From 64ead485ac8fa10cb4db9c316e0c72c51a95e82e Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 8 Sep 2005 21:56:33 -0700 Subject: - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ --- ChangeLog | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9573f8672..fc22408cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20050908 + - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to + OpenServer 6 and add osr5bigcrypt support so when someone migrates + passwords between UnixWare and OpenServer they will still work. OK dtucker@ + 20050901 - (djm) Update RPM spec file versions @@ -2989,4 +2994,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $ +$Id: ChangeLog,v 1.3888 2005/09/09 04:56:33 tim Exp $ -- cgit v1.2.3 From fd9e9e3ba6b43b4458846a1b5bb89de6d76c33a4 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 12 Sep 2005 17:36:10 -0700 Subject: - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by Mike Frysinger. --- ChangeLog | 6 +++++- configure.ac | 14 +++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fc22408cf..16837870f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050912 + - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by + Mike Frysinger. + 20050908 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to OpenServer 6 and add osr5bigcrypt support so when someone migrates @@ -2994,4 +2998,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3888 2005/09/09 04:56:33 tim Exp $ +$Id: ChangeLog,v 1.3889 2005/09/13 00:36:10 tim Exp $ diff --git a/configure.ac b/configure.ac index 1e4df2e33..21d1719ca 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $ +# $Id: configure.ac,v 1.293 2005/09/13 00:36:10 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2757,14 +2757,14 @@ AC_ARG_WITH(kerberos5, if test ! -z "$blibpath" ; then blibpath="$blibpath:${KRB5ROOT}/lib" fi - fi - AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) - AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) - AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) + AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) + AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) + AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) - LIBS="$LIBS $K5LIBS" - AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + LIBS="$LIBS $K5LIBS" + AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + fi ] ) -- cgit v1.2.3 From 7df8d39a5fd3e2faeb7d2293e9cceed5023ce1d5 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 19 Sep 2005 09:33:39 -0700 Subject: - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. --- ChangeLog | 6 +- aclocal.m4 | 4 +- configure.ac | 446 ++++++++++++++++++++++++++++++++++++++--------------------- 3 files changed, 299 insertions(+), 157 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 16837870f..f5c6f7013 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050919 + - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to + AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. + 20050912 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by Mike Frysinger. @@ -2998,4 +3002,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3889 2005/09/13 00:36:10 tim Exp $ +$Id: ChangeLog,v 1.3890 2005/09/19 16:33:39 tim Exp $ diff --git a/aclocal.m4 b/aclocal.m4 index 2705a9b23..b68a47080 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -dnl $Id: aclocal.m4,v 1.5 2001/10/22 00:53:59 tim Exp $ +dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $ dnl dnl OpenSSH-specific autoconf macros dnl @@ -26,7 +26,7 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ if test -n "`echo $ossh_varname`"; then AC_MSG_RESULT($ossh_result) if test "x$ossh_result" = "xyes"; then - AC_DEFINE($3) + AC_DEFINE($3, 1, [Define if you have $1 in $2]) fi else AC_MSG_RESULT(no) diff --git a/configure.ac b/configure.ac index 21d1719ca..226730f3e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.293 2005/09/13 00:36:10 tim Exp $ +# $Id: configure.ac,v 1.294 2005/09/19 16:33:39 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -57,7 +57,9 @@ fi # Use LOGIN_PROGRAM from environment if possible if test ! -z "$LOGIN_PROGRAM" ; then - AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM") + AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM", + [If your header files don't define LOGIN_PROGRAM, + then use this (detected) from environment and PATH]) else # Search for login AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) @@ -68,7 +70,8 @@ fi AC_PATH_PROG(PATH_PASSWD_PROG, passwd) if test ! -z "$PATH_PASSWD_PROG" ; then - AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG") + AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG", + [Full path of your "passwd" program]) fi if test -z "$LD" ; then @@ -201,7 +204,8 @@ case "$host" in fi LDFLAGS="$saved_LDFLAGS" dnl Check for authenticate. Might be in libs.a on older AIXes - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], + AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1, + [Define if you want to enable AIX4's authenticate function])], [AC_CHECK_LIB(s,authenticate, [ AC_DEFINE(WITH_AIXAUTHENTICATE) LIBS="$LIBS -ls" @@ -217,7 +221,9 @@ case "$host" in [#include ], [(void)loginfailed("user","host","tty",0);], [AC_MSG_RESULT(yes) - AC_DEFINE(AIX_LOGINFAILED_4ARG)], + AC_DEFINE(AIX_LOGINFAILED_4ARG, 1, + [Define if your AIX loginfailed() function + takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT(no)] )], [], @@ -225,25 +231,36 @@ case "$host" in ) AC_CHECK_FUNCS(setauthdb) check_for_aix_broken_getaddrinfo=1 - AC_DEFINE(BROKEN_REALPATH) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.]) + AC_DEFINE(SETEUID_BREAKS_SETUID, 1, + [Define if your platform breaks doing a seteuid before a setuid]) + AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken]) + AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken]) dnl AIX handles lastlog as part of its login message - AC_DEFINE(DISABLE_LASTLOG) - AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) + AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog]) + AC_DEFINE(LOGIN_NEEDS_UTMPX, 1, + [Some systems need a utmpx entry for /bin/login to work]) + AC_DEFINE(SPT_TYPE,SPT_REUSEARGV, + [Define to a Set Process Title type if your system is + supported by bsd-setproctitle.c]) ;; *-*-cygwin*) check_for_libcrypt_later=1 LIBS="$LIBS /usr/lib/textmode.o" - AC_DEFINE(HAVE_CYGWIN) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(IP_TOS_IS_BROKEN) - AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) - AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) + AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) + AC_DEFINE(DISABLE_SHADOW, 1, + [Define if you want to disable shadow passwords]) + AC_DEFINE(IP_TOS_IS_BROKEN, 1, + [Define if your system choked on IP TOS setting]) + AC_DEFINE(NO_X11_UNIX_SOCKETS, 1, + [Define if X11 doesn't support AF_UNIX sockets on that system]) + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1, + [Define if the concept of ports only accessible to + superusers isn't known]) + AC_DEFINE(DISABLE_FD_PASSING, 1, + [Define if your platform needs to skip post auth + file descriptor passing]) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -260,21 +277,24 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) exit(1); }], [AC_MSG_RESULT(working)], [AC_MSG_RESULT(buggy) - AC_DEFINE(BROKEN_GETADDRINFO)], + AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])], [AC_MSG_RESULT(assume it is working)]) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1) + AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, + [Define if your resolver libs need this for getrrsetbyname]) ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) - AC_DEFINE(LOGIN_NO_ENDOPT) + AC_DEFINE(LOGIN_NO_ENDOPT, 1, + [Define if your login program cannot handle end of options ("--")]) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOCKED_PASSWD_STRING, "*") + AC_DEFINE(LOCKED_PASSWD_STRING, "*", + [String used in /etc/passwd to denote locked account]) AC_DEFINE(SPT_TYPE,SPT_PSTAT) LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, , @@ -288,8 +308,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) fi ;; *-*-hpux11*) - AC_DEFINE(PAM_SUN_CODEBASE) - AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(PAM_SUN_CODEBASE, 1, + [Define if you are using Solaris-derived PAM which + passes pam_messages to the conversation function + with an extra level of indirection]) + AC_DEFINE(DISABLE_UTMP, 1, + [Define if you don't want to use utmp]) AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) check_for_hpux_broken_getaddrinfo=1 check_for_conflicting_getspnam=1 @@ -299,7 +323,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) # lastly, we define options specific to minor releases case "$host" in *-*-hpux10.26) - AC_DEFINE(HAVE_SECUREWARE) + AC_DEFINE(HAVE_SECUREWARE, 1, + [Define if you have SecureWare-based + protected password database]) disable_ptmx_check=yes LIBS="$LIBS -lsecpw" ;; @@ -307,24 +333,33 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) ;; *-*-irix5*) PATH="$PATH:/usr/etc" - AC_DEFINE(BROKEN_INET_NTOA) + AC_DEFINE(BROKEN_INET_NTOA, 1, + [Define if you system's inet_ntoa is busted + (e.g. Irix gcc issue)]) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) + AC_DEFINE(WITH_ABBREV_NO_TTY, 1, + [Define if you shouldn't strip 'tty' from your + ttyname in [uw]tmp]) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; *-*-irix6*) PATH="$PATH:/usr/etc" - AC_DEFINE(WITH_IRIX_ARRAY) - AC_DEFINE(WITH_IRIX_PROJECT) - AC_DEFINE(WITH_IRIX_AUDIT) - AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) + AC_DEFINE(WITH_IRIX_ARRAY, 1, + [Define if you have/want arrays + (cluster-wide session managment, not C arrays)]) + AC_DEFINE(WITH_IRIX_PROJECT, 1, + [Define if you want IRIX project management]) + AC_DEFINE(WITH_IRIX_AUDIT, 1, + [Define if you want IRIX audit trails]) + AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1, + [Define if you want IRIX kernel jobs])]) AC_DEFINE(BROKEN_INET_NTOA) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(BROKEN_UPDWTMPX) + AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)]) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; @@ -332,22 +367,27 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) no_dev_ptmx=1 check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF) - AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") + AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) + AC_DEFINE(PAM_TTY_KLUDGE, 1, + [Work around problematic Linux PAM modules handling of PAM_TTY]) + AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", + [String used in /etc/passwd to denote locked account]) AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) - AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) + AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM, + [Define to whatever link() returns for "not supported" + if it doesn't return EOPNOTSUPP.]) AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) - AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) + AC_DEFINE(USE_BTMP) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) - AC_DEFINE(BROKEN_CMSG_TYPE) + AC_DEFINE(BROKEN_CMSG_TYPE, 1, + [Define if cmsg_type is not passed correctly]) ;; esac ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) + AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -369,10 +409,10 @@ mips-sony-bsd|mips-sony-newsos4) conf_utmp_location=/etc/utmp conf_wtmp_location=/usr/adm/wtmp MAIL=/usr/spool/mail - AC_DEFINE(HAVE_NEXT) + AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT]) AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(USE_PIPES) - AC_DEFINE(BROKEN_SAVED_UIDS) + AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT]) ;; *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) @@ -383,12 +423,18 @@ mips-sony-bsd|mips-sony-newsos4) fi AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOGIN_NEEDS_TERM) + AC_DEFINE(LOGIN_NEEDS_TERM, 1, + [Some versions of /bin/login need the TERM supplied + on the commandline]) AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID) + AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, + [Define if pam_chauthtok wants real uid set + to the unpriv'ed user]) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - AC_DEFINE(SSHD_ACQUIRES_CTTY) + AC_DEFINE(SSHD_ACQUIRES_CTTY, 1, + [Define if sshd somehow reacquires a controlling TTY + after setsid()]) external_path_file=/etc/default/login # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" @@ -397,7 +443,8 @@ mips-sony-bsd|mips-sony-newsos4) if test "$sol2ver" -ge 8; then AC_MSG_RESULT(yes) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(DISABLE_WTMP) + AC_DEFINE(DISABLE_WTMP, 1, + [Define if you don't want to use wtmp]) else AC_MSG_RESULT(no) fi @@ -452,11 +499,12 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) + AC_DEFINE(PASSWD_NEEDS_USERNAME) case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x TEST_SHELL=/u95/bin/sh - AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) + AC_DEFINE(BROKEN_LIBIAF, 1, + [ia_uinfo routines not supported by OS yet]) ;; esac ;; @@ -482,13 +530,14 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(BROKEN_UPDWTMPX) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) + AC_DEFINE(PASSWD_NEEDS_USERNAME) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man TEST_SHELL=ksh ;; *-*-unicosmk*) - AC_DEFINE(NO_SSH_LASTLOG) + AC_DEFINE(NO_SSH_LASTLOG, 1, + [Define if you don't want to use lastlog in session.c]) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) @@ -535,13 +584,18 @@ mips-sony-bsd|mips-sony-newsos4) if test -z "$no_osfsia" ; then if test -f /etc/sia/matrix.conf; then AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_OSF_SIA) - AC_DEFINE(DISABLE_LOGIN) + AC_DEFINE(HAVE_OSF_SIA, 1, + [Define if you have Digital Unix Security + Integration Architecture]) + AC_DEFINE(DISABLE_LOGIN, 1, + [Define if you don't want to use your + system's login() call]) AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" else AC_MSG_RESULT(no) - AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") + AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin", + [String used in /etc/passwd to denote locked account]) fi fi AC_DEFINE(BROKEN_GETADDRINFO) @@ -553,21 +607,21 @@ mips-sony-bsd|mips-sony-newsos4) *-*-nto-qnx) AC_DEFINE(USE_PIPES) AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(MISSING_NFDBITS) - AC_DEFINE(MISSING_HOWMANY) - AC_DEFINE(MISSING_FD_MASK) + AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) + AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) + AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) ;; *-*-ultrix*) - AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1]) - AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) + AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) + AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) + AC_DEFINE(NEED_SETPRGP) AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) ;; *-*-lynxos) CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - AC_DEFINE(MISSING_HOWMANY) + AC_DEFINE(MISSING_HOWMANY) AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) ;; esac @@ -747,7 +801,8 @@ int main(int argc, char **argv) { AC_CHECK_FUNC(getspnam, , AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) -AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) +AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1, + [Define if you have the basename function.])) dnl zlib is required AC_ARG_WITH(zlib, @@ -858,7 +913,8 @@ AC_CHECK_FUNC(utimes, dnl Checks for libutil functions AC_CHECK_HEADERS(libutil.h) -AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)]) +AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1, + [Define if your libraries define login()])]) AC_CHECK_FUNCS(logout updwtmp logwtmp) AC_FUNC_STRFTIME @@ -873,7 +929,9 @@ AC_EGREP_CPP(FOUNDIT, #endif ], [ - AC_DEFINE(GLOB_HAS_ALTDIRFUNC) + AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1, + [Define if your system glob() function has + the GLOB_ALTDIRFUNC extension]) AC_MSG_RESULT(yes) ], [ @@ -889,7 +947,9 @@ AC_EGREP_CPP(FOUNDIT, int main(void){glob_t g; g.gl_matchc = 1;} ], [ - AC_DEFINE(GLOB_HAS_GL_MATCHC) + AC_DEFINE(GLOB_HAS_GL_MATCHC, 1, + [Define if your system glob() function has + gl_matchc options in glob_t]) AC_MSG_RESULT(yes) ], [ @@ -907,7 +967,9 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, + [Define in your struct dirent expects you to + allocate extra space for d_name]) ], [ AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) @@ -917,7 +979,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} AC_MSG_CHECKING([for /proc/pid/fd directory]) if test -d "/proc/$$/fd" ; then - AC_DEFINE(HAVE_PROC_PID) + AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd]) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) @@ -935,7 +997,7 @@ AC_ARG_WITH(skey, LDFLAGS="$LDFLAGS -L${withval}/lib" fi - AC_DEFINE(SKEY) + AC_DEFINE(SKEY, 1, [Define if you want S/Key support]) LIBS="-lskey $LIBS" SKEY_MSG="yes" @@ -957,7 +1019,9 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } #include ], [(void)skeychallenge(NULL,"name","",0);], [AC_MSG_RESULT(yes) - AC_DEFINE(SKEYCHALLENGE_4ARG)], + AC_DEFINE(SKEYCHALLENGE_4ARG, 1, + [Define if your skeychallenge() + function takes 4 arguments (NetBSD)])], [AC_MSG_RESULT(no)] ) fi @@ -1008,7 +1072,9 @@ AC_ARG_WITH(tcp-wrappers, [hosts_access(0);], [ AC_MSG_RESULT(yes) - AC_DEFINE(LIBWRAP) + AC_DEFINE(LIBWRAP, 1, + [Define if you want + TCP Wrappers support]) AC_SUBST(LIBWRAP) TCPW_MSG="yes" ], @@ -1031,7 +1097,7 @@ AC_ARG_WITH(libedit, LDFLAGS="$LDFLAGS -L$withval/lib" fi AC_CHECK_LIB(edit, el_init, - [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) LIBEDIT="-ledit -lcurses" LIBEDIT_MSG="yes" AC_SUBST(LIBEDIT) @@ -1075,12 +1141,12 @@ AC_ARG_WITH(audit, [AC_MSG_ERROR(BSM enabled and required function not found)]) # These are optional AC_CHECK_FUNCS(getaudit_addr) - AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) ;; debug) AUDIT_MODULE=debug AC_MSG_RESULT(debug) - AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) ;; no) AC_MSG_RESULT(no) @@ -1190,7 +1256,8 @@ str = gai_strerror(0);],[ AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1, [Define if gai_strerror() returns const char *])])]) -AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1, + [Some systems put nanosleep outside of libc])) dnl Make sure prototypes are defined for these before using them. AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) @@ -1222,7 +1289,8 @@ AC_CHECK_FUNCS(setresuid, [ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ]])], [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESUID) + [AC_DEFINE(BROKEN_SETRESUID, 1, + [Define if your setresuid() is broken]) AC_MSG_RESULT(not implemented)], [AC_MSG_WARN([cross compiling: not checking setresuid])] ) @@ -1238,7 +1306,8 @@ AC_CHECK_FUNCS(setresgid, [ int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ]])], [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESGID) + [AC_DEFINE(BROKEN_SETRESGID, 1, + [Define if your setresgid() is broken]) AC_MSG_RESULT(not implemented)], [AC_MSG_WARN([cross compiling: not checking setresuid])] ) @@ -1254,13 +1323,16 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) AC_CHECK_FUNC(daemon, - [AC_DEFINE(HAVE_DAEMON)], - [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] + [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])], + [AC_CHECK_LIB(bsd, daemon, + [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] ) AC_CHECK_FUNC(getpagesize, - [AC_DEFINE(HAVE_GETPAGESIZE)], - [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] + [AC_DEFINE(HAVE_GETPAGESIZE, 1, + [Define if your libraries define getpagesize()])], + [AC_CHECK_LIB(ucb, getpagesize, + [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] ) # Check for broken snprintf @@ -1274,7 +1346,8 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF) + AC_DEFINE(BROKEN_SNPRINTF, 1, + [Define if your snprintf is busted]) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) ], [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] @@ -1290,7 +1363,7 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then #include ], [int i = SO_PEERCRED;], [ AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option]) + AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option]) ], [AC_MSG_RESULT(no) NO_PEERCHECK=1] @@ -1314,7 +1387,7 @@ unlink(template); exit(0); ], [ AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_STRICT_MKSTEMP) + AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()]) ], [ AC_MSG_RESULT(yes) @@ -1488,8 +1561,9 @@ main(void) ], [ AC_MSG_RESULT(yes) - AC_DEFINE(AIX_GETNAMEINFO_HACK, [], -[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + AC_DEFINE(AIX_GETNAMEINFO_HACK, 1, + [Define if you have a getaddrinfo that fails + for the all-zeros IPv6 address]) ], [ AC_MSG_RESULT(no) @@ -1536,7 +1610,8 @@ AC_ARG_WITH(pam, PAM_MSG="yes" - AC_DEFINE(USE_PAM) + AC_DEFINE(USE_PAM, 1, + [Define if you want to enable PAM support]) if test $ac_cv_lib_dl_dlopen = yes; then LIBPAM="-lpam -ldl" else @@ -1563,7 +1638,9 @@ if test "x$PAM_MSG" = "xyes" ; then [(void)pam_strerror((pam_handle_t *)NULL, -1);], [AC_MSG_RESULT(no)], [ - AC_DEFINE(HAVE_OLD_PAM) + AC_DEFINE(HAVE_OLD_PAM, 1, + [Define if you have an old version of PAM + which takes only one argument to pam_strerror]) AC_MSG_RESULT(yes) PAM_MSG="yes (old library)" ] @@ -1603,7 +1680,9 @@ AC_ARG_WITH(ssl-dir, ] ) LIBS="-lcrypto $LIBS" -AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), +AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1, + [Define if your ssl headers are included + with #include ]), [ dnl Check default openssl install dir if test -n "${need_dash_r}"; then @@ -1777,7 +1856,8 @@ AC_ARG_WITH(rand-helper, # Which randomness source do we use? if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then # OpenSSL only - AC_DEFINE(OPENSSL_PRNG_ONLY) + AC_DEFINE(OPENSSL_PRNG_ONLY, 1, + [Define if you want OpenSSL's internally seeded PRNG only]) RAND_MSG="OpenSSL internal ONLY" INSTALL_SSH_RAND_HELPER="" elif test ! -z "$USE_RAND_HELPER" ; then @@ -1805,7 +1885,8 @@ AC_ARG_WITH(prngd-port, esac if test ! -z "$withval" ; then PRNGD_PORT="$withval" - AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT) + AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, + [Port number of PRNGD/EGD random number socket]) fi ] ) @@ -1836,7 +1917,8 @@ AC_ARG_WITH(prngd-socket, AC_MSG_WARN(Entropy socket is not readable) fi PRNGD_SOCKET="$withval" - AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", + [Location of PRNGD/EGD random number socket]) fi ], [ @@ -1871,7 +1953,8 @@ AC_ARG_WITH(entropy-timeout, fi ] ) -AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) +AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout, + [Builtin PRNG command timeout]) SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, @@ -1883,7 +1966,8 @@ AC_ARG_WITH(privsep-user, fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER", + [non-privileged user for privilege separation]) AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure @@ -1963,7 +2047,7 @@ AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ ) ]) if test "x$ac_cv_have_u_int" = "xyes" ; then - AC_DEFINE(HAVE_U_INT) + AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type]) have_u_int=1 fi @@ -1976,7 +2060,7 @@ AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ ) ]) if test "x$ac_cv_have_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_INTXX_T) + AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type]) have_intxx_t=1 fi @@ -2013,7 +2097,7 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ ) ]) if test "x$ac_cv_have_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_INT64_T) + AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type]) fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ @@ -2025,7 +2109,7 @@ AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ ) ]) if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INTXX_T) + AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type]) have_u_intxx_t=1 fi @@ -2051,7 +2135,7 @@ AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ ) ]) if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INT64_T) + AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type]) have_u_int64_t=1 fi @@ -2080,7 +2164,8 @@ if test -z "$have_u_intxx_t" ; then ) ]) if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - AC_DEFINE(HAVE_UINTXX_T) + AC_DEFINE(HAVE_UINTXX_T, 1, + [define if you have uintxx_t data type]) fi fi @@ -2131,7 +2216,7 @@ AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ ) ]) if test "x$ac_cv_have_u_char" = "xyes" ; then - AC_DEFINE(HAVE_U_CHAR) + AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type]) fi TYPE_SOCKLEN_T @@ -2153,7 +2238,7 @@ AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ ) ]) if test "x$ac_cv_have_size_t" = "xyes" ; then - AC_DEFINE(HAVE_SIZE_T) + AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type]) fi AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ @@ -2167,7 +2252,7 @@ AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ ) ]) if test "x$ac_cv_have_ssize_t" = "xyes" ; then - AC_DEFINE(HAVE_SSIZE_T) + AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type]) fi AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ @@ -2181,7 +2266,7 @@ AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ ) ]) if test "x$ac_cv_have_clock_t" = "xyes" ; then - AC_DEFINE(HAVE_CLOCK_T) + AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type]) fi AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ @@ -2206,7 +2291,8 @@ AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ ) ]) if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - AC_DEFINE(HAVE_SA_FAMILY_T) + AC_DEFINE(HAVE_SA_FAMILY_T, 1, + [define if you have sa_family_t data type]) fi AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ @@ -2220,7 +2306,7 @@ AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ ) ]) if test "x$ac_cv_have_pid_t" = "xyes" ; then - AC_DEFINE(HAVE_PID_T) + AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type]) fi AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ @@ -2234,7 +2320,7 @@ AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ ) ]) if test "x$ac_cv_have_mode_t" = "xyes" ; then - AC_DEFINE(HAVE_MODE_T) + AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type]) fi @@ -2250,7 +2336,8 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage ) ]) if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE) + AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, + [define if you have struct sockaddr_storage data type]) fi AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ @@ -2265,7 +2352,8 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ ) ]) if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6) + AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, + [define if you have struct sockaddr_in6 data type]) fi AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ @@ -2280,7 +2368,8 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ ) ]) if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_IN6_ADDR) + AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, + [define if you have struct in6_addr data type]) fi AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ @@ -2296,7 +2385,8 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ ) ]) if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO) + AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, + [define if you have struct addrinfo data type]) fi AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ @@ -2308,7 +2398,7 @@ AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ ) ]) if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_TIMEVAL) + AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval]) have_struct_timeval=1 fi @@ -2387,7 +2477,7 @@ AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], ) ]) if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE_SS_FAMILY_IN_SS) + AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage]) fi AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], @@ -2403,7 +2493,8 @@ AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], ) ]) if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE___SS_FAMILY_IN_SS) + AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1, + [Fields in struct sockaddr_storage]) fi AC_CACHE_CHECK([for pw_class field in struct passwd], @@ -2418,7 +2509,8 @@ AC_CACHE_CHECK([for pw_class field in struct passwd], ) ]) if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD) + AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1, + [Define if your password has a pw_class field]) fi AC_CACHE_CHECK([for pw_expire field in struct passwd], @@ -2433,7 +2525,8 @@ AC_CACHE_CHECK([for pw_expire field in struct passwd], ) ]) if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD) + AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1, + [Define if your password has a pw_expire field]) fi AC_CACHE_CHECK([for pw_change field in struct passwd], @@ -2448,7 +2541,8 @@ AC_CACHE_CHECK([for pw_change field in struct passwd], ) ]) if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD) + AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1, + [Define if your password has a pw_change field]) fi dnl make sure we're using the real structure members and not defines @@ -2474,7 +2568,9 @@ exit(0); ) ]) if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR) + AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1, + [Define if your system uses access rights style + file descriptor passing]) fi AC_CACHE_CHECK([for msg_control field in struct msghdr], @@ -2499,7 +2595,9 @@ exit(0); ) ]) if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_CONTROL_IN_MSGHDR) + AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1, + [Define if your system uses ancillary data style + file descriptor passing]) fi AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ @@ -2510,7 +2608,7 @@ AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ ) ]) if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - AC_DEFINE(HAVE___PROGNAME) + AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname]) fi AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ @@ -2523,7 +2621,8 @@ AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNC ) ]) if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - AC_DEFINE(HAVE___FUNCTION__) + AC_DEFINE(HAVE___FUNCTION__, 1, + [Define if compiler implements __FUNCTION__]) fi AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ @@ -2536,7 +2635,7 @@ AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, ) ]) if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - AC_DEFINE(HAVE___func__) + AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__]) fi AC_CACHE_CHECK([whether getopt has optreset support], @@ -2551,7 +2650,8 @@ AC_CACHE_CHECK([whether getopt has optreset support], ) ]) if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - AC_DEFINE(HAVE_GETOPT_OPTRESET) + AC_DEFINE(HAVE_GETOPT_OPTRESET, 1, + [Define if your getopt(3) defines and uses optreset]) fi AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ @@ -2562,7 +2662,8 @@ AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ ) ]) if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - AC_DEFINE(HAVE_SYS_ERRLIST) + AC_DEFINE(HAVE_SYS_ERRLIST, 1, + [Define if your system defines sys_errlist[]]) fi @@ -2574,7 +2675,7 @@ AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ ) ]) if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - AC_DEFINE(HAVE_SYS_NERR) + AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) fi SCARD_MSG="no" @@ -2601,8 +2702,11 @@ AC_ARG_WITH(sectok, if test "$ac_cv_lib_sectok_sectok_open" != yes; then AC_MSG_ERROR(Can't find libsectok) fi - AC_DEFINE(SMARTCARD) - AC_DEFINE(USE_SECTOK) + AC_DEFINE(SMARTCARD, 1, + [Define if you want smartcard support]) + AC_DEFINE(USE_SECTOK, 1, + [Define if you want smartcard support + using sectok]) SCARD_MSG="yes, using sectok" fi ] @@ -2625,7 +2729,9 @@ AC_ARG_WITH(opensc, CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" AC_DEFINE(SMARTCARD) - AC_DEFINE(USE_OPENSC) + AC_DEFINE(USE_OPENSC, 1, + [Define if you want smartcard support + using OpenSC]) SCARD_MSG="yes, using OpenSC" fi fi @@ -2634,7 +2740,8 @@ AC_ARG_WITH(opensc, # Check libraries needed by DNS fingerprint support AC_SEARCH_LIBS(getrrsetbyname, resolv, - [AC_DEFINE(HAVE_GETRRSETBYNAME)], + [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, + [Define if getrrsetbyname() exists])], [ # Needed by our getrrsetbyname() AC_SEARCH_LIBS(res_query, resolv) @@ -2663,7 +2770,8 @@ int main() [#include #include ]) AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD)],, + [AC_DEFINE(HAVE_HEADER_AD, 1, + [Define if HEADER.ad exists in arpa/nameser.h])],, [#include ]) ]) @@ -2678,7 +2786,7 @@ AC_ARG_WITH(kerberos5, KRB5ROOT=${withval} fi - AC_DEFINE(KRB5) + AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support]) KRB5_MSG="yes" AC_MSG_CHECKING(for krb5-config) @@ -2689,7 +2797,9 @@ AC_ARG_WITH(kerberos5, AC_MSG_CHECKING(for gssapi support) if $KRB5CONF | grep gssapi >/dev/null ; then AC_MSG_RESULT(yes) - AC_DEFINE(GSSAPI) + AC_DEFINE(GSSAPI, 1, + [Define this if you want GSSAPI + support in the version 2 protocol]) k5confopts=gssapi else AC_MSG_RESULT(no) @@ -2702,7 +2812,9 @@ AC_ARG_WITH(kerberos5, AC_TRY_COMPILE([ #include ], [ char *tmp = heimdal_version; ], [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) ], + AC_DEFINE(HEIMDAL, 1, + [Define this if you are using the + Heimdal version of Kerberos V5]) ], AC_MSG_RESULT(no) ) else @@ -2763,7 +2875,8 @@ AC_ARG_WITH(kerberos5, AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) LIBS="$LIBS $K5LIBS" - AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1, + [Define this if you want to use libkafs' AFS support])) fi ] ) @@ -2818,7 +2931,8 @@ if test -z "$xauth_path" ; then XAUTH_PATH="undefined" AC_SUBST(XAUTH_PATH) else - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") + AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path", + [Define if xauth is found in your path]) XAUTH_PATH=$xauth_path AC_SUBST(XAUTH_PATH) fi @@ -2826,7 +2940,8 @@ fi # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then maildir=`dirname $MAIL` - AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") + AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir", + [Set this to your mail directory if you don't have maillock.h]) fi if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then @@ -2837,7 +2952,8 @@ if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then AC_CHECK_FILE("/dev/ptmx", [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) + AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1, + [Define if you have /dev/ptmx]) have_dev_ptmx=1 ] ) @@ -2847,7 +2963,8 @@ fi if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then AC_CHECK_FILE("/dev/ptc", [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1, + [Define if you have /dev/ptc]) have_dev_ptc=1 ] ) @@ -2894,7 +3011,8 @@ AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ if test "x$withval" != "xno" ; then - AC_DEFINE(HAVE_MD5_PASSWORDS) + AC_DEFINE(HAVE_MD5_PASSWORDS, 1, + [Define if you want to allow MD5 passwords]) MD5_MSG="yes" fi ] @@ -2924,7 +3042,8 @@ if test -z "$disable_shadow" ; then if test "x$sp_expire_available" = "xyes" ; then AC_MSG_RESULT(yes) - AC_DEFINE(HAS_SHADOW_EXPIRE) + AC_DEFINE(HAS_SHADOW_EXPIRE, 1, + [Define if you want to use shadow password expire field]) else AC_MSG_RESULT(no) fi @@ -2933,7 +3052,9 @@ fi # Use ip address instead of hostname in $DISPLAY if test ! -z "$IPADDR_IN_DISPLAY" ; then DISPLAY_HACK_MSG="yes" - AC_DEFINE(IPADDR_IN_DISPLAY) + AC_DEFINE(IPADDR_IN_DISPLAY, 1, + [Define if you need to use IP address + instead of hostname in $DISPLAY]) else DISPLAY_HACK_MSG="no" AC_ARG_WITH(ipaddr-display, @@ -2966,7 +3087,8 @@ if test "x$etc_default_login" != "xno"; then then AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) elif test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1, + [Define if your system has /etc/default/login]) fi fi @@ -3059,7 +3181,7 @@ main() fi ] ) if test "x$external_path_file" != "x/etc/login.conf" ; then - AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") + AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH]) AC_SUBST(user_path) fi @@ -3069,7 +3191,9 @@ AC_ARG_WITH(superuser-path, [ if test -n "$withval" && test "x$withval" != "xno" && \ test "x${withval}" != "xyes"; then - AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") + AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval", + [Define if you want a different $PATH + for the superuser]) superuser_path=$withval fi ] @@ -3083,7 +3207,9 @@ AC_ARG_WITH(4in6, [ if test "x$withval" != "xno" ; then AC_MSG_RESULT(yes) - AC_DEFINE(IPV4_IN_IPV6) + AC_DEFINE(IPV4_IN_IPV6, 1, + [Detect IPv4 in IPv6 mapped addresses + and treat as IPv4]) IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT(no) @@ -3105,7 +3231,8 @@ AC_ARG_WITH(bsd-auth, [ --with-bsd-auth Enable BSD auth support], [ if test "x$withval" != "xno" ; then - AC_DEFINE(BSD_AUTH) + AC_DEFINE(BSD_AUTH, 1, + [Define if you have BSD auth support]) BSD_AUTH_MSG=yes fi ] @@ -3134,7 +3261,7 @@ AC_ARG_WITH(pid-dir, ] ) -AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir") +AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid]) AC_SUBST(piddir) dnl allow user to disable some login recording features @@ -3158,7 +3285,8 @@ AC_ARG_ENABLE(utmpx, [ --disable-utmpx disable use of utmpx even if detected [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_UTMPX) + AC_DEFINE(DISABLE_UTMPX, 1, + [Define if you don't want to use utmpx]) fi ] ) @@ -3174,7 +3302,8 @@ AC_ARG_ENABLE(wtmpx, [ --disable-wtmpx disable use of wtmpx even if detected [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_WTMPX) + AC_DEFINE(DISABLE_WTMPX, 1, + [Define if you don't want to use wtmpx]) fi ] ) @@ -3190,7 +3319,9 @@ AC_ARG_ENABLE(pututline, [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTLINE) + AC_DEFINE(DISABLE_PUTUTLINE, 1, + [Define if you don't want to use pututline() + etc. to write [uw]tmp]) fi ] ) @@ -3198,7 +3329,9 @@ AC_ARG_ENABLE(pututxline, [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTXLINE) + AC_DEFINE(DISABLE_PUTUTXLINE, 1, + [Define if you don't want to use pututxline() + etc. to write [uw]tmpx]) fi ] ) @@ -3273,7 +3406,8 @@ if test -z "$conf_lastlog_location"; then fi if test -n "$conf_lastlog_location"; then - AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") + AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", + [Define if you want to specify the path to your lastlog file]) fi dnl utmp detection @@ -3303,7 +3437,8 @@ if test -z "$conf_utmp_location"; then fi fi if test -n "$conf_utmp_location"; then - AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") + AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", + [Define if you want to specify the path to your utmp file]) fi dnl wtmp detection @@ -3333,7 +3468,8 @@ if test -z "$conf_wtmp_location"; then fi fi if test -n "$conf_wtmp_location"; then - AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") + AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", + [Define if you want to specify the path to your wtmp file]) fi @@ -3361,7 +3497,8 @@ if test -z "$conf_utmpx_location"; then AC_DEFINE(DISABLE_UTMPX) fi else - AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") + AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", + [Define if you want to specify the path to your utmpx file]) fi dnl wtmpx detection @@ -3386,7 +3523,8 @@ if test -z "$conf_wtmpx_location"; then AC_DEFINE(DISABLE_WTMPX) fi else - AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") + AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", + [Define if you want to specify the path to your wtmpx file]) fi -- cgit v1.2.3 From 542f62b9d29f4e6f596261f00d2b953cfcb826a5 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 19 Sep 2005 09:36:55 -0700 Subject: remove acconfig.h --- ChangeLog | 3 +- acconfig.h | 458 ------------------------------------------------------------- 2 files changed, 2 insertions(+), 459 deletions(-) delete mode 100644 acconfig.h (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f5c6f7013..2313c39e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20050919 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. + ok dtucker@ 20050912 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by @@ -3002,4 +3003,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3890 2005/09/19 16:33:39 tim Exp $ +$Id: ChangeLog,v 1.3891 2005/09/19 16:36:55 tim Exp $ diff --git a/acconfig.h b/acconfig.h deleted file mode 100644 index 79b5e8191..000000000 --- a/acconfig.h +++ /dev/null @@ -1,458 +0,0 @@ -/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */ - -/* - * Copyright (c) 1999-2003 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _CONFIG_H -#define _CONFIG_H - -/* Generated automatically from acconfig.h by autoheader. */ -/* Please make your changes there */ - -@TOP@ - -/* Define if your platform breaks doing a seteuid before a setuid */ -#undef SETEUID_BREAKS_SETUID - -/* Define if your setreuid() is broken */ -#undef BROKEN_SETREUID - -/* Define if your setregid() is broken */ -#undef BROKEN_SETREGID - -/* Define if your setresuid() is broken */ -#undef BROKEN_SETRESUID - -/* Define if your setresgid() is broken */ -#undef BROKEN_SETRESGID - -/* Define to a Set Process Title type if your system is */ -/* supported by bsd-setproctitle.c */ -#undef SPT_TYPE -#undef SPT_PADCHAR - -/* SCO workaround */ -#undef BROKEN_SYS_TERMIO_H - -/* Define if you have SecureWare-based protected password database */ -#undef HAVE_SECUREWARE - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */ -/* from environment and PATH */ -#undef LOGIN_PROGRAM_FALLBACK - -/* Full path of your "passwd" program */ -#undef _PATH_PASSWD_PROG - -/* Define if your password has a pw_class field */ -#undef HAVE_PW_CLASS_IN_PASSWD - -/* Define if your password has a pw_expire field */ -#undef HAVE_PW_EXPIRE_IN_PASSWD - -/* Define if your password has a pw_change field */ -#undef HAVE_PW_CHANGE_IN_PASSWD - -/* Define if your system uses access rights style file descriptor passing */ -#undef HAVE_ACCRIGHTS_IN_MSGHDR - -/* Define if your system uses ancillary data style file descriptor passing */ -#undef HAVE_CONTROL_IN_MSGHDR - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -#undef BROKEN_INET_NTOA - -/* Define if your system defines sys_errlist[] */ -#undef HAVE_SYS_ERRLIST - -/* Define if your system defines sys_nerr */ -#undef HAVE_SYS_NERR - -/* Define if your system choked on IP TOS setting */ -#undef IP_TOS_IS_BROKEN - -/* Define if you have the getuserattr function. */ -#undef HAVE_GETUSERATTR - -/* Define if you have the basename function. */ -#undef HAVE_BASENAME - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -#undef PAM_TTY_KLUDGE - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -#undef SSHPAM_CHAUTHTOK_NEEDS_RUID - -/* Use PIPES instead of a socketpair() */ -#undef USE_PIPES - -/* Define if your snprintf is busted */ -#undef BROKEN_SNPRINTF - -/* Define if you are on Cygwin */ -#undef HAVE_CYGWIN - -/* Define if you have a broken realpath. */ -#undef BROKEN_REALPATH - -/* Define if you are on NeXT */ -#undef HAVE_NEXT - -/* Define if you want to enable PAM support */ -#undef USE_PAM - -/* Define if you want to enable AIX4's authenticate function */ -#undef WITH_AIXAUTHENTICATE - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ -#undef AIX_LOGINFAILED_4ARG - -/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */ -#undef SKEYCHALLENGE_4ARG - -/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */ -#undef WITH_IRIX_ARRAY - -/* Define if you want IRIX project management */ -#undef WITH_IRIX_PROJECT - -/* Define if you want IRIX audit trails */ -#undef WITH_IRIX_AUDIT - -/* Define if you want IRIX kernel jobs */ -#undef WITH_IRIX_JOBS - -/* Location of PRNGD/EGD random number socket */ -#undef PRNGD_SOCKET - -/* Port number of PRNGD/EGD random number socket */ -#undef PRNGD_PORT - -/* Builtin PRNG command timeout */ -#undef ENTROPY_TIMEOUT_MSEC - -/* non-privileged user for privilege separation */ -#undef SSH_PRIVSEP_USER - -/* Define if you want to install preformatted manpages.