From 7daf044aa2055885da74dc15d56b17c17291c322 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 23 Aug 2004 21:52:08 +1000 Subject: - (djm) [ssh-rand-helper.c] Typo. Found by Martin.Kraemer AT Fujitsu-Siemens.com --- ChangeLog | 6 +++++- ssh-rand-helper.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2292ffb00..4564a2433 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040823 + - (djm) [ssh-rand-helper.c] Typo. Found by + Martin.Kraemer AT Fujitsu-Siemens.com + 20040817 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. - (djm) OpenBSD CVS Sync @@ -1654,4 +1658,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $ +$Id: ChangeLog,v 1.3518 2004/08/23 11:52:08 djm Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 86af3893d..8cad53fe6 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -747,7 +747,7 @@ usage(void) fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -x Force output in hexidecimal (for debugging)\n"); + fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); fprintf(stderr, " -X Force output in binary\n"); fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", OUTPUT_SEED_SIZE); -- cgit v1.2.3 From b0419f26d0d75cf1d9b56c26142c5eb7956fef63 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 23 Aug 2004 21:53:28 +1000 Subject: - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by Martin.Kraemer AT Fujitsu-Siemens.com --- ChangeLog | 4 +++- loginrec.c | 12 ++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4564a2433..9bdf55361 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20040823 - (djm) [ssh-rand-helper.c] Typo. Found by Martin.Kraemer AT Fujitsu-Siemens.com + - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by + Martin.Kraemer AT Fujitsu-Siemens.com 20040817 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. @@ -1658,4 +1660,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3518 2004/08/23 11:52:08 djm Exp $ +$Id: ChangeLog,v 1.3519 2004/08/23 11:53:28 djm Exp $ diff --git a/loginrec.c b/loginrec.c index f07f65fce..3ec378b9a 100644 --- a/loginrec.c +++ b/loginrec.c @@ -158,7 +158,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.58 2004/08/15 09:12:52 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.59 2004/08/23 11:53:28 djm Exp $"); #ifdef HAVE_UTIL_H # include @@ -832,12 +832,12 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) pos = (off_t)tty * sizeof(struct utmp); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { - logit("%s: llseek: %s", strerror(errno)); + logit("%s: lseek: %s", __func__, strerror(errno)); return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %s slot in %s", tty, - UTMP_FILE); + logit("%s: Couldn't seek to tty %d slot in %s", + __func__, tty, UTMP_FILE); return (0); } /* @@ -853,11 +853,11 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) } if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { - logit("%s: llseek: %s", __func__, strerror(errno)); + logit("%s: lseek: %s", __func__, strerror(errno)); return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %s slot in %s", + logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); return (0); } -- cgit v1.2.3 From f0c2aeaf3d5d7279fc0630db2f809cd58a5395b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 28 Aug 2004 15:46:57 +1000 Subject: - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. --- ChangeLog | 5 ++++- openbsd-compat/mktemp.c | 5 ----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bdf55361..f07f81c66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20040828 + - (dtucker) Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. + 20040823 - (djm) [ssh-rand-helper.c] Typo. Found by Martin.Kraemer AT Fujitsu-Siemens.com @@ -1660,4 +1663,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3519 2004/08/23 11:53:28 djm Exp $ +$Id: ChangeLog,v 1.3520 2004/08/28 05:46:57 dtucker Exp $ diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index aff8d2005..969f69580 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -40,11 +40,6 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_CYGWIN -#define open binary_open -extern int binary_open(); -#endif - static int _gettemp(char *, int *, int, int); int -- cgit v1.2.3 From 11bdc01cfe998294ba828a3a0461e1a49c5288a9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 28 Aug 2004 16:17:35 +1000 Subject: Add filename to ChangeLog entry --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f07f81c66..74fea6302 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20040828 - - (dtucker) Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. + - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from + vinschen at redhat.com. 20040823 - (djm) [ssh-rand-helper.c] Typo. Found by @@ -1663,4 +1664,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3520 2004/08/28 05:46:57 dtucker Exp $ +$Id: ChangeLog,v 1.3521 2004/08/28 06:17:35 dtucker Exp $ -- cgit v1.2.3 From f00e51d1f2ea01c33d5548b79a86c44036b90aae Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:12:29 +1000 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ --- ChangeLog | 7 ++++++- openbsd-compat/getrrsetbyname.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74fea6302..8302ee1d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20040829 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from + failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. + From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ + 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. @@ -1664,4 +1669,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3521 2004/08/28 06:17:35 dtucker Exp $ +$Id: ChangeLog,v 1.3522 2004/08/29 06:12:29 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 660427c1f..4e869c4df 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { + if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } -- cgit v1.2.3 From f4b43712c135dc190e9e0ff145239c9e841cd55d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:28:39 +1000 Subject: - djm@cvs.openbsd.org 2004/08/23 11:48:09 [authfile.c] fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus --- ChangeLog | 6 +++++- authfile.c | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8302ee1d3..4f78da8b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/08/23 11:48:09 + [authfile.c] + fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1669,4 +1673,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3522 2004/08/29 06:12:29 dtucker Exp $ +$Id: ChangeLog,v 1.3523 2004/08/29 06:28:39 dtucker Exp $ diff --git a/authfile.c b/authfile.c index 76a60d020..1c006c43d 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $"); #include #include @@ -243,8 +243,10 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) filename, strerror(errno)); return NULL; } - if (st.st_size > 1*1024*1024) - close(fd); + if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); + return NULL; + } len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); @@ -335,6 +337,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, return NULL; } if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); close(fd); return (NULL); } -- cgit v1.2.3 From e6ed83976b0620778462f44a267d0ab2e9de3d09 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:29:44 +1000 Subject: - djm@cvs.openbsd.org 2004/08/23 11:48:47 [channels.c] typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus --- ChangeLog | 5 ++++- channels.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4f78da8b6..924ce95f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ - djm@cvs.openbsd.org 2004/08/23 11:48:09 [authfile.c] fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - djm@cvs.openbsd.org 2004/08/23 11:48:47 + [channels.c] + typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1673,4 +1676,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3523 2004/08/29 06:28:39 dtucker Exp $ +$Id: ChangeLog,v 1.3524 2004/08/29 06:29:44 dtucker Exp $ diff --git a/channels.c b/channels.c index 1f6984aa7..ac35293d4 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.209 2004/08/11 21:43:04 avsm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.210 2004/08/23 11:48:47 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2279,7 +2279,7 @@ channel_cancel_rport_listener(const char *host, u_short port) if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && strncmp(c->path, host, sizeof(c->path)) == 0 && c->listening_port == port) { - debug2("%s: close clannel %d", __func__, i); + debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; } -- cgit v1.2.3 From 27a8f6b05636648367ea373d77d129327eb515a9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:31:28 +1000 Subject: - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 [ssh-keysign.c ssh.c] Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@ (CVS ID sync only) --- ChangeLog | 6 +++++- ssh-keysign.c | 2 +- ssh.c | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 924ce95f6..bc17d1fe0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ - djm@cvs.openbsd.org 2004/08/23 11:48:47 [channels.c] typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 + [ssh-keysign.c ssh.c] + Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches + change in Portable; ok markus@ (CVS ID sync only) 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1676,4 +1680,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3524 2004/08/29 06:29:44 dtucker Exp $ +$Id: ChangeLog,v 1.3525 2004/08/29 06:31:28 dtucker Exp $ diff --git a/ssh-keysign.c b/ssh-keysign.c index 517655790..1b1149aad 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.17 2004/08/23 14:26:38 dtucker Exp $"); #include #include diff --git a/ssh.c b/ssh.c index 1419f9874..e69d73807 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.225 2004/08/23 14:26:38 dtucker Exp $"); #include #include -- cgit v1.2.3 From 34620d6f710f97bddc6f7730cee5c6404c4153ba Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:32:59 +1000 Subject: - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 [ssh-keysign.c] Remove duplicate getuid(), suggested by & ok markus@ --- ChangeLog | 5 ++++- ssh-keysign.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc17d1fe0..9cf5c0313 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ [ssh-keysign.c ssh.c] Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@ (CVS ID sync only) + - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 + [ssh-keysign.c] + Remove duplicate getuid(), suggested by & ok markus@ 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1680,4 +1683,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3525 2004/08/29 06:31:28 dtucker Exp $ +$Id: ChangeLog,v 1.3526 2004/08/29 06:32:59 dtucker Exp $ diff --git a/ssh-keysign.c b/ssh-keysign.c index 1b1149aad..04597a91d 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.17 2004/08/23 14:26:38 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); #include #include @@ -151,7 +151,8 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - if ((pw = getpwuid(getuid())) == NULL) + original_real_uid = getuid(); /* XXX readconf.c needs this */ + if ((pw = getpwuid(original_real_uid)) == NULL) fatal("getpwuid failed"); pw = pwcopy(pw); @@ -166,7 +167,6 @@ main(int argc, char **argv) #endif /* verify that ssh-keysign is enabled by the admin */ - original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); -- cgit v1.2.3 From db693908178e1e2390d2bbfc34fe709eb23ea039 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:37:24 +1000 Subject: - markus@cvs.openbsd.org 2004/08/26 16:00:55 [ssh.1 sshd.8] get rid of references to rhosts authentication; with jmc@ --- ChangeLog | 5 ++++- ssh.1 | 70 +++++++++++++++++++++++++++------------------------------------ sshd.8 | 21 +++++++++---------- 3 files changed, 44 insertions(+), 52 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9cf5c0313..08f910264 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 [ssh-keysign.c] Remove duplicate getuid(), suggested by & ok markus@ + - markus@cvs.openbsd.org 2004/08/26 16:00:55 + [ssh.1 sshd.8] + get rid of references to rhosts authentication; with jmc@ 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1683,4 +1686,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3526 2004/08/29 06:32:59 dtucker Exp $ +$Id: ChangeLog,v 1.3527 2004/08/29 06:37:24 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 0ff77ea29..b9ee4c62b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $ +.\" $OpenBSD: ssh.1,v 1.195 2004/08/26 16:00:55 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -103,35 +103,25 @@ is specified, .Ar command is executed on the remote host instead of a login shell. .Ss SSH protocol version 1 -First, if the machine the user logs in from is listed in +The first authentication method is the +.Em rhosts +or +.Em hosts.equiv +method combined with RSA-based host authentication. +If the machine the user logs in from is listed in .Pa /etc/hosts.equiv or .Pa /etc/shosts.equiv on the remote machine, and the user names are -the same on both sides, the user is immediately permitted to log in. -Second, if -.Pa .rhosts +the same on both sides, or if the files +.Pa $HOME/.rhosts or -.Pa .shosts -exists in the user's home directory on the -remote machine and contains a line containing the name of the client +.Pa $HOME/.shosts +exist in the user's home directory on the +remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is -permitted to log in. -This form of authentication alone is normally not -allowed by the server because it is not secure. -.Pp -The second authentication method is the -.Em rhosts -or -.Em hosts.equiv -method combined with RSA-based host authentication. -It means that if the login would be permitted by -.Pa $HOME/.rhosts , -.Pa $HOME/.shosts , -.Pa /etc/hosts.equiv , -or -.Pa /etc/shosts.equiv , -and if additionally the server can verify the client's +considered for log in. +Additionally, if the server can verify the client's host key (see .Pa /etc/ssh/ssh_known_hosts and @@ -147,7 +137,7 @@ spoofing, DNS spoofing and routing spoofing. and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] .Pp -As a third authentication method, +As a second authentication method, .Nm supports RSA based authentication. The scheme is based on public-key cryptography: there are cryptosystems @@ -195,9 +185,6 @@ file corresponds to the conventional file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. -RSA authentication is much more secure than -.Em rhosts -authentication. .Pp The most convenient way to use RSA authentication may be with an authentication agent. @@ -1012,7 +999,9 @@ By default is not setuid root. .It Pa $HOME/.rhosts This file is used in -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication to list the host/user pairs that are permitted to log in. (Note that this file is @@ -1031,12 +1020,10 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -Note that by default +Note that .Xr sshd 8 -will be installed so that it requires successful RSA host -authentication before permitting -.Em rhosts -authentication. +allows authentication only in combination with client host key +authentication before permitting log in. If the server machine does not have the client's host key in .Pa /etc/ssh/ssh_known_hosts , it can be stored in @@ -1049,15 +1036,19 @@ will automatically add the host key to This file is used exactly the same way as .Pa .rhosts . The purpose for -having this file is to be able to use rhosts authentication with -.Nm -without permitting login with +having this file is to be able to use +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +authentication without permitting login with .Xr rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. It contains canonical hosts names, one per line (the full format is described in the @@ -1066,8 +1057,7 @@ manual page). If the client host is found in this file, login is automatically permitted provided client and server user names are the same. -Additionally, successful RSA host authentication is normally -required. +Additionally, successful client host key authentication is required. This file should only be writable by root. .It Pa /etc/shosts.equiv This file is processed exactly as diff --git a/sshd.8 b/sshd.8 index 233b00037..83d0f48d2 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -106,8 +106,6 @@ to use from those offered by the server. Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using .Em .rhosts -authentication, -.Em .rhosts authentication combined with RSA host authentication, RSA challenge-response authentication, or password based authentication. @@ -135,11 +133,6 @@ or .Ql \&*NP\&* ). .Pp -.Em rhosts -authentication is normally disabled -because it is fundamentally insecure, but can be enabled in the server -configuration file if desired. -System security is not improved unless .Nm rshd , .Nm rlogind , and @@ -670,7 +663,11 @@ Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . .It Pa $HOME/.rhosts -This file contains host-username pairs, separated by a space, one per +This file is used during +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +and contains host-username pairs, separated by a space, one per line. The given user on the corresponding host is permitted to log in without a password. @@ -691,7 +688,9 @@ However, this file is not used by rlogin and rshd, so using this permits access using SSH only. .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. In the simplest form, this file contains host names, one per line. Users on @@ -710,7 +709,7 @@ Negated entries start with If the client host/user is successfully matched in this file, login is automatically permitted provided the client and server user names are the same. -Additionally, successful RSA host authentication is normally required. +Additionally, successful client host key authentication is required. This file must be writable only by root; it is recommended that it be world-readable. .Pp -- cgit v1.2.3 From 0f56ed16b8e463e16c3a8f78544943a9e6f8ea1f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:38:41 +1000 Subject: - djm@cvs.openbsd.org 2004/08/28 01:01:48 [sshd.c] don't erroneously close stdin for !reexec case, from Dave Johnson; ok markus@ --- ChangeLog | 6 +++++- sshd.c | 7 ++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 08f910264..844fdfdbc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,10 @@ - markus@cvs.openbsd.org 2004/08/26 16:00:55 [ssh.1 sshd.8] get rid of references to rhosts authentication; with jmc@ + - djm@cvs.openbsd.org 2004/08/28 01:01:48 + [sshd.c] + don't erroneously close stdin for !reexec case, from Dave Johnson; + ok markus@ 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1686,4 +1690,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3527 2004/08/29 06:37:24 dtucker Exp $ +$Id: ChangeLog,v 1.3528 2004/08/29 06:38:41 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 60f63ef7b..2a28ece03 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.301 2004/08/11 11:50:09 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.302 2004/08/28 01:01:48 djm Exp $"); #include #include @@ -884,7 +884,7 @@ main(int ac, char **av) char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char *line; int listen_sock, maxfd; - int startup_p[2], config_s[2]; + int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 }; int startups = 0; Key *key; Authctxt *authctxt; @@ -1507,7 +1507,8 @@ main(int ac, char **av) sock_in = newsock; sock_out = newsock; log_init(__progname, options.log_level, options.log_facility, log_stderr); - close(config_s[0]); + if (rexec_flag) + close(config_s[0]); break; } } -- cgit v1.2.3 From 48d99d36bb427f6c43cfe8d8e7d8a457897dfd53 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 17:04:50 +1000 Subject: - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, fixes configure warning on Solaris reported by wknox at mitre.org. --- ChangeLog | 4 +++- configure.ac | 11 +++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 844fdfdbc..7ea4cb2d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ [sshd.c] don't erroneously close stdin for !reexec case, from Dave Johnson; ok markus@ + - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, + fixes configure warning on Solaris reported by wknox at mitre.org. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1690,4 +1692,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3528 2004/08/29 06:38:41 dtucker Exp $ +$Id: ChangeLog,v 1.3529 2004/08/29 07:04:50 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 36c457728..b89d2fa25 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $ +# $Id: configure.ac,v 1.227 2004/08/29 07:04:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -525,10 +525,17 @@ AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ - sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \ + sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From 2a81adc35c51668374b40661e1a0eaac8e53ef74 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 17:09:34 +1000 Subject: - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not support FD passing since multiplex requires it. Noted by tim@ --- ChangeLog | 4 +++- regress/multiplex.sh | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7ea4cb2d8..095571810 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,8 @@ ok markus@ - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, fixes configure warning on Solaris reported by wknox at mitre.org. + - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not + support FD passing since multiplex requires it. Noted by tim@ 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1692,4 +1694,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3529 2004/08/29 07:04:50 dtucker Exp $ +$Id: ChangeLog,v 1.3530 2004/08/29 07:09:34 dtucker Exp $ diff --git a/regress/multiplex.sh b/regress/multiplex.sh index dbf2025be..c0adf109f 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -5,6 +5,12 @@ CTL=$OBJ/ctl-sock tid="connection multiplexing" +if grep "#define.*DISABLE_FD_PASSING" ${BUILDDIR}/config.h >/dev/null 2>&1 +then + echo "skipped (not supported on this platform)" + exit 0 +fi + DATA=/bin/ls${EXEEXT} COPY=$OBJ/ls.copy -- cgit v1.2.3 From 07d30e4579b183af97b7ccc880f256d4334930bd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 17:14:31 +1000 Subject: - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn down, needed on some platforms, should be harmless on others. Patch from jason at devrandom.org. --- ChangeLog | 5 ++++- regress/dynamic-forward.sh | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 095571810..c2c0a6acd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ fixes configure warning on Solaris reported by wknox at mitre.org. - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not support FD passing since multiplex requires it. Noted by tim@ + - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn + down, needed on some platforms, should be harmless on others. Patch from + jason at devrandom.org. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1694,4 +1697,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3530 2004/08/29 07:09:34 dtucker Exp $ +$Id: ChangeLog,v 1.3531 2004/08/29 07:14:31 dtucker Exp $ diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 392fc1978..321fde4cd 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh @@ -44,4 +44,7 @@ for p in 1 2; do else fail "no pid file: $OBJ/remote_pid" fi + + # Must allow time for connection tear-down + sleep 2 done -- cgit v1.2.3 From 0521dcb22eb6c5478c4b652cfc6bb777499aeba7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 19:39:09 +1000 Subject: - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like files ending in .exe that aren't binaries; patch from vinschen at redhat.com. --- ChangeLog | 4 +++- regress/scp.sh | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index c2c0a6acd..0680b2201 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,8 @@ - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn down, needed on some platforms, should be harmless on others. Patch from jason at devrandom.org. + - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like + files ending in .exe that aren't binaries; patch from vinschen at redhat.com. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1697,4 +1699,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3531 2004/08/29 07:14:31 dtucker Exp $ +$Id: ChangeLog,v 1.3532 2004/08/29 09:39:09 dtucker Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index 703cc0893..6b5664283 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -12,16 +12,16 @@ else DIFFOPT="-r" fi -DATA=/bin/ls +DATA=/bin/ls${EXEEXT} COPY=${OBJ}/copy COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` -cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe -chmod 755 ${OBJ}/scp-ssh-wrapper.exe -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe" +cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp +chmod 755 ${OBJ}/scp-ssh-wrapper.scp +scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" scpclean() { rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} @@ -79,4 +79,4 @@ for i in 0 1 2 3 4; do done scpclean -rm -f ${OBJ}/scp-ssh-wrapper.exe +rm -f ${OBJ}/scp-ssh-wrapper.scp -- cgit v1.2.3 From 2a502ff31031622d983db9846d15682c368f8801 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 19:52:32 +1000 Subject: - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree builds too, from vinschen at redhat.com. --- ChangeLog | 4 +++- Makefile.in | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0680b2201..882a52abb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,8 @@ jason at devrandom.org. - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like files ending in .exe that aren't binaries; patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree + builds too, from vinschen at redhat.com. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1699,4 +1701,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3532 2004/08/29 09:39:09 dtucker Exp $ +$Id: ChangeLog,v 1.3533 2004/08/29 09:52:32 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index a603609ae..ded7b9372 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $ +# $Id: Makefile.in,v 1.264 2004/08/29 09:52:32 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -376,7 +376,7 @@ tests: $(TARGETS) BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ - ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \ + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ TEST_SHELL="@TEST_SHELL@"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ -- cgit v1.2.3 From b17035fb7ffefc984e76a92e6cbbc051fc8fbe97 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 20:33:07 +1000 Subject: - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 too; patch from cmadams at hiwaay.net. --- ChangeLog | 4 +++- regress/agent-ptrace.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 882a52abb..887a6c2ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ files ending in .exe that aren't binaries; patch from vinschen at redhat.com. - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree builds too, from vinschen at redhat.com. + - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 + too; patch from cmadams at hiwaay.net. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1701,4 +1703,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3533 2004/08/29 09:52:32 dtucker Exp $ +$Id: ChangeLog,v 1.3534 2004/08/29 10:33:07 dtucker Exp $ diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index bd79d7cb8..9aff167c1 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -5,7 +5,7 @@ tid="disallow agent ptrace attach" if have_prog uname ; then case `uname` in - AIX|CYGWIN*) + AIX|CYGWIN*|OSF1) echo "skipped (not supported on this platform)" exit 0 ;; -- cgit v1.2.3 From cf59d31761cdc1fdd78f6563d0f9eadc8b4c2f71 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 21:18:09 +1000 Subject: - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. --- ChangeLog | 3 ++- configure.ac | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 887a6c2ee..a8192cf58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,7 @@ builds too, from vinschen at redhat.com. - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 too; patch from cmadams at hiwaay.net. + - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1703,4 +1704,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3534 2004/08/29 10:33:07 dtucker Exp $ +$Id: ChangeLog,v 1.3535 2004/08/29 11:18:09 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b89d2fa25..85d46f385 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.227 2004/08/29 07:04:50 dtucker Exp $ +# $Id: configure.ac,v 1.228 2004/08/29 11:18:09 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -3004,7 +3004,8 @@ echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" echo "" if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"\n" + echo "SVR4 style packages are supported with \"make package\"" + echo "" fi if test "x$PAM_MSG" = "xyes" ; then -- cgit v1.2.3 From 5a88d003499744a374ec39279f4c6ec3971b5dab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 21:43:33 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for accounts with authentication configs that sshd can't support (ie SYSTEM=NONE and AUTH1=something). --- ChangeLog | 5 ++++- openbsd-compat/port-aix.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a8192cf58..a2f03d437 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 too; patch from cmadams at hiwaay.net. - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. + - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for + accounts with authentication configs that sshd can't support (ie + SYSTEM=NONE and AUTH1=something). 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1704,4 +1707,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3535 2004/08/29 11:18:09 dtucker Exp $ +$Id: ChangeLog,v 1.3536 2004/08/29 11:43:33 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 78f4faea3..e7eb179ec 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -1,6 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -91,6 +92,59 @@ aix_remove_embedded_newlines(char *p) *p = '\0'; } +/* + * Test specifically for the case where SYSTEM == NONE and AUTH1 contains + * anything other than NONE or SYSTEM, which indicates that the admin has + * configured the account for purely AUTH1-type authentication. + * + * Since authenticate() doesn't check AUTH1, and sshd can't sanely support + * AUTH1 itself, in such a case authenticate() will allow access without + * authentation, which is almost certainly not what the admin intends. + * + * (The native tools, eg login, will process the AUTH1 list in addition to + * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods + * have been deprecated since AIX 4.2.x and would be very difficult for sshd + * to support. + * + * Returns 0 if an unsupportable combination is found, 1 otherwise. + */ +static int +aix_valid_authentications(const char *user) +{ + char *auth1, *sys, *p; + int valid = 1; + + if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { + logit("Can't retrieve attribute SYSTEM for %s: %.100s", + user, strerror(errno)); + return 0; + } + + debug3("AIX SYSTEM attribute %s", sys); + if (strcmp(sys, "NONE") != 0) + return 1; /* not "NONE", so is OK */ + + if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { + logit("Can't retrieve attribute auth1 for %s: %.100s", + user, strerror(errno)); + return 0; + } + + p = auth1; + /* A SEC_LIST is concatenated strings, ending with two NULs. */ + while (p[0] != '\0' && p[1] != '\0') { + debug3("AIX auth1 attribute list member %s", p); + if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { + logit("Account %s has unsupported auth1 value '%s'", + user, p); + valid = 0; + } + p += strlen(p) + 1; + } + + return (valid); +} + /* * Do authentication via AIX's authenticate routine. We loop until the * reenter parameter is 0, but normally authenticate is called only once. @@ -112,6 +166,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) authmsg); } while (reenter); + if (!aix_valid_authentications(name)) + result = -1; + if (result == 0) { authsuccess = 1; -- cgit v1.2.3 From 14c372d49d49a21107c72b7c238cf9e5a01b80ab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Aug 2004 20:42:08 +1000 Subject: - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only copy required environment variables on Cygwin. Patch from vinschen at redhat.com, ok djm@ --- ChangeLog | 7 +++++- openbsd-compat/bsd-cygwin_util.c | 54 ++++++++++++++++++++++++++++++++++++++-- openbsd-compat/bsd-cygwin_util.h | 4 ++- session.c | 8 +++++- 4 files changed, 68 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2f03d437..0e7cc0cd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20040830 + - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only + copy required environment variables on Cygwin. Patch from vinschen at + redhat.com, ok djm@ + 20040829 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. @@ -1707,4 +1712,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3536 2004/08/29 11:43:33 dtucker Exp $ +$Id: ChangeLog,v 1.3537 2004/08/30 10:42:08 dtucker Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 92cdba6e0..f53abb6e2 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -38,6 +38,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); #include #include #include +#include "xmalloc.h" #define is_winnt (GetVersion() < 0x80000000) #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) @@ -96,7 +97,6 @@ has_capability(int what) */ if (!inited) { struct utsname uts; - char *c; if (!uname(&uts)) { int major_high = 0, major_low = 0, minor = 0; @@ -236,4 +236,54 @@ register_9x_service(void) RegisterServiceProcess(0, 1); } +#define NL(x) x, (sizeof (x) - 1) +#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) + +static struct wenv { + const char *name; + size_t namelen; +} wenv_arr[] = { + { NL("ALLUSERSPROFILE=") }, + { NL("COMMONPROGRAMFILES=") }, + { NL("COMPUTERNAME=") }, + { NL("COMSPEC=") }, + { NL("NUMBER_OF_PROCESSORS=") }, + { NL("OS=") }, + { NL("PATH=") }, + { NL("PATHEXT=") }, + { NL("PROCESSOR_ARCHITECTURE=") }, + { NL("PROCESSOR_IDENTIFIER=") }, + { NL("PROCESSOR_LEVEL=") }, + { NL("PROCESSOR_REVISION=") }, + { NL("PROGRAMFILES=") }, + { NL("SYSTEMDRIVE=") }, + { NL("SYSTEMROOT=") }, + { NL("TMP=") }, + { NL("TEMP=") }, + { NL("WINDIR=") }, +}; + +char ** +fetch_windows_environment(void) +{ + char **e, **p; + int i, idx = 0; + + p = xmalloc(WENV_SIZ * sizeof(char *)); + for (e = environ; *e != NULL; ++e) { + for (i = 0; i < WENV_SIZ; ++i) { + if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) + p[idx++] = *e; + } + } + p[idx] = NULL; + return p; +} + +void +free_windows_environment(char **p) +{ + xfree(p); +} + #endif /* HAVE_CYGWIN */ diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 5ccb0fba2..6719b8a49 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ /* * Copyright (c) 2000, 2001, Corinna Vinschen @@ -46,6 +46,8 @@ int binary_pipe(int fd[2]); int check_nt_auth(int, struct passwd *); int check_ntsec(const char *); void register_9x_service(void); +char **fetch_windows_environment(void); +void free_windows_environment(char **); #define open binary_open #define pipe binary_pipe diff --git a/session.c b/session.c index ee4008acf..89e1ec892 100644 --- a/session.c +++ b/session.c @@ -979,7 +979,13 @@ do_setup_env(Session *s, const char *shell) * The Windows environment contains some setting which are * important for a running system. They must not be dropped. */ - copy_environment(environ, &env, &envsize); + { + char **p; + + p = fetch_windows_environment(); + copy_environment(p, &env, &envsize); + free_windows_environment(p); + } #endif #ifdef GSSAPI -- cgit v1.2.3 From 476b7ecfe4947864b22fa23ed86edd0e62faf98d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Aug 2004 21:13:49 +1000 Subject: - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from vinschen at redhat.com. --- ChangeLog | 4 +++- regress/Makefile | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0e7cc0cd9..c302eef95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only copy required environment variables on Cygwin. Patch from vinschen at redhat.com, ok djm@ + - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from + vinschen at redhat.com. 20040829 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from @@ -1712,4 +1714,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3537 2004/08/30 10:42:08 dtucker Exp $ +$Id: ChangeLog,v 1.3538 2004/08/30 11:13:49 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index 9e98e5880..dba6d0bde 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -47,7 +47,7 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.exe \ + scp-ssh-wrapper.scp \ remote_pid #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp -- cgit v1.2.3 From 25a1234ef71c48e52e1aa43e8af37d1261aaf937 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Aug 2004 21:33:02 +1000 Subject: - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability of shell constructs. Patch from cjwatson at debian.org. --- ChangeLog | 4 +++- Makefile.in | 6 +++--- contrib/ssh-copy-id | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c302eef95..ffabb0510 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ redhat.com, ok djm@ - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability + of shell constructs. Patch from cjwatson at debian.org. 20040829 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from @@ -1714,4 +1716,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3538 2004/08/30 11:13:49 dtucker Exp $ +$Id: ChangeLog,v 1.3539 2004/08/30 11:33:02 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index ded7b9372..db9eb34ab 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.264 2004/08/29 09:52:32 dtucker Exp $ +# $Id: Makefile.in,v 1.265 2004/08/30 11:33:02 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -292,7 +292,7 @@ install-files: scard-install else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ else \ @@ -406,7 +406,7 @@ tests: $(TARGETS) $@ regressclean: - if [ -f regress/Makefile -a -r regress/Makefile ]; then \ + if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ fi diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index a1c0a9234..1555b5d37 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -24,7 +24,7 @@ else fi fi -if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then +if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then GET_ID="cat ${ID_FILE}" fi -- cgit v1.2.3 From 928a19ad9e82d2098c9309553e7f6c97d7665322 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 11 Sep 2004 15:18:05 +1000 Subject: - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ --- ChangeLog | 5 ++++- ssh-agent.c | 8 -------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ffabb0510..dffdd3713 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20040911 + - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ + 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only copy required environment variables on Cygwin. Patch from vinschen at @@ -1716,4 +1719,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3539 2004/08/30 11:33:02 dtucker Exp $ +$Id: ChangeLog,v 1.3540 2004/09/11 05:18:05 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index bc4d8d33a..7bc4c240e 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1010,9 +1010,7 @@ main(int ac, char **av) #ifdef HAVE_SETRLIMIT struct rlimit rlim; #endif -#ifdef HAVE_CYGWIN int prev_mask; -#endif extern int optind; extern char *optarg; pid_t pid; @@ -1129,19 +1127,13 @@ main(int ac, char **av) memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); -#ifdef HAVE_CYGWIN prev_mask = umask(0177); -#endif if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); -#ifdef HAVE_CYGWIN umask(prev_mask); -#endif cleanup_exit(1); } -#ifdef HAVE_CYGWIN umask(prev_mask); -#endif if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { perror("listen"); cleanup_exit(1); -- cgit v1.2.3 From 69687f4b65373e09269db8c18f18b4ac7225a382 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 22:17:26 +1000 Subject: - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@ --- ChangeLog | 5 ++++- auth-pam.c | 19 +++++++++++++++---- auth-pam.h | 3 ++- session.c | 7 +++++++ 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index dffdd3713..2fed3fb38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ + - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from + failing PAM session modules to user then exit, similar to the way + /etc/nologin is handled. ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1719,4 +1722,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3540 2004/09/11 05:18:05 djm Exp $ +$Id: ChangeLog,v 1.3541 2004/09/11 12:17:26 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index b93241f48..27b9bab23 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.115 2004/09/11 12:17:26 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -949,10 +949,21 @@ do_pam_session(void) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", + if (sshpam_err == PAM_SUCCESS) + sshpam_session_open = 1; + else { + sshpam_session_open = 0; + disable_forwarding(); + error("PAM: pam_open_session(): %s", pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; + } + +} + +int +is_pam_session_open(void) +{ + return sshpam_session_open; } /* diff --git a/auth-pam.h b/auth-pam.h index f479413d7..a1a2b52d8 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -1,4 +1,4 @@ -/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */ +/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */ /* * Copyright (c) 2000 Damien Miller. All rights reserved. @@ -45,5 +45,6 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int is_pam_session_open(void); #endif /* USE_PAM */ diff --git a/session.c b/session.c index 89e1ec892..7a70b82e6 100644 --- a/session.c +++ b/session.c @@ -1439,6 +1439,13 @@ do_child(Session *s, const char *command) #endif /* HAVE_OSF_SIA */ } +#ifdef USE_PAM + if (options.use_pam && !is_pam_session_open()) { + display_loginmsg(); + exit(254); + } +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. -- cgit v1.2.3 From 0a7e3c6c899b7e25efd36cfb9ffb0a8fb36ca67a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 22:28:01 +1000 Subject: - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. --- ChangeLog | 3 +- auth-pam.c | 92 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 48 insertions(+), 47 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2fed3fb38..9a14a06ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@ + - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1722,4 +1723,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3541 2004/09/11 12:17:26 dtucker Exp $ +$Id: ChangeLog,v 1.3542 2004/09/11 12:28:01 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 27b9bab23..4ad86de9e 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.115 2004/09/11 12:17:26 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.116 2004/09/11 12:28:02 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -490,6 +490,51 @@ sshpam_null_conv(int n, struct pam_message **msg, static struct pam_conv null_conv = { sshpam_null_conv, NULL }; +static int +sshpam_store_conv(int n, struct pam_message **msg, + struct pam_response **resp, void *data) +{ + struct pam_response *reply; + int i; + size_t len; + + debug3("PAM: %s called with %d messages", __func__, n); + *resp = NULL; + + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + + for (i = 0; i < n; ++i) { + switch (PAM_MSG_MEMBER(msg, i, msg_style)) { + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + len = strlen(PAM_MSG_MEMBER(msg, i, msg)); + buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); + buffer_append(&loginmsg, "\n", 1 ); + reply[i].resp_retcode = PAM_SUCCESS; + break; + default: + goto fail; + } + } + *resp = reply; + return (PAM_SUCCESS); + + fail: + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); + return (PAM_CONV_ERR); +} + +static struct pam_conv store_conv = { sshpam_store_conv, NULL }; + void sshpam_cleanup(void) { @@ -894,51 +939,6 @@ do_pam_chauthtok(void) pam_strerror(sshpam_handle, sshpam_err)); } -static int -sshpam_store_conv(int n, struct pam_message **msg, - struct pam_response **resp, void *data) -{ - struct pam_response *reply; - int i; - size_t len; - - debug3("PAM: %s called with %d messages", __func__, n); - *resp = NULL; - - if (n <= 0 || n > PAM_MAX_NUM_MSG) - return (PAM_CONV_ERR); - - if ((reply = malloc(n * sizeof(*reply))) == NULL) - return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); - - for (i = 0; i < n; ++i) { - switch (PAM_MSG_MEMBER(msg, i, msg_style)) { - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - len = strlen(PAM_MSG_MEMBER(msg, i, msg)); - buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); - buffer_append(&loginmsg, "\n", 1 ); - reply[i].resp_retcode = PAM_SUCCESS; - break; - default: - goto fail; - } - } - *resp = reply; - return (PAM_SUCCESS); - - fail: - for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); - } - xfree(reply); - return (PAM_CONV_ERR); -} - -static struct pam_conv store_conv = { sshpam_store_conv, NULL }; - void do_pam_session(void) { -- cgit v1.2.3 From 4765679649c51a83e5ceb3d0c1e51e33db251f27 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 11 Sep 2004 22:42:09 +1000 Subject: - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] Make cygwin code more consistent with that which surrounds it --- ChangeLog | 4 +++- auth2-kbdint.c | 2 +- auth2-none.c | 2 +- auth2-passwd.c | 8 ++++---- auth2-pubkey.c | 2 +- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a14a06ea..85366cbb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@ - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. + - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] + Make cygwin code more consistent with that which surrounds it 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1723,4 +1725,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3542 2004/09/11 12:28:01 dtucker Exp $ +$Id: ChangeLog,v 1.3543 2004/09/11 12:42:09 djm Exp $ diff --git a/auth2-kbdint.c b/auth2-kbdint.c index 1696ef4d3..fa8364975 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -53,7 +53,7 @@ userauth_kbdint(Authctxt *authctxt) xfree(lang); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } diff --git a/auth2-none.c b/auth2-none.c index 2bf5b5c80..787458dad 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -103,7 +103,7 @@ userauth_none(Authctxt *authctxt) userauth_banner(); #ifdef HAVE_CYGWIN if (check_nt_auth(1, authctxt->pw) == 0) - return(0); + return (0); #endif if (options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); diff --git a/auth2-passwd.c b/auth2-passwd.c index a4f482d2e..2321ef47b 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -55,12 +55,12 @@ userauth_passwd(Authctxt *authctxt) if (change) logit("password change not supported"); - else if (PRIVSEP(auth_password(authctxt, password)) == 1 + else if (PRIVSEP(auth_password(authctxt, password)) == 1) + authenticated = 1; #ifdef HAVE_CYGWIN - && check_nt_auth(1, authctxt->pw) + if (check_nt_auth(1, authctxt->pw) == 0) + authenticated = 0; #endif - ) - authenticated = 1; memset(password, 0, len); xfree(password); return authenticated; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9898d4a63..bafea09da 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -158,7 +158,7 @@ done: xfree(pkblob); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } -- cgit v1.2.3 From 77fc29eeb382974ae063227c249ee3b98646e38a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 23:07:03 +1000 Subject: - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ --- ChangeLog | 6 +++++- auth-pam.c | 10 ++++++---- auth.h | 1 + auth2-none.c | 19 ++++++++++++++----- auth2.c | 15 +++++++++++++-- monitor.c | 3 +++ monitor_wrap.c | 5 +++++ 7 files changed, 47 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85366cbb1..0c0d2c6fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] Make cygwin code more consistent with that which surrounds it + - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] + Bug #892: Send messages from failing PAM account modules to the client via + SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with + SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1725,4 +1729,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3543 2004/09/11 12:42:09 djm Exp $ +$Id: ChangeLog,v 1.3544 2004/09/11 13:07:03 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 4ad86de9e..0a6817d63 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.116 2004/09/11 12:28:02 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -572,7 +572,7 @@ sshpam_init(Authctxt *authctxt) } debug("PAM: initializing for \"%s\"", user); sshpam_err = - pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); sshpam_authctxt = authctxt; if (sshpam_err != PAM_SUCCESS) { @@ -804,11 +804,13 @@ finish_pam(void) u_int do_pam_account(void) { + debug("%s: called", __func__); if (sshpam_account_status != -1) return (sshpam_account_status); sshpam_err = pam_acct_mgmt(sshpam_handle, 0); - debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err); + debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, + pam_strerror(sshpam_handle, sshpam_err)); if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; @@ -838,7 +840,7 @@ void do_pam_setcred(int init) { sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); + (const void *)&store_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); diff --git a/auth.h b/auth.h index 2f094403d..760337bea 100644 --- a/auth.h +++ b/auth.h @@ -137,6 +137,7 @@ void do_authentication2(Authctxt *); void auth_log(Authctxt *, int, char *, char *); void userauth_finish(Authctxt *, int, char *); +void userauth_send_banner(const char *); int auth_root_allowed(char *); char *auth2_read_banner(void); diff --git a/auth2-none.c b/auth2-none.c index 787458dad..1c30a3203 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -74,6 +74,19 @@ auth2_read_banner(void) return (banner); } +void +userauth_send_banner(const char *msg) +{ + if (datafellows & SSH_BUG_BANNER) + return; + + packet_start(SSH2_MSG_USERAUTH_BANNER); + packet_put_cstring(msg); + packet_put_cstring(""); /* language, unused */ + packet_send(); + debug("%s: sent", __func__); +} + static void userauth_banner(void) { @@ -84,12 +97,8 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; + userauth_send_banner(banner); - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(banner); - packet_put_cstring(""); /* language, unused */ - packet_send(); - debug("userauth_banner: sent"); done: if (banner) xfree(banner); diff --git a/auth2.c b/auth2.c index b98309576..57e6db46b 100644 --- a/auth2.c +++ b/auth2.c @@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "dispatch.h" #include "pathnames.h" #include "monitor_wrap.h" +#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +extern Buffer loginmsg; /* methods */ @@ -216,8 +218,17 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #ifdef USE_PAM - if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) - authenticated = 0; + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + authenticated = 0; + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } + } + } #endif #ifdef _UNICOS diff --git a/monitor.c b/monitor.c index b7463400e..00d4a785f 100644 --- a/monitor.c +++ b/monitor.c @@ -810,6 +810,9 @@ mm_answer_pam_account(int sock, Buffer *m) ret = do_pam_account(); buffer_put_int(m, ret); + buffer_append(&loginmsg, "\0", 1); + buffer_put_cstring(m, buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); diff --git a/monitor_wrap.c b/monitor_wrap.c index 0d7a0e3bd..23857639b 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -72,6 +72,7 @@ extern struct monitor *pmonitor; extern Buffer input, output; extern Buffer loginmsg; extern ServerOptions options; +extern Buffer loginmsg; int mm_is_monitor(void) @@ -716,6 +717,7 @@ mm_do_pam_account(void) { Buffer m; u_int ret; + char *msg; debug3("%s entering", __func__); if (!options.use_pam) @@ -727,6 +729,9 @@ mm_do_pam_account(void) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_ACCOUNT, &m); ret = buffer_get_int(&m); + msg = buffer_get_string(&m, NULL); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); buffer_free(&m); -- cgit v1.2.3 From a2a3ed0010fc10a1c39404a3c3cddd3de27019b2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 23:09:53 +1000 Subject: - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ --- ChangeLog | 3 ++- session.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0c0d2c6fc..268e0f9a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ + - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1729,4 +1730,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3544 2004/09/11 13:07:03 dtucker Exp $ +$Id: ChangeLog,v 1.3545 2004/09/11 13:09:53 dtucker Exp $ diff --git a/session.c b/session.c index 7a70b82e6..6844720d4 100644 --- a/session.c +++ b/session.c @@ -1434,7 +1434,7 @@ do_child(Session *s, const char *command) * generated messages, so if this in an interactive * login then display them too. */ - if (command == NULL) + if (!check_quietlogin(s, command)) display_loginmsg(); #endif /* HAVE_OSF_SIA */ } -- cgit v1.2.3 From a0c2b394b4e6d881bb70ab25c77d25922e07fd40 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 23:26:37 +1000 Subject: - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ --- ChangeLog | 4 ++- configure.ac | 103 ++++++++++++++++++++++++++++++++++++++++------------------- 2 files changed, 74 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 268e0f9a9..750751fb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ + - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. + Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1730,4 +1732,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3545 2004/09/11 13:09:53 dtucker Exp $ +$Id: ChangeLog,v 1.3546 2004/09/11 13:26:37 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 85d46f385..9b80c6a37 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.228 2004/08/29 11:18:09 dtucker Exp $ +# $Id: configure.ac,v 1.229 2004/09/11 13:26:37 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -506,7 +506,7 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_TRY_RUN([ +AC_RUN_IFELSE([ #include int main(){exit(0);} ], @@ -514,7 +514,8 @@ int main(){exit(0);} [ AC_MSG_RESULT(no) AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ] + ], + [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] ) # Checks for header files. @@ -647,7 +648,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_TRY_RUN([ +AC_RUN_IFELSE([ #include int main() { @@ -672,7 +673,8 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) else AC_MSG_WARN([zlib version may have security problems]) fi - ] + ], + [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] ) dnl UnixWare 2.x @@ -726,7 +728,7 @@ AC_EGREP_CPP(FOUNDIT, ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -736,6 +738,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) + ], + [ + AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) ] ) @@ -895,28 +901,30 @@ AC_CHECK_DECLS(h_errno, , ,[#include ]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE([ #include #include int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE([ #include #include int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) @@ -942,7 +950,7 @@ AC_CHECK_FUNC(getpagesize, # Check for broken snprintf if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_TRY_RUN( + AC_RUN_IFELSE( [ #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} @@ -952,7 +960,8 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ] + ], + [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] ) fi @@ -1213,7 +1222,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1240,12 +1249,15 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL version header not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1273,12 +1285,15 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL library not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1292,6 +1307,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } AC_MSG_ERROR([Your OpenSSL headers do not match your library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) @@ -1312,7 +1330,7 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1327,6 +1345,12 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } # Default to use of the rand helper if OpenSSL doesn't # seed itself USE_RAND_HELPER=yes + ], + [ + AC_MSG_WARN([cross compiling: assuming yes]) + # This is safe, since all recent OpenSSL versions will + # complain at runtime if not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes ] ) @@ -1893,7 +1917,7 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ exit 1; else dnl test snprintf (broken on SCO w/gcc) - AC_TRY_RUN( + AC_RUN_IFELSE( [ #include #include @@ -1917,7 +1941,8 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] + ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2022,13 +2047,14 @@ fi dnl make sure we're using the real structure members and not defines AC_CACHE_CHECK([for msg_accrights field in struct msghdr], ac_cv_have_accrights_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_accrights +#error "msg_accrights is a macro" exit(1); #endif struct msghdr m; @@ -2046,13 +2072,14 @@ fi AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_control +#error "msg_control is a macro" exit(1); #endif struct msghdr m; @@ -2386,6 +2413,10 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi +if test ! -z "$cross_compiling"; then + AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) + disable_ptmx_check=yes +fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then AC_CHECK_FILE("/dev/ptmx", @@ -2396,12 +2427,17 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) - have_dev_ptc=1 - ] -) + +if test -z "$cross_compiling"; then + AC_CHECK_FILE("/dev/ptc", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + have_dev_ptc=1 + ] + ) +else + AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) +fi # Options from here on. Some of these are preset by platform above AC_ARG_WITH(mantype, @@ -2498,13 +2534,16 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, -[ -AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) + [ AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) -if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) -fi -]) + if test ! -z "$cross_compiling"; then + AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) + elif test "x$external_path_file" = "x/etc/default/login"; then + AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + fi + ] +) dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ -- cgit v1.2.3 From 5614d8f8c48faf1526e472ef760b1cb116ae069d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 23:32:09 +1000 Subject: - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert at anl.gov, ok djm@ --- ChangeLog | 4 +++- auth-krb5.