out of the loop to handle + * the connection. + */ + startup_pipe = startup_p[1]; + close_startup_pipes(); + close_listen_socks(); + *sock_in = *newsock; + *sock_out = *newsock; + log_init(__progname, + options.log_level, + options.log_facility, + log_stderr); + if (rexec_flag) + close(config_s[0]); + break; + } + + /* Parent. Stay in the loop. */ + if (pid < 0) + error("fork: %.100s", strerror(errno)); + else + debug("Forked child %ld.", (long)pid); + + close(startup_p[1]); + + if (rexec_flag) { + send_rexec_state(config_s[0], &cfg); + close(config_s[0]); + close(config_s[1]); + } + + /* + * Mark that the key has been used (it + * was "given" to the child). + */ + if ((options.protocol & SSH_PROTO_1) && + key_used == 0) { + /* Schedule server key regeneration alarm. */ + signal(SIGALRM, key_regeneration_alarm); + alarm(options.key_regeneration_time); + key_used = 1; + } + + close(*newsock); + + /* + * Ensure that our random state differs + * from that of the child + */ + arc4random_stir(); + } + + /* child process check (or debug mode) */ + if (num_listen_socks < 0) + break; + } +} + + /* * Main program for the daemon. */ @@ -913,24 +1229,14 @@ main(int ac, char **av) { extern char *optarg; extern int optind; - int opt, j, i, on = 1; + int opt, i, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; - pid_t pid; - socklen_t fromlen; - fd_set *fdset; - struct sockaddr_storage from; const char *remote_ip; int remote_port; - FILE *f; - struct addrinfo *ai; - char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char *line; - int listen_sock, maxfd; - int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 }; - int startups = 0; + int config_s[2] = { -1 , -1 }; Key *key; Authctxt *authctxt; - int ret, key_used = 0; #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); @@ -1278,121 +1584,31 @@ main(int ac, char **av) /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); - /* Start listening for a socket, unless started from inetd. */ + /* Get a connection, either from inetd or a listening TCP socket */ if (inetd_flag) { - int fd; + server_accept_inetd(&sock_in, &sock_out); - startup_pipe = -1; - if (rexeced_flag) { - close(REEXEC_CONFIG_PASS_FD); - sock_in = sock_out = dup(STDIN_FILENO); - if (!debug_flag) { - startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); - close(REEXEC_STARTUP_PIPE_FD); - } - } else { - sock_in = dup(STDIN_FILENO); - sock_out = dup(STDOUT_FILENO); - } - /* - * We intentionally do not close the descriptors 0, 1, and 2 - * as our code for setting the descriptors won't work if - * ttyfd happens to be one of those. - */ - if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { - dup2(fd, STDIN_FILENO); - dup2(fd, STDOUT_FILENO); - if (fd > STDOUT_FILENO) - close(fd); - } - debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); if ((options.protocol & SSH_PROTO_1) && sensitive_data.server_key == NULL) generate_ephemeral_server_key(); } else { - for (ai = options.listen_addrs; ai; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - if (num_listen_socks >= MAX_LISTEN_SOCKS) - fatal("Too many listen sockets. " - "Enlarge MAX_LISTEN_SOCKS"); - if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, - ntop, sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { - error("getnameinfo failed: %.100s", - (ret != EAI_SYSTEM) ? gai_strerror(ret) : - strerror(errno)); - continue; - } - /* Create socket for listening. */ - listen_sock = socket(ai->ai_family, ai->ai_socktype, - ai->ai_protocol); - if (listen_sock < 0) { - /* kernel may not support ipv6 */ - verbose("socket: %.100s", strerror(errno)); - continue; - } - if (set_nonblock(listen_sock) == -1) { - close(listen_sock); - continue; - } - /* - * Set socket options. - * Allow local port reuse in TIME_WAIT. - */ - if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)) == -1) - error("setsockopt SO_REUSEADDR: %s", strerror(errno)); - - debug("Bind to port %s on %s.", strport, ntop); - - /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (!ai->ai_next) - error("Bind to port %s on %s failed: %.200s.", - strport, ntop, strerror(errno)); - close(listen_sock); - continue; - } - listen_socks[num_listen_socks] = listen_sock; - num_listen_socks++; - - /* Start listening on the port. */ - if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) - fatal("listen on [%s]:%s: %.100s", - ntop, strport, strerror(errno)); - logit("Server listening on %s port %s.", ntop, strport); - } - freeaddrinfo(options.listen_addrs); - - if (!num_listen_socks) - fatal("Cannot bind any address."); + server_listen(); if (options.protocol & SSH_PROTO_1) generate_ephemeral_server_key(); - /* - * Arrange to restart on SIGHUP. The handler needs - * listen_sock. - */ signal(SIGHUP, sighup_handler); - + signal(SIGCHLD, main_sigchld_handler); signal(SIGTERM, sigterm_handler); signal(SIGQUIT, sigterm_handler); - /* Arrange SIGCHLD to be caught. */ - signal(SIGCHLD, main_sigchld_handler); - - /* Write out the pid file after the sigterm handler is setup */ + /* + * Write out the pid file after the sigterm handler + * is setup and the listen sockets are bound + */ if (!debug_flag) { - /* - * Record our pid in /var/run/sshd.pid to make it - * easier to kill the correct sshd. We don't want to - * do this before the bind above because the bind will - * fail if there already is a daemon, and this will - * overwrite any old pid in the file. - */ - f = fopen(options.pid_file, "wb"); + FILE *f = fopen(options.pid_file, "w"); + if (f == NULL) { error("Couldn't create pid file \"%s\": %s", options.pid_file, strerror(errno)); @@ -1402,198 +1618,9 @@ main(int ac, char **av) } } - /* setup fd set for listen */ - fdset = NULL; - maxfd = 0; - for (i = 0; i < num_listen_socks; i++) - if (listen_socks[i] > maxfd) - maxfd = listen_socks[i]; - /* pipes connected to unauthenticated childs */ - startup_pipes = xcalloc(options.max_startups, sizeof(int)); - for (i = 0; i < options.max_startups; i++) - startup_pipes[i] = -1; - - /* - * Stay listening for connections until the system crashes or - * the daemon is killed with a signal. - */ - for (;;) { - if (received_sighup) - sighup_restart(); - if (fdset != NULL) - xfree(fdset); - fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), - sizeof(fd_mask)); - - for (i = 0; i < num_listen_socks; i++) - FD_SET(listen_socks[i], fdset); - for (i = 0; i < options.max_startups; i++) - if (startup_pipes[i] != -1) - FD_SET(startup_pipes[i], fdset); - - /* Wait in select until there is a connection. */ - ret = select(maxfd+1, fdset, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) - error("select: %.100s", strerror(errno)); - if (received_sigterm) { - logit("Received signal %d; terminating.", - (int) received_sigterm); - close_listen_socks(); - unlink(options.pid_file); - exit(255); - } - if (key_used && key_do_regen) { - generate_ephemeral_server_key(); - key_used = 0; - key_do_regen = 0; - } - if (ret < 0) - continue; - - for (i = 0; i < options.max_startups; i++) - if (startup_pipes[i] != -1 && - FD_ISSET(startup_pipes[i], fdset)) { - /* - * the read end of the pipe is ready - * if the child has closed the pipe - * after successful authentication - * or if the child has died - */ - close(startup_pipes[i]); - startup_pipes[i] = -1; - startups--; - } - for (i = 0; i < num_listen_socks; i++) { - if (!FD_ISSET(listen_socks[i], fdset)) - continue; - fromlen = sizeof(from); - newsock = accept(listen_socks[i], - (struct sockaddr *)&from, &fromlen); - if (newsock < 0) { - if (errno != EINTR && errno != EWOULDBLOCK) - error("accept: %.100s", strerror(errno)); - continue; - } - if (unset_nonblock(newsock) == -1) { - close(newsock); - continue; - } - if (drop_connection(startups) == 1) { - debug("drop connection #%d", startups); - close(newsock); - continue; - } - if (pipe(startup_p) == -1) { - close(newsock); - continue; - } - - if (rexec_flag && socketpair(AF_UNIX, - SOCK_STREAM, 0, config_s) == -1) { - error("reexec socketpair: %s", - strerror(errno)); - close(newsock); - close(startup_p[0]); - close(startup_p[1]); - continue; - } - - for (j = 0; j < options.max_startups; j++) - if (startup_pipes[j] == -1) { - startup_pipes[j] = startup_p[0]; - if (maxfd < startup_p[0]) - maxfd = startup_p[0]; - startups++; - break; - } - - /* - * Got connection. Fork a child to handle it, unless - * we are in debugging mode. - */ - if (debug_flag) { - /* - * In debugging mode. Close the listening - * socket, and start processing the - * connection without forking. - */ - debug("Server will not fork when running in debugging mode."); - close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - close(startup_p[0]); - close(startup_p[1]); - startup_pipe = -1; - pid = getpid(); - if (rexec_flag) { - send_rexec_state(config_s[0], - &cfg); - close(config_s[0]); - } - break; - } else { - /* - * Normal production daemon. Fork, and have - * the child process the connection. The - * parent continues listening. - */ - if ((pid = fork()) == 0) { - /* - * Child. Close the listening and - * max_startup sockets. Start using - * the accepted socket. Reinitialize - * logging (since our pid has changed). - * We break out of the loop to handle - * the connection. - */ - startup_pipe = startup_p[1]; - close_startup_pipes(); - close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - log_init(__progname, - options.log_level, - options.log_facility, - log_stderr); - if (rexec_flag) - close(config_s[0]); - break; - } - } - - /* Parent. Stay in the loop. */ - if (pid < 0) - error("fork: %.100s", strerror(errno)); - else - debug("Forked child %ld.", (long)pid); - - close(startup_p[1]); - - if (rexec_flag) { - send_rexec_state(config_s[0], &cfg); - close(config_s[0]); - close(config_s[1]); - } - - /* - * Mark that the key has been used (it - * was "given" to the child). - */ - if ((options.protocol & SSH_PROTO_1) && - key_used == 0) { - /* Schedule server key regeneration alarm. */ - signal(SIGALRM, key_regeneration_alarm); - alarm(options.key_regeneration_time); - key_used = 1; - } - - arc4random_stir(); - close(newsock); - } - /* child process check (or debug mode) */ - if (num_listen_socks < 0) - break; - } + /* Accept a connection and return in a forked child */ + server_accept_loop(&sock_in, &sock_out, + &newsock, config_s); } /* This is the child processing a new connection. */ -- cgit v1.2.3 From 99a648e59291d3adb39eeee4fa1f8a5b2ee2d769 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:32:20 +1000 Subject: - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 [log.c log.h sshd.c] make signal handler termination path shorter; risky code pointed out by mark dowd; ok djm markus --- ChangeLog | 6 +++++- log.c | 14 +++++++++++++- log.h | 3 ++- sshd.c | 6 ++---- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 34aad31f4..6a04d1a0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,10 @@ [sshd.c] factor inetd connection, TCP listen and main TCP accept loop out of main() into separate functions to improve readability; ok markus@ + - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 + [log.c log.h sshd.c] + make signal handler termination path shorter; risky code pointed out by + mark dowd; ok djm markus 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5243,4 +5247,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4490 2006/08/18 14:31:39 djm Exp $ +$Id: ChangeLog,v 1.4491 2006/08/18 14:32:20 djm Exp $ diff --git a/log.c b/log.c index 6eac73743..32db0cb5f 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.38 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: log.c,v 1.39 2006/08/18 09:13:25 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -137,6 +137,18 @@ error(const char *fmt,...) va_end(args); } +void +sigdie(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_FATAL, fmt, args); + va_end(args); + _exit(1); +} + + /* Log this message (information that usually should go to the log). */ void diff --git a/log.h b/log.h index a8e788a2d..7a8c57079 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.14 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: log.h,v 1.15 2006/08/18 09:13:25 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -53,6 +53,7 @@ LogLevel log_level_number(char *); void fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2))); void error(const char *, ...) __attribute__((format(printf, 1, 2))); +void sigdie(const char *, ...) __attribute__((format(printf, 1, 2))); void logit(const char *, ...) __attribute__((format(printf, 1, 2))); void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); void debug(const char *, ...) __attribute__((format(printf, 1, 2))); diff --git a/sshd.c b/sshd.c index 7065d471b..f1f2e38b3 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.345 2006/08/16 11:47:15 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -344,13 +344,11 @@ main_sigchld_handler(int sig) static void grace_alarm_handler(int sig) { - /* XXX no idea how fix this signal handler */ - if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); /* Log error and exit. */ - fatal("Timeout before authentication for %s", get_remote_ipaddr()); + sigdie("Timeout before authentication for %s", get_remote_ipaddr()); } /* -- cgit v1.2.3 From 3f8123c804bdabbc95caf9e3495310e584944fb2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:32:46 +1000 Subject: - markus@cvs.openbsd.org 2006/08/18 09:15:20 [auth.h session.c sshd.c] delay authentication related cleanups until we're authenticated and all alarms have been cancelled; ok deraadt --- ChangeLog | 6 +++++- auth.h | 3 ++- session.c | 4 ++-- sshd.c | 3 ++- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6a04d1a0f..8fdabe467 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ [log.c log.h sshd.c] make signal handler termination path shorter; risky code pointed out by mark dowd; ok djm markus + - markus@cvs.openbsd.org 2006/08/18 09:15:20 + [auth.h session.c sshd.c] + delay authentication related cleanups until we're authenticated and + all alarms have been cancelled; ok deraadt 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5247,4 +5251,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4491 2006/08/18 14:32:20 djm Exp $ +$Id: ChangeLog,v 1.4492 2006/08/18 14:32:46 djm Exp $ diff --git a/auth.h b/auth.h index 26158b9dd..8c554b6a6 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -48,6 +48,7 @@ typedef struct KbdintDevice KbdintDevice; struct Authctxt { sig_atomic_t success; + int authenticated; /* authenticated and alarms cancelled */ int postponed; /* authentication needs another step */ int valid; /* user exists and is allowed to login */ int attempt; diff --git a/session.c b/session.c index 1eb66f440..057298c86 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */ +/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2476,7 +2476,7 @@ do_cleanup(Authctxt *authctxt) return; called = 1; - if (authctxt == NULL) + if (authctxt == NULL || !authctxt->authenticated) return; #ifdef KRB5 if (options.kerberos_ticket_cleanup && diff --git a/sshd.c b/sshd.c index f1f2e38b3..dcc626589 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */ +/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1800,6 +1800,7 @@ main(int ac, char **av) */ alarm(0); signal(SIGALRM, SIG_DFL); + authctxt->authenticated = 1; if (startup_pipe != -1) { close(startup_pipe); startup_pipe = -1; -- cgit v1.2.3 From bdf00ca0bda672d07516d65eaea999931dafdac3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:33:05 +1000 Subject: - djm@cvs.openbsd.org 2006/08/18 10:27:16 [misc.h] reorder so prototypes are sorted by the files they refer to; no binary change --- ChangeLog | 6 +++++- misc.h | 26 +++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8fdabe467..63b3da3b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ [auth.h session.c sshd.c] delay authentication related cleanups until we're authenticated and all alarms have been cancelled; ok deraadt + - djm@cvs.openbsd.org 2006/08/18 10:27:16 + [misc.h] + reorder so prototypes are sorted by the files they refer to; no + binary change 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5251,4 +5255,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4492 2006/08/18 14:32:46 djm Exp $ +$Id: ChangeLog,v 1.4493 2006/08/18 14:33:05 djm Exp $ diff --git a/misc.h b/misc.h index 072470bad..f175b4426 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */ /* * Author: Tatu Ylonen @@ -48,17 +48,6 @@ void replacearg(arglist *, u_int, char *, ...) __attribute__((format(printf, 3, 4))); void freeargs(arglist *); -/* readpass.c */ - -#define RP_ECHO 0x0001 -#define RP_ALLOW_STDIN 0x0002 -#define RP_ALLOW_EOF 0x0004 -#define RP_USE_ASKPASS 0x0008 - -char *read_passphrase(const char *, int); -int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); -int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); - int tun_open(int, int); /* Common definitions for ssh tunnel device forwarding */ @@ -86,5 +75,16 @@ void put_u32(void *, u_int32_t) void put_u16(void *, u_int16_t) __attribute__((__bounded__( __minbytes__, 1, 2))); -#endif /* _MISC_H */ +/* readpass.c */ + +#define RP_ECHO 0x0001 +#define RP_ALLOW_STDIN 0x0002 +#define RP_ALLOW_EOF 0x0004 +#define RP_USE_ASKPASS 0x0008 + +char *read_passphrase(const char *, int); +int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); + +#endif /* _MISC_H */ -- cgit v1.2.3 From a1cb9f334bcc6ebd7bf2b5229b7645d995de0a15 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:33:34 +1000 Subject: - djm@cvs.openbsd.org 2006/08/18 13:54:54 [gss-genr.c ssh-gss.h sshconnect2.c] bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk ok markus@ --- ChangeLog | 6 +++++- gss-genr.c | 33 +++++++++++++++++++++++++++++++-- ssh-gss.h | 3 ++- sshconnect2.c | 15 ++++----------- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 63b3da3b7..167c65d2a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,10 @@ [misc.h] reorder so prototypes are sorted by the files they refer to; no binary change + - djm@cvs.openbsd.org 2006/08/18 13:54:54 + [gss-genr.c ssh-gss.h sshconnect2.c] + bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk + ok markus@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5255,4 +5259,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4493 2006/08/18 14:33:05 djm Exp $ +$Id: ChangeLog,v 1.4494 2006/08/18 14:33:34 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index da39479e1..1bb67e84f 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,7 +1,7 @@ -/* $OpenBSD: gss-genr.c,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.14 2006/08/18 13:54:54 djm Exp $ */ /* - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -291,4 +291,33 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) return (ssh_gssapi_acquire_cred(*ctx)); } +int +ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, char *host) +{ + gss_buffer_desc token = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor; + gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; + + /* RFC 4462 says we MUST NOT do SPNEGO */ + if (oid->length == spnego_oid.length && + (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) + return -1; + + ssh_gssapi_build_ctx(ctx); + ssh_gssapi_set_oid(*ctx, oid); + major = ssh_gssapi_import_name(*ctx, host); + if (!GSS_ERROR(major)) { + major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, + NULL); + gss_release_buffer(&minor, &token); + gss_delete_sec_context(&minor, &(*ctx)->context, + GSS_C_NO_BUFFER); + } + + if (GSS_ERROR(major)) + ssh_gssapi_delete_ctx(ctx); + + return (!GSS_ERROR(major)); +} + #endif /* GSSAPI */ diff --git a/ssh-gss.h b/ssh-gss.h index 0837c9b76..a188d6121 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.8 2006/08/18 13:54:54 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -118,6 +118,7 @@ void ssh_gssapi_delete_ctx(Gssctxt **); OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); +int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, char *); /* In the server */ int ssh_gssapi_userok(char *name); diff --git a/sshconnect2.c b/sshconnect2.c index e58d078c4..8b2e633c0 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.160 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.161 2006/08/18 13:54:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -508,25 +508,18 @@ userauth_gssapi(Authctxt *authctxt) /* Check to see if the mechanism is usable before we offer it */ while (mech < gss_supported->count && !ok) { - if (gssctxt) - ssh_gssapi_delete_ctx(&gssctxt); - ssh_gssapi_build_ctx(&gssctxt); - ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]); - /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 && - !GSS_ERROR(ssh_gssapi_import_name(gssctxt, - authctxt->host))) { + ssh_gssapi_check_mechanism(&gssctxt, + &gss_supported->elements[mech], authctxt->host)) { ok = 1; /* Mechanism works */ } else { mech++; } } - if (!ok) { - ssh_gssapi_delete_ctx(&gssctxt); + if (!ok) return 0; - } authctxt->methoddata=(void *)gssctxt; -- cgit v1.2.3 From 3d2d6e90e4c6f46347b7212401198babe49f2c50 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 00:46:43 +1000 Subject: - djm@cvs.openbsd.org 2006/08/18 14:40:34 [gss-genr.c ssh-gss.h] constify host argument to match the rest of the GSSAPI functions and unbreak compilation with -Werror --- ChangeLog | 6 +++++- gss-genr.c | 4 ++-- ssh-gss.h | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 167c65d2a..4f31df3ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,10 @@ [gss-genr.c ssh-gss.h sshconnect2.c] bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk ok markus@ + - djm@cvs.openbsd.org 2006/08/18 14:40:34 + [gss-genr.c ssh-gss.h] + constify host argument to match the rest of the GSSAPI functions and + unbreak compilation with -Werror 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5259,4 +5263,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4494 2006/08/18 14:33:34 djm Exp $ +$Id: ChangeLog,v 1.4495 2006/08/18 14:46:43 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index 1bb67e84f..2ea2077c6 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.14 2006/08/18 13:54:54 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.15 2006/08/18 14:40:34 djm Exp $ */ /* * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. @@ -292,7 +292,7 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) } int -ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, char *host) +ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; diff --git a/ssh-gss.h b/ssh-gss.h index a188d6121..1ef66e482 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.8 2006/08/18 13:54:54 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.9 2006/08/18 14:40:34 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -118,7 +118,7 @@ void ssh_gssapi_delete_ctx(Gssctxt **); OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); -int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, char *); +int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); /* In the server */ int ssh_gssapi_userok(char *name); -- cgit v1.2.3 From bb59814cd644f78e82df07d820ed00fa7a25e68a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 08:38:23 +1000 Subject: - (djm) Disable sigdie() for platforms that cannot safely syslog inside a signal handler (basically all of them, excepting OpenBSD); ok dtucker@ --- ChangeLog | 5 ++++- configure.ac | 6 ++++-- defines.h | 7 ++++++- log.c | 2 ++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4f31df3ba..d813c1fc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ [gss-genr.c ssh-gss.h] constify host argument to match the rest of the GSSAPI functions and unbreak compilation with -Werror + - (djm) Disable sigdie() for platforms that cannot safely syslog inside + a signal handler (basically all of them, excepting OpenBSD); + ok dtucker@ 20060817 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] @@ -5263,4 +5266,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4495 2006/08/18 14:46:43 djm Exp $ +$Id: ChangeLog,v 1.4496 2006/08/18 22:38:23 djm Exp $ diff --git a/configure.ac b/configure.ac index f8e6cd4ce..9d30bff61 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.350 2006/08/18 08:51:20 dtucker Exp $ +# $Id: configure.ac,v 1.351 2006/08/18 22:38:23 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.350 $) +AC_REVISION($Revision: 1.351 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -402,6 +402,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) + AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1, + [syslog_r function is safe to use in in a signal handler]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/defines.h b/defines.h index fdc43cd92..6b395f806 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.136 2006/08/06 11:23:28 dtucker Exp $ */ +/* $Id: defines.h,v 1.137 2006/08/18 22:38:24 djm Exp $ */ /* Constants */ @@ -542,6 +542,11 @@ struct winsize { # undef HAVE_UPDWTMPX #endif +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \ + defined(SYSLOG_R_SAFE_IN_SIGHAND) +# define DO_LOG_SAFE_IN_SIGHAND +#endif + #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) # define memmove(s1, s2, n) bcopy((s2), (s1), (n)) #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ diff --git a/log.c b/log.c index 32db0cb5f..0ce4d85f7 100644 --- a/log.c +++ b/log.c @@ -142,9 +142,11 @@ sigdie(const char *fmt,...) { va_list args; +#ifdef DO_LOG_SAFE_IN_SIGHAND va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); +#endif _exit(1); } -- cgit v1.2.3 From deccaa7d0f8e8c8cd8f1f9ebb7d02fe2f456a760 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 19 Aug 2006 08:50:57 +1000 Subject: - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/08/18 22:41:29 [gss-genr.c] GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk --- ChangeLog | 8 +++++++- gss-genr.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d813c1fc1..9f956a579 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060819 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/08/18 22:41:29 + [gss-genr.c] + GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk + 20060818 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with closefrom.c from sudo. @@ -5266,4 +5272,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4496 2006/08/18 22:38:23 djm Exp $ +$Id: ChangeLog,v 1.4497 2006/08/18 22:50:57 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index 2ea2077c6..e962942d1 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.15 2006/08/18 14:40:34 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.16 2006/08/18 22:41:29 djm Exp $ */ /* * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. @@ -301,7 +301,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) /* RFC 4462 says we MUST NOT do SPNEGO */ if (oid->length == spnego_oid.length && (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) - return -1; + return 0; /* false */ ssh_gssapi_build_ctx(ctx); ssh_gssapi_set_oid(*ctx, oid); -- cgit v1.2.3 From f0625699dff5e62e69b454acd9ea4c5bef7787b5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 19 Aug 2006 19:12:14 +1000 Subject: - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a single rule for the test progs. --- ChangeLog | 4 +++- openbsd-compat/regress/Makefile.in | 15 ++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f956a579..e24ad3444 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ - djm@cvs.openbsd.org 2006/08/18 22:41:29 [gss-genr.c] GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk + - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a + single rule for the test progs. 20060818 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with @@ -5272,4 +5274,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4497 2006/08/18 22:50:57 djm Exp $ +$Id: ChangeLog,v 1.4498 2006/08/19 09:12:14 dtucker Exp $ diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index 22dab2837..bcf214bd0 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.3 2006/08/18 10:56:19 dtucker Exp $ +# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -10,19 +10,24 @@ CC=@CC@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ +EXEEXT=@EXEEXT@ +LIBCOMPAT=../libopenbsd-compat.a LIBS=@LIBS@ -LDFLAGS=-L.. -lopenbsd-compat @LDFLAGS@ +LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) -LIBCOMPAT=../libopenbsd-compat.a -TESTPROGS=closefromtest strtonumtest strduptest snprintftest +TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ + strtonumtest$(EXEEXT) all: t-exec ${OTHERTESTS} +%$(EXEEXT): %.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) + t-exec: $(TESTPROGS) @echo running compat regress tests @for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ - ./$${TEST} || exit $$? ; \ + ./$${TEST}$(EXEEXT) || exit $$? ; \ done @echo finished compat regress tests -- cgit v1.2.3 From aa1517ca1e7e71070b77357626c87dcf9ee30697 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 17:55:54 +1000 Subject: - (dtucker) [log.c] Move ifdef to prevent unused variable warning. --- ChangeLog | 5 ++++- log.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e24ad3444..206efa7e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060820 + - (dtucker) [log.c] Move ifdef to prevent unused variable warning. + 20060819 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/08/18 22:41:29 @@ -5274,4 +5277,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4498 2006/08/19 09:12:14 dtucker Exp $ +$Id: ChangeLog,v 1.4499 2006/08/20 07:55:54 dtucker Exp $ diff --git a/log.c b/log.c index 0ce4d85f7..7f8867482 100644 --- a/log.c +++ b/log.c @@ -140,9 +140,9 @@ error(const char *fmt,...) void sigdie(const char *fmt,...) { +#ifdef DO_LOG_SAFE_IN_SIGHAND va_list args; -#ifdef DO_LOG_SAFE_IN_SIGHAND va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); -- cgit v1.2.3 From 4ba387337cde36071917ea1c8f0277653a6670fc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 19:55:02 +1000 Subject: - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. --- ChangeLog | 4 +++- configure.ac | 14 ++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 206efa7e9..84c0bd419 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20060820 - (dtucker) [log.c] Move ifdef to prevent unused variable warning. + - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore + afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. 20060819 - (djm) OpenBSD CVS Sync @@ -5277,4 +5279,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4499 2006/08/20 07:55:54 dtucker Exp $ +$Id: ChangeLog,v 1.4500 2006/08/20 09:55:02 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9d30bff61..17de2173a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.351 2006/08/18 22:38:23 djm Exp $ +# $Id: configure.ac,v 1.352 2006/08/20 09:55:02 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.351 $) +AC_REVISION($Revision: 1.352 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1691,10 +1691,12 @@ AC_ARG_WITH(pam, AC_MSG_ERROR([PAM headers not found]) fi + saved_LIBS="$LIBS" AC_CHECK_LIB(dl, dlopen, , ) AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) AC_CHECK_FUNCS(pam_getenvlist) AC_CHECK_FUNCS(pam_putenv) + LIBS="$saved_LIBS" PAM_MSG="yes" @@ -3820,14 +3822,6 @@ if test ! -z "$blibpath" ; then AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) fi -dnl remove pam and dl because they are in $LIBPAM -if test "$PAM_MSG" = yes ; then - LIBS=`echo $LIBS | sed 's/-lpam //'` -fi -if test "$ac_cv_lib_pam_pam_set_item" = yes ; then - LIBS=`echo $LIBS | sed 's/-ldl //'` -fi - dnl Adding -Werror to CFLAGS early prevents configure tests from running. dnl Add now. CFLAGS="$CFLAGS $werror_flags" -- cgit v1.2.3 From 3e6bde483de0de7ec38f131ee2639e52c828bec8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 20:03:50 +1000 Subject: - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for fixing bug #1181. No changes yet. --- ChangeLog | 4 +- configure.ac | 117 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 61 insertions(+), 60 deletions(-) diff --git a/ChangeLog b/ChangeLog index 84c0bd419..dc43a0544 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [log.c] Move ifdef to prevent unused variable warning. - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. + - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for + fixing bug #1181. No changes yet. 20060819 - (djm) OpenBSD CVS Sync @@ -5279,4 +5281,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4500 2006/08/20 09:55:02 dtucker Exp $ +$Id: ChangeLog,v 1.4501 2006/08/20 10:03:50 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 17de2173a..a3eec9520 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.352 2006/08/20 09:55:02 dtucker Exp $ +# $Id: configure.ac,v 1.353 2006/08/20 10:03:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.352 $) +AC_REVISION($Revision: 1.353 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1680,63 +1680,6 @@ fi AC_FUNC_GETPGRP -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH(pam, - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB(dl, dlopen, , ) - AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) - AC_CHECK_FUNCS(pam_getenvlist) - AC_CHECK_FUNCS(pam_putenv) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - AC_DEFINE(USE_PAM, 1, - [Define if you want to enable PAM support]) - if test $ac_cv_lib_dl_dlopen = yes; then - LIBPAM="-lpam -ldl" - else - LIBPAM="-lpam" - fi - AC_SUBST(LIBPAM) - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_TRY_COMPILE( - [ -#include -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include -#elif defined (HAVE_PAM_PAM_APPL_H) -#include -#endif - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], - [AC_MSG_RESULT(no)], - [ - AC_DEFINE(HAVE_OLD_PAM, 1, - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT(yes) - PAM_MSG="yes (old library)" - ] - ) -fi - # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" @@ -1963,6 +1906,62 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } ] ) +# Check for PAM libs +PAM_MSG="no" +AC_ARG_WITH(pam, + [ --with-pam Enable PAM support ], + [ + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi + + saved_LIBS="$LIBS" + AC_CHECK_LIB(dl, dlopen, , ) + AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) + AC_CHECK_FUNCS(pam_getenvlist) + AC_CHECK_FUNCS(pam_putenv) + LIBS="$saved_LIBS" + + PAM_MSG="yes" + + AC_DEFINE(USE_PAM, 1, + [Define if you want to enable PAM support]) + if test $ac_cv_lib_dl_dlopen = yes; then + LIBPAM="-lpam -ldl" + else + LIBPAM="-lpam" + fi + AC_SUBST(LIBPAM) + fi + ] +) + +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_TRY_COMPILE( + [ +#include +#if defined(HAVE_SECURITY_PAM_APPL_H) +#include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + ], + [(void)pam_strerror((pam_handle_t *)NULL, -1);], + [AC_MSG_RESULT(no)], + [ + AC_DEFINE(HAVE_OLD_PAM, 1, + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) + AC_MSG_RESULT(yes) + PAM_MSG="yes (old library)" + ] + ) +fi # Do we want to force the use of the rand helper? AC_ARG_WITH(rand-helper, -- cgit v1.2.3 From 639bbe8bfe3d5038c279c97699de06cb0f120458 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 20:17:53 +1000 Subject: - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL (0.9.8a and presumably newer) requires -ldl to successfully link. --- ChangeLog | 4 +++- configure.ac | 47 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 45 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index dc43a0544..62adc612b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for fixing bug #1181. No changes yet. + - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL + (0.9.8a and presumably newer) requires -ldl to successfully link. 20060819 - (djm) OpenBSD CVS Sync @@ -5281,4 +5283,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4501 2006/08/20 10:03:50 dtucker Exp $ +$Id: ChangeLog,v 1.4502 2006/08/20 10:17:53 dtucker Exp $ diff --git a/configure.ac b/configure.ac index a3eec9520..b2939eeed 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.353 2006/08/20 10:03:50 dtucker Exp $ +# $Id: configure.ac,v 1.354 2006/08/20 10:17:53 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.353 $) +AC_REVISION($Revision: 1.354 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1825,6 +1825,36 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +AC_MSG_CHECKING([if programs using OpenSSL functions will link]) +AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +int main(void) { SSLeay_add_all_algorithms(); } + ]])], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + saved_LIBS="$LIBS" + LIBS="$LIBS -ldl" + AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +int main(void) { SSLeay_add_all_algorithms(); } + ]])], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + LIBS="$saved_LIBS" + ] + ) + ] +) + AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], [ if test "x$withval" != "xno" ; then @@ -1926,12 +1956,19 @@ AC_ARG_WITH(pam, PAM_MSG="yes" + LIBPAM="-lpam" AC_DEFINE(USE_PAM, 1, [Define if you want to enable PAM support]) + if test $ac_cv_lib_dl_dlopen = yes; then - LIBPAM="-lpam -ldl" - else - LIBPAM="-lpam" + case "$LIBS" in + *-ldl*) + # libdl already in LIBS + ;; + *) + LIBPAM="-$LIBPAM -ldl" + ;; + esac fi AC_SUBST(LIBPAM) fi -- cgit v1.2.3 From 0eb810015f9ba94ac04464fc6a714b17e604acbc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Aug 2006 21:43:19 +1000 Subject: - (dtucker) [configure.ac] Remove errant "-". --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 62adc612b..d7bf2d9d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ fixing bug #1181. No changes yet. - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL (0.9.8a and presumably newer) requires -ldl to successfully link. + - (dtucker) [configure.ac] Remove errant "-". 20060819 - (djm) OpenBSD CVS Sync @@ -5283,4 +5284,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4502 2006/08/20 10:17:53 dtucker Exp $ +$Id: ChangeLog,v 1.4503 2006/08/20 11:43:19 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b2939eeed..90cfbea9a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.354 2006/08/20 10:17:53 dtucker Exp $ +# $Id: configure.ac,v 1.355 2006/08/20 11:43:19 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.354 $) +AC_REVISION($Revision: 1.355 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1966,7 +1966,7 @@ AC_ARG_WITH(pam, # libdl already in LIBS ;; *) - LIBPAM="-$LIBPAM -ldl" + LIBPAM="$LIBPAM -ldl" ;; esac fi -- cgit v1.2.3 From 12259d9680c953329f9ec0601fdde31e26e42607 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Aug 2006 22:24:10 +1000 Subject: - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in Makefile. Patch from santhi.amirta at gmail, ok djm. --- ChangeLog | 6 +++++- Makefile.in | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d7bf2d9d3..6fd1ec198 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060822 + - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in + Makefile. Patch from santhi.amirta at gmail, ok djm. + 20060820 - (dtucker) [log.c] Move ifdef to prevent unused variable warning. - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore @@ -5284,4 +5288,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4503 2006/08/20 11:43:19 dtucker Exp $ +$Id: ChangeLog,v 1.4504 2006/08/22 12:24:10 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index fe510028f..e1f86dbef 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.279 2006/07/24 05:30:19 djm Exp $ +# $Id: Makefile.in,v 1.280 2006/08/22 12:24:11 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -108,7 +108,7 @@ PATHSUBS = \ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ - -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \ + -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \ -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' -- cgit v1.2.3 From fe408b4826f92b96976b46dec02218bd66dfc6e1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:41:03 +1000 Subject: - (dtucker) [openbsd-compat/basename.c] Include errno.h. --- ChangeLog | 5 ++++- openbsd-compat/basename.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6fd1ec198..9b20380de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060824 + - (dtucker) [openbsd-compat/basename.c] Include errno.h. + 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in Makefile. Patch from santhi.amirta at gmail, ok djm. @@ -5288,4 +5291,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4504 2006/08/22 12:24:10 dtucker Exp $ +$Id: ChangeLog,v 1.4505 2006/08/24 09:41:03 dtucker Exp $ diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c index 4b10cb84b..ffa5c8984 100644 --- a/openbsd-compat/basename.c +++ b/openbsd-compat/basename.c @@ -20,6 +20,7 @@ #include "includes.h" #ifndef HAVE_BASENAME +#include #include char * -- cgit v1.2.3 From e086955531ffef96bc15d51a07f25ae65804dc1c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:43:16 +1000 Subject: - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on older systems. --- ChangeLog | 4 +++- openbsd-compat/bsd-misc.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9b20380de..af8381fe0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. + - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on + older systems. 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in @@ -5291,4 +5293,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4505 2006/08/24 09:41:03 dtucker Exp $ +$Id: ChangeLog,v 1.4506 2006/08/24 09:43:16 dtucker Exp $ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index e6128f9a7..c6b80365c 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -17,8 +17,13 @@ #include "includes.h" +#ifdef HAVE_SYS_TIME_H +# include +#endif + #include #include +#include #include "xmalloc.h" -- cgit v1.2.3 From 450d2af2a3f07e46cc1490a0029a9f669dd60108 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:45:33 +1000 Subject: - (dtucker) [openbsd-compat/bsd-misc.c] Include for select(2) on POSIX systems. --- ChangeLog | 4 +++- openbsd-compat/bsd-misc.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index af8381fe0..338360e8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [openbsd-compat/basename.c] Include errno.h. - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on older systems. + - (dtucker) [openbsd-compat/bsd-misc.c] Include for select(2) + on POSIX systems. 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in @@ -5293,4 +5295,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4506 2006/08/24 09:43:16 dtucker Exp $ +$Id: ChangeLog,v 1.4507 2006/08/24 09:45:33 dtucker Exp $ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index c6b80365c..17d731bd2 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -17,6 +17,9 @@ #include "includes.h" +#ifdef HAVE_SYS_SELECT_H +# include +#endif #ifdef HAVE_SYS_TIME_H # include #endif -- cgit v1.2.3 From f80f5ec81bf445d09034a2caff93bc3582cd87c3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:52:30 +1000 Subject: - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). --- ChangeLog | 3 ++- openbsd-compat/bsd-openpty.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 338360e8f..e1b7a8b4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ older systems. - (dtucker) [openbsd-compat/bsd-misc.c] Include for select(2) on POSIX systems. + - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in @@ -5295,4 +5296,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4507 2006/08/24 09:45:33 dtucker Exp $ +$Id: ChangeLog,v 1.4508 2006/08/24 09:52:30 dtucker Exp $ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index c0cde6b1f..9777eb556 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -42,6 +42,9 @@ #ifdef HAVE_SYS_STAT_H # include #endif +#ifdef HAVE_SYS_IOCTL_H +# include +#endif #ifdef HAVE_FCNTL_H # include -- cgit v1.2.3 From c1abe8e3e89de85d5f0b093e0cc2b56a6cdc6887 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:53:40 +1000 Subject: - (dtucker) [openbsd-compat/rresvport.c] Include for malloc. --- ChangeLog | 3 ++- openbsd-compat/rresvport.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e1b7a8b4a..80e521d99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ - (dtucker) [openbsd-compat/bsd-misc.c] Include for select(2) on POSIX systems. - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). + - (dtucker) [openbsd-compat/rresvport.c] Include for malloc. 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in @@ -5296,4 +5297,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4508 2006/08/24 09:52:30 dtucker Exp $ +$Id: ChangeLog,v 1.4509 2006/08/24 09:53:40 dtucker Exp $ diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index c10391872..15790e852 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -36,6 +36,7 @@ #ifndef HAVE_RRESVPORT_AF #include +#include #include #if 0 -- cgit v1.2.3 From e83a83c7bed442a9edd7114ae334b79b43753f00 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:55:41 +1000 Subject: - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent unused variable warning when we have a broken or missing mmap(2). --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 80e521d99..de6dce270 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ on POSIX systems. - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). - (dtucker) [openbsd-compat/rresvport.c] Include for malloc. + - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent + unused variable warning when we have a broken or missing mmap(2). 20060822 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in @@ -5297,4 +5299,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4509 2006/08/24 09:53:40 dtucker Exp $ +$Id: ChangeLog,v 1.4510 2006/08/24 09:55:41 dtucker Exp $ -- cgit v1.2.3 From 9162028887ac2cd40e66b08868748e53f8d9d1ac Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Aug 2006 19:58:36 +1000 Subject: - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent unused variable warning when we have a broken or missing mmap(2). Now with 100% more diff! --- openbsd-compat/xmmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 95d5055b5..0fb23269b 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.11 2006/08/05 05:47:27 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.12 2006/08/24 09:58:36 dtucker Exp $ */ #include "includes.h" @@ -45,9 +45,9 @@ void *xmmap(size_t size) { +#ifdef HAVE_MMAP void *address; -#ifdef HAVE_MMAP # ifdef MAP_ANON address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, (off_t)0); -- cgit v1.2.3 From b594f38bae891e5149e3c0a7e6d7b4d501b50c01 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:06:34 +1000 Subject: - (djm) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 [sshd_config.5] Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@ --- ChangeLog | 9 ++++++++- sshd_config.5 | 19 ++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index de6dce270..62fef2fc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060830 + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 + [sshd_config.5] + Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, + ok jmc@ djm@ + 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on @@ -5299,4 +5306,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4510 2006/08/24 09:55:41 dtucker Exp $ +$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 3c20c1faa..2bcaf2245 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.69 2006/08/14 12:40:25 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -335,6 +335,23 @@ This option is similar to and applies to protocol version 2 only. The default is .Dq no . +.It Cm HostbasedUsesNameFromPacketOnly +Specifies whether or not the server will attempt to perform a reverse +name lookup when matching the name in the +.Pa ~/.shosts , +.Pa ~/.rhosts , +and +.Pa /etc/hosts.equiv +files during +.Cm HostbasedAuthentication . +A setting of +.Dq yes +means that +.Xr sshd 8 +uses the name supplied by the client rather than +attempting to resolve the name from the TCP connection itself. +The default is +.Dq no . .It Cm HostKey Specifies a file containing a private host key used by SSH. -- cgit v1.2.3 From 5d43d4901496159611ab7b431caf9a9c08ecbdcd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:07:00 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 [sshd.8] Add more detail about what permissions are and aren't accepted for authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ --- ChangeLog | 6 +++++- sshd.8 | 18 ++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 62fef2fc0..200ce2a08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [sshd_config.5] Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, ok jmc@ djm@ + - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 + [sshd.8] + Add more detail about what permissions are and aren't accepted for + authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5306,4 +5310,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $ +$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 778ea906b..522279ee3 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -681,9 +681,23 @@ rlogin/rsh. .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. -This file is not highly sensitive, but the recommended +The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp +If this file, the +.Pa ~/.ssh +directory, or the user's home directory are writable +by other users, then the file could be modified or replaced by unauthorized +users. +In this case, +.Nm +will not allow it to be used unless the +.Cm StrictModes +option has been set to +.Dq no . +The recommended permissions can be set by executing +.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . +.Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with -- cgit v1.2.3 From d5fe0baa73a168a1194b311aeff9fd824b038740 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:07:39 +1000 Subject: - djm@cvs.openbsd.org 2006/08/29 10:40:19 [channels.c session.c] normalise some inconsistent (but harmless) NULL pointer checks spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@ --- ChangeLog | 7 ++++++- channels.c | 6 ++---- session.c | 13 +++++++------ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 200ce2a08..866960a29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ [sshd.8] Add more detail about what permissions are and aren't accepted for authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ + - djm@cvs.openbsd.org 2006/08/29 10:40:19 + [channels.c session.c] + normalise some inconsistent (but harmless) NULL pointer checks + spotted by the Stanford SATURN tool, via Isil Dillig; + ok markus@ deraadt@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5310,4 +5315,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $ +$Id: ChangeLog,v 1.4513 2006/08/30 01:07:39 djm Exp $ diff --git a/channels.c b/channels.c index dfa1e591b..26b63a1aa 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.265 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -3164,9 +3164,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, return; } - cp = disp; - if (disp) - cp = strchr(disp, ':'); + cp = strchr(disp, ':'); if (cp) cp = strchr(cp, '.'); if (cp) diff --git a/session.c b/session.c index 057298c86..006e4304d 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */ +/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2255,12 +2255,13 @@ session_close(Session *s) if (s->auth_proto) xfree(s->auth_proto); s->used = 0; - for (i = 0; i < s->num_env; i++) { - xfree(s->env[i].name); - xfree(s->env[i].val); - } - if (s->env != NULL) + if (s->env != NULL) { + for (i = 0; i < s->num_env; i++) { + xfree(s->env[i].name); + xfree(s->env[i].val); + } xfree(s->env); + } session_proctitle(s); } -- cgit v1.2.3 From 76758b6423a2567b07927139d7d5538f14cb331b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:08:04 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 [gss-genr.c] Work around a problem in Heimdal that occurs when KRB5CCNAME file is missing, by checking whether or not kerberos allocated us a context before attempting to free it. Patch from Simon Wilkinson, tested by biorn@, ok djm@ --- ChangeLog | 8 +++++++- gss-genr.c | 7 ++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 866960a29..a194c1ee1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ normalise some inconsistent (but harmless) NULL pointer checks spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@ + - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 + [gss-genr.c] + Work around a problem in Heimdal that occurs when KRB5CCNAME file is + missing, by checking whether or not kerberos allocated us a context + before attempting to free it. Patch from Simon Wilkinson, tested by + biorn@, ok djm@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5315,4 +5321,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4513 2006/08/30 01:07:39 djm Exp $ +$Id: ChangeLog,v 1.4514 2006/08/30 01:08:04 djm Exp $ diff --git a/gss-genr.c b/gss-genr.c index e962942d1..57f12a2dc 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.16 2006/08/18 22:41:29 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */ /* * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. @@ -310,8 +310,9 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL); gss_release_buffer(&minor, &token); - gss_delete_sec_context(&minor, &(*ctx)->context, - GSS_C_NO_BUFFER); + if ((*ctx)->context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&minor, &(*ctx)->context, + GSS_C_NO_BUFFER); } if (GSS_ERROR(major)) -- cgit v1.2.3 From 2125887a940f5ec60f2e5699aa77ca3e431de635 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:08:33 +1000 Subject: - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 [sshconnect2.c] Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ --- ChangeLog | 6 +++++- sshconnect2.