*/ -#undef MANTYPE - -/* Define if your ssl headers are included with #include */ -#undef HAVE_OPENSSL - -/* Define if you are linking against RSAref. Used only to print the right - * message at run-time. */ -#undef RSAREF - -/* struct timeval */ -#undef HAVE_STRUCT_TIMEVAL - -/* struct utmp and struct utmpx fields */ -#undef HAVE_HOST_IN_UTMP -#undef HAVE_HOST_IN_UTMPX -#undef HAVE_ADDR_IN_UTMP -#undef HAVE_ADDR_IN_UTMPX -#undef HAVE_ADDR_V6_IN_UTMP -#undef HAVE_ADDR_V6_IN_UTMPX -#undef HAVE_SYSLEN_IN_UTMPX -#undef HAVE_PID_IN_UTMP -#undef HAVE_TYPE_IN_UTMP -#undef HAVE_TYPE_IN_UTMPX -#undef HAVE_TV_IN_UTMP -#undef HAVE_TV_IN_UTMPX -#undef HAVE_ID_IN_UTMP -#undef HAVE_ID_IN_UTMPX -#undef HAVE_EXIT_IN_UTMP -#undef HAVE_TIME_IN_UTMP -#undef HAVE_TIME_IN_UTMPX - -/* Define if you don't want to use your system's login() call */ -#undef DISABLE_LOGIN - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -#undef DISABLE_PUTUTLINE - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -#undef DISABLE_PUTUTXLINE - -/* Define if you don't want to use lastlog */ -#undef DISABLE_LASTLOG - -/* Define if you don't want to use lastlog in session.c */ -#undef NO_SSH_LASTLOG - -/* Define if you don't want to use utmp */ -#undef DISABLE_UTMP - -/* Define if you don't want to use utmpx */ -#undef DISABLE_UTMPX - -/* Define if you don't want to use wtmp */ -#undef DISABLE_WTMP - -/* Define if you don't want to use wtmpx */ -#undef DISABLE_WTMPX - -/* Some systems need a utmpx entry for /bin/login to work */ -#undef LOGIN_NEEDS_UTMPX - -/* Some versions of /bin/login need the TERM supplied on the commandline */ -#undef LOGIN_NEEDS_TERM - -/* Define if your login program cannot handle end of options ("--") */ -#undef LOGIN_NO_ENDOPT - -/* Define if you want to specify the path to your lastlog file */ -#undef CONF_LASTLOG_FILE - -/* Define if you want to specify the path to your utmp file */ -#undef CONF_UTMP_FILE - -/* Define if you want to specify the path to your wtmp file */ -#undef CONF_WTMP_FILE - -/* Define if you want to specify the path to your utmpx file */ -#undef CONF_UTMPX_FILE - -/* Define if you want to specify the path to your wtmpx file */ -#undef CONF_WTMPX_FILE - -/* Define if you want external askpass support */ -#undef USE_EXTERNAL_ASKPASS - -/* Define if libc defines __progname */ -#undef HAVE___PROGNAME - -/* Define if compiler implements __FUNCTION__ */ -#undef HAVE___FUNCTION__ - -/* Define if compiler implements __func__ */ -#undef HAVE___func__ - -/* Define this is you want GSSAPI support in the version 2 protocol */ -#undef GSSAPI - -/* Define if you want Kerberos 5 support */ -#undef KRB5 - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -#undef HEIMDAL - -/* Define this if you want to use libkafs' AFS support */ -#undef USE_AFS - -/* Define if you want S/Key support */ -#undef SKEY - -/* Define if you want TCP Wrappers support */ -#undef LIBWRAP - -/* Define if your libraries define login() */ -#undef HAVE_LOGIN - -/* Define if your libraries define daemon() */ -#undef HAVE_DAEMON - -/* Define if your libraries define getpagesize() */ -#undef HAVE_GETPAGESIZE - -/* Define if xauth is found in your path */ -#undef XAUTH_PATH - -/* Define if you want to allow MD5 passwords */ -#undef HAVE_MD5_PASSWORDS - -/* Define if you want to disable shadow passwords */ -#undef DISABLE_SHADOW - -/* Define if you want to use shadow password expire field */ -#undef HAS_SHADOW_EXPIRE - -/* Define if you have Digital Unix Security Integration Architecture */ -#undef HAVE_OSF_SIA - -/* Define if you have getpwanam(3) [SunOS 4.x] */ -#undef HAVE_GETPWANAM - -/* Define if you have an old version of PAM which takes only one argument */ -/* to pam_strerror */ -#undef HAVE_OLD_PAM - -/* Define if you are using Solaris-derived PAM which passes pam_messages */ -/* to the conversation function with an extra level of indirection */ -#undef PAM_SUN_CODEBASE - -/* Set this to your mail directory if you don't have maillock.h */ -#undef MAIL_DIRECTORY - -/* Data types */ -#undef HAVE_U_INT -#undef HAVE_INTXX_T -#undef HAVE_U_INTXX_T -#undef HAVE_UINTXX_T -#undef HAVE_INT64_T -#undef HAVE_U_INT64_T -#undef HAVE_U_CHAR -#undef HAVE_SIZE_T -#undef HAVE_SSIZE_T -#undef HAVE_CLOCK_T -#undef HAVE_MODE_T -#undef HAVE_PID_T -#undef HAVE_SA_FAMILY_T -#undef HAVE_STRUCT_SOCKADDR_STORAGE -#undef HAVE_STRUCT_ADDRINFO -#undef HAVE_STRUCT_IN6_ADDR -#undef HAVE_STRUCT_SOCKADDR_IN6 - -/* Fields in struct sockaddr_storage */ -#undef HAVE_SS_FAMILY_IN_SS -#undef HAVE___SS_FAMILY_IN_SS - -/* Define if you have /dev/ptmx */ -#undef HAVE_DEV_PTMX - -/* Define if you have /dev/ptc */ -#undef HAVE_DEV_PTS_AND_PTC - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -#undef IPADDR_IN_DISPLAY - -/* Specify default $PATH */ -#undef USER_PATH - -/* Specify location of ssh.pid */ -#undef _PATH_SSH_PIDDIR - -/* getaddrinfo is broken (if present) */ -#undef BROKEN_GETADDRINFO - -/* updwtmpx is broken (if present) */ -#undef BROKEN_UPDWTMPX - -/* Workaround more Linux IPv6 quirks */ -#undef DONT_TRY_OTHER_AF - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -#undef IPV4_IN_IPV6 - -/* Define if you have BSD auth support */ -#undef BSD_AUTH - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -#undef NO_X11_UNIX_SOCKETS - -/* Define if the concept of ports only accessible to superusers isn't known */ -#undef NO_IPPORT_RESERVED_CONCEPT - -/* Needed for SCO and NeXT */ -#undef BROKEN_SAVED_UIDS - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -#undef GLOB_HAS_ALTDIRFUNC - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#undef GLOB_HAS_GL_MATCHC - -/* Define in your struct dirent expects you to allocate extra space for d_name */ -#undef BROKEN_ONE_BYTE_DIRENT_D_NAME - -/* Define if your system has /etc/default/login */ -#undef HAVE_ETC_DEFAULT_LOGIN - -/* Define if your getopt(3) defines and uses optreset */ -#undef HAVE_GETOPT_OPTRESET - -/* Define on *nto-qnx systems */ -#undef MISSING_NFDBITS - -/* Define on *nto-qnx systems */ -#undef MISSING_HOWMANY - -/* Define on *nto-qnx systems */ -#undef MISSING_FD_MASK - -/* Define if you want smartcard support */ -#undef SMARTCARD - -/* Define if you want smartcard support using sectok */ -#undef USE_SECTOK - -/* Define if you want smartcard support using OpenSC */ -#undef USE_OPENSC - -/* Define if you want to use OpenSSL's internally seeded PRNG only */ -#undef OPENSSL_PRNG_ONLY - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -#undef WITH_ABBREV_NO_TTY - -/* Define if you want a different $PATH for the superuser */ -#undef SUPERUSER_PATH - -/* Path that unprivileged child will chroot() to in privep mode */ -#undef PRIVSEP_PATH - -/* Define if your platform needs to skip post auth file descriptor passing */ -#undef DISABLE_FD_PASSING - -/* Silly mkstemp() */ -#undef HAVE_STRICT_MKSTEMP - -/* Some systems put this outside of libc */ -#undef HAVE_NANOSLEEP - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -#undef SSHD_ACQUIRES_CTTY - -/* Define if cmsg_type is not passed correctly */ -#undef BROKEN_CMSG_TYPE - -/* - * Define to whatever link() returns for "not supported" if it doesn't - * return EOPNOTSUPP. - */ -#undef LINK_OPNOTSUPP_ERRNO - -/* Strings used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_STRING -#undef LOCKED_PASSWD_PREFIX -#undef LOCKED_PASSWD_SUBSTR - -/* Define if getrrsetbyname() exists */ -#undef HAVE_GETRRSETBYNAME - -/* Define if HEADER.ad exists in arpa/nameser.h */ -#undef HAVE_HEADER_AD - -/* Define if your resolver libs need this for getrrsetbyname */ -#undef BIND_8_COMPAT - -/* Define if you have /proc/$pid/fd */ -#undef HAVE_PROC_PID - -@BOTTOM@ - -/* ******************* Shouldn't need to edit below this line ************** */ - -#endif /* _CONFIG_H */ -- cgit v1.2.3 From c373a56343f0f70ef88db1848a3888e84b18bd33 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Sep 2005 20:15:08 +1000 Subject: - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from skeleten at shillest.net. --- ChangeLog | 6 +++++- configure.ac | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2313c39e5..5ba22fb5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050922 + - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from + skeleten at shillest.net. + 20050919 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. @@ -3003,4 +3007,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3891 2005/09/19 16:36:55 tim Exp $ +$Id: ChangeLog,v 1.3892 2005/09/22 10:15:08 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 226730f3e..ff1f87abd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.294 2005/09/19 16:33:39 tim Exp $ +# $Id: configure.ac,v 1.295 2005/09/22 10:15:08 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1093,8 +1093,12 @@ AC_ARG_WITH(libedit, [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then if test "x$withval" != "xyes"; then - CPPFLAGS="$CPPFLAGS -I$withval/include" - LDFLAGS="$LDFLAGS -L$withval/lib" + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi fi AC_CHECK_LIB(edit, el_init, [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) -- cgit v1.2.3 From 82171c66075254a6aedc0bde704b604da32c2ba4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Sep 2005 20:19:54 +1000 Subject: - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at shillest.net. --- ChangeLog | 4 +++- configure.ac | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5ba22fb5e..b721458ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20050922 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from skeleten at shillest.net. + - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at + shillest.net. 20050919 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to @@ -3007,4 +3009,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3892 2005/09/22 10:15:08 dtucker Exp $ +$Id: ChangeLog,v 1.3893 2005/09/22 10:19:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index ff1f87abd..ecbc07291 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.295 2005/09/22 10:15:08 dtucker Exp $ +# $Id: configure.ac,v 1.296 2005/09/22 10:19:54 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2719,7 +2719,7 @@ AC_ARG_WITH(sectok, # Check whether user wants OpenSC support OPENSC_CONFIG="no" AC_ARG_WITH(opensc, - [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], + [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], [ if test "x$withval" != "xno" ; then if test "x$withval" != "xyes" ; then -- cgit v1.2.3 From d3eff2bfa56dbb37dbb2ea25cf4804193411ba4f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Sep 2005 12:43:51 +1000 Subject: - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove duplicate call. ok djm@ --- ChangeLog | 6 +++++- auth2.c | 12 ++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b721458ca..d3673b9ce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050924 + - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove + duplicate call. ok djm@ + 20050922 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from skeleten at shillest.net. @@ -3009,4 +3013,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3893 2005/09/22 10:19:54 dtucker Exp $ +$Id: ChangeLog,v 1.3894 2005/09/24 02:43:51 dtucker Exp $ diff --git a/auth2.c b/auth2.c index 613b0e2bc..d255242ed 100644 --- a/auth2.c +++ b/auth2.c @@ -156,21 +156,17 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); -#ifdef USE_PAM - if (options.use_pam) - PRIVSEP(start_pam(authctxt)); -#endif } else { logit("input_userauth_request: invalid user %s", user); authctxt->pw = fakepw(); -#ifdef USE_PAM - if (options.use_pam) - PRIVSEP(start_pam(authctxt)); -#endif #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_INVALID_USER)); #endif } +#ifdef USE_PAM + if (options.use_pam) + PRIVSEP(start_pam(authctxt)); +#endif setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); -- cgit v1.2.3 From f1377bdeed3ca7268c6a5d3fa171a09df7be9064 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 27 Sep 2005 19:50:25 +1000 Subject: - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid calls, since they can't possibly fail. ok djm@ --- ChangeLog | 6 +++++- entropy.c | 8 +++----- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d3673b9ce..428718dd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050927 + - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid + calls, since they can't possibly fail. ok djm@ + 20050924 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove duplicate call. ok djm@ @@ -3013,4 +3017,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3894 2005/09/24 02:43:51 dtucker Exp $ +$Id: ChangeLog,v 1.3895 2005/09/27 09:50:25 dtucker Exp $ diff --git a/entropy.c b/entropy.c index 410bbb927..7f4a30783 100644 --- a/entropy.c +++ b/entropy.c @@ -45,7 +45,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $"); +RCSID("$Id: entropy.c,v 1.50 2005/09/27 09:50:25 dtucker Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -145,10 +145,8 @@ init_rng(void) "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); #ifndef OPENSSL_PRNG_ONLY - if ((original_uid = getuid()) == -1) - fatal("getuid: %s", strerror(errno)); - if ((original_euid = geteuid()) == -1) - fatal("geteuid: %s", strerror(errno)); + original_uid = getuid(); + original_euid = geteuid(); #endif } -- cgit v1.2.3 From c6f8219e0d4ee1f64fb7b4da88523c951a03c68a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 27 Sep 2005 22:46:32 +1000 Subject: - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed process when sshd relies on ssh-random-helper. Should result in faster logins on systems without a real random device or prngd. ok djm@ --- ChangeLog | 5 ++++- entropy.c | 32 +++++++++++++++++++++++++++++++- entropy.h | 7 ++++++- sshd.c | 14 ++++++++++++-- 4 files changed, 53 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 428718dd6..9265b7a38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050927 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid calls, since they can't possibly fail. ok djm@ + - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed + process when sshd relies on ssh-random-helper. Should result in faster + logins on systems without a real random device or prngd. ok djm@ 20050924 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove @@ -3017,4 +3020,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3895 2005/09/27 09:50:25 dtucker Exp $ +$Id: ChangeLog,v 1.3896 2005/09/27 12:46:32 dtucker Exp $ diff --git a/entropy.c b/entropy.c index 7f4a30783..ff97415a9 100644 --- a/entropy.c +++ b/entropy.c @@ -26,6 +26,7 @@ #include #include +#include #include "ssh.h" #include "misc.h" @@ -33,6 +34,8 @@ #include "atomicio.h" #include "pathnames.h" #include "log.h" +#include "buffer.h" +#include "bufaux.h" /* * Portable OpenSSH PRNG seeding: @@ -45,7 +48,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.50 2005/09/27 09:50:25 dtucker Exp $"); +RCSID("$Id: entropy.c,v 1.51 2005/09/27 12:46:32 dtucker Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -150,3 +153,30 @@ init_rng(void) #endif } +#ifndef OPENSSL_PRNG_ONLY +void +rexec_send_rng_seed(Buffer *m) +{ + u_char buf[RANDOM_SEED_SIZE]; + + if (RAND_bytes(buf, sizeof(buf)) <= 0) { + error("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); + buffer_put_string(m, "", 0); + } else + buffer_put_string(m, buf, sizeof(buf)); +} + +void +rexec_recv_rng_seed(Buffer *m) +{ + char *buf; + u_int len; + + buf = buffer_get_string_ret(m, &len); + if (buf != NULL) { + debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); + RAND_add(buf, len, len); + } +} +#endif diff --git a/entropy.h b/entropy.h index 5f63c1f1f..ec1ebcc57 100644 --- a/entropy.h +++ b/entropy.h @@ -22,12 +22,17 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */ +/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */ #ifndef _RANDOMS_H #define _RANDOMS_H +#include "buffer.h" + void seed_rng(void); void init_rng(void); +void rexec_send_rng_seed(Buffer *); +void rexec_recv_rng_seed(Buffer *); + #endif /* _RANDOMS_H */ diff --git a/sshd.c b/sshd.c index 92aa9bbd2..e9125a229 100644 --- a/sshd.c +++ b/sshd.c @@ -800,6 +800,7 @@ send_rexec_state(int fd, Buffer *conf) * bignum iqmp " * bignum p " * bignum q " + * string rngseed (only if OpenSSL is not self-seeded) */ buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); @@ -816,6 +817,10 @@ send_rexec_state(int fd, Buffer *conf) } else buffer_put_int(&m, 0); +#ifndef OPENSSL_PRNG_ONLY + rexec_send_rng_seed(&m); +#endif + if (ssh_msg_send(fd, 0, &m) == -1) fatal("%s: ssh_msg_send failed", __func__); @@ -858,6 +863,11 @@ recv_rexec_state(int fd, Buffer *conf) rsa_generate_additional_parameters( sensitive_data.server_key->rsa); } + +#ifndef OPENSSL_PRNG_ONLY + rexec_recv_rng_seed(&m); +#endif + buffer_free(&m); debug3("%s: done", __func__); @@ -1051,8 +1061,6 @@ main(int ac, char **av) drop_cray_privs(); #endif - seed_rng(); - sensitive_data.server_key = NULL; sensitive_data.ssh1_host_key = NULL; sensitive_data.have_ssh1_key = 0; @@ -1071,6 +1079,8 @@ main(int ac, char **av) if (!rexec_flag) buffer_free(&cfg); + seed_rng(); + /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); -- cgit v1.2.3 From 46e7ba5d53b13787f56402910e0b8e8f5c2248b3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 28 Sep 2005 08:26:30 +1000 Subject: - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency --- ChangeLog | 5 ++++- entropy.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9265b7a38..2c238370a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050928 + - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. + 20050927 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid calls, since they can't possibly fail. ok djm@ @@ -3020,4 +3023,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3896 2005/09/27 12:46:32 dtucker Exp $ +$Id: ChangeLog,v 1.3897 2005/09/27 22:26:30 dtucker Exp $ diff --git a/entropy.c b/entropy.c index ff97415a9..e5b45b0b6 100644 --- a/entropy.c +++ b/entropy.c @@ -48,7 +48,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.51 2005/09/27 12:46:32 dtucker Exp $"); +RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -170,7 +170,7 @@ rexec_send_rng_seed(Buffer *m) void rexec_recv_rng_seed(Buffer *m) { - char *buf; + u_char *buf; u_int len; buf = buffer_get_string_ret(m, &len); -- cgit v1.2.3 From 7b1e69584611837d58f2651ec4e90210e1b26afe Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 28 Sep 2005 22:33:27 +1000 Subject: - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from PAM via keyboard-interactive. Patch tested by the folks at Vintela. --- ChangeLog | 4 +++- auth-pam.c | 14 ++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2c238370a..cdde2e048 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20050928 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. + - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from + PAM via keyboard-interactive. Patch tested by the folks at Vintela. 20050927 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid @@ -3023,4 +3025,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3897 2005/09/27 22:26:30 dtucker Exp $ +$Id: ChangeLog,v 1.3898 2005/09/28 12:33:27 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 0446cd559..787aad1d0 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.127 2005/09/28 12:33:27 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -716,8 +716,18 @@ sshpam_query(void *ctx, char **name, char **info, plen++; xfree(msg); break; - case PAM_SUCCESS: case PAM_AUTH_ERR: + debug3("PAM: PAM_AUTH_ERR"); + if (**prompts != NULL && strlen(**prompts) != 0) { + *info = **prompts; + **prompts = NULL; + *num = 0; + **echo_on = 0; + ctxt->pam_done = -1; + return 0; + } + /* FALLTHROUGH */ + case PAM_SUCCESS: if (**prompts != NULL) { /* drain any accumulated messages */ debug("PAM: %s", **prompts); -- cgit v1.2.3 From 372c8fbe9be87789106fb004ea684a65984712e9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 29 Sep 2005 22:01:10 +1000 Subject: - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg introduced during sync. --- ChangeLog | 6 +++++- monitor_wrap.c | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cdde2e048..063e68973 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050929 + - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg + introduced during sync. + 20050928 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from @@ -3025,4 +3029,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3898 2005/09/28 12:33:27 dtucker Exp $ +$Id: ChangeLog,v 1.3899 2005/09/29 12:01:10 dtucker Exp $ diff --git a/monitor_wrap.c b/monitor_wrap.c index 1489e7f08..3b50753de 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -72,7 +72,6 @@ extern struct monitor *pmonitor; extern Buffer input, output; extern Buffer loginmsg; extern ServerOptions options; -extern Buffer loginmsg; int mm_is_monitor(void) -- cgit v1.2.3 From 6e4221129e58d792ec14025af823f654b5898cd6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Sep 2005 09:55:49 +1000 Subject: - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype for strtoll. Patch from o.flebbe at science-computing.de. --- ChangeLog | 6 +++++- openbsd-compat/openbsd-compat.h | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 063e68973..0dbda414b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050930 + - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype + for strtoll. Patch from o.flebbe at science-computing.de. + 20050929 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg introduced during sync. @@ -3029,4 +3033,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3899 2005/09/29 12:01:10 dtucker Exp $ +$Id: ChangeLog,v 1.3900 2005/09/29 23:55:49 dtucker Exp $ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index ba68bc27e..dda558ffe 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */ +/* $Id: openbsd-compat.h,v 1.31 2005/09/29 23:55:50 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *); int snprintf(char *, size_t, const char *, ...); #endif +#ifndef HAVE_STRTOLL +long long strtoll(const char *, char **, int); +#endif + #ifndef HAVE_STRTONUM long long strtonum(const char *, long long, long long, const char **); #endif -- cgit v1.2.3 From d4f04ae2476dded8c3743b0b9152cfe023758236 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Sep 2005 10:23:21 +1000 Subject: - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep child during PAM account check without clearing it. This restores the post-login warnings such as LDAP password expiry. Patch from Tomas Mraz with help from several others. --- ChangeLog | 6 +++++- monitor.c | 4 +--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0dbda414b..a8be68846 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype for strtoll. Patch from o.flebbe at science-computing.de. + - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep + child during PAM account check without clearing it. This restores the + post-login warnings such as LDAP password expiry. Patch from Tomas Mraz + with help from several others. 20050929 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg @@ -3033,4 +3037,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3900 2005/09/29 23:55:49 dtucker Exp $ +$Id: ChangeLog,v 1.3901 2005/09/30 00:23:21 dtucker Exp $ diff --git a/monitor.c b/monitor.c index ef613cd3c..24ad0b794 100644 --- a/monitor.c +++ b/monitor.c @@ -834,9 +834,7 @@ mm_answer_pam_account(int sock, Buffer *m) ret = do_pam_account(); buffer_put_int(m, ret); - buffer_append(&loginmsg, "\0", 1); - buffer_put_cstring(m, buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); + buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); -- cgit v1.2.3 From d3d0fa15588c8515751eb5a29f105b30318e9441 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:03:05 +1000 Subject: - markus@cvs.openbsd.org 2005/09/07 08:53:53 [channels.c] enforce chanid != NULL; ok djm --- ChangeLog | 8 +++++++- channels.c | 14 +++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a8be68846..fb05e3d37 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051003 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2005/09/07 08:53:53 + [channels.c] + enforce chanid != NULL; ok djm + 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype for strtoll. Patch from o.flebbe at science-computing.de. @@ -3037,4 +3043,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3901 2005/09/30 00:23:21 dtucker Exp $ +$Id: ChangeLog,v 1.3902 2005/10/03 08:03:05 dtucker Exp $ diff --git a/channels.c b/channels.c index 8c7b2b369..af858b4a5 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.224 2005/09/07 08:53:53 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2668,6 +2668,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, char strport[NI_MAXSERV]; int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; + if (chanids == NULL) + return -1; + for (display_number = x11_display_offset; display_number < MAX_DISPLAYS; display_number++) { @@ -2749,8 +2752,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Allocate a channel for each socket. */ - if (chanids != NULL) - *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); + *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1)); for (n = 0; n < num_socks; n++) { sock = socks[n]; nc = channel_new("x11 listener", @@ -2758,11 +2760,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "X11 inet listener", 1); nc->single_connection = single_connection; - if (*chanids != NULL) - (*chanids)[n] = nc->self; + (*chanids)[n] = nc->self; } - if (*chanids != NULL) - (*chanids)[n] = -1; + (*chanids)[n] = -1; /* Return the display number for the DISPLAY environment variable. */ *display_numberp = display_number; -- cgit v1.2.3 From d89dbf29ff288ac8ba1755d15f63d2bd58dcb71b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:05:26 +1000 Subject: - markus@cvs.openbsd.org 2005/09/09 19:18:05 [clientloop.c] typo; from mark at mcs.vuw.ac.nz, bug #1082 --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fb05e3d37..29a5d7b7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2005/09/07 08:53:53 [channels.c] enforce chanid != NULL; ok djm + - markus@cvs.openbsd.org 2005/09/09 19:18:05 + [clientloop.c] + typo; from mark at mcs.vuw.ac.nz, bug #1082 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3043,4 +3046,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3902 2005/10/03 08:03:05 dtucker Exp $ +$Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $ diff --git a/clientloop.c b/clientloop.c index 47f3c7ecd..da5bfd7bd 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.142 2005/09/09 19:18:05 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -266,7 +266,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, } } snprintf(cmd, sizeof(cmd), - "%s %s%s list %s . 2>" _PATH_DEVNULL, + "%s %s%s list %s 2>" _PATH_DEVNULL, xauth_path, generated ? "-f " : "" , generated ? xauthfile : "", -- cgit v1.2.3 From ce321d8a30a81222d11a4c27fd353804a9afecd3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:11:24 +1000 Subject: - djm@cvs.openbsd.org 2005/09/13 23:40:07 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@ --- ChangeLog | 6 +++++- misc.c | 22 +++++++++++++++++++++- misc.h | 3 ++- scp.c | 5 ++++- sftp-server.c | 6 +++++- sftp.c | 5 ++++- ssh-add.c | 5 ++++- ssh-agent.c | 5 ++++- ssh-keygen.c | 5 ++++- ssh-keyscan.c | 5 ++++- ssh-keysign.c | 9 ++++++++- ssh.c | 5 ++++- sshd.c | 5 ++++- 13 files changed, 73 insertions(+), 13 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 29a5d7b7a..c8b2f3f86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2005/09/09 19:18:05 [clientloop.c] typo; from mark at mcs.vuw.ac.nz, bug #1082 + - djm@cvs.openbsd.org 2005/09/13 23:40:07 + [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c + scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] + ensure that stdio fds are attached; ok deraadt@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3046,4 +3050,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3903 2005/10/03 08:05:26 dtucker Exp $ +$Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $ diff --git a/misc.c b/misc.c index 2dd8ae6e3..27b947f0c 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); #include "misc.h" #include "log.h" @@ -507,6 +507,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +void +sanitise_stdfd(void) +{ + int nullfd; + + if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); + exit(1); + } + while (nullfd < 2) { + if (dup2(nullfd, nullfd + 1) == -1) { + fprintf(stderr, "dup2: %s", strerror(errno)); + exit(1); + } + nullfd++; + } + if (nullfd > 2) + close(nullfd); +} + char * tohex(const u_char *d, u_int l) { diff --git a/misc.h b/misc.h index 2d630feb5..51541336c 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -27,6 +27,7 @@ long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); char *tohex(const u_char *, u_int); +void sanitise_stdfd(void); struct passwd *pwcopy(struct passwd *); diff --git a/scp.c b/scp.c index 1407aa71d..58c00442f 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $"); +RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -222,6 +222,9 @@ main(int argc, char **argv) extern char *optarg; extern int optind; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); args.list = NULL; diff --git a/sftp-server.c b/sftp-server.c index 6870e7732..e7d000cff 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,13 +14,14 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $"); #include "buffer.h" #include "bufaux.h" #include "getput.h" #include "log.h" #include "xmalloc.h" +#include "misc.h" #include "sftp.h" #include "sftp-common.h" @@ -1036,6 +1037,9 @@ main(int ac, char **av) int in, out, max; ssize_t len, olen, set_size; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* XXX should use getopt */ __progname = ssh_get_progname(av[0]); diff --git a/sftp.c b/sftp.c index f98ed7d27..f29927c0f 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1447,6 +1447,9 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ diff --git a/ssh-add.c b/ssh-add.c index a3428769c..749a76829 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $"); #include @@ -312,6 +312,9 @@ main(int argc, char **argv) char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); init_rng(); seed_rng(); diff --git a/ssh-agent.c b/ssh-agent.c index dd7e22ad5..6f0ba130d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -1008,6 +1008,9 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* drop */ setegid(getgid()); setgid(getgid()); diff --git a/ssh-keygen.c b/ssh-keygen.c index b17851946..92803da45 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -1018,6 +1018,9 @@ main(int ac, char **av) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); SSLeay_add_all_algorithms(); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 46f063687..8ac97bd35 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -712,6 +712,9 @@ main(int argc, char **argv) seed_rng(); TAILQ_INIT(&tq); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + if (argc <= 1) usage(); diff --git a/ssh-keysign.c b/ssh-keysign.c index 04597a91d..dae3a2e8c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -148,6 +148,13 @@ main(int argc, char **argv) u_int slen, dlen; u_int32_t rnd[256]; + /* Ensure that stdin and stdout are connected */ + if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) + exit(1); + /* Leave /dev/null fd iff it is attached to stderr */ + if (fd > 2) + close(fd); + key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); diff --git a/ssh.c b/ssh.c index c9e5aac7a..31d09b1be 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -188,6 +188,9 @@ main(int ac, char **av) struct servent *sp; Forward fwd; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); init_rng(); diff --git a/sshd.c b/sshd.c index e9125a229..ceb85dd54 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); #include #include @@ -924,6 +924,9 @@ main(int ac, char **av) if (geteuid() == 0 && setgroups(0, NULL) == -1) debug("setgroups(): %.200s", strerror(errno)); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* Initialize configuration options to their default values. */ initialize_server_options(&options); -- cgit v1.2.3 From c8d6421a645529a3c831dccc5d9d9e073de68657 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:13:42 +1000 Subject: - djm@cvs.openbsd.org 2005/09/19 11:37:34 [ssh_config.5 ssh.1] mention ability to specify bind_address for DynamicForward and -D options; bz#1077 spotted by Haruyama Seigo --- ChangeLog | 6 +++++- ssh.1 | 44 ++++++++++++++++++++++++++++++++++++++++---- ssh_config.5 | 26 ++++++++++++++++++++++++-- 3 files changed, 69 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c8b2f3f86..7af3d15f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,10 @@ [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@ + - djm@cvs.openbsd.org 2005/09/19 11:37:34 + [ssh_config.5 ssh.1] + mention ability to specify bind_address for DynamicForward and -D options; + bz#1077 spotted by Haruyama Seigo 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3050,4 +3054,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3904 2005/10/03 08:11:24 dtucker Exp $ +$Id: ChangeLog,v 1.3905 2005/10/03 08:13:42 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index b0749763b..135e3b6c5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.210 2005/09/19 11:37:34 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -47,7 +47,12 @@ .Op Fl 1246AaCfgkMNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec -.Op Fl D Ar port +.Oo Fl D\ \& +.Sm off +.Oo Ar bind_address : Oc +.Ar port +.Sm on +.Oc .Op Fl e Ar escape_char .Op Fl F Ar configfile .Op Fl i Ar identity_file @@ -494,13 +499,20 @@ The default is arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, aes192-ctr,aes256-ctr'' .Ed -.It Fl D Ar port +.It Fl D Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar port +.Sm on +.Xc Specifies a local .Dq dynamic application-level port forwarding. This works by allocating a socket to listen to .Ar port -on the local side, and whenever a connection is made to this port, the +on the local side, optionally bound to the specified +.Ar bind_address . +Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. @@ -509,6 +521,30 @@ Currently the SOCKS4 and SOCKS5 protocols are supported, and will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. +.Pp +IPv6 addresses can be specified with an alternative syntax: +.Sm off +.Xo +.Op Ar bind_address No / +.Ar port +.Xc +.Sm on +or by enclosing the address in square brackets. +Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. .It Fl e Ar ch | ^ch | none Sets the escape character for sessions with a pty (default: .Ql ~ ) . diff --git a/ssh_config.5 b/ssh_config.5 index 9ddb09480..2e38be950 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.61 2005/07/08 12:53:10 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.62 2005/09/19 11:37:34 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -320,7 +320,29 @@ Specifies that a TCP/IP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. -The argument must be a port number. +.Pp +The argument must be +.Sm off +.Oo Ar bind_address : Oc Ar port . +.Sm on +IPv6 addresses can be specified by enclosing addresses in square brackets or +by using an alternative syntax: +.Oo Ar bind_address Ns / Oc Ns Ar port . +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. +.Pp Currently the SOCKS4 and SOCKS5 protocols are supported, and .Nm ssh will act as a SOCKS server. -- cgit v1.2.3 From a2cdbda2de465c9f14984fb988fb1c679f69ea69 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:16:02 +1000 Subject: - djm@cvs.openbsd.org 2005/09/19 11:47:09 [sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ --- ChangeLog | 6 +++++- sshd.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7af3d15f7..7c535eae8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ [ssh_config.5 ssh.1] mention ability to specify bind_address for DynamicForward and -D options; bz#1077 spotted by Haruyama Seigo + - djm@cvs.openbsd.org 2005/09/19 11:47:09 + [sshd.c] + stop connection abort on rekey with delayed compression enabled when + post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3054,4 +3058,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3905 2005/10/03 08:13:42 dtucker Exp $ +$Id: ChangeLog,v 1.3906 2005/10/03 08:16:02 dtucker Exp $ diff --git a/sshd.c b/sshd.c index ceb85dd54..6ef2eee13 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $"); #include #include @@ -633,9 +633,8 @@ privsep_postauth(Authctxt *authctxt) if (authctxt->pw->pw_uid == 0 || options.use_login) { #endif /* File descriptor passing is broken or root login */ - monitor_apply_keystate(pmonitor); use_privsep = 0; - return; + goto out; } /* Authentication complete */ @@ -669,6 +668,7 @@ privsep_postauth(Authctxt *authctxt) /* Drop privileges */ do_setusercontext(authctxt->pw); + out: /* It is safe now to apply the key state */ monitor_apply_keystate(pmonitor); -- cgit v1.2.3 From 8813bbbca90dbba5dc9d7a970e4115cb49cf4255 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:17:02 +1000 Subject: - djm@cvs.openbsd.org 2005/09/19 11:48:10 [gss-serv.c] typo --- ChangeLog | 5 ++++- gss-serv.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7c535eae8..7d27adb18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ [sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ + - djm@cvs.openbsd.org 2005/09/19 11:48:10 + [gss-serv.c] + typo 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3058,4 +3061,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3906 2005/10/03 08:16:02 dtucker Exp $ +$Id: ChangeLog,v 1.3907 2005/10/03 08:17:02 dtucker Exp $ diff --git a/gss-serv.c b/gss-serv.c index 117130459..eeec286bd 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.9 2005/09/19 11:48:10 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -271,7 +271,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) } } -/* Priviledged */ +/* Privileged */ int ssh_gssapi_userok(char *user) { -- cgit v1.2.3 From 05d4dfe38fe786a8e9fd675c8eeef7ab801443de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:17:38 +1000 Subject: - jmc@cvs.openbsd.org 2005/09/19 15:38:27 [ssh.1] some more .Bk/.Ek to avoid ugly line split; --- ChangeLog | 5 ++++- ssh.1 | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7d27adb18..58eb48885 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,9 @@ - djm@cvs.openbsd.org 2005/09/19 11:48:10 [gss-serv.c] typo + - jmc@cvs.openbsd.org 2005/09/19 15:38:27 + [ssh.1] + some more .Bk/.Ek to avoid ugly line split; 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3061,4 +3064,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3907 2005/10/03 08:17:02 dtucker Exp $ +$Id: ChangeLog,v 1.3908 2005/10/03 08:17:38 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 135e3b6c5..6b3c2fcf8 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.210 2005/09/19 11:37:34 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.211 2005/09/19 15:38:27 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,7 +43,6 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh -.Bk -words .Op Fl 1246AaCfgkMNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec @@ -55,14 +54,18 @@ .Oc .Op Fl e Ar escape_char .Op Fl F Ar configfile +.Bk -words .Op Fl i Ar identity_file +.Ek .Oo Fl L\ \& .Sm off .Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Oc +.Bk -words .Op Fl l Ar login_name +.Ek .Op Fl m Ar mac_spec .Op Fl O Ar ctl_cmd .Op Fl o Ar option @@ -76,7 +79,6 @@ .Op Fl S Ar ctl_path .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command -.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for -- cgit v1.2.3 From 895d698515c12a4ef90746924c0804ac0f97f18e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:18:05 +1000 Subject: - jmc@cvs.openbsd.org 2005/09/19 15:42:44 [ssh.c] update -D usage here too; --- ChangeLog | 5 ++++- ssh.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 58eb48885..22e43bf45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,9 @@ - jmc@cvs.openbsd.org 2005/09/19 15:38:27 [ssh.1] some more .Bk/.Ek to avoid ugly line split; + - jmc@cvs.openbsd.org 2005/09/19 15:42:44 + [ssh.c] + update -D usage here too; 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3064,4 +3067,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3908 2005/10/03 08:17:38 dtucker Exp $ +$Id: ChangeLog,v 1.3909 2005/10/03 08:18:05 dtucker Exp $ diff --git a/ssh.c b/ssh.c index 31d09b1be..2c2b680a2 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.251 2005/09/19 15:42:44 jmc Exp $"); #include #include @@ -158,7 +158,7 @@ usage(void) { fprintf(stderr, "usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile]\n" +" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -- cgit v1.2.3 From 1e4308e6fa41a1436e64ff9faaa4174bf73fa166 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:18:40 +1000 Subject: - djm@cvs.openbsd.org 2005/09/19 23:31:31 [ssh.1] spelling nit from stevesk@ --- ChangeLog | 5 ++++- ssh.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 22e43bf45..e0c4ba662 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ - jmc@cvs.openbsd.org 2005/09/19 15:42:44 [ssh.c] update -D usage here too; + - djm@cvs.openbsd.org 2005/09/19 23:31:31 + [ssh.1] + spelling nit from stevesk@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3067,4 +3070,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3909 2005/10/03 08:18:05 dtucker Exp $ +$Id: ChangeLog,v 1.3910 2005/10/03 08:18:40 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 6b3c2fcf8..8e0f37719 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.211 2005/09/19 15:38:27 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.212 2005/09/19 23:31:31 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -455,7 +455,7 @@ option. Selects the cipher specification for encrypting the session. .Pp Protocol version 1 allows specification of a single cipher. -The suported values are +The supported values are .Dq 3des , .Dq blowfish and -- cgit v1.2.3 From e2dd2d5baa8c411671f6356156a77181f8b0a05f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:19:06 +1000 Subject: - djm@cvs.openbsd.org 2005/09/21 23:36:54 [sshd_config.5] aquire -> acquire, from stevesk@ --- ChangeLog | 5 ++++- sshd_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e0c4ba662..fdf7c72a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - djm@cvs.openbsd.org 2005/09/19 23:31:31 [ssh.1] spelling nit from stevesk@ + - djm@cvs.openbsd.org 2005/09/21 23:36:54 + [sshd_config.5] + aquire -> acquire, from stevesk@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3070,4 +3073,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3910 2005/10/03 08:18:40 dtucker Exp $ +$Id: ChangeLog,v 1.3911 2005/10/03 08:19:06 dtucker Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 048e8924e..45c1c0131 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.45 2005/09/21 23:36:54 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -348,7 +348,7 @@ Kerberos servtab which allows the verification of the KDC's identity. Default is .Dq no . .It Cm KerberosGetAFSToken -If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire +If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an AFS token before accessing the user's home directory. Default is .Dq no . -- cgit v1.2.3 From 45b01426431836396e11263692153a19de4c417b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:20:00 +1000 Subject: - djm@cvs.openbsd.org 2005/09/21 23:37:11 [sshd.c] change label at markus@'s request --- ChangeLog | 5 ++++- sshd.c | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fdf7c72a6..2028be72e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ - djm@cvs.openbsd.org 2005/09/21 23:36:54 [sshd_config.5] aquire -> acquire, from stevesk@ + - djm@cvs.openbsd.org 2005/09/21 23:37:11 + [sshd.c] + change label at markus@'s request 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3073,4 +3076,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3911 2005/10/03 08:19:06 dtucker Exp $ +$Id: ChangeLog,v 1.3912 2005/10/03 08:20:00 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 6ef2eee13..c4d66e2fc 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); #include #include @@ -634,7 +634,7 @@ privsep_postauth(Authctxt *authctxt) #endif /* File descriptor passing is broken or root login */ use_privsep = 0; - goto out; + goto skip; } /* Authentication complete */ @@ -668,7 +668,7 @@ privsep_postauth(Authctxt *authctxt) /* Drop privileges */ do_setusercontext(authctxt->pw); - out: + skip: /* It is safe now to apply the key state */ monitor_apply_keystate(pmonitor); -- cgit v1.2.3 From 28e8e59b3560e364e9bee758b2e4b2f987683267 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:20:28 +1000 Subject: - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 [ssh-keyscan.1] deploy .An -nosplit; ok jmc --- ChangeLog | 5 ++++- ssh-keyscan.1 | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2028be72e..01a6f23d0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,9 @@ - djm@cvs.openbsd.org 2005/09/21 23:37:11 [sshd.c] change label at markus@'s request + - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 + [ssh-keyscan.1] + deploy .An -nosplit; ok jmc 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3076,4 +3079,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3912 2005/10/03 08:20:00 dtucker Exp $ +$Id: ChangeLog,v 1.3913 2005/10/03 08:20:28 dtucker Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 7e846f77c..80fc8cd96 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -156,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e .Xr ssh 1 , .Xr sshd 8 .Sh AUTHORS +.An -nosplit .An David Mazieres Aq dm@lcs.mit.edu wrote the initial version, and .An Wayne Davison Aq wayned@users.sourceforge.net -- cgit v1.2.3 From b0b12296f9c781e896fecbcab0ecd8223ecacc0a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 18:23:44 +1000 Subject: - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 [canohost.c] Relocate check_ip_options call to prevent logging of garbage for connections with IP options set. bz#1092 from David Leonard, "looks good" deraadt@ --- ChangeLog | 7 ++++++- canohost.c | 8 ++++---- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 01a6f23d0..1a8a105d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,11 @@ - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 [ssh-keyscan.1] deploy .An -nosplit; ok jmc + - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 + [canohost.c] + Relocate check_ip_options call to prevent logging of garbage for + connections with IP options set. bz#1092 from David Leonard, + "looks good" deraadt@ 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3079,4 +3084,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3913 2005/10/03 08:20:28 dtucker Exp $ +$Id: ChangeLog,v 1.3914 2005/10/03 08:23:44 dtucker Exp $ diff --git a/canohost.c b/canohost.c index c27086bfd..0c4d36ff6 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -43,9 +43,6 @@ get_remote_hostname(int sock, int use_dns) cleanup_exit(255); } - if (from.ss_family == AF_INET) - check_ip_options(sock, ntop); - ipv64_normalise_mapped(&from, &fromlen); if (from.ss_family == AF_INET6) @@ -55,6 +52,9 @@ get_remote_hostname(int sock, int use_dns) NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); + if (from.ss_family == AF_INET) + check_ip_options(sock, ntop); + if (!use_dns) return xstrdup(ntop); -- cgit v1.2.3 From 1f85dc703499a11d8154b0b9b1f58eb4f98d2609 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 3 Oct 2005 20:14:18 +1000 Subject: - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp is required in the system path for the multiplex test to work. --- ChangeLog | 4 +++- regress/README.regress | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1a8a105d2..ab9271ed2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,8 @@ Relocate check_ip_options call to prevent logging of garbage for connections with IP options set. bz#1092 from David Leonard, "looks good" deraadt@ + - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp + is required in the system path for the multiplex test to work. 20050930 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype @@ -3084,4 +3086,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3914 2005/10/03 08:23:44 dtucker Exp $ +$Id: ChangeLog,v 1.3915 2005/10/03 10:14:18 dtucker Exp $ diff --git a/regress/README.regress b/regress/README.regress index 0c07c9cf1..5aaf734bd 100644 --- a/regress/README.regress +++ b/regress/README.regress @@ -97,8 +97,12 @@ Known Issues. unless ssh-rand-helper is in pre-installed (the path to ssh-rand-helper is hard coded). +- Similarly, if you do not have "scp" in your system's $PATH then the + multiplex scp tests will fail (since the system's shell startup scripts + will determine where the shell started by sshd will look for scp). + - Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head test to fail. The old behaviour can be restored by setting (and exporting) _POSIX2_VERSION=199209 before running the tests. -$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $ +$Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $ -- cgit v1.2.3 From b18f15100a6b303734f22061d777352603a8968a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 5 Oct 2005 23:02:16 +1000 Subject: - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and senthilkumar_sen at hotpop.com. --- ChangeLog | 7 ++++++- configure.ac | 3 ++- sshd.8 | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ab9271ed2..2635f3ed1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051005 + - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended + "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and + senthilkumar_sen at hotpop.com. + 20051003 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2005/09/07 08:53:53 @@ -3086,4 +3091,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3915 2005/10/03 10:14:18 dtucker Exp $ +$Id: ChangeLog,v 1.3916 2005/10/05 13:02:16 dtucker Exp $ diff --git a/configure.ac b/configure.ac index ecbc07291..2b5059a25 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.296 2005/09/22 10:19:54 dtucker Exp $ +# $Id: configure.ac,v 1.297 2005/10/05 13:02:16 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -398,6 +398,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-freebsd*) check_for_libcrypt_later=1 + AC_DEFINED(LOCKED_PASSWD_PREFIX, "*LOCKED*") ;; *-*-bsdi*) AC_DEFINE(SETEUID_BREAKS_SETUID) diff --git a/sshd.8 b/sshd.8 index fdff4ac91..94cefdea2 100644 --- a/sshd.8 +++ b/sshd.8 @@ -123,7 +123,10 @@ on Solaris, .Ql \&* on HP-UX, containing .Ql Nologin -on Tru64 and a leading +on Tru64, +a leading +.Ql \&*LOCKED\&* +on FreeBSD and a leading .Ql \&!! on Linux). If there is a requirement to disable password authentication for the account while allowing still public-key, then the passwd field -- cgit v1.2.3 From 1e6616bb14d2c97bcb85f0ffaf837e1dc698d7dc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 8 Oct 2005 12:07:01 +1000 Subject: - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from brian.smith at agilent com. --- ChangeLog | 6 +++++- configure.ac | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2635f3ed1..c5e873943 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051008 + - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from + brian.smith at agilent com. + 20051005 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and @@ -3091,4 +3095,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3916 2005/10/05 13:02:16 dtucker Exp $ +$Id: ChangeLog,v 1.3917 2005/10/08 02:07:01 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 44b54705b..12bf6587b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.298 2005/10/05 15:39:58 dtucker Exp $ +# $Id: configure.ac,v 1.299 2005/10/08 02:07:02 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -296,6 +296,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_STRING, "*", [String used in /etc/passwd to denote locked account]) AC_DEFINE(SPT_TYPE,SPT_PSTAT) + MAIL="/var/mail/username" LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, , AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) -- cgit v1.2.3 From e04ec6fdfd1d5b71d18e2dd94d5a2aede8c45455 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 8 Oct 2005 16:21:19 +1000 Subject: - (djm) [configure.ac] missing 'test' call for -with-Werror test --- ChangeLog | 3 ++- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c5e873943..c8e49798f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20051008 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from brian.smith at agilent com. + - (djm) [configure.ac] missing 'test' call for -with-Werror test 20051005 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended @@ -3095,4 +3096,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3917 2005/10/08 02:07:01 dtucker Exp $ +$Id: ChangeLog,v 1.3918 2005/10/08 06:21:19 djm Exp $ diff --git a/configure.ac b/configure.ac index 12bf6587b..ee0640860 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.299 2005/10/08 02:07:02 dtucker Exp $ +# $Id: configure.ac,v 1.300 2005/10/08 06:21:20 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -670,7 +670,7 @@ AC_ARG_WITH(Werror, [ if test -n "$withval" && test "x$withval" != "xno"; then werror_flags="-Werror" - if "x${withval}" != "xyes"; then + if test "x${withval}" != "xyes"; then werror_flags="$withval" fi fi -- cgit v1.2.3 From 9ac1a65acb80ac607eaabcba4c9ea4e0182d8a02 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 9 Oct 2005 11:40:03 +1000 Subject: - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current versions from OpenBSD. ok djm@ --- ChangeLog | 6 +++++- configure.ac | 3 ++- defines.h | 6 +++++- openbsd-compat/vis.c | 58 ++++++++++++++++++++-------------------------------- openbsd-compat/vis.h | 11 +++++++--- 5 files changed, 42 insertions(+), 42 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c8e49798f..ac839d612 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051009 + - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current + versions from OpenBSD. ok djm@ + 20051008 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from brian.smith at agilent com. @@ -3096,4 +3100,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3918 2005/10/08 06:21:19 djm Exp $ +$Id: ChangeLog,v 1.3919 2005/10/09 01:40:03 dtucker Exp $ diff --git a/configure.ac b/configure.ac index ee0640860..bd0352a8a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.300 2005/10/08 06:21:20 djm Exp $ +# $Id: configure.ac,v 1.301 2005/10/09 01:40:03 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -418,6 +418,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) + AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/defines.h b/defines.h index 43a642220..92ebd2697 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.128 2005/09/09 05:04:59 tim Exp $ */ +/* $Id: defines.h,v 1.129 2005/10/09 01:40:04 dtucker Exp $ */ /* Constants */ @@ -450,6 +450,10 @@ struct winsize { # define __sentinel__ #endif +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) +# define __bounded__(x, y, z) +#endif + /* *-*-nto-qnx doesn't define this macro in the system headers */ #ifdef MISSING_HOWMANY # define howmany(x,y) (((x)+((y)-1))/(y)) diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c index 1fb7a01e3..52d19ac55 100644 --- a/openbsd-compat/vis.c +++ b/openbsd-compat/vis.c @@ -1,5 +1,6 @@ /* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ +/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */ /*- * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -28,36 +29,32 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ + #include "includes.h" #if !defined(HAVE_STRNVIS) -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: vis.c,v 1.12 2003/06/02 20:18:35 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include "vis.h" #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') -#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ - isgraph((u_char)(c))) || \ - ((flag & VIS_SP) == 0 && (c) == ' ') || \ - ((flag & VIS_TAB) == 0 && (c) == '\t') || \ - ((flag & VIS_NL) == 0 && (c) == '\n') || \ - ((flag & VIS_SAFE) && ((c) == '\b' || \ - (c) == '\007' || (c) == '\r' || \ - isgraph((u_char)(c))))) +#define isvisible(c) \ + (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ + (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \ + (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \ + ((flag & VIS_SP) == 0 && (c) == ' ') || \ + ((flag & VIS_TAB) == 0 && (c) == '\t') || \ + ((flag & VIS_NL) == 0 && (c) == '\n') || \ + ((flag & VIS_SAFE) && ((c) == '\b' || \ + (c) == '\007' || (c) == '\r' || \ + isgraph((u_char)(c))))) /* * vis - visually encode characters */ char * -vis(dst, c, flag, nextc) - register char *dst; - int c, nextc; - register int flag; +vis(char *dst, int c, int flag, int nextc) { if (isvisible(c)) { *dst++ = c; @@ -111,7 +108,8 @@ vis(dst, c, flag, nextc) goto done; } } - if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) { + if (((c & 0177) == ' ') || (flag & VIS_OCTAL) || + ((flag & VIS_GLOB) && (c == '*' || c == '?' || c == '[' || c == '#'))) { *dst++ = '\\'; *dst++ = ((u_char)c >> 6 & 07) + '0'; *dst++ = ((u_char)c >> 3 & 07) + '0'; @@ -124,7 +122,7 @@ vis(dst, c, flag, nextc) c &= 0177; *dst++ = 'M'; } - if (iscntrl(c)) { + if (iscntrl((u_char)c)) { *dst++ = '^'; if (c == 0177) *dst++ = '?'; @@ -153,12 +151,9 @@ done: * This is useful for encoding a block of data. */ int -strvis(dst, src, flag) - register char *dst; - register const char *src; - int flag; +strvis(char *dst, const char *src, int flag) { - register char c; + char c; char *start; for (start = dst; (c = *src);) @@ -168,16 +163,11 @@ strvis(dst, src, flag) } int -strnvis(dst, src, siz, flag) - char *dst; - const char *src; - size_t siz; - int flag; +strnvis(char *dst, const char *src, size_t siz, int flag) { - char c; char *start, *end; char tbuf[5]; - int i; + int c, i; i = 0; for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { @@ -217,13 +207,9 @@ strnvis(dst, src, siz, flag) } int -strvisx(dst, src, len, flag) - register char *dst; - register const char *src; - register size_t len; - int flag; +strvisx(char *dst, const char *src, size_t len, int flag) { - register char c; + char c; char *start; for (start = dst; len > 1; len--) { diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h index 663355a24..0588f68da 100644 --- a/openbsd-compat/vis.h +++ b/openbsd-compat/vis.h @@ -1,6 +1,6 @@ /* OPENBSD ORIGINAL: include/vis.h */ -/* $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */ +/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */ /* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ /*- @@ -63,6 +63,7 @@ * other */ #define VIS_NOSLASH 0x40 /* inhibit printing '\' */ +#define VIS_GLOB 0x100 /* encode glob(3) magics and '#' */ /* * unvis return codes @@ -80,10 +81,14 @@ char *vis(char *, int, int, int); int strvis(char *, const char *, int); -int strnvis(char *, const char *, size_t, int); -int strvisx(char *, const char *, size_t, int); +int strnvis(char *, const char *, size_t, int) + __attribute__ ((__bounded__(__string__,1,3))); +int strvisx(char *, const char *, size_t, int) + __attribute__ ((__bounded__(__string__,1,3))); int strunvis(char *, const char *); int unvis(char *, char, int *, int); +ssize_t strnunvis(char *, const char *, size_t) + __attribute__ ((__bounded__(__string__,1,3))); #endif /* !