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 750751fb5..995e1bd27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ + - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert + at anl.gov, ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1732,4 +1734,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3546 2004/09/11 13:26:37 dtucker Exp $ +$Id: ChangeLog,v 1.3547 2004/09/11 13:32:09 dtucker Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index a324ff15c..2f742534a 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -187,6 +187,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) snprintf(authctxt->krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname); +#endif + out: restore_uid(); -- cgit v1.2.3 From 8899ed3b6258b6943e4bf2f942a0ad7ce52303f9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 12 Sep 2004 15:18:55 +1000 Subject: - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. No change in resultant binary --- ChangeLog | 6 +- loginrec.c | 642 ++++++++++++++++++++++++++++++------------------------------- 2 files changed, 321 insertions(+), 327 deletions(-) diff --git a/ChangeLog b/ChangeLog index 995e1bd27..8890e6235 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040912 + - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. + No change in resultant binary + 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from @@ -1734,4 +1738,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3547 2004/09/11 13:32:09 dtucker Exp $ +$Id: ChangeLog,v 1.3548 2004/09/12 05:23:14 djm Exp $ diff --git a/loginrec.c b/loginrec.c index 3ec378b9a..8d48fb99f 100644 --- a/loginrec.c +++ b/loginrec.c @@ -30,125 +30,99 @@ **/ /* - The new login code explained - ============================ - - This code attempts to provide a common interface to login recording - (utmp and friends) and last login time retrieval. - - Its primary means of achieving this is to use 'struct logininfo', a - union of all the useful fields in the various different types of - system login record structures one finds on UNIX variants. - - We depend on autoconf to define which recording methods are to be - used, and which fields are contained in the relevant data structures - on the local system. Many C preprocessor symbols affect which code - gets compiled here. - - The code is designed to make it easy to modify a particular - recording method, without affecting other methods nor requiring so - many nested conditional compilation blocks as were commonplace in - the old code. - - For login recording, we try to use the local system's libraries as - these are clearly most likely to work correctly. For utmp systems - this usually means login() and logout() or setutent() etc., probably - in libutil, along with logwtmp() etc. On these systems, we fall back - to writing the files directly if we have to, though this method - requires very thorough testing so we do not corrupt local auditing - information. These files and their access methods are very system - specific indeed. - - For utmpx systems, the corresponding library functions are - setutxent() etc. To the author's knowledge, all utmpx systems have - these library functions and so no direct write is attempted. If such - a system exists and needs support, direct analogues of the [uw]tmp - code should suffice. - - Retrieving the time of last login ('lastlog') is in some ways even - more problemmatic than login recording. Some systems provide a - simple table of all users which we seek based on uid and retrieve a - relatively standard structure. Others record the same information in - a directory with a separate file, and others don't record the - information separately at all. For systems in the latter category, - we look backwards in the wtmp or wtmpx file for the last login entry - for our user. Naturally this is slower and on busy systems could - incur a significant performance penalty. - - Calling the new code - -------------------- - - In OpenSSH all login recording and retrieval is performed in - login.c. Here you'll find working examples. Also, in the logintest.c - program there are more examples. - - Internal handler calling method - ------------------------------- - - When a call is made to login_login() or login_logout(), both - routines set a struct logininfo flag defining which action (log in, - or log out) is to be taken. They both then call login_write(), which - calls whichever of the many structure-specific handlers autoconf - selects for the local system. - - The handlers themselves handle system data structure specifics. Both - struct utmp and struct utmpx have utility functions (see - construct_utmp*()) to try to make it simpler to add extra systems - that introduce new features to either structure. - - While it may seem terribly wasteful to replicate so much similar - code for each method, experience has shown that maintaining code to - write both struct utmp and utmpx in one function, whilst maintaining - support for all systems whether they have library support or not, is - a difficult and time-consuming task. - - Lastlog support proceeds similarly. Functions login_get_lastlog() - (and its OpenSSH-tuned friend login_get_lastlog_time()) call - getlast_entry(), which tries one of three methods to find the last - login time. It uses local system lastlog support if it can, - otherwise it tries wtmp or wtmpx before giving up and returning 0, - meaning "tilt". - - Maintenance - ----------- - - In many cases it's possible to tweak autoconf to select the correct - methods for a particular platform, either by improving the detection - code (best), or by presetting DISABLE_ or CONF__FILE - symbols for the platform. - - Use logintest to check which symbols are defined before modifying - configure.ac and loginrec.c. (You have to build logintest yourself - with 'make logintest' as it's not built by default.) - - Otherwise, patches to the specific method(s) are very helpful! - -*/ - -/** - ** TODO: - ** homegrown ttyslot() - ** test, test, test - ** - ** Platform status: - ** ---------------- - ** - ** Known good: - ** Linux (Redhat 6.2, Debian) - ** Solaris - ** HP-UX 10.20 (gcc only) - ** IRIX - ** NeXT - M68k/HPPA/Sparc (4.2/3.3) - ** - ** Testing required: Please send reports! - ** NetBSD - ** HP-UX 11 - ** AIX - ** - ** Platforms with known problems: - ** Some variants of Slackware Linux - ** - **/ + * The new login code explained + * ============================ + * + * This code attempts to provide a common interface to login recording + * (utmp and friends) and last login time retrieval. + * + * Its primary means of achieving this is to use 'struct logininfo', a + * union of all the useful fields in the various different types of + * system login record structures one finds on UNIX variants. + * + * We depend on autoconf to define which recording methods are to be + * used, and which fields are contained in the relevant data structures + * on the local system. Many C preprocessor symbols affect which code + * gets compiled here. + * + * The code is designed to make it easy to modify a particular + * recording method, without affecting other methods nor requiring so + * many nested conditional compilation blocks as were commonplace in + * the old code. + * + * For login recording, we try to use the local system's libraries as + * these are clearly most likely to work correctly. For utmp systems + * this usually means login() and logout() or setutent() etc., probably + * in libutil, along with logwtmp() etc. On these systems, we fall back + * to writing the files directly if we have to, though this method + * requires very thorough testing so we do not corrupt local auditing + * information. These files and their access methods are very system + * specific indeed. + * + * For utmpx systems, the corresponding library functions are + * setutxent() etc. To the author's knowledge, all utmpx systems have + * these library functions and so no direct write is attempted. If such + * a system exists and needs support, direct analogues of the [uw]tmp + * code should suffice. + * + * Retrieving the time of last login ('lastlog') is in some ways even + * more problemmatic than login recording. Some systems provide a + * simple table of all users which we seek based on uid and retrieve a + * relatively standard structure. Others record the same information in + * a directory with a separate file, and others don't record the + * information separately at all. For systems in the latter category, + * we look backwards in the wtmp or wtmpx file for the last login entry + * for our user. Naturally this is slower and on busy systems could + * incur a significant performance penalty. + * + * Calling the new code + * -------------------- + * + * In OpenSSH all login recording and retrieval is performed in + * login.c. Here you'll find working examples. Also, in the logintest.c + * program there are more examples. + * + * Internal handler calling method + * ------------------------------- + * + * When a call is made to login_login() or login_logout(), both + * routines set a struct logininfo flag defining which action (log in, + * or log out) is to be taken. They both then call login_write(), which + * calls whichever of the many structure-specific handlers autoconf + * selects for the local system. + * + * The handlers themselves handle system data structure specifics. Both + * struct utmp and struct utmpx have utility functions (see + * construct_utmp*()) to try to make it simpler to add extra systems + * that introduce new features to either structure. + * + * While it may seem terribly wasteful to replicate so much similar + * code for each method, experience has shown that maintaining code to + * write both struct utmp and utmpx in one function, whilst maintaining + * support for all systems whether they have library support or not, is + * a difficult and time-consuming task. + * + * Lastlog support proceeds similarly. Functions login_get_lastlog() + * (and its OpenSSH-tuned friend login_get_lastlog_time()) call + * getlast_entry(), which tries one of three methods to find the last + * login time. It uses local system lastlog support if it can, + * otherwise it tries wtmp or wtmpx before giving up and returning 0, + * meaning "tilt". + * + * Maintenance + * ----------- + * + * In many cases it's possible to tweak autoconf to select the correct + * methods for a particular platform, either by improving the detection + * code (best), or by presetting DISABLE_ or CONF__FILE + * symbols for the platform. + * + * Use logintest to check which symbols are defined before modifying + * configure.ac and loginrec.c. (You have to build logintest yourself + * with 'make logintest' as it's not built by default.) + * + * Otherwise, patches to the specific method(s) are very helpful! + */ #include "includes.h" @@ -158,16 +132,16 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.59 2004/08/23 11:53:28 djm Exp $"); - #ifdef HAVE_UTIL_H -# include +# include #endif #ifdef HAVE_LIBUTIL_H -# include +# include #endif +RCSID("$Id: loginrec.c,v 1.60 2004/09/12 05:18:55 djm Exp $"); + /** ** prototypes for helper functions in this file **/ @@ -195,13 +169,14 @@ int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); /* pick the shortest string */ -#define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) ) +#define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) /** ** platform-independent login functions **/ -/* login_login(struct logininfo *) -Record a login +/* + * login_login(struct logininfo *) - Record a login * * Call with a pointer to a struct logininfo initialised with * login_init_entry() or login_alloc_entry() @@ -211,14 +186,15 @@ int wtmpx_get_entry(struct logininfo *li); * 0 on failure (will use OpenSSH's logging facilities for diagnostics) */ int -login_login (struct logininfo *li) +login_login(struct logininfo *li) { li->type = LTYPE_LOGIN; - return login_write(li); + return (login_write(li)); } -/* login_logout(struct logininfo *) - Record a logout +/* + * login_logout(struct logininfo *) - Record a logout * * Call as with login_login() * @@ -230,10 +206,11 @@ int login_logout(struct logininfo *li) { li->type = LTYPE_LOGOUT; - return login_write(li); + return (login_write(li)); } -/* login_get_lastlog_time(int) - Retrieve the last login time +/* + * login_get_lastlog_time(int) - Retrieve the last login time * * Retrieve the last login time for the given uid. Will try to use the * system lastlog facilities if they are available, but will fall back @@ -256,12 +233,13 @@ login_get_lastlog_time(const int uid) struct logininfo li; if (login_get_lastlog(&li, uid)) - return li.tv_sec; + return (li.tv_sec); else - return 0; + return (0); } -/* login_get_lastlog(struct logininfo *, int) - Retrieve a lastlog entry +/* + * login_get_lastlog(struct logininfo *, int) - Retrieve a lastlog entry * * Retrieve a logininfo structure populated (only partially) with * information from the system lastlog data, or from wtmp/wtmpx if no @@ -272,7 +250,6 @@ login_get_lastlog_time(const int uid) * Returns: * >0: A pointer to your struct logininfo if successful * 0 on failure (will use OpenSSH's logging facilities for diagnostics) - * */ struct logininfo * login_get_lastlog(struct logininfo *li, const int uid) @@ -292,17 +269,18 @@ login_get_lastlog(struct logininfo *li, const int uid) fatal("login_get_lastlog: Cannot find account for uid %i", uid); /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username */ + * username (XXX - so check for trunc!) */ strlcpy(li->username, pw->pw_name, sizeof(li->username)); if (getlast_entry(li)) - return li; + return (li); else - return NULL; + return (NULL); } -/* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise +/* + * login_alloc_entry(int, char*, char*, char*) - Allocate and initialise * a logininfo structure * * This function creates a new struct logininfo, a data structure @@ -313,13 +291,13 @@ login_get_lastlog(struct logininfo *li, const int uid) */ struct logininfo *login_alloc_entry(int pid, const char *username, - const char *hostname, const char *line) + const char *hostname, const char *line) { struct logininfo *newli; - newli = (struct logininfo *) xmalloc (sizeof(*newli)); - (void)login_init_entry(newli, pid, username, hostname, line); - return newli; + newli = xmalloc(sizeof(*newli)); + login_init_entry(newli, pid, username, hostname, line); + return (newli); } @@ -341,7 +319,7 @@ login_free_entry(struct logininfo *li) */ int login_init_entry(struct logininfo *li, int pid, const char *username, - const char *hostname, const char *line) + const char *hostname, const char *line) { struct passwd *pw; @@ -356,18 +334,21 @@ login_init_entry(struct logininfo *li, int pid, const char *username, if (username) { strlcpy(li->username, username, sizeof(li->username)); pw = getpwnam(li->username); - if (pw == NULL) - fatal("login_init_entry: Cannot find user \"%s\"", li->username); + if (pw == NULL) { + fatal("login_init_entry: Cannot find user \"%s\"", + li->username); + } li->uid = pw->pw_uid; } if (hostname) strlcpy(li->hostname, hostname, sizeof(li->hostname)); - return 1; + return (1); } -/* login_set_current_time(struct logininfo *) - set the current time +/* + * login_set_current_time(struct logininfo *) - set the current time * * Set the current time in a logininfo structure. This function is * meant to eliminate the need to deal with system dependencies for @@ -387,7 +368,7 @@ login_set_current_time(struct logininfo *li) /* copy a sockaddr_* into our logininfo */ void login_set_addr(struct logininfo *li, const struct sockaddr *sa, - const unsigned int sa_size) + const unsigned int sa_size) { unsigned int bufsize = sa_size; @@ -395,7 +376,7 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa, if (sizeof(li->hostaddr) < sa_size) bufsize = sizeof(li->hostaddr); - memcpy((void *)&(li->hostaddr.sa), (const void *)sa, bufsize); + memcpy(&li->hostaddr.sa, sa, bufsize); } @@ -404,12 +385,12 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa, ** results **/ int -login_write (struct logininfo *li) +login_write(struct logininfo *li) { #ifndef HAVE_CYGWIN - if ((int)geteuid() != 0) { - logit("Attempt to write login records by non-root user (aborting)"); - return 1; + if (geteuid() != 0) { + logit("Attempt to write login records by non-root user (aborting)"); + return (1); } #endif @@ -419,9 +400,8 @@ login_write (struct logininfo *li) syslogin_write_entry(li); #endif #ifdef USE_LASTLOG - if (li->type == LTYPE_LOGIN) { + if (li->type == LTYPE_LOGIN) lastlog_write_entry(li); - } #endif #ifdef USE_UTMP utmp_write_entry(li); @@ -440,7 +420,7 @@ login_write (struct logininfo *li) !sys_auth_record_login(li->username,li->hostname,li->line)) logit("Writing login record failed for %s", li->username); #endif - return 0; + return (0); } #ifdef LOGIN_NEEDS_UTMPX @@ -461,7 +441,7 @@ login_utmp_only(struct logininfo *li) # ifdef USE_WTMPX wtmpx_write_entry(li); # endif - return 0; + return (0); } #endif @@ -478,25 +458,21 @@ getlast_entry(struct logininfo *li) return(lastlog_get_entry(li)); #else /* !USE_LASTLOG */ -#ifdef DISABLE_LASTLOG +#if defined(DISABLE_LASTLOG) /* On some systems we shouldn't even try to obtain last login * time, e.g. AIX */ - return 0; -# else /* DISABLE_LASTLOG */ - /* Try to retrieve the last login time from wtmp */ -# if defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) + return (0); +# elif defined(USE_WTMP) && \ + (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) /* retrieve last login time from utmp */ return (wtmp_get_entry(li)); -# else /* defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) */ +# elif defined(USE_WTMPX) && \ + (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX)) /* If wtmp isn't available, try wtmpx */ -# if defined(USE_WTMPX) && (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX)) - /* retrieve last login time from utmpx */ return (wtmpx_get_entry(li)); -# else +# else /* Give up: No means of retrieving last login time */ - return 0; -# endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */ -# endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */ + return (0); # endif /* DISABLE_LASTLOG */ #endif /* USE_LASTLOG */ } @@ -520,19 +496,21 @@ getlast_entry(struct logininfo *li) */ -/* line_fullname(): add the leading '/dev/' if it doesn't exist make - * sure dst has enough space, if not just copy src (ugh) */ +/* + * line_fullname(): add the leading '/dev/' if it doesn't exist make + * sure dst has enough space, if not just copy src (ugh) + */ char * line_fullname(char *dst, const char *src, int dstsize) { memset(dst, '\0', dstsize); - if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) { + if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) strlcpy(dst, src, dstsize); - } else { + else { strlcpy(dst, "/dev/", dstsize); strlcat(dst, src, dstsize); } - return dst; + return (dst); } /* line_stripname(): strip the leading '/dev' if it exists, return dst */ @@ -544,15 +522,17 @@ line_stripname(char *dst, const char *src, int dstsize) strlcpy(dst, src + 5, dstsize); else strlcpy(dst, src, dstsize); - return dst; + return (dst); } -/* line_abbrevname(): Return the abbreviated (usually four-character) +/* + * line_abbrevname(): Return the abbreviated (usually four-character) * form of the line (Just use the last characters of the * full name.) * * NOTE: use strncpy because we do NOT necessarily want zero - * termination */ + * termination + */ char * line_abbrevname(char *dst, const char *src, int dstsize) { @@ -579,7 +559,7 @@ line_abbrevname(char *dst, const char *src, int dstsize) strncpy(dst, src, (size_t)dstsize); } - return dst; + return (dst); } /** @@ -595,13 +575,11 @@ line_abbrevname(char *dst, const char *src, int dstsize) void set_utmp_time(struct logininfo *li, struct utmp *ut) { -# ifdef HAVE_TV_IN_UTMP +# if defined(HAVE_TV_IN_UTMP) ut->ut_tv.tv_sec = li->tv_sec; ut->ut_tv.tv_usec = li->tv_usec; -# else -# ifdef HAVE_TIME_IN_UTMP +# elif defined(HAVE_TIME_IN_UTMP) ut->ut_time = li->tv_sec; -# endif # endif } @@ -611,7 +589,8 @@ construct_utmp(struct logininfo *li, { # ifdef HAVE_ADDR_V6_IN_UTMP struct sockaddr_in6 *sa6; -# endif +# endif + memset(ut, '\0', sizeof(*ut)); /* First fill out fields used for both logins and logouts */ @@ -647,7 +626,7 @@ construct_utmp(struct logininfo *li, /* If we're logging out, leave all other fields blank */ if (li->type == LTYPE_LOGOUT) - return; + return; /* * These fields are only used when logging in, and are blank @@ -655,9 +634,11 @@ construct_utmp(struct logininfo *li, */ /* Use strncpy because we don't necessarily want null termination */ - strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username)); + strncpy(ut->ut_name, li->username, + MIN_SIZEOF(ut->ut_name, li->username)); # ifdef HAVE_HOST_IN_UTMP - strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname)); + strncpy(ut->ut_host, li->hostname, + MIN_SIZEOF(ut->ut_host, li->hostname)); # endif # ifdef HAVE_ADDR_IN_UTMP /* this is just a 32-bit IP address */ @@ -692,14 +673,12 @@ construct_utmp(struct logininfo *li, void set_utmpx_time(struct logininfo *li, struct utmpx *utx) { -# ifdef HAVE_TV_IN_UTMPX +# if defined(HAVE_TV_IN_UTMPX) utx->ut_tv.tv_sec = li->tv_sec; utx->ut_tv.tv_usec = li->tv_usec; -# else /* HAVE_TV_IN_UTMPX */ -# ifdef HAVE_TIME_IN_UTMPX +# elif defined(HAVE_TIME_IN_UTMPX) utx->ut_time = li->tv_sec; -# endif /* HAVE_TIME_IN_UTMPX */ -# endif /* HAVE_TV_IN_UTMPX */ +# endif } void @@ -709,6 +688,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) struct sockaddr_in6 *sa6; # endif memset(utx, '\0', sizeof(*utx)); + # ifdef HAVE_ID_IN_UTMPX line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); # endif @@ -725,8 +705,10 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line)); set_utmpx_time(li, utx); utx->ut_pid = li->pid; + /* strncpy(): Don't necessarily want null termination */ - strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username)); + strncpy(utx->ut_name, li->username, + MIN_SIZEOF(utx->ut_name, li->username)); if (li->type == LTYPE_LOGOUT) return; @@ -737,7 +719,8 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) */ # ifdef HAVE_HOST_IN_UTMPX - strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); + strncpy(utx->ut_host, li->hostname, + MIN_SIZEOF(utx->ut_host, li->hostname)); # endif # ifdef HAVE_ADDR_IN_UTMPX /* this is just a 32-bit IP address */ @@ -785,16 +768,17 @@ utmp_write_library(struct logininfo *li, struct utmp *ut) { setutent(); pututline(ut); - # ifdef HAVE_ENDUTENT endutent(); # endif - return 1; + return (1); } # else /* UTMP_USE_LIBRARY */ -/* write a utmp entry direct to the file */ -/* This is a slightly modification of code in OpenBSD's login.c */ +/* + * Write a utmp entry direct to the file + * This is a slightly modification of code in OpenBSD's login.c + */ static int utmp_write_direct(struct logininfo *li, struct utmp *ut) { @@ -805,19 +789,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) /* FIXME: (ATL) ttyslot() needs local implementation */ #if defined(HAVE_GETTTYENT) - register struct ttyent *ty; + struct ttyent *ty; tty=0; - setttyent(); - while ((struct ttyent *)0 != (ty = getttyent())) { + while (NULL != (ty = getttyent())) { tty++; if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line))) break; } endttyent(); - if((struct ttyent *)0 == ty) { + if (NULL == ty) { logit("%s: tty not found", __func__); return (0); } @@ -846,11 +829,10 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) * and ut_line and ut_name match, preserve the old ut_line. */ if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) && - (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && - (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && - (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) { - (void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host)); - } + (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && + (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && + (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) + memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host)); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { logit("%s: lseek: %s", __func__, strerror(errno)); @@ -861,14 +843,15 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) __func__, tty, UTMP_FILE); return (0); } - if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) + if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { logit("%s: error writing %s: %s", __func__, UTMP_FILE, strerror(errno)); + } - (void)close(fd); - return 1; + close(fd); + return (1); } else { - return 0; + return (0); } } # endif /* UTMP_USE_LIBRARY */ @@ -882,15 +865,15 @@ utmp_perform_login(struct logininfo *li) # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { logit("utmp_perform_login: utmp_write_library() failed"); - return 0; + return (0); } # else if (!utmp_write_direct(li, &ut)) { logit("utmp_perform_login: utmp_write_direct() failed"); - return 0; + return (0); } # endif - return 1; + return (1); } @@ -903,15 +886,15 @@ utmp_perform_logout(struct logininfo *li) # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { logit("utmp_perform_logout: utmp_write_library() failed"); - return 0; + return (0); } # else if (!utmp_write_direct(li, &ut)) { logit("utmp_perform_logout: utmp_write_direct() failed"); - return 0; + return (0); } # endif - return 1; + return (1); } @@ -920,14 +903,14 @@ utmp_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return utmp_perform_login(li); + return (utmp_perform_login(li)); case LTYPE_LOGOUT: - return utmp_perform_logout(li); + return (utmp_perform_logout(li)); default: logit("utmp_write_entry: invalid type field"); - return 0; + return (0); } } #endif /* USE_UTMP */ @@ -958,7 +941,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx) # ifdef HAVE_ENDUTXENT endutxent(); # endif - return 1; + return (1); } # else /* UTMPX_USE_LIBRARY */ @@ -968,7 +951,7 @@ static int utmpx_write_direct(struct logininfo *li, struct utmpx *utx) { logit("utmpx_write_direct: not implemented!"); - return 0; + return (0); } # endif /* UTMPX_USE_LIBRARY */ @@ -981,15 +964,15 @@ utmpx_perform_login(struct logininfo *li) # ifdef UTMPX_USE_LIBRARY if (!utmpx_write_library(li, &utx)) { logit("utmpx_perform_login: utmp_write_library() failed"); - return 0; + return (0); } # else if (!utmpx_write_direct(li, &ut)) { logit("utmpx_perform_login: utmp_write_direct() failed"); - return 0; + return (0); } # endif - return 1; + return (1); } @@ -1011,7 +994,7 @@ utmpx_perform_logout(struct logininfo *li) # else utmpx_write_direct(li, &utx); # endif - return 1; + return (1); } int @@ -1019,12 +1002,12 @@ utmpx_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return utmpx_perform_login(li); + return (utmpx_perform_login(li)); case LTYPE_LOGOUT: - return utmpx_perform_logout(li); + return (utmpx_perform_logout(li)); default: logit("utmpx_write_entry: invalid type field"); - return 0; + return (0); } } #endif /* USE_UTMPX */ @@ -1036,8 +1019,10 @@ utmpx_write_entry(struct logininfo *li) #ifdef USE_WTMP -/* write a wtmp entry direct to the end of the file */ -/* This is a slight modification of code in OpenBSD's logwtmp.c */ +/* + * Write a wtmp entry direct to the end of the file + * This is a slight modification of code in OpenBSD's logwtmp.c + */ static int wtmp_write(struct logininfo *li, struct utmp *ut) { @@ -1047,7 +1032,7 @@ wtmp_write(struct logininfo *li, struct utmp *ut) if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) { logit("wtmp_write: problem writing %s: %s", WTMP_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &buf) == 0) if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { @@ -1056,8 +1041,8 @@ wtmp_write(struct logininfo *li, struct utmp *ut) WTMP_FILE, strerror(errno)); ret = 0; } - (void)close(fd); - return ret; + close(fd); + return (ret); } static int @@ -1066,7 +1051,7 @@ wtmp_perform_login(struct logininfo *li) struct utmp ut; construct_utmp(li, &ut); - return wtmp_write(li, &ut); + return (wtmp_write(li, &ut)); } @@ -1076,7 +1061,7 @@ wtmp_perform_logout(struct logininfo *li) struct utmp ut; construct_utmp(li, &ut); - return wtmp_write(li, &ut); + return (wtmp_write(li, &ut)); } @@ -1085,17 +1070,18 @@ wtmp_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return wtmp_perform_login(li); + return (wtmp_perform_login(li)); case LTYPE_LOGOUT: - return wtmp_perform_logout(li); + return (wtmp_perform_logout(li)); default: logit("wtmp_write_entry: invalid type field"); - return 0; + return (0); } } -/* Notes on fetching login data from wtmp/wtmpx +/* + * Notes on fetching login data from wtmp/wtmpx * * Logouts are usually recorded with (amongst other things) a blank * username on a given tty line. However, some systems (HP-UX is one) @@ -1116,15 +1102,15 @@ static int wtmp_islogin(struct logininfo *li, struct utmp *ut) { if (strncmp(li->username, ut->ut_name, - MIN_SIZEOF(li->username, ut->ut_name)) == 0) { + MIN_SIZEOF(li->username, ut->ut_name)) == 0) { # ifdef HAVE_TYPE_IN_UTMP if (ut->ut_type & USER_PROCESS) - return 1; + return (1); # else - return 1; + return (1); # endif } - return 0; + return (0); } int @@ -1132,7 +1118,7 @@ wtmp_get_entry(struct logininfo *li) { struct stat st; struct utmp ut; - int fd, found=0; + int fd, found = 0; /* Clear the time entries in our logininfo */ li->tv_sec = li->tv_usec = 0; @@ -1140,20 +1126,20 @@ wtmp_get_entry(struct logininfo *li) if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { logit("wtmp_get_entry: problem opening %s: %s", WTMP_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &st) != 0) { logit("wtmp_get_entry: couldn't stat %s: %s", WTMP_FILE, strerror(errno)); close(fd); - return 0; + return (0); } /* Seek to the start of the last struct utmp */ if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) { /* Looks like we've got a fresh wtmp file */ close(fd); - return 0; + return (0); } while (!found) { @@ -1161,12 +1147,14 @@ wtmp_get_entry(struct logininfo *li) logit("wtmp_get_entry: read of %s failed: %s", WTMP_FILE, strerror(errno)); close (fd); - return 0; + return (0); } if ( wtmp_islogin(li, &ut) ) { found = 1; - /* We've already checked for a time in struct - * utmp, in login_getlast(). */ + /* + * We've already checked for a time in struct + * utmp, in login_getlast() + */ # ifdef HAVE_TIME_IN_UTMP li->tv_sec = ut.ut_time; # else @@ -1175,24 +1163,24 @@ wtmp_get_entry(struct logininfo *li) # endif # endif line_fullname(li->line, ut.ut_line, - MIN_SIZEOF(li->line, ut.ut_line)); + MIN_SIZEOF(li->line, ut.ut_line)); # ifdef HAVE_HOST_IN_UTMP strlcpy(li->hostname, ut.ut_host, - MIN_SIZEOF(li->hostname, ut.ut_host)); + MIN_SIZEOF(li->hostname, ut.ut_host)); # endif continue; } /* Seek back 2 x struct utmp */ if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) { /* We've found the start of the file, so quit */ - close (fd); - return 0; + close(fd); + return (0); } } /* We found an entry. Tidy up and return */ close(fd); - return 1; + return (1); } # endif /* USE_WTMP */ @@ -1202,8 +1190,10 @@ wtmp_get_entry(struct logininfo *li) **/ #ifdef USE_WTMPX -/* write a wtmpx entry direct to the end of the file */ -/* This is a slight modification of code in OpenBSD's logwtmp.c */ +/* + * Write a wtmpx entry direct to the end of the file + * This is a slight modification of code in OpenBSD's logwtmp.c + */ static int wtmpx_write(struct logininfo *li, struct utmpx *utx) { @@ -1214,7 +1204,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { logit("wtmpx_write: problem opening %s: %s", WTMPX_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &buf) == 0) @@ -1224,12 +1214,12 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) WTMPX_FILE, strerror(errno)); ret = 0; } - (void)close(fd); + close(fd); - return ret; + return (ret); #else updwtmpx(WTMPX_FILE, utx); - return 1; + return (1); #endif } @@ -1240,7 +1230,7 @@ wtmpx_perform_login(struct logininfo *li) struct utmpx utx; construct_utmpx(li, &utx); - return wtmpx_write(li, &utx); + return (wtmpx_write(li, &utx)); } @@ -1250,7 +1240,7 @@ wtmpx_perform_logout(struct logininfo *li) struct utmpx utx; construct_utmpx(li, &utx); - return wtmpx_write(li, &utx); + return (wtmpx_write(li, &utx)); } @@ -1259,12 +1249,12 @@ wtmpx_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return wtmpx_perform_login(li); + return (wtmpx_perform_login(li)); case LTYPE_LOGOUT: - return wtmpx_perform_logout(li); + return (wtmpx_perform_logout(li)); default: logit("wtmpx_write_entry: invalid type field"); - return 0; + return (0); } } @@ -1275,16 +1265,16 @@ wtmpx_write_entry(struct logininfo *li) static int wtmpx_islogin(struct logininfo *li, struct utmpx *utx) { - if ( strncmp(li->username, utx->ut_name, - MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) { + if (strncmp(li->username, utx->ut_name, + MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) { # ifdef HAVE_TYPE_IN_UTMPX if (utx->ut_type == USER_PROCESS) - return 1; + return (1); # else - return 1; + return (1); # endif } - return 0; + return (0); } @@ -1301,20 +1291,20 @@ wtmpx_get_entry(struct logininfo *li) if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { logit("wtmpx_get_entry: problem opening %s: %s", WTMPX_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &st) != 0) { logit("wtmpx_get_entry: couldn't stat %s: %s", WTMPX_FILE, strerror(errno)); close(fd); - return 0; + return (0); } /* Seek to the start of the last struct utmpx */ if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) { /* probably a newly rotated wtmpx file */ close(fd); - return 0; + return (0); } while (!found) { @@ -1322,34 +1312,34 @@ wtmpx_get_entry(struct logininfo *li) logit("wtmpx_get_entry: read of %s failed: %s", WTMPX_FILE, strerror(errno)); close (fd); - return 0; + return (0); } - /* Logouts are recorded as a blank username on a particular line. - * So, we just need to find the username in struct utmpx */ - if ( wtmpx_islogin(li, &utx) ) { + /* + * Logouts are recorded as a blank username on a particular + * line. So, we just need to find the username in struct utmpx + */ + if (wtmpx_islogin(li, &utx)) { found = 1; -# ifdef HAVE_TV_IN_UTMPX +# if defined(HAVE_TV_IN_UTMPX) li->tv_sec = utx.ut_tv.tv_sec; -# else -# ifdef HAVE_TIME_IN_UTMPX +# elif defined(HAVE_TIME_IN_UTMPX) li->tv_sec = utx.ut_time; -# endif # endif line_fullname(li->line, utx.ut_line, sizeof(li->line)); -# ifdef HAVE_HOST_IN_UTMPX +# if defined(HAVE_HOST_IN_UTMPX) strlcpy(li->hostname, utx.ut_host, - MIN_SIZEOF(li->hostname, utx.ut_host)); + MIN_SIZEOF(li->hostname, utx.ut_host)); # endif continue; } if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) { - close (fd); - return 0; + close(fd); + return (0); } } close(fd); - return 1; + return (1); } #endif /* USE_WTMPX */ @@ -1363,15 +1353,15 @@ syslogin_perform_login(struct logininfo *li) { struct utmp *ut; - if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) { + if ((ut = (struct utmp *)malloc(sizeof(*ut))) == NULL) { logit("syslogin_perform_login: couldn't malloc()"); - return 0; + return (0); } construct_utmp(li, ut); login(ut); free(ut); - return 1; + return (1); } static int @@ -1382,19 +1372,18 @@ syslogin_perform_logout(struct logininfo *li) (void)line_stripname(line, li->line, sizeof(line)); - if (!logout(line)) { + if (!logout(line)) logit("syslogin_perform_logout: logout() returned an error"); # ifdef HAVE_LOGWTMP - } else { + else logwtmp(line, "", ""); # endif - } /* FIXME: (ATL - if the need arises) What to do if we have * login, but no logout? what if logout but no logwtmp? All * routines are in libutil so they should all be there, * but... */ # endif - return 1; + return (1); } int @@ -1402,12 +1391,12 @@ syslogin_write_entry(struct logininfo *li) { switch (li->type) { case LTYPE_LOGIN: - return syslogin_perform_login(li); + return (syslogin_perform_login(li)); case LTYPE_LOGOUT: - return syslogin_perform_logout(li); + return (syslogin_perform_logout(li)); default: logit("syslogin_write_entry: Invalid type field"); - return 0; + return (0); } } #endif /* USE_LOGIN */ @@ -1429,7 +1418,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last) /* clear the structure */ memset(last, '\0', sizeof(*last)); - (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); + line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); strlcpy(last->ll_host, li->hostname, MIN_SIZEOF(last->ll_host, li->hostname)); last->ll_time = li->tv_sec; @@ -1441,16 +1430,16 @@ lastlog_filetype(char *filename) struct stat st; if (stat(LASTLOG_FILE, &st) != 0) { - logit("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE, - strerror(errno)); - return 0; + logit("lastlog_perform_login: Couldn't stat %s: %s", + LASTLOG_FILE, strerror(errno)); + return (0); } if (S_ISDIR(st.st_mode)) - return LL_DIR; + return (LL_DIR); else if (S_ISREG(st.st_mode)) - return LL_FILE; + return (LL_FILE); else - return LL_OTHER; + return (LL_OTHER); } @@ -1464,38 +1453,39 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) type = lastlog_filetype(LASTLOG_FILE); switch (type) { - case LL_FILE: - strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file)); - break; - case LL_DIR: - snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s", - LASTLOG_FILE, li->username); - break; - default: - logit("lastlog_openseek: %.100s is not a file or directory!", - LASTLOG_FILE); - return 0; + case LL_FILE: + strlcpy(lastlog_file, LASTLOG_FILE, + sizeof(lastlog_file)); + break; + case LL_DIR: + snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s", + LASTLOG_FILE, li->username); + break; + default: + logit("lastlog_openseek: %.100s is not a file or directory!", + LASTLOG_FILE); + return (0); } *fd = open(lastlog_file, filemode, 0600); - if ( *fd < 0) { + if (*fd < 0) { debug("lastlog_openseek: Couldn't open %s: %s", lastlog_file, strerror(errno)); - return 0; + return (0); } if (type == LL_FILE) { /* find this uid's offset in the lastlog file */ offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); - if ( lseek(*fd, offset, SEEK_SET) != offset ) { + if (lseek(*fd, offset, SEEK_SET) != offset) { logit("lastlog_openseek: %s->lseek(): %s", lastlog_file, strerror(errno)); - return 0; + return (0); } } - return 1; + return (1); } static int @@ -1508,18 +1498,18 @@ lastlog_perform_login(struct logininfo *li) lastlog_construct(li, &last); if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT)) - return(0); + return (0); /* write the entry */ if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) { close(fd); logit("lastlog_write_filemode: Error writing to %s: %s", LASTLOG_FILE, strerror(errno)); - return 0; + return (0); } close(fd); - return 1; + return (1); } int @@ -1527,10 +1517,10 @@ lastlog_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return lastlog_perform_login(li); + return (lastlog_perform_login(li)); default: logit("lastlog_write_entry: Invalid type field"); - return 0; + return (0); } } @@ -1539,7 +1529,7 @@ lastlog_populate_entry(struct logininfo *li, struct lastlog *last) { line_fullname(li->line, last->ll_line, sizeof(li->line)); strlcpy(li->hostname, last->ll_host, - MIN_SIZEOF(li->hostname, last->ll_host)); + MIN_SIZEOF(li->hostname, last->ll_host)); li->tv_sec = last->ll_time; } -- cgit v1.2.3 From 6b0279c084f93a1e36ad648fd428297cc728cd35 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 12 Sep 2004 15:25:17 +1000 Subject: - (djm) [loginrec.c] __func__ifiy --- ChangeLog | 3 ++- loginrec.c | 68 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8890e6235..bddbf611c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20040912 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. No change in resultant binary + - (djm) [loginrec.c] __func__ifiy 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ @@ -1738,4 +1739,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3548 2004/09/12 05:23:14 djm Exp $ +$Id: ChangeLog,v 1.3549 2004/09/12 05:25:17 djm Exp $ diff --git a/loginrec.c b/loginrec.c index 8d48fb99f..e6b70f58c 100644 --- a/loginrec.c +++ b/loginrec.c @@ -140,7 +140,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.60 2004/09/12 05:18:55 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.61 2004/09/12 05:25:17 djm Exp $"); /** ** prototypes for helper functions in this file @@ -266,7 +266,7 @@ login_get_lastlog(struct logininfo *li, const int uid) */ pw = getpwuid(uid); if (pw == NULL) - fatal("login_get_lastlog: Cannot find account for uid %i", uid); + fatal("%s: Cannot find account for uid %i", __func__, uid); /* No MIN_SIZEOF here - we absolutely *must not* truncate the * username (XXX - so check for trunc!) */ @@ -335,7 +335,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username, strlcpy(li->username, username, sizeof(li->username)); pw = getpwnam(li->username); if (pw == NULL) { - fatal("login_init_entry: Cannot find user \"%s\"", + fatal("%s: Cannot find user \"%s\"", __func__, li->username); } li->uid = pw->pw_uid; @@ -864,12 +864,12 @@ utmp_perform_login(struct logininfo *li) construct_utmp(li, &ut); # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { - logit("utmp_perform_login: utmp_write_library() failed"); + logit("%s: utmp_write_library() failed", __func__); return (0); } # else if (!utmp_write_direct(li, &ut)) { - logit("utmp_perform_login: utmp_write_direct() failed"); + logit("%s: utmp_write_direct() failed", __func__); return (0); } # endif @@ -885,12 +885,12 @@ utmp_perform_logout(struct logininfo *li) construct_utmp(li, &ut); # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { - logit("utmp_perform_logout: utmp_write_library() failed"); + logit("%s: utmp_write_library() failed", __func__); return (0); } # else if (!utmp_write_direct(li, &ut)) { - logit("utmp_perform_logout: utmp_write_direct() failed"); + logit("%s: utmp_write_direct() failed", __func__); return (0); } # endif @@ -909,7 +909,7 @@ utmp_write_entry(struct logininfo *li) return (utmp_perform_logout(li)); default: - logit("utmp_write_entry: invalid type field"); + logit("%s: invalid type field", __func__); return (0); } } @@ -950,7 +950,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx) static int utmpx_write_direct(struct logininfo *li, struct utmpx *utx) { - logit("utmpx_write_direct: not implemented!"); + logit("%s: not implemented!", __func__); return (0); } # endif /* UTMPX_USE_LIBRARY */ @@ -963,12 +963,12 @@ utmpx_perform_login(struct logininfo *li) construct_utmpx(li, &utx); # ifdef UTMPX_USE_LIBRARY if (!utmpx_write_library(li, &utx)) { - logit("utmpx_perform_login: utmp_write_library() failed"); + logit("%s: utmp_write_library() failed", __func__); return (0); } # else if (!utmpx_write_direct(li, &ut)) { - logit("utmpx_perform_login: utmp_write_direct() failed"); + logit("%s: utmp_write_direct() failed", __func__); return (0); } # endif @@ -1006,7 +1006,7 @@ utmpx_write_entry(struct logininfo *li) case LTYPE_LOGOUT: return (utmpx_perform_logout(li)); default: - logit("utmpx_write_entry: invalid type field"); + logit("%s: invalid type field", __func__); return (0); } } @@ -1030,14 +1030,14 @@ wtmp_write(struct logininfo *li, struct utmp *ut) int fd, ret = 1; if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("wtmp_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMP_FILE, strerror(errno)); return (0); } if (fstat(fd, &buf) == 0) if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { ftruncate(fd, buf.st_size); - logit("wtmp_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMP_FILE, strerror(errno)); ret = 0; } @@ -1074,7 +1074,7 @@ wtmp_write_entry(struct logininfo *li) case LTYPE_LOGOUT: return (wtmp_perform_logout(li)); default: - logit("wtmp_write_entry: invalid type field"); + logit("%s: invalid type field", __func__); return (0); } } @@ -1124,12 +1124,12 @@ wtmp_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { - logit("wtmp_get_entry: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMP_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("wtmp_get_entry: couldn't stat %s: %s", + logit("%s: couldn't stat %s: %s", __func__, WTMP_FILE, strerror(errno)); close(fd); return (0); @@ -1144,7 +1144,7 @@ wtmp_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) { - logit("wtmp_get_entry: read of %s failed: %s", + logit("%s: read of %s failed: %s", __func__, WTMP_FILE, strerror(errno)); close (fd); return (0); @@ -1202,7 +1202,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) int fd, ret = 1; if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("wtmpx_write: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } @@ -1210,7 +1210,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) if (fstat(fd, &buf) == 0) if (atomicio(vwrite, fd, utx, sizeof(*utx)) != sizeof(*utx)) { ftruncate(fd, buf.st_size); - logit("wtmpx_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMPX_FILE, strerror(errno)); ret = 0; } @@ -1253,7 +1253,7 @@ wtmpx_write_entry(struct logininfo *li) case LTYPE_LOGOUT: return (wtmpx_perform_logout(li)); default: - logit("wtmpx_write_entry: invalid type field"); + logit("%s: invalid type field", __func__); return (0); } } @@ -1289,12 +1289,12 @@ wtmpx_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { - logit("wtmpx_get_entry: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("wtmpx_get_entry: couldn't stat %s: %s", + logit("%s: couldn't stat %s: %s", __func__, WTMPX_FILE, strerror(errno)); close(fd); return (0); @@ -1309,7 +1309,7 @@ wtmpx_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) { - logit("wtmpx_get_entry: read of %s failed: %s", + logit("%s: read of %s failed: %s", __func__, WTMPX_FILE, strerror(errno)); close (fd); return (0); @@ -1354,7 +1354,7 @@ syslogin_perform_login(struct logininfo *li) struct utmp *ut; if ((ut = (struct utmp *)malloc(sizeof(*ut))) == NULL) { - logit("syslogin_perform_login: couldn't malloc()"); + logit("%s: couldn't malloc()", __func__); return (0); } construct_utmp(li, ut); @@ -1373,7 +1373,7 @@ syslogin_perform_logout(struct logininfo *li) (void)line_stripname(line, li->line, sizeof(line)); if (!logout(line)) - logit("syslogin_perform_logout: logout() returned an error"); + logit("%s: logout() returned an error", __func__); # ifdef HAVE_LOGWTMP else logwtmp(line, "", ""); @@ -1395,7 +1395,7 @@ syslogin_write_entry(struct logininfo *li) case LTYPE_LOGOUT: return (syslogin_perform_logout(li)); default: - logit("syslogin_write_entry: Invalid type field"); + logit("%s: Invalid type field", __func__); return (0); } } @@ -1430,7 +1430,7 @@ lastlog_filetype(char *filename) struct stat st; if (stat(LASTLOG_FILE, &st) != 0) { - logit("lastlog_perform_login: Couldn't stat %s: %s", + logit("%s: Couldn't stat %s: %s", __func__, LASTLOG_FILE, strerror(errno)); return (0); } @@ -1462,14 +1462,14 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) LASTLOG_FILE, li->username); break; default: - logit("lastlog_openseek: %.100s is not a file or directory!", + logit("%s: %.100s is not a file or directory!", __func__, LASTLOG_FILE); return (0); } *fd = open(lastlog_file, filemode, 0600); if (*fd < 0) { - debug("lastlog_openseek: Couldn't open %s: %s", + debug("%s: Couldn't open %s: %s", __func__, lastlog_file, strerror(errno)); return (0); } @@ -1479,8 +1479,8 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); if (lseek(*fd, offset, SEEK_SET) != offset) { - logit("lastlog_openseek: %s->lseek(): %s", - lastlog_file, strerror(errno)); + logit("%s: %s->lseek(): %s", __func__, + lastlog_file, strerror(errno)); return (0); } } @@ -1503,7 +1503,7 @@ lastlog_perform_login(struct logininfo *li) /* write the entry */ if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) { close(fd); - logit("lastlog_write_filemode: Error writing to %s: %s", + logit("%s: Error writing to %s: %s", __func__, LASTLOG_FILE, strerror(errno)); return (0); } @@ -1519,7 +1519,7 @@ lastlog_write_entry(struct logininfo *li) case LTYPE_LOGIN: return (lastlog_perform_login(li)); default: - logit("lastlog_write_entry: Invalid type field"); + logit("%s: Invalid type field", __func__); return (0); } } -- cgit v1.2.3 From b0aae333fdecf769da6e693e63d6905713bc0fe6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 12 Sep 2004 15:26:00 +1000 Subject: - (djm) [loginrec.c] xmalloc --- ChangeLog | 3 ++- loginrec.c | 7 ++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bddbf611c..e1cf4153f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. No change in resultant binary - (djm) [loginrec.c] __func__ifiy + - (djm) [loginrec.c] xmalloc 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ @@ -1739,4 +1740,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3549 2004/09/12 05:25:17 djm Exp $ +$Id: ChangeLog,v 1.3550 2004/09/12 05:26:00 djm Exp $ diff --git a/loginrec.c b/loginrec.c index e6b70f58c..25aa29f2f 100644 --- a/loginrec.c +++ b/loginrec.c @@ -140,7 +140,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.61 2004/09/12 05:25:17 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.62 2004/09/12 05:26:01 djm Exp $"); /** ** prototypes for helper functions in this file @@ -1353,10 +1353,7 @@ syslogin_perform_login(struct logininfo *li) { struct utmp *ut; - if ((ut = (struct utmp *)malloc(sizeof(*ut))) == NULL) { - logit("%s: couldn't malloc()", __func__); - return (0); - } + ut = xmalloc(sizeof(*ut)); construct_utmp(li, ut); login(ut); free(ut); -- cgit v1.2.3 From 2aa6d3cfce738f57c31ae676e11399382bd5660e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 12 Sep 2004 16:53:04 +1000 Subject: - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol banner. Suggested by deraadt@, ok mouring@, dtucker@ --- ChangeLog | 4 +++- ssh.c | 2 +- sshd.c | 4 ++-- version.h | 5 ++++- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e1cf4153f..714591df6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ No change in resultant binary - (djm) [loginrec.c] __func__ifiy - (djm) [loginrec.c] xmalloc + - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol + banner. Suggested by deraadt@, ok mouring@, dtucker@ 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ @@ -1740,4 +1742,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3550 2004/09/12 05:26:00 djm Exp $ +$Id: ChangeLog,v 1.3551 2004/09/12 06:53:04 djm Exp $ diff --git a/ssh.c b/ssh.c index e69d73807..6f0ba26ad 100644 --- a/ssh.c +++ b/ssh.c @@ -319,7 +319,7 @@ again: /* fallthrough */ case 'V': fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; diff --git a/sshd.c b/sshd.c index 2a28ece03..4b2d10af9 100644 --- a/sshd.c +++ b/sshd.c @@ -774,7 +774,7 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n" " [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n" @@ -1081,7 +1081,7 @@ main(int ac, char **av) exit(1); } - debug("sshd version %.100s", SSH_VERSION); + debug("sshd version %.100s", SSH_RELEASE); /* load private host keys */ sensitive_data.host_keys = xmalloc(options.num_host_key_files * diff --git a/version.h b/version.h index aae2c3b37..d0c867b87 100644 --- a/version.h +++ b/version.h @@ -1,3 +1,6 @@ /* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ -#define SSH_VERSION "OpenSSH_3.9p1" +#define SSH_VERSION "OpenSSH_3.9" + +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From 623d92f0b2ce0205d0762147cd6ecac4f922f3de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 12 Sep 2004 22:36:15 +1000 Subject: - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. Partly by & ok djm@. --- ChangeLog | 4 +++- configure.ac | 56 ++++++++++++++++++++++++++++++-------------------------- 2 files changed, 33 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index 714591df6..77b8fd160 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ - (djm) [loginrec.c] xmalloc - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol banner. Suggested by deraadt@, ok mouring@, dtucker@ + - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. + Partly by & ok djm@. 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ @@ -1742,4 +1744,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3551 2004/09/12 06:53:04 djm Exp $ +$Id: ChangeLog,v 1.3552 2004/09/12 12:36:15 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9b80c6a37..1f9e4dbee 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.229 2004/09/11 13:26:37 dtucker Exp $ +# $Id: configure.ac,v 1.230 2004/09/12 12:36:16 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -506,10 +506,11 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_RUN_IFELSE([ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([ #include int main(){exit(0);} - ], + ])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) @@ -648,7 +649,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_RUN_IFELSE([ +AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include int main() { @@ -660,7 +661,7 @@ int main() exit(0); exit(2); } - ], + ]])], AC_MSG_RESULT(yes), [ AC_MSG_RESULT(no) if test -z "$zlib_check_nonfatal" ; then @@ -729,11 +730,11 @@ AC_EGREP_CPP(FOUNDIT, AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) @@ -901,11 +902,12 @@ AC_CHECK_DECLS(h_errno, , ,[#include ]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_RUN_IFELSE([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) AC_MSG_RESULT(not implemented)], @@ -916,11 +918,12 @@ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_RUN_IFELSE([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) AC_MSG_RESULT(not implemented)], @@ -951,10 +954,10 @@ AC_CHECK_FUNC(getpagesize, if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) @@ -1223,7 +1226,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #include @@ -1241,7 +1244,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_header_ver=`cat conftest.sslincver` AC_MSG_RESULT($ssl_header_ver) @@ -1258,7 +1261,7 @@ int main(void) { # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #include @@ -1277,7 +1280,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_library_ver=`cat conftest.ssllibver` AC_MSG_RESULT($ssl_library_ver) @@ -1294,11 +1297,11 @@ int main(void) { # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ], + ]])], [ AC_MSG_RESULT(yes) ], @@ -1331,11 +1334,11 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ], + ]])], [ OPENSSL_SEEDS_ITSELF=yes AC_MSG_RESULT(yes) @@ -1918,7 +1921,7 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ else dnl test snprintf (broken on SCO w/gcc) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #ifdef HAVE_SNPRINTF @@ -1941,7 +1944,7 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2413,7 +2416,7 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi -if test ! -z "$cross_compiling"; then +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) disable_ptmx_check=yes fi @@ -2428,7 +2431,7 @@ if test -z "$no_dev_ptmx" ; then fi fi -if test -z "$cross_compiling"; then +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then AC_CHECK_FILE("/dev/ptc", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) @@ -2537,7 +2540,8 @@ AC_ARG_ENABLE(etc-default-login, [ AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) - if test ! -z "$cross_compiling"; then + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) elif test "x$external_path_file" = "x/etc/default/login"; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) -- cgit v1.2.3 From 50fbb45dbd2f95f95c959dc03663b213b4aac2aa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 21 Sep 2004 21:32:12 +1000 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. ok djm@ --- ChangeLog | 6 +++++- openbsd-compat/bsd-snprintf.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 77b8fd160..982e229a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040921 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. + ok djm@ + 20040912 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. No change in resultant binary @@ -1744,4 +1748,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3552 2004/09/12 12:36:15 dtucker Exp $ +$Id: ChangeLog,v 1.3553 2004/09/21 11:32:12 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index e4d8a439a..aea501c6f 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.8 2004/09/21 11:32:13 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = ""; - for (strln = 0; value[strln]; ++strln); /* strlen */ + for (strln = 0; strln <= max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; -- cgit v1.2.3 From 5d596139d43743004524a23693851211d3327718 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 21 Sep 2004 21:35:55 +1000 Subject: - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin install process. Patch from vinschen at redhat.com. --- ChangeLog | 4 +++- contrib/cygwin/ssh-host-config | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 982e229a7..efcb44c0b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20040921 - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. ok djm@ + - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin + install process. Patch from vinschen at redhat.com. 20040912 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. @@ -1748,4 +1750,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3553 2004/09/21 11:32:12 dtucker Exp $ +$Id: ChangeLog,v 1.3554 2004/09/21 11:35:55 dtucker Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 9c0dabf41..c7164f610 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -449,7 +449,7 @@ then echo "Should this script create a new local account 'sshd_server' which has" if request "the required privileges?" then - _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` + _admingroup=`awk -F: '{if ( $1 != "root" && $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` if [ -z "${_admingroup}" ] then echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" -- cgit v1.2.3 From 4127f559ada4573e66c0e55dc920147d73e48974 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 23 Sep 2004 21:35:09 +1000 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, which could have caused the justification to be wrong. ok djm@ --- ChangeLog | 6 +++++- openbsd-compat/bsd-snprintf.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index efcb44c0b..66f9c36cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040923 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, + which could have caused the justification to be wrong. ok djm@ + 20040921 - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. ok djm@ @@ -1750,4 +1754,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3554 2004/09/21 11:35:55 dtucker Exp $ +$Id: ChangeLog,v 1.3555 2004/09/23 11:35:09 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index aea501c6f..b5a7ef7a0 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.8 2004/09/21 11:32:13 dtucker Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = ""; - for (strln = 0; strln <= max && value[strln]; ++strln); /* strlen */ + for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; -- cgit v1.2.3 From 59f79c4014dbaa927ebf15d893fa58b15108ef61 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 30 Sep 2004 21:17:08 +1000 Subject: - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ --- ChangeLog | 5 ++++- configure.ac | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 66f9c36cd..61292aa12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20040930 + - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ + 20040923 - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, which could have caused the justification to be wrong. ok djm@ @@ -1754,4 +1757,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3555 2004/09/23 11:35:09 dtucker Exp $ +$Id: ChangeLog,v 1.3556 2004/09/30 11:17:08 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 1f9e4dbee..e8bee9d4e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.230 2004/09/12 12:36:16 dtucker Exp $ +# $Id: configure.ac,v 1.231 2004/09/30 11:17:08 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -14,7 +14,7 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -AC_INIT +AC_INIT(OpenSSH, Portable) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) -- cgit v1.2.3 From b7d55e3eb564246a853039fd7d2940b79eb0068d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 6 Oct 2004 20:09:32 +1000 Subject: - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. --- ChangeLog | 6 +++++- README.privsep | 7 +++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61292aa12..975637071 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20041006 + - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode + and other PAM platforms. + 20040930 - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ @@ -1757,4 +1761,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3556 2004/09/30 11:17:08 dtucker Exp $ +$Id: ChangeLog,v 1.3557 2004/10/06 10:09:32 dtucker Exp $ diff --git a/README.privsep b/README.privsep index 32403770d..ecb9d6914 100644 --- a/README.privsep +++ b/README.privsep @@ -38,9 +38,8 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on Linux. -It does not function on HP-UX with a trusted system -configuration. +PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX +(including Trusted Mode), Linux and Solaris. On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled @@ -61,4 +60,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.14 2004/06/28 03:50:36 tim Exp $ +$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $ -- cgit v1.2.3 From dbc2296e2c4af222f079cb400d75797b566caab6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 6 Oct 2004 23:15:44 +1000 Subject: - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants to void * to appease picky compilers (eg Tru64's "cc -std1"). --- ChangeLog | 4 +++- monitor_mm.c | 2 +- openbsd-compat/xmmap.c | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 975637071..6baa4bc66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. + - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants + to void * to appease picky compilers (eg Tru64's "cc -std1"). 20040930 - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ @@ -1761,4 +1763,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3557 2004/10/06 10:09:32 dtucker Exp $ +$Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ diff --git a/monitor_mm.c b/monitor_mm.c index ff523a5b1..b0ec37cff 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -92,7 +92,7 @@ mm_create(struct mm_master *mmalloc, size_t size) mm->mmalloc = mmalloc; address = xmmap(size); - if (address == MAP_FAILED) + if (address == (void *)MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); mm->address = address; diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index c8d59dee0..74e8a8b13 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ #include "includes.h" @@ -47,7 +47,7 @@ void *xmmap(size_t size) # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == MAP_FAILED) { + if (address == (void *)MAP_FAILED) { char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; int tmpfd; mode_t old_umask; -- cgit v1.2.3 From daffc6a1152ccebdd6eb70a029e28cc5949110d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 16 Oct 2004 18:52:44 +1000 Subject: - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations --- ChangeLog | 5 ++++- auth-pam.c | 17 +++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6baa4bc66..47deee9c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20041016 + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations + 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. @@ -1763,4 +1766,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ +$Id: ChangeLog,v 1.3559 2004/10/16 08:52:44 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 0a6817d63..a1b26cc59 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -654,7 +654,7 @@ sshpam_query(void *ctx, char **name, char **info, size_t plen; u_char type; char *msg; - size_t len; + size_t len, mlen; debug3("PAM: %s entering", __func__); buffer_init(&buffer); @@ -667,22 +667,27 @@ sshpam_query(void *ctx, char **name, char **info, while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); + mlen = strlen(msg); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: *num = 1; - len = plen + strlen(msg) + 1; + len = plen + mlen + 1; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); xfree(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 2; + len = plen + mlen + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s\n", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; + strlcat(**prompts + plen, "\n", len - plen); + plen++; xfree(msg); break; case PAM_SUCCESS: -- cgit v1.2.3 From 0e035d816a1d08ae2cf1b49916c5bb6d4ac62a6d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 16 Oct 2004 18:53:28 +1000 Subject: that was "ok dtucker@" --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 47deee9c7..89a1a8066 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20041016 - - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; + ok dtucker@ 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode @@ -1766,4 +1767,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3559 2004/10/16 08:52:44 djm Exp $ +$Id: ChangeLog,v 1.3560 2004/10/16 08:53:28 djm Exp $ -- cgit v1.2.3 From 35beaddc7e86a47d782d5b69b26e940d2a8b6f73 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 19 Oct 2004 16:33:33 +1000 Subject: - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ --- ChangeLog | 6 +++++- uidswap.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 89a1a8066..9b5725d26 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20041019 + - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or + on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ + 20041016 - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; ok dtucker@ @@ -1767,4 +1771,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3560 2004/10/16 08:53:28 djm Exp $ +$Id: ChangeLog,v 1.3561 2004/10/19 06:33:33 dtucker Exp $ diff --git a/uidswap.c b/uidswap.c index 44c4cb626..fa3d7a3b1 100644 --- a/uidswap.c +++ b/uidswap.c @@ -200,10 +200,12 @@ permanently_set_uid(struct passwd *pw) fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif +#ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { -- cgit v1.2.3 From a56f191ef1e9517c97426e9b944e4feb94294fe2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Nov 2004 20:30:54 +1100 Subject: - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ only if a conflict is detected. --- ChangeLog | 7 ++++++- configure.ac | 21 ++++++++++++++++++++- includes.h | 2 +- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9b5725d26..b3065e996 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20041102 + - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX + 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ + only if a conflict is detected. + 20041019 - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ @@ -1771,4 +1776,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3561 2004/10/19 06:33:33 dtucker Exp $ +$Id: ChangeLog,v 1.3562 2004/11/02 09:30:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e8bee9d4e..b8f970074 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.231 2004/09/30 11:17:08 dtucker Exp $ +# $Id: configure.ac,v 1.232 2004/11/02 09:30:54 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -220,6 +220,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -1123,6 +1124,24 @@ main(void) ) fi +if test "x$check_for_conflicting_getspnam" = "x1"; then + AC_MSG_CHECKING(for conflicting getspnam in shadow.h) + AC_COMPILE_IFELSE( + [ +#include +int main(void) {exit(0);} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, + [Conflicting defs for getspnam]) + ] + ) +fi + AC_FUNC_GETPGRP # Check for PAM libs diff --git a/includes.h b/includes.h index 3a6b4c32b..3d3aa3b21 100644 --- a/includes.h +++ b/includes.h @@ -185,7 +185,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. */ -#ifdef __hpux +#ifdef GETSPNAM_CONFLICTING_DEFS # ifdef _INCLUDE__STDC__ # undef _INCLUDE__STDC__ # endif -- cgit v1.2.3 From c016134588322411b449dc7dcffc2a0a8522bc6e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:00:03 +1100 Subject: - markus@cvs.openbsd.org 2004/08/30 09:18:08 [LICENCE] s/keygen/keyscan/ --- ChangeLog | 8 +++++++- LICENCE | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3065e996..def8fc3c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20041105 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/08/30 09:18:08 + [LICENCE] + s/keygen/keyscan/ + 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ @@ -1776,4 +1782,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3562 2004/11/02 09:30:54 dtucker Exp $ +$Id: ChangeLog,v 1.3563 2004/11/05 09:00:03 dtucker Exp $ diff --git a/LICENCE b/LICENCE index d8c157304..f9062bd51 100644 --- a/LICENCE +++ b/LICENCE @@ -97,7 +97,7 @@ OpenSSH contains no GPL code. * 3) - ssh-keygen was contributed by David Mazieres under a BSD-style + ssh-keyscan was contributed by David Mazieres under a BSD-style license. * Copyright 1995, 1996 by David Mazieres . @@ -329,4 +329,4 @@ OpenSSH contains no GPL code. ------ -$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $ +$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ -- cgit v1.2.3 From 4e4fe0052c3d61db171c673f8d6c58cb44d9d123 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:01:03 +1100 Subject: - jmc@cvs.openbsd.org 2004/08/30 21:22:49 [ssh-add.1 ssh.1] .Xsession -> .xsession; originally from a pr from f at obiit dot org, but missed by myself; ok markus@ matthieu@ --- ChangeLog | 7 ++++++- ssh-add.1 | 4 ++-- ssh.1 | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index def8fc3c7..958724cc7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ - markus@cvs.openbsd.org 2004/08/30 09:18:08 [LICENCE] s/keygen/keyscan/ + - jmc@cvs.openbsd.org 2004/08/30 21:22:49 + [ssh-add.1 ssh.1] + .Xsession -> .xsession; + originally from a pr from f at obiit dot org, but missed by myself; + ok markus@ matthieu@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1782,4 +1787,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3563 2004/11/05 09:00:03 dtucker Exp $ +$Id: ChangeLog,v 1.3564 2004/11/05 09:01:03 dtucker Exp $ diff --git a/ssh-add.1 b/ssh-add.1 index 6348197b3..4c97fc068 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $ +.\" $OpenBSD: ssh-add.1,v 1.41 2004/08/30 21:22:49 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -129,7 +129,7 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from diff --git a/ssh.1 b/ssh.1 index b9ee4c62b..88dde4b1e 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.195 2004/08/26 16:00:55 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.196 2004/08/30 21:22:49 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -846,7 +846,7 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from -- cgit v1.2.3 From 07336dae9491062f32ca93ec3ccd4b17774bdd00 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:02:16 +1100 Subject: - djm@cvs.openbsd.org 2004/09/07 23:41:30 [clientloop.c ssh.c] cleanup multiplex control socket on SIGHUP too, spotted by sturm@ ok markus@ deraadt@ --- ChangeLog | 6 +++++- clientloop.c | 4 +++- ssh.c | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 958724cc7..93a2d62b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ .Xsession -> .xsession; originally from a pr from f at obiit dot org, but missed by myself; ok markus@ matthieu@ + - djm@cvs.openbsd.org 2004/09/07 23:41:30 + [clientloop.c ssh.c] + cleanup multiplex control socket on SIGHUP too, spotted by sturm@ + ok markus@ deraadt@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1787,4 +1791,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3564 2004/11/05 09:01:03 dtucker Exp $ +$Id: ChangeLog,v 1.3565 2004/11/05 09:02:16 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index 0b9a0fb29..49f9ba1ab 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.131 2004/09/07 23:41:30 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1196,6 +1196,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) * Set signal handlers, (e.g. to restore non-blocking mode) * but don't overwrite SIG_IGN, matches behaviour from rsh(1) */ + if (signal(SIGHUP, SIG_IGN) != SIG_IGN) + signal(SIGHUP, signal_handler); if (signal(SIGINT, SIG_IGN) != SIG_IGN) signal(SIGINT, signal_handler); if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) diff --git a/ssh.c b/ssh.c index 6f0ba26ad..77f16c0c5 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.225 2004/08/23 14:26:38 dtucker Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.226 2004/09/07 23:41:30 djm Exp $"); #include #include @@ -1325,6 +1325,7 @@ control_client(const char *path) fatal("%s: master returned error", __func__); buffer_free(&m); + signal(SIGHUP, control_client_sighandler); signal(SIGINT, control_client_sighandler); signal(SIGTERM, control_client_sighandler); signal(SIGWINCH, control_client_sigrelay); -- cgit v1.2.3 From e9bf98412e41a9f18beb9c3e842d02259ddd8c67 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:05:32 +1100 Subject: - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 [ssh.c] /* fallthrough */ is something a programmer understands. But /* FALLTHROUGH */ is also understood by lint, so that is better. --- ChangeLog | 6 +++++- ssh.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 93a2d62b9..1363c37ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ [clientloop.c ssh.c] cleanup multiplex control socket on SIGHUP too, spotted by sturm@ ok markus@ deraadt@ + - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 + [ssh.c] + /* fallthrough */ is something a programmer understands. But + /* FALLTHROUGH */ is also understood by lint, so that is better. 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1791,4 +1795,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3565 2004/11/05 09:02:16 dtucker Exp $ +$Id: ChangeLog,v 1.3566 2004/11/05 09:05:32 dtucker Exp $ diff --git a/ssh.c b/ssh.c index 77f16c0c5..7859b0f78 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.226 2004/09/07 23:41:30 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.227 2004/09/15 00:46:01 deraadt Exp $"); #include #include @@ -316,7 +316,7 @@ again: options.log_level++; break; } - /* fallthrough */ + /* FALLTHROUGH */ case 'V': fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); -- cgit v1.2.3 From 7cc5c23817e35938a1004e6815936f8e7baa94a2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:06:59 +1100 Subject: - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 [sshd_config.5] mention PrintLastLog only prints last login time for interactive sessions, like PrintMotd mentions. From Michael Knudsen, with wording changed slightly to match the PrintMotd description. ok djm --- ChangeLog | 9 ++++++++- sshd_config.5 | 5 +++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1363c37ce..6316a4de0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ [ssh.c] /* fallthrough */ is something a programmer understands. But /* FALLTHROUGH */ is also understood by lint, so that is better. + - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 + [sshd_config.5] + mention PrintLastLog only prints last login time for interactive + sessions, like PrintMotd mentions. + From Michael Knudsen, with wording changed slightly to match the + PrintMotd description. + ok djm 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1795,4 +1802,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3566 2004/11/05 09:05:32 dtucker Exp $ +$Id: ChangeLog,v 1.3567 2004/11/05 09:06:59 dtucker Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 09532fb8d..50b9a89b1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.35 2004/06/26 09:14:40 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -516,7 +516,8 @@ See also .It Cm PrintLastLog Specifies whether .Nm sshd -should print the date and time when the user last logged in. +should print the date and time of the last user login when a user logs +in interactively. The default is .Dq yes . .It Cm PrintMotd -- cgit v1.2.3 From 178fa66a6451d890083d2441a2de207bdb74a348 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:09:09 +1100 Subject: - mickey@cvs.openbsd.org 2004/09/15 18:42:27 [sshd.c] use less doubles in daemons; markus@ ok --- ChangeLog | 5 ++++- sshd.c | 9 ++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6316a4de0..70fc70cc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ From Michael Knudsen, with wording changed slightly to match the PrintMotd description. ok djm + - mickey@cvs.openbsd.org 2004/09/15 18:42:27 + [sshd.c] + use less doubles in daemons; markus@ ok 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1802,4 +1805,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3567 2004/11/05 09:06:59 dtucker Exp $ +$Id: ChangeLog,v 1.3568 2004/11/05 09:09:09 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 4b2d10af9..2afe316cf 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.302 2004/08/28 01:01:48 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.303 2004/09/15 18:42:27 mickey Exp $"); #include #include @@ -750,7 +750,7 @@ get_hostkey_index(Key *key) static int drop_connection(int startups) { - double p, r; + int p, r; if (startups < options.max_startups_begin) return 0; @@ -761,10 +761,9 @@ drop_connection(int startups) p = 100 - options.max_startups_rate; p *= startups - options.max_startups_begin; - p /= (double) (options.max_startups - options.max_startups_begin); + p /= options.max_startups - options.max_startups_begin; p += options.max_startups_rate; - p /= 100.0; - r = arc4random() / (double) UINT_MAX; + r = arc4random() % 100; debug("drop_connection: p %g, r %g", p, r); return (r < p) ? 1 : 0; -- cgit v1.2.3 From f30e1acc62f884f59779d0cdc5d74933934443c4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:10:02 +1100 Subject: - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 [scp.c] scratch that do { } while (0) wrapper in this case --- ChangeLog | 5 ++++- scp.