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a194c1ee1..ab40e629b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,10 @@ missing, by checking whether or not kerberos allocated us a context before attempting to free it. Patch from Simon Wilkinson, tested by biorn@, ok djm@ + - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 + [sshconnect2.c] + Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL + where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5321,4 +5325,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4514 2006/08/30 01:08:04 djm Exp $ +$Id: ChangeLog,v 1.4515 2006/08/30 01:08:33 djm Exp $ diff --git a/sshconnect2.c b/sshconnect2.c index 8b2e633c0..5846c8e9c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.161 2006/08/18 13:54:54 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.162 2006/08/30 00:06:51 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -377,7 +377,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); - if (options.log_level > SYSLOG_LEVEL_QUIET) + if (options.log_level >= SYSLOG_LEVEL_INFO) fprintf(stderr, "%s", msg); xfree(msg); xfree(lang); -- cgit v1.2.3 From 6ba57409417431f26ad960ed717880d04273c714 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 11:09:01 +1000 Subject: - djm@cvs.openbsd.org 2006/08/30 00:14:37 [version.h] crank to 4.4 --- ChangeLog | 5 ++++- version.h | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ab40e629b..ae8db7fd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ [sshconnect2.c] Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ + - djm@cvs.openbsd.org 2006/08/30 00:14:37 + [version.h] + crank to 4.4 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5325,4 +5328,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4515 2006/08/30 01:08:33 djm Exp $ +$Id: ChangeLog,v 1.4516 2006/08/30 01:09:01 djm Exp $ diff --git a/version.h b/version.h index d5fd0c6ce..363e510ba 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */ +/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ -#define SSH_VERSION "OpenSSH_4.3" +#define SSH_VERSION "OpenSSH_4.4" -#define SSH_PORTABLE "p2" +#define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From 8ff1da81ec5e3032befb98349ec6ceba84dab706 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Aug 2006 17:52:03 +1000 Subject: - (djm) [openbsd-compat/xcrypt.c] needs unistd.h --- ChangeLog | 3 ++- openbsd-compat/xcrypt.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ae8db7fd9..feabcb4e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ - djm@cvs.openbsd.org 2006/08/30 00:14:37 [version.h] crank to 4.4 + - (djm) [openbsd-compat/xcrypt.c] needs unistd.h 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5328,4 +5329,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4516 2006/08/30 01:09:01 djm Exp $ +$Id: ChangeLog,v 1.4517 2006/08/30 07:52:03 djm Exp $ diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 5d260f2c2..14899321f 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -25,6 +25,7 @@ #include "includes.h" #include +#include #include # ifdef HAVE_CRYPT_H -- cgit v1.2.3 From 26d4e19caa3013f57dc3c1462847eceaac6a1d7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 30 Aug 2006 22:33:09 +1000 Subject: - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call loginsuccess on AIX immediately after authentication to clear the failed login count. Previously this would only happen when an interactive session starts (ie when a pty is allocated) but this means that accounts that have primarily non-interactive sessions (eg scp's) may gradually accumulate enough failures to lock out an account. This change may have a side effect of creating two audit records, one with a tty of "ssh" corresponding to the authentication and one with the allocated pty per interactive session. --- ChangeLog | 11 ++++++++++- auth.c | 5 +++++ openbsd-compat/port-aix.c | 4 +++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index feabcb4e6..d9aa6f6d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,15 @@ [version.h] crank to 4.4 - (djm) [openbsd-compat/xcrypt.c] needs unistd.h + - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call + loginsuccess on AIX immediately after authentication to clear the failed + login count. Previously this would only happen when an interactive + session starts (ie when a pty is allocated) but this means that accounts + that have primarily non-interactive sessions (eg scp's) may gradually + accumulate enough failures to lock out an account. This change may have + a side effect of creating two audit records, one with a tty of "ssh" + corresponding to the authentication and one with the allocated pty per + interactive session. 20060824 - (dtucker) [openbsd-compat/basename.c] Include errno.h. @@ -5329,4 +5338,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4517 2006/08/30 07:52:03 djm Exp $ +$Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $ diff --git a/auth.c b/auth.c index 5a02a4364..5da140b07 100644 --- a/auth.c +++ b/auth.c @@ -279,6 +279,11 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); +# ifdef WITH_AIXAUTHENTICATE + if (authenticated) + sys_auth_record_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh", &loginmsg); +# endif #endif #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index a7ced57e9..13a73e873 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -265,15 +265,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm, Buffer *loginmsg) { char *msg = NULL; + static int msg_done = 0; int success = 0; aix_setauthdb(user); if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; - if (msg != NULL) { + if (msg != NULL && loginmsg != NULL && !msg_done) { debug("AIX/loginsuccess: msg %s", msg); buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); + msg_done = 1; } } aix_restoreauthdb(); -- cgit v1.2.3 From 1b06dc30ad4692ec76c476d130ba7366f7ebfef2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 31 Aug 2006 03:24:41 +1000 Subject: - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] [platform.c platform.h sshd.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] [openbsd-compat/port-solaris.h] Add support for Solaris process contracts, enabled with --use-solaris-contracts. Patch from Chad Mynhier, tweaked by dtucker@ and myself; ok dtucker@ --- CREDITS | 3 +- ChangeLog | 10 ++- LICENCE | 1 + Makefile.in | 7 +- configure.ac | 22 ++++- includes.h | 1 + openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 8 +- openbsd-compat/port-solaris.c | 189 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-solaris.h | 27 ++++++ platform.c | 46 ++++++++++ platform.h | 23 +++++ sshd.c | 3 + 13 files changed, 332 insertions(+), 12 deletions(-) create mode 100644 openbsd-compat/port-solaris.c create mode 100644 openbsd-compat/port-solaris.h create mode 100644 platform.c create mode 100644 platform.h diff --git a/CREDITS b/CREDITS index 82b9f2210..eaf105a91 100644 --- a/CREDITS +++ b/CREDITS @@ -25,6 +25,7 @@ Chris, the Young One - Password auth fixes Christos Zoulas - Autoconf fixes Chun-Chung Chen - RPM fixes Corinna Vinschen - Cygwin support +Chad Mynhier - Solaris Process Contract support Dan Brosemer - Autoconf support, build fixes Darren Hall - AIX patches Darren Tucker - AIX BFF package scripts @@ -100,5 +101,5 @@ Apologies to anyone I have missed. Damien Miller -$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $ +$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $ diff --git a/ChangeLog b/ChangeLog index d9aa6f6d5..0a702d3fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060831 + - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] + [platform.c platform.h sshd.c openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] + [openbsd-compat/port-solaris.h] Add support for Solaris process + contracts, enabled with --use-solaris-contracts. Patch from Chad + Mynhier, tweaked by dtucker@ and myself; ok dtucker@ + 20060830 - (djm) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 @@ -5338,4 +5346,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $ +$Id: ChangeLog,v 1.4519 2006/08/30 17:24:41 djm Exp $ diff --git a/LICENCE b/LICENCE index 17d94aef5..0c2ff067a 100644 --- a/LICENCE +++ b/LICENCE @@ -288,6 +288,7 @@ OpenSSH contains no GPL code. Internet Software Consortium. Todd C. Miller Reyk Floeter + Chad Mynhier * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/Makefile.in b/Makefile.in index e1f86dbef..525b08eba 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.280 2006/08/22 12:24:11 dtucker Exp $ +# $Id: Makefile.in,v 1.281 2006/08/30 17:24:41 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -44,6 +44,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ LIBSELINUX=@LIBSELINUX@ +SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ @@ -87,7 +88,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o + audit.o audit-bsm.o platform.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 @@ -137,7 +138,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 90cfbea9a..3aba414a2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.355 2006/08/20 11:43:19 dtucker Exp $ +# $Id: configure.ac,v 1.356 2006/08/30 17:24:41 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.355 $) +AC_REVISION($Revision: 1.356 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -127,6 +127,10 @@ AC_ARG_WITH(rpath, ] ) +# Messages for features tested for in target-specific section +SIA_MSG="no" +SPC_MSG="no" + # Check for some target-specific stuff case "$host" in *-*-aix*) @@ -438,6 +442,17 @@ mips-sony-bsd|mips-sony-newsos4) else AC_MSG_RESULT(no) fi + AC_ARG_WITH(solaris-contracts, + [ --with-solaris-contracts Enable Solaris process contracts (experimental)], + [ + AC_CHECK_LIB(contract, ct_tmpl_activate, + [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, + [Define if you have Solaris process contracts]) + SSHDLIBS="$SSHDLIBS -lcontract" + AC_SUBST(SSHDLIBS) + SPC_MSG="yes" ], ) + ], + ) ;; *-*-sunos4*) CPPFLAGS="$CPPFLAGS -DSUNOS4" @@ -586,6 +601,7 @@ mips-sony-bsd|mips-sony-newsos4) system's login() call]) AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" + SIA_MSG="yes" else AC_MSG_RESULT(no) AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin", @@ -3905,6 +3921,7 @@ echo " sshd superuser user PATH: $J" fi echo " Manpage format: $MANTYPE" echo " PAM support: $PAM_MSG" +echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" @@ -3912,6 +3929,7 @@ echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" +echo " Solaris process contract support: $SPC_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/includes.h b/includes.h index 8e600567d..03665a3d3 100644 --- a/includes.h +++ b/includes.h @@ -160,6 +160,7 @@ #include "defines.h" +#include "platform.h" #include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/bsd-nextstep.h" diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 67e521bfe..9f06605d7 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.39 2006/04/22 11:26:08 djm Exp $ +# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o +PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 18249d81e..278ac71d9 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.40 2006/07/12 13:10:34 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -190,10 +190,12 @@ char *shadow_pw(struct passwd *pw); /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" + +#include "port-aix.h" #include "port-irix.h" #include "port-linux.h" -#include "port-aix.h" -#include "port-uw.h" +#include "port-solaris.h" #include "port-tun.h" +#include "port-uw.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c new file mode 100644 index 000000000..f31f0c6ea --- /dev/null +++ b/openbsd-compat/port-solaris.c @@ -0,0 +1,189 @@ +/* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */ + +/* + * Copyright (c) 2006 Chad Mynhier. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#include "includes.h" + +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + +#include +#include +#include + +#include +#ifdef HAVE_FCNTL_H +# include +#endif +#include +#include + +#include +#include +#include + +#include "log.h" + +#define CT_TEMPLATE CTFS_ROOT "/process/template" +#define CT_LATEST CTFS_ROOT "/process/latest" + +static int tmpl_fd = -1; + +/* Lookup the latest process contract */ +static ctid_t +get_active_process_contract_id(void) +{ + int stat_fd; + ctid_t ctid = -1; + ct_stathdl_t stathdl; + + if ((stat_fd = open64(CT_LATEST, O_RDONLY)) == -1) { + error("%s: Error opening 'latest' process " + "contract: %s", __func__, strerror(errno)); + return -1; + } + if (ct_status_read(stat_fd, CTD_COMMON, &stathdl) != 0) { + error("%s: Error reading process contract " + "status: %s", __func__, strerror(errno)); + goto out; + } + if ((ctid = ct_status_get_id(stathdl)) < 0) { + error("%s: Error getting process contract id: %s", + __func__, strerror(errno)); + goto out; + } + + ct_status_free(stathdl); + out: + close(stat_fd); + return ctid; +} + +void +solaris_contract_pre_fork(void) +{ + if ((tmpl_fd = open64(CT_TEMPLATE, O_RDWR)) == -1) { + error("%s: open %s: %s", __func__, + CT_TEMPLATE, strerror(errno)); + return; + } + + debug2("%s: setting up process contract template on fd %d", + __func__, tmpl_fd); + + /* We have to set certain attributes before activating the template */ + if (ct_pr_tmpl_set_fatal(tmpl_fd, + CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) { + error("%s: Error setting process contract template " + "fatal events: %s", __func__, strerror(errno)); + goto fail; + } + if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) { + error("%s: Error setting process contract template " + "critical events: %s", __func__, strerror(errno)); + goto fail; + } + + /* Now make this the active template for this process. */ + if (ct_tmpl_activate(tmpl_fd) != 0) { + error("%s: Error activating process contract " + "template: %s", __func__, strerror(errno)); + goto fail; + } + return; + + fail: + if (tmpl_fd != -1) { + close(tmpl_fd); + tmpl_fd = -1; + } +} + +void +solaris_contract_post_fork_child() +{ + debug2("%s: clearing process contract template on fd %d", + __func__, tmpl_fd); + + /* Clear the active template. */ + if (ct_tmpl_clear(tmpl_fd) != 0) + error("%s: Error clearing active process contract " + "template: %s", __func__, strerror(errno)); + + close(tmpl_fd); + tmpl_fd = -1; +} + +void +solaris_contract_post_fork_parent(pid_t pid) +{ + ctid_t ctid; + char ctl_path[256]; + int r, ctl_fd = -1, stat_fd = -1; + + debug2("%s: clearing template (fd %d)", __func__, tmpl_fd); + + if (tmpl_fd == -1) + return; + + /* First clear the active template. */ + if ((r = ct_tmpl_clear(tmpl_fd)) != 0) + error("%s: Error clearing active process contract " + "template: %s", __func__, strerror(errno)); + + close(tmpl_fd); + tmpl_fd = -1; + + /* + * If either the fork didn't succeed (pid < 0), or clearing + * th active contract failed (r != 0), then we have nothing + * more do. + */ + if (r != 0 || pid <= 0) + return; + + /* Now lookup and abandon the contract we've created. */ + ctid = get_active_process_contract_id(); + + debug2("%s: abandoning contract id %ld", __func__, ctid); + + snprintf(ctl_path, sizeof(ctl_path), + CTFS_ROOT "/process/%ld/ctl", ctid); + if ((ctl_fd = open64(ctl_path, O_WRONLY)) < 0) { + error("%s: Error opening process contract " + "ctl file: %s", __func__, strerror(errno)); + goto fail; + } + if (ct_ctl_abandon(ctl_fd) < 0) { + error("%s: Error abandoning process contract: %s", + __func__, strerror(errno)); + goto fail; + } + close(ctl_fd); + return; + + fail: + if (tmpl_fd != -1) { + close(tmpl_fd); + tmpl_fd = -1; + } + if (stat_fd != -1) + close(stat_fd); + if (ctl_fd != -1) + close(ctl_fd); +} +#endif diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h new file mode 100644 index 000000000..4c324871e --- /dev/null +++ b/openbsd-compat/port-solaris.h @@ -0,0 +1,27 @@ +/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */ + +/* + * Copyright (c) 2006 Chad Mynhier. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_SOLARIS_H + +#include + +void solaris_contract_pre_fork(void); +void solaris_contract_post_fork_child(void); +void solaris_contract_post_fork_parent(pid_t pid); + +#endif diff --git a/platform.c b/platform.c new file mode 100644 index 000000000..aee4b01e7 --- /dev/null +++ b/platform.c @@ -0,0 +1,46 @@ +/* $Id: platform.c,v 1.1 2006/08/30 17:24:41 djm Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#include "platform.h" + +#include "openbsd-compat/openbsd-compat.h" + +void +platform_pre_fork(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_pre_fork(); +#endif +} + +void +platform_post_fork_parent(pid_t child_pid) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_parent(child_pid); +#endif +} + +void +platform_post_fork_child(void) +{ +#ifdef USE_SOLARIS_PROCESS_CONTRACTS + solaris_contract_post_fork_child(); +#endif +} diff --git a/platform.h b/platform.h new file mode 100644 index 000000000..cf93bc57c --- /dev/null +++ b/platform.h @@ -0,0 +1,23 @@ +/* $Id: platform.h,v 1.1 2006/08/30 17:24:41 djm Exp $ */ + +/* + * Copyright (c) 2006 Darren Tucker. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +void platform_pre_fork(void); +void platform_post_fork_parent(pid_t child_pid); +void platform_post_fork_child(void); diff --git a/sshd.c b/sshd.c index dcc626589..ee588ff8a 100644 --- a/sshd.c +++ b/sshd.c @@ -1154,6 +1154,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * the child process the connection. The * parent continues listening. */ + platform_pre_fork(); if ((pid = fork()) == 0) { /* * Child. Close the listening and @@ -1163,6 +1164,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * We break out of the loop to handle * the connection. */ + platform_post_fork_child(); startup_pipe = startup_p[1]; close_startup_pipes(); close_listen_socks(); @@ -1178,6 +1180,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } /* Parent. Stay in the loop. */ + platform_post_fork_parent(pid); if (pid < 0) error("fork: %.100s", strerror(errno)); else -- cgit v1.2.3 From 288cbbd59ed70dc137f83588a9ded946069776cc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 31 Aug 2006 11:28:49 +1000 Subject: - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege while setting up the ssh service account. Patch from Corinna Vinschen. --- ChangeLog | 4 +++- contrib/cygwin/ssh-host-config | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0a702d3fb..bef6b0538 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ [openbsd-compat/port-solaris.h] Add support for Solaris process contracts, enabled with --use-solaris-contracts. Patch from Chad Mynhier, tweaked by dtucker@ and myself; ok dtucker@ + - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege + while setting up the ssh service account. Patch from Corinna Vinschen. 20060830 - (djm) OpenBSD CVS Sync @@ -5346,4 +5348,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4519 2006/08/30 17:24:41 djm Exp $ +$Id: ChangeLog,v 1.4520 2006/08/31 01:28:49 dtucker Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 09cc3fcf0..e2ad69f19 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -516,6 +516,7 @@ then fi editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && editrights -a SeCreateTokenPrivilege -u sshd_server && + editrights -a SeTcbPrivilege -u sshd_server && editrights -a SeDenyInteractiveLogonRight -u sshd_server && editrights -a SeDenyNetworkLogonRight -u sshd_server && editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && -- cgit v1.2.3 From ded319cca23923651ddc5e6a4bd4bda66d0737f4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 1 Sep 2006 15:38:36 +1000 Subject: - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org --- ChangeLog | 19 ++++++++++++++++++- audit-bsm.c | 3 ++- audit.c | 5 ++++- auth-bsdauth.c | 2 ++ auth-chall.c | 2 ++ auth-pam.c | 1 + auth-rsa.c | 1 + auth-shadow.c | 1 + auth-sia.c | 17 +++++++++-------- auth1.c | 1 + auth2-chall.c | 1 + auth2-gss.c | 2 ++ auth2-kbdint.c | 2 ++ auth2-none.c | 1 + authfd.c | 1 + authfile.c | 1 + cipher-3des1.c | 1 + cipher-aes.c | 4 ++++ cipher-bf1.c | 1 + cipher-ctr.c | 1 + clientloop.c | 1 + dh.c | 1 + dns.c | 1 + entropy.c | 1 + gss-serv-krb5.c | 1 + gss-serv.c | 1 + hostfile.c | 1 + kex.c | 1 + kexdhc.c | 1 + kexdhs.c | 2 ++ kexgexc.c | 1 + kexgexs.c | 1 + key.c | 1 + loginrec.c | 1 + mac.c | 1 + md5crypt.c | 4 ++++ monitor.c | 1 + monitor_wrap.c | 1 + openbsd-compat/bsd-cray.c | 3 ++- openbsd-compat/port-aix.c | 1 + openbsd-compat/port-linux.c | 3 ++- openbsd-compat/port-solaris.c | 3 ++- openbsd-compat/port-uw.c | 15 +++++++++++++-- readconf.c | 1 + rsa.c | 1 + scard-opensc.c | 4 ++++ scard.c | 1 + session.c | 1 + ssh-add.c | 1 + ssh-agent.c | 1 + ssh-dss.c | 1 + ssh-keygen.c | 1 + ssh-keysign.c | 1 + ssh-rsa.c | 1 + ssh.c | 1 + sshconnect.c | 1 + sshconnect1.c | 1 + sshconnect2.c | 1 + sshd.c | 1 + 59 files changed, 117 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index bef6b0538..ebf308975 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +20060901 + - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] + [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] + [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] + [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] + [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] + [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] + [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] + [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] + [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] + [sshconnect1.c sshconnect2.c sshd.c rc4.diff] + [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] + [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] + [openbsd-compat/port-uw.c] + Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; + compile problems reported by rac AT tenzing.org + 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] [platform.c platform.h sshd.c openbsd-compat/Makefile.in] @@ -5348,4 +5365,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4520 2006/08/31 01:28:49 dtucker Exp $ +$Id: ChangeLog,v 1.4521 2006/09/01 05:38:36 djm Exp $ diff --git a/audit-bsm.c b/audit-bsm.c index 50241b32f..d5cf302ce 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.3 2006/08/16 01:40:45 djm Exp $ */ +/* $Id: audit-bsm.c,v 1.4 2006/09/01 05:38:36 djm Exp $ */ /* * TODO @@ -39,6 +39,7 @@ #include +#include #include #include "ssh.h" diff --git a/audit.c b/audit.c index 8c3ec5a6a..dbea34cb2 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.4 2006/08/05 14:05:10 dtucker Exp $ */ +/* $Id: audit.c,v 1.5 2006/09/01 05:38:36 djm Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -26,6 +26,9 @@ #include "includes.h" +#include +#include + #ifdef SSH_AUDIT_EVENTS #include "audit.h" diff --git a/auth-bsdauth.c b/auth-bsdauth.c index f718e5d38..37d527d11 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -27,6 +27,8 @@ #include +#include + #ifdef BSD_AUTH #include "xmalloc.h" #include "key.h" diff --git a/auth-chall.c b/auth-chall.c index 9c1079a17..919b1eaa4 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -27,6 +27,8 @@ #include +#include + #include "xmalloc.h" #include "key.h" #include "hostfile.h" diff --git a/auth-pam.c b/auth-pam.c index 8e9361caa..493993a10 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -54,6 +54,7 @@ #include #include +#include #include #include diff --git a/auth-rsa.c b/auth-rsa.c index 1c66b86a4..8c43458b0 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -24,6 +24,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/auth-shadow.c b/auth-shadow.c index 52447fe4a..8b3160aee 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -26,6 +26,7 @@ #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include +#include #include #include "key.h" diff --git a/auth-sia.c b/auth-sia.c index af7182b48..63304d36e 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -25,14 +25,6 @@ #include "includes.h" #ifdef HAVE_OSF_SIA -#include "ssh.h" -#include "auth.h" -#include "auth-sia.h" -#include "log.h" -#include "servconf.h" -#include "canohost.h" -#include "uidswap.h" - #include #include #include @@ -40,8 +32,17 @@ #include #include #include +#include #include +#include "ssh.h" +#include "auth.h" +#include "auth-sia.h" +#include "log.h" +#include "servconf.h" +#include "canohost.h" +#include "uidswap.h" + extern ServerOptions options; extern int saved_argc; extern char **saved_argv; diff --git a/auth1.c b/auth1.c index 34dcf6266..b9d6b1115 100644 --- a/auth1.c +++ b/auth1.c @@ -14,6 +14,7 @@ #include +#include #include #include #include diff --git a/auth2-chall.c b/auth2-chall.c index b091957b1..b78b739cd 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -28,6 +28,7 @@ #include +#include #include #include diff --git a/auth2-gss.c b/auth2-gss.c index d88bc4273..c77c841a3 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -30,6 +30,8 @@ #include +#include + #include "xmalloc.h" #include "key.h" #include "hostfile.h" diff --git a/auth2-kbdint.c b/auth2-kbdint.c index 901596484..a4fc9e6f7 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -27,6 +27,8 @@ #include +#include + #include "xmalloc.h" #include "packet.h" #include "key.h" diff --git a/auth2-none.c b/auth2-none.c index f455bdde3..952b44824 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -30,6 +30,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/authfd.c b/authfd.c index 5c910df13..61faad123 100644 --- a/authfd.c +++ b/authfd.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include diff --git a/authfile.c b/authfile.c index 675085646..735c64780 100644 --- a/authfile.c +++ b/authfile.c @@ -49,6 +49,7 @@ #include #include +#include #include #include #include diff --git a/cipher-3des1.c b/cipher-3des1.c index 61798bfde..fc16e20d7 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -29,6 +29,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/cipher-aes.c b/cipher-aes.c index 99e9eea92..14ef10f03 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -28,8 +28,12 @@ #include "openbsd-compat/openssl-compat.h" #ifdef USE_BUILTIN_RIJNDAEL +#include #include + +#include + #include "rijndael.h" #include "xmalloc.h" #include "log.h" diff --git a/cipher-bf1.c b/cipher-bf1.c index eb4c04777..292488c5c 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -29,6 +29,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/cipher-ctr.c b/cipher-ctr.c index 9733b7d56..b24f3a428 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -18,6 +18,7 @@ #include +#include #include #include diff --git a/clientloop.c b/clientloop.c index 132d75a44..88dfb1f32 100644 --- a/clientloop.c +++ b/clientloop.c @@ -78,6 +78,7 @@ #include #endif #include +#include #include #include #include diff --git a/dh.c b/dh.c index 925eedddf..f6ef05cf6 100644 --- a/dh.c +++ b/dh.c @@ -30,6 +30,7 @@ #include #include +#include #include #include #include diff --git a/dns.c b/dns.c index 229210835..92623de72 100644 --- a/dns.c +++ b/dns.c @@ -31,6 +31,7 @@ #include #include +#include #include #include diff --git a/entropy.c b/entropy.c index c89e0b528..4f19c8767 100644 --- a/entropy.c +++ b/entropy.c @@ -34,6 +34,7 @@ #ifdef HAVE_FCNTL_H # include #endif +#include #include #include diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 006bedad9..5a625acb8 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -31,6 +31,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/gss-serv.c b/gss-serv.c index 296f63a89..e8191a859 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -30,6 +30,7 @@ #include +#include #include #include diff --git a/hostfile.c b/hostfile.c index 08ba44264..2cceb352a 100644 --- a/hostfile.c +++ b/hostfile.c @@ -46,6 +46,7 @@ #include #include +#include #include #include #include diff --git a/kex.c b/kex.c index 0c36519a1..bfc1c11f9 100644 --- a/kex.c +++ b/kex.c @@ -28,6 +28,7 @@ #include #include +#include #include #include #include diff --git a/kexdhc.c b/kexdhc.c index bf875ae07..64de7af30 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -27,6 +27,7 @@ #include +#include #include #include #include diff --git a/kexdhs.c b/kexdhs.c index 7d2c21eed..93ec97f93 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -26,6 +26,8 @@ #include "includes.h" #include + +#include #include #include diff --git a/kexgexc.c b/kexgexc.c index fc48880d4..2c19713e1 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -28,6 +28,7 @@ #include +#include #include #include #include diff --git a/kexgexs.c b/kexgexs.c index 7599f2af4..5373a633a 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -28,6 +28,7 @@ #include +#include #include #include #include diff --git a/key.c b/key.c index 40aab20ea..f3b3d6b94 100644 --- a/key.c +++ b/key.c @@ -39,6 +39,7 @@ #include +#include #include #include diff --git a/loginrec.c b/loginrec.c index 7850312b6..67447edc0 100644 --- a/loginrec.c +++ b/loginrec.c @@ -156,6 +156,7 @@ #include #include #include +#include #include #include diff --git a/mac.c b/mac.c index edf9b69bd..e5d5bfa88 100644 --- a/mac.c +++ b/mac.c @@ -29,6 +29,7 @@ #include +#include #include #include diff --git a/md5crypt.c b/md5crypt.c index 253fdfdf2..22ef98933 100644 --- a/md5crypt.c +++ b/md5crypt.c @@ -11,6 +11,10 @@ #include "includes.h" #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) +#include + +#include + #include /* 0 ... 63 => ascii - 64 */ diff --git a/monitor.c b/monitor.c index 83b3765a0..b3ccde017 100644 --- a/monitor.c +++ b/monitor.c @@ -40,6 +40,7 @@ #endif #include #include +#include #include #include diff --git a/monitor_wrap.c b/monitor_wrap.c index 431b3e495..3865539df 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 8093f6d54..1532c991c 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.15 2006/07/24 05:08:36 djm Exp $ + * $Id: bsd-cray.c,v 1.16 2006/09/01 05:38:41 djm Exp $ * * bsd-cray.c * @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 13a73e873..d0a423005 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -41,6 +41,7 @@ # include #endif #include +#include #include #include #include diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 5e2e878dc..77f3a1c17 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.2 2006/07/24 04:51:01 djm Exp $ */ +/* $Id: port-linux.c,v 1.3 2006/09/01 05:38:41 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -24,6 +24,7 @@ #include "includes.h" #include +#include #include #ifdef WITH_SELINUX diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index f31f0c6ea..f57433e78 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -1,4 +1,4 @@ -/* $Id: port-solaris.c,v 1.1 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: port-solaris.c,v 1.2 2006/09/01 05:38:41 djm Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -29,6 +29,7 @@ #ifdef HAVE_FCNTL_H # include #endif +#include #include #include diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index c64427121..6f3523902 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -26,15 +26,26 @@ #include "includes.h" #ifdef HAVE_LIBIAF +#include #ifdef HAVE_CRYPT_H -#include +# include #endif +#include +#include +#include +#include +#include + +#include "xmalloc.h" #include "packet.h" #include "buffer.h" +#include "auth-options.h" #include "log.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" -#include "auth-options.h" +#include "ssh.h" int nischeck(char *); diff --git a/readconf.c b/readconf.c index c57ea0c82..4cacf6026 100644 --- a/readconf.c +++ b/readconf.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include diff --git a/rsa.c b/rsa.c index 875b486c4..08cc82007 100644 --- a/rsa.c +++ b/rsa.c @@ -64,6 +64,7 @@ #include +#include #include #include "xmalloc.h" diff --git a/scard-opensc.c b/scard-opensc.c index 7a496dff8..4751ea295 100644 --- a/scard-opensc.c +++ b/scard-opensc.c @@ -26,9 +26,13 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_OPENSC) +#include + #include #include +#include + #include #include diff --git a/scard.c b/scard.c index a2d28cba1..328655edd 100644 --- a/scard.c +++ b/scard.c @@ -29,6 +29,7 @@ #include #include +#include #include #include diff --git a/session.c b/session.c index 006e4304d..15c5ca9a0 100644 --- a/session.c +++ b/session.c @@ -53,6 +53,7 @@ #endif #include #include +#include #include #include #include diff --git a/ssh-add.c b/ssh-add.c index 518f47066..4dc46f6db 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -45,6 +45,7 @@ #include #include +#include #include #include #include diff --git a/ssh-agent.c b/ssh-agent.c index 6bc1e541a..08b07212e 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -58,6 +58,7 @@ # include #endif #include +#include #include #include #include diff --git a/ssh-dss.c b/ssh-dss.c index 448f704f6..fbc078e84 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -30,6 +30,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index c607e257e..969bd2359 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -29,6 +29,7 @@ # include #endif #include +#include #include #include #include diff --git a/ssh-keysign.c b/ssh-keysign.c index 1ddb2a058..c4bc7e56e 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -30,6 +30,7 @@ #include #endif #include +#include #include #include #include diff --git a/ssh-rsa.c b/ssh-rsa.c index 28444c1f9..0e16ff85f 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -22,6 +22,7 @@ #include #include +#include #include #include "xmalloc.h" diff --git a/ssh.c b/ssh.c index 07a4ca3c8..a34990b54 100644 --- a/ssh.c +++ b/ssh.c @@ -60,6 +60,7 @@ #endif #include #include +#include #include #include #include diff --git a/sshconnect.c b/sshconnect.c index 71ca4ec52..823def6a9 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -32,6 +32,7 @@ #include #endif #include +#include #include #include #include diff --git a/sshconnect1.c b/sshconnect1.c index 51f1f8088..90fcb344f 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include diff --git a/sshconnect2.c b/sshconnect2.c index 5846c8e9c..dd971a9f9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/sshd.c b/sshd.c index ee588ff8a..3fb146424 100644 --- a/sshd.c +++ b/sshd.c @@ -65,6 +65,7 @@ #include #include #include +#include #include #include #include -- cgit v1.2.3 From 607aede26c4193bf1bc5063698ea9a36cbd990e3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 1 Sep 2006 15:48:19 +1000 Subject: - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] [openbsd-compat/rresvport.c] Some more headers: netinet/in.h sys/socket.h and unistd.h in various places --- ChangeLog | 7 +++++-- includes.h | 2 ++ monitor.c | 1 + openbsd-compat/bindresvport.c | 4 +++- openbsd-compat/rresvport.c | 5 +++++ 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ebf308975..c00df6884 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,12 +8,15 @@ [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] - [sshconnect1.c sshconnect2.c sshd.c rc4.diff] + [sshconnect1.c sshconnect2.c sshd.c] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org + - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] + [openbsd-compat/rresvport.c] Some more headers: netinet/in.h + sys/socket.h and unistd.h in various places 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] @@ -5365,4 +5368,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4521 2006/09/01 05:38:36 djm Exp $ +$Id: ChangeLog,v 1.4522 2006/09/01 05:48:19 djm Exp $ diff --git a/includes.h b/includes.h index 03665a3d3..2101f13c9 100644 --- a/includes.h +++ b/includes.h @@ -21,6 +21,7 @@ #define _GNU_SOURCE /* activate extra prototypes for glibc */ #include +#include /* For CMSG_* */ #ifdef HAVE_LIMITS_H # include /* For PATH_MAX */ @@ -106,6 +107,7 @@ #include /* for grantpt() and friends */ #endif +#include #include /* For typedefs */ #ifdef HAVE_RPC_TYPES_H # include /* For INADDR_LOOPBACK */ diff --git a/monitor.c b/monitor.c index b3ccde017..364bd2316 100644 --- a/monitor.c +++ b/monitor.c @@ -43,6 +43,7 @@ #include #include #include +#include #ifdef SKEY #include diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index ef0eff3b6..e8fb83f23 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -33,8 +33,10 @@ #include "includes.h" #ifndef HAVE_BINDRESVPORT_SA +#include +#include -#include "includes.h" +#include #include #include diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index 15790e852..17e66ca59 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -35,6 +35,11 @@ #ifndef HAVE_RRESVPORT_AF +#include +#include + +#include + #include #include #include -- cgit v1.2.3 From 0646ca6be81c4f0f619d92a4e5a041b58c79a221 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 1 Sep 2006 19:29:01 +1000 Subject: - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration warnings for binary_open and binary_close. Patch from Corinna Vinschen. --- ChangeLog | 4 +++- openbsd-compat/bsd-cygwin_util.c | 14 +++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c00df6884..f10393f3c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] [openbsd-compat/rresvport.c] Some more headers: netinet/in.h sys/socket.h and unistd.h in various places + - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration + warnings for binary_open and binary_close. Patch from Corinna Vinschen. 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] @@ -5368,4 +5370,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4522 2006/09/01 05:48:19 djm Exp $ +$Id: ChangeLog,v 1.4523 2006/09/01 09:29:01 dtucker Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 4d31ef3b5..dbf8176b6 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -31,6 +31,13 @@ #ifdef HAVE_CYGWIN +#if defined(open) && open == binary_open +# undef open +#endif +#if defined(pipe) && open == binary_pipe +# undef pipe +#endif + #include #include #include @@ -48,13 +55,6 @@ #define ntsec_off(c) ((c) && strstr((c),"nontsec")) #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) -#if defined(open) && open == binary_open -# undef open -#endif -#if defined(pipe) && open == binary_pipe -# undef pipe -#endif - int binary_open(const char *filename, int flags, ...) { -- cgit v1.2.3 From 096faecdea1e39ecace0b20f4e208bd7ec33f6d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 1 Sep 2006 20:29:10 +1000 Subject: - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly test for GLOB_NOMATCH and use our glob functions if it's not found. Stops sftp from segfaulting when attempting to get a nonexistent file on Cygwin (previous versions of OpenSSH didn't use the native glob). Partly from and tested by Corinna Vinschen. --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- includes.h | 3 ++- openbsd-compat/glob.c | 3 ++- openbsd-compat/glob.h | 3 ++- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index f10393f3c..0cbd4b627 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,11 @@ sys/socket.h and unistd.h in various places - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration warnings for binary_open and binary_close. Patch from Corinna Vinschen. + - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly + test for GLOB_NOMATCH and use our glob functions if it's not found. + Stops sftp from segfaulting when attempting to get a nonexistent file on + Cygwin (previous versions of OpenSSH didn't use the native glob). Partly + from and tested by Corinna Vinschen. 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] @@ -5370,4 +5375,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4523 2006/09/01 09:29:01 dtucker Exp $ +$Id: ChangeLog,v 1.4524 2006/09/01 10:29:10 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3aba414a2..c37d7f499 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.356 2006/08/30 17:24:41 djm Exp $ +# $Id: configure.ac,v 1.357 2006/09/01 10:29:11 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.356 $) +AC_REVISION($Revision: 1.357 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -982,6 +982,8 @@ AC_TRY_COMPILE( ] ) +AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include ]) + AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) AC_RUN_IFELSE( [AC_LANG_SOURCE([[ diff --git a/includes.h b/includes.h index 2101f13c9..967fcc26c 100644 --- a/includes.h +++ b/includes.h @@ -30,7 +30,8 @@ # include #endif #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ - defined(GLOB_HAS_GL_MATCHC) + defined(GLOB_HAS_GL_MATCHC) && \ + defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 # include #endif #ifdef HAVE_ENDIAN_H diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index ec16b1108..b3dd2b171 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -47,7 +47,8 @@ #include #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) + !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 static long get_arg_max(void) diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 4fdbfc1ea..9ba07f76e 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -38,7 +38,8 @@ /* OPENBSD ORIGINAL: include/glob.h */ #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) + !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 #ifndef _GLOB_H_ #define _GLOB_H_ -- cgit v1.2.3 From 9fdeb66f67ebdadc1d558736bce99a7d4909713c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 1 Sep 2006 21:32:53 +1000 Subject: - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank versions. --- ChangeLog | 4 +++- README | 4 ++-- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0cbd4b627..fb9f971a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,8 @@ Stops sftp from segfaulting when attempting to get a nonexistent file on Cygwin (previous versions of OpenSSH didn't use the native glob). Partly from and tested by Corinna Vinschen. + - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank + versions. 20060831 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] @@ -5375,4 +5377,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4524 2006/09/01 10:29:10 dtucker Exp $ +$Id: ChangeLog,v 1.4525 2006/09/01 11:32:53 dtucker Exp $ diff --git a/README b/README index 9b05205b8..d0bacc564 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.3p2 for the release notes. +See http://www.openssh.com/txt/release-4.4 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.62 2006/02/12 05:48:56 dtucker Exp $ +$Id: README,v 1.63 2006/09/01 11:32:53 dtucker Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 77fc51897..60d0fb311 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.3p2 + %define version 4.4p1 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.57 2006/02/12 05:48:56 dtucker Exp $ +$Id: openssh.spec,v 1.58 2006/09/01 11:32:53 dtucker Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index cbdf7bbc7..58be31f4c 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.3p2 +%define ver 4.4p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b49e78c65..8c1da610c 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.3p2 +Version: 4.4p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 25fa0ee693fc99377e395bf47d74960ffda20883 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 2 Sep 2006 12:38:56 +1000 Subject: - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. --- ChangeLog | 5 ++++- openbsd-compat/port-irix.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb9f971a3..f1732345c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060902 + - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. + 20060901 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] @@ -5377,4 +5380,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4525 2006/09/01 11:32:53 dtucker Exp $ +$Id: ChangeLog,v 1.4526 2006/09/02 02:38:56 dtucker Exp $ diff --git a/openbsd-compat/port-irix.c b/openbsd-compat/port-irix.c index eaa91a4b5..ba751a538 100644 --- a/openbsd-compat/port-irix.c +++ b/openbsd-compat/port-irix.c @@ -29,8 +29,9 @@ defined(WITH_IRIX_JOBS) || \ defined(WITH_IRIX_ARRAY) -#include +#include #include +#include #ifdef WITH_IRIX_PROJECT # include -- cgit v1.2.3 From 46aa3e0ce1d2f341bb3e4d46035faae3bb5ee69c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 2 Sep 2006 15:32:40 +1000 Subject: - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include for hton* and ntoh* macros. Required on (at least) HP-UX since we define _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. --- ChangeLog | 7 ++++++- openbsd-compat/bindresvport.c | 1 + openbsd-compat/getrrsetbyname.c | 3 +++ openbsd-compat/port-tun.c | 2 ++ openbsd-compat/rresvport.c | 1 + ssh-keyscan.c | 3 +++ ssh-rand-helper.c | 1 + ssh.c | 3 +++ sshconnect.c | 1 + 9 files changed, 21 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f1732345c..56b4af7c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 20060902 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. + - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c + openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c + openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include + for hton* and ntoh* macros. Required on (at least) HP-UX since we define + _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. 20060901 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] @@ -5380,4 +5385,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4526 2006/09/02 02:38:56 dtucker Exp $ +$Id: ChangeLog,v 1.4527 2006/09/02 05:32:40 dtucker Exp $ diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index e8fb83f23..65afed1e3 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -37,6 +37,7 @@ #include #include +#include #include #include diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 40155d5ab..6c86e02c2 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -52,6 +52,9 @@ #include #include +#include +#include + #include "getrrsetbyname.h" #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index cadc331e1..276474db8 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -18,7 +18,9 @@ #include #include + #include +#include #include #include diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index 17e66ca59..5b0275ce0 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -39,6 +39,7 @@ #include #include +#include #include #include diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 64d4d0870..416d3f5c1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -15,6 +15,9 @@ # include #endif +#include +#include + #include #include diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 10c9905b1..8520c3a62 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -34,6 +34,7 @@ #include #include +#include #ifdef HAVE_SYS_UN_H # include diff --git a/ssh.c b/ssh.c index a34990b54..efc4af6d4 100644 --- a/ssh.c +++ b/ssh.c @@ -67,6 +67,9 @@ #include #include +#include +#include + #include #include diff --git a/sshconnect.c b/sshconnect.c index 823def6a9..a7a4e8a96 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -24,6 +24,7 @@ #endif #include +#include #include #include -- cgit v1.2.3 From ed0b59218ef9bb41a25922885d3fae7e67b8ba04 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 3 Sep 2006 22:44:49 +1000 Subject: - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for declaration of writev(2) and declare it ourselves if necessary. Makes the atomiciov() calls build on really old systems. ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 10 ++++++++-- openbsd-compat/openbsd-compat.h | 7 ++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 56b4af7c4..7cdcbf091 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060903 + - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for + declaration of writev(2) and declare it ourselves if necessary. Makes + the atomiciov() calls build on really old systems. ok djm@ + 20060902 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c @@ -5385,4 +5390,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4527 2006/09/02 05:32:40 dtucker Exp $ +$Id: ChangeLog,v 1.4528 2006/09/03 12:44:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c37d7f499..cdabbd8a1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.357 2006/09/01 10:29:11 dtucker Exp $ +# $Id: configure.ac,v 1.358 2006/09/03 12:44:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.357 $) +AC_REVISION($Revision: 1.358 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1328,6 +1328,12 @@ AC_CHECK_DECLS(O_NONBLOCK, , , #endif ]) +AC_CHECK_DECLS(writev, , , [ +#include +#include +#include + ]) + AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 278ac71d9..aac2e6cbc 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.41 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.42 2006/09/03 12:44:50 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -131,6 +131,11 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); int BSDgetopt(int argc, char * const *argv, const char *opts); #endif +#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 +# include +# include +int writev(int, struct iovec *, int); +#endif /* Home grown routines */ #include "bsd-misc.h" -- cgit v1.2.3 From 3e0891093a990b1d5111d5190f69c13277daedc7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 4 Sep 2006 22:37:41 +1000 Subject: - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7cdcbf091..922b2c649 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060904 + - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native + updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, + ok djm@ + 20060903 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for declaration of writev(2) and declare it ourselves if necessary. Makes @@ -5390,4 +5395,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4528 2006/09/03 12:44:49 dtucker Exp $ +$Id: ChangeLog,v 1.4529 2006/09/04 12:37:41 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cdabbd8a1..32ecd0da8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.358 2006/09/03 12:44:49 dtucker Exp $ +# $Id: configure.ac,v 1.359 2006/09/04 12:37:42 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.358 $) +AC_REVISION($Revision: 1.359 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,6 +512,8 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) + AC_DEFINES(BROKEN_UPDWTMP, 1, + [using updwtmp will corrupt wtmp entries]) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; -- cgit v1.2.3 From e1fe09968d12e79f34d9e48475f2bfd2c0556b83 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 5 Sep 2006 07:53:38 +1000 Subject: - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. --- ChangeLog | 5 ++++- configure.ac | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 922b2c649..8013660fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060905 + - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. + 20060904 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, @@ -5395,4 +5398,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4529 2006/09/04 12:37:41 dtucker Exp $ +$Id: ChangeLog,v 1.4530 2006/09/04 21:53:38 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 32ecd0da8..ce51b4cd5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.359 2006/09/04 12:37:42 dtucker Exp $ +# $Id: configure.ac,v 1.360 2006/09/04 21:53:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.359 $) +AC_REVISION($Revision: 1.360 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,7 +512,7 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) - AC_DEFINES(BROKEN_UPDWTMP, 1, + AC_DEFINE(BROKEN_UPDWTMP, 1, [using updwtmp will corrupt wtmp entries]) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") -- cgit v1.2.3 From 6e1033318cc0bc82a45a18d97894bee7bd60e935 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 5 Sep 2006 19:25:19 +1000 Subject: - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. --- ChangeLog | 3 ++- loginrec.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8013660fd..ff2d6ae00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. + - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. 20060904 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native @@ -5398,4 +5399,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4530 2006/09/04 21:53:38 dtucker Exp $ +$Id: ChangeLog,v 1.4531 2006/09/05 09:25:19 dtucker Exp $ diff --git a/loginrec.c b/loginrec.c index 67447edc0..8315bd85b 100644 --- a/loginrec.c +++ b/loginrec.c @@ -155,6 +155,7 @@ #include #include +#include #include #include #include -- cgit v1.2.3 From 6433df036e6cf37c5ac8fc69dcedc464e6424b16 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Sep 2006 10:36:43 +1000 Subject: - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can be used to drop privilege to; fixes Solaris GSSAPI crash reported by Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes --- ChangeLog | 9 ++++++++- auth.c | 3 +++ sshd.c | 32 +++++++++++++++++--------------- 3 files changed, 28 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index ff2d6ae00..b4340de78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060907 + - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can + be used to drop privilege to; fixes Solaris GSSAPI crash reported by + Magnus Abrante; suggestion and feedback dtucker@ + NB. this change will require that the privilege separation user must + exist on all the time, not just when UsePrivilegeSeparation=yes + 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. @@ -5399,4 +5406,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4531 2006/09/05 09:25:19 dtucker Exp $ +$Id: ChangeLog,v 1.4532 2006/09/07 00:36:43 djm Exp $ diff --git a/auth.c b/auth.c index 5da140b07..db2aa7bf9 100644 --- a/auth.c +++ b/auth.c @@ -73,6 +73,7 @@ extern ServerOptions options; extern int use_privsep; extern Buffer loginmsg; +extern struct passwd *privsep_pw; /* Debugging messages */ Buffer auth_debug; @@ -570,6 +571,8 @@ fakepw(void) fake.pw_gecos = "NOUSER"; fake.pw_uid = (uid_t)-1; fake.pw_gid = (gid_t)-1; + fake.pw_uid = privsep_pw->pw_uid; + fake.pw_gid = privsep_pw->pw_gid; #ifdef HAVE_PW_CLASS_IN_PASSWD fake.pw_class = ""; #endif diff --git a/sshd.c b/sshd.c index 3fb146424..e61adc1b5 100644 --- a/sshd.c +++ b/sshd.c @@ -244,6 +244,9 @@ Buffer cfg; /* message to be displayed after login */ Buffer loginmsg; +/* Unprivileged user */ +struct passwd *privsep_pw = NULL; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -579,7 +582,6 @@ privsep_preauth_child(void) { u_int32_t rnd[256]; gid_t gidset[1]; - struct passwd *pw; int i; /* Enable challenge-response authentication for privilege separation */ @@ -592,12 +594,6 @@ privsep_preauth_child(void) /* Demote the private keys to public keys. */ demote_sensitive_data(); - if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); - endpwent(); - /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, @@ -606,16 +602,16 @@ privsep_preauth_child(void) fatal("chdir(\"/\"): %s", strerror(errno)); /* Drop our privileges */ - debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, - (u_int)pw->pw_gid); + debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, + (u_int)privsep_pw->pw_gid); #if 0 /* XXX not ready, too heavy after chroot */ - do_setusercontext(pw); + do_setusercontext(privsep_pw); #else - gidset[0] = pw->pw_gid; + gidset[0] = privsep_pw->pw_gid; if (setgroups(1, gidset) < 0) fatal("setgroups: %.100s", strerror(errno)); - permanently_set_uid(pw); + permanently_set_uid(privsep_pw); #endif } @@ -1435,6 +1431,15 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); + /* Store privilege separation user for later use */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + strlcpy(privsep_pw->pw_passwd, "*", sizeof(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + endpwent(); + /* load private host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); @@ -1504,9 +1509,6 @@ main(int ac, char **av) if (use_privsep) { struct stat st; - if (getpwnam(SSH_PRIVSEP_USER) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", -- cgit v1.2.3 From b8f00193d84781a46939ffaa94dccbe9986984eb Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 6 Sep 2006 18:11:29 -0700 Subject: - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 --- ChangeLog | 3 ++- configure.ac | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b4340de78..bbbd985d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes + - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. @@ -5406,4 +5407,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4532 2006/09/07 00:36:43 djm Exp $ +$Id: ChangeLog,v 1.4533 2006/09/07 01:11:29 tim Exp $ diff --git a/configure.ac b/configure.ac index ce51b4cd5..493409f4d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.360 2006/09/04 21:53:38 dtucker Exp $ +# $Id: configure.ac,v 1.361 2006/09/07 01:11:29 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.360 $) +AC_REVISION($Revision: 1.361 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -512,8 +512,7 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=/u95/bin/sh AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) - AC_DEFINE(BROKEN_UPDWTMP, 1, - [using updwtmp will corrupt wtmp entries]) + AC_DEFINE(BROKEN_UPDWTMPX) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; -- cgit v1.2.3 From f19bbc38835acdc80b4c84e053afaf86f5dcb414 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 7 Sep 2006 22:57:53 +1000 Subject: - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. --- ChangeLog | 3 ++- loginrec.