_VIS_H_ */ -- cgit v1.2.3 From 314d89e050fa43771379d05733464294ba2a9c4e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 17 Oct 2005 23:29:23 +1000 Subject: - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. /etc/default/login report and testing from aabaker at iee.org, corrections from tim@. --- ChangeLog | 7 +++++- configure.ac | 69 ++++++++++++++++++++++++++++++++++++------------------------ 2 files changed, 47 insertions(+), 29 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ac839d612..d2b665128 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051017 + - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. + /etc/default/login report and testing from aabaker at iee.org, corrections + from tim@. + 20051009 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current versions from OpenBSD. ok djm@ @@ -3100,4 +3105,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3919 2005/10/09 01:40:03 dtucker Exp $ +$Id: ChangeLog,v 1.3920 2005/10/17 13:29:23 dtucker Exp $ diff --git a/configure.ac b/configure.ac index bd0352a8a..d0569df60 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.301 2005/10/09 01:40:03 dtucker Exp $ +# $Id: configure.ac,v 1.302 2005/10/17 13:29:23 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -772,8 +772,8 @@ AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ ac_cv_have_broken_dirname, [ save_LIBS="$LIBS" LIBS="$LIBS -lgen" - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include @@ -788,9 +788,10 @@ int main(int argc, char **argv) { exit(0); } } - ], + ]])], + [ ac_cv_have_broken_dirname="no" ], + [ ac_cv_have_broken_dirname="yes" ], [ ac_cv_have_broken_dirname="no" ], - [ ac_cv_have_broken_dirname="yes" ] ) LIBS="$save_LIBS" ]) @@ -1005,12 +1006,12 @@ AC_ARG_WITH(skey, SKEY_MSG="yes" AC_MSG_CHECKING([for s/key support]) - AC_TRY_RUN( - [ + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) @@ -1380,15 +1381,15 @@ fi dnl see whether mkstemp() requires XXXXXX if test "x$ac_cv_func_mkdtemp" = "xyes" ; then AC_MSG_CHECKING([for (overly) strict mkstemp]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include main() { char template[]="conftest.mkstemp-test"; if (mkstemp(template) == -1) exit(1); unlink(template); exit(0); } - ], + ]])], [ AC_MSG_RESULT(no) ], @@ -1406,8 +1407,8 @@ fi dnl make sure that openpty does not reacquire controlling terminal if test ! -z "$check_for_openpty_ctty_bug"; then AC_MSG_CHECKING(if openpty correctly handles controlling tty) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #include @@ -1439,13 +1440,16 @@ main() exit(0); /* Did not acquire ctty: OK */ } } - ], + ]])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_DEFINE(SSHD_ACQUIRES_CTTY) + ], + [ + AC_MSG_RESULT(cross-compiling, assuming yes) ] ) fi @@ -1453,8 +1457,8 @@ fi if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #include @@ -1508,13 +1512,16 @@ main(void) } exit(0); } - ], + ]])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_GETADDRINFO) + ], + [ + AC_MSG_RESULT(cross-compiling, assuming yes) ] ) fi @@ -1522,8 +1529,8 @@ fi if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #include @@ -1565,7 +1572,7 @@ main(void) } exit(0); } - ], + ]])], [ AC_MSG_RESULT(yes) AC_DEFINE(AIX_GETNAMEINFO_HACK, 1, @@ -1575,6 +1582,8 @@ main(void) [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_GETADDRINFO) + ], + AC_MSG_RESULT(cross-compiling, assuming no) ] ) fi @@ -3084,16 +3093,19 @@ AC_ARG_ENABLE(etc-default-login, else etc_default_login=yes fi ], - [ etc_default_login=yes ] + [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + AC_MSG_WARN([cross compiling: not checking /etc/default/login]) + etc_default_login=no + else + etc_default_login=yes + fi ] ) if test "x$etc_default_login" != "xno"; then AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) - if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) - elif test "x$external_path_file" = "x/etc/default/login"; then + if test "x$external_path_file" = "x/etc/default/login"; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1, [Define if your system has /etc/default/login]) fi @@ -3132,8 +3144,8 @@ $external_path_file .]) If PATH is defined in $external_path_file, ensure the path to scp is included, otherwise scp will not work.]) fi - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ /* find out what STDPATH is */ #include #ifdef HAVE_PATHS_H @@ -3165,7 +3177,8 @@ main() exit(0); } - ], [ user_path=`cat conftest.stdpath` ], + ]])], + [ user_path=`cat conftest.stdpath` ], [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] ) -- cgit v1.2.3 From 537f1ed7df2f52b88ac49177bd6af9cbbe381dc3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 25 Oct 2005 18:38:33 +1000 Subject: - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the sizeof(long long) checks, to make fixing bug #1104 easier (no changes yet). --- ChangeLog | 7 ++- configure.ac | 144 ++++++++++++++++++++++++++++++++--------------------------- 2 files changed, 85 insertions(+), 66 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d2b665128..004d751cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051025 + - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the + sizeof(long long) checks, to make fixing bug #1104 easier (no changes + yet). + 20051017 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. /etc/default/login report and testing from aabaker at iee.org, corrections @@ -3105,4 +3110,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3920 2005/10/17 13:29:23 dtucker Exp $ +$Id: ChangeLog,v 1.3921 2005/10/25 08:38:33 dtucker Exp $ diff --git a/configure.ac b/configure.ac index d0569df60..afcd8aff0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.302 2005/10/17 13:29:23 dtucker Exp $ +# $Id: configure.ac,v 1.303 2005/10/25 08:38:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -106,70 +106,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then fi fi -if test -z "$have_llong_max"; then - AC_MSG_CHECKING([for max value of long long]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include -#define DATA "conftest.llminmax" -int main(void) { - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprintf(f ,"%lld %lld", llmin, llmax) < 0) - exit(3); - - exit(0); -} - ]])], - [ - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - AC_MSG_RESULT($llong_max) - AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], - [max value of long long calculated by configure]) - AC_MSG_CHECKING([for min value of long long]) - AC_MSG_RESULT($llong_min) - AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL], - [min value of long long calculated by configure]) - ], - [ - AC_MSG_RESULT(not found) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] - ) -fi - AC_ARG_WITH(rpath, [ --without-rpath Disable auto-added -R linker paths], [ @@ -2053,6 +1989,84 @@ if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then ac_cv_sizeof_long_long_int=0 fi +# compute LLONG_MIN and LLONG_MAX if we don't know them. +if test -z "$have_llong_max"; then + AC_MSG_CHECKING([for max value of long long]) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ +#include +/* Why is this so damn hard? */ +#ifdef __GNUC__ +# undef __GNUC__ +#endif +#define __USE_ISOC99 +#include +#define DATA "conftest.llminmax" +int main(void) { + FILE *f; + long long i, llmin, llmax = 0; + + if((f = fopen(DATA,"w")) == NULL) + exit(1); + +#if defined(LLONG_MIN) && defined(LLONG_MAX) + fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); + llmin = LLONG_MIN; + llmax = LLONG_MAX; +#else + fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); + /* This will work on one's complement and two's complement */ + for (i = 1; i > llmax; i <<= 1, i++) + llmax = i; + llmin = llmax + 1LL; /* wrap */ +#endif + + /* Sanity check */ + if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax + || llmax - 1 > llmax) { + fprintf(f, "unknown unknown\n"); + exit(2); + } + + if (fprintf(f ,"%lld %lld", llmin, llmax) < 0) + exit(3); + + exit(0); +} + ]])], + [ + llong_min=`$AWK '{print $1}' conftest.llminmax` + llong_max=`$AWK '{print $2}' conftest.llminmax` + + # snprintf on some Tru64s doesn't understand "%lld" + case "$host" in + alpha-dec-osf*) + if test "x$ac_cv_sizeof_long_long_int" = "x8" && + test "x$llong_max" = "xld"; then + llong_min="-9223372036854775808" + llong_max="9223372036854775807" + fi + ;; + esac + + AC_MSG_RESULT($llong_max) + AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], + [max value of long long calculated by configure]) + AC_MSG_CHECKING([for min value of long long]) + AC_MSG_RESULT($llong_min) + AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL], + [min value of long long calculated by configure]) + ], + [ + AC_MSG_RESULT(not found) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) + ] + ) +fi + + # More checks for data types AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ AC_TRY_COMPILE( -- cgit v1.2.3 From e73745543045070ac638a8f5a4c8e40de7f72958 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 25 Oct 2005 18:52:31 +1000 Subject: - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't understand "%lld", even though the compiler has "long long", so handle it as a special case. Patch tested by mcaskill.scott at epa.gov. (actually was included in previous commit) --- ChangeLog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 004d751cb..54d92d23e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the sizeof(long long) checks, to make fixing bug #1104 easier (no changes yet). + - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't + understand "%lld", even though the compiler has "long long", so handle + it as a special case. Patch tested by mcaskill.scott at epa.gov. 20051017 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. @@ -3110,4 +3113,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3921 2005/10/25 08:38:33 dtucker Exp $ +$Id: ChangeLog,v 1.3922 2005/10/25 08:52:31 dtucker Exp $ -- cgit v1.2.3 From a841dceb4c506fd21cd4278bd2dbf04fc4f13fc2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 25 Oct 2005 18:55:00 +1000 Subject: - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no prompt. Patch from vinschen at redhat.com. --- ChangeLog | 4 +++- contrib/cygwin/ssh-user-config | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 54d92d23e..d786b1d5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't understand "%lld", even though the compiler has "long long", so handle it as a special case. Patch tested by mcaskill.scott at epa.gov. + - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no + prompt. Patch from vinschen at redhat.com. 20051017 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. @@ -3113,4 +3115,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3922 2005/10/25 08:52:31 dtucker Exp $ +$Id: ChangeLog,v 1.3923 2005/10/25 08:55:00 dtucker Exp $ diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index fe07ce360..9482efe9e 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config @@ -198,7 +198,7 @@ fi if [ ! -f "${pwdhome}/.ssh/id_rsa" ] then - if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " + if request "Shall I create an SSH2 RSA identity file for you?" then echo "Generating ${pwdhome}/.ssh/id_rsa" if [ "${with_passphrase}" = "yes" ] @@ -217,7 +217,7 @@ fi if [ ! -f "${pwdhome}/.ssh/id_dsa" ] then - if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " + if request "Shall I create an SSH2 DSA identity file for you?" then echo "Generating ${pwdhome}/.ssh/id_dsa" if [ "${with_passphrase}" = "yes" ] -- cgit v1.2.3 From 88edf6255bbc6c0ba87239608bb9b80656391330 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 30 Oct 2005 11:55:45 +1100 Subject: - (djm) [contrib/suse/openssh.spec contrib/suse/rc. sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init files from imorgan AT nas.nasa.gov --- ChangeLog | 7 +- contrib/suse/openssh.spec | 244 +++++++++++++++++++++++++++------------------ contrib/suse/rc.sshd | 133 ++++++++++++++++-------- contrib/suse/sysconfig.ssh | 9 ++ 4 files changed, 255 insertions(+), 138 deletions(-) create mode 100644 contrib/suse/sysconfig.ssh (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d786b1d5b..3571cb2dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051030 + - (djm) [contrib/suse/openssh.spec contrib/suse/rc. + sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init + files from imorgan AT nas.nasa.gov + 20051025 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the sizeof(long long) checks, to make fixing bug #1104 easier (no changes @@ -3115,4 +3120,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3923 2005/10/25 08:55:00 dtucker Exp $ +$Id: ChangeLog,v 1.3924 2005/10/30 00:55:45 djm Exp $ diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 6ad862fad..27d043e3b 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,14 +1,29 @@ -Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation -Name: openssh -Version: 4.2p1 -URL: http://www.openssh.com/ -Release: 1 -Source0: openssh-%{version}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /tmp/openssh-%{version}-buildroot -PreReq: openssl -Obsoletes: ssh +# Default values for additional components +%define build_x11_askpass 1 + +# Define the UID/GID to use for privilege separation +%define sshd_gid 65 +%define sshd_uid 71 + +# The version of x11-ssh-askpass to use +%define xversion 1.2.4.1 + +# Allow the ability to override defaults with -D skip_xxx=1 +%{?skip_x11_askpass:%define build_x11_askpass 0} + +Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation +Name: openssh +Version: 4.2p1 +URL: http://www.openssh.com/ +Release: 1 +Source0: openssh-%{version}.tar.gz +Source1: x11-ssh-askpass-%{xversion}.tar.gz +License: BSD +Group: Productivity/Networking/SSH +BuildRoot: %{_tmppath}/openssh-%{version}-buildroot +PreReq: openssl +Obsoletes: ssh +Provides: ssh # # (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) # building prerequisites -- stuff for @@ -16,14 +31,25 @@ Obsoletes: ssh # TCP Wrappers (nkitb), # and Gnome (glibdev, gtkdev, and gnlibsd) # -BuildPrereq: openssl -BuildPrereq: nkitb -BuildPrereq: glibdev -BuildPrereq: gtkdev -BuildPrereq: gnlibsd +BuildPrereq: openssl +BuildPrereq: nkitb +#BuildPrereq: glibdev +#BuildPrereq: gtkdev +#BuildPrereq: gnlibsd + +%package askpass +Summary: A passphrase dialog for OpenSSH and the X window System. +Group: Productivity/Networking/SSH +Requires: openssh = %{version} +Obsoletes: ssh-extras +Provides: openssh:${_libdir}/ssh/ssh-askpass + +%if %{build_x11_askpass} +BuildPrereq: XFree86-devel +%endif %description -Ssh (Secure Shell) a program for logging into a remote machine and for +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and @@ -34,10 +60,26 @@ up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). This package includes all files necessary for both the OpenSSH -client and server. Additionally, this package contains the GNOME -passphrase dialog. +client and server. + +%description askpass +Ssh (Secure Shell) is a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to seperate libraries (OpenSSL). + +This package contains an X Window System passphrase dialog for OpenSSH. %changelog +* Wed Oct 26 2005 Iain Morgan +- Removed accidental inclusion of --without-zlib-version-check +* Tue Oct 25 2005 Iain Morgan +- Overhaul to deal with newer versions of SuSE and OpenSSH * Mon Jun 12 2000 Damien Miller - Glob manpages to catch compressed files * Wed Mar 15 2000 Damien Miller @@ -84,116 +126,124 @@ passphrase dialog. %prep +%if %{build_x11_askpass} +%setup -q -a 1 +%else %setup -q +%endif %build CFLAGS="$RPM_OPT_FLAGS" \ -./configure --prefix=/usr \ - --sysconfdir=/etc/ssh \ - --datadir=/usr/share/openssh \ +%configure --prefix=/usr \ + --sysconfdir=%{_sysconfdir}/ssh \ + --mandir=%{_mandir} \ + --with-privsep-path=/var/lib/empty \ --with-pam \ - --with-gnome-askpass \ --with-tcp-wrappers \ - --with-ipv4-default \ - --libexecdir=/usr/lib/ssh + --libexecdir=%{_libdir}/ssh make -cd contrib -gcc -O -g `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` +%if %{build_x11_askpass} +cd x11-ssh-askpass-%{xversion} +%configure --mandir=/usr/X11R6/man \ + --libexecdir=%{_libdir}/ssh +xmkmf -a +make cd .. +%endif %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT/ -install -d $RPM_BUILD_ROOT/etc/ssh/ install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/sbin/init.d/ +install -d $RPM_BUILD_ROOT/etc/init.d/ install -d $RPM_BUILD_ROOT/var/adm/fillup-templates -install -d $RPM_BUILD_ROOT/usr/lib/ssh install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd -ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass -ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass -install -m744 contrib/suse/rc.config.sshd \ +install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd +install -m744 contrib/suse/sysconfig.ssh \ $RPM_BUILD_ROOT/var/adm/fillup-templates +%if %{build_x11_askpass} +cd x11-ssh-askpass-%{xversion} +make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/ +rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin +%endif + %clean rm -rf $RPM_BUILD_ROOT +%pre +/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || : +/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || : + %post -if [ "$1" = 1 ]; then - echo "Creating SSH stop/start scripts in the rc directories..." - ln -s ../sshd /sbin/init.d/rc2.d/K20sshd - ln -s ../sshd /sbin/init.d/rc2.d/S20sshd - ln -s ../sshd /sbin/init.d/rc3.d/K20sshd - ln -s ../sshd /sbin/init.d/rc3.d/S20sshd -fi -echo "Updating /etc/rc.config..." -if [ -x /bin/fillup ] ; then - /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd -else - echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." - echo "Update /etc/rc.config by hand from the following template file:" - echo " /var/adm/fillup-templates/rc.config.sshd" -fi if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - echo "Generating SSH host key..." - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 + echo "Generating SSH RSA host key..." + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 fi if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then echo "Generating SSH DSA host key..." - /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 -fi -if test -r /var/run/sshd.pid -then - echo "Restarting the running SSH daemon..." - /usr/sbin/rcsshd restart >&2 + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 fi +%{fillup_and_insserv -n -s -y ssh sshd START_SSHD} +%run_permissions + +%verifyscript +%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh %preun -if [ "$1" = 0 ] -then - echo "Stopping the SSH daemon..." - /usr/sbin/rcsshd stop >&2 - echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd -fi +%stop_on_removal sshd + +%postun +%restart_on_update sshd +%{insserv_cleanup} %files %defattr(-,root,root) %doc ChangeLog OVERVIEW README* %doc RFC.nroff TODO CREDITS LICENCE -%attr(0755,root,root) %dir /etc/ssh -%attr(0644,root,root) %config /etc/ssh/ssh_config -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/ssh/moduli -%attr(0644,root,root) %config /etc/pam.d/sshd -%attr(0755,root,root) %config /sbin/init.d/sshd -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/scp -%attr(4755,root,root) /usr/bin/ssh -%attr(-,root,root) /usr/bin/slogin -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0755,root,root) /usr/bin/ssh-keyscan -%attr(0755,root,root) /usr/bin/sftp -%attr(0755,root,root) /usr/sbin/sshd -%attr(-,root,root) /usr/sbin/rcsshd -%attr(0755,root,root) %dir /usr/lib/ssh -%attr(0755,root,root) /usr/lib/ssh/ssh-askpass -%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass -%attr(0644,root,root) %doc /usr/man/man1/scp.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh.1* -%attr(-,root,root) %doc /usr/man/man1/slogin.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1* -%attr(0644,root,root) %doc /usr/man/man8/sshd.8* -%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd +%attr(0755,root,root) %dir %{_sysconfdir}/ssh +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli +%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /etc/init.d/sshd +%attr(0755,root,root) %{_bindir}/ssh-keygen +%attr(0755,root,root) %{_bindir}/scp +%attr(0755,root,root) %{_bindir}/ssh +%attr(-,root,root) %{_bindir}/slogin +%attr(0755,root,root) %{_bindir}/ssh-agent +%attr(0755,root,root) %{_bindir}/ssh-add +%attr(0755,root,root) %{_bindir}/ssh-keyscan +%attr(0755,root,root) %{_bindir}/sftp +%attr(0755,root,root) %{_sbindir}/sshd +%attr(0755,root,root) %dir %{_libdir}/ssh +%attr(0755,root,root) %{_libdir}/ssh/sftp-server +%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign +%attr(0644,root,root) %doc %{_mandir}/man1/scp.1* +%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* +%attr(-,root,root) %doc %{_mandir}/man1/slogin.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1* +%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5* +%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5* +%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8* +%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8* +%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8* +%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh +%if %{build_x11_askpass} +%files askpass +%defattr(-,root,root) +%doc x11-ssh-askpass-%{xversion}/README +%doc x11-ssh-askpass-%{xversion}/ChangeLog +%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad +%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass +%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass +%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x* +%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x* +%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass +%endif diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd index f7d431ebb..573960bfa 100644 --- a/contrib/suse/rc.sshd +++ b/contrib/suse/rc.sshd @@ -1,80 +1,133 @@ #! /bin/sh -# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. +# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany. # -# Author: Chris Saia +# Author: Jiri Smid # -# /sbin/init.d/sshd +# /etc/init.d/sshd # # and symbolic its link # -# /sbin/rcsshd +# /usr/sbin/rcsshd # +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the sshd daemon +### END INIT INFO -. /etc/rc.config +SSHD_BIN=/usr/sbin/sshd +test -x $SSHD_BIN || exit 5 -# Determine the base and follow a runlevel link name. -base=${0##*/} -link=${base#*[SK][0-9][0-9]} +SSHD_SYSCONFIG=/etc/sysconfig/ssh +test -r $SSHD_SYSCONFIG || exit 6 +. $SSHD_SYSCONFIG -# Force execution if not called by a runlevel directory. -test $link = $base && START_SSHD=yes -test "$START_SSHD" = yes || exit 0 +SSHD_PIDFILE=/var/run/sshd.init.pid + +. /etc/rc.status + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# First reset status of this service +rc_reset -# The echo return value for success (defined in /etc/rc.config). -return=$rc_done case "$1" in start) - echo -n "Starting service sshd" + if ! test -f /etc/ssh/ssh_host_key ; then + echo Generating /etc/ssh/ssh_host_key. + ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' + fi + if ! test -f /etc/ssh/ssh_host_dsa_key ; then + echo Generating /etc/ssh/ssh_host_dsa_key. + + ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N '' + fi + if ! test -f /etc/ssh/ssh_host_rsa_key ; then + echo Generating /etc/ssh/ssh_host_rsa_key. + + ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N '' + fi + echo -n "Starting SSH daemon" ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. - startproc /usr/sbin/sshd || return=$rc_failed + startproc -f -p $SSHD_PIDFILE /usr/sbin/sshd $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" - echo -e "$return" + # Remember status and be verbose + rc_status -v ;; stop) - echo -n "Stopping service sshd" + echo -n "Shutting down SSH daemon" ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -TERM /usr/sbin/sshd || return=$rc_failed + killproc -p $SSHD_PIDFILE -TERM /usr/sbin/sshd - echo -e "$return" + # Remember status and be verbose + rc_status -v ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; restart) - ## If first returns OK call the second, if first or - ## second command fails, set echo return value. - $0 stop && $0 start || return=$rc_failed - ;; - reload) - ## Choose ONE of the following two cases: + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start - ## First possibility: A few services accepts a signal - ## to reread the (changed) configuration. + # Remember status and be quiet + rc_status + ;; + force-reload|reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). echo -n "Reload service sshd" - killproc -HUP /usr/sbin/sshd || return=$rc_failed - echo -e "$return" - ;; + + killproc -p $SSHD_PIDFILE -HUP /usr/sbin/sshd + + rc_status -v + + ;; status) - echo -n "Checking for service sshd" - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. + echo -n "Checking for service sshd " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. - checkproc /usr/sbin/sshd && echo OK || echo No process + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + checkproc -p $SSHD_PIDFILE /usr/sbin/sshd + + rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. - test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload + test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload ;; *) - echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac - -# Inform the caller not only verbosely and set an exit status. -test "$return" = "$rc_done" || exit 1 -exit 0 +rc_exit diff --git a/contrib/suse/sysconfig.ssh b/contrib/suse/sysconfig.ssh new file mode 100644 index 000000000..c6a37e5cb --- /dev/null +++ b/contrib/suse/sysconfig.ssh @@ -0,0 +1,9 @@ +## Path: Network/Remote access/SSH +## Description: SSH server settings +## Type: string +## Default: "" +## ServiceRestart: sshd +# +# Options for sshd +# +SSHD_OPTS="" -- cgit v1.2.3 From 42308a43745ef51d51fb941d15554be0bf379b1f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 30 Oct 2005 15:31:55 +1100 Subject: - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be added to sshd's session stack in order to maintain exising behaviour. Based on patch and discussion from t8m at centrum.cz, ok djm@ --- ChangeLog | 7 ++++++- session.c | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3571cb2dc..de9bd9f29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,11 @@ - (djm) [contrib/suse/openssh.spec contrib/suse/rc. sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init files from imorgan AT nas.nasa.gov + - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is + enabled, instead allow PAM to handle it. Note that on platforms using PAM, + the pam_nologin module should be added to sshd's session stack in order to + maintain exising behaviour. Based on patch and discussion from t8m at + centrum.cz, ok djm@ 20051025 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the @@ -3120,4 +3125,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3924 2005/10/30 00:55:45 djm Exp $ +$Id: ChangeLog,v 1.3925 2005/10/30 04:31:55 dtucker Exp $ diff --git a/session.c b/session.c index db8722f47..2a1a25ac4 100644 --- a/session.c +++ b/session.c @@ -1471,7 +1471,9 @@ do_child(Session *s, const char *command) if (!check_quietlogin(s, command)) do_motd(); #else /* HAVE_OSF_SIA */ - do_nologin(pw); + /* When PAM is enabled we rely on it to do the nologin check */ + if (!options.use_pam) + do_nologin(pw); do_setusercontext(pw); /* * PAM session modules in do_setusercontext may have -- cgit v1.2.3 From d32e293c045025b80892e8b05285ca9617d83ef6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Nov 2005 09:07:31 +1100 Subject: - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net via FreeBSD. --- ChangeLog | 7 ++++++- openbsd-compat/bsd-misc.c | 9 +++------ 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index de9bd9f29..cf8031250 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051102 + - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). + Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net + via FreeBSD. + 20051030 - (djm) [contrib/suse/openssh.spec contrib/suse/rc. sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init @@ -3125,4 +3130,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3925 2005/10/30 04:31:55 dtucker Exp $ +$Id: ChangeLog,v 1.3926 2005/11/01 22:07:31 dtucker Exp $ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 6ba9bd986..d32b054d7 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -223,10 +223,7 @@ strdup(const char *str) len = strlen(str) + 1; cp = malloc(len); if (cp != NULL) - if (strlcpy(cp, str, len) != len) { - free(cp); - return NULL; - } - return cp; + return(memcpy(cp, str, len)); + return NULL; } #endif -- cgit v1.2.3 From 3f54a9f5b7978e8e7085f86722bc2704f7fab2e2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 14:52:18 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2005/10/07 11:13:57 [ssh-keygen.c] change DSA default back to 1024, as it's defined for 1024 bits only and this causes interop problems with other clients. moreover, in order to improve the security of DSA you need to change more components of DSA key generation (e.g. the internal SHA1 hash); ok deraadt --- ChangeLog | 12 +++++++++++- ssh-keygen.c | 12 +++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cf8031250..10c031042 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +20051105 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2005/10/07 11:13:57 + [ssh-keygen.c] + change DSA default back to 1024, as it's defined for 1024 bits only + and this causes interop problems with other clients. moreover, + in order to improve the security of DSA you need to change more + components of DSA key generation (e.g. the internal SHA1 hash); + ok deraadt + 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net @@ -3130,4 +3140,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3926 2005/11/01 22:07:31 dtucker Exp $ +$Id: ChangeLog,v 1.3927 2005/11/05 03:52:18 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 92803da45..89686f5ac 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.130 2005/10/07 11:13:57 markus Exp $"); #include #include @@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); #endif #include "dns.h" -/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -u_int32_t bits = 2048; +/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ +#define DEFAULT_BITS 2048 +#define DEFAULT_BITS_DSA 1024 +u_int32_t bits = 0; /* * Flag indicating that we just want to change the passphrase. This can be @@ -1217,6 +1219,8 @@ main(int ac, char **av) out_file, strerror(errno)); return (1); } + if (bits == 0) + bits = DEFAULT_BITS; if (gen_candidates(out, memory, bits, start) != 0) fatal("modulus candidate generation failed\n"); @@ -1258,6 +1262,8 @@ main(int ac, char **av) } if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); + if (bits == 0) + bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; private = key_generate(type, bits); if (private == NULL) { fprintf(stderr, "key_generate failed"); -- cgit v1.2.3 From 39eda6eb6a8364e8df6779e71e0b434eaae3edd5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 14:52:50 +1100 Subject: - djm@cvs.openbsd.org 2005/10/10 10:23:08 [channels.c channels.h clientloop.c serverloop.c session.c] fix regression I introduced in 4.2: X11 forwardings initiated after a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ --- ChangeLog | 7 ++++++- channels.c | 9 ++++++--- channels.h | 7 ++++--- clientloop.c | 4 ++-- serverloop.c | 4 ++-- session.c | 37 +++++++++++++++++++++++-------------- 6 files changed, 43 insertions(+), 25 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 10c031042..221301eb9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,11 @@ in order to improve the security of DSA you need to change more components of DSA key generation (e.g. the internal SHA1 hash); ok deraadt + - djm@cvs.openbsd.org 2005/10/10 10:23:08 + [channels.c channels.h clientloop.c serverloop.c session.c] + fix regression I introduced in 4.2: X11 forwardings initiated after + a session has exited (e.g. "(sleep 5; xterm) &") would not start. + bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3140,4 +3145,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3927 2005/11/05 03:52:18 djm Exp $ +$Id: ChangeLog,v 1.3928 2005/11/05 03:52:50 djm Exp $ diff --git a/channels.c b/channels.c index af858b4a5..b0bc77901 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.224 2005/09/07 08:53:53 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.225 2005/10/10 10:23:08 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -269,6 +269,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->force_drain = 0; c->single_connection = 0; c->detach_user = NULL; + c->detach_close = 0; c->confirm = NULL; c->confirm_ctx = NULL; c->input_filter = NULL; @@ -628,7 +629,7 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) c->confirm_ctx = ctx; } void -channel_register_cleanup(int id, channel_callback_fn *fn) +channel_register_cleanup(int id, channel_callback_fn *fn, int do_close) { Channel *c = channel_lookup(id); @@ -637,6 +638,7 @@ channel_register_cleanup(int id, channel_callback_fn *fn) return; } c->detach_user = fn; + c->detach_close = do_close; } void channel_cancel_cleanup(int id) @@ -648,6 +650,7 @@ channel_cancel_cleanup(int id) return; } c->detach_user = NULL; + c->detach_close = 0; } void channel_register_filter(int id, channel_filter_fn *fn) @@ -1666,7 +1669,7 @@ channel_garbage_collect(Channel *c) if (c == NULL) return; if (c->detach_user != NULL) { - if (!chan_is_dead(c, 0)) + if (!chan_is_dead(c, c->detach_close)) return; debug2("channel %d: gc: notify user", c->self); c->detach_user(c->self, NULL); diff --git a/channels.h b/channels.h index 1cb2c3a34..7e1cc7c5a 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.80 2005/10/10 10:23:08 djm Exp $ */ /* * Author: Tatu Ylonen @@ -106,8 +106,9 @@ struct Channel { /* callback */ channel_callback_fn *confirm; - channel_callback_fn *detach_user; void *confirm_ctx; + channel_callback_fn *detach_user; + int detach_close; /* filter */ channel_filter_fn *input_filter; @@ -163,7 +164,7 @@ void channel_stop_listening(void); void channel_send_open(int); void channel_request_start(int, char *, int); -void channel_register_cleanup(int, channel_callback_fn *); +void channel_register_cleanup(int, channel_callback_fn *, int); void channel_register_confirm(int, channel_callback_fn *, void *); void channel_register_filter(int, channel_filter_fn *); void channel_cancel_cleanup(int); diff --git a/clientloop.c b/clientloop.c index da5bfd7bd..fed684956 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.142 2005/09/09 19:18:05 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.143 2005/10/10 10:23:08 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1379,7 +1379,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) simple_escape_filter); if (session_ident != -1) channel_register_cleanup(session_ident, - client_channel_closed); + client_channel_closed, 0); } else { /* Check if we should immediately send eof on stdin. */ client_check_initial_eof_on_stdin(); diff --git a/serverloop.c b/serverloop.c index d2eff170a..17608c238 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.119 2005/10/10 10:23:08 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -900,7 +900,7 @@ server_request_session(void) channel_free(c); return NULL; } - channel_register_cleanup(c->self, session_close_by_channel); + channel_register_cleanup(c->self, session_close_by_channel, 0); return c; } diff --git a/session.c b/session.c index 2a1a25ac4..5e6627cb0 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.187 2005/10/10 10:23:08 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2156,7 +2156,6 @@ static void session_exit_message(Session *s, int status) { Channel *c; - u_int i; if ((c = channel_lookup(s->chanid)) == NULL) fatal("session_exit_message: session %d: no channel %d", @@ -2186,7 +2185,15 @@ session_exit_message(Session *s, int status) /* disconnect channel */ debug("session_exit_message: release channel %d", s->chanid); - channel_cancel_cleanup(s->chanid); + s->pid = 0; + + /* + * Adjust cleanup callback attachment to send close messages when + * the channel gets EOF. The session will be then be closed + * by session_close_by_channel when the childs close their fds. + */ + channel_register_cleanup(c->self, session_close_by_channel, 1); + /* * emulate a write failure with 'chan_write_failed', nobody will be * interested in data we write. @@ -2195,15 +2202,6 @@ session_exit_message(Session *s, int status) */ if (c->ostate != CHAN_OUTPUT_CLOSED) chan_write_failed(c); - s->chanid = -1; - - /* Close any X11 listeners associated with this session */ - if (s->x11_chanids != NULL) { - for (i = 0; s->x11_chanids[i] != -1; i++) { - session_close_x11(s->x11_chanids[i]); - s->x11_chanids[i] = -1; - } - } } void @@ -2247,7 +2245,8 @@ session_close_by_pid(pid_t pid, int status) } if (s->chanid != -1) session_exit_message(s, status); - session_close(s); + if (s->ttyfd != -1) + session_pty_cleanup(s); } /* @@ -2258,6 +2257,7 @@ void session_close_by_channel(int id, void *arg) { Session *s = session_by_channel(id); + u_int i; if (s == NULL) { debug("session_close_by_channel: no session for id %d", id); @@ -2277,6 +2277,15 @@ session_close_by_channel(int id, void *arg) } /* detach by removing callback */ channel_cancel_cleanup(s->chanid); + + /* Close any X11 listeners associated with this session */ + if (s->x11_chanids != NULL) { + for (i = 0; s->x11_chanids[i] != -1; i++) { + session_close_x11(s->x11_chanids[i]); + s->x11_chanids[i] = -1; + } + } + s->chanid = -1; session_close(s); } @@ -2371,7 +2380,7 @@ session_setup_x11fwd(Session *s) } for (i = 0; s->x11_chanids[i] != -1; i++) { channel_register_cleanup(s->x11_chanids[i], - session_close_single_x11); + session_close_single_x11, 0); } /* Set up a suitable value for the DISPLAY variable. */ -- cgit v1.2.3 From 5e7fd076f517e01cbab0549cbb43245f66c1ac70 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 14:53:39 +1100 Subject: - djm@cvs.openbsd.org 2005/10/11 23:37:37 [channels.c] bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing bind() failure when a previous connection's listeners are in TIME_WAIT, reported by plattner AT inf.ethz.ch; ok dtucker@ --- ChangeLog | 7 ++++++- channels.c | 27 ++++++++++++++++++--------- 2 files changed, 24 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 221301eb9..f70f40f36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,11 @@ fix regression I introduced in 4.2: X11 forwardings initiated after a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ + - djm@cvs.openbsd.org 2005/10/11 23:37:37 + [channels.c] + bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing + bind() failure when a previous connection's listeners are in TIME_WAIT, + reported by plattner AT inf.ethz.ch; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3145,4 +3150,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3928 2005/11/05 03:52:50 djm Exp $ +$Id: ChangeLog,v 1.3929 2005/11/05 03:53:39 djm Exp $ diff --git a/channels.c b/channels.c index b0bc77901..175b59e44 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.225 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.226 2005/10/11 23:37:37 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1230,6 +1230,19 @@ port_open_helper(Channel *c, char *rtype) xfree(remote_ipaddr); } +static void +channel_set_reuseaddr(int fd) +{ + int on = 1; + + /* + * Set socket options. + * Allow local port reuse in TIME_WAIT. + */ + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); +} + /* * This socket is listening for connections to a forwarded TCP/IP port. */ @@ -2191,7 +2204,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por const char *host_to_connect, u_short port_to_connect, int gateway_ports) { Channel *c; - int sock, r, success = 0, on = 1, wildcard = 0, is_client; + int sock, r, success = 0, wildcard = 0, is_client; struct addrinfo hints, *ai, *aitop; const char *host, *addr; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -2278,13 +2291,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por verbose("socket: %.100s", strerror(errno)); continue; } - /* - * Set socket options. - * Allow local port reuse in TIME_WAIT. - */ - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, - sizeof(on)) == -1) - error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + + channel_set_reuseaddr(sock); debug("Local forwarding listening on %s port %s.", ntop, strport); @@ -2710,6 +2718,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); } #endif + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); -- cgit v1.2.3 From 5434eb2a69eb1b3a30bed5fce1a72f75cd7e2d4a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:03:24 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 [auth2-gss.c gss-genr.c gss-serv.c] remove unneeded #includes; ok markus@ --- ChangeLog | 5 ++++- auth2-gss.c | 3 +-- gss-genr.c | 4 +--- gss-serv.c | 4 +--- 4 files changed, 7 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f70f40f36..0fbc0b63a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing bind() failure when a previous connection's listeners are in TIME_WAIT, reported by plattner AT inf.ethz.ch; ok dtucker@ + - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 + [auth2-gss.c gss-genr.c gss-serv.c] + remove unneeded #includes; ok markus@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3150,4 +3153,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3929 2005/11/05 03:53:39 djm Exp $ +$Id: ChangeLog,v 1.3930 2005/11/05 04:03:24 djm Exp $ diff --git a/auth2-gss.c b/auth2-gss.c index 4d468a0e8..533649e7e 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.11 2005/10/13 14:03:01 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -34,7 +34,6 @@ #include "log.h" #include "dispatch.h" #include "servconf.h" -#include "compat.h" #include "packet.h" #include "monitor_wrap.h" diff --git a/gss-genr.c b/gss-genr.c index 9bc31aa2a..2450a370c 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.5 2005/10/13 14:03:01 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -30,9 +30,7 @@ #include "xmalloc.h" #include "bufaux.h" -#include "compat.h" #include "log.h" -#include "monitor_wrap.h" #include "ssh2.h" #include "ssh-gss.h" diff --git a/gss-serv.c b/gss-serv.c index eeec286bd..2866f5974 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.9 2005/09/19 11:48:10 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.10 2005/10/13 14:03:01 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,13 +29,11 @@ #ifdef GSSAPI #include "bufaux.h" -#include "compat.h" #include "auth.h" #include "log.h" #include "channels.h" #include "session.h" #include "servconf.h" -#include "monitor_wrap.h" #include "xmalloc.h" #include "getput.h" -- cgit v1.2.3 From 9fac26363961641cfb0ab7dd9bacc396f0b435de Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:03:48 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 [gss-serv.c] spelling in comments --- ChangeLog | 5 ++++- gss-serv.c | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0fbc0b63a..08626cc9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 [auth2-gss.c gss-genr.c gss-serv.c] remove unneeded #includes; ok markus@ + - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 + [gss-serv.c] + spelling in comments 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3153,4 +3156,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3930 2005/11/05 04:03:24 djm Exp $ +$Id: ChangeLog,v 1.3931 2005/11/05 04:03:48 djm Exp $ diff --git a/gss-serv.c b/gss-serv.c index 2866f5974..3cc6cdd37 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.10 2005/10/13 14:03:01 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.11 2005/10/13 14:20:37 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -59,7 +59,7 @@ ssh_gssapi_mech* supported_mechs[]= { &gssapi_null_mech, }; -/* Unpriviledged */ +/* Unprivileged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) { @@ -88,7 +88,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) * oid * credentials (from ssh_gssapi_acquire_cred) */ -/* Priviledged */ +/* Privileged */ OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags) @@ -186,7 +186,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) /* Extract the client details from a given context. This can only reliably * be called once for a context */ -/* Priviledged (called from accept_secure_ctx) */ +/* Privileged (called from accept_secure_ctx) */ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { @@ -296,7 +296,7 @@ ssh_gssapi_userok(char *user) return (0); } -/* Priviledged */ +/* Privileged */ OM_uint32 ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) { -- cgit v1.2.3 From 5f916c8f6c0f2cd2dbe93927b289585d3d42f10d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:05:28 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 [gss-serv-krb5.c gss-serv.c] unused declarations; ok deraadt@ (id sync only for gss-serv-krb5.c) --- ChangeLog | 6 +++++- gss-serv-krb5.c | 2 +- gss-serv.c | 4 +--- 3 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 08626cc9d..4e0a0606b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,10 @@ - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 [gss-serv.c] spelling in comments + - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 + [gss-serv-krb5.c gss-serv.c] + unused declarations; ok deraadt@ + (id sync only for gss-serv-krb5.c) 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3156,4 +3160,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3931 2005/11/05 04:03:48 djm Exp $ +$Id: ChangeLog,v 1.3932 2005/11/05 04:05:28 djm Exp $ diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 4f02621dd..5c5837ffb 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/gss-serv.c b/gss-serv.c index 3cc6cdd37..56ff9f612 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.11 2005/10/13 14:20:37 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.12 2005/10/13 19:08:08 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -39,8 +39,6 @@ #include "ssh-gss.h" -extern ServerOptions options; - static ssh_gssapi_client gssapi_client = { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; -- cgit v1.2.3 From 20afc24363eb4e88351d66792275ee9d4b1eaaa4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:06:38 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 [dns.c] unneeded #include, unused declaration, little knf; ok deraadt@ --- ChangeLog | 5 ++++- dns.c | 8 +++----- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4e0a0606b..3c7577fb2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ [gss-serv-krb5.c gss-serv.c] unused declarations; ok deraadt@ (id sync only for gss-serv-krb5.c) + - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 + [dns.c] + unneeded #include, unused declaration, little knf; ok deraadt@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3160,4 +3163,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3932 2005/11/05 04:05:28 djm Exp $ +$Id: ChangeLog,v 1.3933 2005/11/05 04:06:38 djm Exp $ diff --git a/dns.c b/dns.c index 4487c1aba..a62f43900 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.13 2005/10/13 19:13:41 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -40,10 +40,8 @@ #include "key.h" #include "dns.h" #include "log.h" -#include "uuencode.h" -extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: dns.c,v 1.13 2005/10/13 19:13:41 stevesk Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -223,7 +221,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (fingerprints->rri_nrdatas) *flags |= DNS_VERIFY_FOUND; - for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) { + for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) { /* * Extract the key from the answer. Ignore any badly * formatted fingerprints. -- cgit v1.2.3 From 6fd6defbce4c03820b8070b106bfe52bf2bed60a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:07:05 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 [auth2-gss.c gss-genr.c gss-serv.c monitor.c] KNF; ok djm@ --- ChangeLog | 5 ++++- auth2-gss.c | 6 +++--- gss-genr.c | 5 +++-- gss-serv.c | 13 ++++++------- monitor.c | 10 +++++----- 5 files changed, 21 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3c7577fb2..2479962b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 [dns.c] unneeded #include, unused declaration, little knf; ok