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 70fc70cc3..188869c3d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ - mickey@cvs.openbsd.org 2004/09/15 18:42:27 [sshd.c] use less doubles in daemons; markus@ ok + - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 + [scp.c] + scratch that do { } while (0) wrapper in this case 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1805,4 +1808,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3568 2004/11/05 09:09:09 dtucker Exp $ +$Id: ChangeLog,v 1.3569 2004/11/05 09:10:02 dtucker Exp $ diff --git a/scp.c b/scp.c index ef9eaa1a4..69b5fc6d3 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.117 2004/08/11 21:44:32 avsm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.118 2004/09/15 18:46:04 deraadt Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -726,7 +726,7 @@ sink(int argc, char **argv) #define atime tv[0] #define mtime tv[1] -#define SCREWUP(str) do { why = str; goto screwup; } while (0) +#define SCREWUP(str) { why = str; goto screwup; } setimes = targisdir = 0; mask = umask(0); -- cgit v1.2.3 From 39207a46b4b0d3d9c3ef8d03e9d3c6d5e11df9ec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:19:51 +1100 Subject: - djm@cvs.openbsd.org 2004/09/23 13:00:04 [ssh.c] correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ --- ChangeLog | 5 ++++- ssh.c | 13 +++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 188869c3d..17750e92c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,9 @@ - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 [scp.c] scratch that do { } while (0) wrapper in this case + - djm@cvs.openbsd.org 2004/09/23 13:00:04 + [ssh.c] + correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1808,4 +1811,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3569 2004/11/05 09:10:02 dtucker Exp $ +$Id: ChangeLog,v 1.3570 2004/11/05 09:19:51 dtucker Exp $ diff --git a/ssh.c b/ssh.c index 7859b0f78..c231c5fae 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.227 2004/09/15 00:46:01 deraadt Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.228 2004/09/23 13:00:04 djm Exp $"); #include #include @@ -1249,11 +1249,20 @@ static void control_client(const char *path) { struct sockaddr_un addr; - int i, r, sock, exitval, num_env, addr_len; + int i, r, fd, sock, exitval, num_env, addr_len; Buffer m; char *cp; extern char **environ; + if (stdin_null_flag) { + if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + if (dup2(fd, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (fd > STDERR_FILENO) + close(fd); + } + memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; addr_len = offsetof(struct sockaddr_un, sun_path) + -- cgit v1.2.3 From 3269b13817f7da680a4da4a00b13948ccbb17a22 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:20:59 +1100 Subject: - djm@cvs.openbsd.org 2004/09/25 03:45:14 [sshd.c] these printf args are no longer double; ok deraadt@ markus@ --- ChangeLog | 5 ++++- sshd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 17750e92c..8361e329e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ - djm@cvs.openbsd.org 2004/09/23 13:00:04 [ssh.c] correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ + - djm@cvs.openbsd.org 2004/09/25 03:45:14 + [sshd.c] + these printf args are no longer double; ok deraadt@ markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1811,4 +1814,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3570 2004/11/05 09:19:51 dtucker Exp $ +$Id: ChangeLog,v 1.3571 2004/11/05 09:20:59 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 2afe316cf..92b1df10c 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.303 2004/09/15 18:42:27 mickey Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.304 2004/09/25 03:45:14 djm Exp $"); #include #include @@ -765,7 +765,7 @@ drop_connection(int startups) p += options.max_startups_rate; r = arc4random() % 100; - debug("drop_connection: p %g, r %g", p, r); + debug("drop_connection: p %d, r %d", p, r); return (r < p) ? 1 : 0; } -- cgit v1.2.3 From 636ca9024742cde37769f87bf4d19b2405720222 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:22:00 +1100 Subject: - djm@cvs.openbsd.org 2004/10/07 10:10:24 [scp.1 sftp.1 ssh.1 ssh_config.5] document KbdInteractiveDevices; ok markus@ --- ChangeLog | 5 ++++- scp.1 | 3 ++- sftp.1 | 3 ++- ssh.1 | 3 ++- ssh_config.5 | 6 +++++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8361e329e..8ba77540d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,9 @@ - djm@cvs.openbsd.org 2004/09/25 03:45:14 [sshd.c] these printf args are no longer double; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2004/10/07 10:10:24 + [scp.1 sftp.1 ssh.1 ssh_config.5] + document KbdInteractiveDevices; ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1814,4 +1817,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3571 2004/11/05 09:20:59 dtucker Exp $ +$Id: ChangeLog,v 1.3572 2004/11/05 09:22:00 dtucker Exp $ diff --git a/scp.1 b/scp.1 index f346b2ae9..30049c2b6 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $ +.\" $OpenBSD: scp.1,v 1.37 2004/10/07 10:10:24 djm Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -140,6 +140,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/sftp.1 b/sftp.1 index 3b035b1d4..fe3e4de32 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.57 2004/06/21 22:41:31 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.58 2004/10/07 10:10:24 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -166,6 +166,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/ssh.1 b/ssh.1 index 88dde4b1e..06cb60cec 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.196 2004/08/30 21:22:49 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.197 2004/10/07 10:10:24 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -675,6 +675,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LocalForward .It LogLevel .It MACs diff --git a/ssh_config.5 b/ssh_config.5 index 0e1a031e5..bd0e3e4bd 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.39 2004/10/07 10:10:24 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -467,6 +467,10 @@ This option is intented for situations where offers many different identities. The default is .Dq no . +.It Cm KbdInteractiveDevices +Specifies the list of methods to use in keyboard-interactive authentication. +Multiple method names must be comma-separated. +The default is to use the server specified list. .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. -- cgit v1.2.3 From 1dee8683fb86b7840787ea29e40f5c18abca7eac Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:26:49 +1100 Subject: - djm@cvs.openbsd.org 2004/10/07 10:12:36 [ssh-agent.c] don't unlink agent socket when bind() fails, spotted by rich AT rich-paul.net, ok markus@ --- ChangeLog | 6 +++++- ssh-agent.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8ba77540d..9e38de0cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,10 @@ - djm@cvs.openbsd.org 2004/10/07 10:10:24 [scp.1 sftp.1 ssh.1 ssh_config.5] document KbdInteractiveDevices; ok markus@ + - djm@cvs.openbsd.org 2004/10/07 10:12:36 + [ssh-agent.c] + don't unlink agent socket when bind() fails, spotted by rich AT + rich-paul.net, ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1817,4 +1821,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3572 2004/11/05 09:22:00 dtucker Exp $ +$Id: ChangeLog,v 1.3573 2004/11/05 09:26:49 dtucker Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index 7bc4c240e..fffed1342 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.121 2004/10/07 10:12:36 djm Exp $"); #include #include @@ -1122,6 +1122,7 @@ main(int ac, char **av) sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { perror("socket"); + *socket_name = '\0'; /* Don't unlink any existing file */ cleanup_exit(1); } memset(&sunaddr, 0, sizeof(sunaddr)); @@ -1130,6 +1131,7 @@ main(int ac, char **av) prev_mask = umask(0177); if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); + *socket_name = '\0'; /* Don't unlink any existing file */ umask(prev_mask); cleanup_exit(1); } -- cgit v1.2.3 From b2694f0e8a54112200f2638f01b622f603dd125f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:27:54 +1100 Subject: - markus@cvs.openbsd.org 2004/10/20 11:48:53 [packet.c ssh1.h] disconnect for invalid (out of range) message types. --- ChangeLog | 5 ++++- packet.c | 6 +++++- ssh1.h | 5 ++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e38de0cc..19671a05e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ [ssh-agent.c] don't unlink agent socket when bind() fails, spotted by rich AT rich-paul.net, ok markus@ + - markus@cvs.openbsd.org 2004/10/20 11:48:53 + [packet.c ssh1.h] + disconnect for invalid (out of range) message types. 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1821,4 +1824,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3573 2004/11/05 09:26:49 dtucker Exp $ +$Id: ChangeLog,v 1.3574 2004/11/05 09:27:54 dtucker Exp $ diff --git a/packet.c b/packet.c index 82a569404..7c150fde7 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -981,6 +981,8 @@ packet_read_poll1(void) buffer_len(&compression_buffer)); } type = buffer_get_char(&incoming_packet); + if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) + packet_disconnect("Invalid ssh1 packet type: %d", type); return type; } @@ -1093,6 +1095,8 @@ packet_read_poll2(u_int32_t *seqnr_p) * return length of payload (without type field) */ type = buffer_get_char(&incoming_packet); + if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) + packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); #ifdef PACKET_DEBUG diff --git a/ssh1.h b/ssh1.h index cc7fbc8b0..1741c229a 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */ /* * Author: Tatu Ylonen @@ -18,6 +18,9 @@ * for compatibility. The maximum value is 254; value 255 is reserved for * future extension. */ +/* Ranges */ +#define SSH_MSG_MIN 1 +#define SSH_MSG_MAX 254 /* Message name */ /* msg code */ /* arguments */ #define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */ -- cgit v1.2.3 From 5d78de628376f55fd2fc5acad14733cf90867425 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:35:44 +1100 Subject: - djm@cvs.openbsd.org 2004/10/29 21:47:15 [channels.c channels.h clientloop.c] fix some window size change bugs for multiplexed connections: windows sizes were not being updated if they had changed after ~^Z suspends and SIGWINCH was not being processed unless the first connection had requested a tty; ok markus --- ChangeLog | 8 +++++++- channels.c | 4 ++-- channels.h | 3 ++- clientloop.c | 27 ++++++++++----------------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 19671a05e..02892cc61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,12 @@ - markus@cvs.openbsd.org 2004/10/20 11:48:53 [packet.c ssh1.h] disconnect for invalid (out of range) message types. + - djm@cvs.openbsd.org 2004/10/29 21:47:15 + [channels.c channels.h clientloop.c] + fix some window size change bugs for multiplexed connections: windows sizes + were not being updated if they had changed after ~^Z suspends and SIGWINCH + was not being processed unless the first connection had requested a tty; + ok markus 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1824,4 +1830,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3574 2004/11/05 09:27:54 dtucker Exp $ +$Id: ChangeLog,v 1.3575 2004/11/05 09:35:44 dtucker Exp $ diff --git a/channels.c b/channels.c index ac35293d4..8550e51ca 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.210 2004/08/23 11:48:47 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.211 2004/10/29 21:47:15 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2577,7 +2577,7 @@ channel_send_window_changes(void) struct winsize ws; for (i = 0; i < channels_alloc; i++) { - if (channels[i] == NULL || + if (channels[i] == NULL || !channels[i]->client_tty || channels[i]->type != SSH_CHANNEL_OPEN) continue; if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) diff --git a/channels.h b/channels.h index f8dc8249c..c47de55c0 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.74 2004/08/11 21:43:04 avsm Exp $ */ +/* $OpenBSD: channels.h,v 1.75 2004/10/29 21:47:15 djm Exp $ */ /* * Author: Tatu Ylonen @@ -79,6 +79,7 @@ struct Channel { int ctl_fd; /* control fd (client sharing) */ int isatty; /* rfd is a tty */ int wfd_isatty; /* wfd is a tty */ + int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ int delayed; /* fdset hack */ Buffer input; /* data read from socket, to be sent over diff --git a/clientloop.c b/clientloop.c index 49f9ba1ab..009480ea1 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.131 2004/09/07 23:41:30 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.132 2004/10/29 21:47:15 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -432,8 +432,6 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, static void client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) { - struct winsize oldws, newws; - /* Flush stdout and stderr buffers. */ if (buffer_len(bout) > 0) atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout)); @@ -450,19 +448,11 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) buffer_free(bout); buffer_free(berr); - /* Save old window size. */ - ioctl(fileno(stdin), TIOCGWINSZ, &oldws); - /* Send the suspend signal to the program itself. */ kill(getpid(), SIGTSTP); - /* Check if the window size has changed. */ - if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 && - (oldws.ws_row != newws.ws_row || - oldws.ws_col != newws.ws_col || - oldws.ws_xpixel != newws.ws_xpixel || - oldws.ws_ypixel != newws.ws_ypixel)) - received_window_change_signal = 1; + /* Reset window sizes in case they have changed */ + received_window_change_signal = 1; /* OK, we have been continued by the user. Reinitialize buffers. */ buffer_init(bin); @@ -1204,8 +1194,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) signal(SIGQUIT, signal_handler); if (signal(SIGTERM, SIG_IGN) != SIG_IGN) signal(SIGTERM, signal_handler); - if (have_pty) - signal(SIGWINCH, window_change_handler); + signal(SIGWINCH, window_change_handler); if (have_pty) enter_raw_mode(); @@ -1313,8 +1302,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Terminate the session. */ /* Stop watching for window change. */ - if (have_pty) - signal(SIGWINCH, SIG_DFL); + signal(SIGWINCH, SIG_DFL); channel_free_all(); @@ -1681,9 +1669,13 @@ client_session2_setup(int id, int want_tty, int want_subsystem, dispatch_fn *subsys_repl) { int len; + Channel *c = NULL; debug2("%s: id %d", __func__, id); + if ((c = channel_lookup(id)) == NULL) + fatal("client_session2_setup: channel %d: unknown channel", id); + if (want_tty) { struct winsize ws; struct termios tio; @@ -1702,6 +1694,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, tty_make_modes(-1, tiop != NULL ? tiop : &tio); packet_send(); /* XXX wait for reply */ + c->client_tty = 1; } /* Transfer any environment variables from client to server */ -- cgit v1.2.3 From ce327b62ac28cb6a605fd827a97d978ea31e2860 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:38:03 +1100 Subject: - djm@cvs.openbsd.org 2004/10/29 22:53:56 [clientloop.c misc.h readpass.c ssh-agent.c] factor out common permission-asking code to separate function; ok markus@ --- ChangeLog | 5 ++++- clientloop.c | 23 ++++------------------- misc.h | 3 ++- readpass.c | 28 +++++++++++++++++++++++++++- ssh-agent.c | 20 ++++++-------------- 5 files changed, 43 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index 02892cc61..3847553dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,9 @@ were not being updated if they had changed after ~^Z suspends and SIGWINCH was not being processed unless the first connection had requested a tty; ok markus + - djm@cvs.openbsd.org 2004/10/29 22:53:56 + [clientloop.c misc.h readpass.c ssh-agent.c] + factor out common permission-asking code to separate function; ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1830,4 +1833,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3575 2004/11/05 09:35:44 dtucker Exp $ +$Id: ChangeLog,v 1.3576 2004/11/05 09:38:03 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index 009480ea1..d77337b82 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.132 2004/10/29 21:47:15 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.133 2004/10/29 22:53:56 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -592,24 +592,9 @@ client_process_control(fd_set * readset) } allowed = 1; - if (options.control_master == 2) { - char *p, prompt[1024]; - - allowed = 0; - snprintf(prompt, sizeof(prompt), - "Allow shared connection to %s? ", host); - p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); - if (p != NULL) { - /* - * Accept empty responses and responses consisting - * of the word "yes" as affirmative. - */ - if (*p == '\0' || *p == '\n' || - strcasecmp(p, "yes") == 0) - allowed = 1; - xfree(p); - } - } + if (options.control_master == 2) + allowed = ask_permission("Allow shared connection to %s? ", + host); unset_nonblock(client_fd); diff --git a/misc.h b/misc.h index ec47a611d..0290a2d64 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $ */ +/* $OpenBSD: misc.h,v 1.18 2004/10/29 22:53:56 djm Exp $ */ /* * Author: Tatu Ylonen @@ -46,3 +46,4 @@ char *tilde_expand_filename(const char *, uid_t); #define RP_USE_ASKPASS 0x0008 char *read_passphrase(const char *, int); +int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); diff --git a/readpass.c b/readpass.c index eb4f6fdb6..c2bacdcd4 100644 --- a/readpass.c +++ b/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $"); #include "xmalloc.h" #include "misc.h" @@ -141,3 +141,29 @@ read_passphrase(const char *prompt, int flags) memset(buf, 'x', sizeof buf); return ret; } + +int +ask_permission(const char *fmt, ...) +{ + va_list args; + char *p, prompt[1024]; + int allowed = 0; + + va_start(args, fmt); + vsnprintf(prompt, sizeof(prompt), fmt, args); + va_end(args); + + p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || + strcasecmp(p, "yes") == 0) + allowed = 1; + xfree(p); + } + + return (allowed); +} diff --git a/ssh-agent.c b/ssh-agent.c index fffed1342..dd7e22ad5 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.121 2004/10/07 10:12:36 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); #include #include @@ -168,23 +168,15 @@ lookup_identity(Key *key, int version) static int confirm_key(Identity *id) { - char *p, prompt[1024]; + char *p; int ret = -1; p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); - snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" - "Key fingerprint %s.", id->comment, p); + if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", + id->comment, p)) + ret = 0; xfree(p); - p = read_passphrase(prompt, RP_ALLOW_EOF); - if (p != NULL) { - /* - * Accept empty responses and responses consisting - * of the word "yes" as affirmative. - */ - if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) - ret = 0; - xfree(p); - } + return (ret); } -- cgit v1.2.3 From 50dbe8314b1796d05e12c1a8a9b9c8b3242d8c5a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:41:24 +1100 Subject: - djm@cvs.openbsd.org 2004/10/29 23:56:17 [bufaux.c bufaux.h buffer.c buffer.h] introduce a new buffer API that returns an error rather than fatal()ing when presented with bad data; ok markus@ --- ChangeLog | 6 +- bufaux.c | 213 +++++++++++++++++++++++++++++++++++++++++++++++++------------- bufaux.h | 12 +++- buffer.c | 48 +++++++++++--- buffer.h | 6 +- 5 files changed, 229 insertions(+), 56 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3847553dc..f991fe7eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,10 @@ - djm@cvs.openbsd.org 2004/10/29 22:53:56 [clientloop.c misc.h readpass.c ssh-agent.c] factor out common permission-asking code to separate function; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:56:17 + [bufaux.c bufaux.h buffer.c buffer.h] + introduce a new buffer API that returns an error rather than fatal()ing + when presented with bad data; ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1833,4 +1837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3576 2004/11/05 09:38:03 dtucker Exp $ +$Id: ChangeLog,v 1.3577 2004/11/05 09:41:24 dtucker Exp $ diff --git a/bufaux.c b/bufaux.c index bf148316d..cbe77d5ae 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.33 2004/10/29 23:56:17 djm Exp $"); #include #include "bufaux.h" @@ -49,8 +49,8 @@ RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $"); * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed * by (bits+7)/8 bytes of binary data, msb first. */ -void -buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +int +buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) { int bits = BN_num_bits(value); int bin_size = (bits + 7) / 8; @@ -60,9 +60,11 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value) /* Get the value of in binary */ oi = BN_bn2bin(value, buf); - if (oi != bin_size) - fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", + if (oi != bin_size) { + error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", oi, bin_size); + return (-1); + } /* Store the number of bits in the buffer in two bytes, msb first. */ PUT_16BIT(msg, bits); @@ -72,36 +74,63 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value) memset(buf, 0, bin_size); xfree(buf); + + return (0); +} + +void +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum_ret(buffer, value) == -1) + fatal("buffer_put_bignum: buffer error"); } /* * Retrieves an BIGNUM from the buffer. */ -void -buffer_get_bignum(Buffer *buffer, BIGNUM *value) +int +buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) { u_int bits, bytes; u_char buf[2], *bin; /* Get the number for bits. */ - buffer_get(buffer, (char *) buf, 2); + if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { + error("buffer_get_bignum_ret: invalid length"); + return (-1); + } bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) - fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); - if (buffer_len(buffer) < bytes) - fatal("buffer_get_bignum: input buffer too small"); + if (bytes > 8 * 1024) { + error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); + return (-1); + } + if (buffer_len(buffer) < bytes) { + error("buffer_get_bignum_ret: input buffer too small"); + return (-1); + } bin = buffer_ptr(buffer); BN_bin2bn(bin, bytes, value); - buffer_consume(buffer, bytes); + if (buffer_consume_ret(buffer, bytes) == -1) { + error("buffer_get_bignum_ret: buffer_consume failed"); + return (-1); + } + return (0); +} + +void +buffer_get_bignum(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum_ret(buffer, value) == -1) + fatal("buffer_get_bignum: buffer error"); } /* * Stores an BIGNUM in the buffer in SSH2 format. */ -void -buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +int +buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) { u_int bytes; u_char *buf; @@ -110,69 +139,140 @@ buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) if (BN_is_zero(value)) { buffer_put_int(buffer, 0); - return; + return 0; + } + if (value->neg) { + error("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); } - if (value->neg) - fatal("buffer_put_bignum2: negative numbers not supported"); bytes = BN_num_bytes(value) + 1; /* extra padding byte */ - if (bytes < 2) - fatal("buffer_put_bignum2: BN too small"); + if (bytes < 2) { + error("buffer_put_bignum2_ret: BN too small"); + return (-1); + } buf = xmalloc(bytes); buf[0] = '\0'; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); - if (oi != bytes-1) - fatal("buffer_put_bignum2: BN_bn2bin() failed: " + if (oi != bytes-1) { + error("buffer_put_bignum2_ret: BN_bn2bin() failed: " "oi %d != bin_size %d", oi, bytes); + xfree(buf); + return (-1); + } hasnohigh = (buf[1] & 0x80) ? 0 : 1; buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); memset(buf, 0, bytes); xfree(buf); + return (0); } void -buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum2_ret(buffer, value) == -1) + fatal("buffer_put_bignum2: buffer error"); +} + +int +buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) { u_int len; - u_char *bin = buffer_get_string(buffer, &len); + u_char *bin; + + if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { + error("buffer_get_bignum2_ret: invalid bignum"); + return (-1); + } - if (len > 0 && (bin[0] & 0x80)) - fatal("buffer_get_bignum2: negative numbers not supported"); - if (len > 8 * 1024) - fatal("buffer_get_bignum2: cannot handle BN of size %d", len); + if (len > 0 && (bin[0] & 0x80)) { + error("buffer_get_bignum2_ret: negative numbers not supported"); + return (-1); + } + if (len > 8 * 1024) { + error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); + return (-1); + } BN_bin2bn(bin, len, value); xfree(bin); + return (0); +} + +void +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum2_ret(buffer, value) == -1) + fatal("buffer_get_bignum2: buffer error"); } /* * Returns integers from the buffer (msb first). */ +int +buffer_get_short_ret(u_short *ret, Buffer *buffer) +{ + u_char buf[2]; + + if (buffer_get_ret(buffer, (char *) buf, 2) == -1) + return (-1); + *ret = GET_16BIT(buf); + return (0); +} + u_short buffer_get_short(Buffer *buffer) { - u_char buf[2]; + u_short ret; + + if (buffer_get_short_ret(&ret, buffer) == -1) + fatal("buffer_get_short: buffer error"); - buffer_get(buffer, (char *) buf, 2); - return GET_16BIT(buf); + return (ret); +} + +int +buffer_get_int_ret(u_int *ret, Buffer *buffer) +{ + u_char buf[4]; + + if (buffer_get_ret(buffer, (char *) buf, 4) == -1) + return (-1); + *ret = GET_32BIT(buf); + return (0); } u_int buffer_get_int(Buffer *buffer) { - u_char buf[4]; + u_int ret; + + if (buffer_get_int_ret(&ret, buffer) == -1) + fatal("buffer_get_int: buffer error"); + + return (ret); +} - buffer_get(buffer, (char *) buf, 4); - return GET_32BIT(buf); +int +buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) +{ + u_char buf[8]; + + if (buffer_get_ret(buffer, (char *) buf, 8) == -1) + return (-1); + *ret = GET_64BIT(buf); + return (0); } u_int64_t buffer_get_int64(Buffer *buffer) { - u_char buf[8]; + u_int64_t ret; - buffer_get(buffer, (char *) buf, 8); - return GET_64BIT(buf); + if (buffer_get_int64_ret(&ret, buffer) == -1) + fatal("buffer_get_int: buffer error"); + + return (ret); } /* @@ -214,25 +314,41 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) * to the returned string, and is not counted in length. */ void * -buffer_get_string(Buffer *buffer, u_int *length_ptr) +buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) { u_char *value; u_int len; /* Get the length. */ len = buffer_get_int(buffer); - if (len > 256 * 1024) - fatal("buffer_get_string: bad string length %u", len); + if (len > 256 * 1024) { + error("buffer_get_string_ret: bad string length %u", len); + return (NULL); + } /* Allocate space for the string. Add one byte for a null character. */ value = xmalloc(len + 1); /* Get the string. */ - buffer_get(buffer, value, len); + if (buffer_get_ret(buffer, value, len) == -1) { + error("buffer_get_string_ret: buffer_get failed"); + xfree(value); + return (NULL); + } /* Append a null character to make processing easier. */ value[len] = 0; /* Optionally return the length of the string. */ if (length_ptr) *length_ptr = len; - return value; + return (value); +} + +void * +buffer_get_string(Buffer *buffer, u_int *length_ptr) +{ + void *ret; + + if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) + fatal("buffer_get_string: buffer error"); + return (ret); } /* @@ -255,12 +371,23 @@ buffer_put_cstring(Buffer *buffer, const char *s) /* * Returns a character from the buffer (0 - 255). */ +int +buffer_get_char_ret(char *ret, Buffer *buffer) +{ + if (buffer_get_ret(buffer, ret, 1) == -1) { + error("buffer_get_char_ret: buffer_get_ret failed"); + return (-1); + } + return (0); +} + int buffer_get_char(Buffer *buffer) { char ch; - buffer_get(buffer, &ch, 1); + if (buffer_get_char_ret(&ch, buffer) == -1) + fatal("buffer_get_char: buffer error"); return (u_char) ch; } diff --git a/bufaux.h b/bufaux.h index 61c72e353..e30911ddc 100644 --- a/bufaux.h +++ b/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,4 +42,14 @@ void buffer_put_cstring(Buffer *, const char *); #define buffer_skip_string(b) \ do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0) +int buffer_put_bignum_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum_ret(Buffer *, BIGNUM *); +int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum2_ret(Buffer *, BIGNUM *); +int buffer_get_short_ret(u_short *, Buffer *); +int buffer_get_int_ret(u_int *, Buffer *); +int buffer_get_int64_ret(u_int64_t *, Buffer *); +void *buffer_get_string_ret(Buffer *, u_int *); +int buffer_get_char_ret(char *, Buffer *); + #endif /* BUFAUX_H */ diff --git a/buffer.c b/buffer.c index 9217cb269..1a25004ba 100644 --- a/buffer.c +++ b/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -126,34 +126,62 @@ buffer_len(Buffer *buffer) /* Gets data from the beginning of the buffer. */ -void -buffer_get(Buffer *buffer, void *buf, u_int len) +int +buffer_get_ret(Buffer *buffer, void *buf, u_int len) { - if (len > buffer->end - buffer->offset) - fatal("buffer_get: trying to get more bytes %d than in buffer %d", + if (len > buffer->end - buffer->offset) { + error("buffer_get_ret: trying to get more bytes %d than in buffer %d", len, buffer->end - buffer->offset); + return (-1); + } memcpy(buf, buffer->buf + buffer->offset, len); buffer->offset += len; + return (0); +} + +void +buffer_get(Buffer *buffer, void *buf, u_int len) +{ + if (buffer_get_ret(buffer, buf, len) == -1) + fatal("buffer_get: buffer error"); } /* Consumes the given number of bytes from the beginning of the buffer. */ +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) { + error("buffer_consume_ret: trying to get more bytes than in buffer"); + return (-1); + } + buffer->offset += bytes; + return (0); +} + void buffer_consume(Buffer *buffer, u_int bytes) { - if (bytes > buffer->end - buffer->offset) - fatal("buffer_consume: trying to get more bytes than in buffer"); - buffer->offset += bytes; + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("buffer_consume: buffer error"); } /* Consumes the given number of bytes from the end of the buffer. */ +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) + return (-1); + buffer->end -= bytes; + return (0); +} + void buffer_consume_end(Buffer *buffer, u_int bytes) { - if (bytes > buffer->end - buffer->offset) + if (buffer_consume_end_ret(buffer, bytes) == -1) fatal("buffer_consume_end: trying to get more bytes than in buffer"); - buffer->end -= bytes; } /* Returns a pointer to the first used byte in the buffer. */ diff --git a/buffer.h b/buffer.h index 5e4c41244..9c09d4f43 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -40,4 +40,8 @@ void buffer_consume_end(Buffer *, u_int); void buffer_dump(Buffer *); +int buffer_get_ret(Buffer *, void *, u_int); +int buffer_consume_ret(Buffer *, u_int); +int buffer_consume_end_ret(Buffer *, u_int); + #endif /* BUFFER_H */ -- cgit v1.2.3 From 08d04faf2457e80b65b798f46bc71ac5a81b6d27 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:42:28 +1100 Subject: - djm@cvs.openbsd.org 2004/10/29 23:57:05 [key.c] use new buffer API to avoid fatal errors on corrupt keys in authorized_keys files; ok markus@ --- ChangeLog | 6 +++++- key.c | 38 +++++++++++++++++++++++++++----------- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f991fe7eb..009470049 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,10 @@ [bufaux.c bufaux.h buffer.c buffer.h] introduce a new buffer API that returns an error rather than fatal()ing when presented with bad data; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:57:05 + [key.c] + use new buffer API to avoid fatal errors on corrupt keys in authorized_keys + files; ok markus@ 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1837,4 +1841,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3577 2004/11/05 09:41:24 dtucker Exp $ +$Id: ChangeLog,v 1.3578 2004/11/05 09:42:28 dtucker Exp $ diff --git a/key.c b/key.c index 21b0869df..e41930464 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); #include @@ -681,8 +681,8 @@ Key * key_from_blob(const u_char *blob, u_int blen) { Buffer b; - char *ktype; int rlen, type; + char *ktype = NULL; Key *key = NULL; #ifdef DEBUG_PK @@ -690,24 +690,38 @@ key_from_blob(const u_char *blob, u_int blen) #endif buffer_init(&b); buffer_append(&b, blob, blen); - ktype = buffer_get_string(&b, NULL); + if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { + error("key_from_blob: can't read key type"); + goto out; + } + type = key_type_from_name(ktype); switch (type) { case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->e); - buffer_get_bignum2(&b, key->rsa->n); + if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + error("key_from_blob: can't read rsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif break; case KEY_DSA: key = key_new(type); - buffer_get_bignum2(&b, key->dsa->p); - buffer_get_bignum2(&b, key->dsa->q); - buffer_get_bignum2(&b, key->dsa->g); - buffer_get_bignum2(&b, key->dsa->pub_key); + if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { + error("key_from_blob: can't read dsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif @@ -717,12 +731,14 @@ key_from_blob(const u_char *blob, u_int blen) break; default: error("key_from_blob: cannot handle type %s", ktype); - break; + goto out; } rlen = buffer_len(&b); if (key != NULL && rlen != 0) error("key_from_blob: remaining bytes in key blob %d", rlen); - xfree(ktype); + out: + if (ktype != NULL) + xfree(ktype); buffer_free(&b); return key; } -- cgit v1.2.3 From 2d963d87210c6a0c5eadfa5f02c808f6d983b47e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2004 20:04:10 +1100 Subject: - djm@cvs.openbsd.org 2004/11/05 12:19:56 [sftp.c] command editing and history support via libedit; ok markus@ thanks to hshoexer@ and many testers on tech@ too --- ChangeLog | 9 ++++++++- sftp.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 64 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 009470049..871187478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20041107 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/11/05 12:19:56 + [sftp.c] + command editing and history support via libedit; ok markus@ + thanks to hshoexer@ and many testers on tech@ too + 20041105 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/08/30 09:18:08 @@ -1841,4 +1848,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3578 2004/11/05 09:42:28 dtucker Exp $ +$Id: ChangeLog,v 1.3579 2004/11/07 09:04:10 dtucker Exp $ diff --git a/sftp.c b/sftp.c index f01c9194c..2db394e23 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,13 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.57 2004/11/05 12:19:56 djm Exp $"); + +#ifdef USE_LIBEDIT +#include +#else +typedef void EditLine; +#endif #include "buffer.h" #include "xmalloc.h" @@ -1206,6 +1212,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, return (0); } +#ifdef USE_LIBEDIT +static char * +prompt(EditLine *el) +{ + return ("sftp> "); +} +#endif + int interactive_loop(int fd_in, int fd_out, char *file1, char *file2) { @@ -1214,6 +1228,27 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) char cmd[2048]; struct sftp_conn *conn; int err; + EditLine *el = NULL; +#ifdef USE_LIBEDIT + History *hl = NULL; + HistEvent hev; + extern char *__progname; + + if (!batchmode && isatty(STDIN_FILENO)) { + if ((el = el_init(__progname, stdin, stdout, stderr)) == NULL) + fatal("Couldn't initialise editline"); + if ((hl = history_init()) == NULL) + fatal("Couldn't initialise editline history"); + history(hl, &hev, H_SETSIZE, 100); + el_set(el, EL_HIST, history, hl); + + el_set(el, EL_PROMPT, prompt); + el_set(el, EL_EDITOR, "emacs"); + el_set(el, EL_TERMINAL, NULL); + el_set(el, EL_SIGNAL, 1); + el_source(el, NULL); + } +#endif /* USE_LIBEDIT */ conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); if (conn == NULL) @@ -1261,17 +1296,29 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) signal(SIGINT, SIG_IGN); - printf("sftp> "); + if (el == NULL) { + printf("sftp> "); + if (fgets(cmd, sizeof(cmd), infile) == NULL) { + printf("\n"); + break; + } + if (batchmode) /* Echo command */ + printf("%s", cmd); + } else { +#ifdef USE_LIBEDIT + const char *line; + int count = 0; - /* XXX: use libedit */ - if (fgets(cmd, sizeof(cmd), infile) == NULL) { - printf("\n"); - break; + if ((line = el_gets(el, &count)) == NULL || count <= 0) + break; + history(hl, &hev, H_ENTER, line); + if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) { + fprintf(stderr, "Error: input line too long\n"); + continue; + } +#endif /* USE_LIBEDIT */ } - if (batchmode) /* Echo command */ - printf("%s", cmd); - cp = strrchr(cmd, '\n'); if (cp) *cp = '\0'; -- cgit v1.2.3 From 7ebfc10884da0e430966cb323f57de17397f64bc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2004 20:06:19 +1100 Subject: - djm@cvs.openbsd.org 2004/11/07 00:01:46 [clientloop.c clientloop.h ssh.1 ssh.c] add basic control of a running multiplex master connection; including the ability to check its status and request it to exit; ok markus@ --- ChangeLog | 6 ++++- clientloop.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++----------- clientloop.h | 10 ++++++- ssh.1 | 19 +++++++++++--- ssh.c | 66 ++++++++++++++++++++++++++++++++++++---------- 5 files changed, 153 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 871187478..fe96f8d0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [sftp.c] command editing and history support via libedit; ok markus@ thanks to hshoexer@ and many testers on tech@ too + - djm@cvs.openbsd.org 2004/11/07 00:01:46 + [clientloop.c clientloop.h ssh.1 ssh.c] + add basic control of a running multiplex master connection; including the + ability to check its status and request it to exit; ok markus@ 20041105 - (dtucker) OpenBSD CVS Sync @@ -1848,4 +1852,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3579 2004/11/07 09:04:10 dtucker Exp $ +$Id: ChangeLog,v 1.3580 2004/11/07 09:06:19 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index d77337b82..033a98a5b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.133 2004/10/29 22:53:56 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.134 2004/11/07 00:01:46 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -561,7 +561,7 @@ client_process_control(fd_set * readset) struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len, env_len; + u_int len, env_len, command, flags; uid_t euid; gid_t egid; @@ -591,24 +591,74 @@ client_process_control(fd_set * readset) return; } - allowed = 1; - if (options.control_master == 2) - allowed = ask_permission("Allow shared connection to %s? ", - host); - unset_nonblock(client_fd); + /* Read command */ buffer_init(&m); + if (ssh_msg_recv(client_fd, &m) == -1) { + error("%s: client msg_recv failed", __func__); + close(client_fd); + buffer_free(&m); + return; + } + if ((ver = buffer_get_char(&m)) != 1) { + error("%s: wrong client version %d", __func__, ver); + buffer_free(&m); + close(client_fd); + return; + } + + allowed = 1; + command = buffer_get_int(&m); + flags = buffer_get_int(&m); + + buffer_clear(&m); + switch (command) { + case SSHMUX_COMMAND_OPEN: + if (options.control_master == 2) + allowed = ask_permission("Allow shared connection " + "to %s? ", host); + /* continue below */ + break; + case SSHMUX_COMMAND_TERMINATE: + if (options.control_master == 2) + allowed = ask_permission("Terminate shared connection " + "to %s? ", host); + if (allowed) + quit_pending = 1; + /* FALLTHROUGH */ + case SSHMUX_COMMAND_ALIVE_CHECK: + /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ + buffer_clear(&m); + buffer_put_int(&m, allowed); + buffer_put_int(&m, getpid()); + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + error("%s: client msg_send failed", __func__); + close(client_fd); + buffer_free(&m); + return; + } + buffer_free(&m); + close(client_fd); + return; + default: + error("Unsupported command %d", command); + buffer_free(&m); + close(client_fd); + return; + } + + /* Reply for SSHMUX_COMMAND_OPEN */ + buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); return; } - buffer_clear(&m); if (!allowed) { error("Refused control connection"); @@ -617,14 +667,14 @@ client_process_control(fd_set * readset) return; } + buffer_clear(&m); if (ssh_msg_recv(client_fd, &m) == -1) { error("%s: client msg_recv failed", __func__); close(client_fd); buffer_free(&m); return; } - - if ((ver = buffer_get_char(&m)) != 0) { + if ((ver = buffer_get_char(&m)) != 1) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -633,9 +683,8 @@ client_process_control(fd_set * readset) cctx = xmalloc(sizeof(*cctx)); memset(cctx, 0, sizeof(*cctx)); - - cctx->want_tty = buffer_get_int(&m); - cctx->want_subsys = buffer_get_int(&m); + cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; + cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; cctx->term = buffer_get_string(&m, &len); cmd = buffer_get_string(&m, &len); @@ -667,14 +716,21 @@ client_process_control(fd_set * readset) if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1) error("%s: tcgetattr: %s", __func__, strerror(errno)); + /* This roundtrip is just for synchronisation of ttymodes */ buffer_clear(&m); - if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); close(new_fd[0]); close(new_fd[1]); close(new_fd[2]); buffer_free(&m); + xfree(cctx->term); + if (env_len != 0) { + for (i = 0; i < env_len; i++) + xfree(cctx->env[i]); + xfree(cctx->env); + } return; } buffer_free(&m); diff --git a/clientloop.h b/clientloop.h index 9992d5938..b23c111cb 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */ /* * Author: Tatu Ylonen @@ -40,3 +40,11 @@ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); + +/* Multiplexing control protocol flags */ +#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ +#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ +#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ + +#define SSHMUX_FLAG_TTY (1) /* Request tty on open */ +#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ diff --git a/ssh.1 b/ssh.1 index 06cb60cec..ec83319b8 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.197 2004/10/07 10:10:24 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.198 2004/11/07 00:01:46 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -62,6 +62,7 @@ .Ek .Op Fl l Ar login_name .Op Fl m Ar mac_spec +.Op Fl O Ar ctl_cmd .Op Fl o Ar option .Bk -words .Op Fl p Ar port @@ -74,7 +75,7 @@ .Sm on .Xc .Oc -.Op Fl S Ar ctl +.Op Fl S Ar ctl_path .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Sh DESCRIPTION @@ -613,6 +614,18 @@ be specified in order of preference. See the .Cm MACs keyword for more information. +.It Fl O Ar ctl_cmd +Control an active connection multiplexing master process. +When the +.Fl O +option is specified, the +.Ar ctl_cmd +argument is interpreted and passed to the master process. +Valid commands are: +.Dq check +(check that the master process is running) and +.Dq exit +(request the master to exit). .It Fl N Do not execute a remote command. This is useful for just forwarding ports @@ -735,7 +748,7 @@ IPv6 addresses can be specified with an alternative syntax: .Ar hostport . .Xc .Sm on -.It Fl S Ar ctl +.It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing. Refer to the description of .Cm ControlPath diff --git a/ssh.c b/ssh.c index c231c5fae..dfe9b25c1 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.228 2004/09/23 13:00:04 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.229 2004/11/07 00:01:46 djm Exp $"); #include #include @@ -144,6 +144,9 @@ pid_t proxy_command_pid = 0; /* fd to control socket */ int control_fd = -1; +/* Multiplexing control command */ +static u_int mux_command = SSHMUX_COMMAND_OPEN; + /* Only used in control client mode */ volatile sig_atomic_t control_client_terminate = 0; u_int control_server_pid = 0; @@ -236,7 +239,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -270,6 +273,14 @@ again: case 'g': options.gateway_ports = 1; break; + case 'O': + if (strcmp(optarg, "check") == 0) + mux_command = SSHMUX_COMMAND_ALIVE_CHECK; + else if (strcmp(optarg, "exit") == 0) + mux_command = SSHMUX_COMMAND_TERMINATE; + else + fatal("Invalid multiplex command."); + break; case 'P': /* deprecated */ options.use_privileged_port = 0; break; @@ -1251,8 +1262,9 @@ control_client(const char *path) struct sockaddr_un addr; int i, r, fd, sock, exitval, num_env, addr_len; Buffer m; - char *cp; + char *term; extern char **environ; + u_int flags; if (stdin_null_flag) { if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) @@ -1278,26 +1290,52 @@ control_client(const char *path) if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) fatal("Couldn't connect to %s: %s", path, strerror(errno)); - if ((cp = getenv("TERM")) == NULL) - cp = ""; + if ((term = getenv("TERM")) == NULL) + term = ""; + + flags = 0; + if (tty_flag) + flags |= SSHMUX_FLAG_TTY; + if (subsystem_flag) + flags |= SSHMUX_FLAG_SUBSYS; buffer_init(&m); - /* Get PID of controlee */ + /* Send our command to server */ + buffer_put_int(&m, mux_command); + buffer_put_int(&m, flags); + if (ssh_msg_send(sock, /* version */1, &m) == -1) + fatal("%s: msg_send", __func__); + buffer_clear(&m); + + /* Get authorisation status and PID of controlee */ if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) + if (buffer_get_char(&m) != 1) fatal("%s: wrong version", __func__); - /* Connection allowed? */ if (buffer_get_int(&m) != 1) fatal("Connection to master denied"); control_server_pid = buffer_get_int(&m); buffer_clear(&m); - buffer_put_int(&m, tty_flag); - buffer_put_int(&m, subsystem_flag); - buffer_put_cstring(&m, cp); + switch (mux_command) { + case SSHMUX_COMMAND_ALIVE_CHECK: + fprintf(stderr, "Master running (pid=%d)\r\n", + control_server_pid); + exit(0); + case SSHMUX_COMMAND_TERMINATE: + fprintf(stderr, "Exit request sent.\r\n"); + exit(0); + case SSHMUX_COMMAND_OPEN: + /* continue below */ + break; + default: + fatal("silly mux_command %d", mux_command); + } + + /* SSHMUX_COMMAND_OPEN */ + buffer_put_cstring(&m, term); buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); @@ -1319,7 +1357,7 @@ control_client(const char *path) } } - if (ssh_msg_send(sock, /* version */0, &m) == -1) + if (ssh_msg_send(sock, /* version */1, &m) == -1) fatal("%s: msg_send", __func__); mm_send_fd(sock, STDIN_FILENO); @@ -1330,8 +1368,8 @@ control_client(const char *path) buffer_clear(&m); if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) - fatal("%s: master returned error", __func__); + if (buffer_get_char(&m) != 1) + fatal("%s: wrong version", __func__); buffer_free(&m); signal(SIGHUP, control_client_sighandler); -- cgit v1.2.3 From 16bcc1c92e6baa0a32efe105c58b6d6242331d10 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2004 20:14:34 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure option and supporting makefile bits and documentation. --- ChangeLog | 4 +++- INSTALL | 10 +++++++++- Makefile.in | 5 +++-- configure.ac | 19 ++++++++++++++++++- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index fe96f8d0c..48b1aa4ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ [clientloop.c clientloop.h ssh.1 ssh.c] add basic control of a running multiplex master connection; including the ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. 20041105 - (dtucker) OpenBSD CVS Sync @@ -1852,4 +1854,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3580 2004/11/07 09:06:19 dtucker Exp $ +$Id: ChangeLog,v 1.3581 2004/11/07 09:14:34 dtucker Exp $ diff --git a/INSTALL b/INSTALL index dae1bb159..26d62976b 100644 --- a/INSTALL +++ b/INSTALL @@ -52,6 +52,14 @@ http://www.lothar.com/tech/crypto/ S/Key Libraries: http://www.sparc.spb.su/solaris/skey/ +LibEdit: + +sftp now supports command-line editing via NetBSD's libedit. If your +platform has it available natively you can use that, alternatively +you might try these multi-platform ports: +http://www.thrysoee.dk/editline/ +http://sourceforge.net/projects/libedit/ + If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be supported. @@ -200,4 +208,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $ +$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index db9eb34ab..940e686b0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.265 2004/08/30 11:33:02 dtucker Exp $ +# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ AR=@AR@ @@ -158,7 +159,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index b8f970074..f60bbdd27 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.232 2004/11/02 09:30:54 dtucker Exp $ +# $Id: configure.ac,v 1.233 2004/11/07 09:14:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -854,6 +854,22 @@ AC_ARG_WITH(tcp-wrappers, ] ) +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH(libedit, + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + AC_CHECK_LIB(edit, el_init, + [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + LIBEDIT="-ledit -lcurses" + LIBEDIT_MSG="yes" + AC_SUBST(LIBEDIT) + ], + [], [-lcurses] + ) + fi ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -3046,6 +3062,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " libedit support: $LIBEDIT_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" -- cgit v1.2.3 From e04644c162fba4f229ef5878bca74a7e37c0e79a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 3 Dec 2004 14:08:45 +1100 Subject: - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2004/11/07 17:42:36 [ssh.1] options sort, and whitespace; --- ChangeLog | 8 +++++++- ssh.1 | 26 +++++++++++++------------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 48b1aa4ee..4b3024429 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20041203 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2004/11/07 17:42:36 + [ssh.1] + options sort, and whitespace; + 20041107 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2004/11/05 12:19:56 @@ -1854,4 +1860,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3581 2004/11/07 09:14:34 dtucker Exp $ +$Id: ChangeLog,v 1.3582 2004/12/03 03:08:45 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index ec83319b8..b8a91a160 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.198 2004/11/07 00:01:46 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.199 2004/11/07 17:42:36 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -614,18 +614,6 @@ be specified in order of preference. See the .Cm MACs keyword for more information. -.It Fl O Ar ctl_cmd -Control an active connection multiplexing master process. -When the -.Fl O -option is specified, the -.Ar ctl_cmd -argument is interpreted and passed to the master process. -Valid commands are: -.Dq check -(check that the master process is running) and -.Dq exit -(request the master to exit). .It Fl N Do not execute a remote command. This is useful for just forwarding ports @@ -650,6 +638,18 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl O Ar ctl_cmd +Control an active connection multiplexing master process. +When the +.Fl O +option is specified, the +.Ar ctl_cmd +argument is interpreted and passed to the master process. +Valid commands are: +.Dq check +(check that the master process is running) and +.Dq exit +(request the master to exit). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate -- cgit v1.2.3 From 9c6bf325c0cf03fc40e87e51d165189dce07c594 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 3 Dec 2004 14:10:19 +1100 Subject: - jmc@cvs.openbsd.org 2004/11/07 17:57:30 [ssh.c] usage(): - add -O - sync -S w/ manpage - remove -h --- ChangeLog | 8 +++++++- ssh.c | 9 +++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4b3024429..35a7d07ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,12 @@ - jmc@cvs.openbsd.org 2004/11/07 17:42:36 [ssh.1] options sort, and whitespace; + - jmc@cvs.openbsd.org 2004/11/07 17:57:30 + [ssh.c] + usage(): + - add -O + - sync -S w/ manpage + - remove -h 20041107 - (dtucker) OpenBSD CVS Sync @@ -1860,4 +1866,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3582 2004/12/03 03:08:45 dtucker Exp $ +$Id: ChangeLog,v 1.3583 2004/12/03 03:10:19 dtucker Exp $ diff --git a/ssh.c b/ssh.c index dfe9b25c1..ac537338c 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.229 2004/11/07 00:01:46 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.230 2004/11/07 17:57:30 jmc Exp $"); #include #include @@ -157,10 +157,11 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" " [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" -" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" -" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n" +" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd]\n" +" [-o option] [-p port] [-R port:host:hostport] [-S ctl_path]\n" +" [user@]hostname [command]\n" ); exit(1); } -- cgit v1.2.3 From c13866719fc39d5feebfb80ca251a7b31583d803 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 3 Dec 2004 14:33:47 +1100 Subject: - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is subsequently denied by the PAM auth stack, send the PAM message to the user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). ok djm@ --- ChangeLog | 6 +++++- auth1.c | 21 +++++++++++++++++++-- auth2.c | 5 +++-- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35a7d07ae..fd92678f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ - add -O - sync -S w/ manpage - remove -h + - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is + subsequently denied by the PAM auth stack, send the PAM message to the + user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). + ok djm@ 20041107 - (dtucker) OpenBSD CVS Sync @@ -1866,4 +1870,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3583 2004/12/03 03:10:19 dtucker Exp $ +$Id: ChangeLog,v 1.3584 2004/12/03 03:33:47 dtucker Exp $ diff --git a/auth1.c b/auth1.c index 3f93b9869..2a9d18b9a 100644 --- a/auth1.c +++ b/auth1.c @@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "session.h" #include "uidswap.h" #include "monitor_wrap.h" +#include "buffer.h" /* import */ extern ServerOptions options; +extern Buffer loginmsg; /* * convert ssh auth msg type into description @@ -251,8 +253,23 @@ do_authloop(Authctxt *authctxt) #ifdef USE_PAM if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) - authenticated = 0; + !PRIVSEP(do_pam_account())) { + char *msg; + size_t len; + + error("Access denied for user %s by PAM account " + "configuration", authctxt->user); + len = buffer_len(&loginmsg); + buffer_append(&loginmsg, "\0", 1); + msg = buffer_ptr(&loginmsg); + /* strip trailing newlines */ + if (len > 0) + while (len > 0 && msg[--len] == '\n') + msg[len] = '\0'; + else + msg = "Access denied."; + packet_disconnect(msg); + } #endif /* Log before sending the reply */ diff --git a/auth2.c b/auth2.c index 57e6db46b..60e261f7f 100644 --- a/auth2.c +++ b/auth2.c @@ -220,13 +220,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #ifdef USE_PAM if (options.use_pam && authenticated) { if (!PRIVSEP(do_pam_account())) { - authenticated = 0; /* if PAM returned a message, send it to the user */ if (buffer_len(&loginmsg) > 0) { buffer_append(&loginmsg, "\0", 1); userauth_send_banner(buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); + packet_write_wait(); } + fatal("Access denied for user %s by PAM account " + "configuration", authctxt->user); } } #endif -- cgit v1.2.3 From ba2abb3699d5901898041dad45394e47de891cc9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:40:10 +1100 Subject: - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ --- ChangeLog | 5 ++++- TODO | 13 +------------ WARNING.RNG | 11 +++++------ 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd92678f3..11f7bbd87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + 20041203 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2004/11/07 17:42:36 @@ -1870,4 +1873,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3584 2004/12/03 03:33:47 dtucker Exp $ +$Id: ChangeLog,v 1.3585 2004/12/06 11:40:10 dtucker Exp $ diff --git a/TODO b/TODO index 1b1d03c43..e8aaa4b96 100644 --- a/TODO +++ b/TODO @@ -30,13 +30,8 @@ Programming: - More platforms for for setproctitle() emulation (testing needed) -- Improve PAM support (a pam_lastlog module will cause sshd to exit) - and maybe support alternate forms of authentications like OPIE via - pam? - - Improve PAM ChallengeResponseAuthentication - Informational messages - - chauthtok - Use different PAM service name for kbdint vs regular auth (suggest from Solar Designer) - Ability to select which ChallengeResponseAuthentications may be used @@ -59,8 +54,6 @@ Clean up configure/makefiles: information in wtmpx or utmpx or any of that stuff if it's not detected from the start -- Fails to compile when cross compile. (vinschen@redhat.com) - - Replace the whole u_intXX_t evilness in acconfig.h with something better??? - Do it in configure.ac @@ -72,10 +65,6 @@ Clean up configure/makefiles: entropy related stuff into another. Packaging: -- Solaris: Update packaging scripts and build new sysv startup scripts - Ideally the package metadata should be generated by autoconf. - (gilbert.r.loomis@saic.com) - - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) @@ -94,4 +83,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $ +$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $ diff --git a/WARNING.RNG b/WARNING.RNG index 5d4ea8753..687891a73 100644 --- a/WARNING.RNG +++ b/WARNING.RNG @@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time, especially on slower machines. Additionally some program can take a disproportionate time to execute. -Tuning the default entropy collection code is difficult at this point. -It requires doing 'times ./ssh-rand-helper' and modifying the -($etcdir)/ssh_prng_cmds until you have found the issue. In the next -release we will be looking at support '-v' for verbose output to allow -easier debugging. +Tuning the random helper can be done by running ./ssh-random-helper in +very verbose mode ("-vvv") and identifying the commands that are taking +accessive amounts of time or hanging altogher. Any problem commands can +be modified or removed from ssh_prng_cmds. The default entropy collector will timeout programs which take too long to execute, the actual timeout used can be adjusted with the @@ -93,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading prngd/egd and configure OpenSSH using --with-prngd-port=xx or --with-prngd-socket=xx (refer to INSTALL for more information). -$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $ +$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $ -- cgit v1.2.3 From cd516efea147ef64f0b3d0be3e3c94b450c11c24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:43:43 +1100 Subject: - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/11/25 22:22:14 [sftp-client.c sftp.c] leak; from mpech --- ChangeLog | 6 +++++- sftp-client.c | 4 +++- sftp.c | 7 +++++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 11f7bbd87..f80f685de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20041206 - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/11/25 22:22:14 + [sftp-client.c sftp.c] + leak; from mpech 20041203 - (dtucker) OpenBSD CVS Sync @@ -1873,4 +1877,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3585 2004/12/06 11:40:10 dtucker Exp $ +$Id: ChangeLog,v 1.3586 2004/12/06 11:43:43 dtucker Exp $ diff --git a/sftp-client.c b/sftp-client.c index 0ffacbccc..d894a11f2 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -172,6 +172,7 @@ get_handle(int fd, u_int expected_id, u_int *len) int status = buffer_get_int(&msg); error("Couldn't get handle: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_HANDLE) fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u", @@ -206,6 +207,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet) debug("Couldn't stat remote file: %s", fx2txt(status)); else error("Couldn't stat remote file: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_ATTRS) { fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u", diff --git a/sftp.c b/sftp.c index 2db394e23..b37c36b71 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.57 2004/11/05 12:19:56 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.58 2004/11/25 22:22:14 markus Exp $"); #ifdef USE_LIBEDIT #include @@ -1265,8 +1265,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (remote_is_dir(conn, dir) && file2 == NULL) { printf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); - if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) + if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) { + xfree(dir); + xfree(pwd); return (-1); + } } else { if (file2 == NULL) snprintf(cmd, sizeof cmd, "get %s", dir); -- cgit v1.2.3 From 0133a727acc7db7bd5a733ca0bed8a06a112f389 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:44:32 +1100 Subject: - jmc@cvs.openbsd.org 2004/11/29 00:05:17 [sftp.1] missing full stop; --- ChangeLog | 5 ++++- sftp.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f80f685de..3a925d505 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ - markus@cvs.openbsd.org 2004/11/25 22:22:14 [sftp-client.c sftp.c] leak; from mpech + - jmc@cvs.openbsd.org 2004/11/29 00:05:17 + [sftp.1] + missing full stop; 20041203 - (dtucker) OpenBSD CVS Sync @@ -1877,4 +1880,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3586 2004/12/06 11:43:43 dtucker Exp $ +$Id: ChangeLog,v 1.3587 2004/12/06 11:44:32 dtucker Exp $ diff --git a/sftp.1 b/sftp.1 index fe3e4de32..f438949dd 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.58 2004/10/07 10:10:24 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.59 2004/11/29 00:05:17 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -193,7 +193,7 @@ For full details of the options listed below, and their possible values, see .It Fl P Ar sftp_server_path Connect directly to a local sftp server (rather than via -.Xr ssh 1 ) +.Xr ssh 1 ) . This option may be useful in debugging the client and server. .It Fl R Ar num_requests Specify how many requests may be outstanding at any one time. -- cgit v1.2.3 From e2f189a841c9beecae75a2df3784d73f9e6dd762 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:45:53 +1100 Subject: - djm@cvs.openbsd.org 2004/11/29 07:41:24 [sftp-client.h sftp.c] Some small fixes from moritz@jodeit.org. ok deraadt@ --- ChangeLog | 5 ++++- sftp-client.h | 6 +++--- sftp.c | 6 ++++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3a925d505..520b9b485 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - jmc@cvs.openbsd.org 2004/11/29 00:05:17 [sftp.1] missing full stop; + - djm@cvs.openbsd.org 2004/11/29 07:41:24 + [sftp-client.h sftp.c] + Some small fixes from moritz@jodeit.org. ok deraadt@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1880,4 +1883,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3587 2004/12/06 11:44:32 dtucker Exp $ +$Id: ChangeLog,v 1.3588 2004/12/06 11:45:53 dtucker Exp $ diff --git a/sftp-client.h b/sftp-client.h index a0e8e44b3..991e05d33 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.12 2004/02/17 05:39:51 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -30,8 +30,8 @@ struct SFTP_DIRENT { }; /* - * Initialiase a SSH filexfer connection. Returns -1 on error or - * protocol version on success. + * Initialiase a SSH filexfer connection. Returns NULL on error or + * a pointer to a initialized sftp_conn struct on success. */ struct sftp_conn *do_init(int, int, u_int, u_int); diff --git a/sftp.c b/sftp.c index b37c36b71..2c7b546f7 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.58 2004/11/25 22:22:14 markus Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.59 2004/11/29 07:41:24 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -160,9 +160,11 @@ static void cmd_interrupt(int signo) { const char msg[] = "\rInterrupt \n"; + int olderrno = errno; write(STDERR_FILENO, msg, sizeof(msg) - 1); interrupted = 1; + errno = olderrno; } static void @@ -262,7 +264,7 @@ path_strip(char *path, char *strip) return (xstrdup(path)); len = strlen(strip); - if (strip != NULL && strncmp(path, strip, len) == 0) { + if (strncmp(path, strip, len) == 0) { if (strip[len - 1] != '/' && path[len] == '/') len++; return (xstrdup(path + len)); -- cgit v1.2.3 From 16e254d17934437a811e0019107ad53cdea8eb76 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:46:45 +1100 Subject: - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 [sftp.1] - explain that patterns can be used as arguments in get/put/ls/etc commands (prodded by Michael Knudsen) - describe ls flags as a list - other minor improvements ok jmc, djm --- ChangeLog | 9 ++++- sftp.1 | 116 +++++++++++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 93 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 520b9b485..ea529e794 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,13 @@ - djm@cvs.openbsd.org 2004/11/29 07:41:24 [sftp-client.h sftp.c] Some small fixes from moritz@jodeit.org. ok deraadt@ + - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 + [sftp.1] + - explain that patterns can be used as arguments in get/put/ls/etc + commands (prodded by Michael Knudsen) + - describe ls flags as a list + - other minor improvements + ok jmc, djm 20041203 - (dtucker) OpenBSD CVS Sync @@ -1883,4 +1890,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3588 2004/12/06 11:45:53 dtucker Exp $ +$Id: ChangeLog,v 1.3589 2004/12/06 11:46:45 dtucker Exp $ diff --git a/sftp.1 b/sftp.1 index f438949dd..bcd7fdf78 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.59 2004/11/29 00:05:17 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.60 2004/12/05 23:55:07 jaredy Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -71,7 +71,9 @@ The second usage format will retrieve files automatically if a non-interactive authentication method is used; otherwise it will do so after successful interactive authentication. .Pp -The third usage format allows the sftp client to start in a remote directory. +The third usage format allows +.Nm +to start in a remote directory. .Pp The final usage format allows for automated sessions using the .Fl b @@ -224,9 +226,13 @@ Once in interactive mode, .Nm understands a set of commands similar to those of .Xr ftp 1 . -Commands are case insensitive and pathnames may be enclosed in quotes if they -contain spaces. -.Bl -tag -width "lmdir path" +Commands are case insensitive. +Pathnames that contain spaces must be enclosed in quotes. +Any special characters contained within pathnames that are recognized by +.Xr glob 3 +must be escaped with backslashes +.Pq Sq \e . +.Bl -tag -width Ds .It Ic bye Quit .Nm sftp . @@ -238,6 +244,10 @@ Change group of file .Ar path to .Ar grp . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar grp must be a numeric GID. .It Ic chmod Ar mode Ar path @@ -245,18 +255,26 @@ Change permissions of file .Ar path to .Ar mode . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic chown Ar own Ar path Change owner of file .Ar path to .Ar own . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar own must be a numeric UID. .It Ic exit Quit .Nm sftp . .It Xo Ic get -.Op Ar flags +.Op Fl P .Ar remote-path .Op Ar local-path .Xc @@ -266,9 +284,18 @@ and store it on the local machine. If the local path name is not specified, it is given the same name it has on the remote machine. +.Ar remote-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar local-path +is specified, then +.Ar local-path +must specify a directory. If the .Fl P -flag is specified, then the file's full permission and access time are +flag is specified, then full file permissions and access times are copied too. .It Ic help Display help text. @@ -281,6 +308,14 @@ Display local directory listing of either or current directory if .Ar path is not specified. +.Ar ls-options +may contain any flags supported by the local system's +.Xr ls 1 +command. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic lmkdir Ar path Create local directory specified by .Ar path . @@ -292,36 +327,44 @@ to .It Ic lpwd Print local working directory. .It Xo Ic ls -.Op Ar flags +.Op Fl 1aflnrSt .Op Ar path .Xc -Display remote directory listing of either +Display a remote directory listing of either .Ar path -or current directory if +or the current directory if .Ar path is not specified. -If the -.Fl l -flag is specified, then display additional details including permissions -and ownership information. -The -.Fl n -flag will produce a long listing with user and group information presented -numerically. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Pp -By default, +The following flags are recognized and alter the behaviour of .Ic ls -listings are sorted in lexicographical order. -This may be changed by specifying the -.Fl S -(sort by file size), -.Fl t -(sort by last modification time), or -.Fl f -(don't sort at all) flags. -Additionally, the sort order may be reversed using the -.Fl r -flag. +accordingly: +.Bl -tag -width Ds +.It Fl 1 +Produce single columnar output. +.It Fl a +List files beginning with a dot +.Pq Sq \&. . +.It Fl f +Do not sort the listing. +The default sort order is lexicographical. +.It Fl l +Display additional details including permissions +and ownership information. +.It Fl n +Produce a long listing with user and group information presented +numerically. +.It Fl r +Reverse the sort order of the listing. +.It Fl S +Sort the listing by file size. +.It Fl t +Sort the listing by last modification time. +.El .It Ic lumask Ar umask Set local umask to .Ar umask . @@ -331,7 +374,7 @@ Create remote directory specified by .It Ic progress Toggle display of progress meter. .It Xo Ic put -.Op Ar flags +.Op Fl P .Ar local-path .Op Ar remote-path .Xc @@ -340,6 +383,15 @@ Upload and store it on the remote machine. If the remote path name is not specified, it is given the same name it has on the local machine. +.Ar local-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar remote-path +is specified, then +.Ar remote-path +must specify a directory. If the .Fl P flag is specified, then the file's full permission and access time are @@ -380,10 +432,12 @@ Synonym for help. .El .Sh SEE ALSO .Xr ftp 1 , +.Xr ls 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-keygen 1 , +.Xr glob 3 , .Xr ssh_config 5 , .Xr sftp-server 8 , .Xr sshd 8 -- cgit v1.2.3 From 22cc741096c85ff211dfc4c910fd28ec4858ba83 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:47:41 +1100 Subject: - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@ --- ChangeLog | 6 +++++- auth-rsa.c | 10 ++++------ auth2-pubkey.c | 9 +++++---- authfile.c | 9 +++++---- misc.c | 25 ++++++++++++++++++++++++- misc.h | 3 ++- ssh.h | 9 ++++++++- sshd.8 | 6 ++++-- 8 files changed, 57 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index ea529e794..513df22d0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ - describe ls flags as a list - other minor improvements ok jmc, djm + - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] + Discard over-length authorized_keys entries rather than complaining when + they don't decode. bz #884, with & ok djm@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1890,4 +1894,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3589 2004/12/06 11:46:45 dtucker Exp $ +$Id: ChangeLog,v 1.3590 2004/12/06 11:47:41 dtucker Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 16369d47c..2060f8394 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); #include #include @@ -49,7 +49,7 @@ extern u_char session_id[16]; * options bits e n comment * where bits, e and n are decimal numbers, * and comment is any string of characters up to newline. The maximum - * length of a line is 8000 characters. See the documentation for a + * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a * description of the options. */ @@ -152,7 +152,7 @@ auth_rsa_challenge_dialog(Key *key) int auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { - char line[8192], *file; + char line[SSH_MAX_PUBKEY_BYTES], *file; int allowed = 0; u_int bits; FILE *f; @@ -201,12 +201,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index bafea09da..41e23bebd 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,8 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); +#include "ssh.h" #include "ssh2.h" #include "xmalloc.h" #include "packet.h" @@ -167,7 +168,7 @@ done: static int user_key_allowed2(struct passwd *pw, Key *key, char *file) { - char line[8192]; + char line[SSH_MAX_PUBKEY_BYTES]; int found_key = 0; FILE *f; u_long linenum = 0; @@ -204,9 +205,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) found_key = 0; found = key_new(key->type); - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL; - linenum++; + /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; diff --git a/authfile.c b/authfile.c index 1c006c43d..4038ab692 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $"); #include #include @@ -601,13 +601,14 @@ static int key_try_load_public(Key *k, const char *filename, char **commentp) { FILE *f; - char line[4096]; + char line[SSH_MAX_PUBKEY_BYTES]; char *cp; + int linenum = 0; f = fopen(filename, "r"); if (f != NULL) { - while (fgets(line, sizeof(line), f)) { - line[sizeof(line)-1] = '\0'; + while (read_keyfile_line(f, filename, line, sizeof(line), + &linenum) != -1) { cp = line; switch (*cp) { case '#': diff --git a/misc.c b/misc.c index 8cb411ccc..d0cc53823 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $"); #include "misc.h" #include "log.h" @@ -332,3 +332,26 @@ addargs(arglist *args, char *fmt, ...) args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } + +/* + * Read an entire line from a public key file into a static buffer, discarding + * lines that exceed the buffer size. Returns 0 on success, -1 on failure. + */ +int +read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, + int *lineno) +{ + while (fgets(buf, bufsz, f) != NULL) { + (*lineno)++; + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { + debug("%s: %s line %d exceeds size limit", __func__, + filename, lineno); + /* discard remainder of line */ + while(fgetc(f) != '\n' && !feof(f)) + ; /* nothing */ + } + } + return -1; +} diff --git a/misc.h b/misc.h index 0290a2d64..4aab2ca01 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.18 2004/10/29 22:53:56 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -47,3 +47,4 @@ char *tilde_expand_filename(const char *, uid_t); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +int read_keyfile_line(FILE *, const char *, char *, size_t, int *); diff --git a/ssh.h b/ssh.h index a3b2ebbb5..07592415b 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */ +/* $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -39,6 +39,13 @@ */ #define SSH_MAX_IDENTITY_FILES 100 +/* + * Maximum length of lines in authorized_keys file. + * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with + * some room for options and comments. + */ +#define SSH_MAX_PUBKEY_BYTES 8192 + /* * Major protocol version. Different version indicates major incompatibility * that prevents communication. diff --git a/sshd.8 b/sshd.8 index 83d0f48d2..2ac7b7274 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -420,7 +420,9 @@ or .Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long -(because of the size of the public key encoding). +(because of the size of the public key encoding) up to a limit of +8 kilobytes, which permits DSA keys up to 8 kilobits and RSA +keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub -- cgit v1.2.3 From c0dc1c9bfa127516b8758c1ee1ba3cbd29359ad2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:58:11 +1100 Subject: Resync Ids --- regress/dynamic-forward.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 321fde4cd..4674a7baf 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dynamic-forward.sh,v 1.3 2004/02/28 12:16:57 dtucker Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" -- cgit v1.2.3 From a372960fa9b7a6723910205bf8c05243076ff0ee Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:00:27 +1100 Subject: - djm@cvs.openbsd.org 2004/06/26 06:16:07 [reexec.sh] don't change the name of the copied sshd for the reexec fallback test, makes life simpler for portable --- ChangeLog | 7 ++++++- regress/reexec.sh | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 513df22d0..238318846 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,11 @@ [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - djm@cvs.openbsd.org 2004/06/26 06:16:07 + [reexec.sh] + don't change the name of the copied sshd for the reexec fallback test, + makes life simpler for portable 20041203 - (dtucker) OpenBSD CVS Sync @@ -1894,4 +1899,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3590 2004/12/06 11:47:41 dtucker Exp $ +$Id: ChangeLog,v 1.3591 2004/12/06 12:00:27 dtucker Exp $ diff --git a/regress/reexec.sh b/regress/reexec.sh index 39fffefbc..ce3dd86a7 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $ +# $OpenBSD: reexec.sh,v 1.4 2004/06/26 06:16:07 djm Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -6,7 +6,7 @@ tid="reexec tests" DATA=/bin/ls COPY=${OBJ}/copy SSHD_ORIG=$SSHD -SSHD_COPY=$OBJ/sshd.copy +SSHD_COPY=$OBJ/sshd # Start a sshd and then delete it start_sshd_copy_zap () -- cgit v1.2.3 From ccf077918587d9f881dd31577e2129d301572b13 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:03:27 +1100 Subject: - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 [scp.sh] Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ --- ChangeLog | 5 ++++- regress/scp.sh | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 238318846..d8b535fcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ [reexec.sh] don't change the name of the copied sshd for the reexec fallback test, makes life simpler for portable + - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 + [scp.sh] + Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1899,4 +1902,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3591 2004/12/06 12:00:27 dtucker Exp $ +$Id: ChangeLog,v 1.3592 2004/12/06 12:03:27 dtucker Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index 6b5664283..39e8af4c6 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $ +# $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $ # Placed in the Public Domain. tid="scp" @@ -64,6 +64,19 @@ cp ${DATA} ${DIR}/copy $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" +if [ ! -z "$SUDO" ]; then + verbose "$tid: skipped file after scp -p with failed chown+utimes" + scpclean + cp -p ${DATA} ${DIR}/copy + cp -p ${DATA} ${DIR}/copy2 + cp ${DATA} ${DIR2}/copy + chmod 660 ${DIR2}/copy + $SUDO chown root ${DIR2}/copy + $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 + diff -rN ${DIR} ${DIR2} || fail "corrupted copy" + $SUDO rm ${DIR2}/copy +fi + for i in 0 1 2 3 4; do verbose "$tid: disallow bad server #$i" SCPTESTMODE=badserver_$i -- cgit v1.2.3 From 3206e57e935870eb9a00a8aef3f3f1e70295b88d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:04:57 +1100 Subject: - david@cvs.openbsd.org 2004/07/09 19:45:43 [Makefile] add a missing CLEANFILES used in the re-exec test --- ChangeLog | 5 ++++- regress/Makefile | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d8b535fcb..2ac3b4330 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,9 @@ - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 [scp.sh] Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ + - david@cvs.openbsd.org 2004/07/09 19:45:43 + [Makefile] + add a missing CLEANFILES used in the re-exec test 20041203 - (dtucker) OpenBSD CVS Sync @@ -1902,4 +1905,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3592 2004/12/06 12:03:27 dtucker Exp $ +$Id: ChangeLog,v 1.3593 2004/12/06 12:04:57 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index dba6d0bde..dc7b6e35a 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $ +# $OpenBSD: Makefile,v 1.32 2004/07/09 19:45:43 david Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -43,7 +43,7 @@ LTESTS= connect \ USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ authorized_keys_${USER} known_hosts pidfile \ - ssh_config ssh_proxy sshd_config sshd_proxy \ + ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ ls.copy banner.in banner.out empty.in \ -- cgit v1.2.3 From 71b5643598d301a1a03c4845ff0eb159998a5fcf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:05:52 +1100 Subject: - djm@cvs.openbsd.org 2004/10/08 02:01:50 [reexec.sh] shrink and tidy; ok dtucker@ --- ChangeLog | 5 +++- regress/reexec.sh | 71 ++++++++++++++++++++++--------------------------------- 2 files changed, 32 insertions(+), 44 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2ac3b4330..34a8e81fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ - david@cvs.openbsd.org 2004/07/09 19:45:43 [Makefile] add a missing CLEANFILES used in the re-exec test + - djm@cvs.openbsd.org 2004/10/08 02:01:50 + [reexec.sh] + shrink and tidy; ok dtucker@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1905,4 +1908,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3593 2004/12/06 12:04:57 dtucker Exp $ +$Id: ChangeLog,v 1.3594 2004/12/06 12:05:52 dtucker Exp $ diff --git a/regress/reexec.sh b/regress/reexec.sh index ce3dd86a7..d69b8c577 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.4 2004/06/26 06:16:07 djm Exp $ +# $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -9,33 +9,37 @@ SSHD_ORIG=$SSHD SSHD_COPY=$OBJ/sshd # Start a sshd and then delete it -start_sshd_copy_zap () +start_sshd_copy () { cp $SSHD_ORIG $SSHD_COPY SSHD=$SSHD_COPY start_sshd - rm -f $SSHD_COPY SSHD=$SSHD_ORIG } +# Do basic copy tests +copy_tests () +{ + rm -f ${COPY} + for p in 1 2; do + verbose "$tid: proto $p" + ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ + cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + rm -f ${COPY} + done +} + verbose "test config passing" -cp $OBJ/sshd_config $OBJ/sshd_config.orig +cp $OBJ/sshd_config $OBJ/sshd_config.orig start_sshd - echo "InvalidXXX=no" >> $OBJ/sshd_config -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE @@ -44,19 +48,10 @@ cp $OBJ/sshd_config.orig $OBJ/sshd_config verbose "test reexec fallback" -start_sshd_copy_zap - -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +start_sshd_copy +rm -f $SSHD_COPY + +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE @@ -66,22 +61,12 @@ verbose "test reexec fallback without privsep" cp $OBJ/sshd_config.orig $OBJ/sshd_config echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config -start_sshd_copy_zap - -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +start_sshd_copy +rm -f $SSHD_COPY + +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE -cp $OBJ/sshd_config.orig $OBJ/sshd_config -- cgit v1.2.3 From 124f58ecba39525af88e0619105656d383e515ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:07:37 +1100 Subject: - djm@cvs.openbsd.org 2004/10/29 23:59:22 [Makefile added brokenkeys.sh] regression test for handling of corrupt keys in authorized_keys file --- ChangeLog | 5 ++++- regress/Makefile | 5 +++-- regress/brokenkeys.sh | 23 +++++++++++++++++++++++ 3 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 regress/brokenkeys.sh diff --git a/ChangeLog b/ChangeLog index 34a8e81fe..5c0c14803 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,9 @@ - djm@cvs.openbsd.org 2004/10/08 02:01:50 [reexec.sh] shrink and tidy; ok dtucker@ + - djm@cvs.openbsd.org 2004/10/29 23:59:22 + [Makefile added brokenkeys.sh] + regression test for handling of corrupt keys in authorized_keys file 20041203 - (dtucker) OpenBSD CVS Sync @@ -1908,4 +1911,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3594 2004/12/06 12:05:52 dtucker Exp $ +$Id: ChangeLog,v 1.3595 2004/12/06 12:07:37 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index dc7b6e35a..3e22d547f 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.32 2004/07/09 19:45:43 david Exp $ +# $OpenBSD: Makefile,v 1.33 2004/10/29 23:59:22 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -38,7 +38,8 @@ LTESTS= connect \ dynamic-forward \ forwarding \ multiplex \ - reexec + reexec \ + brokenkeys USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ diff --git a/regress/brokenkeys.sh b/regress/brokenkeys.sh new file mode 100644 index 000000000..3e70c348a --- /dev/null +++ b/regress/brokenkeys.sh @@ -0,0 +1,23 @@ +# $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ +# Placed in the Public Domain. + +tid="broken keys" + +KEYS="$OBJ/authorized_keys_${USER}" + +start_sshd + +mv ${KEYS} ${KEYS}.bak + +# Truncated key +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS +cat ${KEYS}.bak >> ${KEYS} +cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER + +${SSH} -2 -F $OBJ/ssh_config somehost true +if [ $? -ne 0 ]; then + fail "ssh connect with protocol $p failed" +fi + +mv ${KEYS}.bak ${KEYS} + -- cgit v1.2.3 From 79ec66e980ff830b8503dc4bde9c022b23c7825c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:12:15 +1100 Subject: - djm@cvs.openbsd.org 2004/11/07 00:32:41 [multiplex.sh] regression tests for new multiplex commands --- ChangeLog | 5 ++++- regress/multiplex.sh | 23 ++++++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c0c14803..ad4a56966 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,9 @@ - djm@cvs.openbsd.org 2004/10/29 23:59:22 [Makefile added brokenkeys.sh] regression test for handling of corrupt keys in authorized_keys file + - djm@cvs.openbsd.org 2004/11/07 00:32:41 + [multiplex.sh] + regression tests for new multiplex commands 20041203 - (dtucker) OpenBSD CVS Sync @@ -1911,4 +1914,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3595 2004/12/06 12:07:37 dtucker Exp $ +$Id: ChangeLog,v 1.3596 2004/12/06 12:12:15 dtucker Exp $ diff --git a/regress/multiplex.sh b/regress/multiplex.sh index c0adf109f..15e518c86 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $ +# $OpenBSD: multiplex.sh,v 1.9 2004/11/07 00:32:41 djm Exp $ # Placed in the Public Domain. CTL=$OBJ/ctl-sock @@ -17,7 +17,11 @@ COPY=$OBJ/ls.copy start_sshd trace "start master, fork to background" -${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120 +${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & +MASTER_PID=$! + +# Wait for master to start and authenticate +sleep 5 verbose "test $tid: envpass" trace "env passing over multiplexed connection" @@ -75,6 +79,15 @@ for s in 0 1 4 5 44; do fi done -# kill master, remove control socket. ssh -MS will exit when sleep exits -$SUDO kill `cat $PIDFILE` -rm -f $CTL +trace "test check command" +${SSH} -S $CTL -Ocheck otherhost || fail "check command failed" + +trace "test exit command" +${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" + +# Wait for master to exit +sleep 2 + +ps -p $MASTER_PID >/dev/null && fail "exit command failed" + +cleanup -- cgit v1.2.3 From cc0603d4b6421fa3ce23c273bc254f5dd0a6f0f6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:13:50 +1100 Subject: - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 [test-exec.sh] Remove obsolete RhostsAuthentication from test config; ok markus@ --- ChangeLog | 5 ++++- regress/test-exec.sh | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad4a56966..85591f0b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,9 @@ - djm@cvs.openbsd.org 2004/11/07 00:32:41 [multiplex.sh] regression tests for new multiplex commands + - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 + [test-exec.sh] + Remove obsolete RhostsAuthentication from test config; ok markus@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1914,4 +1917,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3596 2004/12/06 12:12:15 dtucker Exp $ +$Id: ChangeLog,v 1.3597 2004/12/06 12:13:50 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 70250acd7..4e69658ce 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.24 2004/11/25 09:39:27 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -205,7 +205,6 @@ Host * ChallengeResponseAuthentication no HostbasedAuthentication no PasswordAuthentication no - RhostsRSAAuthentication no BatchMode yes StrictHostKeyChecking yes EOF -- cgit v1.2.3 From d028fea13a24c2728e00bba98e7ff73a0470792d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 23:16:29 +1100 Subject: - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 [test-exec.sh] Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ --- ChangeLog | 5 ++++- regress/test-exec.sh | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85591f0b4..162890ec5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,9 @@ - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 [test-exec.sh] Remove obsolete RhostsAuthentication from test config; ok markus@ + - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 + [test-exec.sh] + Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ 20041203 - (dtucker) OpenBSD CVS Sync @@ -1917,4 +1920,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3597 2004/12/06 12:13:50 dtucker Exp $ +$Id: ChangeLog,v 1.3598 2004/12/06 12:16:29 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 4e69658ce..a57e46e59 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.24 2004/11/25 09:39:27 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -83,7 +83,9 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then fi # Path to sshd must be absolute for rexec -SSHD=`which sshd` +if [ ! -x /$SSHD ]; then + SSHD=`which sshd` +fi # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP -- cgit v1.2.3 From 641b34c72b8509283b04c7f78e1ef88f25b8cb9b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 7 Dec 2004 11:26:15 +1100 Subject: - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. --- ChangeLog | 5 ++++- regress/scp.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 162890ec5..d2a382e9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20041207 + - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. + 20041206 - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ - (dtucker) OpenBSD CVS Sync @@ -1920,4 +1923,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3598 2004/12/06 12:16:29 dtucker Exp $ +$Id: ChangeLog,v 1.3599 2004/12/07 00:26:15 dtucker Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index 39e8af4c6..c3034b6e7 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -73,7 +73,7 @@ if [ ! -z "$SUDO" ]; then chmod 660 ${DIR2}/copy $SUDO chown root ${DIR2}/copy $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 - diff -rN ${DIR} ${DIR2} || fail "corrupted copy" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" $SUDO rm ${DIR2}/copy fi -- cgit v1.2.3 From 0f83d2907cc227b46ebd3e9771534b2c50cbd139 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 8 Dec 2004 18:29:58 -0800 Subject: [configure.ac] Comment some non obvious platforms in the target-specific case statement. Suggested and OK by dtucker@ --- ChangeLog | 6 +++++- configure.ac | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d2a382e9c..4c4ba7c1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20041208 + - (tim) [configure.ac] Comment some non obvious platforms in the + target-specific case statement. Suggested and OK by dtucker@ + 20041207 - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. @@ -1923,4 +1927,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3599 2004/12/07 00:26:15 dtucker Exp $ +$Id: ChangeLog,v 1.3600 2004/12/09 02:29:58 tim Exp $ diff --git a/configure.ac b/configure.ac index f60bbdd27..4b40b768a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.233 2004/11/07 09:14:34 dtucker Exp $ +# $Id: configure.ac,v 1.234 2004/12/09 02:29:59 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -348,12 +348,14 @@ mips-sony-bsd|mips-sony-newsos4) # Attention: always take care to bind libsocket and libnsl before libc, # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) ;; +# UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -362,6 +364,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-sysv*) ;; +# SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" @@ -381,6 +384,7 @@ mips-sony-bsd|mips-sony-newsos4) do_sco3_extra_lib_check=yes TEST_SHELL=ksh ;; +# SCO OpenServer 5.x *-*-sco3.2v5*) if test -z "$GCC"; then CFLAGS="$CFLAGS -belf" -- cgit v1.2.3 From 56c9598e5edacbb45d155eebafb3480c6efb7382 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Dec 2004 13:34:56 +1100 Subject: - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/12/06 16:00:43 [bufaux.c] use 0x00 not \0 since buf[] is a bignum --- ChangeLog | 8 +++++++- bufaux.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4c4ba7c1e..49b1472bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20041211 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/06 16:00:43 + [bufaux.c] + use 0x00 not \0 since buf[] is a bignum + 20041208 - (tim) [configure.ac] Comment some non obvious platforms in the target-specific case statement. Suggested and OK by dtucker@ @@ -1927,4 +1933,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3600 2004/12/09 02:29:58 tim Exp $ +$Id: ChangeLog,v 1.3601 2004/12/11 02:34:56 dtucker Exp $ diff --git a/bufaux.c b/bufaux.c index cbe77d5ae..4ea6af1b6 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.33 2004/10/29 23:56:17 djm Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $"); #include #include "bufaux.h" @@ -151,7 +151,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) return (-1); } buf = xmalloc(bytes); - buf[0] = '\0'; + buf[0] = 0x00; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); if (oi != bytes-1) { -- cgit v1.2.3 From 596dcfa21fba253b25020be8578efb6a1a1e30d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Dec 2004 13:37:22 +1100 Subject: - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 [sftp.c] - fix globbed ls for paths the same lenght as the globbed path when we have a unique matching. - fix globbed ls in case of a directory when we have a unique matching. - as a side effect, if the path does not exist error (used to silently ignore). - don't do extra do_lstat() if we only have one matching file. djm@ ok --- ChangeLog | 11 ++++++++++- sftp.c | 27 ++++++++++++++++----------- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49b1472bc..8c4cca4ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,15 @@ - markus@cvs.openbsd.org 2004/12/06 16:00:43 [bufaux.c] use 0x00 not \0 since buf[] is a bignum + - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 + [sftp.c] + - fix globbed ls for paths the same lenght as the globbed path when + we have a unique matching. + - fix globbed ls in case of a directory when we have a unique matching. + - as a side effect, if the path does not exist error (used to silently + ignore). + - don't do extra do_lstat() if we only have one matching file. + djm@ ok 20041208 - (tim) [configure.ac] Comment some non obvious platforms in the @@ -1933,4 +1942,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3601 2004/12/11 02:34:56 dtucker Exp $ +$Id: ChangeLog,v 1.3602 2004/12/11 02:37:22 dtucker Exp $ diff --git a/sftp.c b/sftp.c index 2c7b546f7..9e29cb02e 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.59 2004/11/29 07:41:24 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.60 2004/12/10 03:10:42 fgsch Exp $"); #ifdef USE_LIBEDIT #include @@ -746,12 +746,14 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, { glob_t g; int i, c = 1, colspace = 0, columns = 1; - Attrib *a; + Attrib *a = NULL; memset(&g, 0, sizeof(g)); if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, - NULL, &g)) { + NULL, &g) || (g.gl_pathc && !g.gl_matchc)) { + if (g.gl_pathc) + globfree(&g); error("Can't ls: \"%s\" not found", path); return (-1); } @@ -760,19 +762,21 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, goto out; /* - * If the glob returns a single match, which is the same as the - * input glob, and it is a directory, then just list its contents + * If the glob returns a single match and it is a directory, + * then just list its contents. */ - if (g.gl_pathc == 1 && - strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { - if ((a = do_lstat(conn, path, 1)) == NULL) { + if (g.gl_matchc == 1) { + if ((a = do_lstat(conn, g.gl_pathv[0], 1)) == NULL) { globfree(&g); return (-1); } if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && S_ISDIR(a->perm)) { + int err; + + err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag); globfree(&g); - return (do_ls_dir(conn, path, strip_path, lflag)); + return (err); } } @@ -792,7 +796,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, colspace = width / columns; } - for (i = 0; g.gl_pathv[i] && !interrupted; i++) { + for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { char *fname; fname = path_strip(g.gl_pathv[i], strip_path); @@ -809,7 +813,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, * that the server returns as well as the filenames. */ memset(&sb, 0, sizeof(sb)); - a = do_lstat(conn, g.gl_pathv[i], 1); + if (a == NULL) + a = do_lstat(conn, g.gl_pathv[i], 1); if (a != NULL) attrib_to_stat(a, &sb); lname = ls_file(fname, &sb, 1); -- cgit v1.2.3 From f0f90989fa7c22ab86ae7957b3af539584be375c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Dec 2004 13:39:50 +1100 Subject: - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] Fix debug call in error path of authorized_keys processing and fix related warnings; ok djm@ --- ChangeLog | 6 +++++- auth-rsa.c | 3 ++- auth2-pubkey.c | 3 ++- authfile.c | 5 +++-- misc.c | 8 ++++---- misc.h | 4 ++-- 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8c4cca4ba..cf68f4fb3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ ignore). - don't do extra do_lstat() if we only have one matching file. djm@ ok + - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] + Fix debug call in error path of authorized_keys processing and fix related + warnings; ok djm@ 20041208 - (tim) [configure.ac] Comment some non obvious platforms in the @@ -1942,4 +1946,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3602 2004/12/11 02:37:22 dtucker Exp $ +$Id: ChangeLog,v 1.3603 2004/12/11 02:39:50 dtucker Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 2060f8394..4378008d3 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); #include #include @@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); #include "hostfile.h" #include "monitor_wrap.h" #include "ssh.h" +#include "misc.h" /* import */ extern ServerOptions options; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 41e23bebd..a97d0f430 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $"); #include "ssh.h" #include "ssh2.h" @@ -41,6 +41,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); #include "auth-options.h" #include "canohost.h" #include "monitor_wrap.h" +#include "misc.h" /* import */ extern ServerOptions options; diff --git a/authfile.c b/authfile.c index 4038ab692..6a04cd7a9 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); #include #include @@ -51,6 +51,7 @@ RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $"); #include "log.h" #include "authfile.h" #include "rsa.h" +#include "misc.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -603,7 +604,7 @@ key_try_load_public(Key *k, const char *filename, char **commentp) FILE *f; char line[SSH_MAX_PUBKEY_BYTES]; char *cp; - int linenum = 0; + u_long linenum = 0; f = fopen(filename, "r"); if (f != NULL) { diff --git a/misc.c b/misc.c index d0cc53823..a90125505 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.27 2004/12/11 01:48:56 dtucker Exp $"); #include "misc.h" #include "log.h" @@ -339,15 +339,15 @@ addargs(arglist *args, char *fmt, ...) */ int read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, - int *lineno) + u_long *lineno) { while (fgets(buf, bufsz, f) != NULL) { (*lineno)++; if (buf[strlen(buf) - 1] == '\n' || feof(f)) { return 0; } else { - debug("%s: %s line %d exceeds size limit", __func__, - filename, lineno); + debug("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); /* discard remainder of line */ while(fgetc(f) != '\n' && !feof(f)) ; /* nothing */ diff --git a/misc.h b/misc.h index 4aab2ca01..193216fa9 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.20 2004/12/11 01:48:56 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -47,4 +47,4 @@ char *tilde_expand_filename(const char *, uid_t); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); -int read_keyfile_line(FILE *, const char *, char *, size_t, int *); +int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); -- cgit v1.2.3 From 442a383418dc3eb1809e66c966933071034d5325 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 13 Dec 2004 18:08:32 +1100 Subject: - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from amarendra.godbole at ge com. --- ChangeLog | 6 +++++- contrib/findssl.sh | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index cf68f4fb3..469fa4954 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20041213 + - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from + amarendra.godbole at ge com. + 20041211 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/12/06 16:00:43 @@ -1946,4 +1950,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3603 2004/12/11 02:39:50 dtucker Exp $ +$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $ diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 0c08d4a18..716abced5 100644 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh @@ -1,5 +1,7 @@ #!/bin/sh # +# $Id: findssl.sh,v 1.3 2004/12/13 07:08:33 dtucker Exp $ +# # findssl.sh # Search for all instances of OpenSSL headers and libraries # and print their versions. @@ -9,10 +11,11 @@ # Written by Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain. # -# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $ +# Release history: # 2002-07-27: Initial release. # 2002-08-04: Added public domain notice. # 2003-06-24: Incorporated readme, set library paths. First cvs version. +# 2004-12-13: Add traps to cleanup temp files, from Amarendra Godbole. # # "OpenSSL headers do not match your library" are usually caused by # OpenSSH's configure picking up an older version of OpenSSL headers @@ -63,6 +66,11 @@ CC=gcc STATIC=-static +# +# Cleanup on interrupt +# +trap 'rm -f conftest.c' INT HUP TERM + # # Set up conftest C source # -- cgit v1.2.3 From 8686ed75081958714f5d7768b5b0b8bcdd86b0ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Dec 2004 12:05:08 +1100 Subject: - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading from prngd is enabled at compile time but fails at run time, eg because prngd is not running. Note that if you have prngd running when OpenSSH is built, OpenSSL will consider itself internally seeded and rand-helper won't be built at all unless explicitly enabled via --with-rand-helper. ok djm@ --- ChangeLog | 9 ++++++++- ssh-rand-helper.c | 43 +++++++++++++++++++++++++++---------------- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 469fa4954..c6cf7b386 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20041220 + - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading + from prngd is enabled at compile time but fails at run time, eg because + prngd is not running. Note that if you have prngd running when OpenSSH is + built, OpenSSL will consider itself internally seeded and rand-helper won't + be built at all unless explicitly enabled via --with-rand-helper. ok djm@ + 20041213 - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from amarendra.godbole at ge com. @@ -1950,4 +1957,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3604 2004/12/13 07:08:32 dtucker Exp $ +$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 8cad53fe6..7cd081fab 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.19 2004/08/23 11:52:09 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -209,6 +209,22 @@ done: return rval; } +static int +seed_from_prngd(unsigned char *buf, size_t bytes) +{ +#ifdef PRNGD_PORT + debug("trying egd/prngd port %d", PRNGD_PORT); + if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) + return 0; +#endif +#ifdef PRNGD_SOCKET + debug("trying egd/prngd socket %s", PRNGD_SOCKET); + if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) + return 0; +#endif + return -1; +} + double stir_gettimeofday(double entropy_estimate) { @@ -815,21 +831,16 @@ main(int argc, char **argv) debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); -#ifdef PRNGD_PORT - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#elif defined(PRNGD_SOCKET) - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#else - /* Read in collection commands */ - if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) - fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", - (int)stir_from_programs()); -#endif + /* try prngd, fall back to commands if prngd fails or not configured */ + if (seed_from_prngd(buf, bytes) == 0) { + RAND_add(buf, bytes, bytes); + } else { + /* Read in collection commands */ + if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) + fatal("PRNG initialisation failed -- exiting."); + debug("Seeded RNG with %i bytes from programs", + (int)stir_from_programs()); + } #ifdef USE_SEED_FILES prng_write_seedfile(); -- cgit v1.2.3 From 5caa78b1b7f086329b2102821a1e09512740dd61 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Dec 2004 12:35:42 +1100 Subject: - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since on some wacky platforms (eg old AIXes), dd will refuse to create an output file if it doesn't exist. --- ChangeLog | 5 ++++- regress/rekey.sh | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c6cf7b386..797ff28bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ prngd is not running. Note that if you have prngd running when OpenSSH is built, OpenSSL will consider itself internally seeded and rand-helper won't be built at all unless explicitly enabled via --with-rand-helper. ok djm@ + - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since + on some wacky platforms (eg old AIXes), dd will refuse to create an output + file if it doesn't exist. 20041213 - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from @@ -1957,4 +1960,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3605 2004/12/20 01:05:08 dtucker Exp $ +$Id: ChangeLog,v 1.3606 2004/12/20 01:35:42 dtucker Exp $ diff --git a/regress/rekey.sh b/regress/rekey.sh index 6b7e845ec..3c5f266fc 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh @@ -8,6 +8,7 @@ COPY=${OBJ}/copy LOG=${OBJ}/log rm -f ${COPY} ${LOG} ${DATA} +touch ${DATA} dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1 for s in 16 1k 128k 256k; do -- cgit v1.2.3 From 72c025d9f0f494d6816f045819b9be05fc915730 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 18 Jan 2005 12:05:18 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement "make survey" and "make send-survey". This will provide data on the configure parameters, platform and platform features to the development team, which will allow (among other things) better targetting of testing. It's entirely voluntary and is off be default. ok djm@ --- .cvsignore | 2 ++ ChangeLog | 9 +++++++- INSTALL | 17 +++++++++++++-- Makefile.in | 15 +++++++++++--- configure.ac | 5 +++-- survey.sh.in | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 107 insertions(+), 8 deletions(-) create mode 100644 survey.sh.in diff --git a/.cvsignore b/.cvsignore index e38a50bbd..397691f1b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -23,3 +23,5 @@ buildit.sh buildpkg.sh autom4te.cache ssh-rand-helper +survey.sh +survey diff --git a/ChangeLog b/ChangeLog index 797ff28bf..2cead3c87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20040118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + 20041220 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading from prngd is enabled at compile time but fails at run time, eg because @@ -1960,4 +1967,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3606 2004/12/20 01:35:42 dtucker Exp $ +$Id: ChangeLog,v 1.3607 2005/01/18 01:05:18 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 26d62976b..4fc3744f3 100644 --- a/INSTALL +++ b/INSTALL @@ -200,7 +200,20 @@ running and has collected some Entropy. For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. -4. Problems? +4. (Optional) Send survey +------------------------- + +$ make survey +[check the contents and make sure there's no sensitive information] +$ make send-survey + +This will send configuration information for the currently configured +host to a survey address. This will help determine which configurations +are actually in use, and what valid combinations of configure options +exist. The raw data is available only to the OpenSSH developers, however +summary data may be published. + +5. Problems? ------------ If you experience problems compiling, installing or running OpenSSH. @@ -208,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ +$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 940e686b0..8a1c9f7c0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ +# $Id: Makefile.in,v 1.267 2005/01/18 01:05:18 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -195,13 +195,13 @@ moduli: clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.out core survey (cd openbsd-compat && $(MAKE) clean) distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) @@ -411,6 +411,15 @@ regressclean: (cd regress && $(MAKE) clean) \ fi +survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey + @echo 'The survey results have been placed in the file "survey" in the' + @echo 'current directory. Please review the file then send with' + @echo '"make send-survey".' + +send-survey: survey + mail portable-survey@mindrot.org &1`" +echo +configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` +echo "configure-invocation: $configinv" +echo +echo "host: $host" +echo +echo "uname: `uname`" +echo +echo "uname-r: `uname -r`" +echo +echo "uname-m: `uname -m`" +echo +echo "uname-p: `uname -p`" +echo +echo "oslevel: `oslevel 2>/dev/null`" +echo +echo "cc: $CC" +echo +echo "cflags: $CFLAGS" +echo +echo "cppflags: $CPPFLAGS" +echo +echo "ldflags: $LDFLAGS" +echo +echo "libs: $LIBS" +echo +echo "ccver-v: `$CC -v 2>&1`" +echo +echo "ccver-V: `$CC -V 2>&1`" +echo +echo "cppdefines:" +${CPP} -dM - Date: Tue, 18 Jan 2005 12:45:42 +1100 Subject: - (dtucker) [survey.sh.in] Remove any blank lines from the output of ccver-v and ccver-V. --- ChangeLog | 4 +++- survey.sh.in | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2cead3c87..82771c359 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ configure parameters, platform and platform features to the development team, which will allow (among other things) better targetting of testing. It's entirely voluntary and is off be default. ok djm@ + - (dtucker) [survey.sh.in] Remove any blank lines from the output of + ccver-v and ccver-V. 20041220 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading @@ -1967,4 +1969,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3607 2005/01/18 01:05:18 dtucker Exp $ +$Id: ChangeLog,v 1.3608 2005/01/18 01:45:42 dtucker Exp $ diff --git a/survey.sh.in b/survey.sh.in index 6a0c08df4..4123b6d12 100644 --- a/survey.sh.in +++ b/survey.sh.in @@ -55,9 +55,9 @@ echo "ldflags: $LDFLAGS" echo echo "libs: $LIBS" echo -echo "ccver-v: `$CC -v 2>&1`" +echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`" echo -echo "ccver-V: `$CC -V 2>&1`" +echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`" echo echo "cppdefines:" ${CPP} -dM - Date: Thu, 20 Jan 2005 10:55:46 +1100 Subject: - markus@cvs.openbsd.org 2004/12/23 17:35:48 [session.c] check for NULL; from mpech --- ChangeLog | 10 ++++++++-- session.c | 6 +++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 82771c359..ed505169d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,10 @@ -20040118 +20050120 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/23 17:35:48 + [session.c] + check for NULL; from mpech + +20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement "make survey" and "make send-survey". This will provide data on the configure parameters, platform and platform features to the development @@ -1969,4 +1975,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3608 2005/01/18 01:45:42 dtucker Exp $ +$Id: ChangeLog,v 1.3609 2005/01/19 23:55:46 dtucker Exp $ diff --git a/session.c b/session.c index 6844720d4..7f10abf7c 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -245,6 +245,10 @@ do_authenticated1(Authctxt *authctxt) u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); + if (s == NULL) { + error("no more sessions"); + return; + } s->authctxt = authctxt; s->pw = authctxt->pw; -- cgit v1.2.3 From 7cfeecf67008d5135718806fab6bda7f353e5f59 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 10:56:31 +1100 Subject: - markus@cvs.openbsd.org 2004/12/23 17:38:07 [ssh-keygen.c] leak; from mpech --- ChangeLog | 5 ++++- ssh-keygen.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed505169d..b5fdc2e4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2004/12/23 17:35:48 [session.c] check for NULL; from mpech + - markus@cvs.openbsd.org 2004/12/23 17:38:07 + [ssh-keygen.c] + leak; from mpech 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1975,4 +1978,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3609 2005/01/19 23:55:46 dtucker Exp $ +$Id: ChangeLog,v 1.3610 2005/01/19 23:56:31 dtucker Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index d39e7d881..7ed62a30c 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.118 2004/12/23 17:38:07 markus Exp $"); #include #include @@ -239,6 +239,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { + buffer_free(&b); xfree(type); return NULL; } -- cgit v1.2.3 From 0f3832322230ebc4b0fe5a2aca5cf9aaa8b0c3c1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 10:57:56 +1100 Subject: - djm@cvs.openbsd.org 2004/12/23 23:11:00 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@ --- ChangeLog | 6 +++++- servconf.c | 32 +++++++++++++++++++++++++++----- servconf.h | 3 ++- sshd.c | 16 ++++++---------- sshd_config | 3 ++- sshd_config.5 | 13 ++++++++++++- 6 files changed, 54 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index b5fdc2e4a..369fcbfbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2004/12/23 17:38:07 [ssh-keygen.c] leak; from mpech + - djm@cvs.openbsd.org 2004/12/23 23:11:00 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + bz #898: support AddressFamily in sshd_config. from + peak@argo.troja.mff.cuni.cz; ok deraadt@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1978,4 +1982,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3610 2005/01/19 23:56:31 dtucker Exp $ +$Id: ChangeLog,v 1.3611 2005/01/19 23:57:56 dtucker Exp $ diff --git a/servconf.c b/servconf.c index fae3c658e..541a9c85b 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.138 2004/12/23 23:11:00 djm Exp $"); #include "ssh.h" #include "log.h" @@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); -/* AF_UNSPEC or AF_INET or AF_INET6 */ -extern int IPv4or6; /* Use of privilege separation or not */ extern int use_privsep; @@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options) options->num_ports = 0; options->ports_from_cmdline = 0; options->listen_addrs = NULL; + options->address_family = -1; options->num_host_key_files = 0; options->pid_file = NULL; options->server_key_bits = -1; @@ -258,7 +257,8 @@ typedef enum { sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, - sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sTCPKeepAlive, @@ -335,6 +335,7 @@ static struct { { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, + { "addressfamily", sAddressFamily }, { "printmotd", sPrintMotd }, { "printlastlog", sPrintLastLog }, { "ignorerhosts", sIgnoreRhosts }, @@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port) if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + if (options->address_family == -1) + options->address_family = AF_UNSPEC; if (port == 0) for (i = 0; i < options->num_ports; i++) add_one_listen_addr(options, addr, options->ports[i]); @@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) int gaierr; memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; + hints.ai_family = options->address_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; snprintf(strport, sizeof strport, "%u", port); @@ -544,6 +547,25 @@ parse_time: filename, linenum); break; + case sAddressFamily: + arg = strdelim(&cp); + intptr = &options->address_family; + if (options->listen_addrs != NULL) + fatal("%s line %d: address family must be specified before " + "ListenAddress.", filename, linenum); + if (strcasecmp(arg, "inet") == 0) + value = AF_INET; + else if (strcasecmp(arg, "inet6") == 0) + value = AF_INET6; + else if (strcasecmp(arg, "any") == 0) + value = AF_UNSPEC; + else + fatal("%s line %d: unsupported address family \"%s\".", + filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; + case sHostKeyFile: intptr = &options->num_host_key_files; if (*intptr >= MAX_HOSTKEYS) diff --git a/servconf.h b/servconf.h index ebd056814..f7e56d521 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ /* * Author: Tatu Ylonen @@ -43,6 +43,7 @@ typedef struct { u_short ports[MAX_PORTS]; /* Port number to listen on. */ char *listen_addr; /* Address on which the server listens. */ struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ + int address_family; /* Address family used by the server. */ char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ int num_host_key_files; /* Number of files for host keys. */ char *pid_file; /* Where to put our pid */ diff --git a/sshd.c b/sshd.c index 92b1df10c..89f36a474 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.304 2004/09/25 03:45:14 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.305 2004/12/23 23:11:00 djm Exp $"); #include #include @@ -111,12 +111,6 @@ ServerOptions options; /* Name of the server configuration file. */ char *config_file_name = _PATH_SERVER_CONFIG_FILE; -/* - * Flag indicating whether IPv4 or IPv6. This can be set on the command line. - * Default value is AF_UNSPEC means both IPv4 and IPv6. - */ -int IPv4or6 = AF_UNSPEC; - /* * Debug mode flag. This can be set on the command line. If debug * mode is enabled, extra debugging output will be sent to the system @@ -920,10 +914,10 @@ main(int ac, char **av) while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { switch (opt) { case '4': - IPv4or6 = AF_INET; + options.address_family = AF_INET; break; case '6': - IPv4or6 = AF_INET6; + options.address_family = AF_INET6; break; case 'f': config_file_name = optarg; @@ -1024,7 +1018,6 @@ main(int ac, char **av) closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); SSLeay_add_all_algorithms(); - channel_set_af(IPv4or6); /* * Force logging to stderr until we have loaded the private host @@ -1074,6 +1067,9 @@ main(int ac, char **av) /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); + /* set default channel AF */ + channel_set_af(options.address_family); + /* Check that there are no remaining arguments. */ if (optind < ac) { fprintf(stderr, "Extra argument %s.\n", av[optind]); diff --git a/sshd_config b/sshd_config index 65e6f1c32..53ae9942e 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -12,6 +12,7 @@ #Port 22 #Protocol 2,1 +#AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: diff --git a/sshd_config.5 b/sshd_config.5 index 50b9a89b1..07f91b6ed 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $ +.\" $OpenBSD: sshd_config.5,v 1.37 2004/12/23 23:11:00 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted user environments. For this reason, care should be taken in the use of this directive. The default is not to accept any environment variables. +.It Cm AddressFamily +Specifies which address family should be used by +.Nm sshd . +Valid arguments are +.Dq any , +.Dq inet +(use IPv4 only) or +.Dq inet6 +(use IPv6 only). +The default is +.Dq any . .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. -- cgit v1.2.3 From b2161e37f5fb13ffaa3f70ad436ecec2ec13bfc4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 11:00:46 +1100 Subject: - markus@cvs.openbsd.org 2005/01/05 08:51:32 [sshconnect.c] remove dead code, log connect() failures with level error, ok djm@ --- ChangeLog | 5 ++++- sshconnect.c | 20 +++----------------- 2 files changed, 7 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 369fcbfbf..35fe08531 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ [servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@ + - markus@cvs.openbsd.org 2005/01/05 08:51:32 + [sshconnect.c] + remove dead code, log connect() failures with level error, ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1982,4 +1985,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3611 2005/01/19 23:57:56 dtucker Exp $ +$Id: ChangeLog,v 1.3612 2005/01/20 00:00:46 dtucker Exp $ diff --git a/sshconnect.c b/sshconnect.c index 11008e544..33ec4753a 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.159 2005/01/05 08:51:32 markus Exp $"); #include @@ -297,12 +297,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, * second). If proxy_command is non-NULL, it specifies the command (with %h * and %p substituted for host and port, respectively) to use to contact * the daemon. - * Return values: - * 0 for OK - * ECONNREFUSED if we got a "Connection Refused" by the peer on any address - * ECONNABORTED if we failed without a "Connection refused" - * Suitable error messages for the connection failure will already have been - * printed. */ int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, @@ -315,12 +309,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo hints, *ai, *aitop; struct servent *sp; - /* - * Did we get only other errors than "Connection refused" (which - * should block fallback to rsh and similar), or did we get at least - * one "Connection refused"? - */ - int full_failure = 1; debug2("ssh_connect: needpriv %d", needpriv); @@ -381,8 +369,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); break; } else { - if (errno == ECONNREFUSED) - full_failure = 0; debug("connect to address %s port %s: %s", ntop, strport, strerror(errno)); /* @@ -408,9 +394,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, /* Return failure if we didn't get a successful connection. */ if (attempt >= connection_attempts) { - logit("ssh: connect to host %s port %s: %s", + error("ssh: connect to host %s port %s: %s", host, strport, strerror(errno)); - return full_failure ? ECONNABORTED : ECONNREFUSED; + return (-1); } debug("Connection established."); -- cgit v1.2.3 From b3509014cec85818fb74d3b90073f3ca8745253e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 11:01:46 +1100 Subject: - jmc@cvs.openbsd.org 2005/01/08 00:41:19 [sshd_config.5] `login'(n) -> `log in'(v); --- ChangeLog | 5 ++++- sshd_config.5 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35fe08531..d3eb1047a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - markus@cvs.openbsd.org 2005/01/05 08:51:32 [sshconnect.c] remove dead code, log connect() failures with level error, ok djm@ + - jmc@cvs.openbsd.org 2005/01/08 00:41:19 + [sshd_config.5] + `login'(n) -> `log in'(v); 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1985,4 +1988,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3612 2005/01/20 00:00:46 dtucker Exp $ +$Id: ChangeLog,v 1.3613 2005/01/20 00:01:46 dtucker Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 07f91b6ed..e50b4bc4f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.37 2004/12/23 23:11:00 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.38 2005/01/08 00:41:19 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -466,7 +466,7 @@ server allows login to accounts with empty password strings. The default is .Dq no . .It Cm PermitRootLogin -Specifies whether root can login using +Specifies whether root can log in using .Xr ssh 1 . The argument must be .Dq yes , @@ -495,7 +495,7 @@ All other authentication methods are disabled for root. .Pp If this option is set to .Dq no -root is not allowed to login. +root is not allowed to log in. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment -- cgit v1.2.3 From f0e792ec1c84322e5e31c2ad2c89459f053c3388 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 11:02:26 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 [moduli.c] Correct spelling: SCHNOOR->SCHNORR; ok djm@ --- ChangeLog | 5 ++++- moduli.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3eb1047a..925239349 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - jmc@cvs.openbsd.org 2005/01/08 00:41:19 [sshd_config.5] `login'(n) -> `log in'(v); + - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 + [moduli.c] + Correct spelling: SCHNOOR->SCHNORR; ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1988,4 +1991,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3613 2005/01/20 00:01:46 dtucker Exp $ +$Id: ChangeLog,v 1.3614 2005/01/20 00:02:26 dtucker Exp $ diff --git a/moduli.c b/moduli.c index 581b03503..8b05248e2 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -56,7 +56,7 @@ #define QTYPE_UNKNOWN (0) #define QTYPE_UNSTRUCTURED (1) #define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) +#define QTYPE_SCHNORR (3) #define QTYPE_SOPHIE_GERMAIN (4) #define QTYPE_STRONG (5) @@ -530,7 +530,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) break; case QTYPE_UNSTRUCTURED: case QTYPE_SAFE: - case QTYPE_SCHNOOR: + case QTYPE_SCHNORR: case QTYPE_STRONG: case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); -- cgit v1.2.3 From ea7c8127ce64879f81d6267897162a2fbf173124 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 11:03:08 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 [sshd.c] Make debugging output continue after reexec; ok djm@ --- ChangeLog | 5 ++++- sshd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 925239349..33a2aaf4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 [moduli.c] Correct spelling: SCHNOOR->SCHNORR; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 + [sshd.c] + Make debugging output continue after reexec; ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1991,4 +1994,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3614 2005/01/20 00:02:26 dtucker Exp $ +$Id: ChangeLog,v 1.3615 2005/01/20 00:03:08 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 89f36a474..76aec80b0 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.305 2004/12/23 23:11:00 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.306 2005/01/17 22:48:39 dtucker Exp $"); #include #include @@ -1192,7 +1192,7 @@ main(int ac, char **av) } /* Initialize the log (it is reinitialized below in case we forked). */ - if (debug_flag && !inetd_flag) + if (debug_flag && (!inetd_flag || rexeced_flag)) log_stderr = 1; log_init(__progname, options.log_level, options.log_facility, log_stderr); -- cgit v1.2.3 From 611649ebf093bf030f2dde18103dde8c1af9226c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 11:05:34 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 [auth-bsdauth.c auth2-chall.c] Have keyboard-interactive code call the drivers even for responses for invalid logins. This allows the drivers themselves to decide how to handle them and prevent leaking information where possible. Existing behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@ --- ChangeLog | 10 +++++++++- auth-bsdauth.c | 5 ++++- auth2-chall.c | 11 +++-------- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33a2aaf4b..cef110384 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,14 @@ - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 [sshd.c] Make debugging output continue after reexec; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 + [auth-bsdauth.c auth2-chall.c] + Have keyboard-interactive code call the drivers even for responses for + invalid logins. This allows the drivers themselves to decide how to + handle them and prevent leaking information where possible. Existing + behaviour for bsdauth is maintained by checking authctxt->valid in the + bsdauth driver. Note that any third-party kbdint drivers will now need + to be able to handle responses for invalid logins. ok markus@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -1994,4 +2002,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3615 2005/01/20 00:03:08 dtucker Exp $ +$Id: ChangeLog,v 1.3616 2005/01/20 00:05:34 dtucker Exp $ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 2ac27a7a2..920c977d8 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" @@ -83,6 +83,9 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses) Authctxt *authctxt = ctx; int authok; + if (!authctxt->valid) + return -1; + if (authctxt->as == 0) error("bsdauth_respond: no bsd auth session"); diff --git a/auth2-chall.c b/auth2-chall.c index 486baaaa3..29234439c 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "ssh2.h" #include "auth.h" @@ -274,12 +274,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - if (authctxt->valid) { - res = kbdintctxt->device->respond(kbdintctxt->ctxt, - nresp, response); - } else { - res = -1; - } + res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { memset(response[i], 'r', strlen(response[i])); @@ -291,7 +286,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) switch (res) { case 0: /* Success! */ - authenticated = 1; + authenticated = authctxt->valid ? 1 : 0; break; case 1: /* Authentication needs further interaction */ -- cgit v1.2.3 From 36a3d60347f23528695e550317d5ba6d63e6b0f4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 12:43:38 +1100 Subject: - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm. --- ChangeLog | 5 ++++- auth-pam.c | 17 ++++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index cef110384..19101efd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@ + - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user + existence via keyboard-interactive/pam, in conjunction with previous + auth2-chall.c change; with Colin Watson and djm. 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -2002,4 +2005,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3616 2005/01/20 00:05:34 dtucker Exp $ +$Id: ChangeLog,v 1.3617 2005/01/20 01:43:38 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index a1b26cc59..996964fcd 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.119 2005/01/20 01:43:39 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -186,6 +186,7 @@ static int sshpam_account_status = -1; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; +static char badpw[] = "\b\n\r\177INCORRECT"; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -701,6 +702,12 @@ sshpam_query(void *ctx, char **name, char **info, **prompts = NULL; } if (type == PAM_SUCCESS) { + if (!sshpam_authctxt->valid || + (sshpam_authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) + fatal("Internal error: PAM auth " + "succeeded when it should have " + "failed"); import_environments(&buffer); *num = 0; **echo_on = 0; @@ -746,7 +753,12 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - buffer_put_cstring(&buffer, *resp); + if (sshpam_authctxt->valid && + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) + buffer_put_cstring(&buffer, *resp); + else + buffer_put_cstring(&buffer, badpw); if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { buffer_free(&buffer); return (-1); @@ -1093,7 +1105,6 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); - static char badpw[] = "\b\n\r\177INCORRECT"; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " -- cgit v1.2.3 From d231186fd0acb8fee480faf61c4e9e4cc6186faf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 13:27:56 +1100 Subject: - djm@cvs.openbsd.org 2004/12/22 02:13:19 [cipher-ctr.c cipher.c] remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@ (Id sync only: Portable will continue to support older OpenSSLs) --- ChangeLog | 7 ++++++- auth-pam.c | 26 ++++++++++++++++---------- cipher-ctr.c | 2 +- cipher.c | 2 +- 4 files changed, 24 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 19101efd6..9eab2b462 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,11 @@ behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@ + - djm@cvs.openbsd.org 2004/12/22 02:13:19 + [cipher-ctr.c cipher.c] + remove fallback AES support for old OpenSSL, as OpenBSD has had it for + many years now; ok deraadt@ + (Id sync only: Portable will continue to support older OpenSSLs) - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm. @@ -2005,4 +2010,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3617 2005/01/20 01:43:38 dtucker Exp $ +$Id: ChangeLog,v 1.3618 2005/01/20 02:27:56 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 996964fcd..5bffe338f 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.119 2005/01/20 01:43:39 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.120 2005/01/20 02:27:56 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -245,6 +245,17 @@ sshpam_password_change_required(int reqd) } } +/* Check ssh internal flags in addition to PAM */ + +static int +sshpam_login_allowed(Authctxt *ctxt) +{ + if (ctxt->valid && (ctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) + return 1; + return 0; +} + /* Import regular and PAM environment from subprocess */ static void import_environments(Buffer *b) @@ -702,9 +713,7 @@ sshpam_query(void *ctx, char **name, char **info, **prompts = NULL; } if (type == PAM_SUCCESS) { - if (!sshpam_authctxt->valid || - (sshpam_authctxt->pw->pw_uid == 0 && - options.permit_root_login != PERMIT_YES)) + if (!sshpam_login_allowed(sshpam_authctxt)) fatal("Internal error: PAM auth " "succeeded when it should have " "failed"); @@ -753,9 +762,7 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - if (sshpam_authctxt->valid && - (sshpam_authctxt->pw->pw_uid != 0 || - options.permit_root_login == PERMIT_YES)) + if (sshpam_login_allowed(sshpam_authctxt)) buffer_put_cstring(&buffer, *resp); else buffer_put_cstring(&buffer, badpw); @@ -1118,8 +1125,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) * by PermitRootLogin, use an invalid password to prevent leaking * information via timing (eg if the PAM config has a delay on fail). */ - if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && - options.permit_root_login != PERMIT_YES)) + if (!sshpam_login_allowed(authctxt)) sshpam_password = badpw; sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, @@ -1130,7 +1136,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; - if (sshpam_err == PAM_SUCCESS && authctxt->valid) { + if (sshpam_err == PAM_SUCCESS && sshpam_login_allowed(authctxt)) { debug("PAM: password authentication accepted for %.100s", authctxt->user); return 1; diff --git a/cipher-ctr.c b/cipher-ctr.c index 395dabedd..43f1ede57 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); #include diff --git a/cipher.c b/cipher.c index 075a4c5fc..64be0571f 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.72 2004/12/22 02:13:19 djm Exp $"); #include "xmalloc.h" #include "log.h" -- cgit v1.2.3 From d5bfa8f9d84b1abada09333994c8c889551a61fb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 13:29:51 +1100 Subject: Oops, did not intend to commit this yet --- auth-pam.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index 5bffe338f..6ce8c429b 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.120 2005/01/20 02:27:56 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -245,17 +245,6 @@ sshpam_password_change_required(int reqd) } } -/* Check ssh internal flags in addition to PAM */ - -static int -sshpam_login_allowed(Authctxt *ctxt) -{ - if (ctxt->valid && (ctxt->pw->pw_uid != 0 || - options.permit_root_login == PERMIT_YES)) - return 1; - return 0; -} - /* Import regular and PAM environment from subprocess */ static void import_environments(Buffer *b) @@ -713,7 +702,9 @@ sshpam_query(void *ctx, char **name, char **info, **prompts = NULL; } if (type == PAM_SUCCESS) { - if (!sshpam_login_allowed(sshpam_authctxt)) + if (!sshpam_authctxt->valid || + (sshpam_authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) fatal("Internal error: PAM auth " "succeeded when it should have " "failed"); @@ -762,7 +753,9 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - if (sshpam_login_allowed(sshpam_authctxt)) + if (sshpam_authctxt->valid && + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) buffer_put_cstring(&buffer, *resp); else buffer_put_cstring(&buffer, badpw); @@ -1125,7 +1118,8 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) * by PermitRootLogin, use an invalid password to prevent leaking * information via timing (eg if the PAM config has a delay on fail). */ - if (!sshpam_login_allowed(authctxt)) + if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) sshpam_password = badpw; sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, @@ -1136,7 +1130,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; - if (sshpam_err == PAM_SUCCESS && sshpam_login_allowed(authctxt)) { + if (sshpam_err == PAM_SUCCESS && authctxt->valid) { debug("PAM: password authentication accepted for %.100s", authctxt->user); return 1; -- cgit v1.2.3 From 33bc334a8bb6f20ca659f7d4f4669a04d54bd2e8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 22:07:29 +1100 Subject: - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ --- ChangeLog | 5 ++++- loginrec.h | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9eab2b462..ec830bbb7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,9 @@ - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm. + - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 + bytes to prevent errors from login_init_entry() when the username is + exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -2010,4 +2013,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3618 2005/01/20 02:27:56 dtucker Exp $ +$Id: ChangeLog,v 1.3619 2005/01/20 11:07:29 dtucker Exp $ diff --git a/loginrec.h b/loginrec.h index 7f932c296..6b7233256 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,7 +35,7 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.7 2003/06/03 02:18:50 djm Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.8 2005/01/20 11:07:30 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -62,7 +62,7 @@ union login_netinfo { /* string lengths - set very long */ #define LINFO_PROGSIZE 64 #define LINFO_LINESIZE 64 -#define LINFO_NAMESIZE 64 +#define LINFO_NAMESIZE 128 #define LINFO_HOSTSIZE 256 struct logininfo { -- cgit v1.2.3 From 3c66080aa26e5121805c80728a9c801b08a7870e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 22:20:50 +1100 Subject: - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from the list of available kbdint devices if UsePAM=no. ok djm@ --- ChangeLog | 4 +++- auth-chall.c | 7 +++++++ auth.h | 2 ++ auth2-chall.c | 24 ++++++++++++++++++++++++ 4 files changed, 36 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ec830bbb7..8af4ea5f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -2013,4 +2015,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3619 2005/01/20 11:07:29 dtucker Exp $ +$Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $ diff --git a/auth-chall.c b/auth-chall.c index a9d314dd2..e4f783096 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" #include "xmalloc.h" +#include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt) u_int i, numprompts; u_int *echo_on; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + device = devices[0]; /* we always use the 1st device for protocol 1 */ if (device == NULL) return NULL; diff --git a/auth.h b/auth.h index 760337bea..6c0089dc7 100644 --- a/auth.h +++ b/auth.h @@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); diff --git a/auth2-chall.c b/auth2-chall.c index 29234439c..384a543ee 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "xmalloc.h" #include "dispatch.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -71,6 +75,21 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { @@ -78,6 +97,11 @@ kbdint_alloc(const char *devs) Buffer b; int i; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); -- cgit v1.2.3 From 5c14c734295b9a30d71d110deb8307d5610d4c01 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 21:55:49 +1100 Subject: - otto@cvs.openbsd.org 2005/01/21 08:32:02 [auth-passwd.c sshd.c] Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@ --- ChangeLog | 10 +++++++++- auth-passwd.