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index bbbd985d1..f6140fff5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 + - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. @@ -5407,4 +5408,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4533 2006/09/07 01:11:29 tim Exp $ +$Id: ChangeLog,v 1.4534 2006/09/07 12:57:53 dtucker Exp $ diff --git a/loginrec.c b/loginrec.c index 8315bd85b..e59127747 100644 --- a/loginrec.c +++ b/loginrec.c @@ -155,7 +155,9 @@ #include #include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include #include -- cgit v1.2.3 From 89f59cea1c38ec2dea4e70d61603af8e2668dc94 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 8 Sep 2006 00:03:05 +1000 Subject: - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better chance of winning. --- ChangeLog | 4 +++- regress/cfgmatch.sh | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f6140fff5..9ec74d6c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ exist on all the time, not just when UsePrivilegeSeparation=yes - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. + - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better + chance of winning. 20060905 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. @@ -5408,4 +5410,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4534 2006/09/07 12:57:53 dtucker Exp $ +$Id: ChangeLog,v 1.4535 2006/09/07 14:03:05 dtucker Exp $ diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 3a789faab..d987dcb97 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -12,6 +12,7 @@ stop_client() pid=`cat $pidfile` if [ ! -z "$pid" ]; then kill $pid + sleep 1 fi } -- cgit v1.2.3 From 17da530d609a62b9d6e5da436feefa4fe38bae7b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 8 Sep 2006 09:54:41 +1000 Subject: - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch from Chris Adams. --- ChangeLog | 6 +++++- auth-sia.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ec74d6c0..aaf8563c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060908 + - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch + from Chris Adams. + 20060907 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can be used to drop privilege to; fixes Solaris GSSAPI crash reported by @@ -5410,4 +5414,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4535 2006/09/07 14:03:05 dtucker Exp $ +$Id: ChangeLog,v 1.4536 2006/09/07 23:54:41 dtucker Exp $ diff --git a/auth-sia.c b/auth-sia.c index 63304d36e..a9e1c258c 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -36,6 +36,8 @@ #include #include "ssh.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "auth-sia.h" #include "log.h" -- cgit v1.2.3 From 6d0d6fbfdfe7afd7fa0bb8541b743f9194cdd437 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 01:05:21 +1000 Subject: - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. --- ChangeLog | 3 ++- configure.ac | 12 +++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaf8563c3..818cb9774 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch from Chris Adams. + - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. 20060907 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can @@ -5414,4 +5415,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4536 2006/09/07 23:54:41 dtucker Exp $ +$Id: ChangeLog,v 1.4537 2006/09/08 15:05:21 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 493409f4d..4a3c39fcb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.361 2006/09/07 01:11:29 tim Exp $ +# $Id: configure.ac,v 1.362 2006/09/08 15:05:21 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.361 $) +AC_REVISION($Revision: 1.362 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1166,7 +1166,13 @@ AC_ARG_WITH(audit, AUDIT_MODULE=bsm dnl Checks for headers, libs and functions AC_CHECK_HEADERS(bsm/audit.h, [], - [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)], + [ +#ifdef HAVE_TIME_H +# include +#endif + ] +) AC_CHECK_LIB(bsm, getaudit, [], [AC_MSG_ERROR(BSM enabled and required library not found)]) AC_CHECK_FUNCS(getaudit, [], -- cgit v1.2.3 From 08432d54faf63a2f5f9c264ac8ff6aa343ebeabc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 15:59:43 +1000 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. --- ChangeLog | 5 ++++- openbsd-compat/bsd-snprintf.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 818cb9774..ead33c85b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060909 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. + 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch from Chris Adams. @@ -5415,4 +5418,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4537 2006/09/08 15:05:21 dtucker Exp $ +$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index 47cbcff67..04651e1d4 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -109,6 +109,7 @@ #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) #include +#include #include #include -- cgit v1.2.3 From 19a66dbf4f929c0d9aa89af5b2282470cfb5726b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 20:34:15 +1000 Subject: - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. --- ChangeLog | 3 ++- contrib/aix/buildbff.sh | 44 ++++++++++++++++++++------------------------ 2 files changed, 22 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index ead33c85b..5791ec255 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. + - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch @@ -5418,4 +5419,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $ +$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118c..03f0d6048 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ +# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -200,33 +200,29 @@ do done echo -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +# Create PrivilegeSeparation user and group if not present +echo Checking for PrivilegeSeparation user and group. +if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." + echo "PrivSep group $SSH_PRIVSEP_USER already exists." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER +fi - # Create user if required - if lsuser "$SSH_PRIVSEP_USER" >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi +# Create user if required +if lsuser "$SSH_PRIVSEP_USER" >/dev/null +then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." +else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER +fi +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo UsePrivilegeSeparation not enabled, privsep directory not required. +else # create chroot directory if required if [ -d $PRIVSEP_PATH ] then -- cgit v1.2.3 From 733a292c1125b070a2e49e3e514912460966a03e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 20:41:25 +1000 Subject: - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ --- ChangeLog | 3 ++- buildpkg.sh.in | 10 +--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5791ec255..0ebeee281 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. + - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch @@ -5419,4 +5420,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $ +$Id: ChangeLog,v 1.4540 2006/09/09 10:41:25 dtucker Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 31db10d66..a3960cb89 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -311,14 +311,7 @@ then chroot=echo fi -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null -then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" - echo "or group." -else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # user required? + echo "PrivilegeSeparation user always required." if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then echo "PrivSep user $SSH_PRIVSEP_USER already exists." @@ -363,7 +356,6 @@ else \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER } -fi [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start exit 0 -- cgit v1.2.3 From f376669328e6df2dc78936786787150d98a1df80 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 10 Sep 2006 13:24:18 +1000 Subject: - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. --- ChangeLog | 5 ++++- contrib/aix/buildbff.sh | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ebeee281..b746504c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060910 + - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. + 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. @@ -5420,4 +5423,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4540 2006/09/09 10:41:25 dtucker Exp $ +$Id: ChangeLog,v 1.4541 2006/09/10 03:24:18 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 03f0d6048..97a7cbbba 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ +# $Id: buildbff.sh,v 1.10 2006/09/10 03:24:19 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -23,6 +23,8 @@ umask 022 startdir=`pwd` +perl -v >/dev/null || (echo perl required; exit 1) + # Path to inventory.sh: same place as buildbff.sh if echo $0 | egrep '^/' then -- cgit v1.2.3 From 57b2920ad896b4c1b7a6f5ba0171bdb311e8cc36 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 10 Sep 2006 20:25:51 +1000 Subject: - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. --- ChangeLog | 3 ++- configure.ac | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b746504c5..226373ac1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060910 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. + - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. @@ -5423,4 +5424,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4541 2006/09/10 03:24:18 dtucker Exp $ +$Id: ChangeLog,v 1.4542 2006/09/10 10:25:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 4a3c39fcb..80b0360c0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.362 2006/09/08 15:05:21 dtucker Exp $ +# $Id: configure.ac,v 1.363 2006/09/10 10:25:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.362 $) +AC_REVISION($Revision: 1.363 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -253,6 +253,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) ;; +*-*-dragonfly*) + SSHDLIBS="$SSHDLIBS -lcrypt" + ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" -- cgit v1.2.3 From 5d8a9acef0228e53e2069c6218beb8716b89aacd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 11 Sep 2006 20:46:13 +1000 Subject: - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted by Pekka Savola. --- ChangeLog | 6 +++++- cipher-aes.c | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 226373ac1..128c91491 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060911 + - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted + by Pekka Savola. + 20060910 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. @@ -5424,4 +5428,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4542 2006/09/10 10:25:51 dtucker Exp $ +$Id: ChangeLog,v 1.4543 2006/09/11 10:46:13 dtucker Exp $ diff --git a/cipher-aes.c b/cipher-aes.c index 14ef10f03..3ea594969 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -33,6 +33,7 @@ #include #include +#include #include "rijndael.h" #include "xmalloc.h" -- cgit v1.2.3 From 223897a01af2f496577cbf8f7fa5c5209109ef8e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Sep 2006 21:54:10 +1000 Subject: - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] Support SMF in Solaris Packages if enabled by configure. Patch from Chad Mynhier, tested by dtucker@ --- ChangeLog | 7 ++- Makefile.in | 4 +- buildpkg.sh.in | 174 ++++++++++++++++++++++++++++++++++++++++++++++++--------- configure.ac | 9 +-- openssh.xml.in | 87 +++++++++++++++++++++++++++++ 5 files changed, 247 insertions(+), 34 deletions(-) create mode 100644 openssh.xml.in diff --git a/ChangeLog b/ChangeLog index 128c91491..c61fd9343 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060912 + - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] + Support SMF in Solaris Packages if enabled by configure. Patch from + Chad Mynhier, tested by dtucker@ + 20060911 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted by Pekka Savola. @@ -5428,4 +5433,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4543 2006/09/11 10:46:13 dtucker Exp $ +$Id: ChangeLog,v 1.4544 2006/09/12 11:54:10 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 525b08eba..71f3623f1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.281 2006/08/30 17:24:41 djm Exp $ +# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -203,7 +203,7 @@ clean: regressclean distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core opensshd.init + rm -f *.out core opensshd.init openssh.xml rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache diff --git a/buildpkg.sh.in b/buildpkg.sh.in index a3960cb89..a3b9014bc 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -46,6 +46,8 @@ PKG_REQUEST_LOCAL=../pkg-request.local # end of sourced files # OPENSSHD=opensshd.init +OPENSSH_MANIFEST=openssh.xml +OPENSSH_FMRI=svc:/site/openssh:default PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ PATH_USERADD_PROG=@PATH_USERADD_PROG@ @@ -60,6 +62,10 @@ SYSTEM_DIR="/etc \ /etc/rc1.d \ /etc/rc2.d \ /etc/opt \ +/lib \ +/lib/svc \ +/lib/svc/method \ +/lib/svc/method/site \ /opt \ /opt/bin \ /usr \ @@ -82,6 +88,9 @@ SYSTEM_DIR="/etc \ /var \ /var/opt \ /var/run \ +/var/svc \ +/var/svc/manifest \ +/var/svc/manifest/site \ /var/tmp \ /tmp" @@ -119,6 +128,12 @@ do eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` done +## Are we using Solaris' SMF? +DO_SMF=0 +if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1 +then + DO_SMF=1 +fi ## Collect value of privsep user for confvar in SSH_PRIVSEP_USER @@ -168,10 +183,25 @@ then fi ## Setup our run level stuff while we are at it. -mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d +if [ $DO_SMF -eq 1 ] +then + # For Solaris' SMF, /lib/svc/method/site is the preferred place + # for start/stop scripts that aren't supplied with the OS, and + # similarly /var/svc/manifest/site for manifests. + mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site + mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site + + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} + + cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site + chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST} +else + mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d -cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} -chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} + cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} + chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} +fi [ "${PERMIT_ROOT_LOGIN}" = no ] && \ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ @@ -221,15 +251,22 @@ touch depend ## Build space file echo "Building space file..." -cat > space << _EOF -# extra space required by start/stop links added by installf in postinstall +if [ $DO_SMF -eq 1 ] +then + # XXX Is this necessary? If not, remove space line from mk-proto.awk. + touch space +else + cat > space << _EOF +# extra space required by start/stop links added by installf +# in postinstall $TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1 $TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1 _EOF -[ "$RC1_D" = no ] || \ -echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space -[ "$RCS_D" = yes ] && \ -echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space + [ "$RC1_D" = no ] || \ + echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space + [ "$RCS_D" = yes ] && \ + echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space +fi ## Build preinstall file echo "Building preinstall file..." @@ -243,7 +280,16 @@ _EOF cat >> preinstall << _EOF # -[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +if [ "\${PRE_INS_STOP}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + svcadm disable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop + fi +fi + exit 0 _EOF @@ -265,28 +311,41 @@ cat > postinstall << _EOF } # make rc?.d dirs only if we are doing a test install -[ -n "${TEST_DIR}" ] && { +[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d mkdir -p ${TEST_DIR}/etc/rc0.d [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d mkdir -p ${TEST_DIR}/etc/rc2.d } -if [ "\${USE_SYM_LINKS}" = yes ] +if [ $DO_SMF -eq 1 ] then - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + # Delete the existing service, if it exists, then import the + # new one. + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi + # NOTE, if manifest enables sshd by default, this will actually + # start the daemon, which may not be what the user wants. + svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST else - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + if [ "\${USE_SYM_LINKS}" = yes ] + then + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s + else + [ "$RCS_D" = yes ] && \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + [ "$RC1_D" = no ] || \ + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + fi fi # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) @@ -357,7 +416,17 @@ fi \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER } -[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start +if [ "\${POST_INS_START}" = "yes" ] +then + if [ $DO_SMF -eq 1 ] + then + # See svccfg import note above. The service may already + # be started. + svcadm enable $OPENSSH_FMRI + else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start + fi +fi exit 0 _EOF @@ -366,7 +435,12 @@ echo "Building preremove file..." cat > preremove << _EOF #! ${SCRIPT_SHELL} # -${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +if [ $DO_SMF -eq 1 ] +then + svcadm disable $OPENSSH_FMRI +else + ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop +fi _EOF # local preremove changes here @@ -381,6 +455,13 @@ echo "Building postremove file..." cat > postremove << _EOF #! ${SCRIPT_SHELL} # +if [ $DO_SMF -eq 1 ] +then + if svcs $OPENSSH_FMRI > /dev/null 2>&1 + then + svccfg delete -f $OPENSSH_FMRI + fi +fi _EOF # local postremove changes here @@ -446,7 +527,45 @@ done _EOF -cat >> request << _EOF +if [ $DO_SMF -eq 1 ] +then + # This could get hairy, as the running sshd may not be under SMF. + # We'll assume an earlier version of OpenSSH started via SMF. + cat >> request << _EOF +PRE_INS_STOP=no +POST_INS_START=no +# determine if should restart the daemon +if [ -s ${piddir}/sshd.pid ] && \ + /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 +then + ans=\`ckyorn -d n \ +-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) PRE_INS_STOP=yes + POST_INS_START=yes + ;; + esac + +else + +# determine if we should start sshd + ans=\`ckyorn -d n \ +-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? + case \$ans in + [y,Y]*) POST_INS_START=yes ;; + esac +fi + +# make parameters available to installation service, +# and so to any other packaging scripts +cat >\$1 <> request << _EOF USE_SYM_LINKS=no PRE_INS_STOP=no POST_INS_START=no @@ -487,6 +606,7 @@ POST_INS_START='\$POST_INS_START' ! _EOF +fi # local request changes here [ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL} diff --git a/configure.ac b/configure.ac index 80b0360c0..cfc5d594a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.363 2006/09/10 10:25:51 dtucker Exp $ +# $Id: configure.ac,v 1.364 2006/09/12 11:54:11 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.363 $) +AC_REVISION($Revision: 1.364 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3897,8 +3897,9 @@ dnl Add now. CFLAGS="$CFLAGS $werror_flags" AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ - openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh]) +AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ + openbsd-compat/Makefile openbsd-compat/regress/Makefile \ + scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options diff --git a/openssh.xml.in b/openssh.xml.in new file mode 100644 index 000000000..655ee5c9e --- /dev/null +++ b/openssh.xml.in @@ -0,0 +1,87 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 3c9c1fbd2184289482710dac4845233f362b917b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Sep 2006 06:08:53 +1000 Subject: - djm@cvs.openbsd.org 2006/09/16 19:53:37 [deattack.c deattack.h packet.c] limit maximum work performed by the CRC compensation attack detector, problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@ --- ChangeLog | 10 +++++++++- deattack.c | 26 +++++++++++++++++++++++--- deattack.h | 3 ++- packet.c | 15 +++++++++++---- 4 files changed, 45 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index c61fd9343..3c00fec48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060916 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2006/09/16 19:53:37 + [deattack.c deattack.h packet.c] + limit maximum work performed by the CRC compensation attack detector, + problem reported by Tavis Ormandy, Google Security Team; + ok markus@ deraadt@ + 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] Support SMF in Solaris Packages if enabled by configure. Patch from @@ -5433,4 +5441,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4544 2006/09/12 11:54:10 djm Exp $ +$Id: ChangeLog,v 1.4545 2006/09/16 20:08:53 djm Exp $ diff --git a/deattack.c b/deattack.c index b4fed7f85..1b37e4dab 100644 --- a/deattack.c +++ b/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */ /* * Cryptographic attack detector for ssh - source code * @@ -32,6 +32,24 @@ #include "crc32.h" #include "misc.h" +/* + * CRC attack detection has a worst-case behaviour that is O(N^3) over + * the number of identical blocks in a packet. This behaviour can be + * exploited to create a limited denial of service attack. + * + * However, because we are dealing with encrypted data, identical + * blocks should only occur every 2^35 maximally-sized packets or so. + * Consequently, we can detect this DoS by looking for identical blocks + * in a packet. + * + * The parameter below determines how many identical blocks we will + * accept in a single packet, trading off between attack detection and + * likelihood of terminating a legitimate connection. A value of 32 + * corresponds to an average of 2^40 messages before an attack is + * misdetected + */ +#define MAX_IDENTICAL 32 + /* SSH Constants */ #define SSH_MAXBLOCKS (32 * 1024) #define SSH_BLOCKSIZE (8) @@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len) static u_int16_t *h = (u_int16_t *) NULL; static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; u_int32_t i, j; - u_int32_t l; + u_int32_t l, same; u_char *c; u_char *d; @@ -124,10 +142,12 @@ detect_attack(u_char *buf, u_int32_t len) } memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); - for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { + for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { + if (++same > MAX_IDENTICAL) + return (DEATTACK_DOS_DETECTED); if (check_crc(c, buf, len)) return (DEATTACK_DETECTED); else diff --git a/deattack.h b/deattack.h index 627598104..0316fb285 100644 --- a/deattack.h +++ b/deattack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */ /* * Cryptographic attack detector for ssh - Header file @@ -25,6 +25,7 @@ /* Return codes */ #define DEATTACK_OK 0 #define DEATTACK_DETECTED 1 +#define DEATTACK_DOS_DETECTED 2 int detect_attack(u_char *, u_int32_t); #endif diff --git a/packet.c b/packet.c index a4cb3324e..da843b2c2 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.143 2006/08/05 08:34:04 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1000,9 +1000,16 @@ packet_read_poll1(void) * (C)1998 CORE-SDI, Buenos Aires Argentina * Ariel Futoransky(futo@core-sdi.com) */ - if (!receive_context.plaintext && - detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED) - packet_disconnect("crc32 compensation attack: network attack detected"); + if (!receive_context.plaintext) { + switch (detect_attack(buffer_ptr(&input), padded_len)) { + case DEATTACK_DETECTED: + packet_disconnect("crc32 compensation attack: " + "network attack detected"); + case DEATTACK_DOS_DETECTED: + packet_disconnect("deattack denial of " + "service detected"); + } + } /* Decrypt data to incoming_packet. */ buffer_clear(&incoming_packet); -- cgit v1.2.3 From dd1f9b307eb0ab746a9cbd391511dbf646f29210 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Sep 2006 08:05:03 +1000 Subject: - (djm) Add openssh.xml to .cvsignore and sort it --- .cvsignore | 43 ++++++++++++++++++++++--------------------- ChangeLog | 3 ++- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/.cvsignore b/.cvsignore index 1f98baa3b..b893c972d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,28 +1,29 @@ -ssh +*.0 +*.out +Makefile +autom4te.cache +buildit.sh +buildpkg.sh +config.cache +config.h +config.h.in +config.log +config.status +configure +openssh.xml +opensshd.init scp -sshd +sftp +sftp-server +ssh ssh-add +ssh-agent ssh-keygen ssh-keyscan ssh-keysign -ssh-agent -sftp-server -sftp -configure -config.h.in -config.h -config.status -config.cache -config.log -stamp-h.in -Makefile -ssh_prng_cmds -*.out -*.0 -buildit.sh -buildpkg.sh -autom4te.cache ssh-rand-helper -survey.sh +ssh_prng_cmds +sshd +stamp-h.in survey -opensshd.init +survey.sh diff --git a/ChangeLog b/ChangeLog index 3c00fec48..310375711 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ limit maximum work performed by the CRC compensation attack detector, problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@ + - (djm) Add openssh.xml to .cvsignore and sort it 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5441,4 +5442,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4545 2006/09/16 20:08:53 djm Exp $ +$Id: ChangeLog,v 1.4546 2006/09/16 22:05:03 djm Exp $ -- cgit v1.2.3 From 54e1b2291cf5fcd96ba36d291e6543eab44ec4dd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 17 Sep 2006 11:57:46 +1000 Subject: - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth process so that any logging it does is with the right timezone. From Scott Strickler, ok djm@. --- ChangeLog | 5 ++++- auth-pam.c | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 310375711..48de6b1c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ problem reported by Tavis Ormandy, Google Security Team; ok markus@ deraadt@ - (djm) Add openssh.xml to .cvsignore and sort it + - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth + process so that any logging it does is with the right timezone. From + Scott Strickler, ok djm@. 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5442,4 +5445,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4546 2006/09/16 22:05:03 djm Exp $ +$Id: ChangeLog,v 1.4547 2006/09/17 01:57:46 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 493993a10..c08d47229 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -437,10 +437,16 @@ sshpam_thread(void *ctxtp) u_int i; const char *pam_user; const char **ptr_pam_user = &pam_user; + char *tz = getenv("TZ"); pam_get_item(sshpam_handle, PAM_USER, (sshpam_const void **)ptr_pam_user); + environ[0] = NULL; + if (tz != NULL) + if (setenv("TZ", tz, 1) == -1) + error("PAM: could not set TZ environment: %s", + strerror(errno)); if (sshpam_authctxt != NULL) { setproctitle("%s [pam]", -- cgit v1.2.3 From 5965ae13e014f6315eeabfb1195646b9d071b844 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 17 Sep 2006 12:00:13 +1000 Subject: - (dtucker) [monitor.c] Correctly handle auditing of single commands when using Protocol 1. From jhb at freebsd. --- ChangeLog | 4 +++- monitor.c | 5 +---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 48de6b1c9..3af1ff35a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,8 @@ - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth process so that any logging it does is with the right timezone. From Scott Strickler, ok djm@. + - (dtucker) [monitor.c] Correctly handle auditing of single commands when + using Protocol 1. From jhb at freebsd. 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5445,4 +5447,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4547 2006/09/17 01:57:46 dtucker Exp $ +$Id: ChangeLog,v 1.4548 2006/09/17 02:00:13 dtucker Exp $ diff --git a/monitor.c b/monitor.c index 364bd2316..b20d0c726 100644 --- a/monitor.c +++ b/monitor.c @@ -286,7 +286,7 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_TERM, 0, mm_answer_term}, #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, #endif {0, 0, NULL} }; @@ -660,9 +660,6 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif -#ifdef SSH_AUDIT_EVENTS - monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); -#endif return (0); } -- cgit v1.2.3 From 1f062ca339a46d6c1556689b7eb65baacbb4daad Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Sep 2006 14:04:46 +1000 Subject: - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ --- ChangeLog | 3 ++- sshd.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3af1ff35a..6af6190c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ Scott Strickler, ok djm@. - (dtucker) [monitor.c] Correctly handle auditing of single commands when using Protocol 1. From jhb at freebsd. + - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5447,4 +5448,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4548 2006/09/17 02:00:13 dtucker Exp $ +$Id: ChangeLog,v 1.4549 2006/09/17 04:04:46 djm Exp $ diff --git a/sshd.c b/sshd.c index e61adc1b5..6159a5b6a 100644 --- a/sshd.c +++ b/sshd.c @@ -1436,7 +1436,7 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - strlcpy(privsep_pw->pw_passwd, "*", sizeof(privsep_pw->pw_passwd)); + privsep_pw->pw_passwd = "*"; privsep_pw = pwcopy(privsep_pw); endpwent(); -- cgit v1.2.3 From 83bbb03e52743b8b0d6500fdf46bd9436b0a2543 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 17 Sep 2006 22:55:52 +1000 Subject: - (dtucker) [INSTALL] Add info about audit support. --- ChangeLog | 3 ++- INSTALL | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6af6190c6..a16e83478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,7 @@ - (dtucker) [monitor.c] Correctly handle auditing of single commands when using Protocol 1. From jhb at freebsd. - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ + - (dtucker) [INSTALL] Add info about audit support. 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5448,4 +5449,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4549 2006/09/17 04:04:46 djm Exp $ +$Id: ChangeLog,v 1.4550 2006/09/17 12:55:52 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 3f0adfa1d..1c784a527 100644 --- a/INSTALL +++ b/INSTALL @@ -75,6 +75,12 @@ the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ +Basic Security Module (BSM): + +Native BSM support is know to exist in Solaris from at least 2.5.1, +FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM +implementation (http://www.openbsm.org). + 2. Building / Installation -------------------------- @@ -125,6 +131,10 @@ name). There are a few other options to the configure script: +--with-audit=[module] enable additional auditing via the specified module. +Currently, drivers for "debug" (additional info via syslog) and "bsm" +(Sun's Basic Security Module) are supported. + --with-pam enables PAM support. If PAM support is compiled in, it must also be enabled in sshd_config (refer to the UsePAM directive). @@ -240,4 +250,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.75 2006/07/10 02:55:24 dtucker Exp $ +$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $ -- cgit v1.2.3 From 9216c37d60fdb8b9e247541991248e0ca86cac07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Sep 2006 23:17:40 +1000 Subject: - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. Allows build out of the box with older VAC and XLC compilers. Found by David Bronder and Bernhard Simon. --- ChangeLog | 8 +++++++- configure.ac | 25 +++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a16e83478..f3d8d49ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060918 + - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow + macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. + Allows build out of the box with older VAC and XLC compilers. Found by + David Bronder and Bernhard Simon. + 20060916 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2006/09/16 19:53:37 @@ -5449,4 +5455,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4550 2006/09/17 12:55:52 dtucker Exp $ +$Id: ChangeLog,v 1.4551 2006/09/18 13:17:40 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cfc5d594a..f790f9a51 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.364 2006/09/12 11:54:11 djm Exp $ +# $Id: configure.ac,v 1.365 2006/09/18 13:17:41 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.364 $) +AC_REVISION($Revision: 1.365 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -134,6 +134,27 @@ SPC_MSG="no" # Check for some target-specific stuff case "$host" in *-*-aix*) + # Some versions of VAC won't allow macro redefinitions at + # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that + # particularly with older versions of vac or xlc. + # It also throws errors about null macro argments, but these are + # not fatal. + AC_MSG_CHECKING(if compiler allows macro redefinitions) + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ +#define testmacro foo +#define testmacro bar +int main(void) { exit(0); } + ]])], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" + LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" + CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" + CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" + ] + ) + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) if (test -z "$blibpath"); then blibpath="/usr/lib:/lib" -- cgit v1.2.3 From c70ce7b09d8fd0b341c33e1b8d584a91bb241547 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Sep 2006 23:54:32 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. Prevents macro redefinition warnings of "RDONLY". --- ChangeLog | 4 +++- openbsd-compat/port-aix.c | 10 ++++++++++ openbsd-compat/port-aix.h | 14 +------------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index f3d8d49ff..e43185568 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. Allows build out of the box with older VAC and XLC compilers. Found by David Bronder and Bernhard Simon. + - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. + Prevents macro redefinition warnings of "RDONLY". 20060916 - OpenBSD CVS Sync @@ -5455,4 +5457,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4551 2006/09/18 13:17:40 dtucker Exp $ +$Id: ChangeLog,v 1.4552 2006/09/18 13:54:32 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index d0a423005..b9fabf61f 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -45,6 +45,16 @@ #include #include #include + +#ifdef WITH_AIXAUTHENTICATE +# include +# include +# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG) +# include +# endif +# include +#endif + #include "port-aix.h" # ifdef HAVE_SETAUTHDB diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 37b2c12b0..5a04bedad 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */ /* * @@ -31,18 +31,6 @@ #ifdef HAVE_SYS_SOCKET_H # include #endif -#ifdef HAVE_UNISTD_H -# include /* for seteuid() */ -#endif - -#ifdef WITH_AIXAUTHENTICATE -# include -# include -# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG) -# include -# endif -# include -#endif #include "buffer.h" -- cgit v1.2.3 From 1e80e4023bce285ef4858383b5064b9ac3b254c1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 21 Sep 2006 12:59:33 +1000 Subject: - otto@cvs.openbsd.org 2006/09/19 05:52:23 [sftp.c] Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which lead to surprising results. Spotted by Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ --- ChangeLog | 10 +++++++++- sftp.c | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index e43185568..0373fe17a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060921 + - (dtucker) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2006/09/19 05:52:23 + [sftp.c] + Use S_IS* macros insted of masking with S_IF* flags. The latter may + have multiple bits set, which lead to surprising results. Spotted by + Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ + 20060918 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. @@ -5457,4 +5465,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4552 2006/09/18 13:54:32 dtucker Exp $ +$Id: ChangeLog,v 1.4553 2006/09/21 02:59:33 dtucker Exp $ diff --git a/sftp.c b/sftp.c index cf3dea048..c018615ae 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.91 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sftp.c,v 1.92 2006/09/19 05:52:23 otto Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -493,7 +493,7 @@ is_dir(char *path) if (stat(path, &sb) == -1) return(0); - return(sb.st_mode & S_IFDIR); + return(S_ISDIR(sb.st_mode)); } static int @@ -517,7 +517,7 @@ remote_is_dir(struct sftp_conn *conn, char *path) return(0); if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) return(0); - return(a->perm & S_IFDIR); + return(S_ISDIR(a->perm)); } static int -- cgit v1.2.3 From 4aa665b71c72666e23c318046835c3e0712d7e88 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 21 Sep 2006 13:00:25 +1000 Subject: - markus@cvs.openbsd.org 2006/09/19 21:14:08 [packet.c] client NULL deref on protocol error; Tavis Ormandy, Google Security Team --- ChangeLog | 5 ++++- packet.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0373fe17a..704668e2a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which lead to surprising results. Spotted by Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ + - markus@cvs.openbsd.org 2006/09/19 21:14:08 + [packet.c] + client NULL deref on protocol error; Tavis Ormandy, Google Security Team 20060918 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow @@ -5465,4 +5468,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4553 2006/09/21 02:59:33 dtucker Exp $ +$Id: ChangeLog,v 1.4554 2006/09/21 03:00:25 dtucker Exp $ diff --git a/packet.c b/packet.c index da843b2c2..6d58ebc0a 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.145 2006/09/19 21:14:08 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -691,6 +691,9 @@ packet_enable_delayed_compress(void) */ after_authentication = 1; for (mode = 0; mode < MODE_MAX; mode++) { + /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ + if (newkeys[mode] == NULL) + continue; comp = &newkeys[mode]->comp; if (comp && !comp->enabled && comp->type == COMP_DELAYED) { packet_init_compression(); -- cgit v1.2.3 From 0dc5484ca690ff0dce0f9643523b10935140e086 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 21 Sep 2006 23:13:30 +1000 Subject: - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes build error on Ultrix. From Bernhard Simon. --- ChangeLog | 4 +++- defines.h | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 704668e2a..a51117c88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ - markus@cvs.openbsd.org 2006/09/19 21:14:08 [packet.c] client NULL deref on protocol error; Tavis Ormandy, Google Security Team + - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes + build error on Ultrix. From Bernhard Simon. 20060918 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow @@ -5468,4 +5470,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4554 2006/09/21 03:00:25 dtucker Exp $ +$Id: ChangeLog,v 1.4555 2006/09/21 13:13:30 dtucker Exp $ diff --git a/defines.h b/defines.h index 6b395f806..8a4e2c73e 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.137 2006/08/18 22:38:24 djm Exp $ */ +/* $Id: defines.h,v 1.138 2006/09/21 13:13:30 dtucker Exp $ */ /* Constants */ @@ -556,6 +556,7 @@ struct winsize { #endif /* defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) */ #ifndef GETPGRP_VOID +# include # define getpgrp() getpgrp(0) #endif -- cgit v1.2.3 From dace233d70cd5990500651dc416a634ed18e5c02 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 22 Sep 2006 19:22:17 +1000 Subject: - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. --- ChangeLog | 6 +++++- canohost.c | 1 + packet.c | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a51117c88..f26dae2fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060922 + - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on + some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. + 20060921 - (dtucker) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/09/19 05:52:23 @@ -5470,4 +5474,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4555 2006/09/21 13:13:30 dtucker Exp $ +$Id: ChangeLog,v 1.4556 2006/09/22 09:22:17 dtucker Exp $ diff --git a/canohost.c b/canohost.c index dd3972e8d..2345cc35c 100644 --- a/canohost.c +++ b/canohost.c @@ -18,6 +18,7 @@ #include #include +#include #include #include diff --git a/packet.c b/packet.c index 6d58ebc0a..ab5a01002 100644 --- a/packet.c +++ b/packet.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From 0ee3cbfc519c3be5f842e1ebac1ccc0841ce75d3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 23 Sep 2006 16:25:19 +1000 Subject: - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than $LDFLAGS. Patch from vapier at gentoo org. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f26dae2fd..78abba7d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060923 + - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than + $LDFLAGS. Patch from vapier at gentoo org. + 20060922 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. @@ -5474,4 +5478,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4556 2006/09/22 09:22:17 dtucker Exp $ +$Id: ChangeLog,v 1.4557 2006/09/23 06:25:19 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f790f9a51..01e84104d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.365 2006/09/18 13:17:41 dtucker Exp $ +# $Id: configure.ac,v 1.366 2006/09/23 06:25:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.365 $) +AC_REVISION($Revision: 1.366 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3086,7 +3086,7 @@ AC_ARG_WITH(opensc, LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" - LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" + LIBS="$LIBS $LIBOPENSC_LIBS" AC_DEFINE(SMARTCARD) AC_DEFINE(USE_OPENSC, 1, [Define if you want smartcard support -- cgit v1.2.3 From 983b35b281fa9981acfdf23cd5813897720d1445 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 24 Sep 2006 12:08:59 -0700 Subject: 20060924 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added to rev 1.308) to work around broken gcc 2.x header file. --- ChangeLog | 6 +++++- configure.ac | 5 ++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 78abba7d1..4ac8dc4fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060924 + - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added + to rev 1.308) to work around broken gcc 2.x header file. + 20060923 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than $LDFLAGS. Patch from vapier at gentoo org. @@ -5478,4 +5482,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4557 2006/09/23 06:25:19 dtucker Exp $ +$Id: ChangeLog,v 1.4558 2006/09/24 19:08:59 tim Exp $ diff --git a/configure.ac b/configure.ac index 01e84104d..cfcd0272d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.366 2006/09/23 06:25:20 dtucker Exp $ +# $Id: configure.ac,v 1.367 2006/09/24 19:08:59 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.366 $) +AC_REVISION($Revision: 1.367 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -514,7 +514,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) - CFLAGS="$CFLAGS -Dva_list=_VA_LIST" AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) -- cgit v1.2.3 From f2ae7bf4a863485b39b0da38866c60cb2c93ad77 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 26 Sep 2006 18:57:28 +1000 Subject: Trim ChangeLog Prior to 4.2p1 --- ChangeLog | 2993 +------------------------------------------------------------ 1 file changed, 1 insertion(+), 2992 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ac8dc4fd..84754a012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2491,2995 +2491,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -20050901 - - (djm) Update RPM spec file versions - -20050831 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2005/08/30 22:08:05 - [gss-serv.c sshconnect2.c] - destroy credentials if krb5_kuserok() call fails. Stops credentials being - delegated to users who are not authorised for GSSAPIAuthentication when - GSSAPIDeletegateCredentials=yes and another authentication mechanism - succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by - simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ - - markus@cvs.openbsd.org 2005/08/31 09:28:42 - [version.h] - 4.2 - - (dtucker) [README] Update release note URL to 4.2 - - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c - openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable - libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). - Feedback and OK dtucker@ - -20050830 - - (tim) [configure.ac] Back out last change. It needs to be done differently. - -20050829 - - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long - password support to 7.x for now. - -20050826 - - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c - openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h - openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c - openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) - on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing - by tim@. Feedback and OK dtucker@ - -20050823 - - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- - qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" - and "//foo" to be different. Spotted by vinschen at redhat.com. - - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements - and OK dtucker@ - - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ - -20050821 - - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for - LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ - -20050816 - - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE, - from Jacob Nevins; ok dtucker@ - -20050815 - - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT - - (tim) [configure.ac] corrections to libedit tests. Report and patches - by skeleten AT shillest.net - -20050812 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2005/07/28 17:36:22 - [packet.c] - missing packet_init_compression(); from solar - - djm@cvs.openbsd.org 2005/07/30 01:26:16 - [ssh.c] - fix -D listen_host initialisation, so it picks up gateway_ports setting - correctly - - djm@cvs.openbsd.org 2005/07/30 02:03:47 - [readconf.c] - listen_hosts initialisation here too; spotted greg AT y2005.nest.cx - - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 - [servconf.c] - Unbreak sshd ListenAddress for bare IPv6 addresses. - Report from Janusz Mucka; ok djm@ - - jaredy@cvs.openbsd.org 2005/08/08 13:22:48 - [sftp.c] - sftp prompt enhancements: - - in non-interactive mode, do not print an empty prompt at the end - before finishing - - print newline after EOF in editline mode - - call el_end() in editline mode - ok dtucker djm - -20050810 - - (dtucker) [configure.ac] Test libedit library and headers for compatibility. - Report from skeleten AT shillest.net, ok djm@ - - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] - Sync current (thread-safe) version of realpath.c from OpenBSD (which is - in turn based on FreeBSD's). ok djm@ - -20050809 - - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ - Report by skeleten AT shillest.net - -20050803 - - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines - individually and use a value less likely to collide with real values from - netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ - - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the - latter is specified in the standard. - -20050802 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 - [scp.c hostfile.c sftp-client.c] - Silence bogus -Wuninitialized warnings; ok djm@ - - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling - with gcc. ok djm@ - - (dtucker) [configure.ac] Add a --with-Werror option to configure for - adding -Werror to CFLAGS when all of the configure tests are done. ok djm@ - -20050726 - - (dtucker) [configure.ac] Update zlib warning message too, pointed out by - tim@. - - (djm) OpenBSD CVS Sync - - otto@cvs.openbsd.org 2005/07/19 15:32:26 - [auth-passwd.c] - auth_usercheck(3) can return NULL, so check for that. Report from - mpech@. ok markus@ - - markus@cvs.openbsd.org 2005/07/25 11:59:40 - [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] - [sshconnect2.c sshd.c sshd_config sshd_config.5] - add a new compression method that delays compression until the user - has been authenticated successfully and set compression to 'delayed' - for sshd. - this breaks older openssh clients (< 3.5) if they insist on - compression, so you have to re-enable compression in sshd_config. - ok djm@ - -20050725 - - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. - -20050717 -- OpenBSD CVS Sync - - djm@cvs.openbsd.org 2005/07/16 01:35:24 - [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] - [sshconnect.c] - spacing - - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] - [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL - in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") - - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line - - djm@cvs.openbsd.org 2005/07/17 06:49:04 - [channels.c channels.h session.c session.h] - Fix a number of X11 forwarding channel leaks: - 1. Refuse multiple X11 forwarding requests on the same session - 2. Clean up all listeners after a single_connection X11 forward, not just - the one that made the single connection - 3. Destroy X11 listeners when the session owning them goes away - testing and ok dtucker@ - - djm@cvs.openbsd.org 2005/07/17 07:17:55 - [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] - [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] - [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] - [sshconnect.c sshconnect2.c] - knf says that a 2nd level indent is four (not three or five) spaces - -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] - [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too - - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls - -20050716 - - (dtucker) [auth-pam.c] Ensure that only one side of the authentication - socketpair stays open on in both the monitor and PAM process. Patch from - Joerg Sonnenberger. - -20050714 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2005/07/06 09:33:05 - [ssh.1] - clarify meaning of ssh -b ; with & ok jmc@ - - dtucker@cvs.openbsd.org 2005/07/08 09:26:18 - [misc.c] - Make comment match code; ok djm@ - - markus@cvs.openbsd.org 2005/07/08 09:41:33 - [channels.h] - race when efd gets closed while there is still buffered data: - change CHANNEL_EFD_OUTPUT_ACTIVE() - 1) c->efd must always be valid AND - 2a) no EOF has been seen OR - 2b) there is buffered data - report, initial fix and testing Chuck Cranor - - dtucker@cvs.openbsd.org 2005/07/08 10:20:41 - [ssh_config.5] - change BindAddress to match recent ssh -b change; prompted by markus@ - - jmc@cvs.openbsd.org 2005/07/08 12:53:10 - [ssh_config.5] - new sentence, new line; - - dtucker@cvs.openbsd.org 2005/07/14 04:00:43 - [misc.h] - use __sentinel__ attribute; ok deraadt@ djm@ markus@ - - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the - compiler doesn't understand it to prevent warnings. If any mainstream - compiler versions acquire it we can test for those versions. Based on - discussion with djm@. - -20050707 - - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for - the MIT Kerberos code path into a common function and expand mkstemp - template to be consistent with the rest of OpenSSH. From sxw at - inf.ed.ac.uk, ok djm@ - - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno - in the case where the buffer is insufficient, so always return ENOMEM. - Also pointed out by sxw at inf.ed.ac.uk. - - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove - calls to krb5_init_ets, which has not been required since krb-1.1.x and - most Kerberos versions no longer export in their public API. From sxw - at inf.ed.ac.uk, ok djm@ - -20050706 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2005/07/01 13:19:47 - [channels.c] - don't free() if getaddrinfo() fails; report mpech@ - - djm@cvs.openbsd.org 2005/07/04 00:58:43 - [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] - implement support for X11 and agent forwarding over multiplex slave - connections. Because of protocol limitations, the slave connections inherit - the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding - their own. - ok dtucker@ "put it in" deraadt@ - - jmc@cvs.openbsd.org 2005/07/04 11:29:51 - [ssh_config.5] - fix Xr and a little grammar; - - markus@cvs.openbsd.org 2005/07/04 14:04:11 - [channels.c] - don't forget to set x11_saved_display - -20050626 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2005/06/17 22:53:47 - [ssh.c sshconnect.c] - Fix ControlPath's %p expanding to "0" for a default port, - spotted dwmw2 AT infradead.org; ok markus@ - - djm@cvs.openbsd.org 2005/06/18 04:30:36 - [ssh.c ssh_config.5] - allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@ - - djm@cvs.openbsd.org 2005/06/25 22:47:49 - [ssh.c] - do the default port filling code a few lines earlier, so it really - does fix %p - -20050618 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2005/05/20 12:57:01; - [auth1.c] split protocol 1 auth methods into separate functions, makes - authloop much more readable; fixes and ok markus@ (portable ok & - polish dtucker@) - - djm@cvs.openbsd.org 2005/06/17 02:44:33 - [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ - - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable, - tested and fixes tim@ - -20050617 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2005/06/16 03:38:36 - [channels.c channels.h clientloop.c clientloop.h ssh.c] - move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd - easier later; ok deraadt@ - - markus@cvs.openbsd.org 2005/06/16 08:00:00 - [canohost.c channels.c sshd.c] - don't exit if getpeername fails for forwarded ports; bugzilla #1054; - ok djm - - djm@cvs.openbsd.org 2005/06/17 02:44:33 - [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] - [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] - [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] - [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] - [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] - make this -Wsign-compare clean; ok avsm@ markus@ - NB. auth1.c changes not committed yet (conflicts with uncommitted sync) - NB2. more work may be needed to make portable Wsign-compare clean - - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h - openbsd-compat/openssl-compat.c] only include openssl compat stuff where - it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by - and ok tim@ - -20050616 - - (djm) OpenBSD CVS Sync - - jaredy@cvs.openbsd.org 2005/06/07 13:25:23 - [progressmeter.c] - catch SIGWINCH and resize progress meter accordingly; ok markus dtucker - - djm@cvs.openbsd.org 2005/06/06 11:20:36 - [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] - introduce a generic %foo expansion function. replace existing % expansion - and add expansion to ControlPath; ok markus@ - - djm@cvs.openbsd.org 2005/06/08 03:50:00 - [ssh-keygen.1 ssh-keygen.c sshd.8] - increase default rsa/dsa key length from 1024 to 2048 bits; - ok markus@ deraadt@ - - djm@cvs.openbsd.org 2005/06/08 11:25:09 - [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] - add ControlMaster=auto/autoask options to support opportunistic - multiplexing; tested avsm@ and jakob@, ok markus@ - - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 - [cipher.c] - Correctly initialize end of array sentinel; ok djm@ - (Id sync only, change already in portable) - -20050609 - - (dtucker) [cipher.c openbsd-compat/Makefile.in - openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}] - Move compatibility code for supporting older OpenSSL versions to the - compat layer. Suggested by and "no objection" djm@ - -20050607 - - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: - in today's episode we attempt to coax it from limits.h where it may be - hiding, failing that we take the DIY approach. Tested by tim@ - -20050603 - - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't - defined, and check that it helps before keeping it in CFLAGS. Some old - gcc's don't set an error code when encountering an unknown value in -std. - Found and tested by tim@. - - (dtucker) [configure.ac] Point configure's reporting address at the - openssh-unix-dev list. ok tim@ djm@ - -20050602 - - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h. - Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms - to skip builtin standard includes tests. (first AC_CHECK_HEADERS test - must be run on all platforms) Add missing ;; to case statement. OK dtucker@ - -20050601 - - (dtucker) [configure.ac] Look for _getshort and _getlong in - arpa/nameser.h. - - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] - Add strtoll to the compat library, from OpenBSD. - - (dtucker) OpenBSD CVS Sync - - avsm@cvs.openbsd.org 2005/05/26 02:08:05 - [scp.c] - If copying multiple files to a target file (which normally fails, as it - must be a target directory), kill the spawned ssh child before exiting. - This stops it trying to authenticate and spewing lots of output. - deraadt@ ok - - dtucker@cvs.openbsd.org 2005/05/26 09:08:12 - [ssh-keygen.c] - uint32_t -> u_int32_t for consistency; ok djm@ - - djm@cvs.openbsd.org 2005/05/27 08:30:37 - [ssh.c] - fix -O for cases where no ControlPath has been specified or socket at - ControlPath is not contactable; spotted by and ok avsm@ - - (tim) [config.guess config.sub] Update to '2005-05-27' version. - - (tim) [configure.ac] set TEST_SHELL for OpenServer 6 - -20050531 - - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at - vintela.com. - - (dtucker) [mdoc2man.awk] Teach it to understand .Ox. - -20050530 - - (dtucker) [README] Link to new release notes. Beter late than never... - -20050529 - - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the - argument to passwdexpired to be initialized to NULL. Suggested by tim@ - While at it, initialize the other arguments to auth functions in case they - ever acquire this behaviour. - - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. - - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, - spotted by tim@. - -20050528 - - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have - one entry per line to make it easier to merge changes. ok djm@ - - (dtucker) [configure.ac] strsep() may be defined in string.h, so check - for its presence and include it in the strsep check. - - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for - its presence before doing AC_FUNC_GETPGRP. - - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor - version-specific variations as required. - - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as - per the autoconf man page. Configure should always define them but it - doesn't hurt to check. - -20050527 - - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by - David Leach; ok dtucker@ - - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c - openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. - Required changes from Bernhard Simon, integrated by me. ok djm@ - -20050525 - - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not - been used for a while - - (djm) OpenBSD CVS Sync - - otto@cvs.openbsd.org 2005/04/05 13:45:31 - [ssh-keygen.c] - - djm@cvs.openbsd.org 2005/04/06 09:43:59 - [sshd.c] - avoid harmless logspam by not performing setsockopt() on non-socket; - ok markus@ - - dtucker@cvs.openbsd.org 2005/04/06 12:26:06 - [ssh.c] - Fix debug call for port forwards; patch from pete at seebeyond.com, - ok djm@ (ID sync only - change already in portable) - - djm@cvs.openbsd.org 2005/04/09 04:32:54 - [misc.c misc.h tildexpand.c Makefile.in] - replace tilde_expand_filename with a simpler implementation, ahead of - more whacking; ok deraadt@ - - jmc@cvs.openbsd.org 2005/04/14 12:30:30 - [ssh.1] - arg to -b is an address, not if_name; - ok markus@ - - jakob@cvs.openbsd.org 2005/04/20 10:05:45 - [dns.c] - do not try to look up SSHFP for numerical hostname. ok djm@ - - djm@cvs.openbsd.org 2005/04/21 06:17:50 - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] - [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment - variable, so don't say that we do (bz #623); ok deraadt@ - - djm@cvs.openbsd.org 2005/04/21 11:47:19 - [ssh.c] - don't allocate a pty when -n flag (/dev/null stdin) is set, patch from - ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@ - - dtucker@cvs.openbsd.org 2005/04/23 23:43:47 - [readpass.c] - Add debug message if read_passphrase can't open /dev/tty; bz #471; - ok djm@ - - jmc@cvs.openbsd.org 2005/04/26 12:59:02 - [sftp-client.h] - spelling correction in comment from wiz@netbsd; - - jakob@cvs.openbsd.org 2005/04/26 13:08:37 - [ssh.c ssh_config.5] - fallback gracefully if client cannot connect to ControlPath. ok djm@ - - moritz@cvs.openbsd.org 2005/04/28 10:17:56 - [progressmeter.c ssh-keyscan.c] - add snprintf checks. ok djm@ markus@ - - markus@cvs.openbsd.org 2005/05/02 21:13:22 - [readpass.c] - missing {} - - djm@cvs.openbsd.org 2005/05/10 10:28:11 - [ssh.c] - print nice error message for EADDRINUSE as well (ID sync only) - - djm@cvs.openbsd.org 2005/05/10 10:30:43 - [ssh.c] - report real errors on fallback from ControlMaster=no to normal connect - - markus@cvs.openbsd.org 2005/05/16 15:30:51 - [readconf.c servconf.c] - check return value from strdelim() for NULL (AddressFamily); mpech - - djm@cvs.openbsd.org 2005/05/19 02:39:55 - [sshd_config.5] - sort config options, from grunk AT pestilenz.org; ok jmc@ - - djm@cvs.openbsd.org 2005/05/19 02:40:52 - [sshd_config] - whitespace nit, from grunk AT pestilenz.org - - djm@cvs.openbsd.org 2005/05/19 02:42:26 - [includes.h] - fix cast, from grunk AT pestilenz.org - - djm@cvs.openbsd.org 2005/05/20 10:50:55 - [ssh_config.5] - give a ProxyCommand example using nc(1), with and ok jmc@ - - jmc@cvs.openbsd.org 2005/05/20 11:23:32 - [ssh_config.5] - oops - article and spacing; - - avsm@cvs.openbsd.org 2005/05/23 22:44:01 - [moduli.c ssh-keygen.c] - - removes signed/unsigned comparisons in moduli generation - - use strtonum instead of atoi where its easier - - check some strlcpy overflow and fatal instead of truncate - - djm@cvs.openbsd.org 2005/05/23 23:32:46 - [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] - add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; - ok markus@ - - avsm@cvs.openbsd.org 2005/05/24 02:05:09 - [ssh-keygen.c] - some style nits from dmiller@, and use a fatal() instead of a printf()/exit - - avsm@cvs.openbsd.org 2005/05/24 17:32:44 - [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c] - [ssh-keyscan.c sshconnect.c] - Switch atomicio to use a simpler interface; it now returns a size_t - (containing number of bytes read/written), and indicates error by - returning 0. EOF is signalled by errno==EPIPE. - Typical use now becomes: - - if (atomicio(read, ..., len) != len) - err(1,"read"); - - ok deraadt@, cloder@, djm@ - - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on - Cygwin. - - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: - warning: dereferencing type-punned pointer will break strict-aliasing rules - warning: passing arg 3 of `pam_get_item' from incompatible pointer type - The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ - - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide - templates for _getshort and _getlong if missing to prevent compiler warnings - on Linux. - - (djm) [configure.ac openbsd-compat/Makefile.in] - [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] - Add strtonum(3) from OpenBSD libc, new code needs it. - Unfortunately Linux forces us to do a bizarre dance with compiler - options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ - -20050524 - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 - - (dtucker) [auth-pam.c] Since people don't seem to be getting the message - that USE_POSIX_THREADS is unsupported, not recommended and generally a bad - idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use - USE_POSIX_THREADS will now generate an error so we don't silently change - behaviour. ok djm@ - - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory - allocation when retrieving core Windows environment. Add CYGWIN variable - to propagated variables. Patch from vinschen at redhat.com, ok djm@ - - Release 4.1p1 - -20050524 - - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure - terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz; - "looks ok" dtucker@ - -20050512 - - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script - hard link section. Bug 1038. - -20050509 - - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a - user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com. - -20050504 - - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used - unix domain socket, so catch that too; from jakob@ ok dtucker@ - -20050503 - - (dtucker) [canohost.c] normalise socket addresses returned by - get_remote_hostname(). This means that IPv4 addresses in log messages - on IPv6 enabled machines will no longer be prefixed by "::ffff:" and - AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style - addresses only for 4-in-6 mapped connections, regardless of whether - or not the machine is IPv6 enabled. ok djm@ - -20050425 - - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the - existence of a process since it's more portable. Found by jbasney at - ncsa.uiuc.edu; ok tim@ - - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh - will clean up anyway. From tim@ - - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running - "make tests" works even if you're building on a filesystem that doesn't - support sockets. From deengert at anl.gov, ok djm@ - -20050424 - - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or - 1.2.1.2 or higher. With tim@, ok djm@ - -20050423 - - (tim) [config.guess] Add support for OpenServer 6. - -20050421 - - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if - UseLogin is set as PAM is not used to establish credentials in that - case. Found by Michael Selvesteen, ok djm@ - -20050419 - - (dtucker) [INSTALL] Reference README.privsep for the privilege separation - requirements. Pointed out by Bengt Svensson. - - (dtucker) [INSTALL] Put the s/key text and URL back together. - - (dtucker) [INSTALL] Fix s/key text too. - -20050411 - - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME - -20050405 - - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ - - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on - Tru64. Patch from cmadams at hiwaay.net. - - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of - sys_auth_passwd, pointed out by cmadams at hiwaay.net. - -20050403 - - (djm) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2005/03/31 18:39:21 - [scp.c] - copy argv[] element instead of smashing the one that ps will see; ok otto - - djm@cvs.openbsd.org 2005/04/02 12:41:16 - [scp.c] - since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror - build - - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read - will free as needed. ok tim@ djm@ - -20050331 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2005/03/16 11:10:38 - [ssh_config.5] - get the syntax right for {Local,Remote}Forward; - based on a diff from markus; - problem report from ponraj; - ok dtucker@ markus@ deraadt@ - - markus@cvs.openbsd.org 2005/03/16 21:17:39 - [version.h] - 4.1 - - jmc@cvs.openbsd.org 2005/03/18 17:05:00 - [sshd_config.5] - typo; - - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in - handling of password expiry messages returned by AIX's authentication - routines, originally reported by robvdwal at sara.nl. - - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug - message on some platforms. Patch from pete at seebeyond.com via djm. - - (dtucker) [monitor.c] Remaining part of fix for bug #1006. - -20050329 - - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're - interested in which is much faster in large (eg LDAP or NIS) environments. - Patch from dleonard at vintela.com. - -20050321 - - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes - and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net, - with & ok tim@ - - (dtucker) [configure.ac] Make configure error out if the user specifies - --with-libedit but the required libs can't be found, rather than silently - ignoring and continuing. ok tim@ - - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions - of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se. - -20050317 - - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. - Make --without-opensc work. - - (tim) [configure.ac] portability changes on test statements. Some shells - have problems with -a operator. - - (tim) [configure.ac] make some configure options a little more error proof. - - (tim) [configure.ac] remove trailing white space. - -20050314 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2005/03/10 10:15:02 - [readconf.c] - Check listen addresses for null, prevents xfree from dying during - ClearAllForwardings (bz #996). From Craig Leres, ok markus@ - - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 - [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c - monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c - readconf.c bufaux.c sftp.c] - spacing - - deraadt@cvs.openbsd.org 2005/03/10 22:40:38 - [auth-options.c] - spacing - - markus@cvs.openbsd.org 2005/03/11 14:59:06 - [ssh-keygen.c] - typo, missing \n; mpech - - jmc@cvs.openbsd.org 2005/03/12 11:55:03 - [ssh_config.5] - escape `.' at eol to avoid double spacing issues; - - dtucker@cvs.openbsd.org 2005/03/14 10:09:03 - [ssh-keygen.1] - Correct description of -H (bz #997); ok markus@, punctuation jmc@ - - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 - [auth.c] - Populate host for log message for logins denied by AllowUsers and - DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com) - - markus@cvs.openbsd.org 2005/03/14 11:46:56 - [buffer.c buffer.h channels.c] - limit input buffer size for channels; bugzilla #896; with and ok dtucker@ - - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed - with a rpm -F - -20050313 - - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the - localized name of the local administrators group more reliable. From - vinschen at redhat.com. - -20050312 - - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug - output ends up in the client's output, causing regress failures. Found - by Corinna Vinschen. - -20050309 - - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 - so that regress tests behave. From Chris Adams. - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2005/03/07 23:41:54 - [ssh.1 ssh_config.5] - more macro simplification; - - djm@cvs.openbsd.org 2005/03/08 23:49:48 - [version.h] - OpenSSH 4.0 - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update spec file versions - - (djm) [log.c] Fix dumb syntax error; ok dtucker@ - - (djm) Release OpenSSH 4.0p1 - -20050307 - - (dtucker) [configure.ac] Disable gettext search when configuring with - BSM audit support for the time being. ok djm@ - - (dtucker) OpenBSD CVS Sync (regress/) - - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 - [Makefile sftp-glob.sh] - some globbing regress; prompted and ok djm@ - - david@cvs.openbsd.org 2005/01/14 04:21:18 - [Makefile test-exec.sh] - pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ - - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 - [multiplex.sh test-exec.sh sshd-log-wrapper.sh] - Add optional capability to log output from regress commands; ok markus@ - Use with: make TEST_SSH_LOGFILE=/tmp/regress.log - - djm@cvs.openbsd.org 2005/02/27 23:13:36 - [login-timeout.sh] - avoid nameservice lookups in regress test; ok dtucker@ - - djm@cvs.openbsd.org 2005/03/04 08:48:46 - [Makefile envpass.sh] - regress test for SendEnv config parsing bug; ok dtucker@ - - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. - - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. - -20050306 - - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor - when attempting to audit disconnect events. Reported by Phil Dibowitz. - - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit - events earlier, prevents mm_request_send errors reported by Matt Goebel. - -20050305 - - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch - from vinschen at redhat.com - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2005/03/02 11:45:01 - [ssh.1] - missing word; - - djm@cvs.openbsd.org 2005/03/04 08:48:06 - [readconf.c] - fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ - -20050302 - - (djm) OpenBSD CVS sync: - - jmc@cvs.openbsd.org 2005/03/01 14:47:58 - [ssh.1] - remove some unneccesary macros; - do not mark up punctuation; - - jmc@cvs.openbsd.org 2005/03/01 14:55:23 - [ssh_config.5] - do not mark up punctuation; - whitespace; - - jmc@cvs.openbsd.org 2005/03/01 14:59:49 - [sshd.8] - new sentence, new line; - whitespace; - - jmc@cvs.openbsd.org 2005/03/01 15:05:00 - [ssh-keygen.1] - whitespace; - - jmc@cvs.openbsd.org 2005/03/01 15:47:14 - [ssh-keyscan.1 ssh-keyscan.c] - sort options and sync usage(); - - jmc@cvs.openbsd.org 2005/03/01 17:19:35 - [scp.1 sftp.1] - add HashKnownHosts to -o list; - ok markus@ - - jmc@cvs.openbsd.org 2005/03/01 17:22:06 - [ssh.c] - sync usage() w/ man SYNOPSIS; - ok markus@ - - jmc@cvs.openbsd.org 2005/03/01 17:32:19 - [ssh-add.1] - sort options; - - jmc@cvs.openbsd.org 2005/03/01 18:15:56 - [ssh-keygen.1] - sort options (no attempt made at synopsis clean up though); - spelling (occurance -> occurrence); - use prompt before examples; - grammar; - - djm@cvs.openbsd.org 2005/03/02 01:00:06 - [sshconnect.c] - fix addition of new hashed hostnames when CheckHostIP=yes; - found and ok dtucker@ - - djm@cvs.openbsd.org 2005/03/02 01:27:41 - [ssh-keygen.c] - ignore hostnames with metachars when hashing; ok deraadt@ - - djm@cvs.openbsd.org 2005/03/02 02:21:07 - [ssh.1] - bz#987: mention ForwardX11Trusted in ssh.1, - reported by andrew.benham AT thus.net; ok deraadt@ - - (tim) [regress/agent-ptrace.sh] add another possible gdb error. - -20050301 - - (djm) OpenBSD CVS sync: - - otto@cvs.openbsd.org 2005/02/16 09:56:44 - [ssh.c] - Better diagnostic if an identity file is not accesible. ok markus@ djm@ - - djm@cvs.openbsd.org 2005/02/18 03:05:53 - [canohost.c] - better error messages for getnameinfo failures; ok dtucker@ - - djm@cvs.openbsd.org 2005/02/20 22:59:06 - [sftp.c] - turn on ssh batch mode when in sftp batch mode, patch from - jdmossh AT nand.net; - ok markus@ - - jmc@cvs.openbsd.org 2005/02/25 10:55:13 - [sshd.8] - add /etc/motd and $HOME/.hushlogin to FILES; - from michael knudsen; - - djm@cvs.openbsd.org 2005/02/28 00:54:10 - [ssh_config.5] - bz#849: document timeout on untrusted x11 forwarding sessions. Reported by - orion AT cora.nwra.com; ok markus@ - - djm@cvs.openbsd.org 2005/03/01 10:09:52 - [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] - [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] - [sshd_config.5] - bz#413: allow optional specification of bind address for port forwardings. - Patch originally by Dan Astorian, but worked on by several people - Adds GatewayPorts=clientspecified option on server to allow remote - forwards to bind to client-specified ports. - - djm@cvs.openbsd.org 2005/03/01 10:40:27 - [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] - [sshconnect.c sshd.8] - add support for hashing host names and addresses added to known_hosts - files, to improve privacy of which hosts user have been visiting; ok - markus@ deraadt@ - - djm@cvs.openbsd.org 2005/03/01 10:41:28 - [ssh-keyscan.1 ssh-keyscan.c] - option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ - - djm@cvs.openbsd.org 2005/03/01 10:42:49 - [ssh-keygen.1 ssh-keygen.c ssh_config.5] - add tools for managing known_hosts files with hashed hostnames, including - hashing existing files and deleting hosts by name; ok markus@ deraadt@ - -20050226 - - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] - Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. - - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] - Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any - more. Patch from vinschen at redhat.com. - - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the - binaries without the config files. Primarily useful for packaging. - Patch from phil at usc.edu. ok djm@ - -20050224 - - (djm) [configure.ac] in_addr_t test needs sys/types.h too - -20050222 - - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from - vinschen at redhat.com. - -20050220 - - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac - defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure - --with-audit=bsm to enable. Patch originally from Sun Microsystems, - parts by John R. Jackson. ok djm@ - - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes - unrelated platforms to be configured incorrectly. - -20050216 - - (djm) write seed to temporary file and atomically rename into place; - ok dtucker@ - - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called - via mkstemp in some configurations. ok djm@ - - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined - by the system headers. - - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant - Unix; prevents problems relating to the location of -lresolv in the - link order. - - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic - authentication early enough to be available to PAM session modules when - privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam - Hartman and similar to Debian's ssh-krb5 package. - - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more - compiler warnings on AIX. - -20050215 - - (dtucker) [config.sh.in] Collect oslevel -r too. - - (dtucker) [README.platform auth.c configure.ac loginrec.c - openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 - on AIX where possible (see README.platform for details) and work around - a misfeature of AIX's getnameinfo. ok djm@ - - (dtucker) [loginrec.c] Add missing #include. - -20050211 - - (dtucker) [configure.ac] Tidy up configure --help output. - - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. - -20050210 - - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the - --disable-etc-default-login configure option. - -20050209 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 - [ssh_config] - Make it clear that the example entries in ssh_config are only some of the - commonly-used options and refer the user to ssh_config(5) for more - details; ok djm@ - - jmc@cvs.openbsd.org 2005/01/28 15:05:43 - [ssh_config.5] - grammar; - - jmc@cvs.openbsd.org 2005/01/28 18:14:09 - [ssh_config.5] - wording; - ok markus@ - - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 - [monitor.c] - Make code match intent; ok djm@ - - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 - [sshd.c] - Provide reason in error message if getnameinfo fails; ok markus@ - - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call - disable_forwarding() from compat library. Prevent linker errrors trying - to resolve it for binaries other than sshd. ok djm@ - - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir - paths. ok djm@ - - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require - the username to be passed to the passwd command when changing expired - passwords. ok djm@ - -20050208 - - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the - regress tests so newer versions of GNU head(1) behave themselves. Patch - by djm, so ok me. - - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. - - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c - monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit - defines and enums with SSH_ to prevent namespace collisions on some - platforms (eg AIX). - -20050204 - - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. - - (dtucker) [auth.c] Fix parens in audit log check. - -20050202 - - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath - rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ - - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] - Make record_failed_login() call provide hostname rather than having the - implementations having to do lookups themselves. Only affects AIX and - UNICOS (the latter only uses the "user" parameter anyway). ok djm@ - - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child - the process. Since we also unset KRB5CCNAME at startup, if it's set after - authentication it must have been set by the platform's native auth system. - This was already done for AIX; this enables it for the general case. - - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] - Bug #974: Teach sshd to write failed login records to btmp for failed auth - attempts (currently only for password, kbdint and C/R, only on Linux and - HP-UX), based on code from login.c from util-linux. With ashok_kovai at - hotmail.com, ok djm@ - - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c - monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: - (first stage) Add audit instrumentation to sshd, currently disabled by - default. with suggestions from and ok djm@ - -20050201 - - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some - platforms syslog will revert to its default values. This may result in - messages from external libraries (eg libwrap) being sent to a different - facility. - - (dtucker) [sshd_config.5] Bug #701: remove warning about - keyboard-interactive since this is no longer the case. - -20050124 - - (dtucker) OpenBSD CVS Sync - - otto@cvs.openbsd.org 2005/01/21 08:32:02 - [auth-passwd.c sshd.c] - Warn in advance for password and account expiry; initialize loginmsg - buffer earlier and clear it after privsep fork. ok and help dtucker@ - markus@ - - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 - [auth.c] - Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and - DenyGroups. bz #909, ok djm@ - - djm@cvs.openbsd.org 2005/01/23 10:18:12 - [cipher.c] - config option "Ciphers" should be case-sensitive; ok dtucker@ - - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 - [scp.c sftp.c] - Have scp and sftp wait for the spawned ssh to exit before they exit - themselves. This prevents ssh from being unable to restore terminal - modes (not normally a problem on OpenBSD but common with -Portable - on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); - ok djm@ markus@ - - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 - [moduli] - Import new moduli; requested by deraadt@ a week ago - - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 - [auth-passwd.c] - #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ - -20050120 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/12/23 17:35:48 - [session.c] - check for NULL; from mpech - - markus@cvs.openbsd.org 2004/12/23 17:38:07 - [ssh-keygen.c] - leak; from mpech - - djm@cvs.openbsd.org 2004/12/23 23:11:00 - [servconf.c servconf.h sshd.c sshd_config sshd_config.5] - bz #898: support AddressFamily in sshd_config. from - peak@argo.troja.mff.cuni.cz; ok deraadt@ - - markus@cvs.openbsd.org 2005/01/05 08:51:32 - [sshconnect.c] - remove dead code, log connect() failures with level error, ok djm@ - - jmc@cvs.openbsd.org 2005/01/08 00:41:19 - [sshd_config.5] - `login'(n) -> `log in'(v); - - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 - [moduli.c] - Correct spelling: SCHNOOR->SCHNORR; ok djm@ - - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 - [sshd.c] - Make debugging output continue after reexec; ok djm@ - - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 - [auth-bsdauth.c auth2-chall.c] - Have keyboard-interactive code call the drivers even for responses for - invalid logins. This allows the drivers themselves to decide how to - handle them and prevent leaking information where possible. Existing - behaviour for bsdauth is maintained by checking authctxt->valid in the - bsdauth driver. Note that any third-party kbdint drivers will now need - to be able to handle responses for invalid logins. ok markus@ - - djm@cvs.openbsd.org 2004/12/22 02:13:19 - [cipher-ctr.c cipher.c] - remove fallback AES support for old OpenSSL, as OpenBSD has had it for - many years now; ok deraadt@ - (Id sync only: Portable will continue to support older OpenSSLs) - - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user - existence via keyboard-interactive/pam, in conjunction with previous - auth2-chall.c change; with Colin Watson and djm. - - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 - bytes to prevent errors from login_init_entry() when the username is - exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ - - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from - the list of available kbdint devices if UsePAM=no. ok djm@ - -20050118 - - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement - "make survey" and "make send-survey". This will provide data on the - configure parameters, platform and platform features to the development - team, which will allow (among other things) better targetting of testing. - It's entirely voluntary and is off be default. ok djm@ - - (dtucker) [survey.sh.in] Remove any blank lines from the output of - ccver-v and ccver-V. - -20041220 - - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading - from prngd is enabled at compile time but fails at run time, eg because - prngd is not running. Note that if you have prngd running when OpenSSH is - built, OpenSSL will consider itself internally seeded and rand-helper won't - be built at all unless explicitly enabled via --with-rand-helper. ok djm@ - - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since - on some wacky platforms (eg old AIXes), dd will refuse to create an output - file if it doesn't exist. - -20041213 - - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from - amarendra.godbole at ge com. - -20041211 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/12/06 16:00:43 - [bufaux.c] - use 0x00 not \0 since buf[] is a bignum - - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 - [sftp.c] - - fix globbed ls for paths the same lenght as the globbed path when - we have a unique matching. - - fix globbed ls in case of a directory when we have a unique matching. - - as a side effect, if the path does not exist error (used to silently - ignore). - - don't do extra do_lstat() if we only have one matching file. - djm@ ok - - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 - [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] - Fix debug call in error path of authorized_keys processing and fix related - warnings; ok djm@ - -20041208 - - (tim) [configure.ac] Comment some non obvious platforms in the - target-specific case statement. Suggested and OK by dtucker@ - -20041207 - - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. - -20041206 - - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/11/25 22:22:14 - [sftp-client.c sftp.c] - leak; from mpech - - jmc@cvs.openbsd.org 2004/11/29 00:05:17 - [sftp.1] - missing full stop; - - djm@cvs.openbsd.org 2004/11/29 07:41:24 - [sftp-client.h sftp.c] - Some small fixes from moritz@jodeit.org. ok deraadt@ - - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 - [sftp.1] - - explain that patterns can be used as arguments in get/put/ls/etc - commands (prodded by Michael Knudsen) - - describe ls flags as a list - - other minor improvements - ok jmc, djm - - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 - [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] - Discard over-length authorized_keys entries rather than complaining when - they don't decode. bz #884, with & ok djm@ - - (dtucker) OpenBSD CVS Sync (regress/) - - djm@cvs.openbsd.org 2004/06/26 06:16:07 - [reexec.sh] - don't change the name of the copied sshd for the reexec fallback test, - makes life simpler for portable - - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 - [scp.sh] - Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ - - david@cvs.openbsd.org 2004/07/09 19:45:43 - [Makefile] - add a missing CLEANFILES used in the re-exec test - - djm@cvs.openbsd.org 2004/10/08 02:01:50 - [reexec.sh] - shrink and tidy; ok dtucker@ - - djm@cvs.openbsd.org 2004/10/29 23:59:22 - [Makefile added brokenkeys.sh] - regression test for handling of corrupt keys in authorized_keys file - - djm@cvs.openbsd.org 2004/11/07 00:32:41 - [multiplex.sh] - regression tests for new multiplex commands - - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 - [test-exec.sh] - Remove obsolete RhostsAuthentication from test config; ok markus@ - - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 - [test-exec.sh] - Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ - -20041203 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2004/11/07 17:42:36 - [ssh.1] - options sort, and whitespace; - - jmc@cvs.openbsd.org 2004/11/07 17:57:30 - [ssh.c] - usage(): - - add -O - - sync -S w/ manpage - - remove -h - - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is - subsequently denied by the PAM auth stack, send the PAM message to the - user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). - ok djm@ - -20041107 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/11/05 12:19:56 - [sftp.c] - command editing and history support via libedit; ok markus@ - thanks to hshoexer@ and many testers on tech@ too - - djm@cvs.openbsd.org 2004/11/07 00:01:46 - [clientloop.c clientloop.h ssh.1 ssh.c] - add basic control of a running multiplex master connection; including the - ability to check its status and request it to exit; ok markus@ - - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure - option and supporting makefile bits and documentation. - -20041105 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/08/30 09:18:08 - [LICENCE] - s/keygen/keyscan/ - - jmc@cvs.openbsd.org 2004/08/30 21:22:49 - [ssh-add.1 ssh.1] - .Xsession -> .xsession; - originally from a pr from f at obiit dot org, but missed by myself; - ok markus@ matthieu@ - - djm@cvs.openbsd.org 2004/09/07 23:41:30 - [clientloop.c ssh.c] - cleanup multiplex control socket on SIGHUP too, spotted by sturm@ - ok markus@ deraadt@ - - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 - [ssh.c] - /* fallthrough */ is something a programmer understands. But - /* FALLTHROUGH */ is also understood by lint, so that is better. - - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 - [sshd_config.5] - mention PrintLastLog only prints last login time for interactive - sessions, like PrintMotd mentions. - From Michael Knudsen, with wording changed slightly to match the - PrintMotd description. - ok djm - - mickey@cvs.openbsd.org 2004/09/15 18:42:27 - [sshd.c] - use less doubles in daemons; markus@ ok - - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 - [scp.c] - scratch that do { } while (0) wrapper in this case - - djm@cvs.openbsd.org 2004/09/23 13:00:04 - [ssh.c] - correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ - - djm@cvs.openbsd.org 2004/09/25 03:45:14 - [sshd.c] - these printf args are no longer double; ok deraadt@ markus@ - - djm@cvs.openbsd.org 2004/10/07 10:10:24 - [scp.1 sftp.1 ssh.1 ssh_config.5] - document KbdInteractiveDevices; ok markus@ - - djm@cvs.openbsd.org 2004/10/07 10:12:36 - [ssh-agent.c] - don't unlink agent socket when bind() fails, spotted by rich AT - rich-paul.net, ok markus@ - - markus@cvs.openbsd.org 2004/10/20 11:48:53 - [packet.c ssh1.h] - disconnect for invalid (out of range) message types. - - djm@cvs.openbsd.org 2004/10/29 21:47:15 - [channels.c channels.h clientloop.c] - fix some window size change bugs for multiplexed connections: windows sizes - were not being updated if they had changed after ~^Z suspends and SIGWINCH - was not being processed unless the first connection had requested a tty; - ok markus - - djm@cvs.openbsd.org 2004/10/29 22:53:56 - [clientloop.c misc.h readpass.c ssh-agent.c] - factor out common permission-asking code to separate function; ok markus@ - - djm@cvs.openbsd.org 2004/10/29 23:56:17 - [bufaux.c bufaux.h buffer.c buffer.h] - introduce a new buffer API that returns an error rather than fatal()ing - when presented with bad data; ok markus@ - - djm@cvs.openbsd.org 2004/10/29 23:57:05 - [key.c] - use new buffer API to avoid fatal errors on corrupt keys in authorized_keys - files; ok markus@ - -20041102 - - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX - 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ - only if a conflict is detected. - -20041019 - - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or - on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ - -20041016 - - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; - ok dtucker@ - -20041006 - - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode - and other PAM platforms. - - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants - to void * to appease picky compilers (eg Tru64's "cc -std1"). - -20040930 - - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ - -20040923 - - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, - which could have caused the justification to be wrong. ok djm@ - -20040921 - - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. - ok djm@ - - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin - install process. Patch from vinschen at redhat.com. - -20040912 - - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. - No change in resultant binary - - (djm) [loginrec.c] __func__ifiy - - (djm) [loginrec.c] xmalloc - - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol - banner. Suggested by deraadt@, ok mouring@, dtucker@ - - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. - Partly by & ok djm@. - -20040911 - - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ - - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from - failing PAM session modules to user then exit, similar to the way - /etc/nologin is handled. ok djm@ - - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. - - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] - Make cygwin code more consistent with that which surrounds it - - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] - Bug #892: Send messages from failing PAM account modules to the client via - SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with - SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ - - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ - - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. - Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ - - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert - at anl.gov, ok djm@ - -20040830 - - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only - copy required environment variables on Cygwin. Patch from vinschen at - redhat.com, ok djm@ - - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from - vinschen at redhat.com. - - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability - of shell constructs. Patch from cjwatson at debian.org. - -20040829 - - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from - failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. - From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/08/23 11:48:09 - [authfile.c] - fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus - - djm@cvs.openbsd.org 2004/08/23 11:48:47 - [channels.c] - typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus - - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 - [ssh-keysign.c ssh.c] - Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches - change in Portable; ok markus@ (CVS ID sync only) - - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 - [ssh-keysign.c] - Remove duplicate getuid(), suggested by & ok markus@ - - markus@cvs.openbsd.org 2004/08/26 16:00:55 - [ssh.1 sshd.8] - get rid of references to rhosts authentication; with jmc@ - - djm@cvs.openbsd.org 2004/08/28 01:01:48 - [sshd.c] - don't erroneously close stdin for !reexec case, from Dave Johnson; - ok markus@ - - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, - fixes configure warning on Solaris reported by wknox at mitre.org. - - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not - support FD passing since multiplex requires it. Noted by tim@ - - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn - down, needed on some platforms, should be harmless on others. Patch from - jason at devrandom.org. - - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like - files ending in .exe that aren't binaries; patch from vinschen at redhat.com. - - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree - builds too, from vinschen at redhat.com. - - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 - too; patch from cmadams at hiwaay.net. - - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. - - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for - accounts with authentication configs that sshd can't support (ie - SYSTEM=NONE and AUTH1=something). - -20040828 - - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from - vinschen at redhat.com. - -20040823 - - (djm) [ssh-rand-helper.c] Typo. Found by - Martin.Kraemer AT Fujitsu-Siemens.com - - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by - Martin.Kraemer AT Fujitsu-Siemens.com - -20040817 - - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/08/16 08:17:01 - [version.h] - 3.9 - - (djm) Crank RPM spec version numbers - - (djm) Release 3.9p1 - -20040816 - - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root - to convince Solaris PAM to honour password complexity rules. ok djm@ - -20040815 - - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since - it does the right thing on all platforms. ok djm@ - - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in - openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c - openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter - closefrom() replacement from sudo; ok dtucker@ - - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker - - (dtucker) [Makefile.in] Fix typo. - -20040814 - - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c] - Explicitly set umask for mkstemp; ok djm@ - - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise - prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@ - - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] - Plug AIX login recording into login_write so logins will be recorded for - all auth types. - -20040813 - - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at - redhat.com -- (dtucker) OpenBSD CVS Sync - - avsm@cvs.openbsd.org 2004/08/11 21:43:05 - [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] - some signed/unsigned int comparison cleanups; markus@ ok - - avsm@cvs.openbsd.org 2004/08/11 21:44:32 - [authfd.c scp.c ssh-keyscan.c] - use atomicio instead of homegrown equivalents or read/write. - markus@ ok - - djm@cvs.openbsd.org 2004/08/12 09:18:24 - [sshlogin.c] - typo in error message, spotted by moritz AT jodeit.org (Id sync only) - - jakob@cvs.openbsd.org 2004/08/12 21:41:13 - [ssh-keygen.1 ssh.1] - improve SSHFP documentation; ok deraadt@ - - jmc@cvs.openbsd.org 2004/08/13 00:01:43 - [ssh-keygen.1] - kill whitespace at eol; - - djm@cvs.openbsd.org 2004/08/13 02:51:48 - [monitor_fdpass.c] - extra check for no message case; ok markus, deraadt, hshoexer, henning - - dtucker@cvs.openbsd.org 2004/08/13 11:09:24 - [servconf.c] - Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr - ok markus@, djm@ - -20040812 - - (dtucker) [sshd.c] Remove duplicate variable imported during sync. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/07/28 08:56:22 - [sshd.c] - call setsid() _before_ re-exec - - markus@cvs.openbsd.org 2004/07/28 09:40:29 - [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c - sshconnect1.c] - more s/illegal/invalid/ - - djm@cvs.openbsd.org 2004/08/04 10:37:52 - [dh.c] - return group14 when no primes found - fixes hang on empty /etc/moduli; - ok markus@ - - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 - [servconf.c] - Fix minor leak; "looks right" deraadt@ - - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 - [sshd.c] - Don't try to close startup_pipe if it's not open; ok djm@ - - djm@cvs.openbsd.org 2004/08/11 11:59:22 - [sshlogin.c] - check that lseek went were we told it to; ok markus@ - (Id sync only, but similar changes are needed in loginrec.c) - - djm@cvs.openbsd.org 2004/08/11 12:01:16 - [sshlogin.c] - make store_lastlog_message() static to appease -Wall; ok markus - - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling - messages generated before the postauth privsep split. - -20040720 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/07/21 08:56:12 - [auth.c] - s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, - miod, ... - - djm@cvs.openbsd.org 2004/07/21 10:33:31 - [auth1.c auth2.c] - bz#899: Don't display invalid usernames in setproctitle - from peak AT argo.troja.mff.cuni.cz; ok markus@ - - djm@cvs.openbsd.org 2004/07/21 10:36:23 - [gss-serv-krb5.c] - fix function declaration - - djm@cvs.openbsd.org 2004/07/21 11:51:29 - [canohost.c] - bz#902: cache remote port so we don't fatal() in auth_log when remote - connection goes away quickly. from peak AT argo.troja.mff.cuni.cz; - ok markus@ - - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid - usernames in setproctitle from peak AT argo.troja.mff.cuni.cz; - -20040720 - - (djm) [log.c] bz #111: Escape more control characters when sending data - to syslog; from peak AT argo.troja.mff.cuni.cz - - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from - peak AT argo.troja.mff.cuni.cz - - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now - that sshd is fixed to behave better; suggested by tim - -20040719 - - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD - ok dtucker@ - - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function, - instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@ - - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry. - Report by rac AT tenzing.org - -20040717 - - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c - ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c - openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces - diff vs OpenBSD; ok mouring@, tested by tim@ too. - - (dtucker) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 - [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c - readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c - session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h - sshd.c ttymodes.h] - spaces - - brad@cvs.openbsd.org 2004/07/12 23:34:25 - [ssh-keyscan.1] - Fix incorrect macro, .I -> .Em - From: Eric S. Raymond - ok jmc@ - - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 - [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] - Move "Last logged in at.." message generation to the monitor, right - before recording the new login. Fixes missing lastlog message when - /var/log/lastlog is not world-readable and incorrect datestamp when - multiple sessions are used (bz #463); much assistance & ok markus@ - -20040711 - - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows - the monitor to properly clean up the PAM thread (Debian bug #252676). - -20040709 - - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from - vinschen AT redhat.com - -20040708 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2004/07/03 05:11:33 - [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable) - Use '\0' not 0 for string; ok djm@, deraadt@ - - dtucker@cvs.openbsd.org 2004/07/03 11:02:25 - [monitor_wrap.c] - Put s/key functions inside #ifdef SKEY same as monitor.c, - from des@freebsd via bz #330, ok markus@ - - dtucker@cvs.openbsd.org 2004/07/08 12:47:21 - [scp.c] - Prevent scp from skipping the file following a double-error. - bz #863, ok markus@ - -20040702 - - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by - strube at physik3.gwdg.de a long time ago. - -20040701 - - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. - Ensures messages from PAM modules are displayed when privsep=no. - - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes - warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ - - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK - to pam_authenticate for challenge-response auth too. Originally from - fcusack at fcusack.com, ok djm@ - - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within - the same version. Handle the case where someone uses --with-privsep-user= - and the user name does not match the group name. ok dtucker@ - -20040630 - - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL - appdata_ptr to the conversation function. ok djm@ - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2004/06/26 09:03:21 - [ssh.1] - - remove double word - - rearrange .Bk to keep SYNOPSIS nice - - -M before -m in options description - - jmc@cvs.openbsd.org 2004/06/26 09:11:14 - [ssh_config.5] - punctuation and grammar fixes. also, keep the options in order. - - jmc@cvs.openbsd.org 2004/06/26 09:14:40 - [sshd_config.5] - new sentence, new line; - - avsm@cvs.openbsd.org 2004/06/26 20:07:16 - [sshd.c] - initialise some fd variables to -1, djm@ ok - - djm@cvs.openbsd.org 2004/06/30 08:36:59 - [session.c] - unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ - -20040627 - - (tim) update README files. - - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros. - - (dtucker) [regress/README.regress] Document new variables. - - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp - rename handling for Linux which returns EPERM for link() on (at least some) - filesystems that do not support hard links. sftp-server will fall back to - stat+rename() in such cases. - - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. - -20040626 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/25 18:43:36 - [sshd.c] - fix broken fd handling in the re-exec fallback path, particularly when - /dev/crypto is in use; ok deraadt@ markus@ - - djm@cvs.openbsd.org 2004/06/25 23:21:38 - [sftp.c] - bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de - -20040625 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/24 19:30:54 - [servconf.c servconf.h sshd.c] - re-exec sshd on accept(); initial work, final debugging and ok markus@ - - djm@cvs.openbsd.org 2004/06/25 01:16:09 - [sshd.c] - only perform tcp wrappers checks when the incoming connection is on a - socket. silences useless warnings from regress tests that use - proxycommand="sshd -i". prompted by david@ ok markus@ - - djm@cvs.openbsd.org 2004/06/24 19:32:00 - [regress/Makefile regress/test-exec.sh, added regress/reexec.sh] - regress test for re-exec corner cases - - djm@cvs.openbsd.org 2004/06/25 01:25:12 - [regress/test-exec.sh] - clean reexec-specific junk out of text-exec.sh and simplify; idea markus@ - - dtucker@cvs.openbsd.org 2004/06/25 05:38:48 - [sftp-server.c] - Fall back to stat+rename if filesystem doesn't doesn't support hard - links. bz#823, ok djm@ - - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h] - Add closefrom() for platforms that don't have it. - - (dtucker) [sshd.c] add line missing from reexec sync. - -20040623 - - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 - connections with empty passwords. Patch from davidwu at nbttech.com, - ok djm@ - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2004/06/22 22:42:02 - [regress/envpass.sh] - Add quoting for test -z; ok markus@ - - dtucker@cvs.openbsd.org 2004/06/22 22:45:52 - [regress/test-exec.sh] - Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding - arbitary options to sshd_config and ssh_config during tests. ok markus@ - - dtucker@cvs.openbsd.org 2004/06/22 22:55:56 - [regress/dynamic-forward.sh regress/test-exec.sh] - Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@ - - mouring@cvs.openbsd.org 2004/06/23 00:39:38 - [rijndael.c] - -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@ - - dtucker@cvs.openbsd.org 2004/06/23 14:31:01 - [ssh.c] - Fix counting in master/slave when passing environment variables; ok djm@ - - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match - -Wshadow change. - - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' - - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] - Move loginrestrictions test to port-aix.c, replace with a generic hook. - - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable. - - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added - reference to "findssl.sh" - -20040622 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/20 17:36:59 - [ssh.c] - filter passed env vars at slave in connection sharing case; ok markus@ - - djm@cvs.openbsd.org 2004/06/20 18:53:39 - [sftp.c] - make "ls -l" listings print user/group names, add "ls -n" to show uid/gid - (like /bin/ls); idea & ok markus@ - - djm@cvs.openbsd.org 2004/06/20 19:28:12 - [sftp.1] - mention new -n flag - - avsm@cvs.openbsd.org 2004/06/21 17:36:31 - [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c - cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c - monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c - ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c - sshpty.c] - make ssh -Wshadow clean, no functional changes - markus@ ok - - djm@cvs.openbsd.org 2004/06/21 17:53:03 - [session.c] - fix fd leak for multiple subsystem connections; with markus@ - - djm@cvs.openbsd.org 2004/06/21 22:02:58 - [log.h] - mark fatal and cleanup exit as __dead; ok markus@ - - djm@cvs.openbsd.org 2004/06/21 22:04:50 - [sftp.c] - introduce sorting for ls, same options as /bin/ls; ok markus@ - - djm@cvs.openbsd.org 2004/06/21 22:30:45 - [sftp.c] - prefix ls option flags with LS_ - - djm@cvs.openbsd.org 2004/06/21 22:41:31 - [sftp.1] - document sort options - - djm@cvs.openbsd.org 2004/06/22 01:16:39 - [sftp.c] - don't show .files by default in ls, add -a option to turn them back on; - ok markus - - markus@cvs.openbsd.org 2004/06/22 03:12:13 - [regress/envpass.sh regress/multiplex.sh] - more portable env passing tests - - dtucker@cvs.openbsd.org 2004/06/22 05:05:45 - [monitor.c monitor_wrap.c] - Change login->username, will prevent -Wshadow errors in Portable; - ok markus@ - - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket". - - (dtucker) [defines.h] Define __dead if not already defined. - - (bal) [auth-passwd.c auth1.c] Clean up unused variables. - -20040620 - - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. - -20040619 - - (dtucker) [auth-pam.c] Don't use PAM namespace for - pam_password_change_required either. - - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd - init script to top level directory. Add opensshd.init.in. - Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in - -20040618 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/17 14:52:48 - [clientloop.c clientloop.h ssh.c] - support environment passing over shared connections; ok markus@ - - djm@cvs.openbsd.org 2004/06/17 15:10:14 - [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] - Add option for confirmation (ControlMaster=ask) via ssh-askpass before - opening shared connections; ok markus@ - - djm@cvs.openbsd.org 2004/06/17 14:53:27 - [regress/multiplex.sh] - shared connection env passing regress test - - (dtucker) [regress/README.regress] Add detail on how to run a single - test from the top-level Makefile. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/17 23:56:57 - [ssh.1 ssh.c] - sync usage() and SYNPOSIS with connection sharing changes - - dtucker@cvs.openbsd.org 2004/06/18 06:13:25 - [sftp.c] - Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@ - - dtucker@cvs.openbsd.org 2004/06/18 06:15:51 - [multiplex.sh] - Use -S for scp/sftp to force the use of the ssh being tested. - ok djm@,markus@ - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/06/18 10:40:19 - [ssh.c] - delay signal handler setup until we have finished talking to the master. - allow interrupting of setup (e.g. if master is stuck); ok markus@ - - markus@cvs.openbsd.org 2004/06/18 10:55:43 - [ssh.1 ssh.c] - trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; - ok djm - - djm@cvs.openbsd.org 2004/06/18 11:11:54 - [channels.c clientloop.c] - Don't explode in clientloop when we receive a bogus channel id, but - also don't generate them to begin with; ok markus@ - -20040617 - - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some - platforms), so test if diff understands it. Pointed out by tim@, ok djm@ - - (dtucker) OpenBSD CVS Sync regress/ - - dtucker@cvs.openbsd.org 2004/06/17 05:51:59 - [regress/multiplex.sh] - Remove datafile between and after tests, kill sshd rather than wait; - ok djm@ - - dtucker@cvs.openbsd.org 2004/06/17 06:00:05 - [regress/multiplex.sh] - Use DATA and COPY for test data rather than hard-coded paths; ok djm@ - - dtucker@cvs.openbsd.org 2004/06/17 06:19:06 - [regress/multiplex.sh] - Add small description of failing test to failure message; ok djm@ - - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need - it. - - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not - enough for slow systems, especially if they don't have a kernel RNG). - -20040616 - - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No - code changes. - - (dtucker) OpenBSD CVS Sync regress/ - - djm@cvs.openbsd.org 2004/04/27 09:47:30 - [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] - regress test for environment passing, SendEnv & AcceptEnv options; - ok markus@ - - dtucker@cvs.openbsd.org 2004/06/13 13:51:02 - [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh - regress/scp.sh] - Add scp regression test; with & ok markus@ - - djm@cvs.openbsd.org 2004/06/13 15:04:08 - [regress/Makefile regress/test-exec.sh, added regress/envpass.sh] - regress test for client multiplexing; ok markus@ - - djm@cvs.openbsd.org 2004/06/13 15:16:54 - [regress/test-exec.sh] - remove duplicate setting of $SCP; spotted by markus@ - - dtucker@cvs.openbsd.org 2004/06/16 13:15:09 - [regress/scp.sh] - Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@ - - dtucker@cvs.openbsd.org 2004/06/16 13:16:40 - [regress/multiplex.sh] - Silence multiplex sftp and scp tests. ok markus@ - - (dtucker) [regress/test-exec.sh] - Move Portable-only StrictModes to top of list to make syncs easier. - - (dtucker) [regress/README.regress] - Add $TEST_SHELL to readme. - -20040615 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/05/26 08:59:57 - [sftp.c] - exit -> _exit in forked child on error; from andrushock AT korovino.net - - markus@cvs.openbsd.org 2004/05/26 23:02:39 - [channels.c] - missing freeaddrinfo; Andrey Matveev - - dtucker@cvs.openbsd.org 2004/05/27 00:50:13 - [readconf.c] - Kill dead code after fatal(); ok djm@ - - dtucker@cvs.openbsd.org 2004/06/01 14:20:45 - [auth2-chall.c] - Remove redundant #include; ok markus@ - - pedro@cvs.openbsd.org 2004/06/03 12:22:20 - [sftp-client.c sftp.c] - initialize pointers, ok markus@ - - djm@cvs.openbsd.org 2004/06/13 12:53:24 - [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] - [ssh-keyscan.c sshconnect2.c sshd.c] - implement diffie-hellman-group14-sha1 kex method (trivial extension to - existing diffie-hellman-group1-sha1); ok markus@ - - dtucker@cvs.openbsd.org 2004/06/13 14:01:42 - [ssh.1 ssh_config.5 sshd_config.5] - List supported ciphers in man pages, tidy up ssh -c; - "looks fine" jmc@, ok markus@ - - djm@cvs.openbsd.org 2004/06/13 15:03:02 - [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c] - [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] - implement session multiplexing in the client (the server has supported - this since 2.0); ok markus@ - - djm@cvs.openbsd.org 2004/06/14 01:44:39 - [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] - [sshd.c] - set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ - - djm@cvs.openbsd.org 2004/06/15 05:45:04 - [clientloop.c] - missed one unset_nonblock; spotted by Tim Rice - - (djm) Fix Makefile.in for connection sharing changes - - (djm) [ssh.c] Use separate var for address length - -20040603 - - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. - ok djm@ - -20040601 - - (djm) [auth-pam.c] Add copyright for local changes - -20040530 - - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM - support for PasswordAuthentication=yes. ok djm@ - - (dtucker) [auth-pam.c] Use an invalid password for root if - PermitRootLogin != yes or the login is invalid, to prevent leaking - information. Based on Openwall's owl-always-auth patch. ok djm@ - - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@ - - (tim) [buildpkg.sh.in] New file. A more flexible version of - contrib/solaris/buildpkg.sh used for "make package". - - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file. - -20040527 - - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec - contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass - and Jim Knoble's email address , from Jim himself. - -20040524 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/05/19 12:17:33 - [sftp-client.c sftp.c] - gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while - waiting for a command; ok markus@ - - dtucker@cvs.openbsd.org 2004/05/20 10:58:05 - [clientloop.c] - Trivial type fix 0 -> '\0'; ok markus@ - - markus@cvs.openbsd.org 2004/05/21 08:43:03 - [kex.h moduli.c tildexpand.c] - add prototypes for -Wall; ok djm - - djm@cvs.openbsd.org 2004/05/21 11:33:11 - [channels.c channels.h clientloop.c serverloop.c ssh.1] - bz #756: add support for the cancel-tcpip-forward request for the server - and the client (through the ~C commandline). reported by z3p AT - twistedmatrix.com; ok markus@ - - djm@cvs.openbsd.org 2004/05/22 06:32:12 - [clientloop.c ssh.1] - use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@ - - jmc@cvs.openbsd.org 2004/05/22 16:01:05 - [ssh.1] - kill whitespace at eol; - - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 - [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config - sshd_config.5] - Add MaxAuthTries sshd config option; ok markus@ - - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" - is terminated if the privsep slave exits during keyboard-interactive - authentication. ok djm@ - - (dtucker) [sshd.c] Fix typo in comment. - -20040523 - - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in - sshd_config; ok dtucker@ - - (djm) [configure.ac] Warn if the system has no known way of figuring out - which user is on the other end of a Unix domain socket; ok dtucker@ - - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle - old/broken/incomplete . - -20040513 - - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in - libresolv, fixes problems detecting it on some platforms - (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@ - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2004/05/04 18:36:07 - [scp.1] - SendEnv here too; - - jmc@cvs.openbsd.org 2004/05/06 11:24:23 - [ssh_config.5] - typo from John Cosimano (PR 3770); - - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 - [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c - tildexpand.c], removed: sshtty.h tildexpand.h - make two tiny header files go away; djm ok - - djm@cvs.openbsd.org 2004/05/08 00:21:31 - [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c - sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h - kill a tiny header; ok deraadt@ - - djm@cvs.openbsd.org 2004/05/09 00:06:47 - [moduli.c ssh-keygen.c] removed: moduli.h - zap another tiny header; ok deraadt@ - - djm@cvs.openbsd.org 2004/05/09 01:19:28 - [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c - sshd.c] removed: mpaux.c mpaux.h - kill some more tiny files; ok deraadt@ - - djm@cvs.openbsd.org 2004/05/09 01:26:48 - [kex.c] - don't overwrite what we are trying to compute - - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 - [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c - packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] - improve some code lint did not like; djm millert ok - - dtucker@cvs.openbsd.org 2004/05/13 02:47:50 - [ssh-agent.1] - Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@ - - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to - UsePAM section. Parts from djm@ and jmc@. - - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses - readpass.h, grep says scard-opensc.c does too. Replace with misc.h. - - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR - is defined before using. - - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR - -> HAVE_DECL_H_ERRNO. - -20040502 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/04/22 11:56:57 - [moduli.c] - Bugzilla #850: Sophie Germain is the correct name of the French - mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr - - djm@cvs.openbsd.org 2004/04/27 09:46:37 - [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c - ssh_config.5 sshd_config.5] - bz #815: implement ability to pass specified environment variables from - the client to the server; ok markus@ - - djm@cvs.openbsd.org 2004/04/28 05:17:10 - [ssh_config.5 sshd_config.5] - manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu) - - jmc@cvs.openbsd.org 2004/04/28 07:02:56 - [sshd_config.5] - remove unnecessary .Pp; - - jmc@cvs.openbsd.org 2004/04/28 07:13:42 - [sftp.1 ssh.1] - add SendEnv to -o list; - - dtucker@cvs.openbsd.org 2004/05/02 11:54:31 - [sshd.8] - Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk - via Debian; ok djm@ - - dtucker@cvs.openbsd.org 2004/05/02 11:57:52 - [ssh.1] - ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via - Debian. ok djm@ - - dtucker@cvs.openbsd.org 2004/05/02 23:02:17 - [sftp.1] - ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@ - - dtucker@cvs.openbsd.org 2004/05/02 23:17:51 - [scp.1] - ConnectionTimeout -> ConnectTimeout for scp.1 too. - -20040423 - - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno - as extern int if not already declared. Fixes compile errors on old SCO - platforms. ok tim@ - - (dtucker) [README.platform] List prereqs for building on Cygwin. - -20040421 - - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@ - -20040420 - - (djm) OpenBSD CVS Sync - - henning@cvs.openbsd.org 2004/04/08 16:08:21 - [sshconnect2.c] - swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what - FreeBSD and NetBSD do. - ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ - - djm@cvs.openbsd.org 2004/04/18 23:10:26 - [readconf.c readconf.h ssh-keysign.c ssh.c] - perform strict ownership and modes checks for ~/.ssh/config files, - as these can be used to execute arbitrary programs; ok markus@ - NB. ssh will now exit when it detects a config with poor permissions - - djm@cvs.openbsd.org 2004/04/19 13:02:40 - [ssh.1 ssh_config.5] - document strict permission checks on ~/.ssh/config; prompted by, - with & ok jmc@ - - jmc@cvs.openbsd.org 2004/04/19 16:12:14 - [ssh_config.5] - kill whitespace at eol; - - djm@cvs.openbsd.org 2004/04/19 21:51:49 - [ssh.c] - fix idiot typo that i introduced in my last commit; - spotted by cschneid AT cschneid.com - - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for - above change - - (djm) [configure.ac] Check whether libroken is required when building - with Heimdal - -20040419 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2004/02/29 22:04:45 - [regress/login-timeout.sh] - Use sudo when restarting daemon during test. ok markus@ - - dtucker@cvs.openbsd.org 2004/03/08 10:17:12 - [regress/login-timeout.sh] - Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only) - - djm@cvs.openbsd.org 2004/03/30 12:41:56 - [sftp-client.c] - sync comment with reality - - djm@cvs.openbsd.org 2004/03/31 21:58:47 - [canohost.c] - don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) - - markus@cvs.openbsd.org 2004/04/01 12:19:57 - [scp.c] - limit trust between local and remote rcp/scp process, - noticed by lcamtuf; ok deraadt@, djm@ - -20040418 - - (dtucker) [auth-pam.c] Log username and source host for failed PAM - authentication attempts. With & ok djm@ - - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow - change of user context without a password, so relax auth method - restrictions; from vinschen AT redhat.com; ok dtucker@ - -20040416 - - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since - FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com - - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache - file using FILE: method, fixes problems on Mac OSX. - Patch from simon@sxw.org.uk; ok dtucker@ - - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and - BROKEN_SETREGID for SCO OpenServer 3 - -20040412 - - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning - from bug #701 (text from jfh at cise.ufl.edu). - - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg - skeychallenge(), eg on NetBSD. ok mouring@ - - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly - 4-arg, with compatibility for 3-arg versions. From djm@, ok me. - - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@ - -20040408 - - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating - pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. - - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers - back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) - - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and - simplify loginrec.c. ok tim@ - - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested - limiting scope and dtucker@ agreed. - -20040407 - - (dtucker) [session.c] Flush stdout after displaying loginmsg. From - f_mohr at yahoo.de. - - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see - if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) - are starting to restrict it as internal since it is not needed by - developers any more. (Patch based on Apple tree) - - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since - krb5 on MacOS/X conflicts. There may be a better solution, but this will - work for now. - -20040406 - - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use - updwtmpx() on IRIX since it seems to clobber utmp. ok djm@ - - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect - broken getaddrinfo and friends on HP-UX. ok djm@ - -20040330 - - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on - Linuxes, since that's what many use. ok djm@ - - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c - to reduce potential confusion with the one in sshd.c. ok djm@ - - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection; - with & ok dtucker@ - -20040327 - - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent - duplicate login messages for mutli-session logins. ok djm@ - -20040322 - - (djm) [sshd.c] Drop supplemental groups if started as root - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/03/09 22:11:05 - [ssh.c] - increase x11 cookie lifetime to 20 minutes; ok djm - - markus@cvs.openbsd.org 2004/03/10 09:45:06 - [ssh.c] - trim usage to match ssh(1) and look more like unix. ok djm@ - - markus@cvs.openbsd.org 2004/03/11 08:36:26 - [sshd.c] - trim usage; ok deraadt - - markus@cvs.openbsd.org 2004/03/11 10:21:17 - [ssh.c sshd.c] - ssh, sshd: sync version output, ok djm - - markus@cvs.openbsd.org 2004/03/20 10:40:59 - [version.h] - 3.8.1 - - (djm) Crank RPM spec versions - -20040311 - - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker - -20040310 - - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo - before redefining it, silences warnings on Tru64. - -20040308 - - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some - platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@ - - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h - openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being - inherited by the child. ok djm@ - - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c - monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized - even if keyboard-interactive is not used by the client. Prevents - segfaults in some cases where the user's password is expired (note this - is not considered a security exposure). ok djm@ - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/03/03 06:47:52 - [sshd.c] - change proctiltle after accept(2); ok henning, deraadt, djm - - djm@cvs.openbsd.org 2004/03/03 09:30:42 - [sftp-client.c] - Don't print duplicate messages when progressmeter is off - Spotted by job317 AT mailvault.com; ok markus@ - - djm@cvs.openbsd.org 2004/03/03 09:31:20 - [sftp.c] - Fix initialisation of progress meter; ok markus@ - - markus@cvs.openbsd.org 2004/03/05 10:53:58 - [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] - add IdentitiesOnly; ok djm@, pb@ - - djm@cvs.openbsd.org 2004/03/08 09:38:05 - [ssh-keyscan.c] - explicitly initialise remote_major and remote_minor. - from cjwatson AT debian.org; ok markus@ - - dtucker@cvs.openbsd.org 2004/03/08 10:18:57 - [sshd_config.5] - Document KerberosGetAFSToken; ok markus@ - - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal - -20040307 - - (tim) [regress/login-timeout.sh] fix building outside of source tree. - -20040304 - - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with - -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@ - - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, - prevent hanging during PAM keyboard-interactive authentications. ok djm@ - - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h - openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when - configured --with-osfsia. ok djm@ - -20040303 - - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent - ok dtucker - -20040229 - - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 - -20040229 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/02/25 00:22:45 - [sshd.c] - typo in comment - - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 - [dh.c] - Prevent sshd from sending DH groups with a primitive generator of zero or - one, even if they are listed in /etc/moduli. ok markus@ - - dtucker@cvs.openbsd.org 2004/02/27 22:44:56 - [dh.c] - Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone - ever uses one. ok markus@ - - dtucker@cvs.openbsd.org 2004/02/27 22:49:27 - [dh.c] - Reset bit counter at the right time, fixes debug output in the case where - the DH group is rejected. ok markus@ - - dtucker@cvs.openbsd.org 2004/02/17 08:23:20 - [regress/Makefile regress/login-timeout.sh] - Add regression test for LoginGraceTime; ok markus@ - - markus@cvs.openbsd.org 2004/02/24 16:56:30 - [regress/test-exec.sh] - allow arguments in ${TEST_SSH_XXX} - - markus@cvs.openbsd.org 2004/02/24 17:06:52 - [regress/ssh-com-client.sh regress/ssh-com-keygen.sh - regress/ssh-com-sftp.sh regress/ssh-com.sh] - test against recent ssh.com releases - - dtucker@cvs.openbsd.org 2004/02/28 12:16:57 - [regress/dynamic-forward.sh] - Make dynamic-forward understand nc's new output. ok markus@ - - dtucker@cvs.openbsd.org 2004/02/28 13:44:45 - [regress/try-ciphers.sh] - Test acss too; ok markus@ - - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we - built with openssl < 0.9.7) - -20040226 - - (bal) KNF our sshlogin.c even if the code looks nothing like upstream - code due to diversity issues. - -20040225 - - (djm) Trim ChangeLog - - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora - -20040224 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/02/19 21:15:04 - [sftp-server.c] - switch to new license.template - - markus@cvs.openbsd.org 2004/02/23 12:02:33 - [sshd.c] - backout revision 1.279; set listen socket to non-block; ok henning. - - markus@cvs.openbsd.org 2004/02/23 15:12:46 - [bufaux.c] - encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka - and drop support for negative BNs; ok otto@ - - markus@cvs.openbsd.org 2004/02/23 15:16:46 - [version.h] - enter 3.8 - - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found - with krb5-config, hunt down gssapi.h and friends. Based partially on patch - from deengert at anl.gov. ok djm@ - - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime - using sysconf() if available Based on patches from - holger AT van-lengerich.de and openssh_bugzilla AT hockin.org - - (dtucker) [uidswap.c] Minor KNF. ok djm@ - - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@ - - (djm) Crank RPM spec versions - - (dtucker) [README] Add pointer to release notes. ok djm@ - - (dtucker) {README.platform] Add platform-specific notes. - - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot - - (djm) Release 3.8p1 - -20040223 - - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the - non-interactive path. ok djm@ - -20040222 - - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test - to auth-shadow.c, no functional change. ok djm@ - - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or - password expiry. ok djm@ - - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents - multiple warnings if a wrong password is entered. - - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path - too. - -20040220 - - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ - -20040218 - - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a - path with a "-" in it. From Sergio.Gelato at astro.su.se. - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/02/17 07:17:29 - [sftp-glob.c sftp.c] - Remove useless headers; ok deraadt@ - - djm@cvs.openbsd.org 2004/02/17 11:03:08 - [sftp.c] - sftp.c and sftp-int.c, together at last; ok markus@ - - jmc@cvs.openbsd.org 2004/02/17 19:35:21 - [sshd_config.5] - remove cruft left over from RhostsAuthentication removal; - ok markus@ - - (djm) [log.c] Correct use of HAVE_OPENLOG_R - - (djm) [log.c] Tighten openlog_r tests - -20040217 - - (djm) Simplify the license on code I have written. No code changes. - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/02/17 05:39:51 - [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c] - [sftp-int.h sftp.c] - switch to license.template for code written by me (belated, I know...) - - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from - stadal@suse.cz and simon@sxw.org.uk - - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ - - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for - display after login. Should fix problems like pam_motd not displaying - anything, noticed by cjwatson at debian.org. ok djm@ - -20040212 - - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh] - Portablity fixes. Data sftp transfers needs to be world readable. Some - older shells hang on while loops when doing sh -n some_script. OK dtucker@ - - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3. - ok mouring@ - -20040211 - - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check - if HAS_SHADOW_EXPIRY is set. - - (tim) [configure.ac] Fix comment to match code changes in ver 1.117 - -20040210 - - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c - openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's - native password expiry. - - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h - defines.h] Bug #14: Use do_pwchange to support password expiry and force - change for platforms using /etc/shadow. ok djm@ - - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat - functions to avoid conflicts with Heimdal's libroken. ok djm@ - - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to - change expired PAM passwords for SSHv1 connections without privsep. - pam_chauthtok is still used when privsep is disabled. ok djm@ - - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move - include from port-aix.h to port-aix.c and remove unnecessary function - definition. Fixes build errors on AIX. - - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms - that support it. from & ok mouring@ - - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x. - ok djm@ - -20040207 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 - [cipher-ctr.c] - Use EVP_CIPHER_CTX_key_length for key length. ok markus@ - (This will fix builds with OpenSSL 0.9.5) - - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5. - ok djm@, markus@ - -20040206 - - (dtucker) [acss.c acss.h] Fix $Id tags. - - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with - OpenSSL >= 0.9.7. ok djm@ - - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root - user, since some modules might fail due to lack of privilege. ok djm@ - - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO - for HP-UX 11.11. If there are known-good configs where this is not - required, please report them. ok djm@ - - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent - accidentally inheriting from root's environment. ok djm@ - - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796: - Restore previous authdb setting after auth calls. Fixes problems with - setpcred failing on accounts that use AFS or NIS password registries. - - (dtucker) [configure.ac includes.h] Include if present, - required on Solaris 2.5.1 for queue_t, which is used by . - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2004/01/30 09:48:57 - [auth-passwd.c auth.h pathnames.h session.c] - support for password change; ok dtucker@ - (set password-dead=1w in login.conf to use this). - In -Portable, this is currently only platforms using bsdauth. - - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 - [monitor.c sshd.c] - Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@ - - markus@cvs.openbsd.org 2004/02/05 15:33:33 - [progressmeter.c] - fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@ - -20040129 - - (dtucker) OpenBSD CVS Sync regress/ - - dtucker@cvs.openbsd.org 2003/10/11 11:49:49 - [Makefile banner.sh] - Test missing banner file, suppression of banner with ssh -q, check return - code from ssh. ok markus@ - - jmc@cvs.openbsd.org 2003/11/07 10:16:44 - [ssh-com.sh] - adress -> address, and a few more; all from Jonathon Gray; - - djm@cvs.openbsd.org 2004/01/13 09:49:06 - [sftp-batch.sh] - - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from - tim@, ok several - - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h] - Bug #775: Cray fixes from wendy at cray.com - -20040128 - - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@ - - (dtucker) [moduli] Import new moduli file from OpenBSD. - -20040127 - - (djm) OpenBSD CVS Sync - - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03 - [cipher.c] - enable acss for ssh - ok deraadt@ markus@ - - mouring@cvs.openbsd.org 2004/01/23 17:57:48 - [sftp-int.c] - Fix issue pointed out with ls not handling large directories - with embeded paths correctly. OK damien@ - - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33 - [cipher.c] - rename acss@opebsd.org to acss@openssh.org - ok deraadt@ - - djm@cvs.openbsd.org 2004/01/25 03:49:09 - [sshconnect.c] - reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) - from jclonguet AT free.fr; ok millert@ - - djm@cvs.openbsd.org 2004/01/27 10:08:10 - [sftp.c] - reorder parsing so user:skey@host:file works (bugzilla #777) - patch from admorten AT umich.edu; ok markus@ - - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS - if libcrypto lacks it - -20040126 - - (tim) Typo in regress/README.regress - - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated. - - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG - - (tim) [configure.ac includes.h] add for grantpt() and friends. - - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ - and T_SIG to getrrsetbyname.h - -20040124 - - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com - -20040123 - - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from - ralf.hack AT pipex.net; ok dtucker@ - - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect - Kerberos location (and thus work with Fedora Core 1); - from jason AT devrandom.org - - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for - zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@ - - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options. - Patch from vinschen at redhat.com. - - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] - Change AFS symbol to USE_AFS to prevent namespace collisions, do not - include kafs.h unless necessary. From deengert at anl.gov. - - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and - -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \ - CPPFLAGS="-I/usr/local/include" ./configure if needed. - -20040122 - - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/ - GSSAPI detection, libs and includes. ok djm@ - - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not - just HEIMDAL. - - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of - /usr/local being a symbolic link. Fixes problem reported by Henry Grebler. - -20040121 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2004/01/13 09:25:05 - [sftp-int.c sftp.1 sftp.c] - Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and - enable use of "-b -" to accept batchfile from stdin; ok markus@ - - jmc@cvs.openbsd.org 2004/01/13 12:17:33 - [sftp.1] - remove unnecessary Ic's; - kill whitespace at EOL; - ok djm@ - - markus@cvs.openbsd.org 2004/01/13 19:23:15 - [compress.c session.c] - -Wall; ok henning - - markus@cvs.openbsd.org 2004/01/13 19:45:15 - [compress.c] - cast for portability; millert@ - - markus@cvs.openbsd.org 2004/01/19 09:24:21 - [channels.c] - fake consumption for half closed channels since the peer is waiting for - window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@ - reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo' - - markus@cvs.openbsd.org 2004/01/19 21:25:15 - [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] - fix mem leaks; some fixes from Pete Flugstad; tested dtucker@ - - djm@cvs.openbsd.org 2004/01/21 03:07:59 - [sftp.c] - initialise infile in main, rather than statically - from portable - - deraadt@cvs.openbsd.org 2004/01/11 21:55:06 - [sshpty.c] - for pty opening, only use the openpty() path. the other stuff only needs - to be in openssh-p; markus ok - - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an - openpty() replacement - -20040114 - - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits - unexpectedly. with & ok djm@ - - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add - test for case where cleanup has already run. - - (dtucker) [auth-pam.c] Add minor debugging. - -20040113 - - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No - functional changes. - -20040108 - - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and - only define if not already. From des at freebsd.org. - - (dtucker) [configure.ac] Remove extra (typo) comma. - -20040105 - - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from - cjwatson at debian.org. - - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] - Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@ - -20040102 - - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from - jakob@ - - (djm) Remove useless DNS support configure summary message. from jakob@ - - (djm) OSX/Darwin put the PAM headers in a different place, detect this. - Report from jakob@ - -20031231 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/12/22 09:16:58 - [moduli.c ssh-keygen.1 ssh-keygen.c] - tidy up moduli generation debugging, add -v (verbose/debug) option to - ssh-keygen; ok markus@ - - markus@cvs.openbsd.org 2003/12/22 20:29:55 - [cipher-3des1.c] - EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr - - jakob@cvs.openbsd.org 2003/12/23 16:12:10 - [servconf.c servconf.h session.c sshd_config] - implement KerberosGetAFSToken server option. ok markus@, beck@ - - millert@cvs.openbsd.org 2003/12/29 16:39:50 - [sshd_config] - KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK - - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 - [auth2-passwd.c] - Ignore password change request during password auth (which we currently - don't support) and discard proposed new password. corrections/ok markus@ - - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. - -20031219 - - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we - typedef size_t ourselves. - -20031218 - - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. - - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive - authentication. Partially fixes bug #423. Feedback & ok djm@ - -20031217 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/12/09 15:28:43 - [serverloop.c] - make ClientKeepAlive work for ssh -N, too (no login shell requested). - 1) send a bogus channel request if we find a channel - 2) send a bogus global request if we don't have a channel - ok + test beck@ - - markus@cvs.openbsd.org 2003/12/09 17:29:04 - [sshd.c] - fix -o and HUP; ok henning@ - - markus@cvs.openbsd.org 2003/12/09 17:30:05 - [ssh.c] - don't modify argv for ssh -o; similar to sshd.c 1.283 - - markus@cvs.openbsd.org 2003/12/09 21:53:37 - [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] - [ssh_config.5 sshconnect.c sshd.c sshd_config.5] - rename keepalive to tcpkeepalive; the old name causes too much - confusion; ok djm, dtucker; with help from jmc@ - - dtucker@cvs.openbsd.org 2003/12/09 23:45:32 - [clientloop.c] - Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@ - - markus@cvs.openbsd.org 2003/12/14 12:37:21 - [ssh_config.5] - we don't support GSS KEX; from Simon Wilkinson - - markus@cvs.openbsd.org 2003/12/16 15:49:51 - [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] - [ssh.c ssh_config.5] - application layer keep alive (ServerAliveInterval ServerAliveCountMax) - for ssh(1), similar to the sshd(8) option; ok beck@; with help from - jmc and dtucker@ - - markus@cvs.openbsd.org 2003/12/16 15:51:54 - [dh.c] - use <= instead of < in dh_estimate; ok provos/hshoexer; - do not return < DH_GRP_MIN - - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for - setres[ug]id() present but not implemented (eg some Linux/glibc - combinations). - - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are - using a real 'signal()' (Noticed by a NeXT Compile) - -20031209 - - (dtucker) OpenBSD CVS Sync - - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 - [ssh-add.1] - ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@. - - djm@cvs.openbsd.org 2003/11/26 21:44:29 - [cipher-aes.c] - fix #ifdef before #define; ok markus@ - (RCS ID sync only, Portable already had this) - - markus@cvs.openbsd.org 2003/12/02 12:15:10 - [progressmeter.c] - improvments from andreas@: - * saner speed estimate for transfers that takes less than a second by - rounding the time to 1 second. - * when the transfer is finished calculate the actual total speed - rather than the current speed which is given during the transfer - - markus@cvs.openbsd.org 2003/12/02 17:01:15 - [channels.c session.c ssh-agent.c ssh.h sshd.c] - use SSH_LISTEN_BACKLOG (=128) in listen(2). - - djm@cvs.openbsd.org 2003/12/07 06:34:18 - [moduli.c] - remove unused debugging #define templates - - markus@cvs.openbsd.org 2003/12/08 11:00:47 - [kexgexc.c] - print requested group size in debug; ok djm - - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 - [moduli.c] - Prevent ssh-keygen -T from outputting moduli with a generator of 0, since - they can't be used for Diffie-Hellman. Assistance and ok djm@ - - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. - -20031208 - - (tim) [configure.ac] Bug 770. Fix --without-rpath. - -20031123 - - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own - function and call it unconditionally - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/11/23 23:17:34 - [ssh-keyscan.c] - from portable - use sysconf to detect fd limit; ok markus@ - (tidy diff by adding SSH_SSFDMAX macro to defines.h) - - djm@cvs.openbsd.org 2003/11/23 23:18:45 - [ssh-keygen.c] - consistency PATH_MAX -> MAXPATHLEN; ok markus@ - (RCS ID sync only) - - djm@cvs.openbsd.org 2003/11/23 23:21:21 - [scp.c] - from portable: rename clashing variable limit-> limit_rate; ok markus@ - (RCS ID sync only) - - dtucker@cvs.openbsd.org 2003/11/24 00:16:35 - [ssh.1 ssh.c] - Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@ - - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original - source file path (in OpenBSD tree). - -20031122 - - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ - - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] - Move AIX specific password authentication code to port-aix.c, call - authenticate() until reenter flag is clear. - - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net. - Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA - is enabled, rely on SIA to check for locked accounts if enabled. ok djm@ - - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch - - (djm) [sftp-int.c] Remove duplicated code from bogus sync - - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code - -20031121 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/11/20 11:39:28 - [progressmeter.c] - fix rounding errors; from andreas@ - - djm@cvs.openbsd.org 2003/11/21 11:57:03 - [everything] - unexpand and delete whitespace at EOL; ok markus@ - (done locally and RCS IDs synced) - -20031118 - - (djm) Fix early exit for root auth success when UsePAM=yes and - PermitRootLogin=no - - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, - and use it for do_pam_session. Fixes problems like pam_motd not - displaying anything. ok djm@ - - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ - - (djm) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 - [serverloop.c] - Correct check for authctxt->valid. ok djm@ - - djm@cvs.openbsd.org 2003/11/18 10:53:07 - [monitor.c] - unbreak fake authloop for non-existent users (my screwup). Spotted and - tested by dtucker@; ok markus@ - -20031117 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/11/03 09:03:37 - [auth-chall.c] - make this a little more idiot-proof; ok markus@ - (includes portable-specific changes) - - jakob@cvs.openbsd.org 2003/11/03 09:09:41 - [sshconnect.c] - move changed key warning into warn_changed_key(). ok markus@ - - jakob@cvs.openbsd.org 2003/11/03 09:37:32 - [sshconnect.c] - do not free static type pointer in warn_changed_key() - - djm@cvs.openbsd.org 2003/11/04 08:54:09 - [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] - [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] - [session.c] - standardise arguments to auth methods - they should all take authctxt. - check authctxt->valid rather then pw != NULL; ok markus@ - - jakob@cvs.openbsd.org 2003/11/08 16:02:40 - [auth1.c] - remove unused variable (pw). ok djm@ - (id sync only - still used in portable) - - jmc@cvs.openbsd.org 2003/11/08 19:17:29 - [sftp-int.c] - typos from Jonathon Gray; - - jakob@cvs.openbsd.org 2003/11/10 16:23:41 - [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] - [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] - [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] - constify. ok markus@ & djm@ - - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 - [scp.c] - When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@ - - jakob@cvs.openbsd.org 2003/11/12 16:39:58 - [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] - update SSHFP validation. ok markus@ - - jmc@cvs.openbsd.org 2003/11/12 20:14:51 - [ssh_config.5] - make verb agree with subject, and kill some whitespace; - - markus@cvs.openbsd.org 2003/11/14 13:19:09 - [sshconnect2.c] - cleanup and minor fixes for the client code; from Simon Wilkinson - - djm@cvs.openbsd.org 2003/11/17 09:45:39 - [msg.c msg.h sshconnect2.c ssh-keysign.c] - return error on msg send/receive failure (rather than fatal); ok markus@ - - markus@cvs.openbsd.org 2003/11/17 11:06:07 - [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] - [monitor_wrap.h sshconnect2.c ssh-gss.h] - replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; - test + ok jakob. - - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int - conversation function - - (djm) Export environment variables from authentication subprocess to - parent. Part of Bug #717 - -20031115 - - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and - HP-UX, skip test on AIX. - -20031113 - - (dtucker) [auth-pam.c] Append newlines to lines output by the - pam_chauthtok_conv(). - - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All - contrib/cygwin). Major update from vinschen at redhat.com. - - Makefile provides a `cygwin-postinstall' target to run right after - `make install'. - - Better support for Windows 2003 Server. - - Try to get permissions as correct as possible. - - New command line options to allow full automated host configuration. - - Create configs from skeletons in /etc/defaults/etc. - - Use /bin/bash, allows reading user input with readline support. - - Remove really old configs from /usr/local. - - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and - PAM_ERROR_MSG messages. - -20031106 - - (djm) Clarify UsePAM consequences a little more - -20031103 - - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services - are created correctly with CRLF line terminations. Patch from vinschen at - redhat.com. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/10/15 09:48:45 - [monitor_wrap.c] - check pmonitor != NULL - - markus@cvs.openbsd.org 2003/10/21 09:50:06 - [auth2-gss.c] - make sure the doid is larger than 2 - - avsm@cvs.openbsd.org 2003/10/26 16:57:43 - [sshconnect2.c] - rename 'supported' static var in userauth_gssapi() to 'gss_supported' - to avoid shadowing the global version. markus@ ok - - markus@cvs.openbsd.org 2003/10/28 09:08:06 - [misc.c] - error->debug for getsockopt+TCP_NODELAY; several requests - - markus@cvs.openbsd.org 2003/11/02 11:01:03 - [auth2-gss.c compat.c compat.h sshconnect2.c] - remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk - - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. - -20031021 - - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords - directly. Noted by Darren.Moffat at sun.com. - - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set, - make agent setgid during test. - -20031017 - - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with - MD5 passwords even if PAM support is enabled. From steev at detritus.net. - -20031015 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2003/10/08 08:27:36 - [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] - scp and sftp: add options list and sort options. options list requested - by deraadt@ - sshd: use same format as ssh - ssh: remove wrong option from list - sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) - ok deraadt@ markus@ - - markus@cvs.openbsd.org 2003/10/08 15:21:24 - [readconf.c ssh_config.5] - default GSS API to no in client, too; ok jakob, deraadt@ - - markus@cvs.openbsd.org 2003/10/11 08:24:08 - [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] - remote x11 clients are now untrusted by default, uses xauth(8) to generate - untrusted cookies; ForwardX11Trusted=yes restores old behaviour. - ok deraadt; feedback and ok djm/fries - - markus@cvs.openbsd.org 2003/10/11 08:26:43 - [sshconnect2.c] - search keys in reverse order; fixes #684 - - markus@cvs.openbsd.org 2003/10/11 11:36:23 - [monitor_wrap.c] - return NULL for missing banner; ok djm@ - - jmc@cvs.openbsd.org 2003/10/12 13:12:13 - [ssh_config.5] - note that EnableSSHKeySign should be in the non-hostspecific section; - remove unnecessary .Pp; - ok markus@ - - markus@cvs.openbsd.org 2003/10/13 08:22:25 - [scp.1 sftp.1] - don't refer to options related to forwarding; ok jmc@ - - jakob@cvs.openbsd.org 2003/10/14 19:42:10 - [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] - include SSHFP lookup code (not enabled by default). ok markus@ - - jakob@cvs.openbsd.org 2003/10/14 19:43:23 - [README.dns] - update - - markus@cvs.openbsd.org 2003/10/14 19:54:39 - [session.c ssh-agent.c] - 10X for mkdtemp; djm@ - - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c - openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always - compiled in but disabled in config. - - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. - - (tim) [regress/banner.sh] portability fix. - -20031009 - - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ - -20031008 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2003/10/07 01:47:27 - [sshconnect2.c] - Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & - #707. ok markus@ - - djm@cvs.openbsd.org 2003/10/07 07:04:16 - [sftp-int.c] - sftp quoting fix from admorten AT umich.edu; ok markus@ - - deraadt@cvs.openbsd.org 2003/10/07 21:58:28 - [sshconnect2.c] - set ptr to NULL after free - - dtucker@cvs.openbsd.org 2003/10/07 01:52:13 - [regress/Makefile regress/banner.sh] - Test SSH2 banner. ok markus@ - - djm@cvs.openbsd.org 2003/10/07 07:04:52 - [regress/sftp-cmds.sh] - more sftp quoting regress tests; ok markus - -20031007 - - (djm) Delete autom4te.cache after autoreconf - - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static - cleanup functions. With & ok djm@ - - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a - run-time switch, always build --with-md5-passwords. - - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c] - Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@ - - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID - on Reliant Unix. Patch from Robert.Dahlem at siemens.com. - - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on - Reliant Unix. Based on patch from Robert.Dahlem at siemens.com. - -20031003 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/10/02 10:41:59 - [sshd.c] - print openssl version, too, several requests; ok henning/djm. - - markus@cvs.openbsd.org 2003/10/02 08:26:53 - [ssh-gss.h] - missing $OpenBSD:; dtucker - - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default - option. - -20031002 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/09/23 20:17:11 - [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c - cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h - monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h - ssh-agent.c sshd.c] - replace fatal_cleanup() and linked list of fatal callbacks with static - cleanup_exit() function. re-refine cleanup_exit() where appropriate, - allocate sshd's authctxt eary to allow simpler cleanup in sshd. - tested by many, ok deraadt@ - - markus@cvs.openbsd.org 2003/09/23 20:18:52 - [progressmeter.c] - don't print trailing \0; bug #709; Robert.Dahlem@siemens.com - ok millert/deraadt@ - - markus@cvs.openbsd.org 2003/09/23 20:41:11 - [channels.c channels.h clientloop.c] - move client only agent code to clientloop.c - - markus@cvs.openbsd.org 2003/09/26 08:19:29 - [sshd.c] - no need to set the listen sockets to non-block; ok deraadt@ - - jmc@cvs.openbsd.org 2003/09/29 11:40:51 - [ssh.1] - - add list of options to -o and .Xr ssh_config(5) - - some other cleanup - requested by deraadt@; - ok deraadt@ markus@ - - markus@cvs.openbsd.org 2003/09/29 20:19:57 - [servconf.c sshd_config] - GSSAPICleanupCreds -> GSSAPICleanupCredentials - - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring - --with-pam. ok djm@ - - (dtucker) [ssh-gss.h] Prototype change missed in sync. - - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. - Based on patches by Matthias Koeppe and Thomas Baden. ok djm@ - -20030930 - - (bal) Fix issues in openbsd-compat/realpath.c - -20030925 - - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove - DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from - michael_steffens at hp.com, ok djm@ - - (tim) [sshd_config] UsePAM defaults to no. - -20030924 - - (djm) Update version.h and spec files for HEAD - - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6. - -20030923 - - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree - builds. Portability corrections from tim@. - - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X. - Patch from max at quendi.de. - - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi. - - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64. - - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS. - Patch from david.haughton at ncr.com - - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6. - Part of patch supplied by bugzilla-openssh at thewrittenword.com - - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c - openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with - where gai_strerror is defined as "const char *". Part of patch supplied - by bugzilla-openssh at thewrittenword.com - - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update - ssh-host-config to match current defaults, bump README version. Patch from - vinschen at redhat.com. - - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the - OS does not support permanently dropping privileges. Patch from - vinschen at redhat.com. - - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h, - add canohost.h to stop warning. Based on patch from openssh-unix-dev at - thewrittenword.com - - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or - higher. - - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/ - - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN. - Report by distler AT golem ph utexas edu. - - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from - article by genty at austin.ibm.com, included with the author's permission. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/09/18 07:52:54 - [sshconnect.c] - missing {}; bug #656; jclonguet at free.fr - - markus@cvs.openbsd.org 2003/09/18 07:54:48 - [buffer.c] - protect against double free; #660; zardoz at users.sf.net - - markus@cvs.openbsd.org 2003/09/18 07:56:05 - [authfile.c] - missing buffer_free(&encrypted); #662; zardoz at users.sf.net - - markus@cvs.openbsd.org 2003/09/18 08:49:45 - [deattack.c misc.c session.c ssh-agent.c] - more buffer allocation fixes; from Solar Designer; CAN-2003-0682; - ok millert@ - - miod@cvs.openbsd.org 2003/09/18 13:02:21 - [authfd.c bufaux.c dh.c mac.c ssh-keygen.c] - A few signedness fixes for harmless situations; markus@ ok - - markus@cvs.openbsd.org 2003/09/19 09:02:02 - [packet.c] - buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 - - markus@cvs.openbsd.org 2003/09/19 09:03:00 - [buffer.c] - sign fix in buffer_dump; Jedi/Sector One; pr 3473 - - markus@cvs.openbsd.org 2003/09/19 11:29:40 - [ssh-agent.c] - provide a ssh-agent specific fatal() function; ok deraadt - - markus@cvs.openbsd.org 2003/09/19 11:30:39 - [ssh-keyscan.c] - avoid fatal_cleanup, just call exit(); ok deraadt - - markus@cvs.openbsd.org 2003/09/19 11:31:33 - [channels.c] - do not call channel_free_all on fatal; ok deraadt - - markus@cvs.openbsd.org 2003/09/19 11:33:09 - [packet.c sshd.c] - do not call packet_close on fatal; ok deraadt - - markus@cvs.openbsd.org 2003/09/19 17:40:20 - [scp.c] - error handling for remote-remote copy; #638; report Harald Koenig; - ok millert, fgs, henning, deraadt - - markus@cvs.openbsd.org 2003/09/19 17:43:35 - [clientloop.c sshtty.c sshtty.h] - remove fatal callbacks from client code; ok deraadt - - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john - on #unixhelp@efnet - - (tim) [configure.ac] add --disable-etc-default-login option. ok djm - - (djm) Sync with V_3_7 branch: - - (djm) Fix SSH1 challenge kludge - - (djm) Bug #671: Fix builds on OpenBSD - - (djm) Bug #676: Fix PAM stack corruption - - (djm) Fix bad free() in PAM code - - (djm) Don't call pam_end before pam_init - - (djm) Enable build with old OpenSSL again - - (djm) Trim deprecated options from INSTALL. Mention UsePAM - - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - -$Id: ChangeLog,v 1.4558 2006/09/24 19:08:59 tim Exp $ +$Id: ChangeLog,v 1.4559 2006/09/26 08:57:28 dtucker Exp $ -- cgit v1.2.3 From 822d3a6fc1ba1627493a0de48be7572343c1c822 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 26 Sep 2006 18:59:34 +1000 Subject: - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not referenced any more. ok djm@ --- ChangeLog | 6 +++++- bufaux.h | 55 ------------------------------------------------------- 2 files changed, 5 insertions(+), 56 deletions(-) delete mode 100644 bufaux.h diff --git a/ChangeLog b/ChangeLog index 84754a012..308cbc377 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060926 + - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not + referenced any more. ok djm@ + 20060924 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added to rev 1.308) to work around broken gcc 2.x header file. @@ -2491,4 +2495,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4559 2006/09/26 08:57:28 dtucker Exp $ +$Id: ChangeLog,v 1.4560 2006/09/26 08:59:34 dtucker Exp $ diff --git a/bufaux.h b/bufaux.h deleted file mode 100644 index 8a5359855..000000000 --- a/bufaux.h +++ /dev/null @@ -1,55 +0,0 @@ -/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef BUFAUX_H -#define BUFAUX_H - -#include "buffer.h" -#include - -void buffer_put_bignum(Buffer *, const BIGNUM *); -void buffer_put_bignum2(Buffer *, const BIGNUM *); -void buffer_get_bignum(Buffer *, BIGNUM *); -void buffer_get_bignum2(Buffer *, BIGNUM *); - -u_short buffer_get_short(Buffer *); -void buffer_put_short(Buffer *, u_short); - -u_int buffer_get_int(Buffer *); -void buffer_put_int(Buffer *, u_int); - -u_int64_t buffer_get_int64(Buffer *); -void buffer_put_int64(Buffer *, u_int64_t); - -int buffer_get_char(Buffer *); -void buffer_put_char(Buffer *, int); - -void *buffer_get_string(Buffer *, u_int *); -void buffer_put_string(Buffer *, const void *, u_int); -void buffer_put_cstring(Buffer *, const char *); - -#define buffer_skip_string(b) \ - do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0) - -int buffer_put_bignum_ret(Buffer *, const BIGNUM *); -int buffer_get_bignum_ret(Buffer *, BIGNUM *); -int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); -int buffer_get_bignum2_ret(Buffer *, BIGNUM *); -int buffer_get_short_ret(u_short *, Buffer *); -int buffer_get_int_ret(u_int *, Buffer *); -int buffer_get_int64_ret(u_int64_t *, Buffer *); -void *buffer_get_string_ret(Buffer *, u_int *); -int buffer_get_char_ret(char *, Buffer *); - -#endif /* BUFAUX_H */ -- cgit v1.2.3 From 25bd3c06126f0a709af129a2d6606c9a59ff13b2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 26 Sep 2006 20:14:28 +1000 Subject: - (dtucker) [sftp-server.8] Resync; spotted by djm@ --- ChangeLog | 3 ++- sftp-server.8 | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 308cbc377..083df496a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20060926 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not referenced any more. ok djm@ + - (dtucker) [sftp-server.8] Resync; spotted by djm@ 20060924 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added @@ -2495,4 +2496,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4560 2006/09/26 08:59:34 dtucker Exp $ +$Id: ChangeLog,v 1.4561 2006/09/26 10:14:28 dtucker Exp $ diff --git a/sftp-server.8 b/sftp-server.8 index da68e45fb..199c4f30e 100644 --- a/sftp-server.8 +++ b/sftp-server.8 @@ -85,8 +85,9 @@ The default is ERROR. .%D January 2001 .%O work in progress material .Re -.Sh AUTHORS -.An Markus Friedl Aq markus@openbsd.org .Sh HISTORY .Nm -first appeared in OpenBSD 2.8 . +first appeared in +.Ox 2.8 . +.Sh AUTHORS +.An Markus Friedl Aq markus@openbsd.org -- cgit v1.2.3 From b4b2f9a6c97b5fced719574e64e76fa56fac5613 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Sep 2006 19:08:32 +1000 Subject: Marker for 4.4p1 release --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 083df496a..24a1c338e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not referenced any more. ok djm@ - (dtucker) [sftp-server.8] Resync; spotted by djm@ + - (dtucker) Release 4.4p1. 20060924 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added @@ -2496,4 +2497,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4561 2006/09/26 10:14:28 dtucker Exp $ +$Id: ChangeLog,v 1.4562 2006/09/28 09:08:32 dtucker Exp $ -- cgit v1.2.3 From 23dd658e5701ba611229ca1a95dd3ab2c00fb316 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Sep 2006 19:40:20 +1000 Subject: - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error on Solaris 8 w/out /dev/random or prngd. Patch from rl at math.technion.ac.il. --- ChangeLog | 7 ++++++- entropy.c | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 24a1c338e..e70288d9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060928 + - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error + on Solaris 8 w/out /dev/random or prngd. Patch from rl at + math.technion.ac.il. + 20060926 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not referenced any more. ok djm@ @@ -2497,4 +2502,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4562 2006/09/28 09:08:32 dtucker Exp $ +$Id: ChangeLog,v 1.4563 2006/09/28 09:40:20 dtucker Exp $ diff --git a/entropy.c b/entropy.c index 4f19c8767..ccabb1364 100644 --- a/entropy.c +++ b/entropy.c @@ -36,6 +36,7 @@ #endif #include #include +#include #include #include -- cgit v1.2.3 From 5e8381ee8626c0f0052241926abacf031b5187ec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 29 Sep 2006 20:16:51 +1000 Subject: - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine support. Patch from andrew.benham at thus net. --- ChangeLog | 6 +++++- configure.ac | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index e70288d9b..ecd6c61e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060929 + - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine + support. Patch from andrew.benham at thus net. + 20060928 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error on Solaris 8 w/out /dev/random or prngd. Patch from rl at @@ -2502,4 +2506,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4563 2006/09/28 09:40:20 dtucker Exp $ +$Id: ChangeLog,v 1.4564 2006/09/29 10:16:51 dtucker Exp $ diff --git a/configure.ac b/configure.ac index cfcd0272d..883708559 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.367 2006/09/24 19:08:59 tim Exp $ +# $Id: configure.ac,v 1.368 2006/09/29 10:16:51 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.367 $) +AC_REVISION($Revision: 1.368 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1916,7 +1916,7 @@ AC_ARG_WITH(ssl-engine, AC_TRY_COMPILE( [ #include ], [ -int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} +ENGINE_load_builtin_engines();ENGINE_register_all_complete(); ], [ AC_MSG_RESULT(yes) AC_DEFINE(USE_OPENSSL_ENGINE, 1, -- cgit v1.2.3 From 47bda1ff83b67b8007bbdc1e0999e2155e006cad Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 1 Oct 2006 08:09:50 +1000 Subject: - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. --- ChangeLog | 5 ++++- audit-bsm.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ecd6c61e2..d7160af3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20061001 + - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. + 20060929 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine support. Patch from andrew.benham at thus net. @@ -2506,4 +2509,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4564 2006/09/29 10:16:51 dtucker Exp $ +$Id: ChangeLog,v 1.4565 2006/09/30 22:09:50 dtucker Exp $ diff --git a/audit-bsm.c b/audit-bsm.c index d5cf302ce..c26b4caed 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.4 2006/09/01 05:38:36 djm Exp $ */ +/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */ /* * TODO @@ -39,6 +39,7 @@ #include +#include #include #include -- cgit v1.2.3 From 1cfab23b7f9e29fa9d66c97334ef9331d033f83d Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 3 Oct 2006 09:34:35 -0700 Subject: - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific section so additional platform specific CHECK_HEADER tests will work correctly. Fixes " on FreeBSD" problem report by des AT des.no Feedback and "seems like a good idea" dtucker@ --- ChangeLog | 8 +- configure.ac | 264 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 139 insertions(+), 133 deletions(-) diff --git a/ChangeLog b/ChangeLog index d7160af3a..8bfd2b878 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20061003 + - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific + section so additional platform specific CHECK_HEADER tests will work + correctly. Fixes " on FreeBSD" problem report by des AT des.no + Feedback and "seems like a good idea" dtucker@ + 20061001 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. @@ -2509,4 +2515,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4565 2006/09/30 22:09:50 dtucker Exp $ +$Id: ChangeLog,v 1.4566 2006/10/03 16:34:35 tim Exp $ diff --git a/configure.ac b/configure.ac index 883708559..ecfa50c4b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.368 2006/09/29 10:16:51 dtucker Exp $ +# $Id: configure.ac,v 1.369 2006/10/03 16:34:35 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.368 $) +AC_REVISION($Revision: 1.369 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -127,6 +127,136 @@ AC_ARG_WITH(rpath, ] ) +# Allow user to specify flags +AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH(cppflags, + [ --with-cppflags Specify additional flags to pass to preprocessor] , + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + ] +) +AC_ARG_WITH(ldflags, + [ --with-ldflags Specify additional flags to pass to linker], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + ] +) +AC_ARG_WITH(libs, + [ --with-libs Specify additional libraries to link with], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + ] +) +AC_ARG_WITH(Werror, + [ --with-Werror Build main code with -Werror], + [ + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + ] +) + +AC_CHECK_HEADERS( \ + bstring.h \ + crypt.h \ + crypto/sha2.h \ + dirent.h \ + endian.h \ + features.h \ + fcntl.h \ + floatingpoint.h \ + getopt.h \ + glob.h \ + ia.h \ + iaf.h \ + limits.h \ + login.h \ + maillock.h \ + ndir.h \ + net/if_tun.h \ + netdb.h \ + netgroup.h \ + pam/pam_appl.h \ + paths.h \ + pty.h \ + readpassphrase.h \ + rpc/types.h \ + security/pam_appl.h \ + sha2.h \ + shadow.h \ + stddef.h \ + stdint.h \ + string.h \ + strings.h \ + sys/audit.h \ + sys/bitypes.h \ + sys/bsdtty.h \ + sys/cdefs.h \ + sys/dir.h \ + sys/mman.h \ + sys/ndir.h \ + sys/prctl.h \ + sys/pstat.h \ + sys/select.h \ + sys/stat.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtio.h \ + sys/sysmacros.h \ + sys/time.h \ + sys/timers.h \ + sys/un.h \ + time.h \ + tmpdir.h \ + ttyent.h \ + unistd.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + vis.h \ +) + +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS(login_cap.h, [], [], [ +#include +]) + # Messages for features tested for in target-specific section SIA_MSG="no" SPC_MSG="no" @@ -663,55 +793,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; esac -# Allow user to specify flags -AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH(cppflags, - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH(ldflags, - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH(libs, - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH(Werror, - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - AC_MSG_CHECKING(compiler and flags for sanity) AC_RUN_IFELSE( [AC_LANG_SOURCE([ @@ -727,87 +808,6 @@ int main(){exit(0);} ) dnl Checks for header files. -AC_CHECK_HEADERS( \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS(lastlog.h, [], [], [ -#ifdef HAVE_SYS_TIME_H -# include -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS(sys/ptms.h, [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS(login_cap.h, [], [], [ -#include -]) - # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From 09f1093a29e6dcbec76cfa1831d080ced2d4b627 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Fri, 6 Oct 2006 14:58:38 -0700 Subject: 20061006 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. Differentiate between OpenServer 5 and OpenServer 6 --- ChangeLog | 6 +++++- buildpkg.sh.in | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8bfd2b878..15bf56263 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20061006 + - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. + Differentiate between OpenServer 5 and OpenServer 6 + 20061003 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific section so additional platform specific CHECK_HEADER tests will work @@ -2515,4 +2519,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4566 2006/10/03 16:34:35 tim Exp $ +$Id: ChangeLog,v 1.4567 2006/10/06 21:58:38 tim Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index a3b9014bc..9e4ff4239 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -154,15 +154,22 @@ ARCH=`uname -m` DEF_MSG="\n" OS_VER=`uname -v` SCRIPT_SHELL=/sbin/sh +UNAME_R=`uname -r` UNAME_S=`uname -s` case ${UNAME_S} in SunOS) UNAME_S=Solaris + OS_VER=${UNAME_R} ARCH=`uname -p` RCS_D=yes DEF_MSG="(default: n)" ;; - SCO_SV) UNAME_S=OpenServer + SCO_SV) case ${UNAME_R} in + 3.2) UNAME_S=OpenServer5 OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'` + ;; + 5) UNAME_S=OpenServer6 + ;; + esac SCRIPT_SHELL=/bin/sh RC1_D=no DEF_MSG="(default: n)" @@ -481,7 +488,7 @@ _EOF [ -x /usr/bin/ckyorn ] || cat >> request << _EOF ckyorn() { -# for some strange reason OpenServer has no ckyorn +# for some strange reason OpenServer5 has no ckyorn # We build a striped down version here DEFAULT=n -- cgit v1.2.3 From adc947d5a532880e7a2ffd1828789ada8fea6931 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 7 Oct 2006 09:07:20 +1000 Subject: - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for SELinux functions so they're detected correctly. Patch from pebenito at gentoo.org. --- ChangeLog | 5 ++++- configure.ac | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 15bf56263..08f48d61c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20061006 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. Differentiate between OpenServer 5 and OpenServer 6 + - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for + SELinux functions so they're detected correctly. Patch from pebenito at + gentoo.org. 20061003 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific @@ -2519,4 +2522,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4567 2006/10/06 21:58:38 tim Exp $ +$Id: ChangeLog,v 1.4568 2006/10/06 23:07:20 dtucker Exp $ diff --git a/configure.ac b/configure.ac index ecfa50c4b..c596a7bd9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.369 2006/10/03 16:34:35 tim Exp $ +# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.369 $) +AC_REVISION($Revision: 1.370 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3145,7 +3145,10 @@ AC_ARG_WITH(selinux, AC_MSG_ERROR(SELinux support requires selinux.h header)) AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" fi ] ) AC_SUBST(LIBSELINUX) -- cgit v1.2.3 From 77674b1efa744ad03eca3ca1cfcff3abecd55134 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Fri, 6 Oct 2006 18:49:36 -0700 Subject: - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). Allow setting alternate awk in openssh-config.local. --- ChangeLog | 4 +++- buildpkg.sh.in | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 08f48d61c..b5f5fcc47 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for SELinux functions so they're detected correctly. Patch from pebenito at gentoo.org. + - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). + Allow setting alternate awk in openssh-config.local. 20061003 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific @@ -2522,4 +2524,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4568 2006/10/06 23:07:20 dtucker Exp $ +$Id: ChangeLog,v 1.4569 2006/10/07 01:49:36 tim Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 9e4ff4239..17349f7fc 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -24,6 +24,7 @@ PKGNAME=OpenSSH # revisions within the same version (REV=a) #REV= SYSVINIT_NAME=opensshd +AWK=${AWK:="nawk"} MAKE=${MAKE:="make"} SSHDUID=67 # Default privsep uid SSHDGID=67 # Default privsep gid @@ -645,7 +646,7 @@ cat >mk-proto.awk << _EOF _EOF find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ - pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype + pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype # /usr/local is a symlink on some systems [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { -- cgit v1.2.3 From a43c00582549a440fb744bdf8849ae53f97c9bc5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 16 Oct 2006 19:49:12 +1000 Subject: - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. --- ChangeLog | 6 +++++- monitor_fdpass.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b5f5fcc47..fc86a6f94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20061016 + - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros + on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. + 20061006 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. Differentiate between OpenServer 5 and OpenServer 6 @@ -2524,4 +2528,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4569 2006/10/07 01:49:36 tim Exp $ +$Id: ChangeLog,v 1.4570 2006/10/16 09:49:12 dtucker Exp $ diff --git a/monitor_fdpass.c b/monitor_fdpass.c index c5fc4c397..9f8e9cd55 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -29,6 +29,9 @@ #include #include #include +#ifdef HAVE_SYS_UN_H +#include +#endif #include #include -- cgit v1.2.3 From ffe88e15afeb403e775d87cd45ae4bd5f1203172 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 18 Oct 2006 07:53:06 +1000 Subject: - ray@cvs.openbsd.org 2006/09/25 04:55:38 [ssh-keyscan.1 ssh.1] Change "a SSH" to "an SSH". Hurray, I'm not the only one who pronounces "SSH" as "ess-ess-aich". OK jmc@ and stevesk@. --- ChangeLog | 10 +++++++++- ssh-keyscan.1 | 4 ++-- ssh.1 | 4 ++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index fc86a6f94..d73ae5114 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20061018 + - (dtucker) OpenBSD CVS Sync + - ray@cvs.openbsd.org 2006/09/25 04:55:38 + [ssh-keyscan.1 ssh.1] + Change "a SSH" to "an SSH". Hurray, I'm not the only one who + pronounces "SSH" as "ess-ess-aich". + OK jmc@ and stevesk@. + 20061016 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. @@ -2528,4 +2536,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4570 2006/10/16 09:49:12 dtucker Exp $ +$Id: ChangeLog,v 1.4571 2006/10/17 21:53:06 dtucker Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 80fc8cd96..a3656fc77 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -102,7 +102,7 @@ Causes to print debugging messages about its progress. .El .Sh SECURITY -If a ssh_known_hosts file is constructed using +If an ssh_known_hosts file is constructed using .Nm without verifying the keys, users will be vulnerable to .Em man in the middle diff --git a/ssh.1 b/ssh.1 index 6e41bcd8b..b6f09f400 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.264 2006/09/25 04:55:38 ray Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1105,7 +1105,7 @@ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp -Since a SSH-based setup entails a fair amount of overhead, +Since an SSH-based setup entails a fair amount of overhead, it may be more suited to temporary setups, such as for wireless VPNs. More permanent VPNs are better provided by tools such as -- cgit v1.2.3 From 78802f0af361d90b5e8975cc3f24d35b4fda215f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 18 Oct 2006 22:51:31 +1000 Subject: - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings on older versions of OS X. ok djm@ --- ChangeLog | 4 +++- sshd.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d73ae5114..0b340d5c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ Change "a SSH" to "an SSH". Hurray, I'm not the only one who pronounces "SSH" as "ess-ess-aich". OK jmc@ and stevesk@. + - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings + on older versions of OS X. ok djm@ 20061016 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros @@ -2536,4 +2538,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4571 2006/10/17 21:53:06 dtucker Exp $ +$Id: ChangeLog,v 1.4572 2006/10/18 12:51:31 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 6159a5b6a..06ec03b20 100644 --- a/sshd.c +++ b/sshd.c @@ -1436,8 +1436,9 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw->pw_passwd = "*"; privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); endpwent(); /* load private host keys */ -- cgit v1.2.3 From e7658a50f0c28cf9fe33e35bee9084844b09288c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:00:12 +1000 Subject: - (djm) OpenBSD CVS Sync - ray@cvs.openbsd.org 2006/09/30 17:48:22 [sftp.c] Clear errno before calling the strtol functions. From Paul Stoeber . OK deraadt@. --- ChangeLog | 10 +++++++++- sftp.c | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0b340d5c3..6e0f0fa7b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20061023 + - (djm) OpenBSD CVS Sync + - ray@cvs.openbsd.org 2006/09/30 17:48:22 + [sftp.c] + Clear errno before calling the strtol functions. + From Paul Stoeber . + OK deraadt@. + 20061018 - (dtucker) OpenBSD CVS Sync - ray@cvs.openbsd.org 2006/09/25 04:55:38 @@ -2538,4 +2546,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4572 2006/10/18 12:51:31 dtucker Exp $ +$Id: ChangeLog,v 1.4573 2006/10/23 17:00:12 djm Exp $ diff --git a/sftp.c b/sftp.c index c018615ae..a39c782f7 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.92 2006/09/19 05:52:23 otto Exp $ */ +/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -977,6 +977,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, case I_CHOWN: case I_CHGRP: /* Get numeric arg (mandatory) */ + errno = 0; l = strtol(cp, &cp2, base); if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) || l < 0) { -- cgit v1.2.3 From 952dce6593720a5f24d556a3ec53126d041d28ab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:01:16 +1000 Subject: - djm@cvs.openbsd.org 2006/10/06 02:29:19 [ssh-agent.c ssh-keyscan.c ssh.c] sys/resource.h needs sys/time.h; prompted by brad@ (NB. Id sync only for portable) --- ChangeLog | 6 +++++- ssh-agent.c | 2 +- ssh-keyscan.c | 2 +- ssh.c | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6e0f0fa7b..8109dd671 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ Clear errno before calling the strtol functions. From Paul Stoeber . OK deraadt@. + - djm@cvs.openbsd.org 2006/10/06 02:29:19 + [ssh-agent.c ssh-keyscan.c ssh.c] + sys/resource.h needs sys/time.h; prompted by brad@ + (NB. Id sync only for portable) 20061018 - (dtucker) OpenBSD CVS Sync @@ -2546,4 +2550,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4573 2006/10/23 17:00:12 djm Exp $ +$Id: ChangeLog,v 1.4574 2006/10/23 17:01:16 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index 08b07212e..ef95eb878 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.152 2006/08/04 20:46:05 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 416d3f5c1..b19864007 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.73 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.74 2006/10/06 02:29:19 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * diff --git a/ssh.c b/ssh.c index efc4af6d4..47297edbb 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.293 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 990b1a80b59eb52ae401ed28b0e3a4d5a0963661 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:01:56 +1000 Subject: - djm@cvs.openbsd.org 2006/10/09 23:36:11 [session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously) --- ChangeLog | 6 +++++- session.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8109dd671..ca25e7866 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [ssh-agent.c ssh-keyscan.c ssh.c] sys/resource.h needs sys/time.h; prompted by brad@ (NB. Id sync only for portable) + - djm@cvs.openbsd.org 2006/10/09 23:36:11 + [session.c] + xmalloc -> xcalloc that was missed previously, from portable + (NB. Id sync only for portable, obviously) 20061018 - (dtucker) OpenBSD CVS Sync @@ -2550,4 +2554,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4574 2006/10/23 17:01:16 djm Exp $ +$Id: ChangeLog,v 1.4575 2006/10/23 17:01:56 djm Exp $ diff --git a/session.c b/session.c index 15c5ca9a0..69153ad1e 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */ +/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved -- cgit v1.2.3 From f4bcd10c4c9b53e7c0c2821825addaf3a13d7c1a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:02:23 +1000 Subject: - markus@cvs.openbsd.org 2006/10/10 10:12:45 [sshconnect.c] sleep before retrying (not after) since sleep changes errno; fixes pr 5250; rad@twig.com; ok dtucker djm --- ChangeLog | 6 +++++- sshconnect.c | 11 +++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index ca25e7866..2b752ca54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ [session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously) + - markus@cvs.openbsd.org 2006/10/10 10:12:45 + [sshconnect.c] + sleep before retrying (not after) since sleep changes errno; fixes + pr 5250; rad@twig.com; ok dtucker djm 20061018 - (dtucker) OpenBSD CVS Sync @@ -2554,4 +2558,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4575 2006/10/23 17:01:56 djm Exp $ +$Id: ChangeLog,v 1.4576 2006/10/23 17:02:23 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index a7a4e8a96..a222233d0 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.199 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -324,9 +324,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, gai_strerror(gaierr)); for (attempt = 0; attempt < connection_attempts; attempt++) { - if (attempt > 0) + if (attempt > 0) { + /* Sleep a moment before retrying. */ + sleep(1); debug("Trying again..."); - + } /* * Loop through addresses for this host, and try each one in * sequence until the connection succeeds. @@ -363,9 +365,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, } if (sock != -1) break; /* Successful connection. */ - - /* Sleep a moment before retrying. */ - sleep(1); } freeaddrinfo(aitop); -- cgit v1.2.3 From 985a4485f57af55cd8f097ab437fdf87c365ea96 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:02:41 +1000 Subject: - markus@cvs.openbsd.org 2006/10/11 12:38:03 [clientloop.c serverloop.c] exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf --- ChangeLog | 7 ++++++- clientloop.c | 8 +++++--- serverloop.c | 8 +++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2b752ca54..e6b71615c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,11 @@ [sshconnect.c] sleep before retrying (not after) since sleep changes errno; fixes pr 5250; rad@twig.com; ok dtucker djm + - markus@cvs.openbsd.org 2006/10/11 12:38:03 + [clientloop.c serverloop.c] + exit instead of doing a blocking tcp send if we detect a client/server + timeout, since the tcp sendqueue might be already full (of alive + requests); ok dtucker, report mpf 20061018 - (dtucker) OpenBSD CVS Sync @@ -2558,4 +2563,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4576 2006/10/23 17:02:23 djm Exp $ +$Id: ChangeLog,v 1.4577 2006/10/23 17:02:41 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 88dfb1f32..4c5108199 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -464,8 +464,10 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) static void server_alive_check(void) { - if (++server_alive_timeouts > options.server_alive_count_max) - packet_disconnect("Timeout, server not responding."); + if (++server_alive_timeouts > options.server_alive_count_max) { + logit("Timeout, server not responding."); + cleanup_exit(255); + } packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("keepalive@openssh.com"); packet_put_char(1); /* boolean: want reply */ diff --git a/serverloop.c b/serverloop.c index 6e5fdc2d8..69304b5fa 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.144 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -248,8 +248,10 @@ client_alive_check(void) int channel_id; /* timeout, check to see how many we have had */ - if (++client_alive_timeouts > options.client_alive_count_max) - packet_disconnect("Timeout, your session not responding."); + if (++client_alive_timeouts > options.client_alive_count_max) { + logit("Timeout, client not responding."); + cleanup_exit(255); + } /* * send a bogus global/channel request with "wantreply", -- cgit v1.2.3 From 50455890f37724113f348f43592b1857071a695c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 24 Oct 2006 03:03:02 +1000 Subject: - djm@cvs.openbsd.org 2006/10/22 02:25:50 [sftp-client.c] cancel progress meter when upload write fails; ok deraadt@ --- ChangeLog | 5 ++++- sftp-client.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6b71615c..f5e6dab35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf + - djm@cvs.openbsd.org 2006/10/22 02:25:50 + [sftp-client.c] + cancel progress meter when upload write fails; ok deraadt@ 20061018 - (dtucker) OpenBSD CVS Sync @@ -2563,4 +2566,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4577 2006/10/23 17:02:41 djm Exp $ +$Id: ChangeLog,v 1.4578 2006/10/23 17:03:02 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index e31b2cfaf..42eb2b41b 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.74 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.75 2006/10/22 02:25:50 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1134,6 +1134,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, if (status != SSH2_FX_OK) { error("Couldn't write to remote file \"%s\": %s", remote_path, fx2txt(status)); + if (showprogress) + stop_progress_meter(); do_close(conn, handle, handle_len); close(local_fd); xfree(data); -- cgit v1.2.3 From bcf8be356fbe7febd882e86b43587d88f0255d95 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 23 Oct 2006 14:44:47 -0700 Subject: - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep autoconf 2.60 from complaining. --- ChangeLog | 4 +++- Makefile.in | 3 ++- scard/Makefile.in | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f5e6dab35..800b1eb0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,8 @@ - djm@cvs.openbsd.org 2006/10/22 02:25:50 [sftp-client.c] cancel progress meter when upload write fails; ok deraadt@ + - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep + autoconf 2.60 from complaining. 20061018 - (dtucker) OpenBSD CVS Sync @@ -2566,4 +2568,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4578 2006/10/23 17:03:02 djm Exp $ +$Id: ChangeLog,v 1.4579 2006/10/23 21:44:47 tim Exp $ diff --git a/Makefile.in b/Makefile.in index 71f3623f1..fb6426b27 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $ +# $Id: Makefile.in,v 1.283 2006/10/23 21:44:47 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -11,6 +11,7 @@ bindir=@bindir@ sbindir=@sbindir@ libexecdir=@libexecdir@ datadir=@datadir@ +datarootdir=@datarootdir@ mandir=@mandir@ mansubdir=@mansubdir@ sysconfdir=@sysconfdir@ diff --git a/scard/Makefile.in b/scard/Makefile.in index ab4e22043..8519e208b 100644 --- a/scard/Makefile.in +++ b/scard/Makefile.in @@ -1,7 +1,8 @@ -# $Id: Makefile.in,v 1.4 2002/04/26 01:25:41 djm Exp $ +# $Id: Makefile.in,v 1.5 2006/10/23 21:44:47 tim Exp $ prefix=@prefix@ datadir=@datadir@ +datarootdir=@datarootdir@ srcdir=@srcdir@ top_srcdir=@top_srcdir@ -- cgit v1.2.3 From 796c6c693d1eaed63fe334c98b109a2ada15f505 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 28 Oct 2006 01:10:15 +1000 Subject: - (djm) [auth.c] gc some dead code --- ChangeLog | 5 ++++- auth.c | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 800b1eb0c..cd99664cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20061027 +- (djm) [auth.c] gc some dead code + 20061023 - (djm) OpenBSD CVS Sync - ray@cvs.openbsd.org 2006/09/30 17:48:22 @@ -2568,4 +2571,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4579 2006/10/23 21:44:47 tim Exp $ +$Id: ChangeLog,v 1.4580 2006/10/27 15:10:15 djm Exp $ diff --git a/auth.c b/auth.c index db2aa7bf9..5d23343b9 100644 --- a/auth.c +++ b/auth.c @@ -569,8 +569,6 @@ fakepw(void) fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; - fake.pw_uid = (uid_t)-1; - fake.pw_gid = (gid_t)-1; fake.pw_uid = privsep_pw->pw_uid; fake.pw_gid = privsep_pw->pw_gid; #ifdef HAVE_PW_CLASS_IN_PASSWD -- cgit v1.2.3 From 4d13ecea54da655dd87152752f332f25785a1e18 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 1 Nov 2006 10:28:49 +1100 Subject: - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr events fatal in Solaris process contract support and tell it to signal only processes in the same process group when something happens. Based on information from andrew.benham at thus.net and similar to a patch from Chad Mynhier. ok djm@ --- ChangeLog | 9 ++++++++- openbsd-compat/port-solaris.c | 19 ++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index cd99664cd..d02ba367e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20061101 + - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr + events fatal in Solaris process contract support and tell it to signal + only processes in the same process group when something happens. + Based on information from andrew.benham at thus.net and similar to + a patch from Chad Mynhier. ok djm@ + 20061027 - (djm) [auth.c] gc some dead code @@ -2571,4 +2578,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4580 2006/10/27 15:10:15 djm Exp $ +$Id: ChangeLog,v 1.4581 2006/10/31 23:28:49 dtucker Exp $ diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index f57433e78..2ab64d487 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -1,4 +1,4 @@ -/* $Id: port-solaris.c,v 1.2 2006/09/01 05:38:41 djm Exp $ */ +/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -86,18 +86,27 @@ solaris_contract_pre_fork(void) debug2("%s: setting up process contract template on fd %d", __func__, tmpl_fd); - /* We have to set certain attributes before activating the template */ - if (ct_pr_tmpl_set_fatal(tmpl_fd, - CT_PR_EV_HWERR|CT_PR_EV_SIGNAL|CT_PR_EV_CORE) != 0) { + /* First we set the template parameters and event sets. */ + if (ct_pr_tmpl_set_param(tmpl_fd, CT_PR_PGRPONLY) != 0) { + error("%s: Error setting process contract parameter set " + "(pgrponly): %s", __func__, strerror(errno)); + goto fail; + } + if (ct_pr_tmpl_set_fatal(tmpl_fd, CT_PR_EV_HWERR) != 0) { error("%s: Error setting process contract template " "fatal events: %s", __func__, strerror(errno)); goto fail; } - if (ct_tmpl_set_critical(tmpl_fd, CT_PR_EV_HWERR) != 0) { + if (ct_tmpl_set_critical(tmpl_fd, 0) != 0) { error("%s: Error setting process contract template " "critical events: %s", __func__, strerror(errno)); goto fail; } + if (ct_tmpl_set_informative(tmpl_fd, CT_PR_EV_HWERR) != 0) { + error("%s: Error setting process contract template " + "informative events: %s", __func__, strerror(errno)); + goto fail; + } /* Now make this the active template for this process. */ if (ct_tmpl_activate(tmpl_fd) != 0) { -- cgit v1.2.3 From 3975ee2c3ce78af4f62ff8e9e5b636ef378b7f6b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 5 Nov 2006 05:31:33 +1100 Subject: - (djm) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/10/28 18:08:10 [ssh.1] correct/expand example of usage of -w; ok jmc@ stevesk@ --- ChangeLog | 8 +++++++- ssh.1 | 20 +++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index d02ba367e..e503acd44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20061105 + - (djm) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2006/10/28 18:08:10 + [ssh.1] + correct/expand example of usage of -w; ok jmc@ stevesk@ + 20061101 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr events fatal in Solaris process contract support and tell it to signal @@ -2578,4 +2584,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4581 2006/10/31 23:28:49 dtucker Exp $ +$Id: ChangeLog,v 1.4582 2006/11/04 18:31:33 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b6f09f400..93be52f96 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.264 2006/09/25 04:55:38 ray Exp $ +.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1077,12 +1077,22 @@ controls whether the server supports this, and at what level (layer 2 or 3 traffic). .Pp The following example would connect client network 10.0.50.0/24 -with remote network 10.0.99.0/24, provided that the SSH server -running on the gateway to the remote network, -at 192.168.1.15, allows it: +with remote network 10.0.99.0/24 using a point-to-point connection +from 10.1.1.1 to 10.1.1.2, +provided that the SSH server running on the gateway to the remote network, +at 192.168.1.15, allows it. +.Pp +On the client: .Bd -literal -offset indent # ssh -f -w 0:1 192.168.1.15 true -# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 +# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 +# route add 10.0.99.0/24 10.1.1.2 +.Ed +.Pp +On the server: +.Bd -literal -offset indent +# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 +# route add 10.0.50.0/24 10.1.1.1 .Ed .Pp Client access may be more finely tuned via the -- cgit v1.2.3 From 570c2ab1b619ea36a06bfbf21d88a82683cc4213 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 5 Nov 2006 05:32:02 +1100 Subject: - markus@cvs.openbsd.org 2006/10/31 16:33:12 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c] check DH_compute_key() for -1 even if it should not happen because of earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm --- ChangeLog | 6 +++++- kexdhc.c | 8 +++++--- kexdhs.c | 9 +++++---- kexgexc.c | 8 +++++--- kexgexs.c | 9 +++++---- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index e503acd44..1fbc6a20f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - otto@cvs.openbsd.org 2006/10/28 18:08:10 [ssh.1] correct/expand example of usage of -w; ok jmc@ stevesk@ + - markus@cvs.openbsd.org 2006/10/31 16:33:12 + [kexdhc.c kexdhs.c kexgexc.c kexgexs.c] + check DH_compute_key() for -1 even if it should not happen because of + earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm 20061101 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr @@ -2584,4 +2588,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4582 2006/11/04 18:31:33 djm Exp $ +$Id: ChangeLog,v 1.4583 2006/11/04 18:32:02 djm Exp $ diff --git a/kexdhc.c b/kexdhc.c index 64de7af30..61d54fdc2 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -50,7 +50,8 @@ kexdh_client(Kex *kex) Key *server_host_key; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen, hashlen; + u_int klen, slen, sbloblen, hashlen; + int kout; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { @@ -112,7 +113,8 @@ kexdh_client(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif diff --git a/kexdhs.c b/kexdhs.c index 93ec97f93..5de434309 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.8 2006/10/31 16:33:12 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -52,8 +52,8 @@ kexdh_server(Kex *kex) DH *dh; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, hashlen; - u_int slen; + u_int sbloblen, klen, hashlen, slen; + int kout; /* generate server DH public key */ switch (kex->kex_type) { @@ -101,7 +101,8 @@ kexdh_server(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif diff --git a/kexgexc.c b/kexgexc.c index 2c19713e1..49d50116a 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -51,7 +51,8 @@ kexgex_client(Kex *kex) BIGNUM *p = NULL, *g = NULL; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int klen, kout, slen, sbloblen, hashlen; + u_int klen, slen, sbloblen, hashlen; + int kout; int min, max, nbits; DH *dh; @@ -150,7 +151,8 @@ kexgex_client(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif diff --git a/kexgexs.c b/kexgexs.c index 5373a633a..863e15172 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -55,8 +55,8 @@ kexgex_server(Kex *kex) Key *server_host_key; DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, slen, hashlen; - int min = -1, max = -1, nbits = -1, type; + u_int sbloblen, klen, slen, hashlen; + int min = -1, max = -1, nbits = -1, type, kout; if (kex->load_host_key == NULL) fatal("Cannot load hostkey"); @@ -134,7 +134,8 @@ kexgex_server(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif -- cgit v1.2.3 From df0e438a2e4efe0422f6e0deb732d819d5938437 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Nov 2006 11:28:40 +1100 Subject: - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it if we absolutely need it. Pointed out by Corinna, ok djm@ --- ChangeLog | 6 +++++- sshd.c | 19 +++++++++++-------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1fbc6a20f..9bbf02bed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20061107 + - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it + if we absolutely need it. Pointed out by Corinna, ok djm@ + 20061105 - (djm) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/10/28 18:08:10 @@ -2588,4 +2592,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4583 2006/11/04 18:32:02 djm Exp $ +$Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 06ec03b20..a5fa9e4eb 100644 --- a/sshd.c +++ b/sshd.c @@ -1431,14 +1431,17 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); - /* Store privilege separation user for later use */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); - privsep_pw->pw_passwd = xstrdup("*"); + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } endpwent(); /* load private host keys */ -- cgit v1.2.3 From 0bc85579a9b5a106826169303dd2ee61c63c161e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Nov 2006 23:14:41 +1100 Subject: - markus@cvs.openbsd.org 2006/11/06 21:25:28 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@ --- ChangeLog | 7 ++++++- auth-rsa.c | 10 ++++++---- bufbn.c | 12 +++++++++--- dh.c | 6 +++--- kexdhc.c | 5 +++-- kexdhs.c | 5 +++-- kexgexc.c | 5 +++-- kexgexs.c | 5 +++-- key.c | 16 +++++++++------- moduli.c | 52 ++++++++++++++++++++++++++++++++++------------------ rsa.c | 18 ++++++++++-------- scard.c | 12 +++++++----- ssh-dss.c | 7 ++++--- ssh-keygen.c | 5 +++-- sshconnect1.c | 22 ++++++++++++++-------- sshd.c | 6 +++--- 16 files changed, 120 insertions(+), 73 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bbf02bed..8af3cf900 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,11 @@ 20061107 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it if we absolutely need it. Pointed out by Corinna, ok djm@ + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2006/11/06 21:25:28 + [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c + ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] + add missing checks for openssl return codes; with & ok djm@ 20061105 - (djm) OpenBSD CVS Sync @@ -2592,4 +2597,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ +$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 8c43458b0..69f9a5896 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -76,10 +76,12 @@ auth_rsa_generate_challenge(Key *key) if ((challenge = BN_new()) == NULL) fatal("auth_rsa_generate_challenge: BN_new() failed"); /* Generate a random challenge. */ - BN_rand(challenge, 256, 0, 0); + if (BN_rand(challenge, 256, 0, 0) == 0) + fatal("auth_rsa_generate_challenge: BN_rand failed"); if ((ctx = BN_CTX_new()) == NULL) - fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); - BN_mod(challenge, challenge, key->rsa->n, ctx); + fatal("auth_rsa_generate_challenge: BN_CTX_new failed"); + if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0) + fatal("auth_rsa_generate_challenge: BN_mod failed"); BN_CTX_free(ctx); return challenge; diff --git a/bufbn.c b/bufbn.c index 6cf65d372..9706ba8a8 100644 --- a/bufbn.c +++ b/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/ +/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -118,7 +118,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) return (-1); } bin = buffer_ptr(buffer); - BN_bin2bn(bin, bytes, value); + if (BN_bin2bn(bin, bytes, value) == NULL) { + error("buffer_get_bignum_ret: BN_bin2bn failed"); + return (-1); + } if (buffer_consume_ret(buffer, bytes) == -1) { error("buffer_get_bignum_ret: buffer_consume failed"); return (-1); @@ -202,7 +205,10 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) xfree(bin); return (-1); } - BN_bin2bn(bin, len, value); + if (BN_bin2bn(bin, len, value) == NULL) { + error("buffer_get_bignum2_ret: BN_bin2bn failed"); + return (-1); + } xfree(bin); return (0); } diff --git a/dh.c b/dh.c index f6ef05cf6..e708ff78b 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -254,9 +254,9 @@ dh_new_group_asc(const char *gen, const char *modulus) if ((dh = DH_new()) == NULL) fatal("dh_new_group_asc: DH_new"); - if (BN_hex2bn(&dh->p, modulus) == 0) + if (BN_hex2bn(&dh->p, modulus) == NULL) fatal("BN_hex2bn p"); - if (BN_hex2bn(&dh->g, gen) == 0) + if (BN_hex2bn(&dh->g, gen) == NULL) fatal("BN_hex2bn g"); return (dh); diff --git a/kexdhc.c b/kexdhc.c index 61d54fdc2..d384c8052 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -120,7 +120,8 @@ kexdh_client(Kex *kex) #endif if ((shared_secret = BN_new()) == NULL) fatal("kexdh_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexdh_client: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/kexdhs.c b/kexdhs.c index 5de434309..861708818 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.8 2006/10/31 16:33:12 markus Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -108,7 +108,8 @@ kexdh_server(Kex *kex) #endif if ((shared_secret = BN_new()) == NULL) fatal("kexdh_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexdh_server: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/kexgexc.c b/kexgexc.c index 49d50116a..adb973d5b 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -158,7 +158,8 @@ kexgex_client(Kex *kex) #endif if ((shared_secret = BN_new()) == NULL) fatal("kexgex_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexgex_client: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/kexgexs.c b/kexgexs.c index 863e15172..a037f57f2 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -141,7 +141,8 @@ kexgex_server(Kex *kex) #endif if ((shared_secret = BN_new()) == NULL) fatal("kexgex_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexgex_server: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/key.c b/key.c index f3b3d6b94..93b2d41fe 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -617,16 +617,18 @@ key_from_private(const Key *k) switch (k->type) { case KEY_DSA: n = key_new(k->type); - BN_copy(n->dsa->p, k->dsa->p); - BN_copy(n->dsa->q, k->dsa->q); - BN_copy(n->dsa->g, k->dsa->g); - BN_copy(n->dsa->pub_key, k->dsa->pub_key); + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) + fatal("key_from_private: BN_copy failed"); break; case KEY_RSA: case KEY_RSA1: n = key_new(k->type); - BN_copy(n->rsa->n, k->rsa->n); - BN_copy(n->rsa->e, k->rsa->e); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("key_from_private: BN_copy failed"); break; default: fatal("key_from_private: unknown type %d", k->type); diff --git a/moduli.c b/moduli.c index e18929bad..44e5ddfc0 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -327,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) /* validation check: count the number of primes tried */ largetries = 0; - q = BN_new(); + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); /* * Generate random starting point for subprime search, or use * specified parameter. */ - largebase = BN_new(); - if (start == NULL) - BN_rand(largebase, power, 1, 1); - else - BN_copy(largebase, start); + if ((largebase = BN_new()) == NULL) + fatal("BN_new failed"); + if (start == NULL) { + if (BN_rand(largebase, power, 1, 1) == 0) + fatal("BN_rand failed"); + } else { + if (BN_copy(largebase, start) == NULL) + fatal("BN_copy: failed"); + } /* ensure odd */ - BN_set_bit(largebase, 0); + if (BN_set_bit(largebase, 0) == 0) + fatal("BN_set_bit: failed"); time(&time_start); @@ -424,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) continue; /* Definitely composite, skip */ debug2("test q = largebase+%u", 2 * j); - BN_set_word(q, 2 * j); - BN_add(q, q, largebase); + if (BN_set_word(q, 2 * j) == 0) + fatal("BN_set_word failed"); + if (BN_add(q, q, largebase) == 0) + fatal("BN_add failed"); if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, largetries, (power - 1) /* MSB */, (0), q) == -1) { ret = -1; @@ -470,9 +478,12 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) time(&time_start); - p = BN_new(); - q = BN_new(); - ctx = BN_CTX_new(); + if ((p = BN_new()) == NULL) + fatal("BN_new failed"); + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); + if ((ctx = BN_CTX_new()) == NULL) + fatal("BN_CTX_new failed"); debug2("%.24s Final %u Miller-Rabin trials (%x generator)", ctime(&time_start), trials, generator_wanted); @@ -520,10 +531,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) case QTYPE_SOPHIE_GERMAIN: debug2("%10u: (%u) Sophie-Germain", count_in, in_type); a = q; - BN_hex2bn(&a, cp); + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); /* p = 2*q + 1 */ - BN_lshift(p, q, 1); - BN_add_word(p, 1); + if (BN_lshift(p, q, 1) == 0) + fatal("BN_lshift failed"); + if (BN_add_word(p, 1) == 0) + fatal("BN_add_word failed"); in_size += 1; generator_known = 0; break; @@ -534,9 +548,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); a = p; - BN_hex2bn(&a, cp); + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); /* q = (p-1) / 2 */ - BN_rshift(q, p, 1); + if (BN_rshift(q, p, 1) == 0) + fatal("BN_rshift failed"); break; default: debug2("Unknown prime type"); diff --git a/rsa.c b/rsa.c index 08cc82007..bec1d190b 100644 --- a/rsa.c +++ b/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -91,7 +91,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) RSA_PKCS1_PADDING)) <= 0) fatal("rsa_public_encrypt() failed"); - BN_bin2bn(outbuf, len, out); + if (BN_bin2bn(outbuf, len, out) == NULL) + fatal("rsa_public_encrypt: BN_bin2bn failed"); memset(outbuf, 0, olen); memset(inbuf, 0, ilen); @@ -116,7 +117,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) RSA_PKCS1_PADDING)) <= 0) { error("rsa_private_decrypt() failed"); } else { - BN_bin2bn(outbuf, len, out); + if (BN_bin2bn(outbuf, len, out) == NULL) + fatal("rsa_private_decrypt: BN_bin2bn failed"); } memset(outbuf, 0, olen); memset(inbuf, 0, ilen); @@ -137,11 +139,11 @@ rsa_generate_additional_parameters(RSA *rsa) if ((ctx = BN_CTX_new()) == NULL) fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); - BN_sub(aux, rsa->q, BN_value_one()); - BN_mod(rsa->dmq1, rsa->d, aux, ctx); - - BN_sub(aux, rsa->p, BN_value_one()); - BN_mod(rsa->dmp1, rsa->d, aux, ctx); + if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || + (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || + (BN_sub(aux, rsa->p, BN_value_one()) == 0) || + (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) + fatal("rsa_generate_additional_parameters: BN_sub/mod failed"); BN_clear_free(aux); BN_CTX_free(ctx); diff --git a/scard.c b/scard.c index 328655edd..9fd3ca1b4 100644 --- a/scard.c +++ b/scard.