deraadt@ + - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 + [auth2-gss.c gss-genr.c gss-serv.c monitor.c] + KNF; ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3163,4 +3166,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3933 2005/11/05 04:06:38 djm Exp $ +$Id: ChangeLog,v 1.3934 2005/11/05 04:07:05 djm Exp $ diff --git a/auth2-gss.c b/auth2-gss.c index 533649e7e..95844a05e 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.11 2005/10/13 14:03:01 stevesk Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,7 +48,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *); /* * We only support those mechanisms that we know about (ie ones that we know - * how to check local user kuserok and the like + * how to check local user kuserok and the like) */ static int userauth_gssapi(Authctxt *authctxt) @@ -104,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt) return (0); } - authctxt->methoddata=(void *)ctxt; + authctxt->methoddata = (void *)ctxt; packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); diff --git a/gss-genr.c b/gss-genr.c index 2450a370c..c2b4f2dd8 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.5 2005/10/13 14:03:01 stevesk Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -268,7 +268,8 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, } OM_uint32 -ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { +ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) +{ if (*ctx) ssh_gssapi_delete_ctx(ctx); ssh_gssapi_build_ctx(ctx); diff --git a/gss-serv.c b/gss-serv.c index 56ff9f612..26eec25bd 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.12 2005/10/13 19:08:08 stevesk Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,14 +134,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) OM_uint32 offset; OM_uint32 oidl; - tok=ename->value; + tok = ename->value; /* * Check that ename is long enough for all of the fixed length * header, and that the initial ID bytes are correct */ - if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) + if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) return GSS_S_FAILURE; /* @@ -160,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx, tok+6, oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -175,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) return GSS_S_FAILURE; name->value = xmalloc(name->length+1); - memcpy(name->value,tok+offset,name->length); + memcpy(name->value, tok+offset,name->length); ((char *)name->value)[name->length] = 0; return GSS_S_COMPLETE; @@ -259,9 +259,8 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) if (gssapi_client.store.envvar != NULL && gssapi_client.store.envval != NULL) { - debug("Setting %s to %s", gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, gssapi_client.store.envval); } diff --git a/monitor.c b/monitor.c index 24ad0b794..e6f648b0b 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $"); #include @@ -1829,7 +1829,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, major); - mm_request_send(sock,MONITOR_ANS_GSSSETUP, m); + mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); /* Now we have a context, enable the step */ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); @@ -1842,7 +1842,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; - OM_uint32 major,minor; + OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ u_int len; @@ -1859,7 +1859,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) gss_release_buffer(&minor, &out); - if (major==GSS_S_COMPLETE) { + if (major == GSS_S_COMPLETE) { monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); @@ -1908,7 +1908,7 @@ mm_answer_gss_userok(int sock, Buffer *m) debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); - auth_method="gssapi-with-mic"; + auth_method = "gssapi-with-mic"; /* Monitor loop will terminate if authenticated */ return (authenticated); -- cgit v1.2.3 From 15d72a00a3cd922f284b8a779a955733f487450f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:07:33 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 [ssh-keygen.c ssh.c sshconnect2.c] no trailing "\n" for log functions; ok djm@ --- ChangeLog | 5 ++++- ssh-keygen.c | 6 +++--- ssh.c | 8 ++++---- sshconnect2.c | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2479962b3..82b793f89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 [auth2-gss.c gss-genr.c gss-serv.c monitor.c] KNF; ok djm@ + - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 + [ssh-keygen.c ssh.c sshconnect2.c] + no trailing "\n" for log functions; ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3166,4 +3169,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3934 2005/11/05 04:07:05 djm Exp $ +$Id: ChangeLog,v 1.3935 2005/11/05 04:07:33 djm Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 89686f5ac..040813c5a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.130 2005/10/07 11:13:57 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.131 2005/10/14 02:17:59 stevesk Exp $"); #include #include @@ -1222,7 +1222,7 @@ main(int ac, char **av) if (bits == 0) bits = DEFAULT_BITS; if (gen_candidates(out, memory, bits, start) != 0) - fatal("modulus candidate generation failed\n"); + fatal("modulus candidate generation failed"); return (0); } @@ -1245,7 +1245,7 @@ main(int ac, char **av) out_file, strerror(errno)); } if (prime_test(in, out, trials, generator_wanted) != 0) - fatal("modulus screening failed\n"); + fatal("modulus screening failed"); return (0); } diff --git a/ssh.c b/ssh.c index 2c2b680a2..e51ead726 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.251 2005/09/19 15:42:44 jmc Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.252 2005/10/14 02:17:59 stevesk Exp $"); #include #include @@ -1013,7 +1013,7 @@ ssh_control_listener(void) fatal("ControlPath too long"); if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) - fatal("%s socket(): %s\n", __func__, strerror(errno)); + fatal("%s socket(): %s", __func__, strerror(errno)); old_umask = umask(0177); if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { @@ -1022,12 +1022,12 @@ ssh_control_listener(void) fatal("ControlSocket %s already exists", options.control_path); else - fatal("%s bind(): %s\n", __func__, strerror(errno)); + fatal("%s bind(): %s", __func__, strerror(errno)); } umask(old_umask); if (listen(control_fd, 64) == -1) - fatal("%s listen(): %s\n", __func__, strerror(errno)); + fatal("%s listen(): %s", __func__, strerror(errno)); set_nonblock(control_fd); } diff --git a/sshconnect2.c b/sshconnect2.c index ee7932d68..adf967281 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $"); #include "openbsd-compat/sys-queue.h" @@ -702,7 +702,7 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) packet_check_eom(); - debug("Server GSSAPI Error:\n%s\n", msg); + debug("Server GSSAPI Error:\n%s", msg); xfree(msg); xfree(lang); } -- cgit v1.2.3 From 0a0176e9f3853528c4a2af999fc58ad1fb2027a3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:07:59 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 [channels.c clientloop.c] free()->xfree(); ok djm@ --- ChangeLog | 5 ++++- channels.c | 4 ++-- clientloop.c | 8 ++++---- 3 files changed, 10 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 82b793f89..3081c80f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,9 @@ - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 [ssh-keygen.c ssh.c sshconnect2.c] no trailing "\n" for log functions; ok djm@ + - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 + [channels.c clientloop.c] + free()->xfree(); ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3169,4 +3172,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3935 2005/11/05 04:07:33 djm Exp $ +$Id: ChangeLog,v 1.3936 2005/11/05 04:07:59 djm Exp $ diff --git a/channels.c b/channels.c index 175b59e44..9607717cc 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.226 2005/10/11 23:37:37 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.227 2005/10/14 02:29:37 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2464,7 +2464,7 @@ channel_request_rforward_cancel(const char *host, u_short port) permitted_opens[i].listen_port = 0; permitted_opens[i].port_to_connect = 0; - free(permitted_opens[i].host_to_connect); + xfree(permitted_opens[i].host_to_connect); permitted_opens[i].host_to_connect = NULL; } diff --git a/clientloop.c b/clientloop.c index fed684956..b267fa142 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.143 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.144 2005/10/14 02:29:37 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1880,7 +1880,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, /* Split */ name = xstrdup(env[i]); if ((val = strchr(name, '=')) == NULL) { - free(name); + xfree(name); continue; } *val++ = '\0'; @@ -1894,7 +1894,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, } if (!matched) { debug3("Ignored env %s", name); - free(name); + xfree(name); continue; } @@ -1903,7 +1903,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, packet_put_cstring(name); packet_put_cstring(val); packet_send(); - free(name); + xfree(name); } } -- cgit v1.2.3 From c1af1d5f409f75420b421ec85749753071ee843e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:08:57 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 [sshconnect.c] make external definition static; ok deraadt@ --- ChangeLog | 5 ++++- sshconnect.c | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3081c80f3..3ad1c306d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 [channels.c clientloop.c] free()->xfree(); ok djm@ + - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 + [sshconnect.c] + make external definition static; ok deraadt@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3172,4 +3175,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3936 2005/11/05 04:07:59 djm Exp $ +$Id: ChangeLog,v 1.3937 2005/11/05 04:08:57 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index ba7b9b71e..d8cfd35b3 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.169 2005/10/15 15:28:12 stevesk Exp $"); #include @@ -31,13 +31,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $"); #include "readconf.h" #include "atomicio.h" #include "misc.h" - #include "dns.h" char *client_version_string = NULL; char *server_version_string = NULL; -int matching_host_key_dns = 0; +static int matching_host_key_dns = 0; /* import */ extern Options options; -- cgit v1.2.3 From 7e8795d3082de5b0f86728b5ecceff56d69db491 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:10:42 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 [dns.c] remove #ifdef LWRES; ok jakob@ --- ChangeLog | 11 ++++++++++- dns.c | 12 ++---------- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3ad1c306d..8258b3b9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,15 @@ - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 [sshconnect.c] make external definition static; ok deraadt@ + - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 + [dns.c] + fix memory leaks from 2 sources: + 1) key_fingerprint_raw() + 2) malloc in dns_read_rdata() + ok jakob@ + - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 + [dns.c] + remove #ifdef LWRES; ok jakob@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3175,4 +3184,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3937 2005/11/05 04:08:57 djm Exp $ +$Id: ChangeLog,v 1.3938 2005/11/05 04:10:42 djm Exp $ diff --git a/dns.c b/dns.c index 4ff9ef3f4..d73fdb256 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.14 2005/10/17 13:45:05 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.15 2005/10/17 14:01:28 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -29,21 +29,15 @@ #include "includes.h" #include -#ifdef LWRES -#include -#include -#else /* LWRES */ #include -#endif /* LWRES */ #include "xmalloc.h" #include "key.h" #include "dns.h" #include "log.h" -RCSID("$OpenBSD: dns.c,v 1.14 2005/10/17 13:45:05 stevesk Exp $"); +RCSID("$OpenBSD: dns.c,v 1.15 2005/10/17 14:01:28 stevesk Exp $"); -#ifndef LWRES static const char *errset_text[] = { "success", /* 0 ERRSET_SUCCESS */ "out of memory", /* 1 ERRSET_NOMEMORY */ @@ -73,8 +67,6 @@ dns_result_totext(unsigned int res) return "unknown error"; } } -#endif /* LWRES */ - /* * Read SSHFP parameters from key buffer. -- cgit v1.2.3 From 319550a52b08a56eee54af494433bb9bca547d82 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:11:15 +1100 Subject: - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 [dns.c dns.h] more cleanups; ok jakob@ --- ChangeLog | 5 ++++- dns.c | 14 +++++--------- dns.h | 4 +--- 3 files changed, 10 insertions(+), 13 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8258b3b9b..6e546e1f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,9 @@ - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 [dns.c] remove #ifdef LWRES; ok jakob@ + - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 + [dns.c dns.h] + more cleanups; ok jakob@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3184,4 +3187,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3938 2005/11/05 04:10:42 djm Exp $ +$Id: ChangeLog,v 1.3939 2005/11/05 04:11:15 djm Exp $ diff --git a/dns.c b/dns.c index d73fdb256..a71dd9bff 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.15 2005/10/17 14:01:28 stevesk Exp $ */ +/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -25,10 +25,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include "includes.h" +RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $"); -#include #include #include "xmalloc.h" @@ -36,8 +35,6 @@ #include "dns.h" #include "log.h" -RCSID("$OpenBSD: dns.c,v 1.15 2005/10/17 14:01:28 stevesk Exp $"); - static const char *errset_text[] = { "success", /* 0 ERRSET_SUCCESS */ "out of memory", /* 1 ERRSET_NOMEMORY */ @@ -179,7 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, *flags = 0; - debug3("verify_hostkey_dns"); + debug3("verify_host_key_dns"); if (hostkey == NULL) fatal("No key to look up!"); @@ -256,7 +253,6 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, return 0; } - /* * Export the fingerprint of a key as a DNS resource record */ @@ -272,7 +268,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) int success = 0; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, - &rdata_digest, &rdata_digest_len, key)) { + &rdata_digest, &rdata_digest_len, key)) { if (generic) fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, @@ -288,7 +284,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) xfree(rdata_digest); /* from key_fingerprint_raw() */ success = 1; } else { - error("dns_export_rr: unsupported algorithm"); + error("export_dns_rr: unsupported algorithm"); } return success; diff --git a/dns.h b/dns.h index c5da22ef6..0aa1c28f2 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $ */ +/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -25,7 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include "includes.h" #ifndef DNS_H @@ -49,7 +48,6 @@ enum sshfp_hashes { #define DNS_VERIFY_MATCH 0x00000002 #define DNS_VERIFY_SECURE 0x00000004 - int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *); int export_dns_rr(const char *, const Key *, FILE *, int); -- cgit v1.2.3 From b3bfbb735583ed13d6141bba61bae0dc65fec291 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:11:48 +1100 Subject: - djm@cvs.openbsd.org 2005/10/30 01:23:19 [ssh_config.5] mention control socket fallback behaviour, reported by tryponraj AT gmail.com --- ChangeLog | 6 +++++- ssh_config.5 | 8 +++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6e546e1f4..533062b91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,10 @@ - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 [dns.c dns.h] more cleanups; ok jakob@ + - djm@cvs.openbsd.org 2005/10/30 01:23:19 + [ssh_config.5] + mention control socket fallback behaviour, reported by + tryponraj AT gmail.com 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3187,4 +3191,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3939 2005/11/05 04:11:15 djm Exp $ +$Id: ChangeLog,v 1.3940 2005/11/05 04:11:48 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 2e38be950..fcbf1e594 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.62 2005/09/19 11:37:34 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.63 2005/10/30 01:23:19 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -263,8 +263,10 @@ with set to .Dq no (the default). -These sessions will reuse the master instance's network connection rather -than initiating new ones. +These sessions will try to reuse the master instance's network connection +rather than initiating new ones, but will fall back to connecting normally +if the control socket does not exist, or is not listening. +.Pp Setting this to .Dq ask will cause -- cgit v1.2.3 From 4bbacb706b36e35f341d41a25ee0cfa6b37af047 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:12:28 +1100 Subject: - djm@cvs.openbsd.org 2005/10/30 04:01:03 [ssh-keyscan.c] make ssh-keygen discard junk from server before SSH- ident, spotted by dave AT cirt.net; ok dtucker@ --- ChangeLog | 6 +++++- ssh-keyscan.c | 20 +++++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 533062b91..2aad22f7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,10 @@ [ssh_config.5] mention control socket fallback behaviour, reported by tryponraj AT gmail.com + - djm@cvs.openbsd.org 2005/10/30 04:01:03 + [ssh-keyscan.c] + make ssh-keygen discard junk from server before SSH- ident, spotted by + dave AT cirt.net; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3191,4 +3195,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3940 2005/11/05 04:11:48 djm Exp $ +$Id: ChangeLog,v 1.3941 2005/11/05 04:12:28 djm Exp $ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 8ac97bd35..6915102dd 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.57 2005/10/30 04:01:03 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -499,12 +499,18 @@ congreet(int s) size_t bufsiz; con *c = &fdcon[s]; - bufsiz = sizeof(buf); - cp = buf; - while (bufsiz-- && (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') { - if (*cp == '\r') - *cp = '\n'; - cp++; + for (;;) { + memset(buf, '\0', sizeof(buf)); + bufsiz = sizeof(buf); + cp = buf; + while (bufsiz-- && + (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') { + if (*cp == '\r') + *cp = '\n'; + cp++; + } + if (n != 1 || strncmp(buf, "SSH-", 4) == 0) + break; } if (n == 0) { switch (errno) { -- cgit v1.2.3 From aa3bb1094011e640488e9f2ebd718a79960b147d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:12:59 +1100 Subject: - djm@cvs.openbsd.org 2005/10/30 04:03:24 [ssh.c] fix misleading debug message; ok dtucker@ --- ChangeLog | 5 ++++- ssh.c | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2aad22f7a..112f5728f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,9 @@ [ssh-keyscan.c] make ssh-keygen discard junk from server before SSH- ident, spotted by dave AT cirt.net; ok dtucker@ + - djm@cvs.openbsd.org 2005/10/30 04:03:24 + [ssh.c] + fix misleading debug message; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3195,4 +3198,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3941 2005/11/05 04:12:28 djm Exp $ +$Id: ChangeLog,v 1.3942 2005/11/05 04:12:59 djm Exp $ diff --git a/ssh.c b/ssh.c index e51ead726..7e8bc1f24 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.252 2005/10/14 02:17:59 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.253 2005/10/30 04:03:24 djm Exp $"); #include #include @@ -794,8 +794,7 @@ ssh_init_forwarding(void) debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", (options.remote_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : - options.remote_forwards[i].listen_host, + "LOCALHOST" : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); -- cgit v1.2.3 From 4d3fd54c91dae68ea2642387196015931ee83200 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:13:24 +1100 Subject: - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 [canohost.c sshd.c] Check for connections with IP options earlier and drop silently. ok djm@ --- ChangeLog | 5 ++++- canohost.c | 6 ++---- sshd.c | 9 +++++++-- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 112f5728f..52660e2be 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ - djm@cvs.openbsd.org 2005/10/30 04:03:24 [ssh.c] fix misleading debug message; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 + [canohost.c sshd.c] + Check for connections with IP options earlier and drop silently. ok djm@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3198,4 +3201,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3942 2005/11/05 04:12:59 djm Exp $ +$Id: ChangeLog,v 1.3943 2005/11/05 04:13:24 djm Exp $ diff --git a/canohost.c b/canohost.c index 0c4d36ff6..66867c10b 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.45 2005/10/03 07:44:42 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr) for (i = 0; i < option_size; i++) snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]); - logit("Connection from %.100s with IP options:%.800s", - ipaddr, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", + fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); } #endif /* IP_OPTIONS */ diff --git a/sshd.c b/sshd.c index c4d66e2fc..4b5f89e2a 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.315 2005/09/21 23:37:11 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); #include #include @@ -1651,7 +1651,12 @@ main(int ac, char **av) debug("get_remote_port failed"); cleanup_exit(255); } - remote_ip = get_remote_ipaddr(); + + /* + * We use get_canonical_hostname with usedns = 0 instead of + * get_remote_ipaddr here so IP options will be checked. + */ + remote_ip = get_canonical_hostname(0); #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); -- cgit v1.2.3 From 713de76f66d4a27134938ebf6836ef97471c128a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:13:49 +1100 Subject: - jmc@cvs.openbsd.org 2005/10/30 08:43:47 [ssh_config.5] remove trailing whitespace; --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 52660e2be..85a2545cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -68,6 +68,9 @@ - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 [canohost.c sshd.c] Check for connections with IP options earlier and drop silently. ok djm@ + - jmc@cvs.openbsd.org 2005/10/30 08:43:47 + [ssh_config.5] + remove trailing whitespace; 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3201,4 +3204,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3943 2005/11/05 04:13:24 djm Exp $ +$Id: ChangeLog,v 1.3944 2005/11/05 04:13:49 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index fcbf1e594..13cdee88b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.63 2005/10/30 01:23:19 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.64 2005/10/30 08:43:47 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -263,7 +263,7 @@ with set to .Dq no (the default). -These sessions will try to reuse the master instance's network connection +These sessions will try to reuse the master instance's network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening. .Pp -- cgit v1.2.3 From 788f212aed68781efe7aa80e625c5f8cd4d98100 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:14:59 +1100 Subject: - djm@cvs.openbsd.org 2005/10/30 08:52:18 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change --- ChangeLog | 6 +++++- clientloop.c | 4 ++-- packet.c | 4 ++-- serverloop.c | 4 ++-- session.c | 6 +++--- ssh-agent.c | 4 ++-- ssh-keygen.c | 4 ++-- ssh.c | 6 +++--- sshconnect.c | 4 ++-- sshconnect1.c | 8 ++++---- sshd.c | 6 +++--- 11 files changed, 30 insertions(+), 26 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 85a2545cc..9adfbb7b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,10 @@ - jmc@cvs.openbsd.org 2005/10/30 08:43:47 [ssh_config.5] remove trailing whitespace; + - djm@cvs.openbsd.org 2005/10/30 08:52:18 + [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] + [ssh.c sshconnect.c sshconnect1.c sshd.c] + no need to escape single quotes in comments, no binary change 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3204,4 +3208,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3944 2005/11/05 04:13:49 djm Exp $ +$Id: ChangeLog,v 1.3945 2005/11/05 04:14:59 djm Exp $ diff --git a/clientloop.c b/clientloop.c index b267fa142..001c8f119 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.144 2005/10/14 02:29:37 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.145 2005/10/30 08:52:17 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -113,7 +113,7 @@ extern char *host; static volatile sig_atomic_t received_window_change_signal = 0; static volatile sig_atomic_t received_signal = 0; -/* Flag indicating whether the user\'s terminal is in non-blocking mode. */ +/* Flag indicating whether the user's terminal is in non-blocking mode. */ static int in_non_blocking_mode = 0; /* Common data for the client loop code. */ diff --git a/packet.c b/packet.c index 70e0110cb..db2aa2411 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -572,7 +572,7 @@ packet_send1(void) buffer_clear(&outgoing_packet); /* - * Note that the packet is now only buffered in output. It won\'t be + * Note that the packet is now only buffered in output. It won't be * actually sent until packet_write_wait or packet_write_poll is * called. */ diff --git a/serverloop.c b/serverloop.c index 17608c238..208f7e1e9 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.119 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -548,7 +548,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) * If we have no separate fderr (which is the case when we have a pty * - there we cannot make difference between data sent to stdout and * stderr), indicate that we have seen an EOF from stderr. This way - * we don\'t need to check the descriptor everywhere. + * we don't need to check the descriptor everywhere. */ if (fderr == -1) fderr_eof = 1; diff --git a/session.c b/session.c index 5e6627cb0..7863aa15f 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.187 2005/10/10 10:23:08 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.188 2005/10/30 08:52:17 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1419,7 +1419,7 @@ child_close_fds(void) endpwent(); /* - * Close any extra open file descriptors so that we don\'t have them + * Close any extra open file descriptors so that we don't have them * hanging around in clients. Note that we want to do this after * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. @@ -1554,7 +1554,7 @@ do_child(Session *s, const char *command) } #endif - /* Change current directory to the user\'s home directory. */ + /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); diff --git a/ssh-agent.c b/ssh-agent.c index 6f0ba130d..a69c25eec 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -355,7 +355,7 @@ process_remove_identity(SocketEntry *e, int version) if (id != NULL) { /* * We have this key. Free the old key. Since we - * don\'t want to leave empty slots in the middle of + * don't want to leave empty slots in the middle of * the array, we actually free the key there and move * all the entries between the empty slot and the end * of the array. diff --git a/ssh-keygen.c b/ssh-keygen.c index 040813c5a..915d5580b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.131 2005/10/14 02:17:59 stevesk Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.132 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -1274,7 +1274,7 @@ main(int ac, char **av) if (!have_identity) ask_filename(pw, "Enter file in which to save the key"); - /* Create ~/.ssh directory if it doesn\'t already exist. */ + /* Create ~/.ssh directory if it doesn't already exist. */ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL && stat(dotsshdir, &st) < 0) { diff --git a/ssh.c b/ssh.c index 7e8bc1f24..2227755cd 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.253 2005/10/30 04:03:24 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.254 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -698,7 +698,7 @@ again: /* * Now that we are back to our own permissions, create ~/.ssh - * directory if it doesn\'t already exist. + * directory if it doesn't already exist. */ snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (stat(buf, &st) < 0) @@ -810,7 +810,7 @@ static void check_agent_present(void) { if (options.forward_agent) { - /* Clear agent forwarding if we don\'t have an agent. */ + /* Clear agent forwarding if we don't have an agent. */ if (!ssh_agent_present()) options.forward_agent = 0; } diff --git a/sshconnect.c b/sshconnect.c index d8cfd35b3..2245a8af6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.169 2005/10/15 15:28:12 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.170 2005/10/30 08:52:18 djm Exp $"); #include @@ -603,7 +603,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, file_key = key_new(host_key->type); /* - * Check if the host key is present in the user\'s list of known + * Check if the host key is present in the user's list of known * hosts or in the systemwide list. */ host_file = user_hostfile; diff --git a/sshconnect1.c b/sshconnect1.c index bd05723c7..440d7c5bd 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.62 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -84,7 +84,7 @@ try_agent_authentication(void) /* Wait for server's response. */ type = packet_read(); - /* The server sends failure if it doesn\'t like our key or + /* The server sends failure if it doesn't like our key or does not support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); @@ -215,8 +215,8 @@ try_rsa_authentication(int idx) type = packet_read(); /* - * The server responds with failure if it doesn\'t like our key or - * doesn\'t support RSA authentication. + * The server responds with failure if it doesn't like our key or + * doesn't support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); diff --git a/sshd.c b/sshd.c index 4b5f89e2a..f0fdf5a83 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.316 2005/10/30 08:29:29 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.317 2005/10/30 08:52:18 djm Exp $"); #include #include @@ -1682,10 +1682,10 @@ main(int ac, char **av) verbose("Connection from %.500s port %d", remote_ip, remote_port); /* - * We don\'t want to listen forever unless the other side + * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is * cleared after successful authentication. A limit of zero - * indicates no limit. Note that we don\'t set the alarm in debugging + * indicates no limit. Note that we don't set the alarm in debugging * mode; it is just annoying to have the server exit just when you * are about to discover the bug. */ -- cgit v1.2.3 From 653b93be5d67a918419e63db34383aa3a552db12 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:15:23 +1100 Subject: - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 [sftp.c] Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ --- ChangeLog | 5 ++++- sftp.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9adfbb7b1..d6c114c74 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,9 @@ [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change + - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 + [sftp.c] + Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3208,4 +3211,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3945 2005/11/05 04:14:59 djm Exp $ +$Id: ChangeLog,v 1.3946 2005/11/05 04:15:23 djm Exp $ diff --git a/sftp.c b/sftp.c index f29927c0f..ff3223ad2 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.68 2005/10/31 06:15:04 dtucker Exp $"); #ifdef USE_LIBEDIT #include @@ -697,6 +697,8 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) } if (lflag & SORT_FLAGS) { + for (n = 0; d[n] != NULL; n++) + ; /* count entries */ sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT); qsort(d, n, sizeof(*d), sdirent_comp); } -- cgit v1.2.3 From f14be5ce03b0a40857f381819436602fa67c4d75 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:15:49 +1100 Subject: - djm@cvs.openbsd.org 2005/10/31 11:12:49 [ssh-keygen.1 ssh-keygen.c] generate a protocol 2 RSA key by default --- ChangeLog | 5 ++++- ssh-keygen.1 | 5 ++++- ssh-keygen.c | 9 ++++----- 3 files changed, 12 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d6c114c74..e16e8c753 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,6 +78,9 @@ - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 [sftp.c] Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ + - djm@cvs.openbsd.org 2005/10/31 11:12:49 + [ssh-keygen.1 ssh-keygen.c] + generate a protocol 2 RSA key by default 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3211,4 +3214,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3946 2005/11/05 04:15:23 djm Exp $ +$Id: ChangeLog,v 1.3947 2005/11/05 04:15:49 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 5454d00ce..2c952ba71 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.70 2005/10/31 11:12:49 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -118,6 +118,9 @@ keys for use by SSH protocol version 2. The type of key to be generated is specified with the .Fl t option. +If invoked without any arguments, +.Nm +will generate a RSA key for use in SSH protocol 2 connections. .Pp .Nm is also used to generate groups for use in Diffie-Hellman group diff --git a/ssh-keygen.c b/ssh-keygen.c index 915d5580b..7f9c7fd1a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.132 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.133 2005/10/31 11:12:49 djm Exp $"); #include #include @@ -1251,10 +1251,9 @@ main(int ac, char **av) arc4random_stir(); - if (key_type_name == NULL) { - printf("You must specify a key type (-t).\n"); - usage(); - } + if (key_type_name == NULL) + key_type_name = "rsa"; + type = key_type_from_name(key_type_name); if (type == KEY_UNSPEC) { fprintf(stderr, "unknown key type %s\n", key_type_name); -- cgit v1.2.3 From c7e2d3fa1049c13d33d043e15c524f19e2791586 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:16:12 +1100 Subject: - djm@cvs.openbsd.org 2005/10/31 11:48:29 [serverloop.c] make sure we clean up wtmp, etc. file when we receive a SIGTERM, SIGINT or SIGQUIT when running without privilege separation (the normal privsep case is already OK). Patch mainly by dtucker@ and senthilkumar_sen AT hotpop.com; ok dtucker@ --- ChangeLog | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e16e8c753..6ebe18efc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,6 +81,12 @@ - djm@cvs.openbsd.org 2005/10/31 11:12:49 [ssh-keygen.1 ssh-keygen.c] generate a protocol 2 RSA key by default + - djm@cvs.openbsd.org 2005/10/31 11:48:29 + [serverloop.c] + make sure we clean up wtmp, etc. file when we receive a SIGTERM, + SIGINT or SIGQUIT when running without privilege separation (the + normal privsep case is already OK). Patch mainly by dtucker@ and + senthilkumar_sen AT hotpop.com; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3214,4 +3220,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3947 2005/11/05 04:15:49 djm Exp $ +$Id: ChangeLog,v 1.3948 2005/11/05 04:16:12 djm Exp $ -- cgit v1.2.3 From 83d0d39d0e30d545d9caa94089b92739a479dff1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:16:27 +1100 Subject: - jmc@cvs.openbsd.org 2005/10/31 19:55:25 [ssh-keygen.1] grammar; --- ChangeLog | 5 ++++- ssh-keygen.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6ebe18efc..e4f703fe2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -87,6 +87,9 @@ SIGINT or SIGQUIT when running without privilege separation (the normal privsep case is already OK). Patch mainly by dtucker@ and senthilkumar_sen AT hotpop.com; ok dtucker@ + - jmc@cvs.openbsd.org 2005/10/31 19:55:25 + [ssh-keygen.1] + grammar; 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3220,4 +3223,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3948 2005/11/05 04:16:12 djm Exp $ +$Id: ChangeLog,v 1.3949 2005/11/05 04:16:27 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 2c952ba71..348a49ce2 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.70 2005/10/31 11:12:49 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.71 2005/10/31 19:55:25 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -120,7 +120,7 @@ The type of key to be generated is specified with the option. If invoked without any arguments, .Nm -will generate a RSA key for use in SSH protocol 2 connections. +will generate an RSA key for use in SSH protocol 2 connections. .Pp .Nm is also used to generate groups for use in Diffie-Hellman group -- cgit v1.2.3 From 24ecf612614d83622d9777349b4ecd21ee22bb2a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:16:52 +1100 Subject: - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 [canohost.c] Cache reverse lookups with and without DNS separately; ok markus@ --- ChangeLog | 5 ++++- canohost.c | 27 ++++++++++++++------------- serverloop.c | 36 +++++++++++++++++++++++++++++++++++- 3 files changed, 53 insertions(+), 15 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e4f703fe2..cefc3e0b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -90,6 +90,9 @@ - jmc@cvs.openbsd.org 2005/10/31 19:55:25 [ssh-keygen.1] grammar; + - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 + [canohost.c] + Cache reverse lookups with and without DNS separately; ok markus@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3223,4 +3226,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3949 2005/11/05 04:16:27 djm Exp $ +$Id: ChangeLog,v 1.3950 2005/11/05 04:16:52 djm Exp $ diff --git a/canohost.c b/canohost.c index 66867c10b..bd7f830de 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.46 2005/10/30 08:29:29 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.47 2005/11/03 13:38:29 dtucker Exp $"); #include "packet.h" #include "xmalloc.h" @@ -198,26 +198,27 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) const char * get_canonical_hostname(int use_dns) { + char *host; static char *canonical_host_name = NULL; - static int use_dns_done = 0; + static char *remote_ip = NULL; /* Check if we have previously retrieved name with same option. */ - if (canonical_host_name != NULL) { - if (use_dns_done != use_dns) - xfree(canonical_host_name); - else - return canonical_host_name; - } + if (use_dns && canonical_host_name != NULL) + return canonical_host_name; + if (!use_dns && remote_ip != NULL) + return remote_ip; /* Get the real hostname if socket; otherwise return UNKNOWN. */ if (packet_connection_is_on_socket()) - canonical_host_name = get_remote_hostname( - packet_get_connection_in(), use_dns); + host = get_remote_hostname(packet_get_connection_in(), use_dns); else - canonical_host_name = xstrdup("UNKNOWN"); + host = "UNKNOWN"; - use_dns_done = use_dns; - return canonical_host_name; + if (use_dns) + canonical_host_name = host; + else + remote_ip = host; + return host; } /* diff --git a/serverloop.c b/serverloop.c index 208f7e1e9..03376bacf 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.120 2005/10/30 08:52:17 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.121 2005/10/31 11:48:29 djm Exp $"); #include "xmalloc.h" #include "packet.h" @@ -61,6 +61,7 @@ extern ServerOptions options; /* XXX */ extern Kex *xxx_kex; extern Authctxt *the_authctxt; +extern int use_privsep; static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ @@ -90,6 +91,9 @@ static int client_alive_timeouts = 0; static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */ +/* Cleanup on signals (!use_privsep case only) */ +static volatile sig_atomic_t received_sigterm = 0; + /* prototypes */ static void server_init_dispatch(void); @@ -151,6 +155,12 @@ sigchld_handler(int sig) errno = save_errno; } +static void +sigterm_handler(int sig) +{ + received_sigterm = sig; +} + /* * Make packets from buffered stderr data, and buffer it for sending * to the client. @@ -502,6 +512,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) child_terminated = 0; mysignal(SIGCHLD, sigchld_handler); + if (!use_privsep) { + signal(SIGTERM, sigterm_handler); + signal(SIGINT, sigterm_handler); + signal(SIGQUIT, sigterm_handler); + } + /* Initialize our global variables. */ fdin = fdin_arg; fdout = fdout_arg; @@ -629,6 +645,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) wait_until_can_do_something(&readset, &writeset, &max_fd, &nalloc, max_time_milliseconds); + if (received_sigterm) { + logit("Exiting on signal %d", received_sigterm); + /* Clean up sessions, utmp, etc. */ + cleanup_exit(255); + } + /* Process any channel events. */ channel_after_select(readset, writeset); @@ -749,6 +771,12 @@ server_loop2(Authctxt *authctxt) connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); + if (!use_privsep) { + signal(SIGTERM, sigterm_handler); + signal(SIGINT, sigterm_handler); + signal(SIGQUIT, sigterm_handler); + } + notify_setup(); max_fd = MAX(connection_in, connection_out); @@ -766,6 +794,12 @@ server_loop2(Authctxt *authctxt) wait_until_can_do_something(&readset, &writeset, &max_fd, &nalloc, 0); + if (received_sigterm) { + logit("Exiting on signal %d", received_sigterm); + /* Clean up sessions, utmp, etc. */ + cleanup_exit(255); + } + collect_children(); if (!rekeying) { channel_after_select(readset, writeset); -- cgit v1.2.3 From 19bb3a57f88adc789d61964fcb8f50165026b322 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 15:19:35 +1100 Subject: - djm@cvs.openbsd.org 2005/11/04 05:15:59 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@ --- ChangeLog | 7 ++++++- kex.c | 36 +++++++++++++++++++++--------------- kex.h | 22 ++++++++++++---------- kexdh.c | 10 ++++++---- kexdhc.c | 15 ++++++++------- kexdhs.c | 17 ++++++++--------- kexgex.c | 16 +++++++++------- kexgexc.c | 17 ++++++++++------- kexgexs.c | 20 ++++++++++---------- 9 files changed, 90 insertions(+), 70 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cefc3e0b4..6fb0b7d35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -93,6 +93,11 @@ - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 [canohost.c] Cache reverse lookups with and without DNS separately; ok markus@ + - djm@cvs.openbsd.org 2005/11/04 05:15:59 + [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] + remove hardcoded hash lengths in key exchange code, allowing + implementation of KEX methods with different hashes (e.g. SHA-256); + ok markus@ dtucker@ stevesk@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3226,4 +3231,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3950 2005/11/05 04:16:52 djm Exp $ +$Id: ChangeLog,v 1.3951 2005/11/05 04:19:35 djm Exp $ diff --git a/kex.c b/kex.c index 5dce335fe..cd71be9ca 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $"); #include @@ -294,13 +294,17 @@ choose_kex(Kex *k, char *client, char *server) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { k->kex_type = KEX_DH_GRP1_SHA1; + k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DH14) == 0) { k->kex_type = KEX_DH_GRP14_SHA1; - } else if (strcmp(k->name, KEX_DHGEX) == 0) { + k->evp_md = EVP_sha1(); + } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; + k->evp_md = EVP_sha1(); } else fatal("bad kex alg %s", k->name); } + static void choose_hostkeyalg(Kex *k, char *client, char *server) { @@ -404,28 +408,28 @@ kex_choose_conf(Kex *kex) } static u_char * -derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) +derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, + BIGNUM *shared_secret) { Buffer b; - const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; char c = id; u_int have; - int mdsz = EVP_MD_size(evp_md); + int mdsz; u_char *digest; - if (mdsz < 0) - fatal("derive_key: mdsz < 0"); - digest = xmalloc(roundup(need, mdsz)); + if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0) + fatal("bad kex md size %d", mdsz); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); /* K1 = HASH(K || H || "A" || session_id) */ - EVP_DigestInit(&md, evp_md); + EVP_DigestInit(&md, kex->evp_md); if (!(datafellows & SSH_BUG_DERIVEKEY)) EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, mdsz); + EVP_DigestUpdate(&md, hash, hashlen); EVP_DigestUpdate(&md, &c, 1); EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); EVP_DigestFinal(&md, digest, NULL); @@ -436,10 +440,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) * Key = K1 || K2 || ... || Kn */ for (have = mdsz; need > have; have += mdsz) { - EVP_DigestInit(&md, evp_md); + EVP_DigestInit(&md, kex->evp_md); if (!(datafellows & SSH_BUG_DERIVEKEY)) EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, mdsz); + EVP_DigestUpdate(&md, hash, hashlen); EVP_DigestUpdate(&md, digest, have); EVP_DigestFinal(&md, digest + have, NULL); } @@ -455,13 +459,15 @@ Newkeys *current_keys[MODE_MAX]; #define NKEYS 6 void -kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) +kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) { u_char *keys[NKEYS]; u_int i, mode, ctos; - for (i = 0; i < NKEYS; i++) - keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); + for (i = 0; i < NKEYS; i++) { + keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, + shared_secret); + } debug2("kex_derive_keys"); for (mode = 0; mode < MODE_MAX; mode++) { diff --git a/kex.h b/kex.h index 3024a2717..bbd931e04 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -31,9 +31,9 @@ #include "cipher.h" #include "key.h" -#define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" -#define KEX_DHGEX "diffie-hellman-group-exchange-sha1" +#define KEX_DH1 "diffie-hellman-group1-sha1" +#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -114,6 +114,7 @@ struct Kex { Buffer peer; int done; int flags; + const EVP_MD *evp_md; char *client_version_string; char *server_version_string; int (*verify_host_key)(Key *); @@ -127,7 +128,7 @@ void kex_finish(Kex *); void kex_send_kexinit(Kex *); void kex_input_kexinit(int, u_int32_t, void *); -void kex_derive_keys(Kex *, u_char *, BIGNUM *); +void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *); Newkeys *kex_get_newkeys(int); @@ -136,12 +137,13 @@ void kexdh_server(Kex *); void kexgex_client(Kex *); void kexgex_server(Kex *); -u_char * +void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, - BIGNUM *, BIGNUM *, BIGNUM *); -u_char * -kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, - int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); + BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); +void +kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, u_char **, u_int *); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); diff --git a/kexdh.c b/kexdh.c index 4bbb7d1db..f79d8781d 100644 --- a/kexdh.c +++ b/kexdh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $"); #include @@ -32,7 +32,7 @@ RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); #include "ssh2.h" #include "kex.h" -u_char * +void kex_dh_hash( char *client_version_string, char *server_version_string, @@ -41,7 +41,8 @@ kex_dh_hash( u_char *serverhostkeyblob, int sbloblen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, - BIGNUM *shared_secret) + BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) { Buffer b; static u_char digest[EVP_MAX_MD_SIZE]; @@ -77,5 +78,6 @@ kex_dh_hash( #ifdef DEBUG_KEX dump_digest("hash", digest, EVP_MD_size(evp_md)); #endif - return digest; + *hash = digest; + *hashlen = EVP_MD_size(evp_md); } diff --git a/kexdhc.c b/kexdhc.c index f48bd4678..d8a2fa3b7 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -41,7 +41,7 @@ kexdh_client(Kex *kex) Key *server_host_key; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen; + u_int klen, kout, slen, sbloblen, hashlen; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { @@ -114,7 +114,7 @@ kexdh_client(Kex *kex) xfree(kbuf); /* calc and verify H */ - hash = kex_dh_hash( + kex_dh_hash( kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -122,25 +122,26 @@ kexdh_client(Kex *kex) server_host_key_blob, sbloblen, dh->pub_key, dh_server_pub, - shared_secret + shared_secret, + &hash, &hashlen ); xfree(server_host_key_blob); BN_clear_free(dh_server_pub); DH_free(dh); - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); /* save session id */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/kexdhs.c b/kexdhs.c index 225e65592..26c8cdfd6 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -41,7 +41,7 @@ kexdh_server(Kex *kex) DH *dh; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout; + u_int sbloblen, klen, kout, hashlen; u_int slen; /* generate server DH public key */ @@ -103,7 +103,7 @@ kexdh_server(Kex *kex) key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); /* calc H */ - hash = kex_dh_hash( + kex_dh_hash( kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), @@ -111,21 +111,20 @@ kexdh_server(Kex *kex) server_host_key_blob, sbloblen, dh_client_pub, dh->pub_key, - shared_secret + shared_secret, + &hash, &hashlen ); BN_clear_free(dh_client_pub); /* save session id := H */ - /* XXX hashlen depends on KEX */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); /* destroy_sensitive_data(); */ @@ -141,7 +140,7 @@ kexdh_server(Kex *kex) /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } diff --git a/kexgex.c b/kexgex.c index b0c39c8cb..705484a47 100644 --- a/kexgex.c +++ b/kexgex.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $"); #include @@ -33,8 +33,9 @@ RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); #include "kex.h" #include "ssh2.h" -u_char * +void kexgex_hash( + const EVP_MD *evp_md, char *client_version_string, char *server_version_string, char *ckexinit, int ckexinitlen, @@ -43,11 +44,11 @@ kexgex_hash( int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, - BIGNUM *shared_secret) + BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) { Buffer b; static u_char digest[EVP_MAX_MD_SIZE]; - const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; buffer_init(&b); @@ -79,14 +80,15 @@ kexgex_hash( #ifdef DEBUG_KEXDH buffer_dump(&b); #endif + EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); EVP_DigestFinal(&md, digest, NULL); buffer_free(&b); - + *hash = digest; + *hashlen = EVP_MD_size(evp_md); #ifdef DEBUG_KEXDH - dump_digest("hash", digest, EVP_MD_size(evp_md)); + dump_digest("hash", digest, *hashlen); #endif - return digest; } diff --git a/kexgexc.c b/kexgexc.c index 0193183b9..a6ff8757d 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $"); +RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -42,7 +42,7 @@ kexgex_client(Kex *kex) BIGNUM *p = NULL, *g = NULL; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int klen, kout, slen, sbloblen; + u_int klen, kout, slen, sbloblen, hashlen; int min, max, nbits; DH *dh; @@ -155,7 +155,8 @@ kexgex_client(Kex *kex) min = max = -1; /* calc and verify H */ - hash = kexgex_hash( + kexgex_hash( + kex->evp_md, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -165,25 +166,27 @@ kexgex_client(Kex *kex) dh->p, dh->g, dh->pub_key, dh_server_pub, - shared_secret + shared_secret, + &hash, &hashlen ); + /* have keys, free DH */ DH_free(dh); xfree(server_host_key_blob); BN_clear_free(dh_server_pub); - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); /* save session id */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); diff --git a/kexgexs.c b/kexgexs.c index baebfcfb0..c48b27af9 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -43,7 +43,7 @@ kexgex_server(Kex *kex) Key *server_host_key; DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, slen; + u_int sbloblen, klen, kout, slen, hashlen; int min = -1, max = -1, nbits = -1, type; if (kex->load_host_key == NULL) @@ -137,8 +137,9 @@ kexgex_server(Kex *kex) if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) min = max = -1; - /* calc H */ /* XXX depends on 'kex' */ - hash = kexgex_hash( + /* calc H */ + kexgex_hash( + kex->evp_md, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), @@ -148,21 +149,20 @@ kexgex_server(Kex *kex) dh->p, dh->g, dh_client_pub, dh->pub_key, - shared_secret + shared_secret, + &hash, &hashlen ); BN_clear_free(dh_client_pub); /* save session id := H */ - /* XXX hashlen depends on KEX */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); /* destroy_sensitive_data(); */ @@ -179,7 +179,7 @@ kexgex_server(Kex *kex) /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); -- cgit v1.2.3 From 5fd8b02b440fac52cbf70c203fbfc716a3620074 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 16:04:36 +1100 Subject: - djm@cvs.openbsd.org 2005/11/05 05:01:15 [bufaux.c] Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT cs.stanford.edu; ok dtucker@ --- ChangeLog | 6 +++++- bufaux.