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- sshd.c | 11 ++++------- 3 files changed, 63 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8af4ea5f7..f33f2c242 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20050124 + - (dtucker) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/01/21 08:32:02 + [auth-passwd.c sshd.c] + Warn in advance for password and account expiry; initialize loginmsg + buffer earlier and clear it after privsep fork. ok and help dtucker@ + markus@ + 20050120 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/12/23 17:35:48 @@ -2015,4 +2023,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $ +$Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index 7a68e0562..2e5fbc73a 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -36,17 +36,27 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.32 2005/01/21 08:32:02 otto Exp $"); #include "packet.h" +#include "buffer.h" #include "log.h" #include "servconf.h" #include "auth.h" #include "auth-options.h" +extern Buffer loginmsg; extern ServerOptions options; int sys_auth_passwd(Authctxt *, const char *); +#ifdef HAVE_LOGIN_CAP +extern login_cap_t *lc; +#endif + + +#define DAY (24L * 60 * 60) /* 1 day in seconds */ +#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ + void disable_forwarding(void) { @@ -111,11 +121,46 @@ auth_password(Authctxt *authctxt, const char *password) } #ifdef BSD_AUTH +static void +warn_expiry(Authctxt *authctxt, auth_session_t *as) +{ + char buf[256]; + quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; + + pwwarntime = acwarntime = TWO_WEEKS; + + pwtimeleft = auth_check_change(as); + actimeleft = auth_check_expire(as); +#if HAVE_LOGIN_CAP + if (authctxt->valid) { + pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, + TWO_WEEKS); + acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS, + TWO_WEEKS); + } +#endif + if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { + daysleft = pwtimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your password will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } + if (actimeleft != 0 && actimeleft < acwarntime) { + daysleft = actimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your account will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } +} + int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; auth_session_t *as; + static int expire_checked = 0; as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", (char *)password); @@ -125,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) authctxt->force_pwchange = 1; return (1); } else { + if (!expire_checked) { + expire_checked = 1; + warn_expiry(authctxt, as); + } return (auth_close(as)); } } diff --git a/sshd.c b/sshd.c index 76aec80b0..7f268526f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.306 2005/01/17 22:48:39 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.307 2005/01/21 08:32:02 otto Exp $"); #include #include @@ -1664,9 +1664,6 @@ main(int ac, char **av) packet_set_nonblocking(); - /* prepare buffers to collect authentication messages */ - buffer_init(&loginmsg); - /* allocate authentication context */ authctxt = xmalloc(sizeof(*authctxt)); memset(authctxt, 0, sizeof(*authctxt)); @@ -1674,13 +1671,13 @@ main(int ac, char **av) /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; + /* prepare buffer to collect messages to display to user after login */ + buffer_init(&loginmsg); + if (use_privsep) if (privsep_preauth(authctxt) == 1) goto authenticated; - /* prepare buffer to collect messages to display to user after login */ - buffer_init(&loginmsg); - /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { -- cgit v1.2.3 From 094cd0ba02a3a29f170227dc0219e08c006c9b86 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 21:56:48 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 [auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@ --- ChangeLog | 6 +++++- auth.c | 25 ++++++++++++++----------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f33f2c242..fa31ec3ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@ + - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 + [auth.c] + Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and + DenyGroups. bz #909, ok djm@ 20050120 - (dtucker) OpenBSD CVS Sync @@ -2023,4 +2027,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $ +$Id: ChangeLog,v 1.3622 2005/01/24 10:56:48 dtucker Exp $ diff --git a/auth.c b/auth.c index 0956b0b19..4698e3990 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #ifdef HAVE_LOGIN_H #include @@ -153,8 +153,9 @@ allowed_user(struct passwd * pw) for (i = 0; i < options.num_deny_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) { - logit("User %.100s not allowed because listed in DenyUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because listed in DenyUsers", + pw->pw_name, hostname); return 0; } } @@ -166,16 +167,16 @@ allowed_user(struct passwd * pw) break; /* i < options.num_allow_users iff we break for loop */ if (i >= options.num_allow_users) { - logit("User %.100s not allowed because not listed in AllowUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not listed in AllowUsers", pw->pw_name, hostname); return 0; } } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { - logit("User %.100s not allowed because not in any group", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not in any group", pw->pw_name, hostname); return 0; } @@ -184,8 +185,9 @@ allowed_user(struct passwd * pw) if (ga_match(options.deny_groups, options.num_deny_groups)) { ga_free(); - logit("User %.100s not allowed because a group is listed in DenyGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because a group is listed in DenyGroups", + pw->pw_name, hostname); return 0; } /* @@ -196,8 +198,9 @@ allowed_user(struct passwd * pw) if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because none of user's groups are listed " + "in AllowGroups", pw->pw_name, hostname); return 0; } ga_free(); -- cgit v1.2.3 From 660db78af227f26c6e1ee4ca795400cd7b8ac056 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 21:57:11 +1100 Subject: - djm@cvs.openbsd.org 2005/01/23 10:18:12 [cipher.c] config option "Ciphers" should be case-sensitive; ok dtucker@ --- ChangeLog | 5 ++++- cipher.c | 10 ++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index fa31ec3ac..d271cf5e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ [auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@ + - djm@cvs.openbsd.org 2005/01/23 10:18:12 + [cipher.c] + config option "Ciphers" should be case-sensitive; ok dtucker@ 20050120 - (dtucker) OpenBSD CVS Sync @@ -2027,4 +2030,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3622 2005/01/24 10:56:48 dtucker Exp $ +$Id: ChangeLog,v 1.3623 2005/01/24 10:57:11 dtucker Exp $ diff --git a/cipher.c b/cipher.c index 64be0571f..beba4618d 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.72 2004/12/22 02:13:19 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -146,7 +146,7 @@ cipher_by_name(const char *name) { Cipher *c; for (c = ciphers; c->name != NULL; c++) - if (strcasecmp(c->name, name) == 0) + if (strcmp(c->name, name) == 0) return c; return NULL; } @@ -199,8 +199,10 @@ cipher_number(const char *name) Cipher *c; if (name == NULL) return -1; - c = cipher_by_name(name); - return (c==NULL) ? -1 : c->number; + for (c = ciphers; c->name != NULL; c++) + if (strcasecmp(c->name, name) == 0) + return c->number; + return -1; } char * -- cgit v1.2.3 From ba66df81a38c42c9e7419d1a564be9ae17b62268 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 21:57:40 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 [scp.c sftp.c] Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@ --- ChangeLog | 9 ++++++++- scp.c | 6 ++++-- sftp.c | 6 ++++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index d271cf5e5..5e77d1e9a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,13 @@ - djm@cvs.openbsd.org 2005/01/23 10:18:12 [cipher.c] config option "Ciphers" should be case-sensitive; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 + [scp.c sftp.c] + Have scp and sftp wait for the spawned ssh to exit before they exit + themselves. This prevents ssh from being unable to restore terminal + modes (not normally a problem on OpenBSD but common with -Portable + on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); + ok djm@ markus@ 20050120 - (dtucker) OpenBSD CVS Sync @@ -2030,4 +2037,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3623 2005/01/24 10:57:11 dtucker Exp $ +$Id: ChangeLog,v 1.3624 2005/01/24 10:57:40 dtucker Exp $ diff --git a/scp.c b/scp.c index 69b5fc6d3..f69fd05fc 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.118 2004/09/15 18:46:04 deraadt Exp $"); +RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -108,8 +108,10 @@ pid_t do_cmd_pid = -1; static void killchild(int signo) { - if (do_cmd_pid > 1) + if (do_cmd_pid > 1) { kill(do_cmd_pid, signo); + waitpid(do_cmd_pid, NULL, 0); + } _exit(1); } diff --git a/sftp.c b/sftp.c index 9e29cb02e..31c634994 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.60 2004/12/10 03:10:42 fgsch Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.61 2005/01/24 10:22:06 dtucker Exp $"); #ifdef USE_LIBEDIT #include @@ -150,8 +150,10 @@ int interactive_loop(int fd_in, int fd_out, char *file1, char *file2); static void killchild(int signo) { - if (sshpid > 1) + if (sshpid > 1) { kill(sshpid, SIGTERM); + waitpid(sshpid, NULL, 0); + } _exit(1); } -- cgit v1.2.3 From 1b7223c00552baefe032c3b4da9989738df5f0f9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 22:00:40 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 [moduli] Import new moduli; requested by deraadt@ a week ago --- ChangeLog | 5 +- moduli | 384 ++++++++++++++++++++++++++++++++------------------------------ 2 files changed, 203 insertions(+), 186 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e77d1e9a..3fa91cf9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@ + - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 + [moduli] + Import new moduli; requested by deraadt@ a week ago 20050120 - (dtucker) OpenBSD CVS Sync @@ -2037,4 +2040,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3624 2005/01/24 10:57:40 dtucker Exp $ +$Id: ChangeLog,v 1.3625 2005/01/24 11:00:40 dtucker Exp $ diff --git a/moduli b/moduli index 52639d336..a12de2192 100644 --- a/moduli +++ b/moduli @@ -1,186 +1,200 @@ -# $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $ - +# $OpenBSD: moduli,v 1.3 2005/01/24 10:29:06 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB -20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7 -20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97 -20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7 -20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B -20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3 -20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3 -20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB -20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383 -20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F -20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B -20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F -20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B -20031210005548 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB235892F3 -20031210005700 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB236C3F03 -20031210005841 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB238BC713 -20031210010040 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23B466C3 -20031210010119 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23BB1F8B -20031210010313 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E03DDB -20031210010335 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E130AB -20031210010422 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23EA20A3 -20031210010500 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23F1807B -20031210010628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2409DC07 -20031210010759 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2425487F -20031210010906 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24397A3F -20031210010945 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2440ABF7 -20031210011017 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2445C00B -20031210011059 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB244E4EBF -20031210011158 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB245E056B -20031210011340 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24808F43 -20031210011408 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24834C0B -20031210011517 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2495148B -20031210011632 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24A89B27 -20031210014802 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D3B9DD3 -20031210015017 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D463D83 -20031210015524 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D68288B -20031210015701 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D6C64C3 -20031210020258 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D94316B -20031210022106 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E1F8453 -20031210022738 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E4BDAC7 -20031210022948 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E5541E7 -20031210023056 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E56464B -20031210023414 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E695C8B -20031210024039 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E939ABF -20031210024457 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EAE295B -20031210024630 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EB2BDFB -20031210025118 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772ED059DB -20031210025540 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EECB4D3 -20031210025956 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F043973 -20031210030256 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F134903 -20031210030415 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F15B5EB -20031210030717 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F25BF3B -20031210030826 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F2670D7 -20031210031055 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F31E5F3 -20031210031311 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F3BFE2B -20031210032243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F83082B -20031210032437 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F898187 -20031210032703 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F95718B -20031210032953 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA3F5CB -20031210033059 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA48FEB -20031210033247 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FAA6267 -20031210033633 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FC1BE7B -20031210034313 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF18FA7 -20031210034507 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF84977 -20031210035121 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730233FBF -20031210035813 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773054E8F3 -20031210035955 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730597847 -20031210040259 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77306A1B57 -20031210040704 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308258FB -20031210040913 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308A63F7 -20031210042047 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DEEF8F -20031210042156 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DFE787 -20031210042511 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730F1D3CB -20031210042907 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773107039B -20031210043815 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731492E37 -20031210045243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731AB1953 -20031210054833 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C0B0F8B -20031210055609 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C1CF773 -20031210065401 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1CDD973F -20031210071146 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D11D9FB -20031210071754 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D1ED47B -20031210072552 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D32CE4F -20031210073644 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D4EC983 -20031210074309 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D5D4F07 -20031210075517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D7DE133 -20031210081718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1DC395C3 -20031210084322 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E1A5567 -20031210085218 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E3127AB -20031210090542 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E586AD7 -20031210093920 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1EC6C9D3 -20031210100616 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F19C713 -20031210103627 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F7B82B3 -20031210104559 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F95C2EF -20031210104836 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F969EAF -20031210110201 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FBEA0DF -20031210111610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE4C70B -20031210111837 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE50DBB -20031210112215 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE964FF -20031210124102 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F20F33023 -20031210125610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21208AFB -20031210130630 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F213CBA8B -20031210132517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21754843 -20031210132855 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2179D39B -20031210140211 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21E6E73B -20031210141340 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22068817 -20031210143133 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F223D6017 -20031210143812 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F224A70F3 -20031210150410 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22A24CFB -20031210153131 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22FAA253 -20031210153718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F23071C7B -20031210154203 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F230FFC0B -20031210161808 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2383B65B -20031210185714 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061924F36F3 -20031210204537 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C04AB3 -20031210205604 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C3734B -20031210210523 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C58A0B -20031210233701 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193680D03 -20031211013125 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193E1DD73 -20031211052015 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306194DA94E3 -20031211064439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619531A017 -20031211074935 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195731BAB -20031211081053 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195830BAB -20031211123240 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306196A4C097 -20031211160831 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061978B740B -20031211195847 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619889E1B3 -20031211201456 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619892ED83 -20031211221441 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619910A74B -20031211223303 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061991D35CB -20031211235558 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199712CCB -20031212005818 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199AE96DB -20031212033251 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619A50DDD3 -20031212053332 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619AB31B57 -20031212084926 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619B8949F7 -20031212130319 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619C84A1A3 -20031212192346 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E1B24BB -20031212210042 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E7F37FB -20031213002102 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619F59BABB -20031213061439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A0D9208F -20031213071620 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A115D66F -20031213072644 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1186097 -20031213090613 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A17DACC7 -20031213110037 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1F577E7 -20031213113226 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2113AC3 -20031213120232 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A22A232B -20031213121926 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A23443D3 -20031213130353 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A25D51E7 -20031213143149 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2B63CBB -20031213153322 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2F05FC7 -20031213180906 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A39439A3 -20031213183520 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3A7705F -20031213192228 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3D2DEA7 -20031213125532 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8050C3B -20031213125653 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8EB2F2B -20031213125813 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAB66F4B -20031213125934 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAFE508B -20031213130055 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EB96812B -20031213130217 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBB738CB -20031213130337 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBDB337F -20031213130458 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECA8B62B -20031213130619 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECBCE443 -20031213130740 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED1637DB -20031213130901 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED3EA08F -20031213131021 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EDC96C6B -20031213131142 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EEB92FCF -20031213131303 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F2D2CCF3 -20031213131424 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F6C89BBB -20031213131545 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F7962EDB -20031213131706 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F85A4767 -20031213131827 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F8A196C7 -20031213131947 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F94500EF -20031213132108 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FAF467BF -20031213132229 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB5A7803 -20031213132350 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB7D5467 -20031213132511 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FC4A16D7 -20031213132632 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FEEDC36F -20031213132752 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FFA077EF -20031213132913 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400725B7B -20031213133034 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400728FFB -20031213133155 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924011CFA13 -20031213133316 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240165703F -20031213133436 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240166BA7B -20031213133557 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924018E41B7 -20031213133718 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992402C07A93 +20040225025212 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7AFFE86A7 +20040225025304 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B01F83CB +20040225025357 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B03F2B73 +20040225025411 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B041C8C7 +20040225025444 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0546E93 +20040225025458 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0573767 +20040225025522 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0629E73 +20040225025545 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B06CD95B +20040225025616 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B07C93A3 +20040225025655 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B093C72B +20040225025710 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B096450B +20040225025750 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0AF2C83 +20040225025830 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0C7F1FF +20040225025845 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CB565B +20040225025858 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CD8557 +20040225025915 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D20473 +20040225025934 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D924F7 +20040225025952 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0DFD8BB +20040225030015 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0E8E59F +20040225030039 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0F43B0B +20040225030104 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0FEB103 +20040225030130 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B10AC3DB +20040225030149 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1122527 +20040225030214 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B11E494B +20040225030245 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B12E727B +20040225030319 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1416743 +20040225030347 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1507F2B +20040225030404 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1560FE3 +20040225030418 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1591CF7 +20040225030432 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B15B57FF +20040225030455 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B165D0AF +20040225030511 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B169C97F +20040225030551 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B182715B +20040225030621 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1920737 +20040225030648 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B19FB54B +20040225030718 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1AFAE87 +20040225030736 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1B5A7AF +20040225030753 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1BC3C47 +20040225030815 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1C6AF33 +20040225030831 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1CAD9FB +20040225030902 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1DC6A8F +20040225035226 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800C47CAB +20040225035359 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800D3866B +20040225035635 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800F43DFF +20040225035846 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448010B4D93 +20040225040147 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013094F3 +20040225040301 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013AA0FB +20040225040619 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480163EC83 +20040225040718 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448016AEB8F +20040225041023 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480190871F +20040225041328 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801B5F1B3 +20040225041740 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801ED6FBB +20040225041921 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801FEC44F +20040225042229 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802245FF7 +20040225042513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480246F93B +20040225042547 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802473F4F +20040225042707 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480253B03B +20040225043111 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480287CD9B +20040225043513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802BC32FB +20040225043609 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802C2125B +20040225043847 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E1B733 +20040225043925 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E2E963 +20040225044335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448031AC423 +20040225045303 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803A10E07 +20040225045443 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B0EF43 +20040225045518 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B15033 +20040225045923 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803E58317 +20040225050120 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803F9EB4F +20040225050333 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448041304B3 +20040225050524 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804279B2F +20040225050559 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804281047 +20040225050810 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448043F454F +20040225051113 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804672F1F +20040225051335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804809CB3 +20040225051442 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480489545F +20040225052303 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804FE918B +20040225062215 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9F68B3E7 +20040225063823 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FD47307 +20040225064402 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FF43C0F +20040225065646 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04740DB +20040225065825 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04B01BF +20040225070116 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA056DD47 +20040225074027 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA172E1B3 +20040225080343 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA217422F +20040225081159 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24927DB +20040225081331 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24C058B +20040225082528 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA2993EBF +20040225084537 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3242BE3 +20040225085012 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA33EF643 +20040225085829 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3729D77 +20040225090710 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3AC0143 +20040225091002 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3B8AE6B +20040225092648 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA42B65D7 +20040225093120 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4442793 +20040225093517 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA459441F +20040225094409 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA491BE4B +20040225095209 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4C4E437 +20040225095548 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4D5D7AB +20040225100531 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA51404EB +20040225100644 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5145C87 +20040225101834 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5609CBB +20040225102317 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA57AC86F +20040225103220 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B631A3 +20040225103355 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B98D2F +20040225103756 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5CEBAFB +20040225104020 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5D77CDF +20040225104557 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5F6FD9F +20040225110302 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA66A70DF +20040225110515 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6721A43 +20040225110913 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6879A53 +20040225111338 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA69FE2FB +20040225111911 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6C04F47 +20040225112902 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA7007CD3 +20040225143208 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8968A91B +20040225144922 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8987DF6B +20040225150309 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD899E0F8B +20040225161716 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A3A91CF +20040225163012 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A4CED2B +20040225175457 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B02C5DB +20040225182539 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B3E9D13 +20040225194030 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8BDE269B +20040225201420 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C203553 +20040225203219 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C40B747 +20040225203908 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C46ED83 +20040225210230 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C72586B +20040225212746 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CA15F2F +20040225214624 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CC34833 +20040225223007 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8D1B23AB +20040225234913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DC36C9B +20040226001353 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DF174B3 +20040226004101 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E24518B +20040226010652 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E543397 +20040226015415 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EB6152F +20040226022931 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EFD1773 +20040226025740 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8F3376D7 +20040226053010 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD90786CE3 +20040226054156 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD908AC36B +20040226081600 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91D61A43 +20040226083039 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91ED4AE3 +20040226092910 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9265F7DB +20040226112913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93696533 +20040226115826 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93A210A3 +20040226135326 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD949596D7 +20040226145128 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95096CCF +20040226153142 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95582C7B +20040226164905 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95FACE7B +20040226171921 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9633F443 +20040226182347 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD96BAC3A7 +20040226200555 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97972EFB +20040226202801 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97C0B5C3 +20040226214755 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9868011B +20040226215843 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9876E7FB +20040226220422 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD987B4983 +20040226222346 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD989D61D3 +20040227091438 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5737ECF +20040227101541 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5AE7363 +20040227160657 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7295F4F +20040227180410 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7A46573 +20040227225950 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC8E6D5E3 +20040227233727 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC9079B33 +20040228032633 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCA006227 +20040228060859 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCAAE6E63 +20040228101703 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCBBC54FB +20040228192850 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCE191D13 +20040229084451 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD1804AF3 +20040229164933 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD3887E07 +20040229210220 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD49457B7 +20040229222958 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD4EA3223 +20040301003324 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD566C79B +20040301030228 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD6032D8F +20040301040042 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD63B1113 +20040301073501 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD71C4A67 +20040301133631 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD8A0BBD3 +20040301165652 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD96E4053 +20040301184021 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD9D662FB +20040302045553 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDC5FE8E3 +20040302112648 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDDFE9D13 +20040302120026 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE1A5AD3 +20040302130757 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE5E4073 +20040302142004 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEA4AA9B +20040302145603 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEC2C32B +20040302212946 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE0652EC7 +20040303003544 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE127CF63 +20040303072925 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE2D793F3 +20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B +20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933 +20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783 +20040306205350 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E809C413 +20040309221333 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080ED7F9CFB +20040311222059 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F103209F +20040312160304 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F247861B +20040312210904 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F29D939F +20040316074005 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F8B1F7DB +20040317113309 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FAAE1F73 +20040317195246 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FB3F2B93 +20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B +20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF +20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737 -- cgit v1.2.3 From 218f178cb20c276027e972bff0208043fcf533a3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 Jan 2005 22:50:47 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 [auth-passwd.c] #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ --- ChangeLog | 5 ++++- auth-passwd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3fa91cf9c..703d8e670 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 [moduli] Import new moduli; requested by deraadt@ a week ago + - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 + [auth-passwd.c] + #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ 20050120 - (dtucker) OpenBSD CVS Sync @@ -2040,4 +2043,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3625 2005/01/24 11:00:40 dtucker Exp $ +$Id: ChangeLog,v 1.3626 2005/01/24 11:50:47 dtucker Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index 2e5fbc73a..fb14f5ce4 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.32 2005/01/21 08:32:02 otto Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $"); #include "packet.h" #include "buffer.h" @@ -131,7 +131,7 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) pwtimeleft = auth_check_change(as); actimeleft = auth_check_expire(as); -#if HAVE_LOGIN_CAP +#ifdef HAVE_LOGIN_CAP if (authctxt->valid) { pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, TWO_WEEKS); -- cgit v1.2.3 From 9b5495d23ee28fa77dc58a31953d3f6f86d5baa1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 1 Feb 2005 17:35:09 +1100 Subject: - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some platforms syslog will revert to its default values. This may result in messages from external libraries (eg libwrap) being sent to a different facility. --- ChangeLog | 8 +++++++- log.c | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 703d8e670..3abcb90b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050201 + - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some + platforms syslog will revert to its default values. This may result in + messages from external libraries (eg libwrap) being sent to a different + facility. + 20050124 - (dtucker) OpenBSD CVS Sync - otto@cvs.openbsd.org 2005/01/21 08:32:02 @@ -2043,4 +2049,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3626 2005/01/24 11:50:47 dtucker Exp $ +$Id: ChangeLog,v 1.3627 2005/02/01 06:35:09 dtucker Exp $ diff --git a/log.c b/log.c index 5d8625d15..bb95c6c39 100644 --- a/log.c +++ b/log.c @@ -194,6 +194,9 @@ void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { argv0 = av0; +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif switch (level) { case SYSLOG_LEVEL_QUIET: @@ -261,6 +264,19 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) (int) facility); exit(1); } + + /* + * If an external library (eg libwrap) attempts to use syslog + * immediately after reexec, syslog may be pointing to the wrong + * facility, so we force an open/close of syslog here. + */ +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + closelog(); +#endif } #define MSGBUFSIZ 1024 -- cgit v1.2.3 From 9dca099aec9ce1a5c67e2c0f737871c1e3126b90 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 1 Feb 2005 19:16:45 +1100 Subject: - (dtucker) [sshd_config.5] Bug #701: remove warning about keyboard-interactive since this is no longer the case. --- ChangeLog | 4 +++- sshd_config.5 | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3abcb90b5..301921de1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ platforms syslog will revert to its default values. This may result in messages from external libraries (eg libwrap) being sent to a different facility. + - (dtucker) [sshd_config.5] Bug #701: remove warning about + keyboard-interactive since this is no longer the case. 20050124 - (dtucker) OpenBSD CVS Sync @@ -2049,4 +2051,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3627 2005/02/01 06:35:09 dtucker Exp $ +$Id: ChangeLog,v 1.3628 2005/02/01 08:16:45 dtucker Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index e50b4bc4f..da6d97c68 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -479,9 +479,7 @@ The default is .Pp If this option is set to .Dq without-password -password authentication is disabled for root. Note that other authentication -methods (e.g., keyboard-interactive/PAM) may still allow root to login using -a password. +password authentication is disabled for root. .Pp If this option is set to .Dq forced-commands-only -- cgit v1.2.3 From ad7646a59ab05ed9d6c156ba952725f44c02de7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 10:43:59 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ --- ChangeLog | 6 ++++- configure.ac | 8 +++--- openbsd-compat/realpath.c | 69 ++++++++++++++++++++++++++++++++++------------- 3 files changed, 60 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 301921de1..eb897ec41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some platforms syslog will revert to its default values. This may result in @@ -2051,4 +2055,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3628 2005/02/01 08:16:45 dtucker Exp $ +$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ diff --git a/configure.ac b/configure.ac index d4151feb0..94d6b1e78 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.235 2005/01/18 01:05:18 dtucker Exp $ +# $Id: configure.ac,v 1.236 2005/02/01 23:44:00 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -877,9 +877,9 @@ AC_ARG_WITH(libedit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ - bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \ - futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getpeereid _getpty getrlimit getttyent glob inet_aton \ + bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ + freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ + getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 218fbecb2..7f73bd998 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -37,7 +37,7 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $"; +static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -67,17 +67,25 @@ char * realpath(const char *path, char *resolved) { struct stat sb; - int fd, n, needslash, serrno = 0; - char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN]; + int fd, n, needslash, serrno; + char *p, *q, wbuf[MAXPATHLEN]; int symlinks = 0; /* Save the starting point. */ - getcwd(start,MAXPATHLEN); +#ifndef HAVE_FCHDIR + char start[MAXPATHLEN]; + /* this is potentially racy but without fchdir we have no option */ + if (getcwd(start, sizeof(start)) == NULL) { + resolved[0] = '.'; + resolved[1] = '\0'; + return (NULL); + } +#endif if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + resolved[0] = '.'; + resolved[1] = '\0'; return (NULL); } - close(fd); /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ if (path[0] == '.' && path[1] == '\0') @@ -91,7 +99,10 @@ realpath(const char *path, char *resolved) * if it is a directory, then change to that directory. * get the current directory name and append the basename. */ - strlcpy(resolved, path, MAXPATHLEN); + if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { + serrno = ENAMETOOLONG; + goto err2; + } loop: q = strrchr(resolved, '/'); if (q != NULL) { @@ -114,11 +125,10 @@ loop: if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { if (++symlinks > MAXSYMLINKS) { - serrno = ELOOP; + errno = ELOOP; goto err1; } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) + if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) goto err1; resolved[n] = '\0'; goto loop; @@ -134,8 +144,11 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) + if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { + errno = ENAMETOOLONG; + goto err1; + } + if (getcwd(resolved, MAXPATHLEN) == NULL) goto err1; /* @@ -149,23 +162,43 @@ loop: if (*wbuf) { if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { - serrno = ENAMETOOLONG; + errno = ENAMETOOLONG; + goto err1; + } + if (needslash) { + if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; + goto err1; + } + } + if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; goto err1; } - if (needslash) - strlcat(resolved, "/", MAXPATHLEN); - strlcat(resolved, wbuf, MAXPATHLEN); } /* Go back to where we came from. */ +#ifdef HAVE_FCHDIR + if (fchdir(fd) < 0) { +#else if (chdir(start) < 0) { +#endif serrno = errno; goto err2; } + + /* It's okay if the close fails, what's an fd more or less? */ + (void)close(fd); return (resolved); -err1: chdir(start); -err2: errno = serrno; +err1: serrno = errno; +#ifdef HAVE_FCHDIR + (void)fchdir(fd); +#else + chdir(start); +#endif +err2: (void)close(fd); + errno = serrno; return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 42d9dc75ed2eefa6eeffc892f02eb164c1860603 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 17:10:11 +1100 Subject: - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@ --- ChangeLog | 6 +++++- auth.c | 7 +++++-- loginrec.h | 4 +++- openbsd-compat/bsd-cray.c | 4 ++-- openbsd-compat/bsd-cray.h | 6 +++--- openbsd-compat/port-aix.c | 7 +------ openbsd-compat/port-aix.h | 3 +-- 7 files changed, 20 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index eb897ec41..82758ca10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050202 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2055,4 +2059,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ +$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ diff --git a/auth.c b/auth.c index 4698e3990..dfc1be374 100644 --- a/auth.c +++ b/auth.c @@ -50,6 +50,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "misc.h" #include "bufaux.h" #include "packet.h" +#include "loginrec.h" /* import */ extern ServerOptions options; @@ -244,7 +245,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && strcmp(method, "password") == 0) - record_failed_login(authctxt->user, "ssh"); + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); #endif } @@ -468,7 +470,8 @@ getpwnamallow(const char *user) logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, "ssh"); + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); #endif return (NULL); } diff --git a/loginrec.h b/loginrec.h index 6b7233256..d1a12a853 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,7 +35,7 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.8 2005/01/20 11:07:30 dtucker Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -132,4 +132,6 @@ char *line_fullname(char *dst, const char *src, int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); +void record_failed_login(const char *, const char *, const char *); + #endif /* _HAVE_LOGINREC_H_ */ diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index f630366be..d1f1c059c 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $ + * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ * * bsd-cray.c * @@ -171,7 +171,7 @@ cray_access_denied(char *username) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { cray_login_failure((char *)user, IA_UDBERR); } diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index de6ba1a8d..774eceb5a 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm ) @@ -42,10 +42,10 @@ void cray_init_job(struct passwd *); void cray_job_termination_handler(int); void cray_login_failure(char *, int ); int cray_access_denied(char *); -#define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); extern char cray_tmpdir[]; +#define CUSTOM_FAILED_LOGIN 1 + #ifndef IA_SSHD # define IA_SSHD IA_LOGIN #endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index e7eb179ec..79d180211 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -28,8 +28,6 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" @@ -38,7 +36,6 @@ #include #include "port-aix.h" -extern ServerOptions options; extern Buffer loginmsg; # ifdef HAVE_SETAUTHDB @@ -280,10 +277,8 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 29e9751ce..751139004 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ /* * @@ -68,7 +68,6 @@ int sys_auth_allowed_user(struct passwd *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 int sys_auth_record_login(const char *, const char *, const char *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); -- cgit v1.2.3 From 9dc6c7dbec0716157e561036c480bca1bc3c7e47 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 18:30:33 +1100 Subject: - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case. --- ChangeLog | 6 +++++- session.c | 14 ++++++++++++-- sshd.c | 6 +++--- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 82758ca10..d9670f361 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2059,4 +2063,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ +$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $ diff --git a/session.c b/session.c index 7f10abf7c..4d7ac9de7 100644 --- a/session.c +++ b/session.c @@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); #endif /* _UNICOS */ + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + #ifdef _AIX { char *cp; if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - if ((cp = getenv("KRB5CCNAME")) != NULL) - child_set_env(&env, &envsize, "KRB5CCNAME", cp); read_environment_file(&env, &envsize, "/etc/environment"); } #endif diff --git a/sshd.c b/sshd.c index 7f268526f..23d6962c0 100644 --- a/sshd.c +++ b/sshd.c @@ -1030,13 +1030,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); -#ifdef _AIX /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment */ - unsetenv("KRB5CCNAME"); -#endif /* _AIX */ + if (getenv("KRB5CCNAME") != NULL) + unsetenv("KRB5CCNAME"); + #ifdef _UNICOS /* Cray can define user privs drop all privs now! * Not needed on PRIV_SU systems! -- cgit v1.2.3 From 2fba993080eba14e339d6a6666ee79580ee20f97 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 23:30:24 +1100 Subject: - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@ --- ChangeLog | 7 +++- auth.c | 5 ++- canohost.c | 3 +- canohost.h | 2 ++ configure.ac | 5 ++- defines.h | 11 ++++++- loginrec.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 130 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d9670f361..07ae663d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,11 @@ the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2063,4 +2068,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $ +$Id: ChangeLog,v 1.3632 2005/02/02 12:30:24 dtucker Exp $ diff --git a/auth.c b/auth.c index dfc1be374..b6c00c12b 100644 --- a/auth.c +++ b/auth.c @@ -244,7 +244,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) info); #ifdef CUSTOM_FAILED_LOGIN - if (authenticated == 0 && strcmp(method, "password") == 0) + if (authenticated == 0 && !authctxt->postponed && + (strcmp(method, "password") == 0 || + strncmp(method, "keyboard-interactive", 20) == 0) || + strcmp(method, "challenge-response") == 0) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif diff --git a/canohost.c b/canohost.c index 8ad684d6c..e5a6b6be3 100644 --- a/canohost.c +++ b/canohost.c @@ -20,7 +20,6 @@ RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); #include "canohost.h" static void check_ip_options(int, char *); -static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); /* * Return the canonical name of the host at the other end of the socket. The @@ -166,7 +165,7 @@ check_ip_options(int sock, char *ipaddr) #endif /* IP_OPTIONS */ } -static void +void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; diff --git a/canohost.h b/canohost.h index 4347b488a..df1f125e5 100644 --- a/canohost.h +++ b/canohost.h @@ -23,3 +23,5 @@ char *get_local_name(int); int get_remote_port(void); int get_local_port(void); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/configure.ac b/configure.ac index 94d6b1e78..86b26daf9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.236 2005/02/01 23:44:00 dtucker Exp $ +# $Id: configure.ac,v 1.237 2005/02/02 12:30:25 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -219,6 +219,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) check_for_hpux_broken_getaddrinfo=1 check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" @@ -256,6 +257,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) diff --git a/defines.h b/defines.h index 8c1d9c409..4d59408ad 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */ +/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ /* Constants */ @@ -644,6 +644,15 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +/* HP-UX 11.11 */ +#ifdef BTMP_FILE +# define _PATH_BTMP BTMP_FILE +#endif + +#if defined(USE_BTMP) && defined(_PATH_BTMP) +# define CUSTOM_FAILED_LOGIN +#endif + /** end of login recorder definitions */ #endif /* _DEFINES_H */ diff --git a/loginrec.c b/loginrec.c index 25aa29f2f..e77318ba3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -25,6 +25,27 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * The btmp logging code is derived from login.c from util-linux and is under + * the the following license: + * + * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + + /** ** loginrec.c: platform-independent login recording and lastlog retrieval **/ @@ -131,6 +152,8 @@ #include "loginrec.h" #include "log.h" #include "atomicio.h" +#include "packet.h" +#include "canohost.h" #ifdef HAVE_UTIL_H # include @@ -140,7 +163,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.62 2004/09/12 05:26:01 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.63 2005/02/02 12:30:25 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -1563,3 +1586,82 @@ lastlog_get_entry(struct logininfo *li) return (0); } #endif /* USE_LASTLOG */ + +#ifdef USE_BTMP + /* + * Logs failed login attempts in _PATH_BTMP if that exists. + * The most common login failure is to give password instead of username. + * So the _PATH_BTMP file checked for the correct permission, so that + * only root can read it. + */ + +void +record_failed_login(const char *username, const char *hostname, + const char *ttyn) +{ + int fd; + struct utmp ut; + struct sockaddr_storage from; + size_t fromlen = sizeof(from); + struct sockaddr_in *a4; + struct sockaddr_in6 *a6; + time_t t; + struct stat fst; + + if (geteuid() != 0) + return; + if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) { + debug("Unable to open the btmp file %s: %s", _PATH_BTMP, + strerror(errno)); + return; + } + if (fstat(fd, &fst) < 0) { + logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP, + strerror(errno)); + goto out; + } + if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ + logit("Excess permission or bad ownership on file %s", + _PATH_BTMP); + goto out; + } + + memset(&ut, 0, sizeof(ut)); + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_user, username, sizeof(ut.ut_user)); + strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line)); + + time(&t); + ut.ut_time = t; /* ut_time is not always a time_t */ + ut.ut_type = LOGIN_PROCESS; + ut.ut_pid = getpid(); + + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); + + if (packet_connection_is_on_socket() && + getpeername(packet_get_connection_in(), + (struct sockaddr *)&from, &fromlen) == 0) { + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET) { + a4 = (struct sockaddr_in *)&from; + memcpy(&ut.ut_addr, &(a4->sin_addr), + MIN_SIZEOF(ut.ut_addr, a4->sin_addr)); + } +#ifdef HAVE_ADDR_V6_IN_UTMP + if (from.ss_family == AF_INET6) { + a6 = (struct sockaddr_in6 *)&from; + memcpy(&ut.ut_addr_v6, &(a6->sin6_addr), + MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr)); + } +#endif + } + + if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut)) + error("Failed to write to %s: %s", _PATH_BTMP, + strerror(errno)); + +out: + close(fd); +} +#endif /* USE_BTMP */ -- cgit v1.2.3 From 269a1ea1c80a855d1eb74fccba6dd5c75947c5d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Feb 2005 00:20:53 +1100 Subject: - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@ --- ChangeLog | 6 +++++- Makefile.in | 4 ++-- auth.c | 42 +++++++++++++++++++++++++++++++++++++ auth.h | 1 + auth1.c | 12 +++++++++-- auth2.c | 15 ++++++++++++-- loginrec.c | 9 +++++++- monitor.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ monitor.h | 1 + monitor_wrap.c | 30 +++++++++++++++++++++++++++ monitor_wrap.h | 6 ++++++ session.c | 16 +++++++++++++++ sshd.c | 12 +++++++++++ 13 files changed, 211 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 07ae663d7..e2dc30e5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2068,4 +2072,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3632 2005/02/02 12:30:24 dtucker Exp $ +$Id: ChangeLog,v 1.3633 2005/02/02 13:20:53 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 8a1c9f7c0..c6cfef11a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.267 2005/01/18 01:05:18 dtucker Exp $ +# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -85,7 +85,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/auth.c b/auth.c index b6c00c12b..bbf3a54a4 100644 --- a/auth.c +++ b/auth.c @@ -51,6 +51,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "bufaux.h" #include "packet.h" #include "loginrec.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -251,6 +252,44 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) { + ssh_audit_event_t event; + + debug3("audit failed auth attempt, method %s euid %d", + method, (int)geteuid()); + /* + * Because the auth loop is used in both monitor and slave, + * we must be careful to send each event only once and with + * enough privs to write the event. + */ + event = audit_classify_auth(method); + switch(event) { + case AUTH_FAIL_NONE: + case AUTH_FAIL_PASSWD: + case AUTH_FAIL_KBDINT: + if (geteuid() == 0) + audit_event(event); + break; + case AUTH_FAIL_PUBKEY: + case AUTH_FAIL_HOSTBASED: + case AUTH_FAIL_GSSAPI: + /* + * This is required to handle the case where privsep + * is enabled but it's root logging in, since + * use_privsep won't be cleared until after a + * successful login. + */ + if (geteuid() == 0) + audit_event(event); + else + PRIVSEP(audit_event(event)); + break; + default: + error("unknown authentication audit event %d", event); + } + } +#endif } /* @@ -476,6 +515,9 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + audit_event(INVALID_USER); +#endif /* AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) diff --git a/auth.h b/auth.h index 6c0089dc7..8d1f93403 100644 --- a/auth.h +++ b/auth.h @@ -130,6 +130,7 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +#include "audit.h" void remove_kbdint_device(const char *); void disable_forwarding(void); diff --git a/auth1.c b/auth1.c index 2a9d18b9a..aeb5d8cb9 100644 --- a/auth1.c +++ b/auth1.c @@ -247,8 +247,12 @@ do_authloop(Authctxt *authctxt) #else /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(get_authname(type))) + !auth_root_allowed(get_authname(type))) { authenticated = 0; +# ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +# endif + } #endif #ifdef USE_PAM @@ -283,8 +287,12 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } packet_start(SSH_SMSG_FAILURE); packet_send(); diff --git a/auth2.c b/auth2.c index 60e261f7f..2727e0ff5 100644 --- a/auth2.c +++ b/auth2.c @@ -166,6 +166,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #ifdef USE_PAM if (options.use_pam) PRIVSEP(start_pam(authctxt)); +#endif +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(INVALID_USER)); #endif } setproctitle("%s%s", authctxt->valid ? user : "unknown", @@ -214,8 +217,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(method)) + !auth_root_allowed(method)) { authenticated = 0; +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +#endif + } #ifdef USE_PAM if (options.use_pam && authenticated) { @@ -255,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* now we can break out */ authctxt->success = 1; } else { - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/loginrec.c b/loginrec.c index e77318ba3..0fa9bdea7 100644 --- a/loginrec.c +++ b/loginrec.c @@ -154,6 +154,7 @@ #include "atomicio.h" #include "packet.h" #include "canohost.h" +#include "auth.h" #ifdef HAVE_UTIL_H # include @@ -163,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.63 2005/02/02 12:30:25 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -442,6 +443,12 @@ login_write(struct logininfo *li) if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line)) logit("Writing login record failed for %s", li->username); +#endif +#ifdef AUDIT_EVENTS + if (li->type == LTYPE_LOGIN) + audit_session_open(li->line); + else if (li->type == LTYPE_LOGOUT) + audit_session_close(li->line); #endif return (0); } diff --git a/monitor.c b/monitor.c index 00d4a785f..ce7784aa1 100644 --- a/monitor.c +++ b/monitor.c @@ -143,6 +143,11 @@ int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); #endif +#ifdef AUDIT_EVENTS +int mm_answer_audit_event(int, Buffer *); +int mm_answer_audit_command(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -186,6 +191,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, +#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -211,6 +219,10 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -238,6 +250,9 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, +#endif +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, #endif {0, 0, NULL} }; @@ -246,6 +261,10 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -609,6 +628,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif +#ifdef AUDIT_EVENTS + monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); +#endif return (0); } @@ -1491,6 +1513,49 @@ mm_answer_term(int sock, Buffer *req) exit(res); } +#ifdef AUDIT_EVENTS +/* Report that an audit event occurred */ +int +mm_answer_audit_event(int socket, Buffer *m) +{ + ssh_audit_event_t event; + + debug3("%s entering", __func__); + + event = buffer_get_int(m); + buffer_free(m); + switch(event) { + case AUTH_FAIL_PUBKEY: + case AUTH_FAIL_HOSTBASED: + case AUTH_FAIL_GSSAPI: + case LOGIN_EXCEED_MAXTRIES: + case LOGIN_ROOT_DENIED: + case CONNECTION_CLOSE: + audit_event(event); + break; + default: + fatal("Audit event type %d not permitted", event); + } + + return (0); +} + +int +mm_answer_audit_command(int socket, Buffer *m) +{ + u_int len; + char *cmd; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); + /* sanity check command, if so how? */ + audit_run_command(cmd); + xfree(cmd); + buffer_free(m); + return (0); +} +#endif /* AUDIT_EVENTS */ + void monitor_apply_keystate(struct monitor *pmonitor) { diff --git a/monitor.h b/monitor.h index 621a4ad18..13ce3e1ca 100644 --- a/monitor.h +++ b/monitor.h @@ -59,6 +59,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, MONITOR_REQ_TERM }; diff --git a/monitor_wrap.c b/monitor_wrap.c index 23857639b..983b24072 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1103,6 +1103,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#ifdef AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) diff --git a/monitor_wrap.h b/monitor_wrap.h index e5cf5718c..7ed241aa8 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -74,6 +74,12 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +#ifdef AUDIT_EVENTS +#include "audit.h" +void mm_audit_event(ssh_audit_event_t); +void mm_audit_run_command(const char *); +#endif + struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, int); diff --git a/session.c b/session.c index 4d7ac9de7..b645144c5 100644 --- a/session.c +++ b/session.c @@ -665,6 +665,18 @@ do_exec(Session *s, const char *command) debug("Forced command '%.900s'", command); } +#ifdef AUDIT_EVENTS + if (command != NULL) + PRIVSEP(audit_run_command(command)); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); + } +#endif + #ifdef GSSAPI if (options.gss_authentication) { temporarily_use_uid(s->pw); @@ -2321,6 +2333,10 @@ do_cleanup(Authctxt *authctxt) } #endif +#ifdef AUDIT_EVENTS + PRIVSEP(audit_event(CONNECTION_CLOSE)); +#endif + /* remove agent socket */ auth_sock_cleanup_proc(authctxt->pw); diff --git a/sshd.c b/sshd.c index 23d6962c0..e61870ea5 100644 --- a/sshd.c +++ b/sshd.c @@ -1628,6 +1628,9 @@ main(int ac, char **av) remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); +#ifdef AUDIT_EVENTS + audit_connection_from(remote_ip, remote_port); +#endif #ifdef LIBWRAP /* Check whether logins are denied from this host. */ if (packet_connection_is_on_socket()) { @@ -1697,6 +1700,10 @@ main(int ac, char **av) } authenticated: +#ifdef AUDIT_EVENTS + audit_event(AUTH_SUCCESS); +#endif + /* * In privilege separation, we fork another child and prepare * file descriptor passing. @@ -2010,5 +2017,10 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); +#ifdef AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) + audit_event(CONNECTION_ABANDON); +#endif _exit(i); } -- cgit v1.2.3 From b15931ae5b24c00888e1db6c4d456b1bb4e434da Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Feb 2005 00:37:14 +1100 Subject: - (dtucker) [added audit.c audit.h] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@ --- audit.