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -391,15 +391,17 @@ sc_get_keys(const char *id, const char *pin) keys = xcalloc((nkeys+1), sizeof(Key *)); n = key_new(KEY_RSA1); - BN_copy(n->rsa->n, k->rsa->n); - BN_copy(n->rsa->e, k->rsa->e); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("sc_get_keys: BN_copy failed"); RSA_set_method(n->rsa, sc_get_rsa()); n->flags |= KEY_FLAG_EXT; keys[0] = n; n = key_new(KEY_RSA); - BN_copy(n->rsa->n, k->rsa->n); - BN_copy(n->rsa->e, k->rsa->e); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("sc_get_keys: BN_copy failed"); RSA_set_method(n->rsa, sc_get_rsa()); n->flags |= KEY_FLAG_EXT; keys[1] = n; diff --git a/ssh-dss.c b/ssh-dss.c index fbc078e84..51a06e98f 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.24 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -161,8 +161,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, fatal("ssh_dss_verify: BN_new failed"); if ((sig->s = BN_new()) == NULL) fatal("ssh_dss_verify: BN_new failed"); - BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); - BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) + fatal("ssh_dss_verify: BN_bin2bn failed"); /* clean up */ memset(sigblob, 0, len); diff --git a/ssh-keygen.c b/ssh-keygen.c index 969bd2359..1f42b9358 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -222,7 +222,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value) if (buffer_len(b) < bytes) fatal("buffer_get_bignum_bits: input buffer too small: " "need %d have %d", bytes, buffer_len(b)); - BN_bin2bn(buffer_ptr(b), bytes, value); + if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL) + fatal("buffer_get_bignum_bits: BN_bin2bn failed"); buffer_consume(b, bytes); } diff --git a/sshconnect1.c b/sshconnect1.c index 90fcb344f..fd07bbf74 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -563,14 +563,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr) * the first 16 bytes of the session id. */ if ((key = BN_new()) == NULL) - fatal("respond_to_rsa_challenge: BN_new failed"); - BN_set_word(key, 0); + fatal("ssh_kex: BN_new failed"); + if (BN_set_word(key, 0) == 0) + fatal("ssh_kex: BN_set_word failed"); for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { - BN_lshift(key, key, 8); - if (i < 16) - BN_add_word(key, session_key[i] ^ session_id[i]); - else - BN_add_word(key, session_key[i]); + if (BN_lshift(key, key, 8) == 0) + fatal("ssh_kex: BN_lshift failed"); + if (i < 16) { + if (BN_add_word(key, session_key[i] ^ session_id[i]) + == 0) + fatal("ssh_kex: BN_add_word failed"); + } else { + if (BN_add_word(key, session_key[i]) == 0) + fatal("ssh_kex: BN_add_word failed"); + } } /* diff --git a/sshd.c b/sshd.c index a5fa9e4eb..4aa1c98ed 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2013,10 +2013,10 @@ do_ssh1_kex(void) * key is in the highest bits. */ if (!rsafail) { - BN_mask_bits(session_key_int, sizeof(session_key) * 8); + (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); if (len < 0 || (u_int)len > sizeof(session_key)) { - error("do_connection: bad session key len from %s: " + error("do_ssh1_kex: bad session key len from %s: " "session_key_int %d > sizeof(session_key) %lu", get_remote_ipaddr(), len, (u_long)sizeof(session_key)); rsafail++; -- cgit v1.2.3 From fbba735aa315532e93a66754b1613c2acf2bde6d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Nov 2006 23:16:08 +1100 Subject: - markus@cvs.openbsd.org 2006/11/07 10:31:31 [monitor.c version.h] correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@ --- ChangeLog | 7 ++++++- monitor.c | 8 ++++---- version.h | 4 ++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8af3cf900..075ba5359 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,11 @@ [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@ + - markus@cvs.openbsd.org 2006/11/07 10:31:31 + [monitor.c version.h] + correctly check for bad signatures in the monitor, otherwise the monitor + and the unpriv process can get out of sync. with dtucker@, ok djm@, + dtucker@ 20061105 - (djm) OpenBSD CVS Sync @@ -2597,4 +2602,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ +$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $ diff --git a/monitor.c b/monitor.c index b20d0c726..48ae46ccc 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ +/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -350,7 +350,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1217,7 +1217,7 @@ mm_answer_keyverify(int sock, Buffer *m) verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1232,7 +1232,7 @@ mm_answer_keyverify(int sock, Buffer *m) buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void diff --git a/version.h b/version.h index 363e510ba..d16990a21 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ +/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ -#define SSH_VERSION "OpenSSH_4.4" +#define SSH_VERSION "OpenSSH_4.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From c2820c5822a974e21b82d45739abdaeaee5e183e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Nov 2006 23:25:45 +1100 Subject: - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump versions. --- ChangeLog | 4 +++- README | 4 ++-- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 075ba5359..7ec76986a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@ + - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump + versions. 20061105 - (djm) OpenBSD CVS Sync @@ -2602,4 +2604,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4586 2006/11/07 12:16:08 dtucker Exp $ +$Id: ChangeLog,v 1.4587 2006/11/07 12:25:45 dtucker Exp $ diff --git a/README b/README index d0bacc564..fb53b554b 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.4 for the release notes. +See http://www.openssh.com/txt/release-4.5 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.63 2006/09/01 11:32:53 dtucker Exp $ +$Id: README,v 1.64 2006/11/07 12:25:45 dtucker Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 60d0fb311..15d95195b 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.4p1 + %define version 4.5p1 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.58 2006/09/01 11:32:53 dtucker Exp $ +$Id: openssh.spec,v 1.59 2006/11/07 12:25:45 dtucker Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 58be31f4c..52e867623 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.4p1 +%define ver 4.5p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 8c1da610c..797964cd2 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.4p1 +Version: 4.5p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 14ea86391b250aaa65cdff8ac4b2c092c6d8d90e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Nov 2006 23:27:34 +1100 Subject: - (dtucker) Release 4.5p1. --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7ec76986a..3af5bc887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ dtucker@ - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump versions. + - (dtucker) Release 4.5p1. 20061105 - (djm) OpenBSD CVS Sync @@ -2604,4 +2605,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4587 2006/11/07 12:25:45 dtucker Exp $ +$Id: ChangeLog,v 1.4588 2006/11/07 12:27:34 dtucker Exp $ -- cgit v1.2.3 From b0781f79db208900b2d0fd4a1ee69e121bf37792 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 8 Nov 2006 10:01:36 +1100 Subject: - markus@cvs.openbsd.org 2006/11/07 13:02:07 [dh.c] BN_hex2bn returns int; from dtucker@ --- ChangeLog | 8 +++++++- dh.c | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3af5bc887..ad9bad164 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20061108 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2006/11/07 13:02:07 + [dh.c] + BN_hex2bn returns int; from dtucker@ + 20061107 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it if we absolutely need it. Pointed out by Corinna, ok djm@ @@ -2605,4 +2611,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4588 2006/11/07 12:27:34 dtucker Exp $ +$Id: ChangeLog,v 1.4589 2006/11/07 23:01:36 dtucker Exp $ diff --git a/dh.c b/dh.c index e708ff78b..78e230b9f 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -254,9 +254,9 @@ dh_new_group_asc(const char *gen, const char *modulus) if ((dh = DH_new()) == NULL) fatal("dh_new_group_asc: DH_new"); - if (BN_hex2bn(&dh->p, modulus) == NULL) + if (BN_hex2bn(&dh->p, modulus) == 0) fatal("BN_hex2bn p"); - if (BN_hex2bn(&dh->g, gen) == NULL) + if (BN_hex2bn(&dh->g, gen) == 0) fatal("BN_hex2bn g"); return (dh); -- cgit v1.2.3 From 143c2ef1ce072966d27d269d9acfed08796c390c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 5 Dec 2006 09:08:54 +1100 Subject: - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled. --- ChangeLog | 7 ++++++- auth.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad9bad164..a790a988d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20061205 + - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would + occur if the server did not have the privsep user and an invalid user + tried to login and both privsep and krb5 auth are disabled; ok dtucker@ + 20061108 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2006/11/07 13:02:07 @@ -2611,4 +2616,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4589 2006/11/07 23:01:36 dtucker Exp $ +$Id: ChangeLog,v 1.4590 2006/12/04 22:08:54 djm Exp $ diff --git a/auth.c b/auth.c index 5d23343b9..505102f8a 100644 --- a/auth.c +++ b/auth.c @@ -569,8 +569,8 @@ fakepw(void) fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; - fake.pw_uid = privsep_pw->pw_uid; - fake.pw_gid = privsep_pw->pw_gid; + fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; + fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; #ifdef HAVE_PW_CLASS_IN_PASSWD fake.pw_class = ""; #endif -- cgit v1.2.3 From be6db83462c0d4a7067ab303644440026c93d685 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 5 Dec 2006 22:58:09 +1100 Subject: - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ --- ChangeLog | 3 ++- openbsd-compat/bsd-asprintf.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a790a988d..c14cf03d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled; ok dtucker@ + - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ 20061108 - (dtucker) OpenBSD CVS Sync @@ -2616,4 +2617,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4590 2006/12/04 22:08:54 djm Exp $ +$Id: ChangeLog,v 1.4591 2006/12/05 11:58:09 djm Exp $ diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c index 67480139e..00fa0dfd8 100644 --- a/openbsd-compat/bsd-asprintf.c +++ b/openbsd-compat/bsd-asprintf.c @@ -39,7 +39,8 @@ #define INIT_SZ 128 -int vasprintf(char **str, const char *fmt, va_list ap) +int +vasprintf(char **str, const char *fmt, va_list ap) { int ret = -1; va_list ap2; @@ -53,7 +54,7 @@ int vasprintf(char **str, const char *fmt, va_list ap) ret = vsnprintf(string, INIT_SZ, fmt, ap2); if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ *str = string; - } else if (ret == INT_MAX) { /* shouldn't happen */ + } else if (ret == INT_MAX || ret < 0) { /* Bad length */ goto fail; } else { /* bigger than initial, realloc allowing for nul */ len = (size_t)ret + 1; -- cgit v1.2.3 From df8b7db16e6ac2cfc216167af0ff1f338e196658 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:22:57 +1100 Subject: - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 [ssh-keygen.c] use argc and argv not some made up short form --- ChangeLog | 8 +++++++- ssh-keygen.c | 12 ++++++------ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index c14cf03d8..cd1c913f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20070105 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 + [ssh-keygen.c] + use argc and argv not some made up short form + 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would occur if the server did not have the privsep user and an invalid user @@ -2617,4 +2623,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4591 2006/12/05 11:58:09 djm Exp $ +$Id: ChangeLog,v 1.4592 2007/01/05 05:22:57 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 1f42b9358..dfa1166c2 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.156 2006/11/14 19:41:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1049,7 +1049,7 @@ usage(void) * Main program for key management. */ int -main(int ac, char **av) +main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char out_file[MAXPATHLEN], *reader_id = NULL; @@ -1074,7 +1074,7 @@ main(int ac, char **av) __progname = ssh_get_progname(av[0]); SSLeay_add_all_algorithms(); - log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); seed_rng(); @@ -1090,7 +1090,7 @@ main(int ac, char **av) exit(1); } - while ((opt = getopt(ac, av, + while ((opt = getopt(argc, argv, "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': @@ -1223,9 +1223,9 @@ main(int ac, char **av) } /* reinit */ - log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1); + log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1); - if (optind < ac) { + if (optind < argc) { printf("Too many arguments.\n"); usage(); } -- cgit v1.2.3 From 3ca8b7717933e28b8bd896aab1738e937e1a3117 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:24:47 +1100 Subject: - ray@cvs.openbsd.org 2006/11/23 01:35:11 [misc.c sftp.c] Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@. --- ChangeLog | 6 +++++- misc.c | 4 +++- sftp.c | 6 +++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index cd1c913f3..e9ac1c55b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 [ssh-keygen.c] use argc and argv not some made up short form + - ray@cvs.openbsd.org 2006/11/23 01:35:11 + [misc.c sftp.c] + Don't access buf[strlen(buf) - 1] for zero-length strings. + ``ok by me'' djm@. 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2623,4 +2627,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4592 2007/01/05 05:22:57 djm Exp $ +$Id: ChangeLog,v 1.4593 2007/01/05 05:24:47 djm Exp $ diff --git a/misc.c b/misc.c index 78bca2fae..625a34368 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -616,6 +616,8 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, u_long *lineno) { while (fgets(buf, bufsz, f) != NULL) { + if (buf[0] == '\0') + continue; (*lineno)++; if (buf[strlen(buf) - 1] == '\n' || feof(f)) { return 0; diff --git a/sftp.c b/sftp.c index a39c782f7..990b0cbbd 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */ +/* $OpenBSD: sftp.c,v 1.94 2006/11/23 01:35:11 ray Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -298,11 +298,11 @@ static char * path_append(char *p1, char *p2) { char *ret; - int len = strlen(p1) + strlen(p2) + 2; + size_t len = strlen(p1) + strlen(p2) + 2; ret = xmalloc(len); strlcpy(ret, p1, len); - if (p1[strlen(p1) - 1] != '/') + if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/') strlcat(ret, "/", len); strlcat(ret, p2, len); -- cgit v1.2.3 From c0367fb0d25fe72328c9d0ad3ad4ec21c024115e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:25:46 +1100 Subject: - markus@cvs.openbsd.org 2006/12/11 21:25:46 [ssh-keygen.1 ssh.1] add rfc 4716 (public key format); ok jmc --- ChangeLog | 5 ++++- ssh-keygen.1 | 15 ++++++--------- ssh.1 | 7 ++++++- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9ac1c55b..d6e3890f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ [misc.c sftp.c] Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@. + - markus@cvs.openbsd.org 2006/12/11 21:25:46 + [ssh-keygen.1 ssh.1] + add rfc 4716 (public key format); ok jmc 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2627,4 +2630,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4593 2007/01/05 05:24:47 djm Exp $ +$Id: ChangeLog,v 1.4594 2007/01/05 05:25:46 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index ab16bcd77..850ac327b 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.73 2006/12/11 21:25:46 markus Exp $ .\" .\" -*- nroff -*- .\" @@ -205,8 +205,8 @@ Download the RSA public key stored in the smartcard in .Ar reader . .It Fl e This option will read a private or public OpenSSH key file and -print the key in a -.Sq SECSH Public Key File Format +print the key in +RFC 4716 SSH Public Key File Format to stdout. This option allows exporting keys for use by several commercial SSH implementations. @@ -450,12 +450,9 @@ The file format is described in .Xr moduli 5 , .Xr sshd 8 .Rs -.%A J. Galbraith -.%A R. Thayer -.%T "SECSH Public Key File Format" -.%N draft-ietf-secsh-publickeyfile-01.txt -.%D March 2001 -.%O work in progress material +.%R RFC 4716 +.%T "The Secure Shell (SSH) Public Key File Format" +.%D 2006 .Re .Sh AUTHORS OpenSSH is a derivative of the original and free diff --git a/ssh.1 b/ssh.1 index 93be52f96..b87ab4171 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ +.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1418,6 +1418,11 @@ manual page for more information. .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" .%D 2006 .Re +.Rs +.%R RFC 4716 +.%T "The Secure Shell (SSH) Public Key File Format" +.%D 2006 +.Re .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. -- cgit v1.2.3 From 1ec462658edd8bfea2b5cab461bb9d513e29a151 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:26:45 +1100 Subject: - djm@cvs.openbsd.org 2006/12/12 03:58:42 [channels.c compat.c compat.h] bz #1019: some ssh.com versions apparently can't cope with the remote port forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@ --- ChangeLog | 9 ++++++++- channels.c | 19 +++++++++++++------ compat.c | 5 +++-- compat.h | 3 ++- 4 files changed, 26 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index d6e3890f1..a149b0a54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,13 @@ - markus@cvs.openbsd.org 2006/12/11 21:25:46 [ssh-keygen.1 ssh.1] add rfc 4716 (public key format); ok jmc + - djm@cvs.openbsd.org 2006/12/12 03:58:42 + [channels.c compat.c compat.h] + bz #1019: some ssh.com versions apparently can't cope with the + remote port forwarding bind_address being a hostname, so send + them an address for cases where they are not explicitly + specified (wildcard or localhost bind). reported by daveroth AT + acm.org; ok dtucker@ deraadt@ 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2630,4 +2637,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4594 2007/01/05 05:25:46 djm Exp $ +$Id: ChangeLog,v 1.4595 2007/01/05 05:26:45 djm Exp $ diff --git a/channels.c b/channels.c index 26b63a1aa..6be121970 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.267 2006/12/12 03:58:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2525,11 +2525,18 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind; - if (listen_host == NULL) - address_to_bind = "localhost"; - else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) - address_to_bind = ""; - else + if (listen_host == NULL) { + if (datafellows & SSH_BUG_RFWD_ADDR) + address_to_bind = "127.0.0.1"; + else + address_to_bind = "localhost"; + } else if (*listen_host == '\0' || + strcmp(listen_host, "*") == 0) { + if (datafellows & SSH_BUG_RFWD_ADDR) + address_to_bind = "0.0.0.0"; + else + address_to_bind = ""; + } else address_to_bind = listen_host; packet_start(SSH2_MSG_GLOBAL_REQUEST); diff --git a/compat.c b/compat.c index da67f9410..bc1131581 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -133,7 +133,8 @@ compat_datafellows(const char *version) { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| SSH_BUG_FIRSTKEX }, { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ - { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX }, + { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| + SSH_BUG_RFWD_ADDR }, { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, diff --git a/compat.h b/compat.h index 83d469d53..4d8ebc908 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -56,6 +56,7 @@ #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 #define SSH_OLD_FORWARD_ADDR 0x01000000 +#define SSH_BUG_RFWD_ADDR 0x02000000 void enable_compat13(void); void enable_compat20(void); -- cgit v1.2.3 From a29b95ec3a0294e62edd7ed26c515bb1a9dc6d6a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:28:36 +1100 Subject: - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 [servconf.c] Make PermitOpen work with multiple values like the man pages says. bz #1267 with details from peter at dmtz.com, with & ok djm@ --- ChangeLog | 6 +++++- servconf.c | 9 +++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index a149b0a54..9a0d97319 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@ + - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 + [servconf.c] + Make PermitOpen work with multiple values like the man pages says. + bz #1267 with details from peter at dmtz.com, with & ok djm@ 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2637,4 +2641,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4595 2007/01/05 05:26:45 djm Exp $ +$Id: ChangeLog,v 1.4596 2007/01/05 05:28:36 djm Exp $ diff --git a/servconf.c b/servconf.c index 1f80de22d..83b634976 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.166 2006/12/13 08:34:39 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1227,6 +1227,9 @@ parse_flag: } break; } + n = options->num_permitted_opens; /* modified later */ + if (*activep && n == -1) + channel_clear_adm_permitted_opens(); for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { p = hpdelim(&arg); if (p == NULL) @@ -1236,11 +1239,9 @@ parse_flag: if (arg == NULL || (port = a2port(arg)) == 0) fatal("%s line %d: bad port number in " "PermitOpen", filename, linenum); - if (*activep && options->num_permitted_opens == -1) { - channel_clear_adm_permitted_opens(); + if (*activep && n == -1) options->num_permitted_opens = channel_add_adm_permitted_opens(p, port); - } } break; -- cgit v1.2.3 From 9fc6a56204d6a1245e79346ed5e714f70c6dc9cc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:29:02 +1100 Subject: - dtucker@cvs.openbsd.org 2006/12/14 10:01:14 [servconf.c] Make "PermitOpen all" first-match within a block to match the way other options work. ok markus@ djm@ --- ChangeLog | 6 +++++- servconf.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a0d97319..1c893a1d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,10 @@ [servconf.c] Make PermitOpen work with multiple values like the man pages says. bz #1267 with details from peter at dmtz.com, with & ok djm@ + - dtucker@cvs.openbsd.org 2006/12/14 10:01:14 + [servconf.c] + Make "PermitOpen all" first-match within a block to match the way other + options work. ok markus@ djm@ 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2641,4 +2645,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4596 2007/01/05 05:28:36 djm Exp $ +$Id: ChangeLog,v 1.4597 2007/01/05 05:29:02 djm Exp $ diff --git a/servconf.c b/servconf.c index 83b634976..872ff4a87 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.166 2006/12/13 08:34:39 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.167 2006/12/14 10:01:14 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1220,14 +1220,14 @@ parse_flag: if (!arg || *arg == '\0') fatal("%s line %d: missing PermitOpen specification", filename, linenum); + n = options->num_permitted_opens; /* modified later */ if (strcmp(arg, "any") == 0) { - if (*activep) { + if (*activep && n == -1) { channel_clear_adm_permitted_opens(); options->num_permitted_opens = 0; } break; } - n = options->num_permitted_opens; /* modified later */ if (*activep && n == -1) channel_clear_adm_permitted_opens(); for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { -- cgit v1.2.3 From d94fc72bcdd7d9f5a4f02c165c34ed3ffc12ed2b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:29:30 +1100 Subject: - jmc@cvs.openbsd.org 2007/01/02 09:57:25 [sshd_config.5] do not use lists for SYNOPSIS; from eric s. raymond via brad --- ChangeLog | 6 +++++- sshd_config.5 | 6 ++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1c893a1d7..1c090460c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,10 @@ [servconf.c] Make "PermitOpen all" first-match within a block to match the way other options work. ok markus@ djm@ + - jmc@cvs.openbsd.org 2007/01/02 09:57:25 + [sshd_config.5] + do not use lists for SYNOPSIS; + from eric s. raymond via brad 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2645,4 +2649,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4597 2007/01/05 05:29:02 djm Exp $ +$Id: ChangeLog,v 1.4598 2007/01/05 05:29:30 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 2bcaf2245..53207fd84 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.71 2007/01/02 09:57:25 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -42,9 +42,7 @@ .Nm sshd_config .Nd OpenSSH SSH daemon configuration file .Sh SYNOPSIS -.Bl -tag -width Ds -compact -.It Pa /etc/ssh/sshd_config -.El +.Nm /etc/ssh/sshd_config .Sh DESCRIPTION .Xr sshd 8 reads configuration data from -- cgit v1.2.3 From 6c7439f963c04ddeedbb858c5f96647eea3c9360 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:29:55 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 [ssh-keygen.c] remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan --- ChangeLog | 5 ++++- ssh-keygen.c | 7 +++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1c090460c..897eb13c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,9 @@ [sshd_config.5] do not use lists for SYNOPSIS; from eric s. raymond via brad + - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 + [ssh-keygen.c] + remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2649,4 +2652,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4598 2007/01/05 05:29:30 djm Exp $ +$Id: ChangeLog,v 1.4599 2007/01/05 05:29:55 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index dfa1166c2..f43b12493 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.156 2006/11/14 19:41:04 deraadt Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.157 2007/01/03 00:53:38 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -346,9 +346,8 @@ get_line(FILE *fp, char *line, size_t len) line[pos++] = c; line[pos] = '\0'; } - if (c == EOF) - return -1; - return pos; + /* We reached EOF */ + return -1; } static void -- cgit v1.2.3 From 80163907edd6a3c7c8de7a40ab9803528cd3acb7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:30:16 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] spaces --- ChangeLog | 5 ++++- auth2-chall.c | 4 ++-- channels.c | 4 ++-- dns.c | 4 ++-- sftp.c | 4 ++-- ssh-keygen.c | 6 +++--- ssh.c | 4 ++-- 7 files changed, 17 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 897eb13c2..30d73c556 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 [ssh-keygen.c] remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan + - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 + [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] + spaces 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2652,4 +2655,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4599 2007/01/05 05:29:55 djm Exp $ +$Id: ChangeLog,v 1.4600 2007/01/05 05:30:16 djm Exp $ diff --git a/auth2-chall.c b/auth2-chall.c index b78b739cd..51059c2bd 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.32 2007/01/03 03:01:40 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -206,7 +206,7 @@ auth2_challenge_stop(Authctxt *authctxt) { /* unregister callback */ dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); - if (authctxt->kbdintctxt != NULL) { + if (authctxt->kbdintctxt != NULL) { kbdint_free(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; } diff --git a/channels.c b/channels.c index 6be121970..9d522a6c3 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.267 2006/12/12 03:58:42 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1052,7 +1052,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) if (have < nmethods + 2) return 0; /* look for method: "NO AUTHENTICATION REQUIRED" */ - for (found = 0, i = 2 ; i < nmethods + 2; i++) { + for (found = 0, i = 2; i < nmethods + 2; i++) { if (p[i] == SSH_SOCKS5_NOAUTH) { found = 1; break; diff --git a/dns.c b/dns.c index 92623de72..a89176f88 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -217,7 +217,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (fingerprints->rri_nrdatas) *flags |= DNS_VERIFY_FOUND; - for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { + for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { /* * Extract the key from the answer. Ignore any badly * formatted fingerprints. diff --git a/sftp.c b/sftp.c index 990b0cbbd..c54333d82 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.94 2006/11/23 01:35:11 ray Exp $ */ +/* $OpenBSD: sftp.c,v 1.95 2007/01/03 03:01:40 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1566,7 +1566,7 @@ main(int argc, char **argv) fprintf(stderr, "Missing username\n"); usage(); } - addargs(&args, "-l%s",userhost); + addargs(&args, "-l%s", userhost); } if ((cp = colon(host)) != NULL) { diff --git a/ssh-keygen.c b/ssh-keygen.c index f43b12493..4c5b14005 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.157 2007/01/03 00:53:38 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.158 2007/01/03 03:01:40 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -253,7 +253,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) i2 = buffer_get_int(&b); i3 = buffer_get_int(&b); i4 = buffer_get_int(&b); - debug("ignore (%d %d %d %d)", i1,i2,i3,i4); + debug("ignore (%d %d %d %d)", i1, i2, i3, i4); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); xfree(cipher); @@ -553,7 +553,7 @@ do_fingerprint(struct passwd *pw) for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '\n' || *cp == '#') - continue ; + continue; i = strtol(cp, &ep, 10); if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { int quoted = 0; diff --git a/ssh.c b/ssh.c index 47297edbb..cfaa1ff22 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -614,7 +614,7 @@ main(int ac, char **av) if (!read_config_file(config, host, &options, 0)) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); - } else { + } else { snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); (void)read_config_file(buf, host, &options, 1); -- cgit v1.2.3 From b6c85fcf37299e5c997a92f9aa39726aa6f34318 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:30:41 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 [sftp.c] ARGSUSED for lint --- ChangeLog | 5 ++++- sftp.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 30d73c556..42ddf779a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,9 @@ - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] spaces + - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 + [sftp.c] + ARGSUSED for lint 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2655,4 +2658,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4600 2007/01/05 05:30:16 djm Exp $ +$Id: ChangeLog,v 1.4601 2007/01/05 05:30:41 djm Exp $ diff --git a/sftp.c b/sftp.c index c54333d82..f0d5dd557 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.95 2007/01/03 03:01:40 stevesk Exp $ */ +/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -166,6 +166,7 @@ static const struct CMD cmds[] = { int interactive_loop(int fd_in, int fd_out, char *file1, char *file2); +/* ARGSUSED */ static void killchild(int signo) { @@ -177,6 +178,7 @@ killchild(int signo) _exit(1); } +/* ARGSUSED */ static void cmd_interrupt(int signo) { -- cgit v1.2.3 From e2334d600bda80d5d07beb501da64f234c63800e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Jan 2007 16:31:02 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/03 07:22:36 [sftp-server.c] spaces --- ChangeLog | 5 ++++- sftp-server.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42ddf779a..0a733c295 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,9 @@ - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 [sftp.c] ARGSUSED for lint + - stevesk@cvs.openbsd.org 2007/01/03 07:22:36 + [sftp-server.c] + spaces 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2658,4 +2661,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4601 2007/01/05 05:30:41 djm Exp $ +$Id: ChangeLog,v 1.4602 2007/01/05 05:31:02 djm Exp $ diff --git a/sftp-server.c b/sftp-server.c index c57958b0f..64777beff 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.70 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -663,7 +663,7 @@ process_fstat(void) debug("request %u: fstat \"%s\" (handle %u)", id, handle_to_name(handle), handle); fd = handle_to_fd(handle); - if (fd >= 0) { + if (fd >= 0) { ret = fstat(fd, &st); if (ret < 0) { status = errno_to_portable(errno); -- cgit v1.2.3 From 9ac56e945bbdd1f05e26d5dd7535b69d079a94a2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 14 Jan 2007 10:19:59 +1100 Subject: - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync. --- ChangeLog | 5 ++++- ssh-keygen.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0a733c295..9b07eddd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20070114 + - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync. + 20070105 - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 @@ -2661,4 +2664,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4602 2007/01/05 05:31:02 djm Exp $ +$Id: ChangeLog,v 1.4603 2007/01/13 23:19:59 dtucker Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 4c5b14005..670024b2e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1070,7 +1070,7 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - __progname = ssh_get_progname(av[0]); + __progname = ssh_get_progname(argv[0]); SSLeay_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); -- cgit v1.2.3 From e67ac00b9b76f126eec0ec4f0fc02ae66b5a1ad7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 14 Jan 2007 10:26:25 +1100 Subject: typo --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9b07eddd2..bad97ecf0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,5 @@ 20070114 - - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync. + - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. 20070105 - (djm) OpenBSD CVS Sync @@ -2664,4 +2664,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4603 2007/01/13 23:19:59 dtucker Exp $ +$Id: ChangeLog,v 1.4604 2007/01/13 23:26:25 dtucker Exp $ -- cgit v1.2.3 From 742cc1c19420db71275d3e8ef9fb86d96a463a4b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 14 Jan 2007 21:20:30 +1100 Subject: - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return value of snprintf replacement, similar to bugs in various libc implementations. This overflow is not exploitable in OpenSSH. While I'm fiddling with it, make it a fair bit faster by inlining the append-char routine; ok dtucker@ --- ChangeLog | 7 +- openbsd-compat/bsd-snprintf.c | 164 ++++++++++++++++++++++++++---------------- 2 files changed, 107 insertions(+), 64 deletions(-) diff --git a/ChangeLog b/ChangeLog index bad97ecf0..7682c5c54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 20070114 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. + - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return + value of snprintf replacement, similar to bugs in various libc + implementations. This overflow is not exploitable in OpenSSH. + While I'm fiddling with it, make it a fair bit faster by inlining the + append-char routine; ok dtucker@ 20070105 - (djm) OpenBSD CVS Sync @@ -2664,4 +2669,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4604 2007/01/13 23:26:25 dtucker Exp $ +$Id: ChangeLog,v 1.4605 2007/01/14 10:20:30 djm Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index 04651e1d4..cefb1d1ad 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -85,6 +85,11 @@ * * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even * if the C library has some snprintf functions already. + * + * Damien Miller (djm@mindrot.org) Jan 2007 + * Fix integer overflows in return value. + * Make formatting quite a bit faster by inlining dopr_outch() + * **************************************************************/ #include "includes.h" @@ -112,6 +117,8 @@ #include #include #include +#include +#include #ifdef HAVE_LONG_DOUBLE # define LDOUBLE long double @@ -159,17 +166,27 @@ # define MAX(p,q) (((p) >= (q)) ? (p) : (q)) #endif -static size_t dopr(char *buffer, size_t maxlen, const char *format, - va_list args_in); -static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, - char *value, int flags, int min, int max); -static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - LLONG value, int base, int min, int max, int flags); -static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, - LDOUBLE fvalue, int min, int max, int flags); -static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); - -static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) +#define DOPR_OUTCH(buf, pos, buflen, thechar) \ + do { \ + if (++pos >= INT_MAX) { \ + errno = ERANGE; \ + return -1; \ + if (pos < buflen) \ + buf[pos] = thechar; \ + } \ + } while (0) + +static int dopr(char *buffer, size_t maxlen, const char *format, + va_list args_in); +static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max); +static int fmtint(char *buffer, size_t *currlen, size_t maxlen, + LLONG value, int base, int min, int max, int flags); +static int fmtfp(char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags); + +static int +dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) { char ch; LLONG value; @@ -198,8 +215,8 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args case DP_S_DEFAULT: if (ch == '%') state = DP_S_FLAGS; - else - dopr_outch (buffer, &currlen, maxlen, ch); + else + DOPR_OUTCH(buffer, currlen, maxlen, ch); ch = *format++; break; case DP_S_FLAGS: @@ -298,7 +315,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args value = va_arg (args, LLONG); else value = va_arg (args, int); - fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); + if (fmtint(buffer, &currlen, maxlen, + value, 10, min, max, flags) == -1) + return -1; break; case 'o': flags |= DP_F_UNSIGNED; @@ -310,7 +329,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args value = (long)va_arg (args, unsigned LLONG); else value = (long)va_arg (args, unsigned int); - fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); + if (fmtint(buffer, &currlen, maxlen, value, + 8, min, max, flags) == -1) + return -1; break; case 'u': flags |= DP_F_UNSIGNED; @@ -322,7 +343,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args value = (LLONG)va_arg (args, unsigned LLONG); else value = (long)va_arg (args, unsigned int); - fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); + if (fmtint(buffer, &currlen, maxlen, value, + 10, min, max, flags) == -1) + return -1; break; case 'X': flags |= DP_F_UP; @@ -336,15 +359,18 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args value = (LLONG)va_arg (args, unsigned LLONG); else value = (long)va_arg (args, unsigned int); - fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); + if (fmtint(buffer, &currlen, maxlen, value, + 16, min, max, flags) == -1) + return -1; break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, LDOUBLE); else fvalue = va_arg (args, double); - /* um, floating point? */ - fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; break; case 'E': flags |= DP_F_UP; @@ -353,7 +379,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args fvalue = va_arg (args, LDOUBLE); else fvalue = va_arg (args, double); - fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; break; case 'G': flags |= DP_F_UP; @@ -362,10 +390,13 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args fvalue = va_arg (args, LDOUBLE); else fvalue = va_arg (args, double); - fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); + if (fmtfp(buffer, &currlen, maxlen, fvalue, + min, max, flags) == -1) + return -1; break; case 'c': - dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); + DOPR_OUTCH(buffer, currlen, maxlen, + va_arg (args, int)); break; case 's': strvalue = va_arg (args, char *); @@ -374,11 +405,15 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args max = strlen(strvalue); } if (min > 0 && max >= 0 && min > max) max = min; - fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); + if (fmtstr(buffer, &currlen, maxlen, + strvalue, flags, min, max) == -1) + return -1; break; case 'p': strvalue = va_arg (args, void *); - fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); + if (fmtint(buffer, &currlen, maxlen, + (long) strvalue, 16, min, max, flags) == -1) + return -1; break; case 'n': if (cflags == DP_C_SHORT) { @@ -400,7 +435,7 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args } break; case '%': - dopr_outch (buffer, &currlen, maxlen, ch); + DOPR_OUTCH(buffer, currlen, maxlen, ch); break; case 'w': /* not supported yet, treat as next char */ @@ -429,11 +464,12 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args buffer[maxlen - 1] = '\0'; } - return currlen; + return currlen < INT_MAX ? (int)currlen : -1; } -static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, - char *value, int flags, int min, int max) +static int +fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max) { int padlen, strln; /* amount to pad */ int cnt = 0; @@ -453,24 +489,26 @@ static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, padlen = -padlen; /* Left Justify */ while ((padlen > 0) && (cnt < max)) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --padlen; ++cnt; } while (*value && (cnt < max)) { - dopr_outch (buffer, currlen, maxlen, *value++); + DOPR_OUTCH(buffer, *currlen, maxlen, *value++); ++cnt; } while ((padlen < 0) && (cnt < max)) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); ++padlen; ++cnt; } + return 0; } /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ -static void fmtint(char *buffer, size_t *currlen, size_t maxlen, +static int +fmtint(char *buffer, size_t *currlen, size_t maxlen, LLONG value, int base, int min, int max, int flags) { int signvalue = 0; @@ -527,31 +565,32 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, /* Spaces */ while (spadlen > 0) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --spadlen; } /* Sign */ if (signvalue) - dopr_outch (buffer, currlen, maxlen, signvalue); + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); /* Zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - dopr_outch (buffer, currlen, maxlen, '0'); + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); --zpadlen; } } /* Digits */ while (place > 0) - dopr_outch (buffer, currlen, maxlen, convert[--place]); + DOPR_OUTCH(buffer, *currlen, maxlen, convert[--place]); /* Left Justified spaces */ while (spadlen < 0) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); ++spadlen; } + return 0; } static LDOUBLE abs_val(LDOUBLE value) @@ -564,13 +603,13 @@ static LDOUBLE abs_val(LDOUBLE value) return result; } -static LDOUBLE POW10(int exp) +static LDOUBLE POW10(int val) { LDOUBLE result = 1; - while (exp) { + while (val) { result *= 10; - exp--; + val--; } return result; @@ -604,7 +643,10 @@ static double my_modf(double x0, double *iptr) } if (i == 100) { - /* yikes! the number is beyond what we can handle. What do we do? */ + /* + * yikes! the number is beyond what we can handle. + * What do we do? + */ (*iptr) = 0; return 0; } @@ -623,8 +665,9 @@ static double my_modf(double x0, double *iptr) } -static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, - LDOUBLE fvalue, int min, int max, int flags) +static int +fmtfp (char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags) { int signvalue = 0; double ufvalue; @@ -729,24 +772,24 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { - dopr_outch (buffer, currlen, maxlen, signvalue); + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); --padlen; signvalue = 0; } while (padlen > 0) { - dopr_outch (buffer, currlen, maxlen, '0'); + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); --padlen; } } while (padlen > 0) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --padlen; } if (signvalue) - dopr_outch (buffer, currlen, maxlen, signvalue); + DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); while (iplace > 0) - dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); + DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[--iplace]); #ifdef DEBUG_SNPRINTF printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); @@ -757,41 +800,37 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, * char to print out. */ if (max > 0) { - dopr_outch (buffer, currlen, maxlen, '.'); + DOPR_OUTCH(buffer, *currlen, maxlen, '.'); while (zpadlen > 0) { - dopr_outch (buffer, currlen, maxlen, '0'); + DOPR_OUTCH(buffer, *currlen, maxlen, '0'); --zpadlen; } while (fplace > 0) - dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); + DOPR_OUTCH(buffer, *currlen, maxlen, + fconvert[--fplace]); } while (padlen < 0) { - dopr_outch (buffer, currlen, maxlen, ' '); + DOPR_OUTCH(buffer, *currlen, maxlen, ' '); ++padlen; } -} - -static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) -{ - if (*currlen < maxlen) { - buffer[(*currlen)] = c; - } - (*currlen)++; + return 0; } #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ #if !defined(HAVE_VSNPRINTF) -int vsnprintf (char *str, size_t count, const char *fmt, va_list args) +static int +vsnprintf (char *str, size_t count, const char *fmt, va_list args) { return dopr(str, count, fmt, args); } #endif #if !defined(HAVE_SNPRINTF) -int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) +static int +snprintf(char *str, size_t count, const char *fmt, ...) { size_t ret; va_list ap; @@ -802,4 +841,3 @@ int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) return ret; } #endif - -- cgit v1.2.3 From eae5fa1b589a6d1ed3105326710c5d116eecf083 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Jan 2007 11:00:13 +1100 Subject: - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h and multiple including it causes problems on old IRIXes. (It snuck back in during a sync.) Found (again) by Georg Schwarz. --- ChangeLog | 7 ++++++- packet.c | 1 - 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7682c5c54..bc202b0a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070117 + - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h + and multiple including it causes problems on old IRIXes. (It snuck back + in during a sync.) Found (again) by Georg Schwarz. + 20070114 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return @@ -2669,4 +2674,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4605 2007/01/14 10:20:30 djm Exp $ +$Id: ChangeLog,v 1.4606 2007/01/17 00:00:13 dtucker Exp $ diff --git a/packet.c b/packet.c index ab5a01002..7d8fab1e9 100644 --- a/packet.c +++ b/packet.c @@ -47,7 +47,6 @@ # include #endif -#include #include #include #include -- cgit v1.2.3 From 9f7410528945a433f9f640c67677916623f3d7cf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 22 Jan 2007 12:44:53 +1100 Subject: - (djm) [ssh-rand-helper.8] manpage nits; from dleonard AT vintela.com (bz#1529) --- ChangeLog | 6 +++++- ssh-rand-helper.8 | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc202b0a7..dd8bd3561 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20070122 + - (djm) [ssh-rand-helper.8] manpage nits; + from dleonard AT vintela.com (bz#1529) + 20070117 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h and multiple including it causes problems on old IRIXes. (It snuck back @@ -2674,4 +2678,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4606 2007/01/17 00:00:13 dtucker Exp $ +$Id: ChangeLog,v 1.4607 2007/01/22 01:44:53 djm Exp $ diff --git a/ssh-rand-helper.8 b/ssh-rand-helper.8 index df559d332..af5a72fcb 100644 --- a/ssh-rand-helper.8 +++ b/ssh-rand-helper.8 @@ -1,4 +1,4 @@ -.\" $Id: ssh-rand-helper.8,v 1.2 2003/11/21 12:48:56 djm Exp $ +.\" $Id: ssh-rand-helper.8,v 1.3 2007/01/22 01:44:53 djm Exp $ .\" .\" Copyright (c) 2002 Damien Miller. All rights reserved. .\" @@ -27,7 +27,7 @@ .Os .Sh NAME .Nm ssh-rand-helper -.Nd Random number gatherer for OpenSSH +.Nd random number gatherer for OpenSSH .Sh SYNOPSIS .Nm ssh-rand-hlper .Op Fl vxXh @@ -82,7 +82,7 @@ Force output of a binary seed, even if standard output is a tty Turn on debugging message. Multiple .Fl v options will increase the debugging level. -.Fl h +.It Fl h Display a summary of options. .El .Sh AUTHORS -- cgit v1.2.3 From 07877ca68066593473fbe29dd309dcdc61b6d629 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 24 Jan 2007 00:07:29 +1100 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro so it works properly and modify its callers so that they don't pre or post decrement arguments that are conditionally evaluated. While there, put SNPRINTF_CONST back as it prevents build failures in some configurations. ok djm@ (for most of it) --- ChangeLog | 10 +++++++++- openbsd-compat/bsd-snprintf.c | 33 ++++++++++++++++++++------------- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index dd8bd3561..7dd2e4ab8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20070123 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public + library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro + so it works properly and modify its callers so that they don't pre or + post decrement arguments that are conditionally evaluated. While there, + put SNPRINTF_CONST back as it prevents build failures in some + configurations. ok djm@ (for most of it) + 20070122 - (djm) [ssh-rand-helper.8] manpage nits; from dleonard AT vintela.com (bz#1529) @@ -2678,4 +2686,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4607 2007/01/22 01:44:53 djm Exp $ +$Id: ChangeLog,v 1.4608 2007/01/23 13:07:29 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index cefb1d1ad..41d2be238 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -168,12 +168,13 @@ #define DOPR_OUTCH(buf, pos, buflen, thechar) \ do { \ - if (++pos >= INT_MAX) { \ + if (pos + 1 >= INT_MAX) { \ errno = ERANGE; \ return -1; \ + } \ if (pos < buflen) \ buf[pos] = thechar; \ - } \ + (pos)++; \ } while (0) static int dopr(char *buffer, size_t maxlen, const char *format, @@ -494,7 +495,8 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, ++cnt; } while (*value && (cnt < max)) { - DOPR_OUTCH(buffer, *currlen, maxlen, *value++); + DOPR_OUTCH(buffer, *currlen, maxlen, *value); + *value++; ++cnt; } while ((padlen < 0) && (cnt < max)) { @@ -582,8 +584,10 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, } /* Digits */ - while (place > 0) - DOPR_OUTCH(buffer, *currlen, maxlen, convert[--place]); + while (place > 0) { + --place; + DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]); + } /* Left Justified spaces */ while (spadlen < 0) { @@ -788,8 +792,10 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, if (signvalue) DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); - while (iplace > 0) - DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[--iplace]); + while (iplace > 0) { + --iplace; + DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]); + } #ifdef DEBUG_SNPRINTF printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); @@ -807,9 +813,10 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, --zpadlen; } - while (fplace > 0) - DOPR_OUTCH(buffer, *currlen, maxlen, - fconvert[--fplace]); + while (fplace > 0) { + --fplace; + DOPR_OUTCH(buffer, *currlen, maxlen, fconvert[fplace]); + } } while (padlen < 0) { @@ -821,7 +828,7 @@ fmtfp (char *buffer, size_t *currlen, size_t maxlen, #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ #if !defined(HAVE_VSNPRINTF) -static int +int vsnprintf (char *str, size_t count, const char *fmt, va_list args) { return dopr(str, count, fmt, args); @@ -829,8 +836,8 @@ vsnprintf (char *str, size_t count, const char *fmt, va_list args) #endif #if !defined(HAVE_SNPRINTF) -static int -snprintf(char *str, size_t count, const char *fmt, ...) +int +snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) { size_t ret; va_list ap; -- cgit v1.2.3 From e42bd24b22bdce7e58b517d0b797d1d66bbec52b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 29 Jan 2007 10:16:28 +1100 Subject: - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) when closing a tty session when a background process still holds tty fds open. Great detective work and patch by Marc Aurele La France, slightly tweaked by me; ok dtucker@ --- ChangeLog | 8 +++++++- channels.c | 10 ++++++---- serverloop.c | 20 ++++++++++++++++---- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7dd2e4ab8..481bcfddf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20070128 + - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) + when closing a tty session when a background process still holds tty + fds open. Great detective work and patch by Marc Aurele La France, + slightly tweaked by me; ok dtucker@ + 20070123 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro @@ -2686,4 +2692,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4608 2007/01/23 13:07:29 dtucker Exp $ +$Id: ChangeLog,v 1.4609 2007/01/28 23:16:28 djm Exp $ diff --git a/channels.c b/channels.c index 9d522a6c3..c68ad6419 100644 --- a/channels.c +++ b/channels.c @@ -1449,10 +1449,11 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) int len; if (c->rfd != -1 && - FD_ISSET(c->rfd, readset)) { + (c->detach_close || FD_ISSET(c->rfd, readset))) { errno = 0; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || + (errno == EAGAIN && !