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6fb0b7d35..46b40f197 100644 --- a/ChangeLog +++ b/ChangeLog @@ -98,6 +98,10 @@ remove hardcoded hash lengths in key exchange code, allowing implementation of KEX methods with different hashes (e.g. SHA-256); ok markus@ dtucker@ stevesk@ + - djm@cvs.openbsd.org 2005/11/05 05:01:15 + [bufaux.c] + Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT + cs.stanford.edu; ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3231,4 +3235,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3951 2005/11/05 04:19:35 djm Exp $ +$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $ diff --git a/bufaux.c b/bufaux.c index 8d096a056..106a3a0c7 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $"); #include #include "bufaux.h" @@ -63,6 +63,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) if (oi != bin_size) { error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", oi, bin_size); + xfree(buf); return (-1); } @@ -187,10 +188,12 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) if (len > 0 && (bin[0] & 0x80)) { error("buffer_get_bignum2_ret: negative numbers not supported"); + xfree(bin); return (-1); } if (len > 8 * 1024) { error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); + xfree(bin); return (-1); } BN_bin2bn(bin, len, value); -- cgit v1.2.3 From 3a38c5a856073672228b8033599e96fe749cb116 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 5 Nov 2005 16:28:35 +1100 Subject: - (dtucker) [README.platform] Add PAM section. --- ChangeLog | 3 ++- README.platform | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 46b40f197..1da05ea8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -102,6 +102,7 @@ [bufaux.c] Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT cs.stanford.edu; ok dtucker@ + - (dtucker) [README.platform] Add PAM section. 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3235,4 +3236,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $ +$Id: ChangeLog,v 1.3953 2005/11/05 05:28:35 dtucker Exp $ diff --git a/README.platform b/README.platform index af551de48..4c18a3278 100644 --- a/README.platform +++ b/README.platform @@ -45,4 +45,14 @@ number is already in use on your system, you may change it at build time by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. -$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ +Platforms using PAM +------------------- +As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when +PAM is enabled. To maintain existing behaviour, pam_nologin should be +added to sshd's session stack which will prevent users from starting shell +sessions. Alternatively, pam_nologin can be added to either the auth or +account stacks which will prevent authentication entirely, but will still +return the output from pam_nologin to the client. + + +$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $ -- cgit v1.2.3 From 9b59ada7ca95a7ab42c49ae7b7cd6ff713b1bea0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Nov 2005 16:56:52 +1100 Subject: - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; ok dtucker@ --- ChangeLog | 5 +- openbsd-compat/getrrsetbyname.c | 112 ++++++++++++++++++++++------------------ 2 files changed, 66 insertions(+), 51 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1da05ea8a..8270f8c68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -103,6 +103,9 @@ Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT cs.stanford.edu; ok dtucker@ - (dtucker) [README.platform] Add PAM section. + - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, + resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; + ok dtucker@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3236,4 +3239,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3953 2005/11/05 05:28:35 dtucker Exp $ +$Id: ChangeLog,v 1.3954 2005/11/05 05:56:52 djm Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 2016ffe31..973e480b4 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -1,6 +1,6 @@ /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ -/* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */ +/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ /* * Copyright (c) 2001 Jakob Schlyter. All rights reserved. @@ -51,48 +51,18 @@ #include "getrrsetbyname.h" -#define ANSWER_BUFFER_SIZE 1024*64 - #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO extern int h_errno; #endif -struct dns_query { - char *name; - u_int16_t type; - u_int16_t class; - struct dns_query *next; -}; - -struct dns_rr { - char *name; - u_int16_t type; - u_int16_t class; - u_int16_t ttl; - u_int16_t size; - void *rdata; - struct dns_rr *next; -}; - -struct dns_response { - HEADER header; - struct dns_query *query; - struct dns_rr *answer; - struct dns_rr *authority; - struct dns_rr *additional; -}; - -static struct dns_response *parse_dns_response(const u_char *, int); -static struct dns_query *parse_dns_qsection(const u_char *, int, - const u_char **, int); -static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **, - int); - -static void free_dns_query(struct dns_query *); -static void free_dns_rr(struct dns_rr *); -static void free_dns_response(struct dns_response *); +/* We don't need multithread support here */ +#ifdef _THREAD_PRIVATE +# undef _THREAD_PRIVATE +#endif +#define _THREAD_PRIVATE(a,b,c) (c) +struct __res_state _res; -static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); +/* Necessary functions and macros */ /* * Inline versions of get/put short/long. Pointer is advanced. @@ -162,14 +132,56 @@ _getlong(msgp) u_int32_t _getlong(register const u_char *); #endif +/* ************** */ + +#define ANSWER_BUFFER_SIZE 1024*64 + +struct dns_query { + char *name; + u_int16_t type; + u_int16_t class; + struct dns_query *next; +}; + +struct dns_rr { + char *name; + u_int16_t type; + u_int16_t class; + u_int16_t ttl; + u_int16_t size; + void *rdata; + struct dns_rr *next; +}; + +struct dns_response { + HEADER header; + struct dns_query *query; + struct dns_rr *answer; + struct dns_rr *authority; + struct dns_rr *additional; +}; + +static struct dns_response *parse_dns_response(const u_char *, int); +static struct dns_query *parse_dns_qsection(const u_char *, int, + const u_char **, int); +static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **, + int); + +static void free_dns_query(struct dns_query *); +static void free_dns_rr(struct dns_rr *); +static void free_dns_response(struct dns_response *); + +static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); + int getrrsetbyname(const char *hostname, unsigned int rdclass, unsigned int rdtype, unsigned int flags, struct rrsetinfo **res) { + struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); int result; struct rrsetinfo *rrset = NULL; - struct dns_response *response; + struct dns_response *response = NULL; struct dns_rr *rr; struct rdatainfo *rdata; int length; @@ -195,19 +207,19 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, } /* initialize resolver */ - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { + if ((_resp->options & RES_INIT) == 0 && res_init() == -1) { result = ERRSET_FAIL; goto fail; } #ifdef DEBUG - _res.options |= RES_DEBUG; + _resp->options |= RES_DEBUG; #endif /* DEBUG */ #ifdef RES_USE_DNSSEC /* turn on DNSSEC if EDNS0 is configured */ - if (_res.options & RES_USE_EDNS0) - _res.options |= RES_USE_DNSSEC; + if (_resp->options & RES_USE_EDNS0) + _resp->options |= RES_USE_DNSSEC; #endif /* RES_USE_DNSEC */ /* make query */ @@ -250,20 +262,16 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, rrset->rri_ttl = response->answer->ttl; rrset->rri_nrdatas = response->header.ancount; -#ifdef HAVE_HEADER_AD /* check for authenticated data */ if (response->header.ad == 1) rrset->rri_flags |= RRSET_VALIDATED; -#endif /* copy name from answer section */ - length = strlen(response->answer->name); - rrset->rri_name = malloc(length + 1); + rrset->rri_name = strdup(response->answer->name); if (rrset->rri_name == NULL) { result = ERRSET_NOMEMORY; goto fail; } - strlcpy(rrset->rri_name, response->answer->name, length + 1); /* count answers */ rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass, @@ -281,7 +289,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { + if (rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } @@ -311,6 +319,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, memcpy(rdata->rdi_data, rr->rdata, rr->size); } } + free_dns_response(response); *res = rrset; return (ERRSET_SUCCESS); @@ -318,6 +327,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, fail: if (rrset != NULL) freerrset(rrset); + if (response != NULL) + free_dns_response(response); return (result); } @@ -467,7 +478,8 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) } static struct dns_rr * -parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int count) +parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, + int count) { struct dns_rr *head, *curr, *prev; int i, length; -- cgit v1.2.3 From b8c89d14bbd6ea20e1ef785adcfd27d067009f3d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 10:10:10 +1100 Subject: - (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of "register"). --- ChangeLog | 7 ++++++- openbsd-compat/setenv.c | 12 ++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8270f8c68..1ce552d71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051110 + - (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from + OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of + "register"). + 20051105 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2005/10/07 11:13:57 @@ -3239,4 +3244,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3954 2005/11/05 05:56:52 djm Exp $ +$Id: ChangeLog,v 1.3955 2005/11/09 23:10:10 dtucker Exp $ diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index c3a86c651..9f746ded0 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -41,6 +41,8 @@ static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $ char *__findenv(const char *name, int *offset); +/* OpenSSH Portable: __findenv is from getenv.c rev 1.8 */ + /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. @@ -51,14 +53,12 @@ char *__findenv(const char *name, int *offset); * This routine *should* be a static; don't use it. */ char * -__findenv(name, offset) - register const char *name; - int *offset; +__findenv(const char *name, int *offset) { extern char **environ; - register int len, i; - register const char *np; - register char **p, *cp; + int len, i; + const char *np; + char **p, *cp; if (name == NULL || environ == NULL) return (NULL); -- cgit v1.2.3 From 32b531067dbfaf1570faad9abadc359b1675e324 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 10:13:06 +1100 Subject: - (dtucker) [openbsd-compat/getenv.c] Make __findenv static, remove unnecessary prototype. --- ChangeLog | 4 +++- openbsd-compat/setenv.c | 8 ++------ 2 files changed, 5 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1ce552d71..7b9b6a516 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of "register"). + - (dtucker) [openbsd-compat/getenv.c] Make __findenv static, remove + unnecessary prototype. 20051105 - (djm) OpenBSD CVS Sync @@ -3244,4 +3246,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3955 2005/11/09 23:10:10 dtucker Exp $ +$Id: ChangeLog,v 1.3956 2005/11/09 23:13:06 dtucker Exp $ diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 9f746ded0..7894c485a 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -39,9 +39,7 @@ static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $ #include #include -char *__findenv(const char *name, int *offset); - -/* OpenSSH Portable: __findenv is from getenv.c rev 1.8 */ +/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ /* * __findenv -- @@ -49,10 +47,8 @@ char *__findenv(const char *name, int *offset); * Sets offset to be the offset of the name/value combination in the * environmental array, for use by setenv(3) and unsetenv(3). * Explicitly removes '=' in argument name. - * - * This routine *should* be a static; don't use it. */ -char * +static char * __findenv(const char *name, int *offset) { extern char **environ; -- cgit v1.2.3 From 063ba7455fa6c726771fe0d8495544a38c29fa51 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 10:38:45 +1100 Subject: - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c revs 1.7 - 1.9. --- ChangeLog | 8 ++++--- openbsd-compat/setenv.c | 62 ++++++++++++++++++------------------------------- 2 files changed, 28 insertions(+), 42 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7b9b6a516..1ddf19340 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,11 @@ 20051110 - - (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from + - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of "register"). - - (dtucker) [openbsd-compat/getenv.c] Make __findenv static, remove + - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove unnecessary prototype. + - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c + revs 1.7 - 1.9. 20051105 - (djm) OpenBSD CVS Sync @@ -3246,4 +3248,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3956 2005/11/09 23:13:06 dtucker Exp $ +$Id: ChangeLog,v 1.3957 2005/11/09 23:38:45 dtucker Exp $ diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 7894c485a..93a681152 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -1,5 +1,6 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ +/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -32,15 +33,12 @@ #include "includes.h" #if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include -/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ +extern char **environ; +/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. @@ -80,14 +78,10 @@ __findenv(const char *name, int *offset) * "value". If rewrite is set, replace any current value. */ int -setenv(name, value, rewrite) - register const char *name; - register const char *value; - int rewrite; +setenv(const char *name, const char *value, int rewrite) { - extern char **environ; - static int alloced; /* if allocated space before */ - register char *C; + static char **lastenv; /* last value of environ */ + char *C; int l_value, offset; if (*value == '=') /* no `=' in value */ @@ -102,30 +96,23 @@ setenv(name, value, rewrite) return (0); } } else { /* create new slot */ - register int cnt; - register char **P; + size_t cnt; + char **P; - for (P = environ, cnt = 0; *P; ++P, ++cnt); - if (alloced) { /* just increase size */ - P = (char **)realloc((void *)environ, - (size_t)(sizeof(char *) * (cnt + 2))); - if (!P) - return (-1); - environ = P; - } - else { /* get new space */ - alloced = 1; /* copy old entries into it */ - P = (char **)malloc((size_t)(sizeof(char *) * - (cnt + 2))); - if (!P) - return (-1); - memmove(P, environ, cnt * sizeof(char *)); - environ = P; - } - environ[cnt + 1] = NULL; + for (P = environ; *P != NULL; P++) + ; + cnt = P - environ; + P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2)); + if (!P) + return (-1); + if (lastenv != environ) + memcpy(P, environ, cnt * sizeof(char *)); + lastenv = environ = P; offset = cnt; + environ[cnt + 1] = NULL; } - for (C = (char *)name; *C && *C != '='; ++C); /* no `=' in name */ + for (C = (char *)name; *C && *C != '='; ++C) + ; /* no `=' in name */ if (!(environ[offset] = /* name + `=' + value */ malloc((size_t)((int)(C - name) + l_value + 2)))) return (-1); @@ -143,15 +130,12 @@ setenv(name, value, rewrite) * Delete environmental variable "name". */ void -unsetenv(name) - const char *name; +unsetenv(const char *name) { - extern char **environ; - register char **P; + char **P; int offset; - char *__findenv(); - while (__findenv(name, &offset)) /* if set multiple times */ + while (__findenv(name, &offset)) /* if set multiple times */ for (P = &environ[offset];; ++P) if (!(*P = *(P + 1))) break; -- cgit v1.2.3 From 618db97fe17c7249cef1b53ed1adc9582b10f7f4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 14:43:11 +1100 Subject: - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. Patch from djm@. --- ChangeLog | 4 +++- auth-krb5.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1ddf19340..9a68732d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ unnecessary prototype. - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c revs 1.7 - 1.9. + - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. + Patch from djm@. 20051105 - (djm) OpenBSD CVS Sync @@ -3248,4 +3250,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3957 2005/11/09 23:38:45 dtucker Exp $ +$Id: ChangeLog,v 1.3958 2005/11/10 03:43:11 dtucker Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index c7367b49a..a84e5401c 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -218,7 +218,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { ret = snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); - if (ret == -1 || ret >= sizeof(ccname)) + if (ret < 0 || (size_t)ret >= sizeof(ccname)) return ENOMEM; old_umask = umask(0177); -- cgit v1.2.3 From b0288098c9e9c4753e8e9537051eef4b7f417585 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 14:46:48 +1100 Subject: - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ since they're not useful right now. Patch from djm@. --- ChangeLog | 4 +++- configure.ac | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9a68732d1..7114edc57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ revs 1.7 - 1.9. - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. Patch from djm@. + - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ + since they're not useful right now. Patch from djm@. 20051105 - (djm) OpenBSD CVS Sync @@ -3250,4 +3252,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3958 2005/11/10 03:43:11 dtucker Exp $ +$Id: ChangeLog,v 1.3959 2005/11/10 03:46:48 dtucker Exp $ diff --git a/configure.ac b/configure.ac index afcd8aff0..a7b8e8000 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.303 2005/10/25 08:38:34 dtucker Exp $ +# $Id: configure.ac,v 1.304 2005/11/10 03:46:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -90,7 +90,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 1.*) ;; 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; 2.*) ;; - *) CFLAGS="$CFLAGS -Wsign-compare" ;; + 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; + *) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; esac if test -z "$have_llong_max"; then -- cgit v1.2.3 From e5a2b5288dea7f17373d97f4e81972de6935ae07 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 15:56:44 +1100 Subject: - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI prototypes, removal of "register"). --- ChangeLog | 4 +++- openbsd-compat/getgrouplist.c | 15 ++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7114edc57..28ee1d6c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ Patch from djm@. - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ since they're not useful right now. Patch from djm@. + - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI + prototypes, removal of "register"). 20051105 - (djm) OpenBSD CVS Sync @@ -3252,4 +3254,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3959 2005/11/10 03:46:48 dtucker Exp $ +$Id: ChangeLog,v 1.3960 2005/11/10 04:56:44 dtucker Exp $ diff --git a/openbsd-compat/getgrouplist.c b/openbsd-compat/getgrouplist.c index 59c164f44..2a2b8878b 100644 --- a/openbsd-compat/getgrouplist.c +++ b/openbsd-compat/getgrouplist.c @@ -1,5 +1,6 @@ /* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ +/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -33,10 +34,6 @@ #ifndef HAVE_GETGROUPLIST -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* * get credential */ @@ -46,14 +43,10 @@ static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraad #include int -getgrouplist(uname, agroup, groups, grpcnt) - const char *uname; - gid_t agroup; - register gid_t *groups; - int *grpcnt; +getgrouplist(const char *uname, gid_t agroup, gid_t *groups, int *grpcnt) { - register struct group *grp; - register int i, ngroups; + struct group *grp; + int i, ngroups; int ret, maxgroups; int bail; -- cgit v1.2.3 From 80c0d7eb885d244d4745b55a392ee07b03e41676 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:05:37 +1100 Subject: - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal of "register"). --- ChangeLog | 4 +++- openbsd-compat/strlcat.c | 12 ++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 28ee1d6c4..0ea4054f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ since they're not useful right now. Patch from djm@. - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI prototypes, removal of "register"). + - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal + of "register"). 20051105 - (djm) OpenBSD CVS Sync @@ -3254,4 +3256,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3960 2005/11/10 04:56:44 dtucker Exp $ +$Id: ChangeLog,v 1.3961 2005/11/10 05:05:37 dtucker Exp $ diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c index 70f01cb2a..8252f31af 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c @@ -1,6 +1,6 @@ /* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ -/* $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $ */ +/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1998 Todd C. Miller @@ -21,10 +21,6 @@ #include "includes.h" #ifndef HAVE_STRLCAT -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include @@ -38,9 +34,9 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp size_t strlcat(char *dst, const char *src, size_t siz) { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + char *d = dst; + const char *s = src; + size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ -- cgit v1.2.3 From 7f24a0e64774e6566242f44b0f06ab06607d0c97 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:18:56 +1100 Subject: - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to after the copyright notices. Having them at the top next to the CVSIDs guarantees a conflict for each and every sync. --- ChangeLog | 5 ++++- openbsd-compat/base64.c | 4 ++-- openbsd-compat/basename.c | 4 ++-- openbsd-compat/daemon.c | 4 ++-- openbsd-compat/dirname.c | 4 ++-- openbsd-compat/getcwd.c | 4 ++-- openbsd-compat/getgrouplist.c | 4 ++-- openbsd-compat/getopt.c | 4 ++-- openbsd-compat/getrrsetbyname.c | 4 ++-- openbsd-compat/glob.c | 4 ++-- openbsd-compat/glob.h | 4 ++-- openbsd-compat/inet_aton.c | 4 ++-- openbsd-compat/inet_ntoa.c | 4 ++-- openbsd-compat/inet_ntop.c | 4 ++-- openbsd-compat/mktemp.c | 4 ++-- openbsd-compat/readpassphrase.c | 4 ++-- openbsd-compat/readpassphrase.h | 4 ++-- openbsd-compat/realpath.c | 4 ++-- openbsd-compat/rresvport.c | 4 ++-- openbsd-compat/setenv.c | 4 ++-- openbsd-compat/sigact.c | 4 ++-- openbsd-compat/strlcat.c | 4 ++-- openbsd-compat/strlcpy.c | 4 ++-- openbsd-compat/strmode.c | 4 ++-- openbsd-compat/strsep.c | 4 ++-- openbsd-compat/strtoll.c | 4 ++-- openbsd-compat/strtonum.c | 4 ++-- openbsd-compat/strtoul.c | 4 ++-- openbsd-compat/sys-queue.h | 4 ++-- openbsd-compat/sys-tree.h | 4 ++-- openbsd-compat/vis.c | 4 ++-- openbsd-compat/vis.h | 4 ++-- 32 files changed, 66 insertions(+), 63 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0ea4054f9..367127ebc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ prototypes, removal of "register"). - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal of "register"). + - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to + after the copyright notices. Having them at the top next to the CVSIDs + guarantees a conflict for each and every sync. 20051105 - (djm) OpenBSD CVS Sync @@ -3256,4 +3259,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3961 2005/11/10 05:05:37 dtucker Exp $ +$Id: ChangeLog,v 1.3962 2005/11/10 05:18:56 dtucker Exp $ diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c index dcaa03e5d..6eadb5c10 100644 --- a/openbsd-compat/base64.c +++ b/openbsd-compat/base64.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ - /* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ /* @@ -44,6 +42,8 @@ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. */ +/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ + #include "includes.h" #if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c index 552dc1e1c..5171cd64c 100644 --- a/openbsd-compat/basename.c +++ b/openbsd-compat/basename.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ - /* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */ /* @@ -18,6 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ + #include "includes.h" #ifndef HAVE_BASENAME diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index c0be5fff9..89e75a99e 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ - /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ + #include "includes.h" #ifndef HAVE_DAEMON diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c index 25ab34dd6..e2cf81db3 100644 --- a/openbsd-compat/dirname.c +++ b/openbsd-compat/dirname.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ - /* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */ /* @@ -18,6 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ + #include "includes.h" #ifndef HAVE_DIRNAME diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index 19be59172..d58c03e0e 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */ - /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */ + #include "includes.h" #if !defined(HAVE_GETCWD) diff --git a/openbsd-compat/getgrouplist.c b/openbsd-compat/getgrouplist.c index 2a2b8878b..a57d7d388 100644 --- a/openbsd-compat/getgrouplist.c +++ b/openbsd-compat/getgrouplist.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ - /* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */ /* * Copyright (c) 1991, 1993 @@ -30,6 +28,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ + #include "includes.h" #ifndef HAVE_GETGROUPLIST diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c index f5ee6778d..5450e43d9 100644 --- a/openbsd-compat/getopt.c +++ b/openbsd-compat/getopt.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ - /* * Copyright (c) 1987, 1993, 1994 * The Regents of the University of California. All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ + #include "includes.h" #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 973e480b4..8d571beea 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ - /* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ /* @@ -45,6 +43,8 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ + #include "includes.h" #ifndef HAVE_GETRRSETBYNAME diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 7fafc8c40..e00db7079 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ - /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -32,6 +30,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ + #include "includes.h" #include diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 3428b2013..5d80073d3 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: include/glob.h */ - /* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */ /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ @@ -37,6 +35,8 @@ * @(#)glob.h 8.1 (Berkeley) 6/2/93 */ +/* OPENBSD ORIGINAL: include/glob.h */ + #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ !defined(GLOB_HAS_GL_MATCHC) diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c index c141bcc68..355bf6bc9 100644 --- a/openbsd-compat/inet_aton.c +++ b/openbsd-compat/inet_aton.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ - /* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */ /* @@ -51,6 +49,8 @@ * --Copyright-- */ +/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ + #include "includes.h" #if !defined(HAVE_INET_ATON) diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c index dc010dc53..16390b178 100644 --- a/openbsd-compat/inet_ntoa.c +++ b/openbsd-compat/inet_ntoa.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */ - /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */ + #include "includes.h" #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c index 47796c370..c75a80d2b 100644 --- a/openbsd-compat/inet_ntop.c +++ b/openbsd-compat/inet_ntop.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ - /* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. @@ -18,6 +16,8 @@ * SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ + #include "includes.h" #ifndef HAVE_INET_NTOP diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 969f69580..8071aa184 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ - /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ /* Changes: Removed mktemp */ @@ -32,6 +30,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ + #include "includes.h" #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index eb060bdbf..2c84f8021 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ - /* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */ /* @@ -22,6 +20,8 @@ * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ +/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ + #if defined(LIBC_SCCS) && !defined(lint) static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $"; #endif /* LIBC_SCCS and not lint */ diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h index 178edf346..faab47182 100644 --- a/openbsd-compat/readpassphrase.h +++ b/openbsd-compat/readpassphrase.h @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: include/readpassphrase.h */ - /* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */ /* @@ -29,6 +27,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: include/readpassphrase.h */ + #ifndef _READPASSPHRASE_H_ #define _READPASSPHRASE_H_ diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 8430bec24..8c889db3e 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ - /* * Copyright (c) 2003 Constantin S. Svintsoff * @@ -28,6 +26,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ + #include "includes.h" #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index 75167065c..aa72f4ba2 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */ - /* * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. * Copyright (c) 1983, 1993, 1994 @@ -30,6 +28,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */ + #include "includes.h" #ifndef HAVE_RRESVPORT_AF diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 93a681152..b52a99c2c 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ - /* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. @@ -30,6 +28,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ + #include "includes.h" #if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c index 2772ac574..d1431a0d9 100644 --- a/openbsd-compat/sigact.c +++ b/openbsd-compat/sigact.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */ - /* $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $ */ /**************************************************************************** @@ -35,6 +33,8 @@ * and: Eric S. Raymond * ****************************************************************************/ +/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */ + #include "includes.h" #include #include "sigact.h" diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c index 8252f31af..bcc1b61ad 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ - /* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ /* @@ -18,6 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ + #include "includes.h" #ifndef HAVE_STRLCAT diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c index ccfa12a0a..736421202 100644 --- a/openbsd-compat/strlcpy.c +++ b/openbsd-compat/strlcpy.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ - /* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */ /* @@ -18,6 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + #include "includes.h" #ifndef HAVE_STRLCPY diff --git a/openbsd-compat/strmode.c b/openbsd-compat/strmode.c index ea8d515e3..0dbb23733 100644 --- a/openbsd-compat/strmode.c +++ b/openbsd-compat/strmode.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */ - /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */ + #include "includes.h" #ifndef HAVE_STRMODE diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c index 330d84ce1..9e81980c7 100644 --- a/openbsd-compat/strsep.c +++ b/openbsd-compat/strsep.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ - /* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */ /*- @@ -31,6 +29,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ + #include "includes.h" #if !defined(HAVE_STRSEP) diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c index 60c276f8a..653f572fe 100644 --- a/openbsd-compat/strtoll.c +++ b/openbsd-compat/strtoll.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ - /*- * Copyright (c) 1992 The Regents of the University of California. * All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ + #include "includes.h" #ifndef HAVE_STRTOLL diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c index b681ed83b..8ad0d0058 100644 --- a/openbsd-compat/strtonum.c +++ b/openbsd-compat/strtonum.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ - /* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ /* @@ -19,6 +17,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ + #include "includes.h" #ifndef HAVE_STRTONUM #include diff --git a/openbsd-compat/strtoul.c b/openbsd-compat/strtoul.c index 24d0e253d..7c093c48f 100644 --- a/openbsd-compat/strtoul.c +++ b/openbsd-compat/strtoul.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */ - /* * Copyright (c) 1990 Regents of the University of California. * All rights reserved. @@ -29,6 +27,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */ + #include "includes.h" #ifndef HAVE_STRTOUL diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h index c49a94650..402343324 100644 --- a/openbsd-compat/sys-queue.h +++ b/openbsd-compat/sys-queue.h @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: sys/sys/queue.h */ - /* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */ /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ @@ -34,6 +32,8 @@ * @(#)queue.h 8.5 (Berkeley) 8/20/94 */ +/* OPENBSD ORIGINAL: sys/sys/queue.h */ + #ifndef _FAKE_QUEUE_H_ #define _FAKE_QUEUE_H_ diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h index 73cfbe72a..c80b90b21 100644 --- a/openbsd-compat/sys-tree.h +++ b/openbsd-compat/sys-tree.h @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: sys/sys/tree.h */ - /* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ /* * Copyright 2002 Niels Provos @@ -26,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: sys/sys/tree.h */ + #ifndef _SYS_TREE_H_ #define _SYS_TREE_H_ diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c index 52d19ac55..3a087b341 100644 --- a/openbsd-compat/vis.c +++ b/openbsd-compat/vis.c @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ - /* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -30,6 +28,8 @@ * SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ + #include "includes.h" #if !defined(HAVE_STRNVIS) diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h index 0588f68da..3898a9e70 100644 --- a/openbsd-compat/vis.h +++ b/openbsd-compat/vis.h @@ -1,5 +1,3 @@ -/* OPENBSD ORIGINAL: include/vis.h */ - /* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */ /* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ @@ -34,6 +32,8 @@ * @(#)vis.h 5.9 (Berkeley) 4/3/91 */ +/* OPENBSD ORIGINAL: include/vis.h */ + #include "includes.h" #if !defined(HAVE_STRNVIS) -- cgit v1.2.3 From 52245663035ec7322ec2e1288d9692be7b2e4181 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:26:17 +1100 Subject: - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. --- ChangeLog | 3 ++- openbsd-compat/strlcpy.c | 12 ++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 367127ebc..665044558 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to after the copyright notices. Having them at the top next to the CVSIDs guarantees a conflict for each and every sync. + - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. 20051105 - (djm) OpenBSD CVS Sync @@ -3259,4 +3260,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3962 2005/11/10 05:18:56 dtucker Exp $ +$Id: ChangeLog,v 1.3963 2005/11/10 05:26:17 dtucker Exp $ diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c index 736421202..679a5b291 100644 --- a/openbsd-compat/strlcpy.c +++ b/openbsd-compat/strlcpy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */ +/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1998 Todd C. Miller @@ -21,10 +21,6 @@ #include "includes.h" #ifndef HAVE_STRLCPY -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include @@ -36,9 +32,9 @@ static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp size_t strlcpy(char *dst, const char *src, size_t siz) { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + char *d = dst; + const char *s = src; + size_t n = siz; /* Copy as many bytes as will fit */ if (n != 0 && --n != 0) { -- cgit v1.2.3 From 925d1de3fb44ef62f72589966ea9a2823b567762 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:31:55 +1100 Subject: - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. --- ChangeLog | 3 ++- openbsd-compat/sigact.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 665044558..59c06c0fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,7 @@ after the copyright notices. Having them at the top next to the CVSIDs guarantees a conflict for each and every sync. - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. + - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. 20051105 - (djm) OpenBSD CVS Sync @@ -3260,4 +3261,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3963 2005/11/10 05:26:17 dtucker Exp $ +$Id: ChangeLog,v 1.3964 2005/11/10 05:31:55 dtucker Exp $ diff --git a/openbsd-compat/sigact.h b/openbsd-compat/sigact.h index b37c1f84a..7821e09e8 100644 --- a/openbsd-compat/sigact.h +++ b/openbsd-compat/sigact.h @@ -40,6 +40,8 @@ * and usually no sigaction() nor */ +/* OPENBSD ORIGINAL: lib/libcurses/SigAction.h */ + #ifndef _SIGACTION_H #define _SIGACTION_H -- cgit v1.2.3 From 09471d8a1f7e46116ba44f0f08c756196dbf6c70 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:38:54 +1100 Subject: - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. Removal of rcsid, "whiteout" inode type. --- ChangeLog | 4 +++- openbsd-compat/strmode.c | 10 +--------- 2 files changed, 4 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 59c06c0fb..5a1be997f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ guarantees a conflict for each and every sync. - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. + - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. + Removal of rcsid, "whiteout" inode type. 20051105 - (djm) OpenBSD CVS Sync @@ -3261,4 +3263,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3964 2005/11/10 05:31:55 dtucker Exp $ +$Id: ChangeLog,v 1.3965 2005/11/10 05:38:54 dtucker Exp $ diff --git a/openbsd-compat/strmode.c b/openbsd-compat/strmode.c index 0dbb23733..4a8161422 100644 --- a/openbsd-compat/strmode.c +++ b/openbsd-compat/strmode.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strmode.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -32,10 +33,6 @@ #include "includes.h" #ifndef HAVE_STRMODE -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strmode.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -71,11 +68,6 @@ strmode(int mode, char *p) case S_IFIFO: /* fifo */ *p++ = 'p'; break; -#endif -#ifdef S_IFWHT - case S_IFWHT: /* whiteout */ - *p++ = 'w'; - break; #endif default: /* unknown */ *p++ = '?'; -- cgit v1.2.3 From ad1dada0b4c2d450346984c88e3bc74cdfe2a888 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:42:51 +1100 Subject: - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. Removal of rcsid, will no longer strlcpy parts of the string. --- ChangeLog | 4 +++- openbsd-compat/basename.c | 35 ++++++++++++++++++----------------- 2 files changed, 21 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5a1be997f..a484b95ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,8 @@ - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. Removal of rcsid, "whiteout" inode type. + - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. + Removal of rcsid, will no longer strlcpy parts of the string. 20051105 - (djm) OpenBSD CVS Sync @@ -3263,4 +3265,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3965 2005/11/10 05:38:54 dtucker Exp $ +$Id: ChangeLog,v 1.3966 2005/11/10 05:42:51 dtucker Exp $ diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c index 5171cd64c..ad040e139 100644 --- a/openbsd-compat/basename.c +++ b/openbsd-compat/basename.c @@ -1,7 +1,7 @@ -/* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */ +/* $OpenBSD: basename.c,v 1.14 2005/08/08 08:05:33 espie Exp $ */ /* - * Copyright (c) 1997 Todd C. Miller + * Copyright (c) 1997, 2004 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,31 +21,30 @@ #include "includes.h" #ifndef HAVE_BASENAME -#ifndef lint -static char rcsid[] = "$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $"; -#endif /* not lint */ - char * basename(const char *path) { static char bname[MAXPATHLEN]; - register const char *endp, *startp; + size_t len; + const char *endp, *startp; /* Empty or NULL string gets treated as "." */ if (path == NULL || *path == '\0') { - (void)strlcpy(bname, ".", sizeof bname); - return(bname); + bname[0] = '.'; + bname[1] = '\0'; + return (bname); } - /* Strip trailing slashes */ + /* Strip any trailing slashes */ endp = path + strlen(path) - 1; while (endp > path && *endp == '/') endp--; - /* All slashes become "/" */ + /* All slashes becomes "/" */ if (endp == path && *endp == '/') { - (void)strlcpy(bname, "/", sizeof bname); - return(bname); + bname[0] = '/'; + bname[1] = '\0'; + return (bname); } /* Find the start of the base */ @@ -53,12 +52,14 @@ basename(const char *path) while (startp > path && *(startp - 1) != '/') startp--; - if (endp - startp + 2 > sizeof(bname)) { + len = endp - startp + 1; + if (len >= sizeof(bname)) { errno = ENAMETOOLONG; - return(NULL); + return (NULL); } - strlcpy(bname, startp, endp - startp + 2); - return(bname); + memcpy(bname, startp, len); + bname[len] = '\0'; + return (bname); } #endif /* !defined(HAVE_BASENAME) */ -- cgit v1.2.3 From f976e6f883879a3749d79dc64d3f8513095ee9e0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:46:26 +1100 Subject: - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. Removal of rcsid. --- ChangeLog | 4 +++- openbsd-compat/strtoll.c | 4 ---- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a484b95ba..570773f7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Removal of rcsid, "whiteout" inode type. - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. Removal of rcsid, will no longer strlcpy parts of the string. + - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. + Removal of rcsid. 20051105 - (djm) OpenBSD CVS Sync @@ -3265,4 +3267,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3966 2005/11/10 05:42:51 dtucker Exp $ +$Id: ChangeLog,v 1.3967 2005/11/10 05:46:26 dtucker Exp $ diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c index 653f572fe..76e87ccbe 100644 --- a/openbsd-compat/strtoll.c +++ b/openbsd-compat/strtoll.c @@ -32,10 +32,6 @@ #include "includes.h" #ifndef HAVE_STRTOLL -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include -- cgit v1.2.3 From f5ebfe9f68ab32adaa1d5ac3418eba838fed5f92 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:48:10 +1100 Subject: - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. --- ChangeLog | 4 ++-- openbsd-compat/strtoul.c | 18 ++++++------------ 2 files changed, 8 insertions(+), 14 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 570773f7e..94515aaf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,7 +24,7 @@ - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. Removal of rcsid, will no longer strlcpy parts of the string. - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. - Removal of rcsid. + - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. 20051105 - (djm) OpenBSD CVS Sync @@ -3267,4 +3267,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3967 2005/11/10 05:46:26 dtucker Exp $ +$Id: ChangeLog,v 1.3968 2005/11/10 05:48:10 dtucker Exp $ diff --git a/openbsd-compat/strtoul.c b/openbsd-compat/strtoul.c index 7c093c48f..8219c8391 100644 --- a/openbsd-compat/strtoul.c +++ b/openbsd-compat/strtoul.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strtoul.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1990 Regents of the University of California. * All rights reserved. @@ -32,10 +33,6 @@ #include "includes.h" #ifndef HAVE_STRTOUL -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -48,15 +45,12 @@ static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp * alphabets and digits are each contiguous. */ unsigned long -strtoul(nptr, endptr, base) - const char *nptr; - char **endptr; - register int base; +strtoul(const char *nptr, char **endptr, int base) { - register const char *s; - register unsigned long acc, cutoff; - register int c; - register int neg, any, cutlim; + const char *s; + unsigned long acc, cutoff; + int c; + int neg, any, cutlim; /* * See strtol for comments as to the logic used. -- cgit v1.2.3 From dbb631cebe0108bae40ff73fd67f9873abed5cd5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:56:28 +1100 Subject: - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. --- ChangeLog | 3 ++- openbsd-compat/readpassphrase.c | 6 +----- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 94515aaf5..cd364fd3f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ Removal of rcsid, will no longer strlcpy parts of the string. - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. + - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. 20051105 - (djm) OpenBSD CVS Sync @@ -3267,4 +3268,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3968 2005/11/10 05:48:10 dtucker Exp $ +$Id: ChangeLog,v 1.3969 2005/11/10 05:56:28 dtucker Exp $ diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 2c84f8021..919c0174a 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.18 2005/08/08 08:05:34 espie Exp $ */ /* * Copyright (c) 2000-2002 Todd C. Miller @@ -22,10 +22,6 @@ /* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "includes.h" #ifndef HAVE_READPASSPHRASE -- cgit v1.2.3 From d76b4c74f808d356ac620fa18ee9e3c3ab75dd0c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 16:58:47 +1100 Subject: - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. --- ChangeLog | 3 ++- openbsd-compat/readpassphrase.h | 39 ++++++++++++++++----------------------- 2 files changed, 18 insertions(+), 24 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cd364fd3f..3f1d497d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. + - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. 20051105 - (djm) OpenBSD CVS Sync @@ -3268,4 +3269,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3969 2005/11/10 05:56:28 dtucker Exp $ +$Id: ChangeLog,v 1.3970 2005/11/10 05:58:47 dtucker Exp $ diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h index faab47182..5fd7c5d77 100644 --- a/openbsd-compat/readpassphrase.h +++ b/openbsd-compat/readpassphrase.h @@ -1,30 +1,23 @@ -/* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */ +/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ /* - * Copyright (c) 2000 Todd C. Miller - * All rights reserved. + * Copyright (c) 2000, 2002 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ /* OPENBSD ORIGINAL: include/readpassphrase.h */ -- cgit v1.2.3 From 6524d4f161d0505af2926c34e19032e1fcd102fd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:02:21 +1100 Subject: - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. --- ChangeLog | 3 +- openbsd-compat/glob.c | 118 ++++++++++++++------------------------------------ 2 files changed, 35 insertions(+), 86 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3f1d497d7..c4db5a49c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,7 @@ - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. + - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. 