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ audit.h | 56 ++++++++++++++++++++ 2 files changed, 237 insertions(+) create mode 100644 audit.c create mode 100644 audit.h diff --git a/audit.c b/audit.c new file mode 100644 index 000000000..13852a05e --- /dev/null +++ b/audit.c @@ -0,0 +1,181 @@ +/* $Id: audit.c,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef AUDIT_EVENTS + +#include "audit.h" +#include "log.h" +#include "auth.h" + +/* + * Care must be taken when using this since it WILL NOT be initialized when + * audit_connection_from() is called and MAY NOT be initialized when + * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using. + */ +extern Authctxt *the_authctxt; + +/* Maybe add the audit class to struct Authmethod? */ +ssh_audit_event_t +audit_classify_auth(const char *method) +{ + if (strcmp(method, "none") == 0) + return AUTH_FAIL_NONE; + else if (strcmp(method, "password") == 0) + return AUTH_FAIL_PASSWD; + else if (strcmp(method, "publickey") == 0 || + strcmp(method, "rsa") == 0) + return AUTH_FAIL_PUBKEY; + else if (strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0) + return AUTH_FAIL_KBDINT; + else if (strcmp(method, "hostbased") == 0 || + strcmp(method, "rhosts-rsa") == 0) + return AUTH_FAIL_HOSTBASED; + else if (strcmp(method, "gssapi-with-mic") == 0) + return AUTH_FAIL_GSSAPI; + else + return AUDIT_UNKNOWN; +} + +/* helper to return supplied username */ +const char * +audit_username(void) +{ + static const char unknownuser[] = "(unknown user)"; + static const char invaliduser[] = "(invalid user)"; + + if (the_authctxt == NULL || the_authctxt->user == NULL) + return (unknownuser); + if (!the_authctxt->valid) + return (invaliduser); + return (the_authctxt->user); +} + +const char * +audit_event_lookup(ssh_audit_event_t ev) +{ + int i; + static struct event_lookup_struct { + ssh_audit_event_t event; + const char *name; + } event_lookup[] = { + {LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, + {LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, + {AUTH_SUCCESS, "AUTH_SUCCESS"}, + {AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, + {AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, + {AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, + {AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, + {AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, + {AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, + {INVALID_USER, "INVALID_USER"}, + {NOLOGIN, "NOLOGIN"}, + {CONNECTION_CLOSE, "CONNECTION_CLOSE"}, + {CONNECTION_ABANDON, "CONNECTION_ABANDON"}, + {AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} + }; + + for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++) + if (event_lookup[i].event == ev) + break; + return(event_lookup[i].name); +} + +# ifndef CUSTOM_AUDIT_EVENTS +/* + * Null implementations of audit functions. + * These get used if AUDIT_EVENTS is defined but no audit module is enabled. + */ + +/* + * Called after a connection has been accepted but before any authentication + * has been attempted. + */ +void +audit_connection_from(const char *host, int port) +{ + debug("audit connection from %s port %d euid %d", host, port, + (int)geteuid()); +} + +/* + * Called when various events occur (see audit.h for a list of possible + * events and what they mean). + */ +void +audit_event(ssh_audit_event_t event) +{ + debug("audit event euid %d user %s event %d (%s)", geteuid(), + audit_username(), event, audit_event_lookup(event)); +} + +/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * + * Note that this may be called multiple times if multiple sessions are used + * within a single connection. + */ +void +audit_session_open(const char *ttyn) +{ + const char *t = ttyn ? ttyn : "(no tty)"; + + debug("audit session open euid %d user %s tty name %s", geteuid(), + audit_username(), t); +} + +/* + * Called when a user session is closed. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * + * Note that this may be called multiple times if multiple sessions are used + * within a single connection. + */ +void +audit_session_close(const char *ttyn) +{ + const char *t = ttyn ? ttyn : "(no tty)"; + + debug("audit session close euid %d user %s tty name %s", geteuid(), + audit_username(), t); +} + +/* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows + * multiple sessions within a single connection. + */ +void +audit_run_command(const char *command) +{ + debug("audit run command euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); +} +# endif /* !defined CUSTOM_AUDIT_EVENTS */ +#endif /* AUDIT_EVENTS */ diff --git a/audit.h b/audit.h new file mode 100644 index 000000000..2c1437391 --- /dev/null +++ b/audit.h @@ -0,0 +1,56 @@ +/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "auth.h" + +#ifndef _SSH_AUDIT_H +# define _SSH_AUDIT_H +enum ssh_audit_event_type { + LOGIN_EXCEED_MAXTRIES, + LOGIN_ROOT_DENIED, + AUTH_SUCCESS, + AUTH_FAIL_NONE, + AUTH_FAIL_PASSWD, + AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + AUTH_FAIL_GSSAPI, + INVALID_USER, + NOLOGIN, /* denied by /etc/nologin, not implemented */ + CONNECTION_CLOSE, /* closed after attempting auth or session */ + CONNECTION_ABANDON, /* closed without completing auth */ + AUDIT_UNKNOWN +}; +typedef enum ssh_audit_event_type ssh_audit_event_t; + +void audit_connection_from(const char *, int); +void audit_event(ssh_audit_event_t); +void audit_session_open(const char *); +void audit_session_close(const char *); +void audit_run_command(const char *); +ssh_audit_event_t audit_classify_auth(const char *); + +#endif /* _SSH_AUDIT_H */ -- cgit v1.2.3 From 6dce99142b894d5ff62ede7a06f504e7c24d5d0a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Feb 2005 15:07:37 +1100 Subject: typo --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e2dc30e5a..448f3d1c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,7 +17,7 @@ - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by - default. with suggestions from and djm@ + default. with suggestions from and ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2072,4 +2072,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3633 2005/02/02 13:20:53 dtucker Exp $ +$Id: ChangeLog,v 1.3634 2005/02/03 04:07:37 dtucker Exp $ -- cgit v1.2.3 From 598ba7b5e20e8b4cb023069ad86a97b4032aa3da Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 4 Feb 2005 15:05:08 +1100 Subject: - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. --- ChangeLog | 5 ++++- monitor.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 448f3d1c3..c8f65b46b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050204 + - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + 20050202 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ @@ -2072,4 +2075,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3634 2005/02/03 04:07:37 dtucker Exp $ +$Id: ChangeLog,v 1.3635 2005/02/04 04:05:08 dtucker Exp $ diff --git a/monitor.c b/monitor.c index ce7784aa1..04534d759 100644 --- a/monitor.c +++ b/monitor.c @@ -1531,6 +1531,7 @@ mm_answer_audit_event(int socket, Buffer *m) case LOGIN_EXCEED_MAXTRIES: case LOGIN_ROOT_DENIED: case CONNECTION_CLOSE: + case INVALID_USER: audit_event(event); break; default: -- cgit v1.2.3 From 40d9a63788e66d3d330fbf76fbdfd9cc437cb334 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 4 Feb 2005 15:19:44 +1100 Subject: - (dtucker) [auth.c] Fix parens in audit log check. --- ChangeLog | 3 ++- auth.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c8f65b46b..9c36570c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20050204 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + - (dtucker) [auth.c] Fix parens in audit log check. 20050202 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath @@ -2075,4 +2076,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3635 2005/02/04 04:05:08 dtucker Exp $ +$Id: ChangeLog,v 1.3636 2005/02/04 04:19:44 dtucker Exp $ diff --git a/auth.c b/auth.c index bbf3a54a4..4b62ad8f7 100644 --- a/auth.c +++ b/auth.c @@ -247,8 +247,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && !authctxt->postponed && (strcmp(method, "password") == 0 || - strncmp(method, "keyboard-interactive", 20) == 0) || - strcmp(method, "challenge-response") == 0) + strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif -- cgit v1.2.3 From feb6f7f24424105e649dbb2b3433352eb29b6764 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Feb 2005 20:17:17 +1100 Subject: - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me. --- ChangeLog | 7 ++++++- regress/test-exec.sh | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9c36570c6..841c7bd32 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20050208 + - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the + regress tests so newer versions of GNU head(1) behave themselves. Patch + by djm, so ok me. + 20050204 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. - (dtucker) [auth.c] Fix parens in audit log check. @@ -2076,4 +2081,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3636 2005/02/04 04:19:44 dtucker Exp $ +$Id: ChangeLog,v 1.3637 2005/02/08 09:17:17 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index a57e46e59..4f10c2ba1 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -3,6 +3,10 @@ #SUDO=sudo +# Unbreak GNU head(1) +_POSIX2_VERSION=199209 +export _POSIX2_VERSION + if [ ! -z "$TEST_SSH_PORT" ]; then PORT="$TEST_SSH_PORT" else -- cgit v1.2.3 From b4d3012d2e9a0eb53c56565108c8278e45cefc77 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Feb 2005 21:06:55 +1100 Subject: - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. --- ChangeLog | 3 ++- openbsd-compat/port-aix.c | 15 +++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 841c7bd32..89424da03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 20050204 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. @@ -2081,4 +2082,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3637 2005/02/08 09:17:17 dtucker Exp $ +$Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 79d180211..27ab06158 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -36,6 +36,10 @@ #include #include "port-aix.h" +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); + extern Buffer loginmsg; # ifdef HAVE_SETAUTHDB @@ -49,6 +53,8 @@ static char old_registry[REGISTRY_SIZE] = ""; * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ + + void aix_usrinfo(struct passwd *pw) { @@ -260,10 +266,10 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) int success = 0; aix_setauthdb(user); - if (loginsuccess((char *)user, host, ttynm, &msg) == 0) { + if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", __func__, msg); + debug("AIX/loginsuccess: msg %s", msg); buffer_append(&loginmsg, msg, strlen(msg)); xfree(msg); } @@ -284,9 +290,10 @@ record_failed_login(const char *user, const char *hostname, const char *ttyname) aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); + loginfailed((char *)user, (char *)hostname, (char *)ttyname, + AUDIT_FAIL_AUTH); # else - loginfailed((char *)user, hostname, (char *)ttyname); + loginfailed((char *)user, (char *)hostname, (char *)ttyname); # endif aix_restoreauthdb(); } -- cgit v1.2.3 From 2e0cf0dca20e56eb5d95a80ba0004769c5bc4ba7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Feb 2005 21:52:47 +1100 Subject: - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX). --- ChangeLog | 6 +++++- audit.c | 56 ++++++++++++++++++++++++++++---------------------------- audit.h | 30 +++++++++++++++--------------- auth.c | 20 ++++++++++---------- auth1.c | 8 ++++---- auth2.c | 12 ++++++------ loginrec.c | 4 ++-- monitor.c | 30 +++++++++++++++--------------- monitor_wrap.c | 4 ++-- monitor_wrap.h | 2 +- session.c | 6 +++--- sshd.c | 10 +++++----- 12 files changed, 96 insertions(+), 92 deletions(-) diff --git a/ChangeLog b/ChangeLog index 89424da03..60e5374ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me. - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. + - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c + monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit + defines and enums with SSH_ to prevent namespace collisions on some + platforms (eg AIX). 20050204 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. @@ -2082,4 +2086,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ +$Id: ChangeLog,v 1.3639 2005/02/08 10:52:47 dtucker Exp $ diff --git a/audit.c b/audit.c index 13852a05e..18fc41047 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ +/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -26,7 +26,7 @@ #include "includes.h" -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS #include "audit.h" #include "log.h" @@ -44,22 +44,22 @@ ssh_audit_event_t audit_classify_auth(const char *method) { if (strcmp(method, "none") == 0) - return AUTH_FAIL_NONE; + return SSH_AUTH_FAIL_NONE; else if (strcmp(method, "password") == 0) - return AUTH_FAIL_PASSWD; + return SSH_AUTH_FAIL_PASSWD; else if (strcmp(method, "publickey") == 0 || strcmp(method, "rsa") == 0) - return AUTH_FAIL_PUBKEY; + return SSH_AUTH_FAIL_PUBKEY; else if (strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0) - return AUTH_FAIL_KBDINT; + return SSH_AUTH_FAIL_KBDINT; else if (strcmp(method, "hostbased") == 0 || strcmp(method, "rhosts-rsa") == 0) - return AUTH_FAIL_HOSTBASED; + return SSH_AUTH_FAIL_HOSTBASED; else if (strcmp(method, "gssapi-with-mic") == 0) - return AUTH_FAIL_GSSAPI; + return SSH_AUTH_FAIL_GSSAPI; else - return AUDIT_UNKNOWN; + return SSH_AUDIT_UNKNOWN; } /* helper to return supplied username */ @@ -84,32 +84,32 @@ audit_event_lookup(ssh_audit_event_t ev) ssh_audit_event_t event; const char *name; } event_lookup[] = { - {LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, - {LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, - {AUTH_SUCCESS, "AUTH_SUCCESS"}, - {AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, - {AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, - {AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, - {AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, - {AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, - {AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, - {INVALID_USER, "INVALID_USER"}, - {NOLOGIN, "NOLOGIN"}, - {CONNECTION_CLOSE, "CONNECTION_CLOSE"}, - {CONNECTION_ABANDON, "CONNECTION_ABANDON"}, - {AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} + {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, + {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, + {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"}, + {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, + {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, + {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, + {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, + {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, + {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, + {SSH_INVALID_USER, "INVALID_USER"}, + {SSH_NOLOGIN, "NOLOGIN"}, + {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"}, + {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"}, + {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} }; - for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++) + for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++) if (event_lookup[i].event == ev) break; return(event_lookup[i].name); } -# ifndef CUSTOM_AUDIT_EVENTS +# ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. - * These get used if AUDIT_EVENTS is defined but no audit module is enabled. + * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled. */ /* @@ -177,5 +177,5 @@ audit_run_command(const char *command) debug("audit run command euid %d user %s command '%.200s'", geteuid(), audit_username(), command); } -# endif /* !defined CUSTOM_AUDIT_EVENTS */ -#endif /* AUDIT_EVENTS */ +# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */ diff --git a/audit.h b/audit.h index 2c1437391..78e58966f 100644 --- a/audit.h +++ b/audit.h @@ -1,4 +1,4 @@ -/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ +/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -29,20 +29,20 @@ #ifndef _SSH_AUDIT_H # define _SSH_AUDIT_H enum ssh_audit_event_type { - LOGIN_EXCEED_MAXTRIES, - LOGIN_ROOT_DENIED, - AUTH_SUCCESS, - AUTH_FAIL_NONE, - AUTH_FAIL_PASSWD, - AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ - AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ - AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ - AUTH_FAIL_GSSAPI, - INVALID_USER, - NOLOGIN, /* denied by /etc/nologin, not implemented */ - CONNECTION_CLOSE, /* closed after attempting auth or session */ - CONNECTION_ABANDON, /* closed without completing auth */ - AUDIT_UNKNOWN + SSH_LOGIN_EXCEED_MAXTRIES, + SSH_LOGIN_ROOT_DENIED, + SSH_AUTH_SUCCESS, + SSH_AUTH_FAIL_NONE, + SSH_AUTH_FAIL_PASSWD, + SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + SSH_AUTH_FAIL_GSSAPI, + SSH_INVALID_USER, + SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ + SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ + SSH_CONNECTION_ABANDON, /* closed without completing auth */ + SSH_AUDIT_UNKNOWN }; typedef enum ssh_audit_event_type ssh_audit_event_t; diff --git a/auth.c b/auth.c index 4b62ad8f7..e6dcab209 100644 --- a/auth.c +++ b/auth.c @@ -252,7 +252,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) { ssh_audit_event_t event; @@ -265,15 +265,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) */ event = audit_classify_auth(method); switch(event) { - case AUTH_FAIL_NONE: - case AUTH_FAIL_PASSWD: - case AUTH_FAIL_KBDINT: + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: if (geteuid() == 0) audit_event(event); break; - case AUTH_FAIL_PUBKEY: - case AUTH_FAIL_HOSTBASED: - case AUTH_FAIL_GSSAPI: + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: /* * This is required to handle the case where privsep * is enabled but it's root logging in, since @@ -515,9 +515,9 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif -#ifdef AUDIT_EVENTS - audit_event(INVALID_USER); -#endif /* AUDIT_EVENTS */ +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_INVALID_USER); +#endif /* SSH_AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) diff --git a/auth1.c b/auth1.c index aeb5d8cb9..d08928455 100644 --- a/auth1.c +++ b/auth1.c @@ -249,8 +249,8 @@ do_authloop(Authctxt *authctxt) if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_authname(type))) { authenticated = 0; -# ifdef AUDIT_EVENTS - PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +# ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); # endif } #endif @@ -288,8 +288,8 @@ do_authloop(Authctxt *authctxt) return; if (authctxt->failures++ > options.max_authtries) { -#ifdef AUDIT_EVENTS - PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } diff --git a/auth2.c b/auth2.c index 2727e0ff5..2265d311e 100644 --- a/auth2.c +++ b/auth2.c @@ -167,8 +167,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif -#ifdef AUDIT_EVENTS - PRIVSEP(audit_event(INVALID_USER)); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_INVALID_USER)); #endif } setproctitle("%s%s", authctxt->valid ? user : "unknown", @@ -219,8 +219,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(method)) { authenticated = 0; -#ifdef AUDIT_EVENTS - PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); #endif } @@ -263,8 +263,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authctxt->success = 1; } else { if (authctxt->failures++ > options.max_authtries) { -#ifdef AUDIT_EVENTS - PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } diff --git a/loginrec.c b/loginrec.c index 0fa9bdea7..c033582ad 100644 --- a/loginrec.c +++ b/loginrec.c @@ -164,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -444,7 +444,7 @@ login_write(struct logininfo *li) !sys_auth_record_login(li->username,li->hostname,li->line)) logit("Writing login record failed for %s", li->username); #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS if (li->type == LTYPE_LOGIN) audit_session_open(li->line); else if (li->type == LTYPE_LOGOUT) diff --git a/monitor.c b/monitor.c index 04534d759..d6df656b0 100644 --- a/monitor.c +++ b/monitor.c @@ -143,7 +143,7 @@ int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_command(int, Buffer *); #endif @@ -191,7 +191,7 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, #endif #ifdef BSD_AUTH @@ -219,7 +219,7 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, #endif @@ -251,7 +251,7 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, #endif {0, 0, NULL} @@ -261,7 +261,7 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, #endif @@ -628,7 +628,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); #endif @@ -1513,7 +1513,7 @@ mm_answer_term(int sock, Buffer *req) exit(res); } -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS /* Report that an audit event occurred */ int mm_answer_audit_event(int socket, Buffer *m) @@ -1525,13 +1525,13 @@ mm_answer_audit_event(int socket, Buffer *m) event = buffer_get_int(m); buffer_free(m); switch(event) { - case AUTH_FAIL_PUBKEY: - case AUTH_FAIL_HOSTBASED: - case AUTH_FAIL_GSSAPI: - case LOGIN_EXCEED_MAXTRIES: - case LOGIN_ROOT_DENIED: - case CONNECTION_CLOSE: - case INVALID_USER: + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + case SSH_CONNECTION_CLOSE: + case SSH_INVALID_USER: audit_event(event); break; default: @@ -1555,7 +1555,7 @@ mm_answer_audit_command(int socket, Buffer *m) buffer_free(m); return (0); } -#endif /* AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */ void monitor_apply_keystate(struct monitor *pmonitor) diff --git a/monitor_wrap.c b/monitor_wrap.c index 983b24072..e1b6512b4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1103,7 +1103,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS void mm_audit_event(ssh_audit_event_t event) { @@ -1131,7 +1131,7 @@ mm_audit_run_command(const char *command) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); buffer_free(&m); } -#endif /* AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */ #ifdef GSSAPI OM_uint32 diff --git a/monitor_wrap.h b/monitor_wrap.h index 7ed241aa8..310b42513 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -74,7 +74,7 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS #include "audit.h" void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); diff --git a/session.c b/session.c index b645144c5..a50bfcff7 100644 --- a/session.c +++ b/session.c @@ -665,7 +665,7 @@ do_exec(Session *s, const char *command) debug("Forced command '%.900s'", command); } -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS if (command != NULL) PRIVSEP(audit_run_command(command)); else if (s->ttyfd == -1) { @@ -2333,8 +2333,8 @@ do_cleanup(Authctxt *authctxt) } #endif -#ifdef AUDIT_EVENTS - PRIVSEP(audit_event(CONNECTION_CLOSE)); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); #endif /* remove agent socket */ diff --git a/sshd.c b/sshd.c index e61870ea5..6b379521b 100644 --- a/sshd.c +++ b/sshd.c @@ -1628,7 +1628,7 @@ main(int ac, char **av) remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif #ifdef LIBWRAP @@ -1700,8 +1700,8 @@ main(int ac, char **av) } authenticated: -#ifdef AUDIT_EVENTS - audit_event(AUTH_SUCCESS); +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_AUTH_SUCCESS); #endif /* @@ -2017,10 +2017,10 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); -#ifdef AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (!use_privsep || mm_is_monitor()) - audit_event(CONNECTION_ABANDON); + audit_event(SSH_CONNECTION_ABANDON); #endif _exit(i); } -- cgit v1.2.3 From 3f166dfcb553eacf46b3a02e72c26651d79471ef Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 09:46:47 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 [ssh_config] Make it clear that the example entries in ssh_config are only some of the commonly-used options and refer the user to ssh_config(5) for more details; ok djm@ --- ChangeLog | 10 +++++++++- ssh_config | 6 ++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 60e5374ee..3d7f5806b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20050209 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 + [ssh_config] + Make it clear that the example entries in ssh_config are only some of the + commonly-used options and refer the user to ssh_config(5) for more + details; ok djm@ + 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the regress tests so newer versions of GNU head(1) behave themselves. Patch @@ -2086,4 +2094,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3639 2005/02/08 10:52:47 dtucker Exp $ +$Id: ChangeLog,v 1.3640 2005/02/08 22:46:47 dtucker Exp $ diff --git a/ssh_config b/ssh_config index 2692e8913..f41bee0a2 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ +# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -13,7 +13,9 @@ # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. -# Site-wide defaults for various options +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. # Host * # ForwardAgent no -- cgit v1.2.3 From 79a7acfebd56f0d804cfa9ea04c2959b104d27d9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 09:48:57 +1100 Subject: - jmc@cvs.openbsd.org 2005/01/28 15:05:43 [ssh_config.5] grammar; --- ChangeLog | 5 ++++- ssh_config.5 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3d7f5806b..084e073e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ Make it clear that the example entries in ssh_config are only some of the commonly-used options and refer the user to ssh_config(5) for more details; ok djm@ + - jmc@cvs.openbsd.org 2005/01/28 15:05:43 + [ssh_config.5] + grammar; 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2094,4 +2097,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3640 2005/02/08 22:46:47 dtucker Exp $ +$Id: ChangeLog,v 1.3641 2005/02/08 22:48:57 dtucker Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index bd0e3e4bd..adef452cc 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.39 2004/10/07 10:10:24 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.40 2005/01/28 15:05:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -120,9 +120,9 @@ Specifies which address family to use when connecting. Valid arguments are .Dq any , .Dq inet -(Use IPv4 only) or +(use IPv4 only) or .Dq inet6 -(Use IPv6 only.) +(use IPv6 only). .It Cm BatchMode If set to .Dq yes , -- cgit v1.2.3 From 43d8e28763afaf066de803d63d832884c59e4160 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 09:51:08 +1100 Subject: - jmc@cvs.openbsd.org 2005/01/28 18:14:09 [ssh_config.5] wording; ok markus@ --- ChangeLog | 6 +++++- ssh_config.5 | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 084e073e1..bc54485a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ - jmc@cvs.openbsd.org 2005/01/28 15:05:43 [ssh_config.5] grammar; + - jmc@cvs.openbsd.org 2005/01/28 18:14:09 + [ssh_config.5] + wording; + ok markus@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2097,4 +2101,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3641 2005/02/08 22:48:57 dtucker Exp $ +$Id: ChangeLog,v 1.3642 2005/02/08 22:51:08 dtucker Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index adef452cc..67b6ca72e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.40 2005/01/28 15:05:43 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -63,7 +63,7 @@ system-wide configuration file .Pp For each parameter, the first obtained value will be used. -The configuration files contain sections bracketed by +The configuration files contain sections separated by .Dq Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. -- cgit v1.2.3 From 5b53026f719bc0b2fc13a58ea0b6a0385e373bec Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 09:52:17 +1100 Subject: - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 [monitor.c] Make code match intent; ok djm@ --- ChangeLog | 5 ++++- monitor.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc54485a0..9a7351396 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ [ssh_config.5] wording; ok markus@ + - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 + [monitor.c] + Make code match intent; ok djm@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2101,4 +2104,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3642 2005/02/08 22:51:08 dtucker Exp $ +$Id: ChangeLog,v 1.3643 2005/02/08 22:52:17 dtucker Exp $ diff --git a/monitor.c b/monitor.c index d6df656b0..a94e2cd28 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); #include @@ -1322,7 +1322,7 @@ mm_answer_sesskey(int sock, Buffer *m) int rsafail; /* Turn off permissions */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); -- cgit v1.2.3 From 96d4710e3838af8c03a55ce37913568877dd0283 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 09:53:48 +1100 Subject: - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 [sshd.c] Provide reason in error message if getnameinfo fails; ok markus@ --- ChangeLog | 5 ++++- sshd.c | 10 ++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9a7351396..98cdf96aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 [monitor.c] Make code match intent; ok djm@ + - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 + [sshd.c] + Provide reason in error message if getnameinfo fails; ok markus@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2104,4 +2107,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3643 2005/02/08 22:52:17 dtucker Exp $ +$Id: ChangeLog,v 1.3644 2005/02/08 22:53:48 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 6b379521b..a5b7f1ca3 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.307 2005/01/21 08:32:02 otto Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); #include #include @@ -1268,10 +1268,12 @@ main(int ac, char **av) if (num_listen_socks >= MAX_LISTEN_SOCKS) fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS"); - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("getnameinfo failed"); + NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + error("getnameinfo failed: %.100s", + (ret != EAI_SYSTEM) ? gai_strerror(ret) : + strerror(errno)); continue; } /* Create socket for listening. */ -- cgit v1.2.3 From 92170a862634bf9ebe958cc75911658d18e30538 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 17:08:23 +1100 Subject: - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@ --- ChangeLog | 7 ++++++- auth-passwd.c | 12 ++++++------ openbsd-compat/port-aix.c | 1 - 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 98cdf96aa..633d70c36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 [sshd.c] Provide reason in error message if getnameinfo fails; ok markus@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call + disable_forwarding() from compat library. Prevent linker errrors trying + to resolve it for binaries other than sshd. ok djm@ + + when 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2107,4 +2112,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3644 2005/02/08 22:53:48 dtucker Exp $ +$Id: ChangeLog,v 1.3645 2005/02/09 06:08:23 dtucker Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index fb14f5ce4..27ece3f72 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -73,7 +73,7 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; - int ok = authctxt->valid; + int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif @@ -110,14 +110,14 @@ auth_password(Authctxt *authctxt, const char *password) #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) if (!expire_checked) { expire_checked = 1; - if (auth_shadow_pwexpired(authctxt)) { - disable_forwarding(); + if (auth_shadow_pwexpired(authctxt)) authctxt->force_pwchange = 1; - } } #endif - - return (sys_auth_passwd(authctxt, password) && ok); + result = sys_auth_passwd(authctxt, password); + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); } #ifdef BSD_AUTH diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 27ab06158..b16988543 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -196,7 +196,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) break; case 1: /* expired, password change required */ ctxt->force_pwchange = 1; - disable_forwarding(); break; default: /* user can't change(2) or other error (-1) */ logit("Password can't be changed for user %s: %.100s", -- cgit v1.2.3 From c7e38d59e906dcb8028deccac6793463c5ca8f5c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 22:12:30 +1100 Subject: - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir paths. ok djm@ --- ChangeLog | 6 +++--- configure.ac | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 633d70c36..a1e2c6836 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,8 +21,8 @@ - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@ - - when + - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir + paths. ok djm@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2112,4 +2112,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3645 2005/02/09 06:08:23 dtucker Exp $ +$Id: ChangeLog,v 1.3646 2005/02/09 11:12:30 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 86b26daf9..3ccbbaf0c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.237 2005/02/02 12:30:25 dtucker Exp $ +# $Id: configure.ac,v 1.238 2005/02/09 11:12:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1226,6 +1226,10 @@ AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac if test -d "$withval/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" -- cgit v1.2.3 From 33370e0287649c135eef8e7a0e22aee754deeac5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 22:17:28 +1100 Subject: - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require the username to be passed to the passwd command when changing expired passwords. ok djm@ --- ChangeLog | 5 ++++- configure.ac | 3 ++- session.c | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a1e2c6836..3b943f3c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ to resolve it for binaries other than sshd. ok djm@ - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir paths. ok djm@ + - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require + the username to be passed to the passwd command when changing expired + passwords. ok djm@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2112,4 +2115,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3646 2005/02/09 11:12:30 dtucker Exp $ +$Id: ChangeLog,v 1.3647 2005/02/09 11:17:28 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3ccbbaf0c..e79e89ac2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.238 2005/02/09 11:12:31 dtucker Exp $ +# $Id: configure.ac,v 1.239 2005/02/09 11:17:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -403,6 +403,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(BROKEN_UPDWTMPX) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man TEST_SHELL=ksh diff --git a/session.c b/session.c index a50bfcff7..1896e141f 100644 --- a/session.c +++ b/session.c @@ -1346,7 +1346,12 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef PASSWD_NEEDS_USERNAME + execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, + (char *)NULL); +#else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); +#endif perror("passwd"); } else { fprintf(stderr, -- cgit v1.2.3 From 2f9573df714b221acbf92f8b48645849475136fa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Feb 2005 22:28:54 +1100 Subject: - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the --disable-etc-default-login configure option. --- ChangeLog | 6 +++++- configure.ac | 20 ++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3b943f3c2..35fb0ca18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050210 + - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the + --disable-etc-default-login configure option. + 20050209 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 @@ -2115,4 +2119,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3647 2005/02/09 11:17:28 dtucker Exp $ +$Id: ChangeLog,v 1.3648 2005/02/10 11:28:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e79e89ac2..9d1d33282 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.239 2005/02/09 11:17:28 dtucker Exp $ +# $Id: configure.ac,v 1.240 2005/02/10 11:28:55 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2583,18 +2583,26 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, - [ AC_CHECK_FILE("/etc/default/login", - [ external_path_file=/etc/default/login ]) + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ if test "x$enableval" = "xno"; then + AC_MSG_NOTICE([/etc/default/login handling disabled]) + etc_default_login=no + else + etc_default_login=yes + fi ], + [ etc_default_login=yes ] +) +if test "x$etc_default_login" != "xno"; then + AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) elif test "x$external_path_file" = "x/etc/default/login"; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) fi - ] -) +fi dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ -- cgit v1.2.3 From 1b6f2291e4adf4d3e7e81d35194b1ad7751270f2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 11 Feb 2005 16:11:49 +1100 Subject: - (dtucker) [configure.ac] Tidy up configure --help output. --- ChangeLog | 5 ++++- configure.ac | 12 +++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35fb0ca18..2c932661c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050211 + - (dtucker) [configure.ac] Tidy up configure --help output. + 20050210 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the --disable-etc-default-login configure option. @@ -2119,4 +2122,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3648 2005/02/10 11:28:54 dtucker Exp $ +$Id: ChangeLog,v 1.3649 2005/02/11 05:11:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9d1d33282..2df8a5e87 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.240 2005/02/10 11:28:55 dtucker Exp $ +# $Id: configure.ac,v 1.241 2005/02/11 05:11:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -766,8 +766,7 @@ fi # Check whether user wants S/Key support SKEY_MSG="no" AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -808,8 +807,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } # Check whether user wants TCP wrappers support TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -865,7 +863,7 @@ AC_ARG_WITH(tcp-wrappers, # Check whether user wants libedit support LIBEDIT_MSG="no" AC_ARG_WITH(libedit, - [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then AC_CHECK_LIB(edit, el_init, [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) @@ -2583,7 +2581,7 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], [ if test "x$enableval" = "xno"; then AC_MSG_NOTICE([/etc/default/login handling disabled]) etc_default_login=no -- cgit v1.2.3 From 15af68f767e31d07c474c37d6af7cadcbcdb82ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 11 Feb 2005 18:32:13 +1100 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. --- ChangeLog | 3 ++- openbsd-compat/fake-rfc2553.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c932661c..82e4550db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. + - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. 20050210 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the @@ -2122,4 +2123,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3649 2005/02/11 05:11:49 dtucker Exp $ +$Id: ChangeLog,v 1.3650 2005/02/11 07:32:13 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index baea07038..636792ed7 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -117,6 +117,7 @@ struct sockaddr_in6 { # define EAI_NODATA 1 # define EAI_MEMORY 2 # define EAI_NONAME 3 +# define EAI_SYSTEM 4 #endif #ifndef HAVE_STRUCT_ADDRINFO -- cgit v1.2.3 From f04c3616756831fe987fe3e474c8c234c298e4cb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 21:26:32 +1100 Subject: - (dtucker) [config.sh.in] Collect oslevel -r too. --- ChangeLog | 5 ++++- survey.sh.in | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 82e4550db..a55a3b3d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050215 + - (dtucker) [config.sh.in] Collect oslevel -r too. + 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. @@ -2123,4 +2126,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3650 2005/02/11 07:32:13 dtucker Exp $ +$Id: ChangeLog,v 1.3651 2005/02/15 10:26:32 dtucker Exp $ diff --git a/survey.sh.in b/survey.sh.in index 4123b6d12..d6075a6b3 100644 --- a/survey.sh.in +++ b/survey.sh.in @@ -45,6 +45,8 @@ echo "uname-p: `uname -p`" echo echo "oslevel: `oslevel 2>/dev/null`" echo +echo "oslevel-r: `oslevel -r 2>/dev/null`" +echo echo "cc: $CC" echo echo "cflags: $CFLAGS" -- cgit v1.2.3 From 691d5235ca9485877e8345269b1be4b2cf1be322 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 21:45:57 +1100 Subject: - (dtucker) [README.platform auth.c configure.ac loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@ --- ChangeLog | 6 ++++- README.platform | 11 ++++++++- auth.c | 2 +- configure.ac | 62 +++++++++++++++++++++++++++++++++++++++++++++-- loginrec.c | 6 +++-- openbsd-compat/port-aix.c | 45 ++++++++++++++++++++++++++++------ openbsd-compat/port-aix.h | 22 ++++++++++++++--- 7 files changed, 136 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index a55a3b3d7..9b0b3e2af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. @@ -2126,4 +2130,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3651 2005/02/15 10:26:32 dtucker Exp $ +$Id: ChangeLog,v 1.3652 2005/02/15 10:45:57 dtucker Exp $ diff --git a/README.platform b/README.platform index 880b83c63..136304a8e 100644 --- a/README.platform +++ b/README.platform @@ -13,6 +13,15 @@ Accounts in this state must have their passwords reset manually by the administrator. As a precaution, it is recommended that the administrative passwords be reset before upgrading from OpenSSH <3.8. +As of OpenSSH 4.0, configure will attempt to detect if your version +and maintenance level of AIX has a working getaddrinfo, and will use it +if found. This will enable IPv6 support. If for some reason configure +gets it wrong, or if you want to build binaries to work on earlier MLs +than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS +to force the previous IPv4-only behaviour. + +IPv6 known to work: 5.2ML2 5.2ML5 +IPv6 known broken: 4.3.3ML11 5.1ML4 Cygwin ------ @@ -27,4 +36,4 @@ Currently, sshd does not support BSM auditting. This can show up as errors when editting cron entries via crontab. See. http://bugzilla.mindrot.org/show_bug.cgi?id=125 -$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $ +$Id: README.platform,v 1.3 2005/02/15 10:45:57 dtucker Exp $ diff --git a/auth.c b/auth.c index e6dcab209..256807683 100644 --- a/auth.c +++ b/auth.c @@ -209,7 +209,7 @@ allowed_user(struct passwd * pw) } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw)) + if (!sys_auth_allowed_user(pw, &loginmsg)) return 0; #endif diff --git a/configure.ac b/configure.ac index 2df8a5e87..b27f0cf70 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.241 2005/02/11 05:11:49 dtucker Exp $ +# $Id: configure.ac,v 1.242 2005/02/15 10:45:57 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -135,7 +135,7 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) - AC_DEFINE(BROKEN_GETADDRINFO) + check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -1146,6 +1146,64 @@ main(void) ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(AIX_GETNAMEINFO_HACK, [], +[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + if test "x$check_for_conflicting_getspnam" = "x1"; then AC_MSG_CHECKING(for conflicting getspnam in shadow.h) AC_COMPILE_IFELSE( diff --git a/loginrec.c b/loginrec.c index c033582ad..8f5061cdc 100644 --- a/loginrec.c +++ b/loginrec.c @@ -164,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.66 2005/02/15 10:45:57 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -192,6 +192,8 @@ int lastlog_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); +extern Buffer loginmsg; + /* pick the shortest string */ #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) @@ -441,7 +443,7 @@ login_write(struct logininfo *li) #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && - !sys_auth_record_login(li->username,li->hostname,li->line)) + !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b16988543..8ab862f98 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -34,14 +34,13 @@ #ifdef _AIX #include +#include #include "port-aix.h" /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); int setauthdb(const char *, char *); -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -156,7 +155,7 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -186,7 +185,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -219,7 +218,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -246,7 +245,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -259,7 +258,8 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; @@ -269,7 +269,7 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) success = 1; if (msg != NULL) { debug("AIX/loginsuccess: msg %s", msg); - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -349,4 +349,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 751139004..cc7c43cda 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ /* * @@ -27,6 +27,10 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + #ifdef WITH_AIXAUTHENTICATE # include # include @@ -36,6 +40,8 @@ # include #endif +#include "buffer.h" + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -64,13 +70,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ -- cgit v1.2.3 From a39f83eeee3f7bb35e86d92f5a802fe84f1b6a9d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 22:19:28 +1100 Subject: - (dtucker) [loginrec.c] Add missing #include. --- ChangeLog | 3 ++- loginrec.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9b0b3e2af..e076fc66f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@ + - (dtucker) [loginrec.c] Add missing #include. 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. @@ -2130,4 +2131,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3652 2005/02/15 10:45:57 dtucker Exp $ +$Id: ChangeLog,v 1.3653 2005/02/15 11:19:28 dtucker Exp $ diff --git a/loginrec.c b/loginrec.c index 8f5061cdc..361ac4cb7 100644 --- a/loginrec.c +++ b/loginrec.c @@ -155,6 +155,7 @@ #include "packet.h" #include "canohost.h" #include "auth.h" +#include "buffer.h" #ifdef HAVE_UTIL_H # include @@ -164,7 +165,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.66 2005/02/15 10:45:57 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $"); /** ** prototypes for helper functions in this file -- cgit v1.2.3 From e13eace5220ac5badc15220272d36edacc9f8cea Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 22:44:05 +1100 Subject: IPv6 works on AIX5.1ML7 too. --- README.platform | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.platform b/README.platform index 136304a8e..4e7b84d39 100644 --- a/README.platform +++ b/README.platform @@ -20,7 +20,7 @@ gets it wrong, or if you want to build binaries to work on earlier MLs than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS to force the previous IPv4-only behaviour. -IPv6 known to work: 5.2ML2 5.2ML5 +IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5 IPv6 known broken: 4.3.3ML11 5.1ML4 Cygwin @@ -36,4 +36,4 @@ Currently, sshd does not support BSM auditting. This can show up as errors when editting cron entries via crontab. See. http://bugzilla.mindrot.org/show_bug.cgi?id=125 -$Id: README.platform,v 1.3 2005/02/15 10:45:57 dtucker Exp $ +$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $ -- cgit v1.2.3 From 66df70c97d189fb8bdf35a66b42f62bcc0a6e4da Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 16 Feb 2005 13:01:28 +1100 Subject: knf: function names at start of line --- openbsd-compat/bsd-arc4random.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 5284e1af8..1eeb6953b 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -17,7 +17,7 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -34,7 +34,8 @@ RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); static int rc4_ready = 0; static RC4_KEY rc4; -unsigned int arc4random(void) +unsigned int +arc4random(void) { unsigned int r = 0; static int first_time = 1; @@ -53,7 +54,8 @@ unsigned int arc4random(void) return(r); } -void arc4random_stir(void) +void +arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; int i; -- cgit v1.2.3 From ed462d9a4557a400266c43d13fd6fa0ec8c7d9ea Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 16 Feb 2005 13:02:45 +1100 Subject: write seed to temporary file and atomically rename into place; ok dtucker@ --- ChangeLog | 6 +++++- ssh-rand-helper.c | 38 +++++++++++++++++++++++++++++--------- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index e076fc66f..9c14c6aea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050216 + - (djm) write seed to temporary file and atomically rename into place; + ok dtucker@ + 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. - (dtucker) [README.platform auth.c configure.ac loginrec.c @@ -2131,4 +2135,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3653 2005/02/15 11:19:28 dtucker Exp $ +$Id: ChangeLog,v 1.3654 2005/02/16 02:02:45 djm Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 7cd081fab..6412d44e2 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.21 2005/02/16 02:02:45 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -550,10 +550,11 @@ prng_check_seedfile(char *filename) void prng_write_seedfile(void) { - int fd; + int fd, save_errno; unsigned char seed[SEED_FILE_SIZE]; - char filename[MAXPATHLEN]; + char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; struct passwd *pw; + mode_t old_umask; pw = getpwuid(getuid()); if (pw == NULL) @@ -568,7 +569,10 @@ prng_write_seedfile(void) snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); - debug("writing PRNG seed to file %.100s", filename); + strlcpy(tmpseed, filename, sizeof(tmpseed)); + if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= + sizeof(tmpseed)) + fatal("PRNG seed filename too long"); if (RAND_bytes(seed, sizeof(seed)) <= 0) fatal("PRNG seed extraction failed"); @@ -576,15 +580,31 @@ prng_write_seedfile(void) /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); - if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { - debug("WARNING: couldn't access PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + old_umask = umask(0177); + + if ((fd = mkstemp(tmpseed)) == -1) { + debug("WARNING: couldn't make temporary PRNG seedfile %.100s " + "(%.100s)", tmpseed, strerror(errno)); } else { - if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) + debug("writing PRNG seed to file %.100s", tmpseed); + if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { + save_errno = errno; + close(fd); + unlink(tmpseed); fatal("problem writing PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + "(%.100s)", filename, strerror(save_errno)); + } close(fd); + debug("moving temporary PRNG seed to file %.100s", filename); + if (rename(tmpseed, filename) == -1) { + save_errno = errno; + unlink(tmpseed); + fatal("problem renaming PRNG seedfile from %.100s " + "to %.100s (%.100s)", tmpseed, filename, + strerror(save_errno)); + } } + umask(old_umask); } void -- cgit v1.2.3 From 7b48d25527c372a6a5017897c7617a05d5f1e68e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 13:20:07 +1100 Subject: - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called via mkstemp in some configurations. ok djm@ --- ChangeLog | 4 +++- ssh-rand-helper.c | 14 +++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c14c6aea..2716b7de6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20050216 - (djm) write seed to temporary file and atomically rename into place; ok dtucker@ + - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called + via mkstemp in some configurations. ok djm@ 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2135,4 +2137,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3654 2005/02/16 02:02:45 djm Exp $ +$Id: ChangeLog,v 1.3655 2005/02/16 02:20:07 dtucker Exp $ diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 6412d44e2..4da62a724 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.21 2005/02/16 02:02:45 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.22 2005/02/16 02:20:07 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -888,3 +888,15 @@ main(int argc, char **argv) return ret == bytes ? 0 : 1; } + +/* + * We may attempt to re-seed during mkstemp if we are using the one in the + * compat library (via mkstemp -> arc4random -> seed_rng) so we need + * our own seed_rng(). We must also check that we have enough entropy. + */ +void +seed_rng(void) +{ + if (!RAND_status()) + fatal("Not enough entropy in RNG"); +} -- cgit v1.2.3 From 7a8619aebbef6f543212a01e65f0946cabf72adc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 13:32:30 +1100 Subject: Document the path to seed_rng better --- ssh-rand-helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 4da62a724..d7d8d0f3b 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.22 2005/02/16 02:20:07 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -891,8 +891,8 @@ main(int argc, char **argv) /* * We may attempt to re-seed during mkstemp if we are using the one in the - * compat library (via mkstemp -> arc4random -> seed_rng) so we need - * our own seed_rng(). We must also check that we have enough entropy. + * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we + * need our own seed_rng(). We must also check that we have enough entropy. */ void seed_rng(void) -- cgit v1.2.3 From a91f5ee6185fa2e77a17d0e72f8ada94f57e3409 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 14:20:06 +1100 Subject: - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined by the system headers. --- ChangeLog | 4 +++- auth-shadow.c | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2716b7de6..17491a41a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ ok dtucker@ - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called via mkstemp in some configurations. ok djm@ + - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined + by the system headers. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2137,4 +2139,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3655 2005/02/16 02:20:07 dtucker Exp $ +$Id: ChangeLog,v 1.3656 2005/02/16 03:20:06 dtucker Exp $ diff --git a/auth-shadow.c b/auth-shadow.c index a85442d72..f6004f68f 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include @@ -32,6 +32,9 @@ RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); #include "buffer.h" #include "log.h" +#ifdef DAY +# undef DAY +#endif #define DAY (24L * 60 * 60) /* 1 day in seconds */ extern Buffer loginmsg; -- cgit v1.2.3 From ca6e7a7e8b6cc828f5df96b180d03e7ca1179fca Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 16:19:17 +1100 Subject: - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant Unix; prevents problems relating to the location of -lresolv in the link order. --- ChangeLog | 5 ++++- configure.ac | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 17491a41a..bbead8299 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ via mkstemp in some configurations. ok djm@ - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined by the system headers. + - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant + Unix; prevents problems relating to the location of -lresolv in the + link order. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2139,4 +2142,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3656 2005/02/16 03:20:06 dtucker Exp $ +$Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b27f0cf70..aa6aed6b0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.242 2005/02/15 10:45:57 dtucker Exp $ +# $Id: configure.ac,v 1.243 2005/02/16 05:19:17 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -339,6 +339,8 @@ mips-sony-bsd|mips-sony-newsos4) *-sni-sysv*) # /usr/ucblib MUST NOT be searched on ReliantUNIX AC_CHECK_LIB(dl, dlsym, ,) + # -lresolv needs to be at then end of LIBS or DNS lookups break + AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) -- cgit v1.2.3 From c97b01af62fa73b31a5b0c86c21c3347cdd0874d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 16:47:37 +1100 Subject: - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package. --- ChangeLog | 6 +++++- session.c | 22 ++++++++++++++-------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index bbead8299..9d132f981 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant Unix; prevents problems relating to the location of -lresolv in the link order. + - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic + authentication early enough to be available to PAM session modules when + privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam + Hartman and similar to Debian's ssh-krb5 package. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2142,4 +2146,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ +$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ diff --git a/session.c b/session.c index 1896e141f..df7552334 100644 --- a/session.c +++ b/session.c @@ -677,14 +677,6 @@ do_exec(Session *s, const char *command) } #endif -#ifdef GSSAPI - if (options.gss_authentication) { - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); - } -#endif - if (s->ttyfd != -1) do_exec_pty(s, command); else @@ -1279,6 +1271,13 @@ do_setusercontext(struct passwd *pw) # ifdef __bsdi__ setpgid(0, 0); # endif +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM if (options.use_pam) { do_pam_session(); @@ -1309,6 +1308,13 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups. -- cgit v1.2.3 From 3c774c52f31b54eccb5a936470d21d196968693b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 22:49:31 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more compiler warnings on AIX. --- ChangeLog | 4 +++- configure.ac | 7 +++++-- openbsd-compat/port-aix.c | 4 ---- openbsd-compat/port-aix.h | 25 ++++++++++++++++++++++++- 4 files changed, 32 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d132f981..836cc0dfc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2146,4 +2148,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ +$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ diff --git a/configure.ac b/configure.ac index aa6aed6b0..fe6b002d4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.243 2005/02/16 05:19:17 dtucker Exp $ +# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -121,8 +121,11 @@ case "$host" in LIBS="$LIBS -ls" ]) ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],, + [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECL(loginfailed, + AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) AC_TRY_COMPILE( [#include ], diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 8ab862f98..fa6a4ff7b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -37,10 +37,6 @@ #include #include "port-aix.h" -/* These should be in the system headers but are not. */ -int usrinfo(int, char *, int); -int setauthdb(const char *, char *); - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index cc7c43cda..a05ce9703 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ /* * @@ -30,6 +30,9 @@ #ifdef HAVE_SYS_SOCKET_H # include #endif +#ifdef HAVE_UNISTD_H +# include /* for seteuid() */ +#endif #ifdef WITH_AIXAUTHENTICATE # include @@ -42,6 +45,26 @@ #include "buffer.h" +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type -- cgit v1.2.3 From d9f88915a2f2e7fe738799122ac288b5b1a13547 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 21:01:48 +1100 Subject: - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ --- ChangeLog | 8 +++++++- LICENCE | 1 + Makefile.in | 5 +++-- README.platform | 17 +++++++++++++---- configure.ac | 39 ++++++++++++++++++++++++++++++++++++++- defines.h | 11 ++++++++++- 6 files changed, 72 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 836cc0dfc..87ae13abe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + 20050216 - (djm) write seed to temporary file and atomically rename into place; ok dtucker@ @@ -2148,4 +2154,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ +$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ diff --git a/LICENCE b/LICENCE index f9062bd51..ae03eb3a7 100644 --- a/LICENCE +++ b/LICENCE @@ -203,6 +203,7 @@ OpenSSH contains no GPL code. Wayne Schroeder William Jones Darren Tucker + Sun Microsystems * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.in b/Makefile.in index c6cfef11a..71036c118 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ +# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + audit.o audit-bsm.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/README.platform b/README.platform index 4e7b84d39..af551de48 100644 --- a/README.platform +++ b/README.platform @@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel. Solaris ------- -Currently, sshd does not support BSM auditting. This can show up as errors -when editting cron entries via crontab. See. -http://bugzilla.mindrot.org/show_bug.cgi?id=125 +If you enable BSM auditing on Solaris, you need to update audit_event(4) +for praudit(1m) to give sensible output. The following line needs to be +added to /etc/security/audit_event: -$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $ + 32800:AUE_openssh:OpenSSH login:lo + +The BSM audit event range available for third party TCB applications is +32768 - 65535. Event number 32800 has been choosen for AUE_openssh. +There is no official registry of 3rd party event numbers, so if this +number is already in use on your system, you may change it at build time +by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. + + +$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index fe6b002d4..1bf067a2f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ +# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -881,6 +881,37 @@ AC_ARG_WITH(libedit, fi ] ) +AUDIT_MODULE=none +AC_ARG_WITH(audit, + [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ + AC_MSG_CHECKING(for supported audit module) + case "$withval" in + bsm) + AC_MSG_RESULT(bsm) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(bsm/audit.h, [], + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + AC_CHECK_LIB(bsm, getaudit, [], + [AC_MSG_ERROR(BSM enabled and required library not found)]) + AC_CHECK_FUNCS(getaudit, [], + [AC_MSG_ERROR(BSM enabled and required function not found)]) + # These are optional + AC_CHECK_FUNCS(getaudit_addr gettext) + AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT(debug) + AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,,[#include ]) + AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( [ @@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then echo "" fi +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/defines.h b/defines.h index 4d59408ad..7758bc37a 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ +/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ /* Constants */ @@ -288,6 +288,10 @@ struct sockaddr_un { }; #endif /* HAVE_SYS_UN_H */ +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif + #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) #define _STRUCT_WINSIZE struct winsize { @@ -530,6 +534,11 @@ struct winsize { # define getpgrp() getpgrp(0) #endif +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) # define OPENSSL_free(x) Free(x) -- cgit v1.2.3 From 8fe079451161b6b478dc686f43d8fe455974b4f8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 21:08:00 +1100 Subject: - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ --- audit-bsm.c | 329 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 329 insertions(+) create mode 100644 audit-bsm.c diff --git a/audit-bsm.c b/audit-bsm.c new file mode 100644 index 000000000..c2679d3da --- /dev/null +++ b/audit-bsm.c @@ -0,0 +1,329 @@ +/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */ + +/* + * TODO + * + * - deal with overlap between this and sys_auth_allowed_user + * sys_auth_record_login and record_failed_login. + */ + +/* + * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ + +#include "includes.h" +#if defined(USE_BSM_AUDIT) + +#include "ssh.h" +#include "log.h" +#include "auth.h" +#include "xmalloc.h" + +#ifndef AUE_openssh +# define AUE_openssh 32800 +#endif +#include +#include +#include +#include +#include + +#if defined(HAVE_GETAUDIT_ADDR) +#define AuditInfoStruct auditinfo_addr +#define AuditInfoTermID au_tid_addr_t +#define GetAuditFunc(a,b) getaudit_addr((a),(b)) +#define GetAuditFuncText "getaudit_addr" +#define SetAuditFunc(a,b) setaudit_addr((a),(b)) +#define SetAuditFuncText "setaudit_addr" +#define AUToSubjectFunc au_to_subject_ex +#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b)) +#else +#define AuditInfoStruct auditinfo +#define AuditInfoTermID au_tid_t +#define GetAuditFunc(a,b) getaudit(a) +#define GetAuditFuncText "getaudit" +#define SetAuditFunc(a,b) setaudit(a) +#define SetAuditFuncText "setaudit" +#define AUToSubjectFunc au_to_subject +#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) +#endif + +extern int cannot_audit(int); +extern void aug_init(void); +extern dev_t aug_get_port(void); +extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); +extern void aug_save_auid(au_id_t); +extern void aug_save_uid(uid_t); +extern void aug_save_euid(uid_t); +extern void aug_save_gid(gid_t); +extern void aug_save_egid(gid_t); +extern void aug_save_pid(pid_t); +extern void aug_save_asid(au_asid_t); +extern void aug_save_tid(dev_t, unsigned int); +extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t); +extern int aug_save_me(void); +extern int aug_save_namask(void); +extern void aug_save_event(au_event_t); +extern void aug_save_sorf(int); +extern void aug_save_text(char *); +extern void aug_save_text1(char *); +extern void aug_save_text2(char *); +extern void aug_save_na(int); +extern void aug_save_user(char *); +extern void aug_save_path(char *); +extern int aug_save_policy(void); +extern void aug_save_afunc(int (*)(int)); +extern int aug_audit(void); +extern int aug_na_selected(void); +extern int aug_selected(void); +extern int aug_daemon_session(void); + +#ifndef HAVE_GETTEXT +# define gettext(a) (a) +#endif + +extern Authctxt *the_authctxt; +static AuditInfoTermID ssh_bsm_tid; + +/* Below is the low-level BSM interface code */ + +/* + * Check if the specified event is selected (enabled) for auditing. + * Returns 1 if the event is selected, 0 if not and -1 on failure. + */ +static int +selected(char *username, uid_t uid, au_event_t event, int sf) +{ + int rc, sorf; + char naflags[512]; + struct au_mask mask; + + mask.am_success = mask.am_failure = 0; + if (uid < 0) { + /* get flags for non-attributable (to a real user) events */ + rc = getacna(naflags, sizeof(naflags)); + if (rc == 0) + (void) getauditflagsbin(naflags, &mask); + } else + rc = au_user_mask(username, &mask); + + sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; + return(au_preselect(event, &mask, sorf, AU_PRS_REREAD)); +} + +static void +bsm_audit_record(int typ, char *string, au_event_t event_no) +{ + int ad, rc, sel; + uid_t uid = -1; + gid_t gid = -1; + pid_t pid = getpid(); + AuditInfoTermID tid = ssh_bsm_tid; + + if (the_authctxt != NULL && the_authctxt->valid) { + uid = the_authctxt->pw->pw_uid; + gid = the_authctxt->pw->pw_gid; + } + + rc = (typ == 0) ? 0 : -1; + sel = selected(the_authctxt->user, uid, event_no, rc); + debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string); + if (!sel) + return; /* audit event does not match mask, do not write */ + + debug3("BSM audit: writing audit new record"); + ad = au_open(); + + (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid, + pid, pid, &tid)); + (void) au_write(ad, au_to_text(string)); + (void) au_write(ad, AUToReturnFunc(typ, rc)); + + rc = au_close(ad, AU_TO_WRITE, event_no); + if (rc < 0) + error("BSM audit: %s failed to write \"%s\" record: %s", + __func__, string, strerror(errno)); +} + +static void +bsm_audit_session_setup(void) +{ + int rc; + struct AuditInfoStruct info; + au_mask_t mask; + + if (the_authctxt == NULL) { + error("BSM audit: session setup internal error (NULL ctxt)"); + return; + } + + if (the_authctxt->valid) + info.ai_auid = the_authctxt->pw->pw_uid; + else + info.ai_auid = -1; + info.ai_asid = getpid(); + mask.am_success = 0; + mask.am_failure = 0; + + (void) au_user_mask(the_authctxt->user, &mask); + + info.ai_mask.am_success = mask.am_success; + info.ai_mask.am_failure = mask.am_failure; + + info.ai_termid = ssh_bsm_tid; + + rc = SetAuditFunc(&info, sizeof(info)); + if (rc < 0) + error("BSM audit: %s: %s failed: %s", __func__, + SetAuditFuncText, strerror(errno)); +} + +static void +bsm_audit_bad_login(const char *what) +{ + char textbuf[BSM_TEXTBUFSZ]; + + if (the_authctxt->valid) { + (void) snprintf(textbuf, sizeof (textbuf), + gettext("invalid %s for user %s"), + what, the_authctxt->user); + bsm_audit_record(4, textbuf, AUE_openssh); + } else { + (void) snprintf(textbuf, sizeof (textbuf), + gettext("invalid user name \"%s\""), + the_authctxt->user); + bsm_audit_record(3, textbuf, AUE_openssh); + } +} + +/* Below is the sshd audit API code */ + +void +audit_connection_from(const char *host, int port) +{ + AuditInfoTermID *tid = &ssh_bsm_tid; + char buf[1024]; + + if (cannot_audit(0)) + return; + debug3("BSM audit: connection from %.100s port %d", host, port); + + /* populate our terminal id structure */ +#if defined(HAVE_GETAUDIT_ADDR) + tid->at_port = (dev_t)port; + aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type)); + snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0], + tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]); + debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf); +#else + /* this is used on IPv4-only machines */ + tid->port = (dev_t)port; + tid->machine = inet_addr(host); + snprintf(buf, sizeof(buf), "%08x", tid->machine); + debug3("BSM audit: machine ID %s", buf); +#endif +} + +void +audit_run_command(const char *command) +{ + /* not implemented */ +} + +void +audit_session_open(const char *ttyn) +{ + /* not implemented */ +} + +void +audit_session_close(const char *ttyn) +{ + /* not implemented */ +} + +void +audit_event(ssh_audit_event_t event) +{ + char textbuf[BSM_TEXTBUFSZ]; + static int logged_in = 0; + const char *user = the_authctxt ? the_authctxt->user : "(unknown user)"; + + if (cannot_audit(0)) + return; + + switch(event) { + case SSH_AUTH_SUCCESS: + logged_in = 1; + bsm_audit_session_setup(); + snprintf(textbuf, sizeof(textbuf), + gettext("successful login %s"), user); + bsm_audit_record(0, textbuf, AUE_openssh); + break; + + case SSH_CONNECTION_CLOSE: + /* + * We can also get a close event if the user attempted auth + * but never succeeded. + */ + if (logged_in) { + snprintf(textbuf, sizeof(textbuf), + gettext("sshd logout %s"), the_authctxt->user); + bsm_audit_record(0, textbuf, AUE_logout); + } else { + debug("%s: connection closed without authentication", + __func__); + } + break; + + case SSH_NOLOGIN: + bsm_audit_record(1, + gettext("logins disabled by /etc/nologin"), AUE_openssh); + break; + + case SSH_LOGIN_EXCEED_MAXTRIES: + snprintf(textbuf, sizeof(textbuf), + gettext("too many tries for user %s"), the_authctxt->user); + bsm_audit_record(1, textbuf, AUE_openssh); + break; + + case SSH_LOGIN_ROOT_DENIED: + bsm_audit_record(2, gettext("not_console"), AUE_openssh); + break; + + case SSH_AUTH_FAIL_PASSWD: + bsm_audit_bad_login("password"); + break; + + case SSH_AUTH_FAIL_KBDINT: + bsm_audit_bad_login("interactive password entry"); + break; + + default: + debug("%s: unhandled event %d", __func__, event); + } +} +#endif /* BSM */ -- cgit v1.2.3 From 04cfbe04aaa0ff43c3e8f131c858411e1b0151a2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 23:27:11 +1100 Subject: - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes unrelated platforms to be configured incorrectly. --- ChangeLog | 4 +++- configure.ac | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 87ae13abe..03789f28d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ + - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes + unrelated platforms to be configured incorrectly. 