(c->isatty && c->detach_close)))) return 1; #ifndef PTY_ZEROREAD if (len <= 0) { @@ -1604,11 +1605,12 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) c->local_consumed += len; } } else if (c->extended_usage == CHAN_EXTENDED_READ && - FD_ISSET(c->efd, readset)) { + (c->detach_close || FD_ISSET(c->efd, readset))) { len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %d from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || + (errno == EAGAIN && !c->detach_close))) return 1; if (len <= 0) { debug2("channel %d: closing read-efd %d", diff --git a/serverloop.c b/serverloop.c index 69304b5fa..7e373f01b 100644 --- a/serverloop.c +++ b/serverloop.c @@ -280,6 +280,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, struct timeval tv, *tvp; int ret; int client_alive_scheduled = 0; + int program_alive_scheduled = 0; /* * if using client_alive, set the max timeout accordingly, @@ -317,6 +318,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * the client, try to get some more data from the program. */ if (packet_not_very_much_data_to_write()) { + program_alive_scheduled = child_terminated; if (!fdout_eof) FD_SET(fdout, *readsetp); if (!fderr_eof) @@ -362,8 +364,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, memset(*writesetp, 0, *nallocp); if (errno != EINTR) error("select: %.100s", strerror(errno)); - } else if (ret == 0 && client_alive_scheduled) - client_alive_check(); + } else { + if (ret == 0 && client_alive_scheduled) + client_alive_check(); + if (!compat20 && program_alive_scheduled && fdin_is_tty) { + if (!fdout_eof) + FD_SET(fdout, *readsetp); + if (!fderr_eof) + FD_SET(fderr, *readsetp); + } + } notify_done(*readsetp); } @@ -407,7 +417,8 @@ process_input(fd_set *readset) if (!fdout_eof && FD_ISSET(fdout, readset)) { errno = 0; len = read(fdout, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && (errno == EINTR || + (errno == EAGAIN && !child_terminated))) { /* do nothing */ #ifndef PTY_ZEROREAD } else if (len <= 0) { @@ -425,7 +436,8 @@ process_input(fd_set *readset) if (!fderr_eof && FD_ISSET(fderr, readset)) { errno = 0; len = read(fderr, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && (errno == EINTR || + (errno == EAGAIN && !child_terminated))) { /* do nothing */ #ifndef PTY_ZEROREAD } else if (len <= 0) { -- cgit v1.2.3 From bf6b328f27ec0e99fbcd5a22f1eab139be0a1fc0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:08:17 +1100 Subject: - jmc@cvs.openbsd.org 2007/01/10 13:23:22 [ssh_config.5] do not use a list for SYNOPSIS; this is actually part of a larger report sent by eric s. raymond and forwarded by brad, but i only read half of it. spotted by brad. --- ChangeLog | 10 +++++++++- ssh_config.5 | 8 +++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 481bcfddf..fa869b11f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20070219 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2007/01/10 13:23:22 + [ssh_config.5] + do not use a list for SYNOPSIS; + this is actually part of a larger report sent by eric s. raymond + and forwarded by brad, but i only read half of it. spotted by brad. + 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) when closing a tty session when a background process still holds tty @@ -2692,4 +2700,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4609 2007/01/28 23:16:28 djm Exp $ +$Id: ChangeLog,v 1.4610 2007/02/19 11:08:17 dtucker Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 20c58934a..c1ad53dcf 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -42,10 +42,8 @@ .Nm ssh_config .Nd OpenSSH SSH client configuration files .Sh SYNOPSIS -.Bl -tag -width Ds -compact -.It Pa ~/.ssh/config -.It Pa /etc/ssh/ssh_config -.El +.Nm ~/.ssh/config +.Nm /etc/ssh/ssh_config .Sh DESCRIPTION .Xr ssh 1 obtains configuration data from the following sources in -- cgit v1.2.3 From 26dc3e656a2643b8fcb37b24f54ab8e78d61389c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:09:06 +1100 Subject: - jmc@cvs.openbsd.org 2007/01/12 20:20:41 [ssh-keygen.1 ssh-keygen.c] more secsh -> rfc 4716 updates; spotted by wiz@netbsd ok markus --- ChangeLog | 7 ++++++- ssh-keygen.1 | 4 ++-- ssh-keygen.c | 6 +++--- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index fa869b11f..a8e28d7f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ do not use a list for SYNOPSIS; this is actually part of a larger report sent by eric s. raymond and forwarded by brad, but i only read half of it. spotted by brad. + - jmc@cvs.openbsd.org 2007/01/12 20:20:41 + [ssh-keygen.1 ssh-keygen.c] + more secsh -> rfc 4716 updates; + spotted by wiz@netbsd + ok markus 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2700,4 +2705,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4610 2007/02/19 11:08:17 dtucker Exp $ +$Id: ChangeLog,v 1.4611 2007/02/19 11:09:06 dtucker Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 850ac327b..5a8c8c471 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.73 2006/12/11 21:25:46 markus Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.74 2007/01/12 20:20:41 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -253,7 +253,7 @@ in SSH2-compatible format and print an OpenSSH compatible private (or public) key to stdout. .Nm also reads the -.Sq SECSH Public Key File Format . +RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations. .It Fl l diff --git a/ssh-keygen.c b/ssh-keygen.c index 670024b2e..ed3cdb3ed 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.158 2007/01/03 03:01:40 stevesk Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.159 2007/01/12 20:20:41 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1016,13 +1016,13 @@ usage(void) #ifdef SMARTCARD fprintf(stderr, " -D reader Download public key from smartcard.\n"); #endif /* SMARTCARD */ - fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); + fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n"); fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); fprintf(stderr, " -f filename Filename of the key file.\n"); fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); fprintf(stderr, " -g Use generic DNS resource record format.\n"); fprintf(stderr, " -H Hash names in known_hosts file.\n"); - fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); + fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); -- cgit v1.2.3 From a52c5b64868034d874c8a988f476a8b407d152b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:09:45 +1100 Subject: - dtucker@cvs.openbsd.org 2007/01/17 23:22:52 [readconf.c] Honour activep for times (eg ServerAliveInterval) while parsing ssh_config and ~/.ssh/config so they work properly with Host directives. From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@ --- readconf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readconf.c b/readconf.c index 4cacf6026..10bdb4b43 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: readconf.c,v 1.160 2007/01/17 23:22:52 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -364,7 +364,7 @@ parse_time: if ((value = convtime(arg)) == -1) fatal("%s line %d: invalid time value.", filename, linenum); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break; -- cgit v1.2.3 From 82a3d2bc6ff4e1a1031274f5298b8b2eddc0439f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:10:25 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] spaces --- auth-skey.c | 6 +++--- clientloop.c | 4 ++-- kex.c | 4 ++-- session.c | 6 +++--- ssh-keygen.c | 6 +++--- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/auth-skey.c b/auth-skey.c index 25073dbae..cb43dba48 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */ +/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -59,8 +59,8 @@ skey_query(void *ctx, char **name, char **infotxt, sizeof(challenge)) == -1) return -1; - *name = xstrdup(""); - *infotxt = xstrdup(""); + *name = xstrdup(""); + *infotxt = xstrdup(""); *numprompts = 1; *prompts = xcalloc(*numprompts, sizeof(char *)); *echo_on = xcalloc(*numprompts, sizeof(u_int)); diff --git a/clientloop.c b/clientloop.c index 4c5108199..0b6fbe88d 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.177 2007/01/21 01:41:54 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1757,7 +1757,7 @@ client_request_agent(const char *request_type, int rchan) error("Warning: this is probably a break-in attempt by a malicious server."); return NULL; } - sock = ssh_get_authentication_socket(); + sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; c = channel_new("authentication agent connection", diff --git a/kex.c b/kex.c index bfc1c11f9..b2223c5ff 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -552,7 +552,7 @@ dump_digest(char *msg, u_char *digest, int len) u_int i; fprintf(stderr, "%s\n", msg); - for (i = 0; i< len; i++) { + for (i = 0; i < len; i++) { fprintf(stderr, "%02x", digest[i]); if (i%32 == 31) fprintf(stderr, "\n"); diff --git a/session.c b/session.c index 69153ad1e..4c97c4a7d 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2027,7 +2027,7 @@ session_input_channel_req(Channel *c, const char *rtype) } else if (strcmp(rtype, "exec") == 0) { success = session_exec_req(s); } else if (strcmp(rtype, "pty-req") == 0) { - success = session_pty_req(s); + success = session_pty_req(s); } else if (strcmp(rtype, "x11-req") == 0) { success = session_x11_req(s); } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) { @@ -2152,7 +2152,7 @@ session_close_single_x11(int id, void *arg) debug3("session_close_single_x11: channel %d", id); channel_cancel_cleanup(id); - if ((s = session_by_x11_channel(id)) == NULL) + if ((s = session_by_x11_channel(id)) == NULL) fatal("session_close_single_x11: no x11 channel %d", id); for (i = 0; s->x11_chanids[i] != -1; i++) { debug("session_close_single_x11: session %d: " diff --git a/ssh-keygen.c b/ssh-keygen.c index ed3cdb3ed..04a9b939a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.159 2007/01/12 20:20:41 jmc Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -241,7 +241,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_init(&b); buffer_append(&b, blob, blen); - magic = buffer_get_int(&b); + magic = buffer_get_int(&b); if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC); buffer_free(&b); @@ -284,7 +284,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_get_bignum_bits(&b, key->dsa->priv_key); break; case KEY_RSA: - e = buffer_get_char(&b); + e = buffer_get_char(&b); debug("e %lx", e); if (e < 30) { e <<= 8; -- cgit v1.2.3 From c58b5b07420555a12f895b4316b96498d44f02c6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:12:23 +1100 Subject: ChangeLog entries for previous 2 commits --- ChangeLog | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a8e28d7f1..3ceb89a5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,14 @@ more secsh -> rfc 4716 updates; spotted by wiz@netbsd ok markus + - dtucker@cvs.openbsd.org 2007/01/17 23:22:52 + [readconf.c] + Honour activep for times (eg ServerAliveInterval) while parsing + ssh_config and ~/.ssh/config so they work properly with Host directives. + From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@ + - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 + [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] + spaces 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2705,4 +2713,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4611 2007/02/19 11:09:06 dtucker Exp $ +$Id: ChangeLog,v 1.4612 2007/02/19 11:12:23 dtucker Exp $ -- cgit v1.2.3 From cb0e1753c74fdd4dff390f9e8fec16995b1cce53 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:12:53 +1100 Subject: - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 [readconf.c] spaces --- ChangeLog | 5 ++++- readconf.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3ceb89a5b..9cf67b380 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] spaces + - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 + [readconf.c] + spaces 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2713,4 +2716,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4612 2007/02/19 11:12:23 dtucker Exp $ +$Id: ChangeLog,v 1.4613 2007/02/19 11:12:53 dtucker Exp $ diff --git a/readconf.c b/readconf.c index 10bdb4b43..2485146a0 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.160 2007/01/17 23:22:52 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -545,7 +545,7 @@ parse_yesnoask: if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", filename, linenum, SSH_MAX_IDENTITY_FILES); - charptr = &options->identity_files[*intptr]; + charptr = &options->identity_files[*intptr]; *charptr = xstrdup(arg); *intptr = *intptr + 1; } -- cgit v1.2.3 From 0aa3dbb5088fc8c3ca722d901fd8db55a781546b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:13:39 +1100 Subject: - djm@cvs.openbsd.org 2007/01/22 11:32:50 [sftp-client.c] return error from do_upload() when a write fails. fixes bz#1252: zero exit status from sftp when uploading to a full device. report from jirkat AT atlas.cz; ok dtucker@ --- ChangeLog | 7 ++++++- sftp-client.c | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9cf67b380..c5590c032 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,11 @@ - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 [readconf.c] spaces + - djm@cvs.openbsd.org 2007/01/22 11:32:50 + [sftp-client.c] + return error from do_upload() when a write fails. fixes bz#1252: zero + exit status from sftp when uploading to a full device. report from + jirkat AT atlas.cz; ok dtucker@ 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2716,4 +2721,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4613 2007/02/19 11:12:53 dtucker Exp $ +$Id: ChangeLog,v 1.4614 2007/02/19 11:13:39 dtucker Exp $ diff --git a/sftp-client.c b/sftp-client.c index 42eb2b41b..2746f3245 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.75 2006/10/22 02:25:50 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.76 2007/01/22 11:32:50 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1140,6 +1140,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, close(local_fd); xfree(data); xfree(ack); + status = -1; goto done; } debug3("In write loop, ack for %u %u bytes at %llu", -- cgit v1.2.3 From 6ec2fbec8b8b0e774d1d32afd26d0d13a2d1e4b7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:14:11 +1100 Subject: - djm@cvs.openbsd.org 2007/01/22 13:06:21 [scp.c] fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@ --- ChangeLog | 8 +++++++- scp.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c5590c032..14a5deace 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,12 @@ return error from do_upload() when a write fails. fixes bz#1252: zero exit status from sftp when uploading to a full device. report from jirkat AT atlas.cz; ok dtucker@ + - djm@cvs.openbsd.org 2007/01/22 13:06:21 + [scp.c] + fix detection of whether we should show progress meter or not: scp + tested isatty(stderr) but wrote the progress meter to stdout. This patch + makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; + of dtucker@ 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2721,4 +2727,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4614 2007/02/19 11:13:39 dtucker Exp $ +$Id: ChangeLog,v 1.4615 2007/02/19 11:14:11 dtucker Exp $ diff --git a/scp.c b/scp.c index 56a3e79ff..a52aaeb12 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -380,7 +380,7 @@ main(int argc, char **argv) if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); - if (!isatty(STDERR_FILENO)) + if (!isatty(STDOUT_FILENO)) showprogress = 0; remin = STDIN_FILENO; -- cgit v1.2.3 From 591322ae3897bef0b19236ec0c2a6053e8466e71 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:17:28 +1100 Subject: - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 [bufbn.c] typos in comments; ok jmc@ --- ChangeLog | 5 ++++- bufbn.c | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 14a5deace..c2a22bd1a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@ + - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 + [bufbn.c] + typos in comments; ok jmc@ 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2727,4 +2730,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4615 2007/02/19 11:14:11 dtucker Exp $ +$Id: ChangeLog,v 1.4616 2007/02/19 11:17:28 dtucker Exp $ diff --git a/bufbn.c b/bufbn.c index 9706ba8a8..ce8fba515 100644 --- a/bufbn.c +++ b/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/ +/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -93,7 +93,7 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value) } /* - * Retrieves an BIGNUM from the buffer. + * Retrieves a BIGNUM from the buffer. */ int buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) @@ -101,7 +101,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) u_int bits, bytes; u_char buf[2], *bin; - /* Get the number for bits. */ + /* Get the number of bits. */ if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { error("buffer_get_bignum_ret: invalid length"); return (-1); @@ -137,7 +137,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) } /* - * Stores an BIGNUM in the buffer in SSH2 format. + * Stores a BIGNUM in the buffer in SSH2 format. */ int buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) -- cgit v1.2.3 From 1629c07c0725fd5cc533c9664b8e8add27a81c69 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:25:37 +1100 Subject: - dtucker@cvs.openbsd.org 2007/02/19 10:45:58 [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@ --- ChangeLog | 8 +++++- monitor.c | 5 +++- monitor_wrap.c | 20 ++++++++++--- servconf.c | 88 +++++++++++++++++++++++++++++++++++++--------------------- servconf.h | 4 +-- sshd_config.5 | 10 ++++++- 6 files changed, 95 insertions(+), 40 deletions(-) diff --git a/ChangeLog b/ChangeLog index c2a22bd1a..ec16391eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,12 @@ - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 [bufbn.c] typos in comments; ok jmc@ + - dtucker@cvs.openbsd.org 2007/02/19 10:45:58 + [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] + Teach Match how handle config directives that are used before + authentication. This allows configurations such as permitting password + authentication from the local net only while requiring pubkey from + offsite. ok djm@, man page bits ok jmc@ 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2730,4 +2736,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4616 2007/02/19 11:17:28 dtucker Exp $ +$Id: ChangeLog,v 1.4617 2007/02/19 11:25:37 dtucker Exp $ diff --git a/monitor.c b/monitor.c index 48ae46ccc..02f2dc869 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -642,6 +642,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) #endif buffer_put_cstring(m, pwent->pw_dir); buffer_put_cstring(m, pwent->pw_shell); + buffer_put_string(m, &options, sizeof(options)); + if (options.banner != NULL) + buffer_put_cstring(m, options.banner); out: debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); diff --git a/monitor_wrap.c b/monitor_wrap.c index 3865539df..27cc1c5f1 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -73,6 +73,7 @@ #include "channels.h" #include "session.h" +#include "servconf.h" /* Imports */ extern int compat20; @@ -207,7 +208,8 @@ mm_getpwnamallow(const char *username) { Buffer m; struct passwd *pw; - u_int pwlen; + u_int len; + ServerOptions *newopts; debug3("%s entering", __func__); @@ -223,8 +225,8 @@ mm_getpwnamallow(const char *username) buffer_free(&m); return (NULL); } - pw = buffer_get_string(&m, &pwlen); - if (pwlen != sizeof(struct passwd)) + pw = buffer_get_string(&m, &len); + if (len != sizeof(struct passwd)) fatal("%s: struct passwd size mismatch", __func__); pw->pw_name = buffer_get_string(&m, NULL); pw->pw_passwd = buffer_get_string(&m, NULL); @@ -234,6 +236,16 @@ mm_getpwnamallow(const char *username) #endif pw->pw_dir = buffer_get_string(&m, NULL); pw->pw_shell = buffer_get_string(&m, NULL); + + /* copy options block as a Match directive may have changed some */ + newopts = buffer_get_string(&m, &len); + if (len != sizeof(*newopts)) + fatal("%s: option block size mismatch", __func__); + if (newopts->banner != NULL) + newopts->banner = buffer_get_string(&m, NULL); + copy_set_server_options(&options, newopts, 1); + xfree(newopts); + buffer_free(&m); return (pw); diff --git a/servconf.c b/servconf.c index 872ff4a87..86949c33f 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.167 2006/12/14 10:01:14 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.168 2007/02/19 10:45:58 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -325,14 +325,14 @@ static struct { { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, { "loglevel", sLogLevel, SSHCFG_GLOBAL }, { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL }, - { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL }, + { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, + { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, - { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL }, - { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, + { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, + { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ #ifdef KRB5 - { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL }, + { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, #ifdef USE_AFS @@ -341,7 +341,7 @@ static struct { { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif #else - { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL }, + { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, @@ -349,15 +349,15 @@ static struct { { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL }, + { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, #else - { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL }, + { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL }, - { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, + { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, @@ -389,7 +389,7 @@ static struct { { "subsystem", sSubsystem, SSHCFG_GLOBAL }, { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL }, - { "banner", sBanner, SSHCFG_GLOBAL }, + { "banner", sBanner, SSHCFG_ALL }, { "usedns", sUseDNS, SSHCFG_GLOBAL }, { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, @@ -1317,30 +1317,56 @@ parse_server_match_config(ServerOptions *options, const char *user, initialize_server_options(&mo); parse_server_config(&mo, "reprocess config", &cfg, user, host, address); - copy_set_server_options(options, &mo); + copy_set_server_options(options, &mo, 0); } -/* Copy any (supported) values that are set */ +/* Helper macros */ +#define M_CP_INTOPT(n) do {\ + if (src->n != -1) \ + dst->n = src->n; \ +} while (0) +#define M_CP_STROPT(n) do {\ + if (src->n != NULL) { \ + if (dst->n != NULL) \ + xfree(dst->n); \ + dst->n = src->n; \ + } \ +} while(0) + +/* + * Copy any supported values that are set. + * + * If the preauth flag is set, we do not bother copying the the string or + * array values that are not used pre-authentication, because any that we + * do use must be explictly sent in mm_getpwnamallow(). + */ void -copy_set_server_options(ServerOptions *dst, ServerOptions *src) +copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) { - if (src->allow_tcp_forwarding != -1) - dst->allow_tcp_forwarding = src->allow_tcp_forwarding; - if (src->gateway_ports != -1) - dst->gateway_ports = src->gateway_ports; - if (src->adm_forced_command != NULL) { - if (dst->adm_forced_command != NULL) - xfree(dst->adm_forced_command); - dst->adm_forced_command = src->adm_forced_command; - } - if (src->x11_display_offset != -1) - dst->x11_display_offset = src->x11_display_offset; - if (src->x11_forwarding != -1) - dst->x11_forwarding = src->x11_forwarding; - if (src->x11_use_localhost != -1) - dst->x11_use_localhost = src->x11_use_localhost; + M_CP_INTOPT(password_authentication); + M_CP_INTOPT(gss_authentication); + M_CP_INTOPT(rsa_authentication); + M_CP_INTOPT(pubkey_authentication); + M_CP_INTOPT(kerberos_authentication); + M_CP_INTOPT(hostbased_authentication); + M_CP_INTOPT(kbd_interactive_authentication); + M_CP_INTOPT(challenge_response_authentication); + + M_CP_INTOPT(allow_tcp_forwarding); + M_CP_INTOPT(gateway_ports); + M_CP_INTOPT(x11_display_offset); + M_CP_INTOPT(x11_forwarding); + M_CP_INTOPT(x11_use_localhost); + + M_CP_STROPT(banner); + if (preauth) + return; + M_CP_STROPT(adm_forced_command); } +#undef M_CP_INTOPT +#undef M_CP_STROPT + void parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, const char *user, const char *host, const char *address) diff --git a/servconf.h b/servconf.h index ad496f64b..8a5b950ea 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -152,6 +152,6 @@ void parse_server_config(ServerOptions *, const char *, Buffer *, const char *, const char *, const char *); void parse_server_match_config(ServerOptions *, const char *, const char *, const char *); -void copy_set_server_options(ServerOptions *, ServerOptions *); +void copy_set_server_options(ServerOptions *, ServerOptions *, int); #endif /* SERVCONF_H */ diff --git a/sshd_config.5 b/sshd_config.5 index 53207fd84..54231d562 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.71 2007/01/02 09:57:25 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -512,9 +512,17 @@ Only a subset of keywords may be used on the lines following a keyword. Available keywords are .Cm AllowTcpForwarding , +.Cm Banner , +.Cm ChallengeResponseAuthentication , .Cm ForceCommand , .Cm GatewayPorts , +.Cm GSSApiAuthentication , +.Cm KerberosAuthentication , +.Cm KeyboardInteractiveAuthentication , +.Cm PasswordAuthentication , .Cm PermitOpen , +.Cm RhostsRSAAuthentication , +.Cm RSAAuthentication , .Cm X11DisplayOffset , .Cm X11Forwarding , and -- cgit v1.2.3 From 53ced25d6185b4a02305e9d4bf648113155dde07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:44:25 +1100 Subject: - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some platforms don't have it. Patch from dleonard at vintela.com. --- ChangeLog | 4 +++- contrib/findssl.sh | 21 ++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec16391eb..6f01b02a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@ + - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some + platforms don't have it. Patch from dleonard at vintela.com. 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2736,4 +2738,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4617 2007/02/19 11:25:37 dtucker Exp $ +$Id: ChangeLog,v 1.4618 2007/02/19 11:44:25 dtucker Exp $ diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 716abced5..263fd2644 100644 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $Id: findssl.sh,v 1.3 2004/12/13 07:08:33 dtucker Exp $ +# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $ # # findssl.sh # Search for all instances of OpenSSL headers and libraries @@ -89,6 +89,25 @@ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH +# not all platforms have a 'which' command +if which ls >/dev/null 2>/dev/null; then + : which is defined +else + which () { + saveIFS="$IFS" + IFS=: + for p in $PATH; do + if test -x "$p/$1" -a -f "$p/$1"; then + IFS="$saveIFS" + echo "$p/$1" + return 0 + fi + done + IFS="$saveIFS" + return 1 + } +fi + # # Search for OpenSSL headers and print versions # -- cgit v1.2.3 From 89ee69e3c639b55b7577ba8fde66450446f74ea4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2007 22:56:55 +1100 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc an array for signatures when there are none since "calloc(0, n) returns NULL on some platforms (eg Tru64), which is explicitly permitted by POSIX. Diagnosis and patch by svallet genoscope.cns.fr. --- ChangeLog | 6 +++++- openbsd-compat/getrrsetbyname.c | 10 ++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6f01b02a3..434fcafd7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,10 @@ offsite. ok djm@, man page bits ok jmc@ - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some platforms don't have it. Patch from dleonard at vintela.com. + - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc + an array for signatures when there are none since "calloc(0, n) returns + NULL on some platforms (eg Tru64), which is explicitly permitted by + POSIX. Diagnosis and patch by svallet genoscope.cns.fr. 20070128 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) @@ -2738,4 +2742,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4618 2007/02/19 11:44:25 dtucker Exp $ +$Id: ChangeLog,v 1.4619 2007/02/19 11:56:55 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 6c86e02c2..07231d005 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -303,10 +303,12 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, } /* allocate memory for signatures */ - rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; + if (rrset->rri_nsigs > 0) { + rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); + if (rrset->rri_sigs == NULL) { + result = ERRSET_NOMEMORY; + goto fail; + } } /* copy answers & signatures */ -- cgit v1.2.3 From d04188e70e17b317076f4c7af3359dc439e43f0b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2007 20:36:49 +1100 Subject: - djm@cvs.openbsd.org 2007/02/20 10:25:14 [clientloop.c] set maximum packet and window sizes the same for multiplexed clients as normal connections; ok markus@ --- ChangeLog | 9 ++++++++- clientloop.c | 14 ++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 434fcafd7..33919d4e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20070225 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2007/02/20 10:25:14 + [clientloop.c] + set maximum packet and window sizes the same for multiplexed clients + as normal connections; ok markus@ + 20070219 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2007/01/10 13:23:22 @@ -2742,4 +2749,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4619 2007/02/19 11:56:55 dtucker Exp $ +$Id: ChangeLog,v 1.4620 2007/02/25 09:36:49 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index 0b6fbe88d..c7362caa8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.177 2007/01/21 01:41:54 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -707,7 +707,7 @@ client_process_control(fd_set *readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, allowed; + int client_fd, new_fd[3], ver, allowed, window, packetmax; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; @@ -900,9 +900,15 @@ client_process_control(fd_set *readset) set_nonblock(client_fd); + window = CHAN_SES_WINDOW_DEFAULT; + packetmax = CHAN_SES_PACKET_DEFAULT; + if (cctx->want_tty) { + window >>= 1; + packetmax >>= 1; + } + c = channel_new("session", SSH_CHANNEL_OPENING, - new_fd[0], new_fd[1], new_fd[2], - CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, + new_fd[0], new_fd[1], new_fd[2], window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); /* XXX */ -- cgit v1.2.3 From ed623966e30140cb5c3f13e491338887a52c2522 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2007 20:37:21 +1100 Subject: - dtucker@cvs.openbsd.org 2007/02/21 11:00:05 [sshd.c] Clear alarm() before restarting sshd on SIGHUP. Without this, if there's a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the newly exec'ed sshd will get the SIGALRM and not have a handler for it, and the default action will terminate the listening sshd. Analysis and patch from andrew at gaul.org. --- ChangeLog | 9 ++++++++- sshd.c | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33919d4e7..693cb9616 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,13 @@ [clientloop.c] set maximum packet and window sizes the same for multiplexed clients as normal connections; ok markus@ + - dtucker@cvs.openbsd.org 2007/02/21 11:00:05 + [sshd.c] + Clear alarm() before restarting sshd on SIGHUP. Without this, if there's + a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the + newly exec'ed sshd will get the SIGALRM and not have a handler for it, + and the default action will terminate the listening sshd. Analysis and + patch from andrew at gaul.org. 20070219 - (dtucker) OpenBSD CVS Sync @@ -2749,4 +2756,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4620 2007/02/25 09:36:49 dtucker Exp $ +$Id: ChangeLog,v 1.4621 2007/02/25 09:37:21 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 4aa1c98ed..0a76f2d3a 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -305,6 +305,7 @@ sighup_restart(void) logit("Received SIGHUP; restarting."); close_listen_socks(); close_startup_pipes(); + alarm(0); /* alarm timer persists across exec */ execv(saved_argv[0], saved_argv); logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); -- cgit v1.2.3 From 82347a8fd67d294537b0a95e8ea5b7b7912ced11 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2007 20:37:52 +1100 Subject: - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 [servconf.c] Check activep so Match and GatewayPorts work together; ok markus@ --- ChangeLog | 5 ++++- servconf.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 693cb9616..36528ad71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ newly exec'ed sshd will get the SIGALRM and not have a handler for it, and the default action will terminate the listening sshd. Analysis and patch from andrew at gaul.org. + - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 + [servconf.c] + Check activep so Match and GatewayPorts work together; ok markus@ 20070219 - (dtucker) OpenBSD CVS Sync @@ -2756,4 +2759,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4621 2007/02/25 09:37:21 dtucker Exp $ +$Id: ChangeLog,v 1.4622 2007/02/25 09:37:52 dtucker Exp $ diff --git a/servconf.c b/servconf.c index 86949c33f..c6a8043de 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.168 2007/02/19 10:45:58 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -968,7 +968,7 @@ parse_flag: else fatal("%s line %d: Bad yes/no/clientspecified " "argument: %s", filename, linenum, arg); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break; -- cgit v1.2.3 From 90aaed43979c6b4e42b41ef8dc2a970df248c2c7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 25 Feb 2007 20:38:55 +1100 Subject: - ray@cvs.openbsd.org 2007/02/24 03:30:11 [moduli.c] - strlen returns size_t, not int. - Pass full buffer size to fgets. OK djm@, millert@, and moritz@. --- ChangeLog | 7 ++++++- moduli.c | 8 +++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 36528ad71..4e5392760 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,11 @@ - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 [servconf.c] Check activep so Match and GatewayPorts work together; ok markus@ + - ray@cvs.openbsd.org 2007/02/24 03:30:11 + [moduli.c] + - strlen returns size_t, not int. + - Pass full buffer size to fgets. + OK djm@, millert@, and moritz@. 20070219 - (dtucker) OpenBSD CVS Sync @@ -2759,4 +2764,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4622 2007/02/25 09:37:52 dtucker Exp $ +$Id: ChangeLog,v 1.4623 2007/02/25 09:38:55 dtucker Exp $ diff --git a/moduli.c b/moduli.c index 44e5ddfc0..8fa545daf 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -490,11 +490,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) res = 0; lp = xmalloc(QLINESIZE + 1); - while (fgets(lp, QLINESIZE, in) != NULL) { - int ll = strlen(lp); - + while (fgets(lp, QLINESIZE + 1, in) != NULL) { count_in++; - if (ll < 14 || *lp == '!' || *lp == '#') { + if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { debug2("%10u: comment or short line", count_in); continue; } -- cgit v1.2.3 From cf0d2db2fa94c9e496c3fdd6bdf85e12d021cd50 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 28 Feb 2007 21:19:58 +1100 Subject: - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 [ssh-agent.c] Remove expired keys periodically so they don't remain in memory when the agent is entirely idle, as noted by David R. Piegdon. This is the simple fix, a more efficient one will be done later. With markus, deraadt, with & ok djm. --- ChangeLog | 11 ++++++++++- ssh-agent.c | 24 ++++++++++++++---------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4e5392760..79658c520 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20070228 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 + [ssh-agent.c] + Remove expired keys periodically so they don't remain in memory when + the agent is entirely idle, as noted by David R. Piegdon. This is the + simple fix, a more efficient one will be done later. With markus, + deraadt, with & ok djm. + 20070225 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2007/02/20 10:25:14 @@ -2764,4 +2773,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4623 2007/02/25 09:38:55 dtucker Exp $ +$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index ef95eb878..a3a867c33 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -434,6 +434,7 @@ reaper(void) for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { nxt = TAILQ_NEXT(id, next); if (id->death != 0 && now >= id->death) { + debug("expiring key '%s'", id->comment); TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); tab->nentries--; @@ -698,9 +699,6 @@ process_message(SocketEntry *e) u_int msg_len, type; u_char *cp; - /* kill dead keys */ - reaper(); - if (buffer_len(&e->input) < 5) return; /* Incomplete message. */ cp = buffer_ptr(&e->input); @@ -1016,7 +1014,7 @@ int main(int ac, char **av) { int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; - int sock, fd, ch; + int sock, fd, ch, result, saved_errno; u_int nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; @@ -1029,6 +1027,7 @@ main(int ac, char **av) extern char *optarg; pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + struct timeval tv; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1242,13 +1241,18 @@ skip: nalloc = 0; while (1) { + tv.tv_sec = 10; + tv.tv_usec = 0; prepare_select(&readsetp, &writesetp, &max_fd, &nalloc); - if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) { - if (errno == EINTR) + result = select(max_fd + 1, readsetp, writesetp, NULL, &tv); + saved_errno = errno; + reaper(); /* remove expired keys */ + if (result < 0) { + if (saved_errno == EINTR) continue; - fatal("select: %s", strerror(errno)); - } - after_select(readsetp, writesetp); + fatal("select: %s", strerror(saved_errno)); + } else if (result > 0) + after_select(readsetp, writesetp); } /* NOTREACHED */ } -- cgit v1.2.3 From 1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 1 Mar 2007 21:31:28 +1100 Subject: - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 [auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation. --- ChangeLog | 11 ++++++++++- auth2.c | 6 +----- servconf.c | 9 ++++++--- sshd_config.5 | 5 ++--- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 79658c520..feee3ff98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20070301 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 + [auth2.c sshd_config.5 servconf.c] + Remove ChallengeResponseAuthentication support inside a Match + block as its interaction with KbdInteractive makes it difficult to + support. Also, relocate the CR/kbdint option special-case code into + servconf. "please commit" djm@, ok markus@ for the relocation. + 20070228 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 @@ -2773,4 +2782,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4624 2007/02/28 10:19:58 dtucker Exp $ +$Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $ diff --git a/auth2.c b/auth2.c index 2d880b57c..b1a4e3635 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *); void do_authentication2(Authctxt *authctxt) { - /* challenge-response is implemented via keyboard interactive */ - if (options.challenge_response_authentication) - options.kbd_interactive_authentication = 1; - dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); diff --git a/servconf.c b/servconf.c index c6a8043de..1e3c213a5 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -357,7 +357,7 @@ static struct { #endif { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, - { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, @@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(kbd_interactive_authentication); - M_CP_INTOPT(challenge_response_authentication); M_CP_INTOPT(allow_tcp_forwarding); M_CP_INTOPT(gateway_ports); @@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options); + + /* challenge-response is implemented via keyboard interactive */ + if (options->challenge_response_authentication == 1) + options->kbd_interactive_authentication = 1; } diff --git a/sshd_config.5 b/sshd_config.5 index 54231d562..bcd0435e8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -513,12 +513,11 @@ keyword. Available keywords are .Cm AllowTcpForwarding , .Cm Banner , -.Cm ChallengeResponseAuthentication , .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSApiAuthentication , .Cm KerberosAuthentication , -.Cm KeyboardInteractiveAuthentication , +.Cm KbdInteractiveAuthentication , .Cm PasswordAuthentication , .Cm PermitOpen , .Cm RhostsRSAAuthentication , -- cgit v1.2.3 From c3af6d4d130a35120713d937e7d5efc933e86c3a Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 1 Mar 2007 09:34:52 -0800 Subject: - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. "Looks sane" dtucker@ --- ChangeLog | 4 +++- buildpkg.sh.in | 16 +++++++--------- openssh.xml.in | 5 ++++- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index feee3ff98..6377c49a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation. + - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. + "Looks sane" dtucker@ 20070228 - (dtucker) OpenBSD CVS Sync @@ -2782,4 +2784,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4625 2007/03/01 10:31:28 dtucker Exp $ +$Id: ChangeLog,v 1.4626 2007/03/01 17:34:52 tim Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 17349f7fc..8a96b9050 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -48,7 +48,7 @@ PKG_REQUEST_LOCAL=../pkg-request.local # OPENSSHD=opensshd.init OPENSSH_MANIFEST=openssh.xml -OPENSSH_FMRI=svc:/site/openssh:default +OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ PATH_USERADD_PROG=@PATH_USERADD_PROG@ @@ -202,8 +202,9 @@ then cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} - cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site - chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST} + cat ${OPENSSH_MANIFEST} | sed "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \ + > $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml + chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml else mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d @@ -334,9 +335,8 @@ then then svccfg delete -f $OPENSSH_FMRI fi - # NOTE, if manifest enables sshd by default, this will actually - # start the daemon, which may not be what the user wants. - svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST + # NOTE, The manifest disables sshd by default. + svccfg import ${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml else if [ "\${USE_SYM_LINKS}" = yes ] then @@ -428,8 +428,6 @@ if [ "\${POST_INS_START}" = "yes" ] then if [ $DO_SMF -eq 1 ] then - # See svccfg import note above. The service may already - # be started. svcadm enable $OPENSSH_FMRI else ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start @@ -544,7 +542,7 @@ PRE_INS_STOP=no POST_INS_START=no # determine if should restart the daemon if [ -s ${piddir}/sshd.pid ] && \ - /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 + /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 then ans=\`ckyorn -d n \ -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? diff --git a/openssh.xml.in b/openssh.xml.in index 655ee5c9e..2fcdea0a1 100644 --- a/openssh.xml.in +++ b/openssh.xml.in @@ -23,6 +23,9 @@ type='service' version='1'> + @@ -53,7 +56,7 @@ -- cgit v1.2.3 From 573e3878b8faa7df21ba265b237b7b394a9fc9a7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 2 Mar 2007 17:50:03 +1100 Subject: - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com. --- ChangeLog | 7 ++++++- configure.ac | 6 +++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6377c49a6..b1faab391 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070302 + - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows + CRLF as well as LF lineendings) and write in binary mode. Patch from + vinschen at redhat.com. + 20070301 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 @@ -2784,4 +2789,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4626 2007/03/01 17:34:52 tim Exp $ +$Id: ChangeLog,v 1.4627 2007/03/02 06:50:03 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c596a7bd9..b6a25c9e0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ +# $Id: configure.ac,v 1.371 2007/03/02 06:50:04 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.370 $) +AC_REVISION($Revision: 1.371 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -360,7 +360,7 @@ int main(void) { exit(0); } ;; *-*-cygwin*) check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textmode.o" + LIBS="$LIBS /usr/lib/textreadmode.o" AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) AC_DEFINE(DISABLE_SHADOW, 1, -- cgit v1.2.3 From aef5beef1287144cc2e21047c95b351db374ff03 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 2 Mar 2007 17:53:41 +1100 Subject: - (dtucker) [INSTALL] Update to autoconf-2.61. --- ChangeLog | 3 ++- INSTALL | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b1faab391..84781a403 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com. + - (dtucker) [INSTALL] Update to autoconf-2.61. 20070301 - (dtucker) OpenBSD CVS Sync @@ -2789,4 +2790,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4627 2007/03/02 06:50:03 dtucker Exp $ +$Id: ChangeLog,v 1.4628 2007/03/02 06:53:41 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 1c784a527..af02c0b49 100644 --- a/INSTALL +++ b/INSTALL @@ -70,8 +70,9 @@ http://sourceforge.net/projects/libedit/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.60 to rebuild -the automatically generated files by running "autoreconf". +the code out of CVS yourself) then you will need autoconf-2.61 to rebuild +the automatically generated files by running "autoreconf". Earlier +version may also work but this is not guaranteed. http://www.gnu.org/software/autoconf/ @@ -250,4 +251,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $ +$Id: INSTALL,v 1.77 2007/03/02 06:53:41 dtucker Exp $ -- cgit v1.2.3 From 90a58fdf22abf77020fb9d3a6bad4fa97f6e3489 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 3 Mar 2007 09:42:23 +1100 Subject: - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more general to cover newer gdb versions on HP-UX. --- ChangeLog | 6 +++++- regress/agent-ptrace.sh | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 84781a403..493eddd33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20070303 + - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more + general to cover newer gdb versions on HP-UX. + 20070302 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows CRLF as well as LF lineendings) and write in binary mode. Patch from @@ -2790,4 +2794,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4628 2007/03/02 06:53:41 dtucker Exp $ +$Id: ChangeLog,v 1.4629 2007/03/02 22:42:23 dtucker Exp $ diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index 4de2638e4..d5892ed03 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -41,7 +41,7 @@ EOF if [ $? -ne 0 ]; then fail "gdb failed: exit code $?" fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out r=$? rm -f ${OBJ}/gdb.out if [ $r -ne 0 ]; then -- cgit v1.2.3 From 9975e483498430b8fa75fccd2bad681781df24d1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 5 Mar 2007 11:51:27 +1100 Subject: - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@ --- ChangeLog | 7 ++++++- configure.ac | 25 +++++++++++++++++++++---- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 493eddd33..3035eca05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070304 + - (djm) [configure.ac] add a --without-openssl-header-check option to + configure, as some platforms (OS X) ship OpenSSL headers whose version + does not match that of the shipping library. ok dtucker@ + 20070303 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more general to cover newer gdb versions on HP-UX. @@ -2794,4 +2799,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4629 2007/03/02 22:42:23 dtucker Exp $ +$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $ diff --git a/configure.ac b/configure.ac index b6a25c9e0..a2b236355 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.371 2007/03/02 06:50:04 dtucker Exp $ +# $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.371 $) +AC_REVISION($Revision: 1.372 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1857,6 +1857,14 @@ int main(void) { ] ) +AC_ARG_WITH(openssl-header-check, + [ --without-openssl-header-check Disable OpenSSL version consistency check], + [ if test "x$withval" = "xno" ; then + openssl_check_nonfatal=1 + fi + ] +) + # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( @@ -1870,9 +1878,18 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(no) - AC_MSG_ERROR([Your OpenSSL headers do not match your library. -Check config.log for details. + if test "x$openssl_check_nonfatal" = "x"; then + AC_MSG_ERROR([Your OpenSSL headers do not match your +library. Check config.log for details. +If you are sure your installation is consistent, you can disable the check +by running "./configure --without-openssl-header-check". +Also see contrib/findssl.sh for help identifying header/library mismatches. +]) + else + AC_MSG_WARN([Your OpenSSL headers do not match your +library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + fi ], [ AC_MSG_WARN([cross compiling: not checking]) -- cgit v1.2.3 From fd30986c927e66985ddc43b25794651c76ba477c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 5 Mar 2007 18:25:20 +1100 Subject: - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 ciphers from working correctly (disconnects with "Bad packet length" errors) as found by Ben Harris. ok djm@ --- ChangeLog | 6 +++++- openbsd-compat/openssl-compat.h | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3035eca05..188d04293 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@ + - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a + bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 + ciphers from working correctly (disconnects with "Bad packet length" + errors) as found by Ben Harris. ok djm@ 20070303 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more @@ -2799,4 +2803,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4630 2007/03/05 00:51:27 djm Exp $ +$Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c582cd269..9b5ccff5f 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.6 2006/02/22 11:24:47 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.7 2007/03/05 07:25:20 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void); # endif #endif +/* OpenSSL 0.9.8e returns cipher key len not context key len */ +#if (OPENSSL_VERSION_NUMBER == 0x0090805fL) +# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. -- cgit v1.2.3 From 5737e363c5b8d74ba8caddbcc2458a2c858cf72f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 6 Mar 2007 21:21:18 +1100 Subject: - OpenBSD CVS Sync - jmc@cvs.openbsd.org 2007/03/01 16:19:33 [sshd_config.5] sort the `match' keywords; --- ChangeLog | 8 +++++++- sshd_config.5 | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 188d04293..0fec02c7b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20070306 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2007/03/01 16:19:33 + [sshd_config.5] + sort the `match' keywords; + 20070304 - (djm) [configure.ac] add a --without-openssl-header-check option to configure, as some platforms (OS X) ship OpenSSL headers whose version @@ -2803,4 +2809,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4631 2007/03/05 07:25:20 dtucker Exp $ +$Id: ChangeLog,v 1.4632 2007/03/06 10:21:18 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index bcd0435e8..af1221445 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.73 2007/03/01 10:28:02 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -516,8 +516,8 @@ Available keywords are .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSApiAuthentication , -.Cm KerberosAuthentication , .Cm KbdInteractiveAuthentication , +.Cm KerberosAuthentication , .Cm PasswordAuthentication , .Cm PermitOpen , .Cm RhostsRSAAuthentication , -- cgit v1.2.3 From 2dbab87386ba6816466475fc5308a79199543ebb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 6 Mar 2007 21:21:37 +1100 Subject: - djm@cvs.openbsd.org 2007/03/06 10:13:14 [version.h] openssh-4.6; "please" deraadt@ --- ChangeLog | 5 ++++- version.h | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0fec02c7b..c74a826f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - jmc@cvs.openbsd.org 2007/03/01 16:19:33 [sshd_config.5] sort the `match' keywords; + - djm@cvs.openbsd.org 2007/03/06 10:13:14 + [version.h] + openssh-4.6; "please" deraadt@ 20070304 - (djm) [configure.ac] add a --without-openssl-header-check option to @@ -2809,4 +2812,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4632 2007/03/06 10:21:18 djm Exp $ +$Id: ChangeLog,v 1.4633 2007/03/06 10:21:37 djm Exp $ diff --git a/version.h b/version.h index d16990a21..0f4811120 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ +/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */ -#define SSH_VERSION "OpenSSH_4.5" +#define SSH_VERSION "OpenSSH_4.6" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From d91cfab08801f89717e13016121154a8aabc791c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 6 Mar 2007 21:23:24 +1100 Subject: - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] crank spec files for release --- ChangeLog | 4 +++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c74a826f0..122de9eb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ - djm@cvs.openbsd.org 2007/03/06 10:13:14 [version.h] openssh-4.6; "please" deraadt@ + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] crank spec files for release 20070304 - (djm) [configure.ac] add a --without-openssl-header-check option to @@ -2812,4 +2814,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4633 2007/03/06 10:21:37 djm Exp $ +$Id: ChangeLog,v 1.4634 2007/03/06 10:23:24 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 15d95195b..3d756eb7f 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.5p1 + %define version 4.6p1 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.59 2006/11/07 12:25:45 dtucker Exp $ +$Id: openssh.spec,v 1.60 2007/03/06 10:23:27 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 52e867623..08515d2b0 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.5p1 +%define ver 4.6p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 797964cd2..95b394f18 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.5p1 +Version: 4.6p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From f0ffec906ce8d6ad850431bd099e5d7b4cc5be1a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 6 Mar 2007 21:24:00 +1100 Subject: - (djm) Release 4.6p1 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 122de9eb5..2cea0124e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ openssh-4.6; "please" deraadt@ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] crank spec files for release + - (djm) Release 4.6p1 20070304 - (djm) [configure.ac] add a --without-openssl-header-check option to @@ -2814,4 +2815,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4634 2007/03/06 10:23:24 djm Exp $ +$Id: ChangeLog,v 1.4635 2007/03/06 10:24:00 djm Exp $ -- cgit v1.2.3 From 4ee72c71e31226c81743439fe1ed2b521b5ddb7e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 6 Mar 2007 21:27:55 +1100 Subject: - (djm) [README] correct link to release notes --- ChangeLog | 3 ++- README | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2cea0124e..f2b96c37b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ openssh-4.6; "please" deraadt@ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] crank spec files for release + - (djm) [README] correct link to release notes - (djm) Release 4.6p1 20070304 @@ -2815,4 +2816,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4635 2007/03/06 10:24:00 djm Exp $ +$Id: ChangeLog,v 1.4635.2.1 2007/03/06 10:27:55 djm Exp $ diff --git a/README b/README index fb53b554b..0c732cffe 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.5 for the release notes. +See http://www.openssh.com/txt/release-4.6 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.64 2006/11/07 12:25:45 dtucker Exp $ +$Id: README,v 1.64.4.1 2007/03/06 10:27:56 djm Exp $ -- cgit v1.2.3