20051105 - (djm) OpenBSD CVS Sync @@ -3269,4 +3270,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3970 2005/11/10 05:58:47 dtucker Exp $ +$Id: ChangeLog,v 1.3971 2005/11/10 06:02:21 dtucker Exp $ diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index e00db7079..f6a04ea3f 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -1,3 +1,4 @@ +/* $OpenBSD: glob.c,v 1.25 2005/08/08 08:05:34 espie Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -50,14 +51,6 @@ get_arg_max(void) #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ !defined(GLOB_HAS_GL_MATCHC) -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93"; -#else -static char rcsid[] = "$OpenBSD: glob.c,v 1.22 2003/06/25 21:16:47 deraadt Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - /* * glob(3) -- a superset of the one defined in POSIX 1003.2. * @@ -158,10 +151,8 @@ static void qprintf(const char *, Char *); #endif int -glob(pattern, flags, errfunc, pglob) - const char *pattern; - int flags, (*errfunc)(const char *, int); - glob_t *pglob; +glob(const char *pattern, int flags, int (*errfunc)(const char *, int), + glob_t *pglob) { const u_char *patnext; int c; @@ -209,9 +200,7 @@ glob(pattern, flags, errfunc, pglob) * characters */ static int -globexp1(pattern, pglob) - const Char *pattern; - glob_t *pglob; +globexp1(const Char *pattern, glob_t *pglob) { const Char* ptr = pattern; int rv; @@ -234,10 +223,7 @@ globexp1(pattern, pglob) * If it fails then it tries to glob the rest of the pattern and returns. */ static int -globexp2(ptr, pattern, pglob, rv) - const Char *ptr, *pattern; - glob_t *pglob; - int *rv; +globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) { int i; Char *lm, *ls; @@ -342,11 +328,7 @@ globexp2(ptr, pattern, pglob, rv) * expand tilde from the passwd file. */ static const Char * -globtilde(pattern, patbuf, patbuf_len, pglob) - const Char *pattern; - Char *patbuf; - size_t patbuf_len; - glob_t *pglob; +globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) { struct passwd *pwd; char *h; @@ -414,9 +396,7 @@ globtilde(pattern, patbuf, patbuf_len, pglob) * to find no matches. */ static int -glob0(pattern, pglob) - const Char *pattern; - glob_t *pglob; +glob0(const Char *pattern, glob_t *pglob) { const Char *qpatnext; int c, err, oldpathc; @@ -503,17 +483,13 @@ glob0(pattern, pglob) } static int -compare(p, q) - const void *p, *q; +compare(const void *p, const void *q) { return(strcmp(*(char **)p, *(char **)q)); } static int -glob1(pattern, pattern_last, pglob, limitp) - Char *pattern, *pattern_last; - glob_t *pglob; - size_t *limitp; +glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) { Char pathbuf[MAXPATHLEN]; @@ -531,12 +507,8 @@ glob1(pattern, pattern_last, pglob, limitp) * meta characters. */ static int -glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern, - pattern_last, pglob, limitp) - Char *pathbuf, *pathbuf_last, *pathend, *pathend_last; - Char *pattern, *pattern_last; - glob_t *pglob; - size_t *limitp; +glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, + Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) { struct stat sb; Char *p, *q; @@ -595,14 +567,11 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern, } static int -glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, - restpattern, restpattern_last, pglob, limitp) - Char *pathbuf, *pathbuf_last, *pathend, *pathend_last; - Char *pattern, *pattern_last, *restpattern, *restpattern_last; - glob_t *pglob; - size_t *limitp; +glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, + Char *pattern, Char *pattern_last, Char *restpattern, + Char *restpattern_last, glob_t *pglob, size_t *limitp) { - register struct dirent *dp; + struct dirent *dp; DIR *dirp; int err; char buf[MAXPATHLEN]; @@ -640,8 +609,8 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, else readdirfunc = (struct dirent *(*)(void *))readdir; while ((dp = (*readdirfunc)(dirp))) { - register u_char *sc; - register Char *dc; + u_char *sc; + Char *dc; /* Initial DOT must be matched literally. */ if (dp->d_name[0] == DOT && *pattern != DOT) @@ -689,13 +658,10 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int -globextend(path, pglob, limitp) - const Char *path; - glob_t *pglob; - size_t *limitp; +globextend(const Char *path, glob_t *pglob, size_t *limitp) { - register char **pathv; - register int i; + char **pathv; + int i; u_int newsize, len; char *copy; const Char *p; @@ -747,8 +713,7 @@ globextend(path, pglob, limitp) * pattern causes a recursion level. */ static int -match(name, pat, patend) - register Char *name, *pat, *patend; +match(Char *name, Char *pat, Char *patend) { int ok, negate_range; Char c, k; @@ -759,11 +724,10 @@ match(name, pat, patend) case M_ALL: if (pat == patend) return(1); - do + do { if (match(name, pat, patend)) return(1); - while (*name++ != EOS) - ; + } while (*name++ != EOS); return(0); case M_ONE: if (*name++ == EOS) @@ -796,11 +760,10 @@ match(name, pat, patend) /* Free allocated data belonging to a glob_t structure. */ void -globfree(pglob) - glob_t *pglob; +globfree(glob_t *pglob) { - register int i; - register char **pp; + int i; + char **pp; if (pglob->gl_pathv != NULL) { pp = pglob->gl_pathv + pglob->gl_offs; @@ -813,9 +776,7 @@ globfree(pglob) } static DIR * -g_opendir(str, pglob) - register Char *str; - glob_t *pglob; +g_opendir(Char *str, glob_t *pglob) { char buf[MAXPATHLEN]; @@ -833,10 +794,7 @@ g_opendir(str, pglob) } static int -g_lstat(fn, sb, pglob) - register Char *fn; - struct stat *sb; - glob_t *pglob; +g_lstat(Char *fn, struct stat *sb, glob_t *pglob) { char buf[MAXPATHLEN]; @@ -848,10 +806,7 @@ g_lstat(fn, sb, pglob) } static int -g_stat(fn, sb, pglob) - register Char *fn; - struct stat *sb; - glob_t *pglob; +g_stat(Char *fn, struct stat *sb, glob_t *pglob) { char buf[MAXPATHLEN]; @@ -863,9 +818,7 @@ g_stat(fn, sb, pglob) } static Char * -g_strchr(str, ch) - Char *str; - int ch; +g_strchr(Char *str, int ch) { do { if (*str == ch) @@ -875,10 +828,7 @@ g_strchr(str, ch) } static int -g_Ctoc(str, buf, len) - register const Char *str; - char *buf; - u_int len; +g_Ctoc(const Char *str, char *buf, u_int len) { while (len--) { @@ -890,11 +840,9 @@ g_Ctoc(str, buf, len) #ifdef DEBUG static void -qprintf(str, s) - const char *str; - register Char *s; +qprintf(const char *str, Char *s) { - register Char *p; + Char *p; (void)printf("%s:\n", str); for (p = s; *p; p++) -- cgit v1.2.3 From 50a221ba7ac156ce8b961d4f860886f4a5499cdf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:03:22 +1100 Subject: - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. --- ChangeLog | 3 ++- openbsd-compat/glob.h | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c4db5a49c..4e2f98d15 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. + - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. 20051105 - (djm) OpenBSD CVS Sync @@ -3270,4 +3271,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3971 2005/11/10 06:02:21 dtucker Exp $ +$Id: ChangeLog,v 1.3972 2005/11/10 06:03:22 dtucker Exp $ diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 5d80073d3..4fdbfc1ea 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */ +/* $OpenBSD: glob.h,v 1.9 2004/10/07 16:56:11 millert Exp $ */ /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ /* @@ -72,6 +72,7 @@ typedef struct { #define GLOB_MARK 0x0008 /* Append / to matching directories. */ #define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ #define GLOB_NOSORT 0x0020 /* Don't sort. */ +#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ #define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ #define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ @@ -79,7 +80,6 @@ typedef struct { #define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ #define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ #define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ -#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ #define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ /* Error values returned by glob(3) */ -- cgit v1.2.3 From 31ba53e333458abda2337f5d3ded0205485bd355 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:11:29 +1100 Subject: - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. --- ChangeLog | 3 ++- openbsd-compat/getcwd.c | 44 ++++++++++++++++++++++---------------------- 2 files changed, 24 insertions(+), 23 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4e2f98d15..22a17bca8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,7 @@ - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. + - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. 20051105 - (djm) OpenBSD CVS Sync @@ -3271,4 +3272,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3972 2005/11/10 06:03:22 dtucker Exp $ +$Id: ChangeLog,v 1.3973 2005/11/10 06:11:29 dtucker Exp $ diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index d58c03e0e..9354f7ae4 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */ /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -33,10 +34,6 @@ #if !defined(HAVE_GETCWD) -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -54,12 +51,12 @@ static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp char * getcwd(char *pt, size_t size) { - register struct dirent *dp; - register DIR *dir = NULL; - register dev_t dev; - register ino_t ino; - register int first; - register char *bpt, *bup; + struct dirent *dp; + DIR *dir = NULL; + dev_t dev; + ino_t ino; + int first; + char *bpt, *bup; struct stat s; dev_t root_dev; ino_t root_ino; @@ -80,7 +77,7 @@ getcwd(char *pt, size_t size) } ept = pt + size; } else { - if ((pt = malloc(ptsize = 1024 - 4)) == NULL) + if ((pt = malloc(ptsize = MAXPATHLEN)) == NULL) return (NULL); ept = pt + ptsize; } @@ -88,13 +85,13 @@ getcwd(char *pt, size_t size) *bpt = '\0'; /* - * Allocate bytes (1024 - malloc space) for the string of "../"'s. + * Allocate bytes for the string of "../"'s. * Should always be enough (it's 340 levels). If it's not, allocate * as necessary. Special * case the first stat, it's ".", not "..". */ - if ((up = malloc(upsize = 1024 - 4)) == NULL) + if ((up = malloc(upsize = MAXPATHLEN)) == NULL) goto err; - eup = up + MAXPATHLEN; + eup = up + upsize; bup = up; up[0] = '.'; up[1] = '\0'; @@ -139,8 +136,8 @@ getcwd(char *pt, size_t size) if ((nup = realloc(up, upsize *= 2)) == NULL) goto err; + bup = nup + (bup - up); up = nup; - bup = up; eup = up + upsize; } *bup++ = '.'; @@ -175,7 +172,7 @@ getcwd(char *pt, size_t size) goto notfound; if (ISDOT(dp)) continue; - memmove(bup, dp->d_name, dp->d_namlen + 1); + memcpy(bup, dp->d_name, dp->d_namlen + 1); /* Save the first error for later. */ if (lstat(up, &s)) { @@ -193,19 +190,18 @@ getcwd(char *pt, size_t size) * leading slash. */ if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) { - size_t len, off; + size_t len; char *npt; if (!ptsize) { errno = ERANGE; goto err; } - off = bpt - pt; len = ept - bpt; if ((npt = realloc(pt, ptsize *= 2)) == NULL) goto err; + bpt = npt + (bpt - pt); pt = npt; - bpt = pt + off; ept = pt + ptsize; memmove(ept - len, bpt, len); bpt = ept - len; @@ -213,7 +209,7 @@ getcwd(char *pt, size_t size) if (!first) *--bpt = '/'; bpt -= dp->d_namlen; - memmove(bpt, dp->d_name, dp->d_namlen); + memcpy(bpt, dp->d_name, dp->d_namlen); (void)closedir(dir); /* Truncate any file name. */ @@ -230,12 +226,16 @@ notfound: errno = save_errno ? save_errno : ENOENT; /* FALLTHROUGH */ err: + save_errno = errno; + if (ptsize) free(pt); - if (up) - free(up); + free(up); if (dir) (void)closedir(dir); + + errno = save_errno; + return (NULL); } -- cgit v1.2.3 From 0a149d19d3ca291c33f449c304d4b0c5601c127a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:15:06 +1100 Subject: - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up with OpenBSD code since we don't support platforms without fstat any more. --- ChangeLog | 4 +++- openbsd-compat/getcwd.c | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 22a17bca8..a274ce3ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,8 @@ - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. + - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up + with OpenBSD code since we don't support platforms without fstat any more. 20051105 - (djm) OpenBSD CVS Sync @@ -3272,4 +3274,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3973 2005/11/10 06:11:29 dtucker Exp $ +$Id: ChangeLog,v 1.3974 2005/11/10 06:15:06 dtucker Exp $ diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index 9354f7ae4..711cb9cd5 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c @@ -144,10 +144,8 @@ getcwd(char *pt, size_t size) *bup++ = '.'; *bup = '\0'; - /* Open and stat parent directory. - * RACE?? - replaced fstat(dirfd(dir), &s) w/ lstat(up,&s) - */ - if (!(dir = opendir(up)) || lstat(up,&s)) + /* Open and stat parent directory. */ + if (!(dir = opendir(up)) || fstat(dirfd(dir), &s)) goto err; /* Add trailing slash for next directory. */ -- cgit v1.2.3 From c7e05d679a8fdbc7cfa2eefb54f9fcb84ff715ae Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:21:21 +1100 Subject: - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. --- ChangeLog | 3 ++- openbsd-compat/inet_aton.c | 24 +++++++----------------- 2 files changed, 9 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a274ce3ba..120f68f84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,7 @@ - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up with OpenBSD code since we don't support platforms without fstat any more. + - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. 20051105 - (djm) OpenBSD CVS Sync @@ -3274,4 +3275,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3974 2005/11/10 06:15:06 dtucker Exp $ +$Id: ChangeLog,v 1.3975 2005/11/10 06:21:21 dtucker Exp $ diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c index 355bf6bc9..130597e14 100644 --- a/openbsd-compat/inet_aton.c +++ b/openbsd-compat/inet_aton.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */ +/* $OpenBSD: inet_addr.c,v 1.9 2005/08/06 20:30:03 espie Exp $ */ /* * Copyright (c) 1983, 1990, 1993 @@ -55,15 +55,6 @@ #if !defined(HAVE_INET_ATON) -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -76,8 +67,7 @@ static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert E * The value returned is in network order. */ in_addr_t -inet_addr(cp) - register const char *cp; +inet_addr(const char *cp) { struct in_addr val; @@ -97,11 +87,11 @@ inet_addr(cp) int inet_aton(const char *cp, struct in_addr *addr) { - register u_int32_t val; - register int base, n; - register char c; - unsigned int parts[4]; - register unsigned int *pp = parts; + u_int32_t val; + int base, n; + char c; + u_int parts[4]; + u_int *pp = parts; c = *cp; for (;;) { -- cgit v1.2.3 From de9d623960b6e5562a73600b225d82c2497dfc58 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:23:54 +1100 Subject: - (dtucker) [openbsd-compat/inet_nto.c] Update from OpenBSD 1.4 -> 1.6. --- ChangeLog | 3 ++- openbsd-compat/inet_ntoa.c | 10 ++++------ 2 files changed, 6 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 120f68f84..324084562 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,7 @@ - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up with OpenBSD code since we don't support platforms without fstat any more. - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. + - (dtucker) [openbsd-compat/inet_nto.c] Update from OpenBSD 1.4 -> 1.6. 20051105 - (djm) OpenBSD CVS Sync @@ -3275,4 +3276,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3975 2005/11/10 06:21:21 dtucker Exp $ +$Id: ChangeLog,v 1.3976 2005/11/10 06:23:54 dtucker Exp $ diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c index 16390b178..0eb7b3bd7 100644 --- a/openbsd-compat/inet_ntoa.c +++ b/openbsd-compat/inet_ntoa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_ntoa.c,v 1.6 2005/08/06 20:30:03 espie Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -33,10 +34,6 @@ #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* * Convert network-format internet address * to base 256 d.d.d.d representation. @@ -46,10 +43,11 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert E #include #include -char *inet_ntoa(struct in_addr in) +char * +inet_ntoa(struct in_addr in) { static char b[18]; - register char *p; + char *p; p = (char *)∈ #define UC(b) (((int)b)&0xff) -- cgit v1.2.3 From 2864039a7ceebbda6fb3e0d99b891c04eb1324bd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:25:26 +1100 Subject: - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. --- ChangeLog | 5 +++-- openbsd-compat/inet_ntop.c | 26 ++++---------------------- 2 files changed, 7 insertions(+), 24 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 324084562..22e3a3edc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,7 +33,8 @@ - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up with OpenBSD code since we don't support platforms without fstat any more. - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. - - (dtucker) [openbsd-compat/inet_nto.c] Update from OpenBSD 1.4 -> 1.6. + - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. + - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. 20051105 - (djm) OpenBSD CVS Sync @@ -3276,4 +3277,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3976 2005/11/10 06:23:54 dtucker Exp $ +$Id: ChangeLog,v 1.3977 2005/11/10 06:25:26 dtucker Exp $ diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c index c75a80d2b..e7ca4b7f8 100644 --- a/openbsd-compat/inet_ntop.c +++ b/openbsd-compat/inet_ntop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */ +/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. * @@ -22,14 +22,6 @@ #ifndef HAVE_INET_NTOP -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -65,11 +57,7 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size); * Paul Vixie, 1996. */ const char * -inet_ntop(af, src, dst, size) - int af; - const void *src; - char *dst; - size_t size; +inet_ntop(int af, const void *src, char *dst, size_t size) { switch (af) { case AF_INET: @@ -95,10 +83,7 @@ inet_ntop(af, src, dst, size) * Paul Vixie, 1996. */ static const char * -inet_ntop4(src, dst, size) - const u_char *src; - char *dst; - size_t size; +inet_ntop4(const u_char *src, char *dst, size_t size) { static const char fmt[] = "%u.%u.%u.%u"; char tmp[sizeof "255.255.255.255"]; @@ -120,10 +105,7 @@ inet_ntop4(src, dst, size) * Paul Vixie, 1996. */ static const char * -inet_ntop6(src, dst, size) - const u_char *src; - char *dst; - size_t size; +inet_ntop6(const u_char *src, char *dst, size_t size) { /* * Note that int32_t and int16_t need only be "at least" large enough -- cgit v1.2.3 From b10b49768234f02343c7ae6a95ebc33279d04ea2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:27:25 +1100 Subject: - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. --- ChangeLog | 3 ++- openbsd-compat/daemon.c | 5 +---- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 22e3a3edc..ab00a5aae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,7 @@ - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. + - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. 20051105 - (djm) OpenBSD CVS Sync @@ -3277,4 +3278,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3977 2005/11/10 06:25:26 dtucker Exp $ +$Id: ChangeLog,v 1.3978 2005/11/10 06:27:25 dtucker Exp $ diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index 89e75a99e..f8a0680bf 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c @@ -1,3 +1,4 @@ +/* $OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -33,10 +34,6 @@ #ifndef HAVE_DAEMON -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: daemon.c,v 1.5 2003/07/15 17:32:41 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - int daemon(int nochdir, int noclose) { -- cgit v1.2.3 From 4e8c2490bbb87345abc44995b448f5c59a939788 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:28:35 +1100 Subject: - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. --- ChangeLog | 3 ++- openbsd-compat/strsep.c | 10 +--------- 2 files changed, 3 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ab00a5aae..dc1bb31ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,7 @@ - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. + - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. 20051105 - (djm) OpenBSD CVS Sync @@ -3278,4 +3279,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3978 2005/11/10 06:27:25 dtucker Exp $ +$Id: ChangeLog,v 1.3979 2005/11/10 06:28:35 dtucker Exp $ diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c index 9e81980c7..b36eb8fda 100644 --- a/openbsd-compat/strsep.c +++ b/openbsd-compat/strsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */ +/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -38,14 +38,6 @@ #include #include -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)strsep.c 8.1 (Berkeley) 6/4/93"; -#else -static char *rcsid = "$OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - /* * Get next token from string *stringp, where tokens are possibly-empty * strings separated by characters from delim. -- cgit v1.2.3 From 8f0d8f8ea2a902c58b19d596c22999db61cf39d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:33:00 +1100 Subject: - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. --- ChangeLog | 3 ++- openbsd-compat/dirname.c | 36 +++++++++++++++++++----------------- 2 files changed, 21 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index dc1bb31ec..2eaa822df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,7 @@ - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. + - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. 20051105 - (djm) OpenBSD CVS Sync @@ -3279,4 +3280,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3979 2005/11/10 06:28:35 dtucker Exp $ +$Id: ChangeLog,v 1.3980 2005/11/10 06:33:00 dtucker Exp $ diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c index e2cf81db3..30fcb4968 100644 --- a/openbsd-compat/dirname.c +++ b/openbsd-compat/dirname.c @@ -1,7 +1,7 @@ -/* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */ +/* $OpenBSD: dirname.c,v 1.13 2005/08/08 08:05:33 espie Exp $ */ /* - * Copyright (c) 1997 Todd C. Miller + * Copyright (c) 1997, 2004 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -21,10 +21,6 @@ #include "includes.h" #ifndef HAVE_DIRNAME -#ifndef lint -static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $"; -#endif /* not lint */ - #include #include #include @@ -32,16 +28,18 @@ static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Ex char * dirname(const char *path) { - static char bname[MAXPATHLEN]; - register const char *endp; + static char dname[MAXPATHLEN]; + size_t len; + const char *endp; /* Empty or NULL string gets treated as "." */ if (path == NULL || *path == '\0') { - (void)strlcpy(bname, ".", sizeof bname); - return(bname); + dname[0] = '.'; + dname[1] = '\0'; + return (dname); } - /* Strip trailing slashes */ + /* Strip any trailing slashes */ endp = path + strlen(path) - 1; while (endp > path && *endp == '/') endp--; @@ -52,19 +50,23 @@ dirname(const char *path) /* Either the dir is "/" or there are no slashes */ if (endp == path) { - (void)strlcpy(bname, *endp == '/' ? "/" : ".", sizeof bname); - return(bname); + dname[0] = *endp == '/' ? '/' : '.'; + dname[1] = '\0'; + return (dname); } else { + /* Move forward past the separating slashes */ do { endp--; } while (endp > path && *endp == '/'); } - if (endp - path + 2 > sizeof(bname)) { + len = endp - path + 1; + if (len >= sizeof(dname)) { errno = ENAMETOOLONG; - return(NULL); + return (NULL); } - strlcpy(bname, path, endp - path + 2); - return(bname); + memcpy(dname, path, len); + dname[len] = '\0'; + return (dname); } #endif -- cgit v1.2.3 From ffcd0ecf6be104caec2dbaf27460a11eb425cf52 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:37:02 +1100 Subject: - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. --- ChangeLog | 3 ++- openbsd-compat/mktemp.c | 15 ++++----------- 2 files changed, 6 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2eaa822df..35a5cdc92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,7 @@ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. + - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. 20051105 - (djm) OpenBSD CVS Sync @@ -3280,4 +3281,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3980 2005/11/10 06:33:00 dtucker Exp $ +$Id: ChangeLog,v 1.3981 2005/11/10 06:37:02 dtucker Exp $ diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 8071aa184..88e04c520 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -1,6 +1,7 @@ /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ /* Changes: Removed mktemp */ +/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. @@ -36,16 +37,10 @@ #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - static int _gettemp(char *, int *, int, int); int -mkstemps(path, slen) - char *path; - int slen; +mkstemps(char *path, int slen) { int fd; @@ -53,8 +48,7 @@ mkstemps(path, slen) } int -mkstemp(path) - char *path; +mkstemp(char *path) { int fd; @@ -62,8 +56,7 @@ mkstemp(path) } char * -mkdtemp(path) - char *path; +mkdtemp(char *path) { return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL); } -- cgit v1.2.3 From 91b34dc18373cd403a8e25ca5ca69cddb2486edc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:42:40 +1100 Subject: - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. --- ChangeLog | 3 ++- openbsd-compat/rresvport.c | 11 ++--------- 2 files changed, 4 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 35a5cdc92..d1b4e51b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,7 @@ - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. + - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. 20051105 - (djm) OpenBSD CVS Sync @@ -3281,4 +3282,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3981 2005/11/10 06:37:02 dtucker Exp $ +$Id: ChangeLog,v 1.3982 2005/11/10 06:42:40 dtucker Exp $ diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index aa72f4ba2..d13047b38 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -34,22 +34,15 @@ #ifndef HAVE_RRESVPORT_AF -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rresvport.c,v 1.6 2003/06/03 02:11:35 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include "includes.h" - #if 0 int -rresvport(alport) - int *alport; +rresvport(int *alport) { return rresvport_af(alport, AF_INET); } #endif -int +int rresvport_af(int *alport, sa_family_t af) { struct sockaddr_storage ss; -- cgit v1.2.3 From 6f15c07ce33cb621e08fa43b16576236a961e989 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:52:08 +1100 Subject: - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. --- ChangeLog | 3 ++- openbsd-compat/bindresvport.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d1b4e51b5..a6128fed8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,7 @@ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. + - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. 20051105 - (djm) OpenBSD CVS Sync @@ -3282,4 +3283,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3982 2005/11/10 06:42:40 dtucker Exp $ +$Id: ChangeLog,v 1.3983 2005/11/10 06:52:08 dtucker Exp $ diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index 8a273f9b5..1a9000584 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -28,6 +28,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* OPENBSD ORIGINAL: lib/libc/rpc/bindresvport.c */ + #include "includes.h" #ifndef HAVE_BINDRESVPORT_SA -- cgit v1.2.3 From fe80d7a0683d5e8e55a9cb057f9271f9a5b883c5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 17:54:46 +1100 Subject: - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. --- ChangeLog | 3 ++- openbsd-compat/bindresvport.c | 6 ++---- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a6128fed8..0b0fc76ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,7 @@ - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. + - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. 20051105 - (djm) OpenBSD CVS Sync @@ -3283,4 +3284,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3983 2005/11/10 06:52:08 dtucker Exp $ +$Id: ChangeLog,v 1.3984 2005/11/10 06:54:46 dtucker Exp $ diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index 1a9000584..7f48fd03a 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -1,6 +1,6 @@ /* This file has be substantially modified from the original OpenBSD source */ -/* $OpenBSD: bindresvport.c,v 1.15 2003/05/20 22:42:35 deraadt Exp $ */ +/* $OpenBSD: bindresvport.c,v 1.16 2005/04/01 07:44:03 otto Exp $ */ /* * Copyright 1996, Jason Downs. All rights reserved. @@ -44,9 +44,7 @@ * Bind a socket to a privileged IP port */ int -bindresvport_sa(sd, sa) - int sd; - struct sockaddr *sa; +bindresvport_sa(int sd, struct sockaddr *sa) { int error, af; struct sockaddr_storage myaddr; -- cgit v1.2.3 From 30d6974124fd54c5bd9f101d9e31291fc9eda1b9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 19:29:12 +1100 Subject: - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. Id and copyright sync only, there were no substantial changes we need. --- ChangeLog | 4 +++- openbsd-compat/base64.c | 5 +++-- openbsd-compat/bsd-closefrom.c | 4 ++-- openbsd-compat/sigact.c | 4 ++-- 4 files changed, 10 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0b0fc76ee..da073c281 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,8 @@ - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. + - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. + Id and copyright sync only, there were no substantial changes we need. 20051105 - (djm) OpenBSD CVS Sync @@ -3284,4 +3286,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3984 2005/11/10 06:54:46 dtucker Exp $ +$Id: ChangeLog,v 1.3985 2005/11/10 08:29:12 dtucker Exp $ diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c index 6eadb5c10..9a60f583b 100644 --- a/openbsd-compat/base64.c +++ b/openbsd-compat/base64.c @@ -139,7 +139,7 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) size_t datalength = 0; u_char input[3]; u_char output[4]; - int i; + u_int i; while (2 < srclength) { input[0] = *src++; @@ -206,7 +206,8 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) int b64_pton(char const *src, u_char *target, size_t targsize) { - int tarindex, state, ch; + u_int tarindex, state; + int ch; char *pos; state = 0; diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 61a9fa391..5b7b94ae4 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -46,7 +46,7 @@ # define OPEN_MAX 256 #endif -RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $"); #ifndef lint static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $"; @@ -67,7 +67,7 @@ closefrom(int lowfd) /* Check for a /proc/$$/fd directory. */ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { + if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { while ((dent = readdir(dirp)) != NULL) { fd = strtol(dent->d_name, &endp, 10); if (dent->d_name != endp && *endp == '\0' && diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c index d1431a0d9..8b8e4dd2c 100644 --- a/openbsd-compat/sigact.c +++ b/openbsd-compat/sigact.c @@ -1,7 +1,7 @@ -/* $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $ */ +/* $OpenBSD: sigaction.c,v 1.4 2001/01/22 18:01:48 millert Exp $ */ /**************************************************************************** - * Copyright (c) 1998 Free Software Foundation, Inc. * + * Copyright (c) 1998,2000 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * * copy of this software and associated documentation files (the * -- cgit v1.2.3 From ce1cb1f160506b5f96dd3403be988b9b5e9651e9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 19:31:08 +1100 Subject: - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] -Wall fixes from djm. --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index da073c281..99a8c2c36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,8 @@ - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. Id and copyright sync only, there were no substantial changes we need. + - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] + -Wall fixes from djm. 20051105 - (djm) OpenBSD CVS Sync @@ -3286,4 +3288,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3985 2005/11/10 08:29:12 dtucker Exp $ +$Id: ChangeLog,v 1.3986 2005/11/10 08:31:08 dtucker Exp $ -- cgit v1.2.3 From 581203438f61ea238b1c01173c135b7a547ae055 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 19:31:37 +1100 Subject: typo --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 99a8c2c36..8a530da4d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,7 +45,7 @@ - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. Id and copyright sync only, there were no substantial changes we need. - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] - -Wall fixes from djm. + -Wsign-compare fixes from djm. 20051105 - (djm) OpenBSD CVS Sync @@ -3288,4 +3288,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3986 2005/11/10 08:31:08 dtucker Exp $ +$Id: ChangeLog,v 1.3987 2005/11/10 08:31:37 dtucker Exp $ -- cgit v1.2.3 From 9d30d1392289645b5275646bf63b42cc17ef0cac Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 19:43:48 +1100 Subject: - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. Id and copyright sync only, there were no substantial changes we need. --- ChangeLog | 4 +++- openbsd-compat/sigact.h | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8a530da4d..15eabc51b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,8 @@ Id and copyright sync only, there were no substantial changes we need. - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] -Wsign-compare fixes from djm. + - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. + Id and copyright sync only, there were no substantial changes we need. 20051105 - (djm) OpenBSD CVS Sync @@ -3288,4 +3290,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3987 2005/11/10 08:31:37 dtucker Exp $ +$Id: ChangeLog,v 1.3988 2005/11/10 08:43:48 dtucker Exp $ diff --git a/openbsd-compat/sigact.h b/openbsd-compat/sigact.h index 7821e09e8..db96d0a5c 100644 --- a/openbsd-compat/sigact.h +++ b/openbsd-compat/sigact.h @@ -1,7 +1,7 @@ -/* $OpenBSD: SigAction.h,v 1.2 1999/06/27 08:15:19 millert Exp $ */ +/* $OpenBSD: SigAction.h,v 1.3 2001/01/22 18:01:32 millert Exp $ */ /**************************************************************************** - * Copyright (c) 1998 Free Software Foundation, Inc. * + * Copyright (c) 1998,2000 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * * copy of this software and associated documentation files (the * @@ -34,7 +34,7 @@ ****************************************************************************/ /* - * $From: SigAction.h,v 1.5 1999/06/19 23:00:54 tom Exp $ + * $From: SigAction.h,v 1.6 2000/12/10 02:36:10 tom Exp $ * * This file exists to handle non-POSIX systems which don't have , * and usually no sigaction() nor -- cgit v1.2.3 From f032435de7849ae80aa53df8028902711889a414 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Nov 2005 21:30:36 +1100 Subject: - (dtucker) [configure.ac] Try to get the gcc version number in a way that doesn't change between versions, and use a safer default. --- ChangeLog | 4 +++- configure.ac | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 15eabc51b..291bf970a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,8 @@ -Wsign-compare fixes from djm. - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. Id and copyright sync only, there were no substantial changes we need. + - (dtucker) [configure.ac] Try to get the gcc version number in a way that + doesn't change between versions, and use a safer default. 20051105 - (djm) OpenBSD CVS Sync @@ -3290,4 +3292,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3988 2005/11/10 08:43:48 dtucker Exp $ +$Id: ChangeLog,v 1.3989 2005/11/10 10:30:36 dtucker Exp $ diff --git a/configure.ac b/configure.ac index a7b8e8000..aee387190 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.304 2005/11/10 03:46:49 dtucker Exp $ +# $Id: configure.ac,v 1.305 2005/11/10 10:30:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -85,13 +85,14 @@ AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include ]) if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" - GCC_VER=`$CC --version` + GCC_VER=`$CC -v 2>&1 | awk '/gcc version /{print $3}'` case $GCC_VER in 1.*) ;; 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; 2.*) ;; 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; - *) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; + 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; + *) ;; esac if test -z "$have_llong_max"; then -- cgit v1.2.3 From 16fd99c72702049030901b15a158a2159fe8f428 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 14:06:29 +1100 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific ifdef lost during sync. Spotted by tim@. --- ChangeLog | 6 +++++- openbsd-compat/getrrsetbyname.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 291bf970a..e87996bb4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051112 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific + ifdef lost during sync. Spotted by tim@. + 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of @@ -3292,4 +3296,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3989 2005/11/10 10:30:36 dtucker Exp $ +$Id: ChangeLog,v 1.3990 2005/11/12 03:06:29 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 8d571beea..bea6aea3b 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -262,9 +262,11 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, rrset->rri_ttl = response->answer->ttl; rrset->rri_nrdatas = response->header.ancount; +#ifdef HAVE_HEADER_AD /* check for authenticated data */ if (response->header.ad == 1) rrset->rri_flags |= RRSET_VALIDATED; +#endif /* copy name from answer section */ rrset->rri_name = strdup(response->answer->name); -- cgit v1.2.3 From 7cb2a78ae2657fa85f9996f63b053d036531331e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 14:14:52 +1100 Subject: - (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag. --- ChangeLog | 3 ++- openbsd-compat/realpath.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e87996bb4..550834eeb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20051112 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific ifdef lost during sync. Spotted by tim@. + - (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag. 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from @@ -3296,4 +3297,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3990 2005/11/12 03:06:29 dtucker Exp $ +$Id: ChangeLog,v 1.3991 2005/11/12 03:14:52 dtucker Exp $ diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 8c889db3e..b6120d034 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -1,3 +1,4 @@ +/* $OpenBSD: realpath.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 2003 Constantin S. Svintsoff * -- cgit v1.2.3 From 5a0bdf770cd3df4c39f832b997c223a3e7df1fd2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 14:28:05 +1100 Subject: - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. --- ChangeLog | 4 ++-- openbsd-compat/rresvport.c | 1 + openbsd-compat/strtoll.c | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 550834eeb..c8d60704a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ 20051112 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific ifdef lost during sync. Spotted by tim@. - - (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag. + - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from @@ -3297,4 +3297,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3991 2005/11/12 03:14:52 dtucker Exp $ +$Id: ChangeLog,v 1.3992 2005/11/12 03:28:05 dtucker Exp $ diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index d13047b38..71cf6e6eb 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rresvport.c,v 1.9 2005/11/10 10:00:17 espie Exp $ */ /* * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. * Copyright (c) 1983, 1993, 1994 diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c index 76e87ccbe..f62930388 100644 --- a/openbsd-compat/strtoll.c +++ b/openbsd-compat/strtoll.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strtoll.c,v 1.6 2005/11/10 10:00:17 espie Exp $ */ /*- * Copyright (c) 1992 The Regents of the University of California. * All rights reserved. -- cgit v1.2.3 From 3f9545ee67d66cad8cf40c3afbccc71d59b062da Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 15:20:52 +1100 Subject: - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. --- ChangeLog | 3 ++- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c8d60704a..dbaff6e52 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific ifdef lost during sync. Spotted by tim@. - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. + - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from @@ -3297,4 +3298,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3992 2005/11/12 03:28:05 dtucker Exp $ +$Id: ChangeLog,v 1.3993 2005/11/12 04:20:52 dtucker Exp $ diff --git a/configure.ac b/configure.ac index aee387190..89f19a513 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.305 2005/11/10 10:30:36 dtucker Exp $ +# $Id: configure.ac,v 1.306 2005/11/12 04:20:53 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -85,7 +85,7 @@ AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include ]) if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" - GCC_VER=`$CC -v 2>&1 | awk '/gcc version /{print $3}'` + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` case $GCC_VER in 1.*) ;; 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; -- cgit v1.2.3 From 5bfe1687dd85151649584aaaaf9bd85b67c9b61a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 18:42:36 +1100 Subject: - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ --- ChangeLog | 3 ++- configure.ac | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index dbaff6e52..102a8c0fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ ifdef lost during sync. Spotted by tim@. - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. + - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from @@ -3298,4 +3299,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3993 2005/11/12 04:20:52 dtucker Exp $ +$Id: ChangeLog,v 1.3994 2005/11/12 07:42:36 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 89f19a513..2885a69fb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.306 2005/11/12 04:20:53 dtucker Exp $ +# $Id: configure.ac,v 1.307 2005/11/12 07:42:37 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -848,7 +848,7 @@ dnl UnixWare 2.x AC_CHECK_FUNC(strcasecmp, [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] ) -AC_CHECK_FUNC(utimes, +AC_CHECK_FUNCS(utimes, [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) LIBS="$LIBS -lc89"]) ] ) @@ -1181,7 +1181,6 @@ AC_CHECK_FUNCS( \ truncate \ unsetenv \ updwtmpx \ - utimes \ vhangup \ vsnprintf \ waitpid \ -- cgit v1.2.3 From cb6ecdea6c56c21da4b9ba0612ce4a035ffe6417 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 12 Nov 2005 21:30:07 +1100 Subject: - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure test: if sshd takes too long to reconfigure the subsequent connection will fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. --- ChangeLog | 5 ++++- regress/reconfigure.sh | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 102a8c0fc..b3eb526f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ + - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure + test: if sshd takes too long to reconfigure the subsequent connection will + fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. 20051110 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from @@ -3299,4 +3302,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3994 2005/11/12 07:42:36 dtucker Exp $ +$Id: ChangeLog,v 1.3995 2005/11/12 10:30:07 dtucker Exp $ diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh index ba6dbc6f5..1daf29f9a 100644 --- a/regress/reconfigure.sh +++ b/regress/reconfigure.sh @@ -15,8 +15,9 @@ esac start_sshd -$SUDO kill -HUP `cat $PIDFILE` -sleep 1 +PID=`cat $PIDFILE` +rm -f $PIDFILE +$SUDO kill -HUP $PID trace "wait for sshd to restart" i=0; -- cgit v1.2.3 From 4123636471185c739a3d03c763cebee2661f8c2d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Nov 2005 14:09:59 +1100 Subject: - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what is going on. --- ChangeLog | 6 +++++- openbsd-compat/openssl-compat.h | 9 +++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b3eb526f6..68c99482b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051120 + - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what + is going on. + 20051112 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific ifdef lost during sync. Spotted by tim@. @@ -3302,4 +3306,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3995 2005/11/12 10:30:07 dtucker Exp $ +$Id: ChangeLog,v 1.3996 2005/11/20 03:09:59 dtucker Exp $ diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index d9b2fa55f..4988485f1 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.2 2005/11/20 03:10:00 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -43,7 +43,12 @@ extern const EVP_CIPHER *evp_acss(void); #endif /* - * insert comment here + * We overload some of the OpenSSL crypto functions with ssh_* equivalents + * which cater for older and/or less featureful OpenSSL version. + * + * In order for the compat library to call the real functions, it must + * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and + * implement the ssh_* equivalents. */ #ifdef SSH_OLD_EVP -- cgit v1.2.3 From b736d8d8292cd2222e6ad37518d562026d87f1dd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:37:08 +1100 Subject: - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 [ssh-add.c] space --- ChangeLog | 8 +++++++- ssh-add.c | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 68c99482b..fb7cdbdfb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051122 + - (dtucker) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 + [ssh-add.c] + space + 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what is going on. @@ -3306,4 +3312,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3996 2005/11/20 03:09:59 dtucker Exp $ +$Id: ChangeLog,v 1.3997 2005/11/22 08:37:08 dtucker Exp $ diff --git a/ssh-add.c b/ssh-add.c index 749a76829..2b01e6f13 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $"); #include @@ -324,7 +324,8 @@ main(int argc, char **argv) /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) { - fprintf(stderr, "Could not open a connection to your authentication agent.\n"); + fprintf(stderr, + "Could not open a connection to your authentication agent.\n"); exit(2); } while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { -- cgit v1.2.3 From 33f86bc2843b23c89f1b40e4250ced5b84e4c141 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:38:06 +1100 Subject: - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 [scp.c] avoid close(-1), as in rcp; ok cloder --- ChangeLog | 5 ++++- scp.c | 14 ++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fb7cdbdfb..b04403b37 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 [ssh-add.c] space + - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 + [scp.c] + avoid close(-1), as in rcp; ok cloder 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what @@ -3312,4 +3315,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3997 2005/11/22 08:37:08 dtucker Exp $ +$Id: ChangeLog,v 1.3998 2005/11/22 08:38:06 dtucker Exp $ diff --git a/scp.c b/scp.c index 58c00442f..59285abca 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.127 2005/11/12 18:38:15 deraadt Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -571,7 +571,10 @@ syserr: run_err("%s: %s", name, strerror(errno)); if (response() < 0) goto next; if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) { -next: (void) close(fd); +next: if (fd != -1) { + (void) close(fd); + fd = -1; + } continue; } if (showprogress) @@ -600,8 +603,11 @@ next: (void) close(fd); if (showprogress) stop_progress_meter(); - if (close(fd) < 0 && !haderr) - haderr = errno; + if (fd != -1) { + if (close(fd) < 0 && !haderr) + haderr = errno; + fd = -1; + } if (!haderr) (void) atomicio(vwrite, remout, "", 1); else -- cgit v1.2.3 From e8400da9d53700872c9dea6b9d52af98c59022b9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:41:33 +1100 Subject: - millert@cvs.openbsd.org 2005/11/15 11:59:54 [includes.h] Include sys/queue.h explicitly instead of assuming some other header will pull it in. At the moment it gets pulled in by sys/select.h (which ssh has no business including) via event.h. OK markus@ (ID sync only in -portable) --- ChangeLog | 8 +++++++- includes.h | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b04403b37..bfd187023 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,12 @@ - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 [scp.c] avoid close(-1), as in rcp; ok cloder + - millert@cvs.openbsd.org 2005/11/15 11:59:54 + [includes.h] + Include sys/queue.h explicitly instead of assuming some other header + will pull it in. At the moment it gets pulled in by sys/select.h + (which ssh has no business including) via event.h. OK markus@ + (ID sync only in -portable) 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what @@ -3315,4 +3321,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3998 2005/11/22 08:38:06 dtucker Exp $ +$Id: ChangeLog,v 1.3999 2005/11/22 08:41:33 dtucker Exp $ diff --git a/includes.h b/includes.h index fa65aa38d..351dd2ac0 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.19 2005/05/19 02:42:26 djm Exp $ */ +/* $OpenBSD: includes.h,v 1.20 2005/11/15 11:59:54 millert Exp $ */ /* * Author: Tatu Ylonen -- cgit v1.2.3 From f4732f647572f40d93f4fbd1e65d744ed10b2620 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:42:42 +1100 Subject: - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 [auth-krb5.c] Perform Kerberos calls even for invalid users to prevent leaking information about account validity. bz #975, patch originally from Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@ --- ChangeLog | 8 +++++++- auth-krb5.c | 7 ++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index bfd187023..6077bb5ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,12 @@ will pull it in. At the moment it gets pulled in by sys/select.h (which ssh has no business including) via event.h. OK markus@ (ID sync only in -portable) + - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 + [auth-krb5.c] + Perform Kerberos calls even for invalid users to prevent leaking + information about account validity. bz #975, patch originally from + Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, + ok markus@ 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what @@ -3321,4 +3327,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3999 2005/11/22 08:41:33 dtucker Exp $ +$Id: ChangeLog,v 1.4000 2005/11/22 08:42:42 dtucker Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index a84e5401c..64d613543 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -69,9 +69,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_ccache ccache = NULL; int len; - if (!authctxt->valid) - return (0); - temporarily_use_uid(authctxt->pw); problem = krb5_init(authctxt); @@ -188,7 +185,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) else return (0); } - return (1); + return (authctxt->valid ? 1 : 0); } void -- cgit v1.2.3 From 593bae7e10e61c41b73c5939e2f045e93ccd605e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:43:26 +1100 Subject: - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 [hostfile.c] Correct format/arguments to debug call; spotted by shaw at vranix.com ok djm@ --- ChangeLog | 6 +++++- hostfile.