20050216 - (djm) write seed to temporary file and atomically rename into place; @@ -2154,4 +2156,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ +$Id: ChangeLog,v 1.3661 2005/02/20 12:27:11 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 1bf067a2f..3535b9761 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ +# $Id: configure.ac,v 1.246 2005/02/20 12:27:11 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -122,8 +122,8 @@ case "$host" in ]) ]) dnl Check for various auth function declarations in headers. - AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],, - [#include ]) + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, + passwdexpired], , , [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) -- cgit v1.2.3 From 2ea9b18918162bd17758f1480247c9fa4e75e418 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Feb 2005 17:57:13 +1100 Subject: - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from vinschen at redhat.com. --- ChangeLog | 6 +++++- uidswap.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 03789f28d..8ab6c1ba3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050222 + - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from + vinschen at redhat.com. + 20050220 - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure @@ -2156,4 +2160,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3661 2005/02/20 12:27:11 dtucker Exp $ +$Id: ChangeLog,v 1.3662 2005/02/22 06:57:13 dtucker Exp $ diff --git a/uidswap.c b/uidswap.c index fa3d7a3b1..aab7064eb 100644 --- a/uidswap.c +++ b/uidswap.c @@ -56,10 +56,12 @@ temporarily_use_uid(struct passwd *pw) debug("temporarily_use_uid: %u/%u (e=%u/%u)", (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid, (u_int)saved_egid); +#ifndef HAVE_CYGWIN if (saved_euid != 0) { privileged = 0; return; } +#endif #else if (geteuid() != 0) { privileged = 0; -- cgit v1.2.3 From 848b99363987c3cc7abffb182d519dbea8c4f8ab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 24 Feb 2005 12:12:34 +1100 Subject: - (djm) [configure.ac] in_addr_t test needs sys/types.h too --- ChangeLog | 5 ++++- configure.ac | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8ab6c1ba3..bb126761d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050222 + - (djm) [configure.ac] in_addr_t test needs sys/types.h too + 20050222 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from vinschen at redhat.com. @@ -2160,4 +2163,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3662 2005/02/22 06:57:13 dtucker Exp $ +$Id: ChangeLog,v 1.3663 2005/02/24 01:12:34 djm Exp $ diff --git a/configure.ac b/configure.ac index 3535b9761..fae62d609 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.246 2005/02/20 12:27:11 dtucker Exp $ +# $Id: configure.ac,v 1.247 2005/02/24 01:12:35 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1877,7 +1877,9 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) -AC_CHECK_TYPES(in_addr_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,, +[#include +#include ]) AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( -- cgit v1.2.3 From 34233830a1f42e95ddad5ff1cff9f9024d422861 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:04:28 +1100 Subject: - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. --- ChangeLog | 8 ++++++-- openbsd-compat/bsd-openpty.c | 2 -- openbsd-compat/inet_ntop.c | 2 -- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bb126761d..f12f6f906 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ -20050222 +20050226 + - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] + Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + +20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too 20050222 @@ -2163,4 +2167,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3663 2005/02/24 01:12:34 djm Exp $ +$Id: ChangeLog,v 1.3664 2005/02/25 23:04:28 dtucker Exp $ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index daf5f8b81..8eb62b7a8 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } -#ifndef HAVE_CYGWIN /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ -#endif /* HAVE_CYGWIN */ return (0); diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c index 7031625b4..47796c370 100644 --- a/openbsd-compat/inet_ntop.c +++ b/openbsd-compat/inet_ntop.c @@ -35,9 +35,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex #include #include #include -#ifndef HAVE_CYGWIN #include -#endif #include #include #include -- cgit v1.2.3 From 3804903a094f41d09e8b294dbd69a846dcf7fe94 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:07:37 +1100 Subject: - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com. --- ChangeLog | 5 ++++- acconfig.h | 5 +---- configure.ac | 3 +-- openbsd-compat/bsd-misc.c | 13 +------------ openbsd-compat/bsd-misc.h | 6 +----- 5 files changed, 8 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index f12f6f906..b7e3635d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. 20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too @@ -2167,4 +2170,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3664 2005/02/25 23:04:28 dtucker Exp $ +$Id: ChangeLog,v 1.3665 2005/02/25 23:07:37 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index 014413505..5721f65fb 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -52,9 +52,6 @@ #undef SPT_TYPE #undef SPT_PADCHAR -/* setgroups() NOOP allowed */ -#undef SETGROUPS_NOOP - /* SCO workaround */ #undef BROKEN_SYS_TERMIO_H diff --git a/configure.ac b/configure.ac index fae62d609..94d127299 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.247 2005/02/24 01:12:35 djm Exp $ +# $Id: configure.ac,v 1.248 2005/02/25 23:07:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -158,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 1b276b4f4..41f92cce9 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -122,17 +122,6 @@ int truncate(const char *path, off_t length) } #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -/* - * Cygwin setgroups should be a noop. - */ -int -setgroups(size_t size, const gid_t *list) -{ - return (0); -} -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) int nanosleep(const struct timespec *req, struct timespec *rem) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 33a1d707f..b61ec4244 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { -- cgit v1.2.3 From dc8fc621036147ff43f3fb1e8a1aa0d8026e5208 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:12:38 +1100 Subject: - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the binaries without the config files. Primarily useful for packaging. Patch from phil at usc.edu. ok djm@ --- ChangeLog | 5 ++++- Makefile.in | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b7e3635d6..3fd376c3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the + binaries without the config files. Primarily useful for packaging. + Patch from phil at usc.edu. ok djm@ 20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too @@ -2170,4 +2173,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3665 2005/02/25 23:07:37 dtucker Exp $ +$Id: ChangeLog,v 1.3666 2005/02/25 23:12:38 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 71036c118..bca425d36 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ +# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -230,8 +230,9 @@ distprep: catman-do -rm -rf autom4te.cache (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -281,6 +282,8 @@ install-files: scard-install ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 + +install-sysconf: if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi -- cgit v1.2.3 From 3eb48b62457b78a9308d10e5b968e85c2bc18525 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:15:46 +1100 Subject: - otto@cvs.openbsd.org 2005/02/16 09:56:44 [ssh.c] Better diagnostic if an identity file is not accesible. ok markus@ djm@ --- ChangeLog | 8 +++++++- ssh.c | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3fd376c3b..7faf0e6af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050301 + - (djm) OpenBSD CVS sync: + - otto@cvs.openbsd.org 2005/02/16 09:56:44 + [ssh.c] + Better diagnostic if an identity file is not accesible. ok markus@ djm@ + 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. @@ -2173,4 +2179,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3666 2005/02/25 23:12:38 dtucker Exp $ +$Id: ChangeLog,v 1.3667 2005/03/01 10:15:46 djm Exp $ diff --git a/ssh.c b/ssh.c index ac537338c..1f50727e9 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.230 2004/11/07 17:57:30 jmc Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.231 2005/02/16 09:56:44 otto Exp $"); #include #include @@ -297,7 +297,8 @@ again: case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " - "does not exist.\n", optarg); + "not accessible: %s.\n", optarg, + strerror(errno)); break; } if (options.num_identity_files >= -- cgit v1.2.3 From 9b8073e1e0900fd9ebe3a5843b4fe5a606b4dab0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:16:18 +1100 Subject: - djm@cvs.openbsd.org 2005/02/18 03:05:53 [canohost.c] better error messages for getnameinfo failures; ok dtucker@ --- ChangeLog | 5 ++++- canohost.c | 18 +++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7faf0e6af..06b5d755b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - otto@cvs.openbsd.org 2005/02/16 09:56:44 [ssh.c] Better diagnostic if an identity file is not accesible. ok markus@ djm@ + - djm@cvs.openbsd.org 2005/02/18 03:05:53 + [canohost.c] + better error messages for getnameinfo failures; ok dtucker@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2179,4 +2182,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3667 2005/03/01 10:15:46 djm Exp $ +$Id: ChangeLog,v 1.3668 2005/03/01 10:16:18 djm Exp $ diff --git a/canohost.c b/canohost.c index e5a6b6be3..1c22d4770 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $"); #include "packet.h" #include "xmalloc.h" @@ -231,6 +231,7 @@ get_socket_address(int sock, int remote, int flags) struct sockaddr_storage addr; socklen_t addrlen; char ntop[NI_MAXHOST]; + int r; /* Get IP address of client. */ addrlen = sizeof(addr); @@ -251,9 +252,10 @@ get_socket_address(int sock, int remote, int flags) addrlen = sizeof(struct sockaddr_in6); /* Get the address in ascii. */ - if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), - NULL, 0, flags) != 0) { - error("get_socket_address: getnameinfo %d failed", flags); + if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, + sizeof(ntop), NULL, 0, flags)) != 0) { + error("get_socket_address: getnameinfo %d failed: %s", flags, + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return NULL; } return xstrdup(ntop); @@ -329,6 +331,7 @@ get_sock_port(int sock, int local) struct sockaddr_storage from; socklen_t fromlen; char strport[NI_MAXSERV]; + int r; /* Get IP address of client. */ fromlen = sizeof(from); @@ -350,9 +353,10 @@ get_sock_port(int sock, int local) fromlen = sizeof(struct sockaddr_in6); /* Return port number. */ - if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, - strport, sizeof(strport), NI_NUMERICSERV) != 0) - fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); + if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, + strport, sizeof(strport), NI_NUMERICSERV)) != 0) + fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s", + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return atoi(strport); } -- cgit v1.2.3 From 64e8d44fbd556c7a78bba1d8ff3bee5b07b2440d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:16:47 +1100 Subject: - djm@cvs.openbsd.org 2005/02/20 22:59:06 [sftp.c] turn on ssh batch mode when in sftp batch mode, patch from jdmossh AT nand.net; ok markus@ --- ChangeLog | 7 ++++++- sftp.c | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 06b5d755b..67c993667 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,11 @@ - djm@cvs.openbsd.org 2005/02/18 03:05:53 [canohost.c] better error messages for getnameinfo failures; ok dtucker@ + - djm@cvs.openbsd.org 2005/02/20 22:59:06 + [sftp.c] + turn on ssh batch mode when in sftp batch mode, patch from + jdmossh AT nand.net; + ok markus@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2182,4 +2187,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3668 2005/03/01 10:16:18 djm Exp $ +$Id: ChangeLog,v 1.3669 2005/03/01 10:16:47 djm Exp $ diff --git a/sftp.c b/sftp.c index 31c634994..f8553ed82 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.61 2005/01/24 10:22:06 dtucker Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1479,6 +1479,7 @@ main(int argc, char **argv) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; batchmode = 1; + addargs(&args, "-obatchmode yes"); break; case 'P': sftp_direct = optarg; -- cgit v1.2.3 From 70a908ec89b8bd5feb14abed5957ebb063796e94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:17:09 +1100 Subject: - jmc@cvs.openbsd.org 2005/02/25 10:55:13 [sshd.8] add /etc/motd and $HOME/.hushlogin to FILES; from michael knudsen; --- ChangeLog | 6 +++++- sshd.8 | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 67c993667..67ce8f8df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,10 @@ turn on ssh batch mode when in sftp batch mode, patch from jdmossh AT nand.net; ok markus@ + - jmc@cvs.openbsd.org 2005/02/25 10:55:13 + [sshd.8] + add /etc/motd and $HOME/.hushlogin to FILES; + from michael knudsen; 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2187,4 +2191,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3669 2005/03/01 10:16:47 djm Exp $ +$Id: ChangeLog,v 1.3670 2005/03/01 10:17:09 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 2ac7b7274..9d30369c9 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.204 2005/02/25 10:55:13 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -652,6 +652,20 @@ These files should be writable only by root/the owner. should be world-readable, and .Pa $HOME/.ssh/known_hosts can, but need not be, world-readable. +.It Pa /etc/motd +See +.Xr motd 5 . +.It Pa $HOME/.hushlogin +This file is used to suppress printing the last login time and +.Pa /etc/motd , +if +.Cm PrintLastLog +and +.Cm PrintMotd , +respectively, +are enabled. +It does not suppress printing of the banner specified by +.Cm Banner . .It Pa /etc/nologin If this file exists, .Nm -- cgit v1.2.3 From 1717fd422f2c5691d745a7daf6908df9a6458904 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:17:31 +1100 Subject: - djm@cvs.openbsd.org 2005/02/28 00:54:10 [ssh_config.5] bz#849: document timeout on untrusted x11 forwarding sessions. Reported by orion AT cora.nwra.com; ok markus@ --- ChangeLog | 6 +++++- ssh_config.5 | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 67ce8f8df..e4ec748f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,10 @@ [sshd.8] add /etc/motd and $HOME/.hushlogin to FILES; from michael knudsen; + - djm@cvs.openbsd.org 2005/02/28 00:54:10 + [ssh_config.5] + bz#849: document timeout on untrusted x11 forwarding sessions. Reported by + orion AT cora.nwra.com; ok markus@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2191,4 +2195,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3670 2005/03/01 10:17:09 djm Exp $ +$Id: ChangeLog,v 1.3671 2005/03/01 10:17:31 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 67b6ca72e..8f6d851b4 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.41 2005/01/28 18:14:09 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -359,11 +359,16 @@ option is also enabled. If this option is set to .Dq yes then remote X11 clients will have full access to the original X11 display. +.Pp If this option is set to .Dq no then remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. +Furthermore, the +.Xr xauth 1 +token used for the session will be set to expire after 20 minutes. +Remote clients will be refused access after this time. .Pp The default is .Dq no . -- cgit v1.2.3 From f91ee4c3def4de8b4b9409f07ab26a61e535e1e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:24:33 +1100 Subject: - djm@cvs.openbsd.org 2005/03/01 10:09:52 [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. --- ChangeLog | 10 +++- auth-options.c | 28 +++++----- channels.c | 82 ++++++++++++++++++++++++------ channels.h | 10 ++-- clientloop.c | 49 +++++++++--------- compat.c | 20 +++++--- compat.h | 3 +- misc.c | 44 +++++++++++++++- misc.h | 3 +- readconf.c | 157 +++++++++++++++++++++++++++++++++++++++++++-------------- readconf.h | 14 ++--- servconf.c | 65 ++++++++++++------------ ssh.1 | 59 ++++++++++++++++++---- ssh.c | 110 +++++++++++++++++++++++----------------- ssh_config.5 | 70 +++++++++++++++++++++---- sshd_config.5 | 15 +++--- 16 files changed, 525 insertions(+), 214 deletions(-) diff --git a/ChangeLog b/ChangeLog index e4ec748f0..f31a52665 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,14 @@ [ssh_config.5] bz#849: document timeout on untrusted x11 forwarding sessions. Reported by orion AT cora.nwra.com; ok markus@ + - djm@cvs.openbsd.org 2005/03/01 10:09:52 + [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] + [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] + [sshd_config.5] + bz#413: allow optional specification of bind address for port forwardings. + Patch originally by Dan Astorian, but worked on by several people + Adds GatewayPorts=clientspecified option on server to allow remote + forwards to bind to client-specified ports. 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2195,4 +2203,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3671 2005/03/01 10:17:31 djm Exp $ +$Id: ChangeLog,v 1.3672 2005/03/01 10:24:33 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 0e146ab15..04d12d66e 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.28 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $"); #include "xmalloc.h" #include "match.h" @@ -217,7 +217,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "permitopen=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - char host[256], sport[6]; + char *host, *p; u_short port; char *patterns = xmalloc(strlen(opts) + 1); @@ -236,25 +236,29 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); + auth_debug_add("%.100s, line %lu: missing " + "end quote", file, linenum); xfree(patterns); goto bad_option; } patterns[i] = 0; opts++; - if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && - sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { - debug("%.100s, line %lu: Bad permitopen specification " - "<%.100s>", file, linenum, patterns); + p = patterns; + host = hpdelim(&p); + if (host == NULL || strlen(host) >= NI_MAXHOST) { + debug("%.100s, line %lu: Bad permitopen " + "specification <%.100s>", file, linenum, + patterns); auth_debug_add("%.100s, line %lu: " - "Bad permitopen specification", file, linenum); + "Bad permitopen specification", file, + linenum); xfree(patterns); goto bad_option; } - if ((port = a2port(sport)) == 0) { - debug("%.100s, line %lu: Bad permitopen port <%.100s>", - file, linenum, sport); + host = cleanhostname(host); + if (p == NULL || (port = a2port(p)) == 0) { + debug("%.100s, line %lu: Bad permitopen port " + "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " "Bad permitopen port", file, linenum); xfree(patterns); diff --git a/channels.c b/channels.c index 8550e51ca..1be213bce 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.211 2004/10/29 21:47:15 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2179,14 +2179,14 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por const char *host_to_connect, u_short port_to_connect, int gateway_ports) { Channel *c; - int success, sock, on = 1; + int sock, r, success = 0, on = 1, wildcard = 0, is_client; struct addrinfo hints, *ai, *aitop; - const char *host; + const char *host, *addr; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? listen_addr : host_to_connect; + is_client = (type == SSH_CHANNEL_PORT_LISTENER); if (host == NULL) { error("No forward host name."); @@ -2197,17 +2197,61 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por return success; } + /* + * Determine whether or not a port forward listens to loopback, + * specified address or wildcard. On the client, a specified bind + * address will always override gateway_ports. On the server, a + * gateway_ports of 1 (``yes'') will override the client's + * specification and force a wildcard bind, whereas a value of 2 + * (``clientspecified'') will bind to whatever address the client + * asked for. + * + * Special-case listen_addrs are: + * + * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR + * "" (empty string), "*" -> wildcard v4/v6 + * "localhost" -> loopback v4/v6 + */ + addr = NULL; + if (listen_addr == NULL) { + /* No address specified: default to gateway_ports setting */ + if (gateway_ports) + wildcard = 1; + } else if (gateway_ports || is_client) { + if (((datafellows & SSH_OLD_FORWARD_ADDR) && + strcmp(listen_addr, "0.0.0.0") == 0) || + *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || + (!is_client && gateway_ports == 1)) + wildcard = 1; + else if (strcmp(listen_addr, "localhost") != 0) + addr = listen_addr; + } + + debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", + type, wildcard, (addr == NULL) ? "NULL" : addr); + /* * getaddrinfo returns a loopback address if the hostname is * set to NULL and hints.ai_flags is not AI_PASSIVE */ memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; - hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; + hints.ai_flags = wildcard ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) - packet_disconnect("getaddrinfo: fatal error"); + if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { + if (addr == NULL) { + /* This really shouldn't happen */ + packet_disconnect("getaddrinfo: fatal error: %s", + gai_strerror(r)); + } else { + verbose("channel_setup_fwd_listener: " + "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); + packet_send_debug("channel_setup_fwd_listener: " + "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); + } + aitop = NULL; + } for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) @@ -2290,11 +2334,12 @@ channel_cancel_rport_listener(const char *host, u_short port) /* protocol local port fwd, used by ssh (and sshd in v1) */ int -channel_setup_local_fwd_listener(u_short listen_port, +channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, - NULL, listen_port, host_to_connect, port_to_connect, gateway_ports); + listen_host, listen_port, host_to_connect, port_to_connect, + gateway_ports); } /* protocol v2 remote port fwd, used by sshd */ @@ -2312,7 +2357,7 @@ channel_setup_remote_fwd_listener(const char *listen_address, */ void -channel_request_remote_forwarding(u_short listen_port, +channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { int type, success = 0; @@ -2323,7 +2368,14 @@ channel_request_remote_forwarding(u_short listen_port, /* Send the forward request to the remote side. */ if (compat20) { - const char *address_to_bind = "0.0.0.0"; + const char *address_to_bind; + if (listen_host == NULL) + address_to_bind = "localhost"; + else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) + address_to_bind = ""; + else + address_to_bind = listen_host; + packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); packet_put_char(1); /* boolean: want reply */ @@ -2369,10 +2421,9 @@ channel_request_remote_forwarding(u_short listen_port, * local side. */ void -channel_request_rforward_cancel(u_short port) +channel_request_rforward_cancel(const char *host, u_short port) { int i; - const char *address_to_bind = "0.0.0.0"; if (!compat20) return; @@ -2389,7 +2440,7 @@ channel_request_rforward_cancel(u_short port) packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("cancel-tcpip-forward"); packet_put_char(0); - packet_put_cstring(address_to_bind); + packet_put_cstring(host == NULL ? "" : host); packet_put_int(port); packet_send(); @@ -2430,7 +2481,8 @@ channel_input_port_forward_request(int is_root, int gateway_ports) #endif /* Initiate forwarding */ - channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); + channel_setup_local_fwd_listener(NULL, port, hostname, + host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); diff --git a/channels.h b/channels.h index c47de55c0..fc20fb2c3 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.75 2004/10/29 21:47:15 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -203,9 +203,11 @@ void channel_clear_permitted_opens(void); void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); -void channel_request_remote_forwarding(u_short, const char *, u_short); -void channel_request_rforward_cancel(u_short port); -int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); +void channel_request_remote_forwarding(const char *, u_short, + const char *, u_short); +int channel_setup_local_fwd_listener(const char *, u_short, + const char *, u_short, int); +void channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int); int channel_cancel_rport_listener(const char *, u_short); diff --git a/clientloop.c b/clientloop.c index 033a98a5b..1e250883f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.134 2004/11/07 00:01:46 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -763,11 +763,11 @@ static void process_cmdline(void) { void (*handler)(int); - char *s, *cmd; - u_short fwd_port, fwd_host_port; - char buf[1024], sfwd_port[6], sfwd_host_port[6]; + char *s, *cmd, *cancel_host; int delete = 0; int local = 0; + u_short cancel_port; + Forward fwd; leave_raw_mode(); handler = signal(SIGINT, SIG_IGN); @@ -813,37 +813,38 @@ process_cmdline(void) s++; if (delete) { - if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) { - logit("Bad forwarding specification."); - goto out; + cancel_port = 0; + cancel_host = hpdelim(&s); /* may be NULL */ + if (s != NULL) { + cancel_port = a2port(s); + cancel_host = cleanhostname(cancel_host); + } else { + cancel_port = a2port(cancel_host); + cancel_host = NULL; } - if ((fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); + if (cancel_port == 0) { + logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(fwd_host_port); + channel_request_rforward_cancel(cancel_host, cancel_port); } else { - if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3) { + if (!parse_forward(&fwd, s)) { logit("Bad forwarding specification."); goto out; } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); - goto out; - } if (local) { - if (channel_setup_local_fwd_listener(fwd_port, buf, - fwd_host_port, options.gateway_ports) < 0) { + if (channel_setup_local_fwd_listener(fwd.listen_host, + fwd.listen_port, fwd.connect_host, + fwd.connect_port, options.gateway_ports) < 0) { logit("Port forwarding failed."); goto out; } - } else - channel_request_remote_forwarding(fwd_port, buf, - fwd_host_port); + } else { + channel_request_remote_forwarding(fwd.listen_host, + fwd.listen_port, fwd.connect_host, + fwd.connect_port); + } + logit("Forwarding port."); } diff --git a/compat.c b/compat.c index 2fdebe7fa..4086e853e 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $"); #include "buffer.h" #include "packet.h" @@ -62,24 +62,28 @@ compat_datafellows(const char *version) "OpenSSH_2.1*," "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0p1*," "OpenSSH_2.5.1p1*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0*," "OpenSSH_2.5.1*," "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, - { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.*," "OpenSSH_3.0*," - "OpenSSH_3.1*", SSH_BUG_EXTEOF}, + "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, diff --git a/compat.h b/compat.h index 5efb5c29e..cf92dbdee 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 +#define SSH_OLD_FORWARD_ADDR 0x01000000 void enable_compat13(void); void enable_compat20(void); diff --git a/misc.c b/misc.c index a90125505..2e366f81b 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.27 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); #include "misc.h" #include "log.h" @@ -275,6 +275,48 @@ convtime(const char *s) return total; } +/* + * Search for next delimiter between hostnames/addresses and ports. + * Argument may be modified (for termination). + * Returns *cp if parsing succeeds. + * *cp is set to the start of the next delimiter, if one was found. + * If this is the last field, *cp is set to NULL. + */ +char * +hpdelim(char **cp) +{ + char *s, *old; + + if (cp == NULL || *cp == NULL) + return NULL; + + old = s = *cp; + if (*s == '[') { + if ((s = strchr(s, ']')) == NULL) + return NULL; + else + s++; + } else if ((s = strpbrk(s, ":/")) == NULL) + s = *cp + strlen(*cp); /* skip to end (see first case below) */ + + switch (*s) { + case '\0': + *cp = NULL; /* no more fields*/ + break; + + case ':': + case '/': + *s = '\0'; /* terminate */ + *cp = s + 1; + break; + + default: + return NULL; + } + + return old; +} + char * cleanhostname(char *host) { diff --git a/misc.h b/misc.h index 193216fa9..8bbc87f0d 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.20 2004/12/11 01:48:56 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -20,6 +20,7 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); +char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); long convtime(const char *); diff --git a/readconf.c b/readconf.c index a4fe1fe02..c3dc71e66 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -206,21 +206,23 @@ static struct { */ void -add_local_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_local_forward(Options *options, const Forward *newfwd) { Forward *fwd; #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; - if (port < IPPORT_RESERVED && original_real_uid != 0) + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); #endif if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->local_forwards[options->num_local_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } /* @@ -229,17 +231,19 @@ add_local_forward(Options *options, u_short port, const char *host, */ void -add_remote_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_remote_forward(Options *options, const Forward *newfwd) { Forward *fwd; if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many remote forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->remote_forwards[options->num_remote_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } static void @@ -247,11 +251,15 @@ clear_forwardings(Options *options) { int i; - for (i = 0; i < options->num_local_forwards; i++) - xfree(options->local_forwards[i].host); + for (i = 0; i < options->num_local_forwards; i++) { + xfree(options->local_forwards[i].listen_host); + xfree(options->local_forwards[i].connect_host); + } options->num_local_forwards = 0; - for (i = 0; i < options->num_remote_forwards; i++) - xfree(options->remote_forwards[i].host); + for (i = 0; i < options->num_remote_forwards; i++) { + xfree(options->remote_forwards[i].listen_host); + xfree(options->remote_forwards[i].connect_host); + } options->num_remote_forwards = 0; } @@ -284,11 +292,10 @@ process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; + char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; int opcode, *intptr, value; size_t len; - u_short fwd_port, fwd_host_port; - char sfwd_host_port[6]; + Forward fwd; /* Strip trailing whitespace */ for(len = strlen(line) - 1; len > 0; len--) { @@ -645,30 +652,26 @@ parse_int: case oLocalForward: case oRemoteForward: arg = strdelim(&s); - if (!arg || *arg == '\0') + if (arg == NULL || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - if ((fwd_port = a2port(arg)) == 0) - fatal("%.200s line %d: Bad listen port.", + arg2 = strdelim(&s); + if (arg2 == NULL || *arg2 == '\0') + fatal("%.200s line %d: Missing target argument.", filename, linenum); - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing second argument.", - filename, linenum); - if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && - sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) + + /* construct a string for parse_forward */ + snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); + + if (parse_forward(&fwd, fwdarg) == 0) fatal("%.200s line %d: Bad forwarding specification.", filename, linenum); - if ((fwd_host_port = a2port(sfwd_host_port)) == 0) - fatal("%.200s line %d: Bad forwarding port.", - filename, linenum); + if (*activep) { if (opcode == oLocalForward) - add_local_forward(options, fwd_port, buf, - fwd_host_port); + add_local_forward(options, &fwd); else if (opcode == oRemoteForward) - add_remote_forward(options, fwd_port, buf, - fwd_host_port); + add_remote_forward(options, &fwd); } break; @@ -677,12 +680,25 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - fwd_port = a2port(arg); - if (fwd_port == 0) + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + fwd.listen_host = hpdelim(&arg); + if (fwd.listen_host == NULL || + strlen(fwd.listen_host) >= NI_MAXHOST) + fatal("%.200s line %d: Bad forwarding specification.", + filename, linenum); + if (arg) { + fwd.listen_port = a2port(arg); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + if (fwd.listen_port == 0) fatal("%.200s line %d: Badly formatted port number.", filename, linenum); if (*activep) - add_local_forward(options, fwd_port, "socks", 0); + add_local_forward(options, &fwd); break; case oClearAllForwardings: @@ -1045,3 +1061,68 @@ fill_default_options(Options * options) /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ } + +/* + * parse_forward + * parses a string containing a port forwarding specification of the form: + * [listenhost:]listenport:connecthost:connectport + * returns number of arguments parsed or zero on error + */ +int +parse_forward(Forward *fwd, const char *fwdspec) +{ + int i; + char *p, *cp, *fwdarg[4]; + + memset(fwd, '\0', sizeof(*fwd)); + + cp = p = xstrdup(fwdspec); + + /* skip leading spaces */ + while (*cp && isspace(*cp)) + cp++; + + for (i = 0; i < 4; ++i) + if ((fwdarg[i] = hpdelim(&cp)) == NULL) + break; + + /* Check for trailing garbage in 4-arg case*/ + if (cp != NULL) + i = 0; /* failure */ + + switch (i) { + case 3: + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdarg[0]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); + fwd->connect_port = a2port(fwdarg[2]); + break; + + case 4: + fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); + fwd->listen_port = a2port(fwdarg[1]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); + fwd->connect_port = a2port(fwdarg[3]); + break; + default: + i = 0; /* failure */ + } + + xfree(p); + + if (fwd->listen_port == 0 && fwd->connect_port == 0) + goto fail_free; + + if (fwd->connect_host != NULL && + strlen(fwd->connect_host) >= NI_MAXHOST) + goto fail_free; + + return (i); + + fail_free: + if (fwd->connect_host != NULL) + xfree(fwd->connect_host); + if (fwd->listen_host != NULL) + xfree(fwd->listen_host); + return (0); +} diff --git a/readconf.h b/readconf.h index ded422585..03b772a2d 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: readconf.h,v 1.65 2005/03/01 10:09:52 djm Exp $ */ /* * Author: Tatu Ylonen @@ -21,9 +21,10 @@ /* Data structure for representing a forwarding request. */ typedef struct { - u_short port; /* Port to forward. */ - char *host; /* Host to connect. */ - u_short host_port; /* Port to connect on host. */ + char *listen_host; /* Host (address) to listen on. */ + u_short listen_port; /* Port to forward. */ + char *connect_host; /* Host to connect. */ + u_short connect_port; /* Port to connect on connect_host. */ } Forward; /* Data structure for representing option data. */ @@ -117,11 +118,12 @@ typedef struct { void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); +int parse_forward(Forward *, const char *); int process_config_line(Options *, const char *, char *, const char *, int, int *); -void add_local_forward(Options *, u_short, const char *, u_short); -void add_remote_forward(Options *, u_short, const char *, u_short); +void add_local_forward(Options *, const Forward *); +void add_remote_forward(Options *, const Forward *); #endif /* READCONF_H */ diff --git a/servconf.c b/servconf.c index 541a9c85b..2d1a0c362 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.138 2004/12/23 23:11:00 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "log.h" @@ -440,6 +440,7 @@ process_server_config_line(ServerOptions *options, char *line, char *cp, **charptr, *arg, *p; int *intptr, value, i, n; ServerOpCodes opcode; + u_short port; cp = line; arg = strdelim(&cp); @@ -512,39 +513,21 @@ parse_time: case sListenAddress: arg = strdelim(&cp); - if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0) - fatal("%s line %d: missing inet addr.", + if (arg == NULL || *arg == '\0') + fatal("%s line %d: missing address", filename, linenum); - if (*arg == '[') { - if ((p = strchr(arg, ']')) == NULL) - fatal("%s line %d: bad ipv6 inet addr usage.", - filename, linenum); - arg++; - memmove(p, p+1, strlen(p+1)+1); - } else if (((p = strchr(arg, ':')) == NULL) || - (strchr(p+1, ':') != NULL)) { - add_listen_addr(options, arg, 0); - break; - } - if (*p == ':') { - u_short port; - - p++; - if (*p == '\0') - fatal("%s line %d: bad inet addr:port usage.", - filename, linenum); - else { - *(p-1) = '\0'; - if ((port = a2port(p)) == 0) - fatal("%s line %d: bad port number.", - filename, linenum); - add_listen_addr(options, arg, port); - } - } else if (*p == '\0') - add_listen_addr(options, arg, 0); - else - fatal("%s line %d: bad inet addr usage.", + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: bad address:port usage", filename, linenum); + p = cleanhostname(p); + if (arg == NULL) + port = 0; + else if ((port = a2port(arg)) == 0) + fatal("%s line %d: bad port number", filename, linenum); + + add_listen_addr(options, p, port); + break; case sAddressFamily: @@ -742,7 +725,23 @@ parse_flag: case sGatewayPorts: intptr = &options->gateway_ports; - goto parse_flag; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing yes/no/clientspecified " + "argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcmp(arg, "clientspecified") == 0) + value = 2; + else if (strcmp(arg, "yes") == 0) + value = 1; + else if (strcmp(arg, "no") == 0) + value = 0; + else + fatal("%s line %d: Bad yes/no/clientspecified " + "argument: %s", filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; case sUseDNS: intptr = &options->use_dns; diff --git a/ssh.1 b/ssh.1 index b8a91a160..27da08c69 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.199 2004/11/07 17:42:36 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.200 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -53,13 +53,13 @@ .Op Fl i Ar identity_file .Oo Fl L Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : .Ar host : .Ar hostport .Sm on .Xc .Oc -.Ek .Op Fl l Ar login_name .Op Fl m Ar mac_spec .Op Fl O Ar ctl_cmd @@ -69,6 +69,7 @@ .Ek .Oo Fl R Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : .Ar host : .Ar hostport @@ -570,6 +571,7 @@ configuration files). Disables forwarding (delegation) of GSSAPI credentials to the server. .It Fl L Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -577,7 +579,9 @@ Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to .Ar port -on the local side, and whenever a connection is made to this port, the +on the local side, optionally bound to the specified +.Ar bind_address . +Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to .Ar host @@ -585,14 +589,30 @@ port .Ar hostport from the remote machine. Port forwardings can also be specified in the configuration file. -Only root can forward privileged ports. IPv6 addresses can be specified with an alternative syntax: .Sm off .Xo +.Oo Ar bind_address / Oc .Ar port No / Ar host No / -.Ar hostport . +.Ar hostport .Xc .Sm on +or by enclosing the address in square brackets. +Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Dq * +indicates that the port should be available from all interfaces. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -724,6 +744,7 @@ Quiet mode. Causes all warning and diagnostic messages to be suppressed. .It Fl R Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -738,16 +759,34 @@ made to port .Ar hostport from the local machine. +.Pp Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. -IPv6 addresses can be specified with an alternative syntax: -.Sm off +IPv6 addresses can be specified by enclosing the address in square braces or +using an alternative syntax: .Xo -.Ar port No / Ar host No / -.Ar hostport . -.Xc +.Sm off +.Oo Ar bind_address / Oc +.Ar host/port/hostport .Sm on +.Xc . +.Pp +By default, the listening socket on the server will be bound to the loopback +interface only. +This may be overriden by specifying a +.Ar bind_address . +An empty +.Ar bind_address , +or the address +.Ql * +indicates that the remote socket should listen on all interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ). .It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing. Refer to the description of diff --git a/ssh.c b/ssh.c index 1f50727e9..99b25afcc 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.231 2005/02/16 09:56:44 otto Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.232 2005/03/01 10:09:52 djm Exp $"); #include #include @@ -158,9 +158,10 @@ usage(void) { fprintf(stderr, "usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" -" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd]\n" -" [-o option] [-p port] [-R port:host:hostport] [-S ctl_path]\n" +" [-D [listen-host:]port] [-e escape_char] [-F configfile]\n" +" [-i identity_file] [-L [listen-host:]port:host:hostport]\n" +" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" +" [-R [listen-host:]port:host:hostport] [-S ctl_path]\n" " [user@]hostname [command]\n" ); exit(1); @@ -178,14 +179,13 @@ int main(int ac, char **av) { int i, opt, exit_status; - u_short fwd_port, fwd_host_port; - char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, *line, buf[256]; struct stat st; struct passwd *pw; int dummy; extern int optind, optreset; extern char *optarg; + Forward fwd; __progname = ssh_get_progname(av[0]); init_rng(); @@ -401,39 +401,51 @@ again: break; case 'L': - case 'R': - if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3) { + if (parse_forward(&fwd, optarg)) + add_local_forward(&options, &fwd); + else { fprintf(stderr, - "Bad forwarding specification '%s'\n", + "Bad local forwarding specification '%s'\n", optarg); - usage(); - /* NOTREACHED */ + exit(1); } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { + break; + + case 'R': + if (parse_forward(&fwd, optarg)) { + add_remote_forward(&options, &fwd); + } else { fprintf(stderr, - "Bad forwarding port(s) '%s'\n", optarg); + "Bad remote forwarding specification " + "'%s'\n", optarg); exit(1); } - if (opt == 'L') - add_local_forward(&options, fwd_port, buf, - fwd_host_port); - else if (opt == 'R') - add_remote_forward(&options, fwd_port, buf, - fwd_host_port); break; case 'D': - fwd_port = a2port(optarg); - if (fwd_port == 0) { + cp = p = xstrdup(optarg); + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + if ((fwd.listen_host = hpdelim(&cp)) == NULL) { + fprintf(stderr, "Bad dynamic forwarding " + "specification '%.100s'\n", optarg); + exit(1); + } + if (cp != NULL) { + fwd.listen_port = a2port(cp); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + + if (fwd.listen_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); exit(1); } - add_local_forward(&options, fwd_port, "socks", 0); + add_local_forward(&options, &fwd); + xfree(p); break; case 'C': @@ -842,14 +854,19 @@ ssh_init_forwarding(void) /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { - debug("Connections to local port %d forwarded to remote address %.200s:%d", - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port); + debug("Local connections to %.200s:%d forwarded to remote " + "address %.200s:%d", + (options.local_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port); success += channel_setup_local_fwd_listener( - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port, + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port, options.gateway_ports); } if (i > 0 && success == 0) @@ -857,14 +874,17 @@ ssh_init_forwarding(void) /* Initiate remote TCP/IP port forwardings. */ for (i = 0; i < options.num_remote_forwards; i++) { - debug("Connections to remote port %d forwarded to local address %.200s:%d", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + debug("Remote connections from %.200s:%d forwarded to " + "local address %.200s:%d", + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); channel_request_remote_forwarding( - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); } } @@ -1040,12 +1060,12 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) return; debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen port %d", - options.remote_forwards[i].port); + logit("Warning: remote port forwarding failed for listen " + "port %d", options.remote_forwards[i].listen_port); } static void diff --git a/ssh_config.5 b/ssh_config.5 index 8f6d851b4..6b6cfc5e9 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.43 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -480,12 +480,37 @@ The default is to use the server specified list. Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host:port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing addresses in square brackets or +by using an alternative syntax: +.Xo +.Sm off +.Oo Ar bind_address / Oc +.Ar host/port +.Sm on +.Xc . +Multiple forwardings may be specified, and additional forwardings can be +given on the command line. Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Dq * +indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm ssh . @@ -592,12 +617,39 @@ This option applies to protocol version 2 only. Specifies that a TCP/IP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host:port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing any addresses in square brackets +or by using the alternative syntax: +.Xo +.Sm off +.Oo Ar bind_address / Oc +.Ar host/port +.Sm on +.Xc . Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.Pp +If the +.Ar bind_address +is not specified, the default is to only bind to loopback addresses. +If the +.Ar bind_address +is +.Ql * +or an empty string, then the forwarding is requested to listen on all +interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ). .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. diff --git a/sshd_config.5 b/sshd_config.5 index da6d97c68..8d291e61d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.38 2005/01/08 00:41:19 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -256,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd -should bind remote port forwardings to the wildcard address, -thus allowing remote hosts to connect to forwarded ports. -The argument must be +should allow remote port forwardings to bind to non-loopback addresses, thus +allowing other hosts to connect. +The argument may be +.Dq no +to force remote port forwardings to be available to the local host only, .Dq yes -or -.Dq no . +to force remote port forwardings to bind to the wildcard address, or +.Dq clientspecified +to allow the client to select the address to which the forwarding is bound. The default is .Dq no . .It Cm GSSAPIAuthentication -- cgit v1.2.3 From e1776155d19db4f3ab2ff42323d6499f0712cfa4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:47:37 +1100 Subject: - djm@cvs.openbsd.org 2005/03/01 10:40:27 [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] [sshconnect.c sshd.8] add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@ --- ChangeLog | 8 +++- hostfile.c | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- hostfile.h | 9 ++++- readconf.c | 12 +++++- readconf.h | 4 +- ssh.1 | 3 +- ssh_config.5 | 17 ++++++++- sshconnect.c | 7 ++-- sshd.8 | 15 +++++++- 9 files changed, 180 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index f31a52665..b69fe2f51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,12 @@ Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. + - djm@cvs.openbsd.org 2005/03/01 10:40:27 + [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] + [sshconnect.c sshd.8] + add support for hashing host names and addresses added to known_hosts + files, to improve privacy of which hosts user have been visiting; ok + markus@ deraadt@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2203,4 +2209,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3672 2005/03/01 10:24:33 djm Exp $ +$Id: ChangeLog,v 1.3673 2005/03/01 10:47:37 djm Exp $ diff --git a/hostfile.c b/hostfile.c index 88c054912..2e1c8bcd0 100644 --- a/hostfile.c +++ b/hostfile.c @@ -36,13 +36,102 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $"); + +#include +#include +#include #include "packet.h" #include "match.h" #include "key.h" #include "hostfile.h" #include "log.h" +#include "xmalloc.h" + +static int +extract_salt(const char *s, u_int l, char *salt, size_t salt_len) +{ + char *p, *b64salt; + u_int b64len; + int ret; + + if (l < sizeof(HASH_MAGIC) - 1) { + debug2("extract_salt: string too short"); + return (-1); + } + if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) { + debug2("extract_salt: invalid magic identifier"); + return (-1); + } + s += sizeof(HASH_MAGIC) - 1; + l -= sizeof(HASH_MAGIC) - 1; + if ((p = memchr(s, HASH_DELIM, l)) == NULL) { + debug2("extract_salt: missing salt termination character"); + return (-1); + } + + b64len = p - s; + /* Sanity check */ + if (b64len == 0 || b64len > 1024) { + debug2("extract_salt: bad encoded salt length %u", b64len); + return (-1); + } + b64salt = xmalloc(1 + b64len); + memcpy(b64salt, s, b64len); + b64salt[b64len] = '\0'; + + ret = __b64_pton(b64salt, salt, salt_len); + xfree(b64salt); + if (ret == -1) { + debug2("extract_salt: salt decode error"); + return (-1); + } + if (ret != SHA_DIGEST_LENGTH) { + debug2("extract_salt: expected salt len %u, got %u", + salt_len, ret); + return (-1); + } + + return (0); +} + +char * +host_hash(const char *host, const char *name_from_hostfile, u_int src_len) +{ + const EVP_MD *md = EVP_sha1(); + HMAC_CTX mac_ctx; + char salt[256], result[256], uu_salt[512], uu_result[512]; + static char encoded[1024]; + u_int i, len; + + len = EVP_MD_size(md); + + if (name_from_hostfile == NULL) { + /* Create new salt */ + for (i = 0; i < len; i++) + salt[i] = arc4random(); + } else { + /* Extract salt from known host entry */ + if (extract_salt(name_from_hostfile, src_len, salt, + sizeof(salt)) == -1) + return (NULL); + } + + HMAC_Init(&mac_ctx, salt, len, md); + HMAC_Update(&mac_ctx, host, strlen(host)); + HMAC_Final(&mac_ctx, result, NULL); + HMAC_cleanup(&mac_ctx); + + if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || + __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) + fatal("host_hash: __b64_ntop failed"); + + snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, + HASH_DELIM, uu_result); + + return (encoded); +} /* * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the @@ -104,7 +193,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, char line[8192]; int linenum = 0; u_int kbits; - char *cp, *cp2; + char *cp, *cp2, *hashed_host; HostStatus end_return; debug3("check_host_in_hostfile: filename %s", filename); @@ -137,8 +226,18 @@ check_host_in_hostfile_by_key_or_type(const char *filename, ; /* Check if the host name matches. */ - if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) - continue; + if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) { + if (*cp != HASH_DELIM) + continue; + hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); + if (hashed_host == NULL) { + debug("Invalid hashed host line %d of %s", + linenum, filename); + continue; + } + if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) + continue; + } /* Got a match. Skip host name. */ cp = cp2; @@ -211,16 +310,28 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, const Key *key) +add_host_to_hostfile(const char *filename, const char *host, const Key *key, + int store_hash) { FILE *f; int success = 0; + char *hashed_host; + if (key == NULL) return 1; /* XXX ? */ f = fopen(filename, "a"); if (!f) return 0; - fprintf(f, "%s ", host); + + if (store_hash) { + if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + error("add_host_to_hostfile: host_hash failed"); + fclose(f); + return 0; + } + } + fprintf(f, "%s ", store_hash ? hashed_host : host); + if (key_write(key, f)) { success = 1; } else { diff --git a/hostfile.h b/hostfile.h index efcddc9f9..d6330752e 100644 --- a/hostfile.h +++ b/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */ /* * Author: Tatu Ylonen @@ -21,8 +21,13 @@ typedef enum { int hostfile_read_key(char **, u_int *, Key *); HostStatus check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, const Key *); +int add_host_to_hostfile(const char *, const char *, const Key *, int); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); +#define HASH_MAGIC "|1|" +#define HASH_DELIM '|' + +char *host_hash(const char *, const char *, u_int); + #endif diff --git a/readconf.c b/readconf.c index c3dc71e66..e50a42222 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.136 2005/03/01 10:40:26 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -106,7 +106,7 @@ typedef enum { oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oDeprecated, oUnsupported } OpCodes; @@ -197,6 +197,7 @@ static struct { { "sendenv", oSendEnv }, { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, + { "hashknownhosts", oHashKnownHosts }, { NULL, oBadOption } }; @@ -790,6 +791,10 @@ parse_int: intptr = &options->control_master; goto parse_yesnoask; + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -933,6 +938,7 @@ initialize_options(Options * options) options->num_send_env = 0; options->control_path = NULL; options->control_master = -1; + options->hash_known_hosts = -1; } /* @@ -1055,6 +1061,8 @@ fill_default_options(Options * options) options->server_alive_count_max = 3; if (options->control_master == -1) options->control_master = 0; + if (options->hash_known_hosts == -1) + options->hash_known_hosts = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 03b772a2d..de4b4cb27 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.65 2005/03/01 10:09:52 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */ /* * Author: Tatu Ylonen @@ -112,6 +112,8 @@ typedef struct { char *control_path; int control_master; + + int hash_known_hosts; } Options; diff --git a/ssh.1 b/ssh.1 index 27da08c69..c371b7cf5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.200 2005/03/01 10:09:52 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.201 2005/03/01 10:40:27 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -701,6 +701,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms diff --git a/ssh_config.5 b/ssh_config.5 index 6b6cfc5e9..9077acbee 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.43 2005/03/01 10:09:52 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.44 2005/03/01 10:40:27 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -407,6 +407,21 @@ Forward (delegate) credentials to the server. The default is .Dq no . Note that this option applies to protocol version 2 only. +.It Cm HashKnownHosts +Indicates that +.Nm ssh +should hash host names and addresses when they are added to +.Pa $HOME/.ssh/known_hosts . +These hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +The default is +.Dq no . +Note that hashing of names and addresses will not be retrospectively applied +to existing known hosts files. .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. diff --git a/sshconnect.c b/sshconnect.c index 33ec4753a..bafe7ba92 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.159 2005/01/05 08:51:32 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.160 2005/03/01 10:40:27 djm Exp $"); #include @@ -678,7 +678,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "'%.128s' not in list of known hosts.", type, ip); else if (!add_host_to_hostfile(user_hostfile, ip, - host_key)) + host_key, options.hash_known_hosts)) logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.30s).", type, ip, user_hostfile); @@ -744,7 +744,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, * If not in strict mode, add the key automatically to the * local known_hosts file. */ - if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) + if (!add_host_to_hostfile(user_hostfile, hostp, host_key, + options.hash_known_hosts)) logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfile); else diff --git a/sshd.8 b/sshd.8 index 9d30369c9..05b88f59e 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.204 2005/02/25 10:55:13 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.205 2005/03/01 10:40:27 djm Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -553,6 +553,14 @@ to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp +Alternately, hostnames may be stored in a hashed form which hides host names +and addresses should the file's contents be disclosed. Hashed hostnames start +with a +.Ql \&| +character. +Only one hashed hostname may appear on a single line and none of the above +negation or wildcard operators may be applied. +.Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh/ssh_host_key.pub . @@ -584,6 +592,11 @@ and adding the host names at the front. closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed +.Bd -literal +# A hashed hostname +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa +AAAA1234.....= +.Ed .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config -- cgit v1.2.3 From db7b8171ee084cbbe3a5ec5ef26df88e17aa3905 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:48:03 +1100 Subject: - djm@cvs.openbsd.org 2005/03/01 10:41:28 [ssh-keyscan.1 ssh-keyscan.c] option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ --- ChangeLog | 5 ++++- ssh-keyscan.1 | 12 ++++++++++-- ssh-keyscan.c | 18 ++++++++++++++---- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b69fe2f51..fd3076220 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ add support for hashing host names and addresses added to known_hosts files, to improve privacy of which hosts user have been visiting; ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:41:28 + [ssh-keyscan.1 ssh-keyscan.c] + option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2209,4 +2212,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3673 2005/03/01 10:47:37 djm Exp $ +$Id: ChangeLog,v 1.3674 2005/03/01 10:48:03 djm Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 9efcf5213..63427e727 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.19 2005/03/01 10:41:28 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -15,7 +15,7 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl v46 +.Op Fl Hv46 .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type @@ -46,6 +46,14 @@ scanning process involve any encryption. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl H +Hash all hostnames and addresses in the output. +Hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. .It Fl p Ar port Port to connect to on the remote host. .It Fl T Ar timeout diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3cb52ac2e..e94867004 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.51 2005/03/01 10:41:28 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); #include "log.h" #include "atomicio.h" #include "misc.h" +#include "hostfile.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -41,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT; int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ +int hash_hosts = 0; /* Hash hostname on output */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -366,10 +369,14 @@ keygrab_ssh2(con *c) static void keyprint(con *c, Key *key) { + char *host = c->c_output_name ? c->c_output_name : c->c_name; + if (!key) return; + if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); - fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name); + fprintf(stdout, "%s ", host); key_write(key, stdout); fputs("\n", stdout); } @@ -676,7 +683,7 @@ fatal(const char *fmt,...) static void usage(void) { - fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n" + fprintf(stderr, "usage: %s [-Hv46] [-p port] [-T timeout] [-t type] [-f file]\n" "\t\t [host | addrlist namelist] [...]\n", __progname); exit(1); @@ -700,8 +707,11 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { switch (opt) { + case 'H': + hash_hosts = 1; + break; case 'p': ssh_port = a2port(optarg); if (ssh_port == 0) { -- cgit v1.2.3 From 4b42d7f195fc38bc6eda25c2e0782321ff1f2a16 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 21:48:35 +1100 Subject: - djm@cvs.openbsd.org 2005/03/01 10:42:49 [ssh-keygen.1 ssh-keygen.c ssh_config.5] add tools for managing known_hosts files with hashed hostnames, including hashing existing files and deleting hosts by name; ok markus@ deraadt@ --- ChangeLog | 6 +- ssh-keygen.1 | 43 ++++++++++- ssh-keygen.c | 228 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- ssh_config.5 | 5 +- 4 files changed, 268 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd3076220..762f8dce4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ - djm@cvs.openbsd.org 2005/03/01 10:41:28 [ssh-keyscan.1 ssh-keyscan.c] option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:42:49 + [ssh-keygen.1 ssh-keygen.c ssh_config.5] + add tools for managing known_hosts files with hashed hostnames, including + hashing existing files and deleting hosts by name; ok markus@ deraadt@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] @@ -2212,4 +2216,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3674 2005/03/01 10:48:03 djm Exp $ +$Id: ChangeLog,v 1.3675 2005/03/01 10:48:35 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c0f24dcd0..f4c5ebcb8 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.64 2005/03/01 10:42:49 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -81,6 +81,15 @@ .Nm ssh-keygen .Fl D Ar reader .Nm ssh-keygen +.Fl F Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl H +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl R Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen .Fl U Ar reader .Op Fl f Ar input_keyfile .Nm ssh-keygen @@ -243,6 +252,38 @@ Provides the new comment. .It Fl D Ar reader Download the RSA public key stored in the smartcard in .Ar reader . +.It Fl F Ar hostname +Search for the specified +.Ar hostname +in a +.Pa known_hosts +file, listing any occurances found. +This option is useful to find hashed host names or addresses and may also be +used in conjunction with the +.Fl H +option to print found keys in a hashed format. +.It Fl H +Hash a +.Pa known_hosts +file, printing the result to standard output. +This replaces all hostnames and addresses with hashed representations. +These hashes may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +This option will not modify existing hashed hostnames and is therefore safe +to use on files that mix hashed and non-hashed names. +.It Fl R Ar hostname +Removes all keys belonging to +.Ar hostname +from a +.Pa known_hosts +file. +This option is useful to delete hashed hosts (see the +.Fl H +option above). .It Fl G Ar output_file Generate candidate primes for DH-GEX. These primes must be screened for diff --git a/ssh-keygen.c b/ssh-keygen.c index 7ed62a30c..00ddb90c8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.118 2004/12/23 17:38:07 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.119 2005/03/01 10:42:49 djm Exp $"); #include #include @@ -27,6 +27,8 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.118 2004/12/23 17:38:07 markus Exp $"); #include "pathnames.h" #include "log.h" #include "misc.h" +#include "match.h" +#include "hostfile.h" #ifdef SMARTCARD #include "scard.h" @@ -50,6 +52,13 @@ int change_comment = 0; int quiet = 0; +/* Flag indicating that we want to hash a known_hosts file */ +int hash_hosts = 0; +/* Flag indicating that we want lookup a host in known_hosts file */ +int find_host = 0; +/* Flag indicating that we want to delete a host from a known_hosts file */ +int delete_host = 0; + /* Flag indicating that we just want to see the key fingerprint */ int print_fingerprint = 0; int print_bubblebabble = 0; @@ -541,6 +550,194 @@ do_fingerprint(struct passwd *pw) exit(0); } +static void +print_host(FILE *f, char *name, Key *public, int hash) +{ + if (hash && (name = host_hash(name, NULL, 0)) == NULL) + fatal("hash_host failed"); + fprintf(f, "%s ", name); + if (!key_write(public, f)) + fatal("key_write failed"); + fprintf(f, "\n"); +} + +static void +do_known_hosts(struct passwd *pw, const char *name) +{ + FILE *in, *out = stdout; + Key *public; + char *cp, *cp2, *kp, *kp2; + char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; + int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; + + if (!have_identity) { + cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); + if (strlcpy(identity_file, cp, sizeof(identity_file)) >= + sizeof(identity_file)) + fatal("Specified known hosts path too long"); + xfree(cp); + have_identity = 1; + } + if ((in = fopen(identity_file, "r")) == NULL) + fatal("fopen: %s", strerror(errno)); + + /* + * Find hosts goes to stdout, hash and deletions happen in-place + * A corner case is ssh-keygen -HF foo, which should go to stdout + */ + if (!find_host && (hash_hosts || delete_host)) { + if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || + strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || + strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || + strlcat(old, ".old", sizeof(old)) >= sizeof(old)) + fatal("known_hosts path too long"); + umask(077); + if ((c = mkstemp(tmp)) == -1) + fatal("mkstemp: %s", strerror(errno)); + if ((out = fdopen(c, "w")) == NULL) { + c = errno; + unlink(tmp); + fatal("fdopen: %s", strerror(c)); + } + inplace = 1; + } + + while (fgets(line, sizeof(line), in)) { + num++; + i = strlen(line) - 1; + if (line[i] != '\n') { + error("line %d too long: %.40s...", num, line); + skip = 1; + invalid = 1; + continue; + } + if (skip) { + skip = 0; + continue; + } + line[i] = '\0'; + + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; + if (!*cp || *cp == '\n' || *cp == '#') { + if (inplace) + fprintf(out, "%s\n", cp); + continue; + } + /* Find the end of the host name portion. */ + for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) + ; + if (*kp == '\0' || *(kp + 1) == '\0') { + error("line %d missing key: %.40s...", + num, line); + invalid = 1; + continue; + } + *kp++ = '\0'; + kp2 = kp; + + public = key_new(KEY_RSA1); + if (key_read(public, &kp) != 1) { + kp = kp2; + key_free(public); + public = key_new(KEY_UNSPEC); + if (key_read(public, &kp) != 1) { + error("line %d invalid key: %.40s...", + num, line); + key_free(public); + invalid = 1; + continue; + } + } + + if (*cp == HASH_DELIM) { + if (find_host || delete_host) { + cp2 = host_hash(name, cp, strlen(cp)); + if (cp2 == NULL) { + error("line %d: invalid hashed " + "name: %.64s...", num, line); + invalid = 1; + continue; + } + c = (strcmp(cp2, cp) == 0); + if (find_host && c) { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(public)); + print_host(out, cp, public, 0); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) + print_host(out, cp, public, 0); + } else { + if (find_host || delete_host) { + c = (match_hostname(name, cp, + strlen(cp)) == 1); + if (find_host && c) { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(public)); + print_host(out, cp, public, hash_hosts); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) { + for(cp2 = strsep(&cp, ","); + cp2 != NULL && *cp2 != '\0'; + cp2 = strsep(&cp, ",")) + print_host(out, cp2, public, 1); + has_unhashed = 1; + } + } + key_free(public); + } + fclose(in); + + if (invalid) { + fprintf(stderr, "%s is not a valid known_host file.\n", + identity_file); + if (inplace) { + fprintf(stderr, "Not replacing existing known_hosts " + "file beacuse of errors"); + fclose(out); + unlink(tmp); + } + exit(1); + } + + if (inplace) { + fclose(out); + + /* Backup existing file */ + if (unlink(old) == -1 && errno != ENOENT) + fatal("unlink %.100s: %s", old, strerror(errno)); + if (link(identity_file, old) == -1) + fatal("link %.100s to %.100s: %s", identity_file, old, + strerror(errno)); + /* Move new one into place */ + if (rename(tmp, identity_file) == -1) { + error("rename\"%s\" to \"%s\": %s", tmp, identity_file, + strerror(errno)); + unlink(tmp); + unlink(old); + exit(1); + } + + fprintf(stderr, "%s updated.