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6077bb5ae..1d1529e91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ information about account validity. bz #975, patch originally from Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@ + - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 + [hostfile.c] + Correct format/arguments to debug call; spotted by shaw at vranix.com + ok djm@ 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what @@ -3327,4 +3331,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4000 2005/11/22 08:42:42 dtucker Exp $ +$Id: ChangeLog,v 1.4001 2005/11/22 08:43:26 dtucker Exp $ diff --git a/hostfile.c b/hostfile.c index 63550a29d..3ed646247 100644 --- a/hostfile.c +++ b/hostfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.35 2005/07/27 10:39:03 dtucker Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.36 2005/11/22 03:36:03 dtucker Exp $"); #include #include @@ -88,8 +88,8 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) return (-1); } if (ret != SHA_DIGEST_LENGTH) { - debug2("extract_salt: expected salt len %u, got %u", - salt_len, ret); + debug2("extract_salt: expected salt len %d, got %d", + SHA_DIGEST_LENGTH, ret); return (-1); } -- cgit v1.2.3 From efc17470e0548dae4b6ffc34370ad15562d83239 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Nov 2005 19:55:13 +1100 Subject: - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch from shaw at vranix.com. --- ChangeLog | 4 +++- loginrec.c | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1d1529e91..1164b770d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ [hostfile.c] Correct format/arguments to debug call; spotted by shaw at vranix.com ok djm@ + - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch + from shaw at vranix.com. 20051120 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what @@ -3331,4 +3333,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4001 2005/11/22 08:43:26 dtucker Exp $ +$Id: ChangeLog,v 1.4002 2005/11/22 08:55:13 dtucker Exp $ diff --git a/loginrec.c b/loginrec.c index c3783c991..d096346ec 100644 --- a/loginrec.c +++ b/loginrec.c @@ -165,7 +165,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.71 2005/11/22 08:55:13 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -1589,7 +1589,7 @@ lastlog_get_entry(struct logininfo *li) return (0); default: error("%s: Error reading from %s: Expecting %d, got %d", - __func__, LASTLOG_FILE, sizeof(last), ret); + __func__, LASTLOG_FILE, (int)sizeof(last), ret); return (0); } @@ -1613,7 +1613,7 @@ record_failed_login(const char *username, const char *hostname, int fd; struct utmp ut; struct sockaddr_storage from; - size_t fromlen = sizeof(from); + socklen_t fromlen = sizeof(from); struct sockaddr_in *a4; struct sockaddr_in6 *a6; time_t t; -- cgit v1.2.3 From 57f3915b5513495b11e7052df0260c7896b7b612 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 24 Nov 2005 19:58:19 +1100 Subject: - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an asprintf() implementation, after syncing our {v,}snprintf() implementation with some extra fixes from Samba's version. With help and debugging from dtucker and tim; ok dtucker@ --- ChangeLog | 9 +- configure.ac | 70 ++++- openbsd-compat/Makefile.in | 4 +- openbsd-compat/bsd-asprintf.c | 95 +++++++ openbsd-compat/bsd-snprintf.c | 610 +++++++++++++++++++++++++--------------- openbsd-compat/openbsd-compat.h | 10 +- 6 files changed, 562 insertions(+), 236 deletions(-) create mode 100644 openbsd-compat/bsd-asprintf.c (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1164b770d..c869db7d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20051122 + - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c + openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an + asprintf() implementation, after syncing our {v,}snprintf() implementation + with some extra fixes from Samba's version. With help and debugging from + dtucker and tim; ok dtucker@ + 20051122 - (dtucker) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 @@ -3333,4 +3340,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4002 2005/11/22 08:55:13 dtucker Exp $ +$Id: ChangeLog,v 1.4003 2005/11/24 08:58:19 djm Exp $ diff --git a/configure.ac b/configure.ac index 2885a69fb..396552888 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.307 2005/11/12 07:42:37 dtucker Exp $ +# $Id: configure.ac,v 1.308 2005/11/24 08:58:20 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -426,6 +426,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) + CFLAGS="$CFLAGS -Dva_list=_VA_LIST" AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -1106,6 +1107,7 @@ AC_ARG_WITH(audit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS( \ arc4random \ + asprintf \ b64_ntop \ __b64_ntop \ b64_pton \ @@ -1181,6 +1183,7 @@ AC_CHECK_FUNCS( \ truncate \ unsetenv \ updwtmpx \ + vasprintf \ vhangup \ vsnprintf \ waitpid \ @@ -1299,6 +1302,40 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +# If we don't have a working asprintf, then we strongly depend on vsnprintf +# returning the right thing on overflow: the number of characters it tried to +# create (as per SUSv3) +if test "x$ac_cv_func_asprintf" != "xyes" && \ + test "x$ac_cv_func_vsnprintf" = "xyes" ; then + AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +#include + +int x_snprintf(char *str,size_t count,const char *fmt,...) +{ + size_t ret; va_list ap; + va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); + return ret; +} +int main(void) +{ + char x[1]; + exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); +} ]])], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_SNPRINTF, 1, + [Define if your snprintf is busted]) + AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) + ], + [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] + ) +fi + # Check for missing getpeereid (or equiv) support NO_PEERCHECK="" if test "x$ac_cv_func_getpeereid" != "xyes" ; then @@ -1978,7 +2015,10 @@ if test ! -z "$SONY" ; then LIBS="$LIBS -liberty"; fi -# Checks for data types +# Check for long long datatypes +AC_CHECK_TYPES([long long, unsigned long long, long double]) + +# Check datatype sizes AC_CHECK_SIZEOF(char, 1) AC_CHECK_SIZEOF(short int, 2) AC_CHECK_SIZEOF(int, 4) @@ -2669,6 +2709,32 @@ if test "x$ac_cv_cc_implements___func__" = "xyes" ; then AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__]) fi +AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ + AC_TRY_LINK( + [#include + va_list x,y;], + [va_copy(x,y);], + [ ac_cv_have_va_copy="yes" ], + [ ac_cv_have_va_copy="no" ] + ) +]) +if test "x$ac_cv_have_va_copy" = "xyes" ; then + AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists]) +fi + +AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ + AC_TRY_LINK( + [#include + va_list x,y;], + [__va_copy(x,y);], + [ ac_cv_have___va_copy="yes" ], + [ ac_cv_have___va_copy="no" ] + ) +]) +if test "x$ac_cv_have___va_copy" = "xyes" ; then + AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists]) +fi + AC_CACHE_CHECK([whether getopt has optreset support], ac_cv_have_getopt_optreset, [ AC_TRY_LINK( diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 6f5ee2845..89ac6cdaf 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $ +# $Id: Makefile.in,v 1.36 2005/11/24 08:58:21 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-irix.o port-aix.o port-uw.o diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c new file mode 100644 index 000000000..5ca01f80f --- /dev/null +++ b/openbsd-compat/bsd-asprintf.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2004 Darren Tucker. + * + * Based originally on asprintf.c from OpenBSD: + * Copyright (c) 1997 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifndef HAVE_VASPRINTF + +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif + +#define INIT_SZ 128 + +int vasprintf(char **str, const char *fmt, va_list ap) +{ + int ret = -1; + va_list ap2; + char *string, *newstr; + size_t len; + + VA_COPY(ap2, ap); + if ((string = malloc(INIT_SZ)) == NULL) + goto fail; + + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ + *str = string; + } else if (ret == INT_MAX) { /* shouldn't happen */ + goto fail; + } else { /* bigger than initial, realloc allowing for nul */ + len = (size_t)ret + 1; + if ((newstr = realloc(string, len)) == NULL) { + free(string); + goto fail; + } else { + va_end(ap2); + VA_COPY(ap2, ap); + ret = vsnprintf(newstr, len, fmt, ap2); + if (ret >= 0 && (size_t)ret < len) { + *str = newstr; + } else { /* failed with realloc'ed string, give up */ + free(newstr); + goto fail; + } + } + } + va_end(ap2); + return (ret); + +fail: + *str = NULL; + errno = ENOMEM; + va_end(ap2); + return (-1); +} +#endif + +#ifndef HAVE_ASPRINTF +int asprintf(char **str, const char *fmt, ...) +{ + va_list ap; + int ret; + + *str = NULL; + va_start(ap, fmt); + ret = vasprintf(str, fmt, ap); + va_end(ap); + + return ret; +} +#endif diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index b5a7ef7a0..ca275abdf 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -45,45 +45,82 @@ * missing. Some systems only have snprintf() but not vsnprintf(), so * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. * - * Ben Lindstrom 09/27/00 for OpenSSH - * Welcome to the world of %lld and %qd support. With other - * long long support. This is needed for sftp-server to work - * right. + * Andrew Tridgell (tridge@samba.org) Oct 1998 + * fixed handling of %.0f + * added test for HAVE_LONG_DOUBLE * - * Ben Lindstrom 02/12/01 for OpenSSH - * Removed all hint of VARARGS stuff and banished it to the void, - * and did a bit of KNF style work to make things a bit more - * acceptable. Consider stealing from mutt or enlightenment. + * tridge@samba.org, idra@samba.org, April 2001 + * got rid of fcvt code (twas buggy and made testing harder) + * added C99 semantics + * + * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 + * actually print args for %g and %e + * + * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 + * Since includes.h isn't included here, VA_COPY has to be defined here. I don't + * see any include file that is guaranteed to be here, so I'm defining it + * locally. Fixes AIX and Solaris builds. + * + * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 + * put the ifdef for HAVE_VA_COPY in one place rather than in lots of + * functions + * + * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 + * Fix usage of va_list passed as an arg. Use __va_copy before using it + * when it exists. + * + * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 + * Fix incorrect zpadlen handling in fmtfp. + * Thanks to Ollie Oldham for spotting it. + * few mods to make it easier to compile the tests. + * addedd the "Ollie" test to the floating point ones. + * + * Martin Pool (mbp@samba.org) April 2003 + * Remove NO_CONFIG_H so that the test case can be built within a source + * tree with less trouble. + * Remove unnecessary SAFE_FREE() definition. + * + * Martin Pool (mbp@samba.org) May 2003 + * Put in a prototype for dummy_snprintf() to quiet compiler warnings. + * + * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even + * if the C library has some snprintf functions already. **************************************************************/ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.10 2005/11/24 08:58:21 djm Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF # undef HAVE_VSNPRINTF #endif -#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) - -static void -dopr(char *buffer, size_t maxlen, const char *format, va_list args); - -static void -fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, - int min, int max); +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif -static void -fmtint(char *buffer, size_t *currlen, size_t maxlen, long value, int base, - int min, int max, int flags); +#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) -static void -fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, - int min, int max, int flags); +#ifdef HAVE_LONG_DOUBLE +# define LDOUBLE long double +#else +# define LDOUBLE double +#endif -static void -dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); +#ifdef HAVE_LONG_LONG +# define LLONG long long +#else +# define LLONG long +#endif /* * dopr(): poor man's version of doprintf @@ -109,28 +146,49 @@ dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); #define DP_F_UNSIGNED (1 << 6) /* Conversion Flags */ -#define DP_C_SHORT 1 -#define DP_C_LONG 2 -#define DP_C_LDOUBLE 3 -#define DP_C_LONG_LONG 4 - -#define char_to_int(p) (p - '0') -#define abs_val(p) (p < 0 ? -p : p) - +#define DP_C_SHORT 1 +#define DP_C_LONG 2 +#define DP_C_LDOUBLE 3 +#define DP_C_LLONG 4 + +#define char_to_int(p) ((p)- '0') +#ifndef MAX +# define MAX(p,q) (((p) >= (q)) ? (p) : (q)) +#endif -static void -dopr(char *buffer, size_t maxlen, const char *format, va_list args) +static size_t dopr(char *buffer, size_t maxlen, const char *format, + va_list args_in); +static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max); +static void fmtint(char *buffer, size_t *currlen, size_t maxlen, + long value, int base, int min, int max, int flags); +static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags); +static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); + +static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) { - char *strvalue, ch; - long value; - long double fvalue; - int min = 0, max = -1, state = DP_S_DEFAULT, flags = 0, cflags = 0; - size_t currlen = 0; - + char ch; + LLONG value; + LDOUBLE fvalue; + char *strvalue; + int min; + int max; + int state; + int flags; + int cflags; + size_t currlen; + va_list args; + + VA_COPY(args, args_in); + + state = DP_S_DEFAULT; + currlen = flags = cflags = min = 0; + max = -1; ch = *format++; - + while (state != DP_S_DONE) { - if ((ch == '\0') || (currlen >= maxlen)) + if (ch == '\0') state = DP_S_DONE; switch(state) { @@ -138,7 +196,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) if (ch == '%') state = DP_S_FLAGS; else - dopr_outch(buffer, &currlen, maxlen, ch); + dopr_outch (buffer, &currlen, maxlen, ch); ch = *format++; break; case DP_S_FLAGS: @@ -170,34 +228,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) break; case DP_S_MIN: if (isdigit((unsigned char)ch)) { - min = 10 * min + char_to_int (ch); + min = 10*min + char_to_int (ch); ch = *format++; } else if (ch == '*') { min = va_arg (args, int); ch = *format++; state = DP_S_DOT; - } else + } else { state = DP_S_DOT; + } break; case DP_S_DOT: if (ch == '.') { state = DP_S_MAX; ch = *format++; - } else + } else { state = DP_S_MOD; + } break; case DP_S_MAX: if (isdigit((unsigned char)ch)) { if (max < 0) max = 0; - max = 10 * max + char_to_int(ch); + max = 10*max + char_to_int (ch); ch = *format++; } else if (ch == '*') { max = va_arg (args, int); ch = *format++; state = DP_S_MOD; - } else + } else { state = DP_S_MOD; + } break; case DP_S_MOD: switch (ch) { @@ -208,15 +269,11 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) case 'l': cflags = DP_C_LONG; ch = *format++; - if (ch == 'l') { - cflags = DP_C_LONG_LONG; + if (ch == 'l') { /* It's a long long */ + cflags = DP_C_LLONG; ch = *format++; } break; - case 'q': - cflags = DP_C_LONG_LONG; - ch = *format++; - break; case 'L': cflags = DP_C_LDOUBLE; ch = *format++; @@ -231,37 +288,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) case 'd': case 'i': if (cflags == DP_C_SHORT) - value = va_arg(args, int); + value = va_arg (args, int); else if (cflags == DP_C_LONG) - value = va_arg(args, long int); - else if (cflags == DP_C_LONG_LONG) - value = va_arg (args, long long); + value = va_arg (args, long int); + else if (cflags == DP_C_LLONG) + value = va_arg (args, LLONG); else value = va_arg (args, int); - fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags); + fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); break; case 'o': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) - value = va_arg(args, unsigned int); + value = va_arg (args, unsigned int); else if (cflags == DP_C_LONG) - value = va_arg(args, unsigned long int); - else if (cflags == DP_C_LONG_LONG) - value = va_arg(args, unsigned long long); + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (long)va_arg (args, unsigned LLONG); else - value = va_arg(args, unsigned int); - fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags); + value = (long)va_arg (args, unsigned int); + fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); break; case 'u': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) - value = va_arg(args, unsigned int); + value = va_arg (args, unsigned int); else if (cflags == DP_C_LONG) - value = va_arg(args, unsigned long int); - else if (cflags == DP_C_LONG_LONG) - value = va_arg(args, unsigned long long); + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (LLONG)va_arg (args, unsigned LLONG); else - value = va_arg(args, unsigned int); + value = (long)va_arg (args, unsigned int); fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); break; case 'X': @@ -269,79 +326,86 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) case 'x': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) - value = va_arg(args, unsigned int); + value = va_arg (args, unsigned int); else if (cflags == DP_C_LONG) - value = va_arg(args, unsigned long int); - else if (cflags == DP_C_LONG_LONG) - value = va_arg(args, unsigned long long); + value = (long)va_arg (args, unsigned long int); + else if (cflags == DP_C_LLONG) + value = (LLONG)va_arg (args, unsigned LLONG); else - value = va_arg(args, unsigned int); - fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags); + value = (long)va_arg (args, unsigned int); + fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); break; case 'f': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, long double); + fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = va_arg (args, double); /* um, floating point? */ - fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags); + fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'E': flags |= DP_F_UP; case 'e': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, long double); + fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = va_arg (args, double); + fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'G': flags |= DP_F_UP; case 'g': if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, long double); + fvalue = va_arg (args, LDOUBLE); else - fvalue = va_arg(args, double); + fvalue = va_arg (args, double); + fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'c': - dopr_outch(buffer, &currlen, maxlen, va_arg(args, int)); + dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); break; case 's': - strvalue = va_arg(args, char *); - if (max < 0) - max = maxlen; /* ie, no max */ - fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max); + strvalue = va_arg (args, char *); + if (!strvalue) strvalue = "(NULL)"; + if (max == -1) { + max = strlen(strvalue); + } + if (min > 0 && max >= 0 && min > max) max = min; + fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); break; case 'p': - strvalue = va_arg(args, void *); - fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); + strvalue = va_arg (args, void *); + fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); break; case 'n': if (cflags == DP_C_SHORT) { short int *num; - num = va_arg(args, short int *); + num = va_arg (args, short int *); *num = currlen; } else if (cflags == DP_C_LONG) { long int *num; - num = va_arg(args, long int *); - *num = currlen; - } else if (cflags == DP_C_LONG_LONG) { - long long *num; - num = va_arg(args, long long *); - *num = currlen; + num = va_arg (args, long int *); + *num = (long int)currlen; + } else if (cflags == DP_C_LLONG) { + LLONG *num; + num = va_arg (args, LLONG *); + *num = (LLONG)currlen; } else { int *num; - num = va_arg(args, int *); + num = va_arg (args, int *); *num = currlen; } break; case '%': - dopr_outch(buffer, &currlen, maxlen, ch); + dopr_outch (buffer, &currlen, maxlen, ch); break; - case 'w': /* not supported yet, treat as next char */ + case 'w': + /* not supported yet, treat as next char */ ch = *format++; break; - default: /* Unknown, skip */ - break; + default: + /* Unknown, skip */ + break; } ch = *format++; state = DP_S_DEFAULT; @@ -350,24 +414,33 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args) break; case DP_S_DONE: break; - default: /* hmm? */ + default: + /* hmm? */ break; /* some picky compilers need this */ } } - if (currlen < maxlen - 1) - buffer[currlen] = '\0'; - else - buffer[maxlen - 1] = '\0'; + if (maxlen != 0) { + if (currlen < maxlen - 1) + buffer[currlen] = '\0'; + else if (maxlen > 0) + buffer[maxlen - 1] = '\0'; + } + + return currlen; } -static void -fmtstr(char *buffer, size_t *currlen, size_t maxlen, - char *value, int flags, int min, int max) +static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max) { - int cnt = 0, padlen, strln; /* amount to pad */ - - if (value == 0) + int padlen, strln; /* amount to pad */ + int cnt = 0; + +#ifdef DEBUG_SNPRINTF + printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value); +#endif + if (value == 0) { value = ""; + } for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; @@ -375,18 +448,18 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justify */ - + while ((padlen > 0) && (cnt < max)) { - dopr_outch(buffer, currlen, maxlen, ' '); + dopr_outch (buffer, currlen, maxlen, ' '); --padlen; ++cnt; } while (*value && (cnt < max)) { - dopr_outch(buffer, currlen, maxlen, *value++); + dopr_outch (buffer, currlen, maxlen, *value++); ++cnt; } while ((padlen < 0) && (cnt < max)) { - dopr_outch(buffer, currlen, maxlen, ' '); + dopr_outch (buffer, currlen, maxlen, ' '); ++padlen; ++cnt; } @@ -394,49 +467,49 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ -static void -fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags) +static void fmtint(char *buffer, size_t *currlen, size_t maxlen, + long value, int base, int min, int max, int flags) { + int signvalue = 0; unsigned long uvalue; char convert[20]; - int signvalue = 0, place = 0, caps = 0; + int place = 0; int spadlen = 0; /* amount to space pad */ int zpadlen = 0; /* amount to zero pad */ - + int caps = 0; + if (max < 0) max = 0; - + uvalue = value; - - if (!(flags & DP_F_UNSIGNED)) { - if (value < 0) { + + if(!(flags & DP_F_UNSIGNED)) { + if( value < 0 ) { signvalue = '-'; uvalue = -value; - } else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; + } else { + if (flags & DP_F_PLUS) /* Do a sign (+/i) */ + signvalue = '+'; + else if (flags & DP_F_SPACE) + signvalue = ' '; + } } - if (flags & DP_F_UP) - caps = 1; /* Should characters be upper case? */ + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ + do { convert[place++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [uvalue % (unsigned)base]; + (caps? "0123456789ABCDEF":"0123456789abcdef") + [uvalue % (unsigned)base ]; uvalue = (uvalue / (unsigned)base ); - } while (uvalue && (place < 20)); - if (place == 20) - place--; + } while(uvalue && (place < 20)); + if (place == 20) place--; convert[place] = 0; zpadlen = max - place; spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); - if (zpadlen < 0) - zpadlen = 0; - if (spadlen < 0) - spadlen = 0; + if (zpadlen < 0) zpadlen = 0; + if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { zpadlen = MAX(zpadlen, spadlen); spadlen = 0; @@ -444,27 +517,32 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, if (flags & DP_F_MINUS) spadlen = -spadlen; /* Left Justifty */ +#ifdef DEBUG_SNPRINTF + printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", + zpadlen, spadlen, min, max, place); +#endif + /* Spaces */ while (spadlen > 0) { - dopr_outch(buffer, currlen, maxlen, ' '); + dopr_outch (buffer, currlen, maxlen, ' '); --spadlen; } /* Sign */ if (signvalue) - dopr_outch(buffer, currlen, maxlen, signvalue); + dopr_outch (buffer, currlen, maxlen, signvalue); /* Zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - dopr_outch(buffer, currlen, maxlen, '0'); + dopr_outch (buffer, currlen, maxlen, '0'); --zpadlen; } } /* Digits */ while (place > 0) - dopr_outch(buffer, currlen, maxlen, convert[--place]); + dopr_outch (buffer, currlen, maxlen, convert[--place]); /* Left Justified spaces */ while (spadlen < 0) { @@ -473,11 +551,20 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen, } } -static long double -pow10(int exp) +static LDOUBLE abs_val(LDOUBLE value) { - long double result = 1; + LDOUBLE result = value; + + if (value < 0) + result = -value; + + return result; +} +static LDOUBLE POW10(int exp) +{ + LDOUBLE result = 1; + while (exp) { result *= 10; exp--; @@ -486,28 +573,69 @@ pow10(int exp) return result; } -static long -round(long double value) +static LLONG ROUND(LDOUBLE value) { - long intpart = value; - - value -= intpart; - if (value >= 0.5) - intpart++; + LLONG intpart; + intpart = (LLONG)value; + value = value - intpart; + if (value >= 0.5) intpart++; + return intpart; } -static void -fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, - int min, int max, int flags) +/* a replacement for modf that doesn't need the math library. Should + be portable, but slow */ +static double my_modf(double x0, double *iptr) { - char iconvert[20], fconvert[20]; - int signvalue = 0, iplace = 0, fplace = 0; + int i; + long l; + double x = x0; + double f = 1.0; + + for (i=0;i<100;i++) { + l = (long)x; + if (l <= (x+1) && l >= (x-1)) break; + x *= 0.1; + f *= 10.0; + } + + if (i == 100) { + /* yikes! the number is beyond what we can handle. What do we do? */ + (*iptr) = 0; + return 0; + } + + if (i != 0) { + double i2; + double ret; + + ret = my_modf(x0-l*f, &i2); + (*iptr) = l*f + i2; + return ret; + } + + (*iptr) = l; + return x - (*iptr); +} + + +static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, + LDOUBLE fvalue, int min, int max, int flags) +{ + int signvalue = 0; + double ufvalue; + char iconvert[311]; + char fconvert[311]; + int iplace = 0; + int fplace = 0; int padlen = 0; /* amount to pad */ - int zpadlen = 0, caps = 0; - long intpart, fracpart; - long double ufvalue; + int zpadlen = 0; + int caps = 0; + int idx; + double intpart; + double fracpart; + double temp; /* * AIX manpage says the default is 0, but Solaris says the default @@ -516,137 +644,159 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, if (max < 0) max = 6; - ufvalue = abs_val(fvalue); + ufvalue = abs_val (fvalue); - if (fvalue < 0) + if (fvalue < 0) { signvalue = '-'; - else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; + } else { + if (flags & DP_F_PLUS) { /* Do a sign (+/i) */ + signvalue = '+'; + } else { + if (flags & DP_F_SPACE) + signvalue = ' '; + } + } - intpart = ufvalue; +#if 0 + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ +#endif + +#if 0 + if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ +#endif /* - * Sorry, we only support 9 digits past the decimal because of our + * Sorry, we only support 16 digits past the decimal because of our * conversion method */ - if (max > 9) - max = 9; + if (max > 16) + max = 16; /* We "cheat" by converting the fractional part to integer by * multiplying by a factor of 10 */ - fracpart = round((pow10 (max)) * (ufvalue - intpart)); - if (fracpart >= pow10 (max)) { + temp = ufvalue; + my_modf(temp, &intpart); + + fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); + + if (fracpart >= POW10(max)) { intpart++; - fracpart -= pow10 (max); + fracpart -= POW10(max); } /* Convert integer part */ do { + temp = intpart*0.1; + my_modf(temp, &intpart); + idx = (int) ((temp -intpart +0.05)* 10.0); + /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ + /* printf ("%llf, %f, %x\n", temp, intpart, idx); */ iconvert[iplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [intpart % 10]; - intpart = (intpart / 10); - } while(intpart && (iplace < 20)); - if (iplace == 20) - iplace--; + (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; + } while (intpart && (iplace < 311)); + if (iplace == 311) iplace--; iconvert[iplace] = 0; /* Convert fractional part */ - do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [fracpart % 10]; - fracpart = (fracpart / 10); - } while(fracpart && (fplace < 20)); - if (fplace == 20) - fplace--; + if (fracpart) + { + do { + temp = fracpart*0.1; + my_modf(temp, &fracpart); + idx = (int) ((temp -fracpart +0.05)* 10.0); + /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */ + /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */ + fconvert[fplace++] = + (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; + } while(fracpart && (fplace < 311)); + if (fplace == 311) fplace--; + } fconvert[fplace] = 0; - + /* -1 for decimal point, another -1 if we are printing a sign */ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); zpadlen = max - fplace; - if (zpadlen < 0) - zpadlen = 0; + if (zpadlen < 0) zpadlen = 0; if (padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justifty */ - + if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { - dopr_outch(buffer, currlen, maxlen, signvalue); + dopr_outch (buffer, currlen, maxlen, signvalue); --padlen; signvalue = 0; } while (padlen > 0) { - dopr_outch(buffer, currlen, maxlen, '0'); + dopr_outch (buffer, currlen, maxlen, '0'); --padlen; } } while (padlen > 0) { - dopr_outch(buffer, currlen, maxlen, ' '); + dopr_outch (buffer, currlen, maxlen, ' '); --padlen; } if (signvalue) - dopr_outch(buffer, currlen, maxlen, signvalue); - + dopr_outch (buffer, currlen, maxlen, signvalue); + while (iplace > 0) - dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]); + dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); + +#ifdef DEBUG_SNPRINTF + printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); +#endif /* - * Decimal point. This should probably use locale to find the - * correct char to print out. + * Decimal point. This should probably use locale to find the correct + * char to print out. */ - dopr_outch(buffer, currlen, maxlen, '.'); - - while (fplace > 0) - dopr_outch(buffer, currlen, maxlen, fconvert[--fplace]); + if (max > 0) { + dopr_outch (buffer, currlen, maxlen, '.'); + + while (zpadlen > 0) { + dopr_outch (buffer, currlen, maxlen, '0'); + --zpadlen; + } - while (zpadlen > 0) { - dopr_outch(buffer, currlen, maxlen, '0'); - --zpadlen; + while (fplace > 0) + dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); } while (padlen < 0) { - dopr_outch(buffer, currlen, maxlen, ' '); + dopr_outch (buffer, currlen, maxlen, ' '); ++padlen; } } -static void -dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) +static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) { - if (*currlen < maxlen) - buffer[(*currlen)++] = c; + if (*currlen < maxlen) { + buffer[(*currlen)] = c; + } + (*currlen)++; } #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ -#ifndef HAVE_VSNPRINTF -int -vsnprintf(char *str, size_t count, const char *fmt, va_list args) +#if !defined(HAVE_VSNPRINTF) +int vsnprintf (char *str, size_t count, const char *fmt, va_list args) { - str[0] = 0; - dopr(str, count, fmt, args); - - return(strlen(str)); + return dopr(str, count, fmt, args); } -#endif /* !HAVE_VSNPRINTF */ +#endif -#ifndef HAVE_SNPRINTF -int -snprintf(char *str,size_t count,const char *fmt,...) +#if !defined(HAVE_SNPRINTF) +int snprintf(char *str,size_t count,const char *fmt,...) { + size_t ret; va_list ap; va_start(ap, fmt); - (void) vsnprintf(str, count, fmt, ap); + ret = vsnprintf(str, count, fmt, ap); va_end(ap); - - return(strlen(str)); + return ret; } +#endif -#endif /* !HAVE_SNPRINTF */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index dda558ffe..fe0c36dcd 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.31 2005/09/29 23:55:50 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.32 2005/11/24 08:58:21 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -142,6 +142,10 @@ unsigned int arc4random(void); void arc4random_stir(void); #endif /* !HAVE_ARC4RANDOM */ +#ifndef HAVE_ASPRINTF +int asprintf(char **, const char *, ...); +#endif + #ifndef HAVE_OPENPTY int openpty(int *, int *, char *, struct termios *, struct winsize *); #endif /* HAVE_OPENPTY */ @@ -160,6 +164,10 @@ long long strtoll(const char *, char **, int); long long strtonum(const char *, long long, long long, const char **); #endif +#ifndef HAVE_VASPRINTF +int vasprintf(char **, const char *, va_list); +#endif + #ifndef HAVE_VSNPRINTF int vsnprintf(char *, size_t, const char *, va_list); #endif -- cgit v1.2.3 From 79d09fad52f8a645c26220ece978e156df2021c4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Nov 2005 22:34:54 +1100 Subject: - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument order in Reliant Unix block. Patch from johane at lysator.liu.se. --- ChangeLog | 4 +++- configure.ac | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c869db7d9..d0cd86c8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ asprintf() implementation, after syncing our {v,}snprintf() implementation with some extra fixes from Samba's version. With help and debugging from dtucker and tim; ok dtucker@ + - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument + order in Reliant Unix block. Patch from johane at lysator.liu.se. 20051122 - (dtucker) OpenBSD CVS Sync @@ -3340,4 +3342,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4003 2005/11/24 08:58:19 djm Exp $ +$Id: ChangeLog,v 1.4004 2005/11/24 11:34:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 396552888..339c23437 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.308 2005/11/24 08:58:20 djm Exp $ +# $Id: configure.ac,v 1.309 2005/11/24 11:34:54 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -410,8 +410,8 @@ mips-sony-bsd|mips-sony-newsos4) *-sni-sysv*) # /usr/ucblib MUST NOT be searched on ReliantUNIX AC_CHECK_LIB(dl, dlsym, ,) - # -lresolv needs to be at then end of LIBS or DNS lookups break - AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) + # -lresolv needs to be at the end of LIBS or DNS lookups break + AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ]) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -911,7 +911,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, - [Define in your struct dirent expects you to + [Define if your struct dirent expects you to allocate extra space for d_name]) ], [ -- cgit v1.2.3 From faec5ca73f27d4fe5a0d6c2075de8031160037b0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 24 Nov 2005 23:18:54 +1100 Subject: - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so many and use them only once. Speeds up testing on older/slower hardware. --- ChangeLog | 4 +++- regress/test-exec.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d0cd86c8a..dc7ddad8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ dtucker and tim; ok dtucker@ - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument order in Reliant Unix block. Patch from johane at lysator.liu.se. + - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so + many and use them only once. Speeds up testing on older/slower hardware. 20051122 - (dtucker) OpenBSD CVS Sync @@ -3342,4 +3344,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4004 2005/11/24 11:34:54 dtucker Exp $ +$Id: ChangeLog,v 1.4005 2005/11/24 12:18:54 dtucker Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 4b3a70eb3..de643154e 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -244,7 +244,7 @@ trace "generate keys" for t in rsa rsa1; do # generate user key rm -f $OBJ/$t - ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ + ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ fail "ssh-keygen for $t failed" # known hosts file for client -- cgit v1.2.3 From 58e298d11b8752062c21b693126e4206458bdad8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 25 Nov 2005 13:14:58 +1100 Subject: - (dtucker) [configure.ac] Apply tim's fix for older systems where the resolver state in resolv.h is "state" not "__res_state". With slight modification by me to also work on old AIXes. ok djm@ --- ChangeLog | 9 +++++++-- configure.ac | 13 ++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index dc7ddad8f..f922e8d7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -20051122 +20051125 + - (dtucker) [configure.ac] Apply tim's fix for older systems where the + resolver state in resolv.h is "state" not "__res_state". With slight + modification by me to also work on old AIXes. ok djm@ + +20051124 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an asprintf() implementation, after syncing our {v,}snprintf() implementation @@ -3344,4 +3349,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4005 2005/11/24 12:18:54 dtucker Exp $ +$Id: ChangeLog,v 1.4006 2005/11/25 02:14:58 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 339c23437..2149f5af6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.309 2005/11/24 11:34:54 dtucker Exp $ +# $Id: configure.ac,v 1.310 2005/11/25 02:14:58 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2534,6 +2534,17 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) AC_CHECK_MEMBERS([struct stat.st_blksize]) +AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state, + [Define if we don't have struct __res_state in resolv.h])], +[ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#include +#include +#include +]) AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], ac_cv_have_ss_family_in_struct_ss, [ -- cgit v1.2.3 From e0be30426a18f3c8038f98cdb10171200b134d60 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 25 Nov 2005 14:44:55 +1100 Subject: - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for snprintf formats, fixes warnings on some 64 bit platforms. Patch from shaw at vranix.com, ok djm@ --- ChangeLog | 5 ++++- progressmeter.c | 6 +++--- scp.c | 2 +- sftp-server.c | 4 ++-- 4 files changed, 10 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f922e8d7e..1f65d2cfc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [configure.ac] Apply tim's fix for older systems where the resolver state in resolv.h is "state" not "__res_state". With slight modification by me to also work on old AIXes. ok djm@ + - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for + snprintf formats, fixes warnings on some 64 bit platforms. Patch from + shaw at vranix.com, ok djm@ 20051124 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c @@ -3349,4 +3352,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4006 2005/11/25 02:14:58 dtucker Exp $ +$Id: ChangeLog,v 1.4007 2005/11/25 03:44:55 dtucker Exp $ diff --git a/progressmeter.c b/progressmeter.c index 3cda09061..13c51d87e 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -85,8 +85,8 @@ format_rate(char *buf, int size, off_t bytes) bytes = (bytes + 512) / 1024; } snprintf(buf, size, "%3lld.%1lld%c%s", - (int64_t) (bytes + 5) / 100, - (int64_t) (bytes + 5) / 10 % 10, + (long long) (bytes + 5) / 100, + (long long) (bytes + 5) / 10 % 10, unit[i], i ? "B" : " "); } @@ -99,7 +99,7 @@ format_size(char *buf, int size, off_t bytes) for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++) bytes = (bytes + 512) / 1024; snprintf(buf, size, "%4lld%c%s", - (int64_t) bytes, + (long long) bytes, unit[i], i ? "B" : " "); } diff --git a/scp.c b/scp.c index 59285abca..a19021f85 100644 --- a/scp.c +++ b/scp.c @@ -563,7 +563,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) snprintf(buf, sizeof buf, "C%04o %lld %s\n", (u_int) (stb.st_mode & FILEMODEMASK), - (int64_t)stb.st_size, last); + (long long)stb.st_size, last); if (verbose_mode) { fprintf(stderr, "Sending file modes: %s", buf); } diff --git a/sftp-server.c b/sftp-server.c index e7d000cff..4fa07e2f5 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -428,7 +428,7 @@ process_read(void) len = get_int(); TRACE("read id %u handle %d off %llu len %d", id, handle, - (u_int64_t)off, len); + (unsigned long long)off, len); if (len > sizeof buf) { len = sizeof buf; logit("read change len %d", len); @@ -469,7 +469,7 @@ process_write(void) data = get_string(&len); TRACE("write id %u handle %d off %llu len %d", id, handle, - (u_int64_t)off, len); + (unsigned long long)off, len); fd = handle_to_fd(handle); if (fd >= 0) { if (lseek(fd, off, SEEK_SET) < 0) { -- cgit v1.2.3 From 91d25a0c4537ce7f43f78498a5fc767a4d6ab0b7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Nov 2005 22:24:09 +1100 Subject: - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, when they're available) need the real UID set otherwise pam_chauthtok will set ADMCHG after changing the password, forcing the user to change it again immediately. --- ChangeLog | 8 +++++++- configure.ac | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1f65d2cfc..5fd224aef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051126 + - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, + when they're available) need the real UID set otherwise pam_chauthtok will + set ADMCHG after changing the password, forcing the user to change it + again immediately. + 20051125 - (dtucker) [configure.ac] Apply tim's fix for older systems where the resolver state in resolv.h is "state" not "__res_state". With slight @@ -3352,4 +3358,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4007 2005/11/25 03:44:55 dtucker Exp $ +$Id: ChangeLog,v 1.4008 2005/11/26 11:24:09 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 2149f5af6..ffa94e863 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.310 2005/11/25 02:14:58 dtucker Exp $ +# $Id: configure.ac,v 1.311 2005/11/26 11:24:10 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -181,6 +181,8 @@ case "$host" in AC_DEFINE(SPT_TYPE,SPT_REUSEARGV, [Define to a Set Process Title type if your system is supported by bsd-setproctitle.c]) + AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, + [AIX 5.2 and 5.3 (and presumably newer) require this]) ;; *-*-cygwin*) check_for_libcrypt_later=1 -- cgit v1.2.3 From b1a8777f3ac863890bb9d324866d1a78c42c6597 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 28 Nov 2005 16:41:03 +1100 Subject: - (dtucker) [regress/yes-head.sh] Work around breakage caused by some versions of GNU head. Based on patch from zappaman at buraphalinux.org --- ChangeLog | 6 +++++- regress/yes-head.sh | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5fd224aef..fb7004a94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051128 + - (dtucker) [regress/yes-head.sh] Work around breakage caused by some + versions of GNU head. Based on patch from zappaman at buraphalinux.org + 20051126 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, when they're available) need the real UID set otherwise pam_chauthtok will @@ -3358,4 +3362,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4008 2005/11/26 11:24:09 dtucker Exp $ +$Id: ChangeLog,v 1.4009 2005/11/28 05:41:03 dtucker Exp $ diff --git a/regress/yes-head.sh b/regress/yes-head.sh index 17a4d0dd4..a8e6bc800 100644 --- a/regress/yes-head.sh +++ b/regress/yes-head.sh @@ -4,7 +4,7 @@ tid="yes pipe head" for p in 1 2; do - lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | head -2000"' | (sleep 3 ; wc -l)` + lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` if [ $? -ne 0 ]; then fail "yes|head test failed" lines = 0; -- cgit v1.2.3 From 9f647335d21daf0bf23257e47be98b3e18219b63 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 28 Nov 2005 16:41:46 +1100 Subject: [ssh-keygen.1 ssh-keygen.c] Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@. --- ChangeLog | 9 ++++++++- ssh-keygen.1 | 6 +++--- ssh-keygen.c | 6 ++++-- 3 files changed, 15 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fb7004a94..97be30611 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ 20051128 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some versions of GNU head. Based on patch from zappaman at buraphalinux.org + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 + [ssh-keygen.1 ssh-keygen.c] + Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, + increase minumum RSA key size to 768 bits and update man page to reflect + these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), + ok djm@, grudging ok deraadt@. 20051126 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, @@ -3362,4 +3369,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4009 2005/11/28 05:41:03 dtucker Exp $ +$Id: ChangeLog,v 1.4010 2005/11/28 05:41:46 dtucker Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 348a49ce2..ab16bcd77 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.71 2005/10/31 19:55:25 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $ .\" .\" -*- nroff -*- .\" @@ -190,9 +190,9 @@ command. Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits Specifies the number of bits in the key to create. -Minimum is 512 bits. +For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. -The default is 2048 bits. +DSA keys must be exactly 1024 bits as specified by FIPS 186-2. .It Fl C Ar comment Provides a new comment. .It Fl c diff --git a/ssh-keygen.c b/ssh-keygen.c index 7f9c7fd1a..b4c651d22 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.133 2005/10/31 11:12:49 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $"); #include #include @@ -1046,7 +1046,7 @@ main(int ac, char **av) "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = strtonum(optarg, 512, 32768, &errstr); + bits = strtonum(optarg, 768, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -1259,6 +1259,8 @@ main(int ac, char **av) fprintf(stderr, "unknown key type %s\n", key_type_name); exit(1); } + if (type == KEY_DSA && bits != 1024) + fatal("DSA keys must be 1024 bits"); if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); if (bits == 0) -- cgit v1.2.3 From 3a4634f67415ae6c69b97f042b284b8d98955f97 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 28 Nov 2005 17:05:40 +1100 Subject: - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 [ssh-agent.1] Update agent socket path templates to reflect reality, correct xref for time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ --- ChangeLog | 6 +++++- ssh-agent.1 | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 97be30611..211e34634 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@. + - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 + [ssh-agent.1] + Update agent socket path templates to reflect reality, correct xref for + time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ 20051126 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, @@ -3369,4 +3373,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4010 2005/11/28 05:41:46 dtucker Exp $ +$Id: ChangeLog,v 1.4011 2005/11/28 06:05:40 dtucker Exp $ diff --git a/ssh-agent.1 b/ssh-agent.1 index 741cf4bd1..fd6bd3f6c 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.43 2005/11/28 06:02:56 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,7 +70,7 @@ The options are as follows: Bind the agent to the unix-domain socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXX/agent. . +.Pa /tmp/ssh-XXXXXXXXXX/agent. . .It Fl c Generate C-shell commands on .Dv stdout . @@ -90,7 +90,7 @@ environment variable). .It Fl t Ar life Set a default value for the maximum lifetime of identities added to the agent. The lifetime may be specified in seconds or in a time format specified in -.Xr sshd 8 . +.Xr sshd_config 5 . A lifetime specified for an identity with .Xr ssh-add 1 overrides this value. @@ -185,7 +185,7 @@ Contains the protocol version 1 RSA authentication identity of the user. Contains the protocol version 2 DSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXX/agent. +.It Pa /tmp/ssh-XXXXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. -- cgit v1.2.3 From ac0c8a533d7b79f8404f904a05655e48aa792a45 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 28 Nov 2005 22:28:59 +1100 Subject: - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use _GNU_SOURCE instead. Patch from t8m at centrum.cz. --- ChangeLog | 4 +++- includes.h | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 211e34634..c8c053f6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20051128 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some versions of GNU head. Based on patch from zappaman at buraphalinux.org + - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use + _GNU_SOURCE instead. Patch from t8m at centrum.cz. - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 [ssh-keygen.1 ssh-keygen.c] @@ -3373,4 +3375,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4011 2005/11/28 06:05:40 dtucker Exp $ +$Id: ChangeLog,v 1.4012 2005/11/28 11:28:59 dtucker Exp $ diff --git a/includes.h b/includes.h index 351dd2ac0..12d948b6f 100644 --- a/includes.h +++ b/includes.h @@ -21,6 +21,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include "config.h" +#define _GNU_SOURCE /* activate extra prototypes for glibc */ + #include #include #include @@ -67,7 +69,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #ifdef HAVE_NEXT # include #endif -#define __USE_GNU /* before unistd.h, activate extra prototypes for glibc */ #include /* For STDIN_FILENO, etc */ #include /* Struct winsize */ -- cgit v1.2.3 From 660c3405f95fa3f1169cbeaba2bc74a37bcbea9e Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 28 Nov 2005 17:45:32 -0800 Subject: - (tim) [ssh-keygen.c] Move DSA length test after setting default when bits == 0. --- ChangeLog | 6 +++++- ssh-keygen.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c8c053f6d..1be6498d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051129 + - (tim) [ssh-keygen.c] Move DSA length test after setting default when + bits == 0. + 20051128 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some versions of GNU head. Based on patch from zappaman at buraphalinux.org @@ -3375,4 +3379,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4012 2005/11/28 11:28:59 dtucker Exp $ +$Id: ChangeLog,v 1.4013 2005/11/29 01:45:32 tim Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index b4c651d22..3a6174ac1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1259,12 +1259,12 @@ main(int ac, char **av) fprintf(stderr, "unknown key type %s\n", key_type_name); exit(1); } - if (type == KEY_DSA && bits != 1024) - fatal("DSA keys must be 1024 bits"); if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); if (bits == 0) bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; + if (type == KEY_DSA && bits != 1024) + fatal("DSA keys must be 1024 bits"); private = key_generate(type, bits); if (private == NULL) { fprintf(stderr, "key_generate failed"); -- cgit v1.2.3 From 3af2ac56a28dd49226388505b5ebbfc778335f9c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 29 Nov 2005 13:10:24 +1100 Subject: - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 [ssh-keygen.c] Populate default key sizes before checking them; from & ok tim@ --- ChangeLog | 6 +++++- ssh-keygen.