\n", identity_file); + fprintf(stderr, "Original contents retained as %s\n", old); + if (has_unhashed) { + fprintf(stderr, "WARNING: %s contains unhashed " + "entries\n", old); + fprintf(stderr, "Delete this file to ensure privacy " + "of hostnames\n"); + } + } + + exit(0); +} + /* * Perform changing a passphrase. The argument is the passwd structure * for the current user. @@ -767,6 +964,8 @@ usage(void) fprintf(stderr, " -y Read private key file and print public key.\n"); fprintf(stderr, " -t type Specify type of key to create.\n"); fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); + fprintf(stderr, " -H Hash names in known_hosts file\n"); + fprintf(stderr, " -F hostname Find hostname in known hosts file\n"); fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); @@ -790,7 +989,7 @@ main(int ac, char **av) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char out_file[MAXPATHLEN], *reader_id = NULL; - char *resource_record_hostname = NULL; + char *rr_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; @@ -824,7 +1023,7 @@ main(int ac, char **av) } while ((opt = getopt(ac, av, - "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { + "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -833,6 +1032,17 @@ main(int ac, char **av) exit(1); } break; + case 'F': + find_host = 1; + rr_hostname = optarg; + break; + case 'H': + hash_hosts = 1; + break; + case 'R': + delete_host = 1; + rr_hostname = optarg; + break; case 'l': print_fingerprint = 1; break; @@ -864,10 +1074,6 @@ main(int ac, char **av) case 'q': quiet = 1; break; - case 'R': - /* unused */ - exit(0); - break; case 'e': case 'x': /* export key */ @@ -902,7 +1108,7 @@ main(int ac, char **av) } break; case 'r': - resource_record_hostname = optarg; + rr_hostname = optarg; break; case 'W': generator_wanted = atoi(optarg); @@ -945,6 +1151,8 @@ main(int ac, char **av) printf("Can only have one of -p and -c.\n"); usage(); } + if (delete_host || hash_hosts || find_host) + do_known_hosts(pw, rr_hostname); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) @@ -957,8 +1165,8 @@ main(int ac, char **av) do_convert_from_ssh2(pw); if (print_public) do_print_public(pw); - if (resource_record_hostname != NULL) { - do_print_resource_record(pw, resource_record_hostname); + if (rr_hostname != NULL) { + do_print_resource_record(pw, rr_hostname); } if (reader_id != NULL) { #ifdef SMARTCARD diff --git a/ssh_config.5 b/ssh_config.5 index 9077acbee..2a85485ec 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.44 2005/03/01 10:40:27 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.45 2005/03/01 10:42:49 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -421,7 +421,8 @@ be disclosed. The default is .Dq no . Note that hashing of names and addresses will not be retrospectively applied -to existing known hosts files. +to existing known hosts files, but these may be manually hashed using +.Xr ssh-keygen 1 . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. -- cgit v1.2.3 From 36bf7dd18456a7b2b19cac55772cd6ab8225bda0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:02:47 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 14:47:58 [ssh.1] remove some unneccesary macros; do not mark up punctuation; --- ChangeLog | 9 ++++++++- ssh.1 | 50 ++++++++++++++++++++++---------------------------- 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 762f8dce4..4a3b09a86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20050302 + - (djm) OpenBSD CVS sync: + - jmc@cvs.openbsd.org 2005/03/01 14:47:58 + [ssh.1] + remove some unneccesary macros; + do not mark up punctuation; + 20050301 - (djm) OpenBSD CVS sync: - otto@cvs.openbsd.org 2005/02/16 09:56:44 @@ -2216,4 +2223,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3675 2005/03/01 10:48:35 djm Exp $ +$Id: ChangeLog,v 1.3676 2005/03/02 01:02:47 djm Exp $ diff --git a/ssh.1 b/ssh.1 index c371b7cf5..a7ff8d731 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.201 2005/03/01 10:40:27 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.202 2005/03/01 14:47:58 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,42 +43,35 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh +.Bk -words .Op Fl 1246AaCfgkMNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec -.Bk -words .Op Fl D Ar port .Op Fl e Ar escape_char .Op Fl F Ar configfile .Op Fl i Ar identity_file -.Oo Fl L Xo +.Oo Fl L\ \& .Sm off .Oo Ar bind_address : Oc -.Ar port : -.Ar host : -.Ar hostport +.Ar port : host : hostport .Sm on -.Xc .Oc .Op Fl l Ar login_name .Op Fl m Ar mac_spec .Op Fl O Ar ctl_cmd .Op Fl o Ar option -.Bk -words .Op Fl p Ar port -.Ek -.Oo Fl R Xo +.Oo Fl R\ \& .Sm off .Oo Ar bind_address : Oc -.Ar port : -.Ar host : -.Ar hostport +.Ar port : host : hostport .Sm on -.Xc .Oc .Op Fl S Ar ctl_path .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -592,7 +585,7 @@ Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax: .Sm off .Xo -.Oo Ar bind_address / Oc +.Oo Ar bind_address No / Oc .Ar port No / Ar host No / .Ar hostport .Xc @@ -609,9 +602,9 @@ The .Ar bind_address of .Dq localhost -indicates that the listening port be bound for local use only, while an -empty address or -.Dq * +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * indicates that the port should be available from all interfaces. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. @@ -766,28 +759,29 @@ Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax: -.Xo .Sm off -.Oo Ar bind_address / Oc -.Ar host/port/hostport -.Sm on +.Xo +.Oo Ar bind_address No / Oc +.Ar host No / Ar port No / +.Ar hostport .Xc . +.Sm on .Pp By default, the listening socket on the server will be bound to the loopback interface only. This may be overriden by specifying a .Ar bind_address . -An empty -.Ar bind_address , +An empty +.Ar bind_address , or the address -.Ql * +.Ql * , indicates that the remote socket should listen on all interfaces. Specifying a remote .Ar bind_address -will only succeed if the server's -.Cm GatewayPorts +will only succeed if the server's +.Cm GatewayPorts option is enabled (see -.Xr sshd_config 5 ). +.Xr sshd_config 5 ) . .It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing. Refer to the description of -- cgit v1.2.3 From f8c554629057b7bc59444201ae83f1505f4c74a1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:03:05 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 14:55:23 [ssh_config.5] do not mark up punctuation; whitespace; --- ChangeLog | 6 +++++- ssh_config.5 | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a3b09a86..f1e90d34a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [ssh.1] remove some unneccesary macros; do not mark up punctuation; + - jmc@cvs.openbsd.org 2005/03/01 14:55:23 + [ssh_config.5] + do not mark up punctuation; + whitespace; 20050301 - (djm) OpenBSD CVS sync: @@ -2223,4 +2227,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3676 2005/03/02 01:02:47 djm Exp $ +$Id: ChangeLog,v 1.3677 2005/03/02 01:03:05 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 2a85485ec..32778edbb 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.45 2005/03/01 10:42:49 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.46 2005/03/01 14:55:23 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -420,7 +420,7 @@ but they do not reveal identifying information should the file's contents be disclosed. The default is .Dq no . -Note that hashing of names and addresses will not be retrospectively applied +Note that hashing of names and addresses will not be retrospectively applied to existing known hosts files, but these may be manually hashed using .Xr ssh-keygen 1 . .It Cm HostbasedAuthentication @@ -499,18 +499,18 @@ The first argument must be a port number, and the second must be .Xo .Sm off .Oo Ar bind_address : Oc -.Ar host:port +.Ar host : port .Sm on .Xc . -IPv6 addresses can be specified by enclosing addresses in square brackets or +IPv6 addresses can be specified by enclosing addresses in square brackets or by using an alternative syntax: .Xo .Sm off -.Oo Ar bind_address / Oc -.Ar host/port +.Oo Ar bind_address No / Oc +.Ar host No / Ar port .Sm on .Xc . -Multiple forwardings may be specified, and additional forwardings can be +Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the @@ -523,9 +523,9 @@ The .Ar bind_address of .Dq localhost -indicates that the listening port be bound for local use only, while an -empty address or -.Dq * +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from @@ -636,15 +636,15 @@ The first argument must be a port number, and the second must be .Xo .Sm off .Oo Ar bind_address : Oc -.Ar host:port +.Ar host : port .Sm on .Xc . IPv6 addresses can be specified by enclosing any addresses in square brackets or by using the alternative syntax: .Xo .Sm off -.Oo Ar bind_address / Oc -.Ar host/port +.Oo Ar bind_address No / Oc +.Ar host No / Ar port .Sm on .Xc . Multiple forwardings may be specified, and additional @@ -662,10 +662,10 @@ or an empty string, then the forwarding is requested to listen on all interfaces. Specifying a remote .Ar bind_address -will only succeed if the server's -.Cm GatewayPorts +will only succeed if the server's +.Cm GatewayPorts option is enabled (see -.Xr sshd_config 5 ). +.Xr sshd_config 5 ) . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. -- cgit v1.2.3 From 718fd4b9b8e934e3de9b7e4b153cb86a2fef5f1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:03:23 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 14:59:49 [sshd.8] new sentence, new line; whitespace; --- ChangeLog | 6 +++++- sshd.8 | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index f1e90d34a..9ab91c189 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ [ssh_config.5] do not mark up punctuation; whitespace; + - jmc@cvs.openbsd.org 2005/03/01 14:59:49 + [sshd.8] + new sentence, new line; + whitespace; 20050301 - (djm) OpenBSD CVS sync: @@ -2227,4 +2231,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3677 2005/03/02 01:03:05 djm Exp $ +$Id: ChangeLog,v 1.3678 2005/03/02 01:03:23 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 05b88f59e..ac3bf96cf 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.205 2005/03/01 10:40:27 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -554,9 +554,9 @@ pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp Alternately, hostnames may be stored in a hashed form which hides host names -and addresses should the file's contents be disclosed. Hashed hostnames start -with a -.Ql \&| +and addresses should the file's contents be disclosed. +Hashed hostnames start with a +.Ql | character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. -- cgit v1.2.3 From 4c9c6fdcfe21dcb220fb51177e6caa75e97c3d38 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:03:43 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 15:05:00 [ssh-keygen.1] whitespace; --- ChangeLog | 5 ++++- ssh-keygen.1 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9ab91c189..d5161a0f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ [sshd.8] new sentence, new line; whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:05:00 + [ssh-keygen.1] + whitespace; 20050301 - (djm) OpenBSD CVS sync: @@ -2231,4 +2234,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3678 2005/03/02 01:03:23 djm Exp $ +$Id: ChangeLog,v 1.3679 2005/03/02 01:03:43 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f4c5ebcb8..4f2af5815 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.64 2005/03/01 10:42:49 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.65 2005/03/01 15:05:00 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -273,15 +273,15 @@ and .Nm sshd , but they do not reveal identifying information should the file's contents be disclosed. -This option will not modify existing hashed hostnames and is therefore safe +This option will not modify existing hashed hostnames and is therefore safe to use on files that mix hashed and non-hashed names. .It Fl R Ar hostname Removes all keys belonging to .Ar hostname -from a +from a .Pa known_hosts file. -This option is useful to delete hashed hosts (see the +This option is useful to delete hashed hosts (see the .Fl H option above). .It Fl G Ar output_file -- cgit v1.2.3 From 9a2fdbd0d6e13dd28612a351561adb6b32b94bd5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:04:01 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 15:47:14 [ssh-keyscan.1 ssh-keyscan.c] sort options and sync usage(); --- ChangeLog | 5 ++++- ssh-keyscan.1 | 44 ++++++++++++++++++++++---------------------- ssh-keyscan.c | 4 ++-- 3 files changed, 28 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index d5161a0f0..3165f1225 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - jmc@cvs.openbsd.org 2005/03/01 15:05:00 [ssh-keygen.1] whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:47:14 + [ssh-keyscan.1 ssh-keyscan.c] + sort options and sync usage(); 20050301 - (djm) OpenBSD CVS sync: @@ -2234,4 +2237,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3679 2005/03/02 01:03:43 djm Exp $ +$Id: ChangeLog,v 1.3680 2005/03/02 01:04:01 djm Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 63427e727..7e846f77c 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.19 2005/03/01 10:41:28 djm Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -15,11 +15,11 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl Hv46 +.Op Fl 46Hv +.Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl f Ar file .Op Ar host | addrlist namelist .Op Ar ... .Ek @@ -46,6 +46,25 @@ scanning process involve any encryption. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl f Ar file +Read hosts or +.Pa addrlist namelist +pairs from this file, one per line. +If +.Pa - +is supplied instead of a filename, +.Nm +will read hosts or +.Pa addrlist namelist +pairs from the standard input. .It Fl H Hash all hostnames and addresses in the output. Hashed names may be used normally by @@ -76,30 +95,11 @@ for protocol version 2. Multiple values may be specified by separating them with commas. The default is .Dq rsa1 . -.It Fl f Ar filename -Read hosts or -.Pa addrlist namelist -pairs from this file, one per line. -If -.Pa - -is supplied instead of a filename, -.Nm -will read hosts or -.Pa addrlist namelist -pairs from the standard input. .It Fl v Verbose mode. Causes .Nm to print debugging messages about its progress. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. .El .Sh SECURITY If a ssh_known_hosts file is constructed using diff --git a/ssh-keyscan.c b/ssh-keyscan.c index e94867004..bc2c3b728 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.51 2005/03/01 10:41:28 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $"); #include "openbsd-compat/sys-queue.h" @@ -683,7 +683,7 @@ fatal(const char *fmt,...) static void usage(void) { - fprintf(stderr, "usage: %s [-Hv46] [-p port] [-T timeout] [-t type] [-f file]\n" + fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" "\t\t [host | addrlist namelist] [...]\n", __progname); exit(1); -- cgit v1.2.3 From 27e9c5125e9a8a3d7cb5086a875a00a9eb556e90 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:04:16 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 17:19:35 [scp.1 sftp.1] add HashKnownHosts to -o list; ok markus@ --- ChangeLog | 6 +++++- scp.1 | 3 ++- sftp.1 | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3165f1225..538e2e3b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ - jmc@cvs.openbsd.org 2005/03/01 15:47:14 [ssh-keyscan.1 ssh-keyscan.c] sort options and sync usage(); + - jmc@cvs.openbsd.org 2005/03/01 17:19:35 + [scp.1 sftp.1] + add HashKnownHosts to -o list; + ok markus@ 20050301 - (djm) OpenBSD CVS sync: @@ -2237,4 +2241,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3680 2005/03/02 01:04:01 djm Exp $ +$Id: ChangeLog,v 1.3681 2005/03/02 01:04:16 djm Exp $ diff --git a/scp.1 b/scp.1 index 30049c2b6..b5191e318 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.37 2004/10/07 10:10:24 djm Exp $ +.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -133,6 +133,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms diff --git a/sftp.1 b/sftp.1 index bcd7fdf78..c89ffc30f 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.60 2004/12/05 23:55:07 jaredy Exp $ +.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -161,6 +161,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms -- cgit v1.2.3 From 02faeceb5632393de553ef2b4b7d31d6f7b022c4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:04:32 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 17:22:06 [ssh.c] sync usage() w/ man SYNOPSIS; ok markus@ --- ChangeLog | 6 +++++- ssh.c | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 538e2e3b3..e306a8324 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,10 @@ [scp.1 sftp.1] add HashKnownHosts to -o list; ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:22:06 + [ssh.c] + sync usage() w/ man SYNOPSIS; + ok markus@ 20050301 - (djm) OpenBSD CVS sync: @@ -2241,4 +2245,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3681 2005/03/02 01:04:16 djm Exp $ +$Id: ChangeLog,v 1.3682 2005/03/02 01:04:32 djm Exp $ diff --git a/ssh.c b/ssh.c index 99b25afcc..9acec3082 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.232 2005/03/01 10:09:52 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $"); #include #include @@ -158,10 +158,10 @@ usage(void) { fprintf(stderr, "usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D [listen-host:]port] [-e escape_char] [-F configfile]\n" -" [-i identity_file] [-L [listen-host:]port:host:hostport]\n" +" [-D port] [-e escape_char] [-F configfile]\n" +" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" -" [-R [listen-host:]port:host:hostport] [-S ctl_path]\n" +" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" " [user@]hostname [command]\n" ); exit(1); -- cgit v1.2.3 From 792c01749a754db5e2e6932869d315113c180461 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:04:50 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 17:32:19 [ssh-add.1] sort options; --- ChangeLog | 5 ++++- ssh-add.1 | 45 +++++++++++++++++++++++---------------------- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index e306a8324..df49cb605 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ [ssh.c] sync usage() w/ man SYNOPSIS; ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:32:19 + [ssh-add.1] + sort options; 20050301 - (djm) OpenBSD CVS sync: @@ -2245,4 +2248,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3682 2005/03/02 01:04:32 djm Exp $ +$Id: ChangeLog,v 1.3683 2005/03/02 01:04:50 djm Exp $ diff --git a/ssh-add.1 b/ssh-add.1 index 4c97fc068..1f3df5bec 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.41 2004/08/30 21:22:49 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -45,7 +45,7 @@ .Nd adds RSA or DSA identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl lLdDxXc +.Op Fl cDdLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -77,23 +77,6 @@ to work. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl l -Lists fingerprints of all identities currently represented by the agent. -.It Fl L -Lists public key parameters of all identities currently represented by the agent. -.It Fl d -Instead of adding the identity, removes the identity from the agent. -.It Fl D -Deletes all identities from the agent. -.It Fl x -Lock the agent with a password. -.It Fl X -Unlock the agent. -.It Fl t Ar life -Set a maximum lifetime when adding identities to an agent. -The lifetime may be specified in seconds or in a time format -specified in -.Xr sshd_config 5 . .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. @@ -103,12 +86,30 @@ program mentioned below. Successful confirmation is signaled by a zero exit status from the .Ev SSH_ASKPASS program, rather than text entered into the requester. -.It Fl s Ar reader -Add key in smartcard -.Ar reader . +.It Fl D +Deletes all identities from the agent. +.It Fl d +Instead of adding the identity, removes the identity from the agent. .It Fl e Ar reader Remove key in smartcard .Ar reader . +.It Fl L +Lists public key parameters of all identities currently represented +by the agent. +.It Fl l +Lists fingerprints of all identities currently represented by the agent. +.It Fl s Ar reader +Add key in smartcard +.Ar reader . +.It Fl t Ar life +Set a maximum lifetime when adding identities to an agent. +The lifetime may be specified in seconds or in a time format +specified in +.Xr sshd_config 5 . +.It Fl X +Unlock the agent. +.It Fl x +Lock the agent with a password. .El .Sh ENVIRONMENT .Bl -tag -width Ds -- cgit v1.2.3 From 265d309ebc97447f5e710df04196e626f018cad8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:05:06 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/01 18:15:56 [ssh-keygen.1] sort options (no attempt made at synopsis clean up though); spelling (occurance -> occurrence); use prompt before examples; grammar; --- ChangeLog | 8 +++- ssh-keygen.1 | 134 +++++++++++++++++++++++++++++------------------------------ 2 files changed, 74 insertions(+), 68 deletions(-) diff --git a/ChangeLog b/ChangeLog index df49cb605..459edc97f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,12 @@ - jmc@cvs.openbsd.org 2005/03/01 17:32:19 [ssh-add.1] sort options; + - jmc@cvs.openbsd.org 2005/03/01 18:15:56 + [ssh-keygen.1] + sort options (no attempt made at synopsis clean up though); + spelling (occurance -> occurrence); + use prompt before examples; + grammar; 20050301 - (djm) OpenBSD CVS sync: @@ -2248,4 +2254,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3683 2005/03/02 01:04:50 djm Exp $ +$Id: ChangeLog,v 1.3684 2005/03/02 01:05:06 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 4f2af5815..3987b1e66 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.65 2005/03/01 15:05:00 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -183,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX candidates using the .Fl T command. +.It Fl B +Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits Specifies the number of bits in the key to create. Minimum is 512 bits. Generally, 1024 bits is considered sufficient. The default is 1024 bits. +.It Fl C Ar comment +Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. +.It Fl D Ar reader +Download the RSA public key stored in the smartcard in +.Ar reader . .It Fl e This option will read a private or public OpenSSH key file and print the key in a @@ -200,12 +207,41 @@ print the key in a to stdout. This option allows exporting keys for use by several commercial SSH implementations. +.It Fl F Ar hostname +Search for the specified +.Ar hostname +in a +.Pa known_hosts +file, listing any occurrences found. +This option is useful to find hashed host names or addresses and may also be +used in conjunction with the +.Fl H +option to print found keys in a hashed format. +.It Fl f Ar filename +Specifies the filename of the key file. +.It Fl G Ar output_file +Generate candidate primes for DH-GEX. +These primes must be screened for +safety (using the +.Fl T +option) before use. .It Fl g Use generic DNS format when printing fingerprint resource records using the .Fl r command. -.It Fl f Ar filename -Specifies the filename of the key file. +.It Fl H +Hash a +.Pa known_hosts +file, printing the result to standard output. +This replaces all hostnames and addresses with hashed representations. +These hashes may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +This option will not modify existing hashed hostnames and is therefore safe +to use on files that mix hashed and non-hashed names. .It Fl i This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private @@ -221,6 +257,13 @@ Private RSA1 keys are also supported. For RSA and DSA keys .Nm tries to find the matching public key file and prints its fingerprint. +.It Fl M Ar memory +Specify the amount of memory to use (in megabytes) when generating +candidate moduli for DH-GEX. +.It Fl N Ar new_passphrase +Provides the new passphrase. +.It Fl P Ar passphrase +Provides the (old) passphrase. .It Fl p Requests changing the passphrase of a private key file instead of creating a new private key. @@ -233,48 +276,6 @@ Silence Used by .Pa /etc/rc when creating a new key. -.It Fl y -This option will read a private -OpenSSH format file and print an OpenSSH public key to stdout. -.It Fl t Ar type -Specifies the type of the key to create. -The possible values are -.Dq rsa1 -for protocol version 1 and -.Dq rsa -or -.Dq dsa -for protocol version 2. -.It Fl B -Show the bubblebabble digest of specified private or public key file. -.It Fl C Ar comment -Provides the new comment. -.It Fl D Ar reader -Download the RSA public key stored in the smartcard in -.Ar reader . -.It Fl F Ar hostname -Search for the specified -.Ar hostname -in a -.Pa known_hosts -file, listing any occurances found. -This option is useful to find hashed host names or addresses and may also be -used in conjunction with the -.Fl H -option to print found keys in a hashed format. -.It Fl H -Hash a -.Pa known_hosts -file, printing the result to standard output. -This replaces all hostnames and addresses with hashed representations. -These hashes may be used normally by -.Nm ssh -and -.Nm sshd , -but they do not reveal identifying information should the file's contents -be disclosed. -This option will not modify existing hashed hostnames and is therefore safe -to use on files that mix hashed and non-hashed names. .It Fl R Ar hostname Removes all keys belonging to .Ar hostname @@ -284,27 +285,25 @@ file. This option is useful to delete hashed hosts (see the .Fl H option above). -.It Fl G Ar output_file -Generate candidate primes for DH-GEX. -These primes must be screened for -safety (using the -.Fl T -option) before use. -.It Fl M Ar memory -Specify the amount of memory to use (in megabytes) when generating -candidate moduli for DH-GEX. -.It Fl N Ar new_passphrase -Provides the new passphrase. -.It Fl P Ar passphrase -Provides the (old) passphrase. +.It Fl r Ar hostname +Print the SSHFP fingerprint resource record named +.Ar hostname +for the specified public key file. .It Fl S Ar start Specify start point (in hex) when generating candidate moduli for DH-GEX. .It Fl T Ar output_file Test DH group exchange candidate primes (generated using the .Fl G option) for safety. -.It Fl W Ar generator -Specify desired generator when testing candidate moduli for DH-GEX. +.It Fl t Ar type +Specifies the type of key to create. +The possible values are +.Dq rsa1 +for protocol version 1 and +.Dq rsa +or +.Dq dsa +for protocol version 2. .It Fl U Ar reader Upload an existing RSA private key into the smartcard in .Ar reader . @@ -318,10 +317,11 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl r Ar hostname -Print the SSHFP fingerprint resource record named -.Ar hostname -for the specified public key file. +.It Fl W Ar generator +Specify desired generator when testing candidate moduli for DH-GEX. +.It Fl y +This option will read a private +OpenSSH format file and print an OpenSSH public key to stdout. .El .Sh MODULI GENERATION .Nm @@ -340,7 +340,7 @@ The desired length of the primes may be specified by the option. For example: .Pp -.Dl ssh-keygen -G moduli-2048.candidates -b 2048 +.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 .Pp By default, the search for primes begins at a random point in the desired length range. @@ -360,7 +360,7 @@ will read candidates from standard input (or a file specified using the option). For example: .Pp -.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates +.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates .Pp By default, each candidate will be subjected to 100 primality tests. This may be overridden using the @@ -371,7 +371,7 @@ prime under consideration. If a specific generator is desired, it may be requested using the .Fl W option. -Valid generator values are 2, 3 and 5. +Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in .Pa /etc/moduli . -- cgit v1.2.3 From 1227d4c93c44d09694e547b62b643afa2a321a17 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:06:51 +1100 Subject: - djm@cvs.openbsd.org 2005/03/02 01:00:06 [sshconnect.c] fix addition of new hashed hostnames when CheckHostIP=yes; found and ok dtucker@ --- ChangeLog | 6 +++++- sshconnect.c | 35 +++++++++++++++++++++++++---------- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 459edc97f..a5554745f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ spelling (occurance -> occurrence); use prompt before examples; grammar; + - djm@cvs.openbsd.org 2005/03/02 01:00:06 + [sshconnect.c] + fix addition of new hashed hostnames when CheckHostIP=yes; + found and ok dtucker@ 20050301 - (djm) OpenBSD CVS sync: @@ -2254,4 +2258,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3684 2005/03/02 01:05:06 djm Exp $ +$Id: ChangeLog,v 1.3685 2005/03/02 01:06:51 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index bafe7ba92..49190560d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.160 2005/03/01 10:40:27 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); #include @@ -554,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; - int local = 0, host_ip_differ = 0; + int r, local = 0, host_ip_differ = 0; int salen; char ntop[NI_MAXHOST]; char msg[1024]; @@ -734,18 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (!confirm(msg)) goto fail; } - if (options.check_host_ip && ip_status == HOST_NEW) { - snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); - hostp = hostline; - } else - hostp = host; - /* * If not in strict mode, add the key automatically to the * local known_hosts file. */ - if (!add_host_to_hostfile(user_hostfile, hostp, host_key, - options.hash_known_hosts)) + if (options.check_host_ip && ip_status == HOST_NEW) { + snprintf(hostline, sizeof(hostline), "%s,%s", + host, ip); + hostp = hostline; + if (options.hash_known_hosts) { + /* Add hash of host and IP separately */ + r = add_host_to_hostfile(user_hostfile, host, + host_key, options.hash_known_hosts) && + add_host_to_hostfile(user_hostfile, ip, + host_key, options.hash_known_hosts); + } else { + /* Add unhashed "host,ip" */ + r = add_host_to_hostfile(user_hostfile, + hostline, host_key, + options.hash_known_hosts); + } + } else { + r = add_host_to_hostfile(user_hostfile, host, host_key, + options.hash_known_hosts); + hostp = host; + } + + if (!r) logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfile); else -- cgit v1.2.3 From 89eac8010a80589bcd3abda8f253cd0cd3d2088c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 12:33:04 +1100 Subject: - djm@cvs.openbsd.org 2005/03/02 01:27:41 [ssh-keygen.c] ignore hostnames with metachars when hashing; ok deraadt@ --- ChangeLog | 5 ++++- ssh-keygen.c | 13 ++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index a5554745f..5ba0ac303 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ [sshconnect.c] fix addition of new hashed hostnames when CheckHostIP=yes; found and ok dtucker@ + - djm@cvs.openbsd.org 2005/03/02 01:27:41 + [ssh-keygen.c] + ignore hostnames with metachars when hashing; ok deraadt@ 20050301 - (djm) OpenBSD CVS sync: @@ -2258,4 +2261,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3685 2005/03/02 01:06:51 djm Exp $ +$Id: ChangeLog,v 1.3686 2005/03/02 01:33:04 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 00ddb90c8..a9931d4d8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.119 2005/03/01 10:42:49 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); #include #include @@ -686,8 +686,15 @@ do_known_hosts(struct passwd *pw, const char *name) } else if (hash_hosts) { for(cp2 = strsep(&cp, ","); cp2 != NULL && *cp2 != '\0'; - cp2 = strsep(&cp, ",")) - print_host(out, cp2, public, 1); + cp2 = strsep(&cp, ",")) { + if (strcspn(cp2, "*?!") != strlen(cp2)) + fprintf(stderr, "Warning: " + "ignoring host name with " + "metacharacters: %.64s\n", + cp2); + else + print_host(out, cp2, public, 1); + } has_unhashed = 1; } } -- cgit v1.2.3 From 947219e6e6d8be46d42c70239a907e4227e62d4a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 2 Mar 2005 13:22:30 +1100 Subject: - djm@cvs.openbsd.org 2005/03/02 02:21:07 [ssh.1] bz#987: mention ForwardX11Trusted in ssh.1, reported by andrew.benham AT thus.net; ok deraadt@ --- ChangeLog | 6 +++++- ssh.1 | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5ba0ac303..d7e4fba19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,10 @@ - djm@cvs.openbsd.org 2005/03/02 01:27:41 [ssh-keygen.c] ignore hostnames with metachars when hashing; ok deraadt@ + - djm@cvs.openbsd.org 2005/03/02 02:21:07 + [ssh.1] + bz#987: mention ForwardX11Trusted in ssh.1, + reported by andrew.benham AT thus.net; ok deraadt@ 20050301 - (djm) OpenBSD CVS sync: @@ -2261,4 +2265,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3686 2005/03/02 01:33:04 djm Exp $ +$Id: ChangeLog,v 1.3687 2005/03/02 02:22:30 djm Exp $ diff --git a/ssh.1 b/ssh.1 index a7ff8d731..d7cc83c1b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.202 2005/03/01 14:47:58 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.203 2005/03/02 02:21:07 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -831,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. +.Pp +For this reason, X11 forwarding is subjected X11 SECURITY extension +restrictions by default. +Please refer to the +.Nm +.Fl Y +option and the +.Cm ForwardX11Trusted +directive in +.Xr ssh_config 5 +for more information. .It Fl x Disables X11 forwarding. .It Fl Y Enables trusted X11 forwarding. +Trusted X11 forwardings are not subjected to the X11 SECURITY extension +controls. .El .Sh CONFIGURATION FILES .Nm -- cgit v1.2.3 From f8f3016f9e959e5f1220ccdcd8f5d1c48b6bdb25 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 2 Mar 2005 21:49:56 -0800 Subject: - (tim) [regress/agent-ptrace.sh] add another possible gdb error. --- ChangeLog | 3 ++- regress/agent-ptrace.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d7e4fba19..416a4ea99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,7 @@ [ssh.1] bz#987: mention ForwardX11Trusted in ssh.1, reported by andrew.benham AT thus.net; ok deraadt@ + - (tim) [regress/agent-ptrace.sh] add another possible gdb error. 20050301 - (djm) OpenBSD CVS sync: @@ -2265,4 +2266,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3687 2005/03/02 02:22:30 djm Exp $ +$Id: ChangeLog,v 1.3688 2005/03/03 05:49:56 tim Exp $ diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index 9aff167c1..4de2638e4 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -41,7 +41,7 @@ EOF if [ $? -ne 0 ]; then fail "gdb failed: exit code $?" fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.' >/dev/null ${OBJ}/gdb.out + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out r=$? rm -f ${OBJ}/gdb.out if [ $r -ne 0 ]; then -- cgit v1.2.3 From 7ffa367a936566e35b04a8371d3e961f29429eae Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Mar 2005 11:20:40 +1100 Subject: - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch from vinschen at redhat.com --- ChangeLog | 6 +++++- contrib/cygwin/README | 25 +++++++++++++++++-------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 416a4ea99..9224971ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050305 + - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch + from vinschen at redhat.com + 20050302 - (djm) OpenBSD CVS sync: - jmc@cvs.openbsd.org 2005/03/01 14:47:58 @@ -2266,4 +2270,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3688 2005/03/03 05:49:56 tim Exp $ +$Id: ChangeLog,v 1.3689 2005/03/05 00:20:40 djm Exp $ diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 5a9b1ce0c..3dd45014a 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -195,28 +195,37 @@ configure are used for the Cygwin binary distribution: --prefix=/usr \ --sysconfdir=/etc \ - --libexecdir='$(sbindir)' \ + --libexecdir='${sbindir}' \ --localstatedir=/var \ - --datadir='$(prefix)/share' \ - --mandir='$(datadir)/man' \ + --datadir='${prefix}/share' \ + --mandir='${datadir}/man' \ + --infodir='${datadir}/info' --with-tcp-wrappers If you want to create a Cygwin package, equivalent to the one in the Cygwin binary distribution, install like this: mkdir /tmp/cygwin-ssh - cd $(builddir) + cd ${builddir} make install DESTDIR=/tmp/cygwin-ssh - cd $(srcdir)/contrib/cygwin + cd ${srcdir}/contrib/cygwin make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh cd /tmp/cygwin-ssh find * \! -type d | tar cvjfT my-openssh.tar.bz2 - - -You must have installed the zlib, the openssl-devel and the minires-devel -packages to be able to build OpenSSH! + +You must have installed the following packages to be able to build OpenSSH: + +- zlib +- openssl-devel +- minires-devel + +If you want to build with --with-tcp-wrappers, you also need the package + +- tcp_wrappers Please send requests, error reports etc. to cygwin@cygwin.com. + Have fun, Corinna Vinschen -- cgit v1.2.3 From b022b23584f72970c3028401e33577282371cfe7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Mar 2005 11:22:36 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/02 11:45:01 [ssh.1] missing word; --- ChangeLog | 6 +++++- ssh.1 | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9224971ce..2a1feae02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050305 - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch from vinschen at redhat.com + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/02 11:45:01 + [ssh.1] + missing word; 20050302 - (djm) OpenBSD CVS sync: @@ -2270,4 +2274,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3689 2005/03/05 00:20:40 djm Exp $ +$Id: ChangeLog,v 1.3690 2005/03/05 00:22:36 djm Exp $ diff --git a/ssh.1 b/ssh.1 index d7cc83c1b..fbaaed5a2 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.203 2005/03/02 02:21:07 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.204 2005/03/02 11:45:01 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -832,7 +832,7 @@ Users with the ability to bypass file permissions on the remote host can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. .Pp -For this reason, X11 forwarding is subjected X11 SECURITY extension +For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the .Nm -- cgit v1.2.3 From f8e7accd01d216439bd76e2bd13e87f4bfa6eca2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Mar 2005 11:22:50 +1100 Subject: - djm@cvs.openbsd.org 2005/03/04 08:48:06 [readconf.c] fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ --- ChangeLog | 5 ++++- readconf.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a1feae02..941843a73 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ - jmc@cvs.openbsd.org 2005/03/02 11:45:01 [ssh.1] missing word; + - djm@cvs.openbsd.org 2005/03/04 08:48:06 + [readconf.c] + fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ 20050302 - (djm) OpenBSD CVS sync: @@ -2274,4 +2277,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3690 2005/03/05 00:22:36 djm Exp $ +$Id: ChangeLog,v 1.3691 2005/03/05 00:22:50 djm Exp $ diff --git a/readconf.c b/readconf.c index e50a42222..7173a8c23 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.136 2005/03/01 10:40:26 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -775,6 +775,8 @@ parse_int: if (strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); + if (!*activep) + continue; if (options->num_send_env >= MAX_SEND_ENV) fatal("%s line %d: too many send env.", filename, linenum); -- cgit v1.2.3 From 3745e2bb6261b9ee9408b103b2c003f5320ceff2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Mar 2005 22:31:35 +1100 Subject: - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor when attempting to audit disconnect events. Reported by Phil Dibowitz. --- ChangeLog | 6 +++++- monitor.c | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 941843a73..bf2ca3620 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050306 + - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor + when attempting to audit disconnect events. Reported by Phil Dibowitz. + 20050305 - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch from vinschen at redhat.com @@ -2277,4 +2281,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3691 2005/03/05 00:22:50 djm Exp $ +$Id: ChangeLog,v 1.3692 2005/03/06 11:31:35 dtucker Exp $ diff --git a/monitor.c b/monitor.c index a94e2cd28..301e150b3 100644 --- a/monitor.c +++ b/monitor.c @@ -192,7 +192,7 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif #ifdef SSH_AUDIT_EVENTS - {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, @@ -252,7 +252,7 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif #ifdef SSH_AUDIT_EVENTS - {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif {0, 0, NULL} }; @@ -263,7 +263,7 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_TERM, 0, mm_answer_term}, #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, #endif {0, 0, NULL} }; @@ -629,7 +629,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif #ifdef SSH_AUDIT_EVENTS - monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); #endif return (0); -- cgit v1.2.3 From 2b59a6dad6ed7c127a2942fe941dac7092337ea4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 6 Mar 2005 22:38:51 +1100 Subject: - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit events earlier, prevents mm_request_send errors reported by Matt Goebel. --- ChangeLog | 4 +++- session.c | 4 ---- sshd.c | 4 ++++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index bf2ca3620..a96605e9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor when attempting to audit disconnect events. Reported by Phil Dibowitz. + - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit + events earlier, prevents mm_request_send errors reported by Matt Goebel. 20050305 - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch @@ -2281,4 +2283,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3692 2005/03/06 11:31:35 dtucker Exp $ +$Id: ChangeLog,v 1.3693 2005/03/06 11:38:51 dtucker Exp $ diff --git a/session.c b/session.c index df7552334..b32c9e2ca 100644 --- a/session.c +++ b/session.c @@ -2344,10 +2344,6 @@ do_cleanup(Authctxt *authctxt) } #endif -#ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); -#endif - /* remove agent socket */ auth_sock_cleanup_proc(authctxt->pw); diff --git a/sshd.c b/sshd.c index a5b7f1ca3..11d618d11 100644 --- a/sshd.c +++ b/sshd.c @@ -1728,6 +1728,10 @@ main(int ac, char **av) finish_pam(); #endif /* USE_PAM */ +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); +#endif + packet_close(); if (use_privsep) -- cgit v1.2.3 From 0d0966934eb612ac96a01fc79f570cdf4b76bb84 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 17:34:45 +1100 Subject: - (dtucker) [configure.ac] Disable gettext search when configuring with BSM audit support for the time being. ok djm@ --- ChangeLog | 6 +++++- configure.ac | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a96605e9d..389954232 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050307 + - (dtucker) [configure.ac] Disable gettext search when configuring with + BSM audit support for the time being. ok djm@ + 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor when attempting to audit disconnect events. Reported by Phil Dibowitz. @@ -2283,4 +2287,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3693 2005/03/06 11:38:51 dtucker Exp $ +$Id: ChangeLog,v 1.3694 2005/03/07 06:34:45 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 94d127299..b145e127a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.248 2005/02/25 23:07:38 dtucker Exp $ +# $Id: configure.ac,v 1.249 2005/03/07 06:34:46 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -897,7 +897,7 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit, [], [AC_MSG_ERROR(BSM enabled and required function not found)]) # These are optional - AC_CHECK_FUNCS(getaudit_addr gettext) + AC_CHECK_FUNCS(getaudit_addr) AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) ;; debug) -- cgit v1.2.3 From 1c56ef6ac3c7818e5c71dd1f62a9473f340be9f2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 17:36:18 +1100 Subject: - (dtucker) OpenBSD CVS Sync (regress/) - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 [Makefile] some globbing regress; prompted and ok djm@ --- ChangeLog | 6 +++++- regress/Makefile | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 389954232..d7682c033 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with BSM audit support for the time being. ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 + [Makefile] + some globbing regress; prompted and ok djm@ 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2287,4 +2291,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3694 2005/03/07 06:34:45 dtucker Exp $ +$Id: ChangeLog,v 1.3695 2005/03/07 06:36:18 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index 3e22d547f..0536ee7b9 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.33 2004/10/29 23:59:22 djm Exp $ +# $OpenBSD: Makefile,v 1.34 2004/12/10 01:31:30 fgsch Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -34,6 +34,7 @@ LTESTS= connect \ sftp-cmds \ sftp-badcmds \ sftp-batch \ + sftp-glob \ reconfigure \ dynamic-forward \ forwarding \ -- cgit v1.2.3 From 68f7213a2cb1fa846d8eab215f1cde35e2abc20b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 18:25:53 +1100 Subject: - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 [Makefile sftp-glob.sh] some globbing regress; prompted and ok djm@ --- ChangeLog | 4 ++-- regress/sftp-glob.sh | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 regress/sftp-glob.sh diff --git a/ChangeLog b/ChangeLog index d7682c033..1949e264d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,7 @@ BSM audit support for the time being. ok djm@ - (dtucker) OpenBSD CVS Sync (regress/) - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 - [Makefile] + [Makefile sftp-glob.sh] some globbing regress; prompted and ok djm@ 20050306 @@ -2291,4 +2291,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3695 2005/03/07 06:36:18 dtucker Exp $ +$Id: ChangeLog,v 1.3696 2005/03/07 07:25:53 dtucker Exp $ diff --git a/regress/sftp-glob.sh b/regress/sftp-glob.sh new file mode 100644 index 000000000..e238356a2 --- /dev/null +++ b/regress/sftp-glob.sh @@ -0,0 +1,28 @@ +# $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $ +# Placed in the Public Domain. + +tid="sftp glob" + +BASE=${OBJ}/glob +DIR=${BASE}/dir +DATA=${DIR}/file + +rm -rf ${BASE} +mkdir -p ${DIR} +touch ${DATA} + +verbose "$tid: ls file" +echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ + grep ${DATA} >/dev/null 2>&1 +if [ $? -ne 0 ]; then + fail "globbed ls file failed" +fi + +verbose "$tid: ls dir" +echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ + grep file >/dev/null 2>&1 +if [ $? -ne 0 ]; then + fail "globbed ls dir failed" +fi + +rm -rf ${BASE} -- cgit v1.2.3 From b712fccc18b218e98bd6ef69c85308cd00a6e543 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 18:27:28 +1100 Subject: - david@cvs.openbsd.org 2005/01/14 04:21:18 [Makefile test-exec.sh] pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ --- ChangeLog | 5 ++++- regress/Makefile | 4 ++-- regress/test-exec.sh | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1949e264d..4d4f04909 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 [Makefile sftp-glob.sh] some globbing regress; prompted and ok djm@ + - david@cvs.openbsd.org 2005/01/14 04:21:18 + [Makefile test-exec.sh] + pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2291,4 +2294,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3696 2005/03/07 07:25:53 dtucker Exp $ +$Id: ChangeLog,v 1.3697 2005/03/07 07:27:28 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index 0536ee7b9..eee1f3bf2 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.34 2004/12/10 01:31:30 fgsch Exp $ +# $OpenBSD: Makefile,v 1.35 2005/01/14 04:21:18 david Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -92,5 +92,5 @@ t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ - (sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 4f10c2ba1..346b68f16 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.25 2004/12/06 10:49:56 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.26 2005/01/14 04:21:18 david Exp $ # Placed in the Public Domain. #SUDO=sudo -- cgit v1.2.3 From a0f3ba71a01428fb468ee7a6bc2fed42436c83f8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 18:33:02 +1100 Subject: - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 [multiplex.sh test-exec.sh sshd-log-wrapper.sh] Add optional capability to log output from regress commands; ok markus@ Use with: make TEST_SSH_LOGFILE=/tmp/regress.log --- ChangeLog | 6 +++++- regress/multiplex.sh | 7 ++++--- regress/sshd-log-wrapper.sh | 13 +++++++++++++ regress/test-exec.sh | 18 ++++++++++++++---- 4 files changed, 36 insertions(+), 8 deletions(-) create mode 100644 regress/sshd-log-wrapper.sh diff --git a/ChangeLog b/ChangeLog index 4d4f04909..1771d0da1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ - david@cvs.openbsd.org 2005/01/14 04:21:18 [Makefile test-exec.sh] pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ + - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 + [multiplex.sh test-exec.sh sshd-log-wrapper.sh] + Add optional capability to log output from regress commands; ok markus@ + Use with: make TEST_SSH_LOGFILE=/tmp/regress.log 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2294,4 +2298,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3697 2005/03/07 07:27:28 dtucker Exp $ +$Id: ChangeLog,v 1.3698 2005/03/07 07:33:02 dtucker Exp $ diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 15e518c86..e8cc1ac53 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.9 2004/11/07 00:32:41 djm Exp $ +# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ # Placed in the Public Domain. CTL=$OBJ/ctl-sock @@ -13,6 +13,7 @@ fi DATA=/bin/ls${EXEEXT} COPY=$OBJ/ls.copy +LOG=$TEST_SSH_LOGFILE start_sshd @@ -48,13 +49,13 @@ cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" rm -f ${COPY} trace "sftp transfer over multiplexed connection and check result" echo "get ${DATA} ${COPY}" | \ - ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1 + ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >$LOG 2>&1 test -f ${COPY} || fail "sftp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" rm -f ${COPY} trace "scp transfer over multiplexed connection and check result" -${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1 +${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1 test -f ${COPY} || fail "scp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh new file mode 100644 index 000000000..c7a5ef3a6 --- /dev/null +++ b/regress/sshd-log-wrapper.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ +# Placed in the Public Domain. +# +# simple wrapper for sshd proxy mode to catch stderr output +# sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile + +sshd=$1 +log=$2 +shift +shift + +exec $sshd $@ -e 2>>$log diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 346b68f16..958c87109 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.26 2005/01/14 04:21:18 david Exp $ +# $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -47,6 +47,8 @@ else fi unset SSH_AUTH_SOCK +SRC=`dirname ${SCRIPT}` + # defaults SSH=ssh SSHD=sshd @@ -91,6 +93,10 @@ if [ ! -x /$SSHD ]; then SSHD=`which sshd` fi +if [ "x$TEST_SSH_LOGFILE" = "x" ]; then + TEST_SSH_LOGFILE=/dev/null +fi + # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP @@ -140,6 +146,7 @@ cleanup () trace () { + echo "trace: $@" >>$TEST_SSH_LOGFILE if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then echo "$@" fi @@ -147,6 +154,7 @@ trace () verbose () { + echo "verbose: $@" >>$TEST_SSH_LOGFILE if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then echo "$@" fi @@ -155,12 +163,14 @@ verbose () fail () { + echo "FAIL: $@" >>$TEST_SSH_LOGFILE RESULT=1 echo "$@" } fatal () { + echo "FATAL: $@" >>$TEST_SSH_LOGFILE echon "FATAL: " fail "$@" cleanup @@ -180,7 +190,7 @@ cat << EOF > $OBJ/sshd_config #ListenAddress ::1 PidFile $PIDFILE AuthorizedKeysFile $OBJ/authorized_keys_%u - LogLevel QUIET + LogLevel DEBUG AcceptEnv _XXX_TEST_* AcceptEnv _XXX_TEST Subsystem sftp $SFTPSERVER @@ -251,7 +261,7 @@ chmod 644 $OBJ/authorized_keys_$USER # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy + echo proxycommand sh ${SRC}/sshd-log-wrapper.sh ${SUDO} ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config @@ -261,7 +271,7 @@ start_sshd () { # start sshd $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" - $SUDO ${SSHD} -f $OBJ/sshd_config + $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 trace "wait for sshd" i=0; -- cgit v1.2.3 From 894823ec69fbf5249c2d181e74cf42e392c623c3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 18:34:04 +1100 Subject: - djm@cvs.openbsd.org 2005/02/27 23:13:36 [login-timeout.sh] avoid nameservice lookups in regress test; ok dtucker@ --- ChangeLog | 5 ++++- regress/login-timeout.sh | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1771d0da1..4b481a18b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ [multiplex.sh test-exec.sh sshd-log-wrapper.sh] Add optional capability to log output from regress commands; ok markus@ Use with: make TEST_SSH_LOGFILE=/tmp/regress.log + - djm@cvs.openbsd.org 2005/02/27 23:13:36 + [login-timeout.sh] + avoid nameservice lookups in regress test; ok dtucker@ 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2298,4 +2301,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3698 2005/03/07 07:33:02 dtucker Exp $ +$Id: ChangeLog,v 1.3699 2005/03/07 07:34:04 dtucker Exp $ diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index ce6edade5..15a887f74 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh @@ -1,4 +1,4 @@ -# $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $ +# $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $ # Placed in the Public Domain. tid="connect after login grace timeout" @@ -8,7 +8,7 @@ echo "LoginGraceTime 10s" >> $OBJ/sshd_config echo "MaxStartups 1" >> $OBJ/sshd_config start_sshd -(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & +(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & sleep 15 ${SSH} -F $OBJ/ssh_config somehost true if [ $? -ne 0 ]; then @@ -21,7 +21,7 @@ trace "test login grace without privsep" echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config start_sshd -(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & +(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & sleep 15 ${SSH} -F $OBJ/ssh_config somehost true if [ $? -ne 0 ]; then -- cgit v1.2.3 From 5d909f077336318267d4089f41c7deb5e4b6c64d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 18:35:34 +1100 Subject: - djm@cvs.openbsd.org 2005/03/04 08:48:46 [Makefile envpass.sh] regress test for SendEnv config parsing bug; ok dtucker@ --- ChangeLog | 5 ++++- regress/Makefile | 4 ++-- regress/envpass.sh | 21 +++++++++++++++------ 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4b481a18b..1c02ab321 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - djm@cvs.openbsd.org 2005/02/27 23:13:36 [login-timeout.sh] avoid nameservice lookups in regress test; ok dtucker@ + - djm@cvs.openbsd.org 2005/03/04 08:48:46 + [Makefile envpass.sh] + regress test for SendEnv config parsing bug; ok dtucker@ 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2301,4 +2304,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3699 2005/03/07 07:34:04 dtucker Exp $ +$Id: ChangeLog,v 1.3700 2005/03/07 07:35:34 dtucker Exp $ diff --git a/regress/Makefile b/regress/Makefile index eee1f3bf2..4f47bc3fd 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.35 2005/01/14 04:21:18 david Exp $ +# $OpenBSD: Makefile,v 1.36 2005/03/04 08:48:46 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -49,7 +49,7 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.scp \ + scp-ssh-wrapper.scp ssh_proxy_envpass \ remote_pid #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp diff --git a/regress/envpass.sh b/regress/envpass.sh index 5a7e178d8..af7eafe3d 100644 --- a/regress/envpass.sh +++ b/regress/envpass.sh @@ -1,13 +1,20 @@ -# $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $ +# $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ # Placed in the Public Domain. tid="environment passing" # NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) +# Prepare a custom config to test for a configuration parsing bug fixed in 4.0 +cat << EOF > $OBJ/ssh_proxy_envpass +Host test-sendenv-confparse-bug + SendEnv * +EOF +cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass + trace "pass env, don't accept" verbose "test $tid: pass env, don't accept" -_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \ +_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test -z "$_TEST_ENV" EOF @@ -18,7 +25,7 @@ fi trace "don't pass env, accept" verbose "test $tid: don't pass env, accept" -${SSH} -F $OBJ/ssh_proxy otherhost \ +_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B" EOF @@ -29,8 +36,8 @@ fi trace "pass single env, accept single env" verbose "test $tid: pass single env, accept single env" -_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \ - sh << 'EOF' +_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \ + otherhost sh << 'EOF' test X"$_XXX_TEST" = X"blah" EOF r=$? @@ -41,7 +48,7 @@ fi trace "pass multiple env, accept multiple env" verbose "test $tid: pass multiple env, accept multiple env" _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ - -F $OBJ/ssh_proxy otherhost \ + -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" EOF @@ -49,3 +56,5 @@ r=$? if [ $r -ne 0 ]; then fail "environment not found" fi + +rm -f $OBJ/ssh_proxy_envpass -- cgit v1.2.3 From 4b9ac3319e78621eb38a993c0627654c08d7c1ad Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 19:15:06 +1100 Subject: - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. --- ChangeLog | 3 ++- regress/test-exec.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1c02ab321..bf577514b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,7 @@ - djm@cvs.openbsd.org 2005/03/04 08:48:46 [Makefile envpass.sh] regress test for SendEnv config parsing bug; ok dtucker@ + - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2304,4 +2305,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3700 2005/03/07 07:35:34 dtucker Exp $ +$Id: ChangeLog,v 1.3701 2005/03/07 08:15:06 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 958c87109..347cccec1 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -261,7 +261,7 @@ chmod 644 $OBJ/authorized_keys_$USER # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand sh ${SRC}/sshd-log-wrapper.sh ${SUDO} ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy + echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config -- cgit v1.2.3 From c390c8dc6827effbb0b515f8d33cb9e5856d1a91 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 7 Mar 2005 01:21:37 -0800 Subject: - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is too old and too broken. --- ChangeLog | 3 ++- configure.ac | 27 ++------------------------- 2 files changed, 4 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index bf577514b..cfe5e81b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ [Makefile envpass.sh] regress test for SendEnv config parsing bug; ok dtucker@ - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. + - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2305,4 +2306,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3701 2005/03/07 08:15:06 dtucker Exp $ +$Id: ChangeLog,v 1.3702 2005/03/07 09:21:37 tim Exp $ diff --git a/configure.ac b/configure.ac index b145e127a..e48028b7b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.249 2005/03/07 06:34:46 dtucker Exp $ +# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -373,23 +373,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; # SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) - CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" - LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" - RANLIB=true - no_dev_ptmx=1 - AC_DEFINE(BROKEN_SYS_TERMIO_H) - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_SAVED_UIDS) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - do_sco3_extra_lib_check=yes - TEST_SHELL=ksh + AC_MSG_ERROR("This Platform is no longer supported.") ;; # SCO OpenServer 5.x *-*-sco3.2v5*) @@ -555,13 +539,6 @@ AC_CHECK_HEADERS(sys/ptms.h, [], [], [ AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -dnl SCO OS3 needs this for libwrap -if test "x$with_tcp_wrappers" != "xno" ; then - if test "x$do_sco3_extra_lib_check" = "xyes" ; then - AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc) - fi -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ -- cgit v1.2.3 From 50c7db92d6222a753b03a23bb041ed86febd2057 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Mar 2005 10:02:55 +1100 Subject: - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 so that regress tests behave. From Chris Adams. --- ChangeLog | 6 +++++- regress/test-exec.sh | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cfe5e81b3..5ae9d4622 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050309 + - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 + so that regress tests behave. From Chris Adams. + 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with BSM audit support for the time being. ok djm@ @@ -2306,4 +2310,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3702 2005/03/07 09:21:37 tim Exp $ +$Id: ChangeLog,v 1.3703 2005/03/08 23:02:55 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 347cccec1..4e53449be 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -7,6 +7,13 @@ _POSIX2_VERSION=199209 export _POSIX2_VERSION +case `uname -s 2>/dev/null` in +OSF1*) + BIN_SH=xpg4 + export BIN_SH + ;; +esac + if [ ! -z "$TEST_SSH_PORT" ]; then PORT="$TEST_SSH_PORT" else -- cgit v1.2.3 From b096ac4674b584a3c65cfd27d17242aec64db826 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 11:00:05 +1100 Subject: - jmc@cvs.openbsd.org 2005/03/07 23:41:54 [ssh.1 ssh_config.5] more macro simplification; --- ChangeLog | 6 +++++- ssh.1 | 6 +++--- ssh_config.5 | 14 +++++++------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5ae9d4622..24c3a23bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050309 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 so that regress tests behave. From Chris Adams. + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/07 23:41:54 + [ssh.1 ssh_config.5] + more macro simplification; 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with @@ -2310,4 +2314,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3703 2005/03/08 23:02:55 dtucker Exp $ +$Id: ChangeLog,v 1.3704 2005/03/09 00:00:05 djm Exp $ diff --git a/ssh.1 b/ssh.1 index fbaaed5a2..e6f4b4a54 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.204 2005/03/02 11:45:01 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.205 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -585,7 +585,7 @@ Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax: .Sm off .Xo -.Oo Ar bind_address No / Oc +.Op Ar bind_address No / .Ar port No / Ar host No / .Ar hostport .Xc @@ -761,7 +761,7 @@ IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax: .Sm off .Xo -.Oo Ar bind_address No / Oc +.Op Ar bind_address No / .Ar host No / Ar port No / .Ar hostport .Xc . diff --git a/ssh_config.5 b/ssh_config.5 index 32778edbb..06db04c27 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.46 2005/03/01 14:55:23 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -504,12 +504,12 @@ The first argument must be a port number, and the second must be .Xc . IPv6 addresses can be specified by enclosing addresses in square brackets or by using an alternative syntax: -.Xo .Sm off -.Oo Ar bind_address No / Oc +.Xo +.Op Ar bind_address No / .Ar host No / Ar port -.Sm on .Xc . +.Sm on Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. @@ -641,12 +641,12 @@ The first argument must be a port number, and the second must be .Xc . IPv6 addresses can be specified by enclosing any addresses in square brackets or by using the alternative syntax: -.Xo .Sm off -.Oo Ar bind_address No / Oc +.Xo +.Op Ar bind_address No / .Ar host No / Ar port -.Sm on .Xc . +.Sm on Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. -- cgit v1.2.3 From aca8626cf7981a74f62746667af911480946ee34 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 11:00:42 +1100 Subject: - djm@cvs.openbsd.org 2005/03/08 23:49:48 [version.h] OpenSSH 4.0 --- ChangeLog | 5 ++++- version.h | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 24c3a23bd..a380ba6f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ - jmc@cvs.openbsd.org 2005/03/07 23:41:54 [ssh.1 ssh_config.5] more macro simplification; + - djm@cvs.openbsd.org 2005/03/08 23:49:48 + [version.h] + OpenSSH 4.0 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with @@ -2314,4 +2317,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3704 2005/03/09 00:00:05 djm Exp $ +$Id: ChangeLog,v 1.3705 2005/03/09 00:00:42 djm Exp $ diff --git a/version.h b/version.h index d0c867b87..1a7f23bba 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ +/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */ -#define SSH_VERSION "OpenSSH_3.9" +#define SSH_VERSION "OpenSSH_4.0" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From 6f632bf2aa9d8cf00d7cec479afbb6be20018c2c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 11:02:41 +1100 Subject: - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update spec file versions --- ChangeLog | 4 +++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index a380ba6f8..0f689af95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ - djm@cvs.openbsd.org 2005/03/08 23:49:48 [version.h] OpenSSH 4.0 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update spec file versions 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with @@ -2317,4 +2319,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3705 2005/03/09 00:00:42 djm Exp $ +$Id: ChangeLog,v 1.3706 2005/03/09 00:02:41 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 53b16455e..67d8e6ff4 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.9p1 + %define version 4.0p1 %define cvs %{nil} %define release 1 %else @@ -363,4 +363,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.51 2004/08/17 12:49:12 djm Exp $ +$Id: openssh.spec,v 1.52 2005/03/09 00:02:42 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index f8a91f2c2..8fbc4c02a 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.9p1 +%define ver 4.0p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 3f4a0189b..449613db6 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.9p1 +Version: 4.0p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From aa1dba62b0513ebcd7f0d8977a46959901f5bfa4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 11:03:08 +1100 Subject: - (djm) Release OpenSSH 4.0p1 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0f689af95..138e3240b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ OpenSSH 4.0 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update spec file versions + - (djm) Release OpenSSH 4.0p1 20050307 - (dtucker) [configure.ac] Disable gettext search when configuring with @@ -2319,4 +2320,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3706 2005/03/09 00:02:41 djm Exp $ +$Id: ChangeLog,v 1.3707 2005/03/09 00:03:08 djm Exp $ -- cgit v1.2.3 From f66530a91fd99a291a18c4c829e93730344fe4b9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 14:12:09 +1100 Subject: 4.0 here too --- README | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README b/README index 8724d8b5a..0c5335ff5 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-3.8.1 for the release notes. +See http://www.openssh.com/txt/release-4.0 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -61,4 +61,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.56 2004/08/14 00:26:30 djm Exp $ +$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $ -- cgit v1.2.3 From 485bab886137bbf8b7ec8df82bd66dc6e5654371 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Mar 2005 15:52:09 +1100 Subject: - (djm) [log.c] Fix dumb syntax error; ok dtucker@ --- ChangeLog | 3 ++- log.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 138e3240b..046e32e8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ OpenSSH 4.0 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update spec file versions + - (djm) [log.c] Fix dumb syntax error; ok dtucker@ - (djm) Release OpenSSH 4.0p1 20050307 @@ -2320,4 +2321,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3707 2005/03/09 00:03:08 djm Exp $ +$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ diff --git a/log.c b/log.c index bb95c6c39..e55a54f16 100644 --- a/log.c +++ b/log.c @@ -193,10 +193,10 @@ debug3(const char *fmt,...) void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { - argv0 = av0; #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) struct syslog_data sdata = SYSLOG_DATA_INIT; #endif + argv0 = av0; switch (level) { case SYSLOG_LEVEL_QUIET: -- cgit v1.2.3