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1be6498d9..3ce14070f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20051129 - (tim) [ssh-keygen.c] Move DSA length test after setting default when bits == 0. + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 + [ssh-keygen.c] + Populate default key sizes before checking them; from & ok tim@ 20051128 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some @@ -3379,4 +3383,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4013 2005/11/29 01:45:32 tim Exp $ +$Id: ChangeLog,v 1.4014 2005/11/29 02:10:24 dtucker Exp $ diff --git a/ssh-keygen.c b/ssh-keygen.c index 3a6174ac1..64fadc7a1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $"); #include #include @@ -1259,12 +1259,12 @@ main(int ac, char **av) fprintf(stderr, "unknown key type %s\n", key_type_name); exit(1); } - if (!quiet) - printf("Generating public/private %s key pair.\n", key_type_name); if (bits == 0) bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; if (type == KEY_DSA && bits != 1024) fatal("DSA keys must be 1024 bits"); + if (!quiet) + printf("Generating public/private %s key pair.\n", key_type_name); private = key_generate(type, bits); if (private == NULL) { fprintf(stderr, "key_generate failed"); -- cgit v1.2.3 From 46259d86a22512f9c53da031d7b829f45720f011 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 28 Nov 2005 18:40:34 -0800 Subject: - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) for UnixWare. --- ChangeLog | 4 +++- configure.ac | 5 ++++- sshd.8 | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3ce14070f..738741405 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 [ssh-keygen.c] Populate default key sizes before checking them; from & ok tim@ + - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) + for UnixWare. 20051128 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some @@ -3383,4 +3385,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4014 2005/11/29 02:10:24 dtucker Exp $ +$Id: ChangeLog,v 1.4015 2005/11/29 02:40:34 tim Exp $ diff --git a/configure.ac b/configure.ac index ffa94e863..0afb48716 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.311 2005/11/26 11:24:10 dtucker Exp $ +# $Id: configure.ac,v 1.312 2005/11/29 02:40:34 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -434,6 +434,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) + AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; # UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) @@ -450,6 +451,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) ;; + *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") + ;; esac ;; *-*-sysv*) diff --git a/sshd.8 b/sshd.8 index 94cefdea2..c610f47b8 100644 --- a/sshd.8 +++ b/sshd.8 @@ -119,7 +119,7 @@ or its group is listed in \&. The definition of a locked account is system dependant. Some platforms have their own account database (eg AIX) and some modify the passwd field ( .Ql \&*LK\&* -on Solaris, +on Solaris and UnixWare, .Ql \&* on HP-UX, containing .Ql Nologin -- cgit v1.2.3 From 7677be5d6cc4ade7dad11437fdc07ab78b7733d9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 1 Dec 2005 12:51:59 +1100 Subject: - (djm) [envpass.sh] Remove regress script that was accidentally committed in top level directory and not noticed for over a year :) --- ChangeLog | 6 +++++- envpass.sh | 44 -------------------------------------------- 2 files changed, 5 insertions(+), 45 deletions(-) delete mode 100644 envpass.sh (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 738741405..f5d6b0e6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051201 + - (djm) [envpass.sh] Remove regress script that was accidentally committed + in top level directory and not noticed for over a year :) + 20051129 - (tim) [ssh-keygen.c] Move DSA length test after setting default when bits == 0. @@ -3385,4 +3389,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4015 2005/11/29 02:40:34 tim Exp $ +$Id: ChangeLog,v 1.4016 2005/12/01 01:51:59 djm Exp $ diff --git a/envpass.sh b/envpass.sh deleted file mode 100644 index 67044d421..000000000 --- a/envpass.sh +++ /dev/null @@ -1,44 +0,0 @@ -# $OpenBSD: envpass.sh,v 1.1 2004/04/27 09:47:30 djm Exp $ -# Placed in the Public Domain. - -tid="environment passing" - -# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) - -trace "pass env, don't accept" -verbose "test $tid: pass env, don't accept" -_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \ - '[ -z "$_TEST_ENV" ]' -r=$? -if [ $r -ne 0 ]; then - fail "environment found" -fi - -trace "don't pass env, accept" -verbose "test $tid: don't pass env, accept" -${SSH} -F $OBJ/ssh_proxy otherhost \ - '[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]' -r=$? -if [ $r -ne 0 ]; then - fail "environment found" -fi - -trace "pass single env, accept single env" -verbose "test $tid: pass single env, accept single env" -_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \ - '[ "x$_XXX_TEST" = "xblah" ]' -r=$? -if [ $r -ne 0 ]; then - fail "environment not found" -fi - -trace "pass multiple env, accept multiple env" -verbose "test $tid: pass multiple env, accept multiple env" -_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ - -F $OBJ/ssh_proxy otherhost \ - '[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]' -r=$? -if [ $r -ne 0 ]; then - fail "environment not found" -fi - -- cgit v1.2.3 From c94ebbc723234b7246cfbdcc78f1ca0b36743211 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:25:21 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2005/11/30 11:18:27 [ssh.1] timezone -> time zone --- ChangeLog | 8 +++++++- ssh.1 | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f5d6b0e6f..12a217f60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051213 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/11/30 11:18:27 + [ssh.1] + timezone -> time zone + 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed in top level directory and not noticed for over a year :) @@ -3389,4 +3395,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4016 2005/12/01 01:51:59 djm Exp $ +$Id: ChangeLog,v 1.4017 2005/12/13 08:25:21 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 8e0f37719..6342d3cdc 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.212 2005/09/19 23:31:31 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.213 2005/11/30 11:18:27 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -975,7 +975,7 @@ with the current shell or command. If the current session has no tty, this variable is not set. .It Ev TZ -The timezone variable is set to indicate the present timezone if it +The time zone variable is set to indicate the present time zone if it was set when the daemon was started (i.e., the daemon passes the value on to new connections). .It Ev USER -- cgit v1.2.3 From 6dbdb6afeec1820b2799c2693fc8e8b364be8228 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:25:43 +1100 Subject: - jmc@cvs.openbsd.org 2005/11/30 11:45:20 [ssh.1] avoid ambiguities in describing TZ; ok djm@ --- ChangeLog | 6 +++++- ssh.1 | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 12a217f60..d187f2aa0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - jmc@cvs.openbsd.org 2005/11/30 11:18:27 [ssh.1] timezone -> time zone + - jmc@cvs.openbsd.org 2005/11/30 11:45:20 + [ssh.1] + avoid ambiguities in describing TZ; + ok djm@ 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3395,4 +3399,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4017 2005/12/13 08:25:21 djm Exp $ +$Id: ChangeLog,v 1.4018 2005/12/13 08:25:43 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 6342d3cdc..dd97a8995 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.213 2005/11/30 11:18:27 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.214 2005/11/30 11:45:20 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -975,7 +975,7 @@ with the current shell or command. If the current session has no tty, this variable is not set. .It Ev TZ -The time zone variable is set to indicate the present time zone if it +This variable is set to indicate the present time zone if it was set when the daemon was started (i.e., the daemon passes the value on to new connections). .It Ev USER -- cgit v1.2.3 From d27b947178df3689bfb7fdfb62a5f1337ef73481 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:29:02 +1100 Subject: - reyk@cvs.openbsd.org 2005/12/06 22:38:28 [auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others --- ChangeLog | 17 ++++++++++++++++- auth-options.c | 41 ++++++++++++++++++++++++++++++++++++++++- auth-options.h | 3 ++- channels.c | 42 ++++++++++++++++++++++++++++++++++++++++-- channels.h | 4 +++- clientloop.c | 11 ++++++++++- misc.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- misc.h | 4 +++- readconf.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--- readconf.h | 10 +++++++++- scp.c | 3 ++- servconf.c | 12 ++++++++++-- servconf.h | 5 ++++- serverloop.c | 34 +++++++++++++++++++++++++++++++++- sftp.c | 3 ++- ssh.1 | 20 +++++++++++++++++++- ssh.c | 39 ++++++++++++++++++++++++++++++++++++--- ssh_config | 5 ++++- ssh_config.5 | 38 +++++++++++++++++++++++++++++++++++++- sshconnect.c | 38 +++++++++++++++++++++++++++++++++++++- sshconnect.h | 4 ++-- sshd.8 | 10 +++++++++- sshd_config | 3 ++- sshd_config.5 | 8 +++++++- 24 files changed, 433 insertions(+), 31 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d187f2aa0..96ed9a05d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,21 @@ [ssh.1] avoid ambiguities in describing TZ; ok djm@ + - reyk@cvs.openbsd.org 2005/12/06 22:38:28 + [auth-options.c auth-options.h channels.c channels.h clientloop.c] + [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] + [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] + [sshconnect.h sshd.8 sshd_config sshd_config.5] + Add support for tun(4) forwarding over OpenSSH, based on an idea and + initial channel code bits by markus@. This is a simple and easy way to + use OpenSSH for ad hoc virtual private network connections, e.g. + administrative tunnels or secure wireless access. It's based on a new + ssh channel and works similar to the existing TCP forwarding support, + except that it depends on the tun(4) network interface on both ends of + the connection for layer 2 or layer 3 tunneling. This diff also adds + support for LocalCommand in the ssh(1) client. + + ok djm@, markus@, jmc@ (manpages), tested and discussed with others 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3399,4 +3414,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4018 2005/12/13 08:25:43 djm Exp $ +$Id: ChangeLog,v 1.4019 2005/12/13 08:29:02 djm Exp $ diff --git a/auth-options.c b/auth-options.c index a85e40835..54798d9ad 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "match.h" @@ -35,6 +35,9 @@ char *forced_command = NULL; /* "environment=" options. */ struct envstring *custom_environment = NULL; +/* "tunnel=" option. */ +int forced_tun_device = -1; + extern ServerOptions options; void @@ -54,6 +57,7 @@ auth_clear_options(void) xfree(forced_command); forced_command = NULL; } + forced_tun_device = -1; channel_clear_permitted_opens(); auth_debug_reset(); } @@ -269,6 +273,41 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(patterns); goto next_option; } + cp = "tunnel=\""; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + char *tun = NULL; + opts += strlen(cp); + tun = xmalloc(strlen(opts) + 1); + i = 0; + while (*opts) { + if (*opts == '"') + break; + tun[i++] = *opts++; + } + if (!*opts) { + debug("%.100s, line %lu: missing end quote", + file, linenum); + auth_debug_add("%.100s, line %lu: missing end quote", + file, linenum); + xfree(tun); + forced_tun_device = -1; + goto bad_option; + } + tun[i] = 0; + forced_tun_device = a2tun(tun, NULL); + xfree(tun); + if (forced_tun_device < -1) { + debug("%.100s, line %lu: invalid tun device", + file, linenum); + auth_debug_add("%.100s, line %lu: invalid tun device", + file, linenum); + forced_tun_device = -1; + goto bad_option; + } + auth_debug_add("Forced tun device: %d", forced_tun_device); + opts++; + goto next_option; + } next_option: /* * Skip the comma, and move to the next option diff --git a/auth-options.h b/auth-options.h index 15fb21255..3cd02a71f 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */ +/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -28,6 +28,7 @@ extern int no_x11_forwarding_flag; extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; +extern int forced_tun_device; int auth_parse_options(struct passwd *, char *, char *, u_long); void auth_clear_options(void); diff --git a/channels.c b/channels.c index 9607717cc..b4fd89f96 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.227 2005/10/14 02:29:37 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.228 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1414,6 +1414,8 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) debug2("channel %d: filter stops", c->self); chan_read_failed(c); } + } else if (c->datagram) { + buffer_put_string(&c->input, buf, len); } else { buffer_append(&c->input, buf, len); } @@ -1432,6 +1434,23 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) if (c->wfd != -1 && FD_ISSET(c->wfd, writeset) && buffer_len(&c->output) > 0) { + if (c->datagram) { + data = buffer_get_string(&c->output, &dlen); + /* ignore truncated writes, datagrams might get lost */ + c->local_consumed += dlen + 4; + len = write(c->wfd, data, dlen); + xfree(data); + if (len < 0 && (errno == EINTR || errno == EAGAIN)) + return 1; + if (len <= 0) { + if (c->type != SSH_CHANNEL_OPEN) + chan_mark_dead(c); + else + chan_write_failed(c); + return -1; + } + return 1; + } data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); #ifdef _AIX @@ -1792,6 +1811,22 @@ channel_output_poll(void) if ((c->istate == CHAN_INPUT_OPEN || c->istate == CHAN_INPUT_WAIT_DRAIN) && (len = buffer_len(&c->input)) > 0) { + if (c->datagram) { + if (len > 0) { + u_char *data; + u_int dlen; + + data = buffer_get_string(&c->input, + &dlen); + packet_start(SSH2_MSG_CHANNEL_DATA); + packet_put_int(c->remote_id); + packet_put_string(data, dlen); + packet_send(); + c->remote_window -= dlen + 4; + xfree(data); + } + continue; + } /* * Send some data for the other side over the secure * connection. @@ -1914,7 +1949,10 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) c->local_window -= data_len; } packet_check_eom(); - buffer_append(&c->output, data, data_len); + if (c->datagram) + buffer_put_string(&c->output, data, data_len); + else + buffer_append(&c->output, data, data_len); xfree(data); } diff --git a/channels.h b/channels.h index 7e1cc7c5a..743a2065e 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.80 2005/10/10 10:23:08 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.81 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -112,6 +112,8 @@ struct Channel { /* filter */ channel_filter_fn *input_filter; + + int datagram; /* keep boundaries */ }; #define CHAN_EXTENDED_IGNORE 0 diff --git a/clientloop.c b/clientloop.c index 001c8f119..a97734c3f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.145 2005/10/30 08:52:17 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.146 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -914,6 +914,15 @@ process_cmdline(void) logit(" -Lport:host:hostport Request local forward"); logit(" -Rport:host:hostport Request remote forward"); logit(" -KRhostport Cancel remote forward"); + if (!options.permit_local_command) + goto out; + logit(" !args Execute local command"); + goto out; + } + + if (*s == '!' && options.permit_local_command) { + s++; + ssh_local_cmd(s); goto out; } diff --git a/misc.c b/misc.c index 27b947f0c..9b23e2c37 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.36 2005/12/06 22:38:27 reyk Exp $"); #include "misc.h" #include "log.h" @@ -194,6 +194,37 @@ a2port(const char *s) return port; } +int +a2tun(const char *s, int *remote) +{ + const char *errstr = NULL; + char *sp, *ep; + int tun; + + if (remote != NULL) { + *remote = -1; + sp = xstrdup(s); + if ((ep = strchr(sp, ':')) == NULL) { + xfree(sp); + return (a2tun(s, NULL)); + } + ep[0] = '\0'; ep++; + *remote = a2tun(ep, NULL); + tun = a2tun(sp, NULL); + xfree(sp); + return (tun); + } + + if (strcasecmp(s, "any") == 0) + return (-1); + + tun = strtonum(s, 0, INT_MAX, &errstr); + if (errstr != NULL || tun < -1) + return (-2); + + return (tun); +} + #define SECONDS 1 #define MINUTES (SECONDS * 60) #define HOURS (MINUTES * 60) @@ -507,6 +538,31 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +int +tun_open(int tun) +{ + char name[100]; + int i, fd; + + if (tun > -1) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) { + debug("%s: %s: %d", __func__, name, fd); + return (fd); + } + } else { + for (i = 100; i >= 0; i--) { + snprintf(name, sizeof(name), "/dev/tun%d", i); + if ((fd = open(name, O_RDWR)) >= 0) { + debug("%s: %s: %d", __func__, name, fd); + return (fd); + } + } + } + debug("%s: %s failed: %s", __func__, name, strerror(errno)); + return (-1); +} + void sanitise_stdfd(void) { diff --git a/misc.h b/misc.h index 51541336c..ff2ba1b5a 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.27 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -20,6 +20,7 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); +int a2tun(const char *, int *); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); @@ -49,3 +50,4 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); +int tun_open(int); diff --git a/readconf.c b/readconf.c index cf27a9f41..b6aad9d8d 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.144 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -70,6 +70,10 @@ RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $"); Cipher none PasswordAuthentication no + Host vpn.fake.com + Tunnel yes + TunnelDevice 3 + # Defaults for various options Host * ForwardAgent no @@ -107,6 +111,7 @@ typedef enum { oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oDeprecated, oUnsupported } OpCodes; @@ -198,6 +203,10 @@ static struct { { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, { "hashknownhosts", oHashKnownHosts }, + { "tunnel", oTunnel }, + { "tunneldevice", oTunnelDevice }, + { "localcommand", oLocalCommand }, + { "permitlocalcommand", oPermitLocalCommand }, { NULL, oBadOption } }; @@ -264,6 +273,7 @@ clear_forwardings(Options *options) xfree(options->remote_forwards[i].connect_host); } options->num_remote_forwards = 0; + options->tun_open = 0; } /* @@ -296,7 +306,7 @@ process_config_line(Options *options, const char *host, int *activep) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value; + int opcode, *intptr, value, value2; size_t len; Forward fwd; @@ -553,9 +563,10 @@ parse_string: goto parse_string; case oProxyCommand: + charptr = &options->proxy_command; +parse_command: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, linenum); - charptr = &options->proxy_command; len = strspn(s, WHITESPACE "="); if (*activep && *charptr == NULL) *charptr = xstrdup(s + len); @@ -822,6 +833,31 @@ parse_int: intptr = &options->hash_known_hosts; goto parse_flag; + case oTunnel: + intptr = &options->tun_open; + goto parse_flag; + + case oTunnelDevice: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, linenum); + value = a2tun(arg, &value2); + if (value < -1) + fatal("%.200s line %d: Bad tun device.", filename, linenum); + if (*activep) { + options->tun_local = value; + options->tun_remote = value2; + } + break; + + case oLocalCommand: + charptr = &options->local_command; + goto parse_command; + + case oPermitLocalCommand: + intptr = &options->permit_local_command; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -966,6 +1002,11 @@ initialize_options(Options * options) options->control_path = NULL; options->control_master = -1; options->hash_known_hosts = -1; + options->tun_open = -1; + options->tun_local = -1; + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; } /* @@ -1090,6 +1131,11 @@ fill_default_options(Options * options) options->control_master = 0; if (options->hash_known_hosts == -1) options->hash_known_hosts = 0; + if (options->tun_open == -1) + options->tun_open = 0; + if (options->permit_local_command == -1) + options->permit_local_command = 0; + /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index 2b9deb9db..4565b2c2c 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.68 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -114,6 +114,14 @@ typedef struct { int control_master; int hash_known_hosts; + + int tun_open; /* tun(4) */ + int tun_local; /* force tun device (optional) */ + int tun_remote; /* force tun device (optional) */ + + char *local_command; + int permit_local_command; + } Options; #define SSHCTL_MASTER_NO 0 diff --git a/scp.c b/scp.c index a19021f85..5dced6ce4 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.127 2005/11/12 18:38:15 deraadt Exp $"); +RCSID("$OpenBSD: scp.c,v 1.128 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -231,6 +231,7 @@ main(int argc, char **argv) addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-x"); addargs(&args, "-oForwardAgent no"); + addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; diff --git a/servconf.c b/servconf.c index 9e420a527..91a0ced29 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.145 2005/12/06 22:38:27 reyk Exp $"); #include "ssh.h" #include "log.h" @@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options) options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; options->num_accept_env = 0; + options->permit_tun = -1; /* Needs to be accessable in many places */ use_privsep = -1; @@ -229,6 +230,8 @@ fill_default_server_options(ServerOptions *options) } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->permit_tun == -1) + options->permit_tun = 0; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -270,7 +273,7 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -373,6 +376,7 @@ static struct { { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, { "acceptenv", sAcceptEnv }, + { "permittunnel", sPermitTunnel }, { NULL, sBadOption } }; @@ -962,6 +966,10 @@ parse_flag: } break; + case sPermitTunnel: + intptr = &options->permit_tun; + goto parse_flag; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); diff --git a/servconf.h b/servconf.h index f7e56d521..ab82c8f57 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.72 2005/12/06 22:38:27 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -133,7 +133,10 @@ typedef struct { char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; + int use_pam; /* Enable auth via PAM */ + + int permit_tun; } ServerOptions; void initialize_server_options(ServerOptions *); diff --git a/serverloop.c b/serverloop.c index 03376bacf..199f7696d 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.121 2005/10/31 11:48:29 djm Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -913,6 +913,36 @@ server_request_direct_tcpip(void) return c; } +static Channel * +server_request_tun(void) +{ + Channel *c = NULL; + int sock, tun; + + if (!options.permit_tun) { + packet_send_debug("Server has disabled tunnel device forwarding."); + return NULL; + } + + tun = packet_get_int(); + if (forced_tun_device != -1) { + if (tun != -1 && forced_tun_device != tun) + goto done; + tun = forced_tun_device; + } + sock = tun_open(tun); + if (sock < 0) + goto done; + c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + c->datagram = 1; + + done: + if (c == NULL) + packet_send_debug("Failed to open the tunnel device."); + return c; +} + static Channel * server_request_session(void) { @@ -958,6 +988,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { c = server_request_direct_tcpip(); + } else if (strcmp(ctype, "tun@openssh.com") == 0) { + c = server_request_tun(); } if (c != NULL) { debug("server_input_channel_open: confirm %s", ctype); diff --git a/sftp.c b/sftp.c index ff3223ad2..24f6dc538 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.68 2005/10/31 06:15:04 dtucker Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.69 2005/12/06 22:38:27 reyk Exp $"); #ifdef USE_LIBEDIT #include @@ -1457,6 +1457,7 @@ main(int argc, char **argv) addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); + addargs(&args, "-oPermitLocalCommand no"); addargs(&args, "-oClearAllForwardings yes"); ll = SYSLOG_LEVEL_INFO; diff --git a/ssh.1 b/ssh.1 index dd97a8995..8a55c2f64 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.214 2005/11/30 11:45:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.215 2005/12/06 22:38:27 reyk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -77,6 +77,7 @@ .Sm on .Oc .Op Fl S Ar ctl_path +.Op Fl w Ar tunnel : tunnel .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Sh DESCRIPTION @@ -301,6 +302,12 @@ options (see below). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . +The +.Ic ! Ar command +allows the user to execute a local command if the +.Ic PermitLocalCommand +option is enabled in +.Xr ssh_config 5 . Basic help is available, using the .Fl h option. @@ -747,12 +754,14 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It KbdInteractiveDevices +.It LocalCommand .It LocalForward .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost .It NumberOfPasswordPrompts .It PasswordAuthentication +.It PermitLocalCommand .It Port .It PreferredAuthentications .It Protocol @@ -767,6 +776,8 @@ For full details of the options listed below, and their possible values, see .It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive +.It Tunnel +.It TunnelDevice .It UsePrivilegedPort .It User .It UserKnownHostsFile @@ -866,6 +877,13 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. +.It Fl w +Requests a +.Xr tun 4 +device on the client and server like the +.Cm Tunnel +directive in +.Xr ssh_config 5 . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. diff --git a/ssh.c b/ssh.c index 2227755cd..8a4a0e4c9 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.254 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.255 2005/12/06 22:38:27 reyk Exp $"); #include #include @@ -162,7 +162,7 @@ usage(void) " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" -" [user@]hostname [command]\n" +" [-w tunnel:tunnel] [user@]hostname [command]\n" ); exit(1); } @@ -244,7 +244,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -340,6 +340,14 @@ again: if (opt == 'V') exit(0); break; + case 'w': + options.tun_open = 1; + options.tun_local = a2tun(optarg, &options.tun_remote); + if (options.tun_local < -1) { + fprintf(stderr, "Bad tun device '%s'\n", optarg); + exit(1); + } + break; case 'q': options.log_level = SYSLOG_LEVEL_QUIET; break; @@ -1059,6 +1067,26 @@ ssh_session2_setup(int id, void *arg) packet_send(); } + if (options.tun_open) { + Channel *c; + int fd; + + debug("Requesting tun."); + if ((fd = tun_open(options.tun_local)) >= 0) { + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); + c->datagram = 1; + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring("tun@openssh.com"); + packet_put_int(c->self); + packet_put_int(c->local_window_max); + packet_put_int(c->local_maxpacket); + packet_put_int(options.tun_remote); + packet_send(); + } + } + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); @@ -1123,6 +1151,11 @@ ssh_session2(void) if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); + /* Execute a local command */ + if (options.local_command != NULL && + options.permit_local_command) + ssh_local_cmd(options.local_command); + /* If requested, let ssh continue in the background. */ if (fork_after_authentication_flag) if (daemon(1, 1) < 0) diff --git a/ssh_config b/ssh_config index f41bee0a2..7bc8762d6 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -37,3 +37,6 @@ # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no diff --git a/ssh_config.5 b/ssh_config.5 index 13cdee88b..d1930baab 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.64 2005/10/30 08:43:47 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.65 2005/12/06 22:38:27 reyk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -556,6 +556,14 @@ The default is Specifies the list of methods to use in keyboard-interactive authentication. Multiple method names must be comma-separated. The default is to use the server specified list. +.It Cm LocalCommand +Specifies a command to execute on the local machine after successfully +connecting to the server. +The command string extends to the end of the line, and is executed with +.Pa /bin/sh . +This directive is ignored unless +.Cm PermitLocalCommand +has been enabled. .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. @@ -628,6 +636,19 @@ The default is .It Cm Port Specifies the port number to connect on the remote host. Default is 22. +.It Cm PermitLocalCommand +Allow local command execution via the +.Ic LocalCommand +option or using the +.Ic ! Ar command +escape sequence in +.Xr ssh 1 . +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm PreferredAuthentications Specifies the order in which the client should try protocol 2 authentication methods. @@ -887,6 +908,21 @@ Note that this option must be set to for .Cm RhostsRSAAuthentication with older servers. +.It Cm Tunnel +Request starting +.Xr tun 4 +device forwarding between the client and the server. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . +.It Cm TunnelDevice +Force a specified +.Xr tun 4 +device on the client. +Without this option, the next available device will be used. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/sshconnect.c b/sshconnect.c index 2245a8af6..64ffec240 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.170 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $"); #include @@ -1034,3 +1034,39 @@ warn_changed_key(Key *host_key) xfree(fp); } + +/* + * Execute a local command + */ +int +ssh_local_cmd(const char *args) +{ + char *shell; + pid_t pid; + int status; + + if (!options.permit_local_command || + args == NULL || !*args) + return (1); + + if ((shell = getenv("SHELL")) == NULL) + shell = _PATH_BSHELL; + + pid = fork(); + if (pid == 0) { + debug3("Executing %s -c \"%s\"", shell, args); + execl(shell, shell, "-c", args, (char *)NULL); + error("Couldn't execute %s -c \"%s\": %s", + shell, args, strerror(errno)); + _exit(1); + } else if (pid == -1) + fatal("fork failed: %.100s", strerror(errno)); + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("Couldn't wait for child: %s", strerror(errno)); + + if (!WIFEXITED(status)) + return (1); + + return (WEXITSTATUS(status)); +} diff --git a/sshconnect.h b/sshconnect.h index 0be30fe69..e7c7a2b34 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.18 2005/12/06 22:38:28 reyk Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -49,7 +49,7 @@ void ssh_userauth1(const char *, const char *, char *, Sensitive *); void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); - +int ssh_local_cmd(const char *); /* * Macros to raise/lower permissions. diff --git a/sshd.8 b/sshd.8 index c610f47b8..53eddcdfb 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.209 2005/12/06 22:38:28 reyk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -518,6 +518,12 @@ Multiple options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. +.It Cm tunnel="n" +Force a +.Xr tun 4 +device on the server. +Without this option, the next available device will be used if +the client requests a tunnel. .El .Ss Examples 1024 33 12121...312314325 ylo@foo.bar @@ -527,6 +533,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 +.Pp +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts diff --git a/sshd_config b/sshd_config index 1440c05ff..4957dd1a6 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $ +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -96,6 +96,7 @@ #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 +#PermitTunnel no # no default banner path #Banner /some/path diff --git a/sshd_config.5 b/sshd_config.5 index 45c1c0131..3835fcd62 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.45 2005/09/21 23:36:54 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.46 2005/12/06 22:38:28 reyk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -502,6 +502,12 @@ All other authentication methods are disabled for root. If this option is set to .Dq no root is not allowed to log in. +.It Cm PermitTunnel +Specifies whether +.Xr tun 4 +device forwarding is allowed. +The default is +.Dq no . .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment -- cgit v1.2.3 From aeb31d6120681f42ad1b91adc5352159a6a5d345 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:29:36 +1100 Subject: - djm@cvs.openbsd.org 2005/12/07 03:52:22 [clientloop.c] reyk forgot to compile with -Werror (missing header) --- ChangeLog | 5 ++++- clientloop.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 96ed9a05d..337f70086 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others + - djm@cvs.openbsd.org 2005/12/07 03:52:22 + [clientloop.c] + reyk forgot to compile with -Werror (missing header) 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3414,4 +3417,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4019 2005/12/13 08:29:02 djm Exp $ +$Id: ChangeLog,v 1.4020 2005/12/13 08:29:36 djm Exp $ diff --git a/clientloop.c b/clientloop.c index a97734c3f..04f2d11be 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.146 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.147 2005/12/07 03:52:22 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -77,6 +77,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.146 2005/12/06 22:38:27 reyk Exp $"); #include "log.h" #include "readconf.h" #include "clientloop.h" +#include "sshconnect.h" #include "authfd.h" #include "atomicio.h" #include "sshpty.h" -- cgit v1.2.3 From f0c8c15322fcb26911f9552e696810c3639f7341 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:29:58 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/07 10:52:13 [ssh.1] - avoid line split in SYNOPSIS - add args to -w - kill trailing whitespace --- ChangeLog | 8 ++++++-- ssh.1 | 10 ++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 337f70086..dd191651f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,11 +20,15 @@ except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. - ok djm@, markus@, jmc@ (manpages), tested and discussed with others - djm@cvs.openbsd.org 2005/12/07 03:52:22 [clientloop.c] reyk forgot to compile with -Werror (missing header) + - jmc@cvs.openbsd.org 2005/12/07 10:52:13 + [ssh.1] + - avoid line split in SYNOPSIS + - add args to -w + - kill trailing whitespace 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3417,4 +3421,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4020 2005/12/13 08:29:36 djm Exp $ +$Id: ChangeLog,v 1.4021 2005/12/13 08:30:05 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 8a55c2f64..246142319 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.215 2005/12/06 22:38:27 reyk Exp $ +.\" $OpenBSD: ssh.1,v 1.216 2005/12/07 10:52:13 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -77,9 +77,11 @@ .Sm on .Oc .Op Fl S Ar ctl_path -.Op Fl w Ar tunnel : tunnel +.Bk -words +.Op Fl w Ar tunnel : Ns Ar tunnel .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -302,7 +304,7 @@ options (see below). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . -The +The .Ic ! Ar command allows the user to execute a local command if the .Ic PermitLocalCommand @@ -877,7 +879,7 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl w +.It Fl w Ar tunnel : Ns Ar tunnel Requests a .Xr tun 4 device on the client and server like the -- cgit v1.2.3 From 4b2319fb85203fa07a90c9b36560a77080feb2ad Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:30:27 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/08 14:59:44 [ssh.1 ssh_config.5] make `!command' a little clearer; ok reyk --- ChangeLog | 6 +++++- ssh.1 | 5 ++--- ssh_config.5 | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index dd191651f..35b1b7b38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,10 @@ - avoid line split in SYNOPSIS - add args to -w - kill trailing whitespace + - jmc@cvs.openbsd.org 2005/12/08 14:59:44 + [ssh.1 ssh_config.5] + make `!command' a little clearer; + ok reyk 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3421,4 +3425,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4021 2005/12/13 08:30:05 djm Exp $ +$Id: ChangeLog,v 1.4022 2005/12/13 08:30:27 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 246142319..9f89b9730 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.216 2005/12/07 10:52:13 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.217 2005/12/08 14:59:44 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -304,8 +304,7 @@ options (see below). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . -The -.Ic ! Ar command +.Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand option is enabled in diff --git a/ssh_config.5 b/ssh_config.5 index d1930baab..440a6d71d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.65 2005/12/06 22:38:27 reyk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.66 2005/12/08 14:59:44 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -640,7 +640,7 @@ Default is 22. Allow local command execution via the .Ic LocalCommand option or using the -.Ic ! Ar command +.Ic !\& Ns Ar command escape sequence in .Xr ssh 1 . The argument must be -- cgit v1.2.3 From 957d4e430ed40265cffc483abdc5b0e6a58c69ed Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:30:45 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/08 15:06:29 [ssh_config.5] keep options in order; --- ChangeLog | 5 ++++- ssh_config.5 | 60 ++++++++++++++++++++++++++++++------------------------------ 2 files changed, 34 insertions(+), 31 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 35b1b7b38..c71d8531d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,9 @@ [ssh.1 ssh_config.5] make `!command' a little clearer; ok reyk + - jmc@cvs.openbsd.org 2005/12/08 15:06:29 + [ssh_config.5] + keep options in order; 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3425,4 +3428,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4022 2005/12/13 08:30:27 djm Exp $ +$Id: ChangeLog,v 1.4023 2005/12/13 08:30:45 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 440a6d71d..281b4046b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.66 2005/12/08 14:59:44 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.67 2005/12/08 15:06:29 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -517,23 +517,6 @@ Default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in .Cm HostName specifications). -.It Cm IdentityFile -Specifies a file from which the user's RSA or DSA authentication identity -is read. -The default is -.Pa ~/.ssh/identity -for protocol version 1, and -.Pa ~/.ssh/id_rsa -and -.Pa ~/.ssh/id_dsa -for protocol version 2. -Additionally, any identities represented by the authentication agent -will be used for authentication. -The file name may use the tilde -syntax to refer to a user's home directory. -It is possible to have -multiple identity files specified in configuration files; all these -identities will be tried in sequence. .It Cm IdentitiesOnly Specifies that .Nm ssh @@ -552,6 +535,23 @@ This option is intented for situations where offers many different identities. The default is .Dq no . +.It Cm IdentityFile +Specifies a file from which the user's RSA or DSA authentication identity +is read. +The default is +.Pa ~/.ssh/identity +for protocol version 1, and +.Pa ~/.ssh/id_rsa +and +.Pa ~/.ssh/id_dsa +for protocol version 2. +Additionally, any identities represented by the authentication agent +will be used for authentication. +The file name may use the tilde +syntax to refer to a user's home directory. +It is possible to have +multiple identity files specified in configuration files; all these +identities will be tried in sequence. .It Cm KbdInteractiveDevices Specifies the list of methods to use in keyboard-interactive authentication. Multiple method names must be comma-separated. @@ -633,9 +633,6 @@ or .Dq no . The default is .Dq yes . -.It Cm Port -Specifies the port number to connect on the remote host. -Default is 22. .It Cm PermitLocalCommand Allow local command execution via the .Ic LocalCommand @@ -649,6 +646,9 @@ or .Dq no . The default is .Dq no . +.It Cm Port +Specifies the port number to connect on the remote host. +Default is 22. .It Cm PreferredAuthentications Specifies the order in which the client should try protocol 2 authentication methods. @@ -796,15 +796,6 @@ across multiple .Cm SendEnv directives. The default is not to send any environment variables. -.It Cm ServerAliveInterval -Sets a timeout interval in seconds after which if no data has been received -from the server, -.Nm ssh -will send a message through the encrypted -channel to request a response from the server. -The default -is 0, indicating that these messages will not be sent to the server. -This option applies to protocol version 2 only. .It Cm ServerAliveCountMax Sets the number of server alive messages (see above) which may be sent without @@ -832,6 +823,15 @@ If, for example, .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive ssh will disconnect after approximately 45 seconds. +.It Cm ServerAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the server, +.Nm ssh +will send a message through the encrypted +channel to request a response from the server. +The default +is 0, indicating that these messages will not be sent to the server. +This option applies to protocol version 2 only. .It Cm SmartcardDevice Specifies which smartcard device to use. The argument to this keyword is the device -- cgit v1.2.3 From 7b58e800364870d05630514945687d2f26e3c065 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:33:19 +1100 Subject: - reyk@cvs.openbsd.org 2005/12/08 18:34:11 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@ --- ChangeLog | 14 ++++++++++- auth-options.c | 4 ++-- configure.ac | 3 ++- includes.h | 5 +++- misc.c | 75 ++++++++++++++++++++++++++++++++++++++++++---------------- misc.h | 16 +++++++++++-- readconf.c | 32 +++++++++++++++++++++---- servconf.c | 24 ++++++++++++++++--- serverloop.c | 25 ++++++++++++++------ ssh.c | 13 ++++++---- ssh_config.5 | 10 +++++--- sshd_config.5 | 8 ++++++- 12 files changed, 177 insertions(+), 52 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c71d8531d..508745b89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,18 @@ - jmc@cvs.openbsd.org 2005/12/08 15:06:29 [ssh_config.5] keep options in order; + - reyk@cvs.openbsd.org 2005/12/08 18:34:11 + [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] + [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] + two changes to the new ssh tunnel support. this breaks compatibility + with the initial commit but is required for a portable approach. + - make the tunnel id u_int and platform friendly, use predefined types. + - support configuration of layer 2 (ethernet) or layer 3 + (point-to-point, default) modes. configuration is done using the + Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and + restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option + in sshd_config(5). + ok djm@, man page bits by jmc@ 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3428,4 +3440,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4023 2005/12/13 08:30:45 djm Exp $ +$Id: ChangeLog,v 1.4024 2005/12/13 08:33:19 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 54798d9ad..ad97e6129 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "match.h" @@ -296,7 +296,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) tun[i] = 0; forced_tun_device = a2tun(tun, NULL); xfree(tun); - if (forced_tun_device < -1) { + if (forced_tun_device == SSH_TUNID_ERR) { debug("%.100s, line %lu: invalid tun device", file, linenum); auth_debug_add("%.100s, line %lu: invalid tun device", diff --git a/configure.ac b/configure.ac index 0afb48716..b24d37178 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.312 2005/11/29 02:40:34 tim Exp $ +# $Id: configure.ac,v 1.313 2005/12/13 08:33:20 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -654,6 +654,7 @@ AC_CHECK_HEADERS( \ login_cap.h \ maillock.h \ ndir.h \ + net/if.h \ netdb.h \ netgroup.h \ netinet/in_systm.h \ diff --git a/includes.h b/includes.h index 12d948b6f..cf2d6c699 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.20 2005/11/15 11:59:54 millert Exp $ */ +/* $OpenBSD: includes.h,v 1.21 2005/12/08 18:34:11 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -148,6 +148,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* For IPv6 macros */ #include /* For IPTOS macros */ #include +#ifdef HAVE_NET_IF_H +# include +#endif #include #if defined(HAVE_NETDB_H) # include diff --git a/misc.c b/misc.c index 9b23e2c37..4f41332f9 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.36 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.37 2005/12/08 18:34:11 reyk Exp $"); #include "misc.h" #include "log.h" @@ -202,7 +202,7 @@ a2tun(const char *s, int *remote) int tun; if (remote != NULL) { - *remote = -1; + *remote = SSH_TUNID_ANY; sp = xstrdup(s); if ((ep = strchr(sp, ':')) == NULL) { xfree(sp); @@ -212,15 +212,15 @@ a2tun(const char *s, int *remote) *remote = a2tun(ep, NULL); tun = a2tun(sp, NULL); xfree(sp); - return (tun); + return (*remote == SSH_TUNID_ERR ? *remote : tun); } if (strcasecmp(s, "any") == 0) - return (-1); + return (SSH_TUNID_ANY); - tun = strtonum(s, 0, INT_MAX, &errstr); - if (errstr != NULL || tun < -1) - return (-2); + tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); + if (errstr != NULL) + return (SSH_TUNID_ERR); return (tun); } @@ -539,27 +539,60 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, } int -tun_open(int tun) +tun_open(int tun, int mode) { + struct ifreq ifr; char name[100]; - int i, fd; + int fd = -1, sock; - if (tun > -1) { + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { snprintf(name, sizeof(name), "/dev/tun%d", tun); - if ((fd = open(name, O_RDWR)) >= 0) { - debug("%s: %s: %d", __func__, name, fd); - return (fd); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; } } else { - for (i = 100; i >= 0; i--) { - snprintf(name, sizeof(name), "/dev/tun%d", i); - if ((fd = open(name, O_RDWR)) >= 0) { - debug("%s: %s: %d", __func__, name, fd); - return (fd); - } - } + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, strerror(errno)); + return (-1); + } + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags |= IFF_LINK0; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; } - debug("%s: %s failed: %s", __func__, name, strerror(errno)); + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); return (-1); } diff --git a/misc.h b/misc.h index ff2ba1b5a..415910686 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.27 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: misc.h,v 1.28 2005/12/08 18:34:11 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -50,4 +50,16 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); -int tun_open(int); + +int tun_open(int, int); + +/* Common definitions for ssh tunnel device forwarding */ +#define SSH_TUNMODE_NO 0x00 +#define SSH_TUNMODE_POINTOPOINT 0x01 +#define SSH_TUNMODE_ETHERNET 0x02 +#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT +#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET) + +#define SSH_TUNID_ANY 0x7fffffff +#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1) +#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2) diff --git a/readconf.c b/readconf.c index b6aad9d8d..1fbf59793 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.144 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -273,7 +273,7 @@ clear_forwardings(Options *options) xfree(options->remote_forwards[i].connect_host); } options->num_remote_forwards = 0; - options->tun_open = 0; + options->tun_open = SSH_TUNMODE_NO; } /* @@ -835,14 +835,32 @@ parse_int: case oTunnel: intptr = &options->tun_open; - goto parse_flag; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing yes/point-to-point/" + "ethernet/no argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcasecmp(arg, "ethernet") == 0) + value = SSH_TUNMODE_ETHERNET; + else if (strcasecmp(arg, "point-to-point") == 0) + value = SSH_TUNMODE_POINTOPOINT; + else if (strcasecmp(arg, "yes") == 0) + value = SSH_TUNMODE_DEFAULT; + else if (strcasecmp(arg, "no") == 0) + value = SSH_TUNMODE_NO; + else + fatal("%s line %d: Bad yes/point-to-point/ethernet/" + "no argument: %s", filename, linenum, arg); + if (*activep) + *intptr = value; + break; case oTunnelDevice: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); value = a2tun(arg, &value2); - if (value < -1) + if (value == SSH_TUNID_ERR) fatal("%.200s line %d: Bad tun device.", filename, linenum); if (*activep) { options->tun_local = value; @@ -1132,7 +1150,11 @@ fill_default_options(Options * options) if (options->hash_known_hosts == -1) options->hash_known_hosts = 0; if (options->tun_open == -1) - options->tun_open = 0; + options->tun_open = SSH_TUNMODE_NO; + if (options->tun_local == -1) + options->tun_local = SSH_TUNID_ANY; + if (options->tun_remote == -1) + options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; /* options->local_command should not be set by default */ diff --git a/servconf.c b/servconf.c index 91a0ced29..81953bb80 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.145 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $"); #include "ssh.h" #include "log.h" @@ -231,7 +231,7 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; if (options->permit_tun == -1) - options->permit_tun = 0; + options->permit_tun = SSH_TUNMODE_NO; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -968,7 +968,25 @@ parse_flag: case sPermitTunnel: intptr = &options->permit_tun; - goto parse_flag; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing yes/point-to-point/" + "ethernet/no argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcasecmp(arg, "ethernet") == 0) + value = SSH_TUNMODE_ETHERNET; + else if (strcasecmp(arg, "point-to-point") == 0) + value = SSH_TUNMODE_POINTOPOINT; + else if (strcasecmp(arg, "yes") == 0) + value = SSH_TUNMODE_YES; + else if (strcasecmp(arg, "no") == 0) + value = SSH_TUNMODE_NO; + else + fatal("%s line %d: Bad yes/point-to-point/ethernet/" + "no argument: %s", filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; case sDeprecated: logit("%s line %d: Deprecated option %s", diff --git a/serverloop.c b/serverloop.c index 199f7696d..eff27d9d6 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.122 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.123 2005/12/08 18:34:11 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -917,20 +917,31 @@ static Channel * server_request_tun(void) { Channel *c = NULL; - int sock, tun; + int mode, tun; + int sock; - if (!options.permit_tun) { - packet_send_debug("Server has disabled tunnel device forwarding."); + mode = packet_get_int(); + switch (mode) { + case SSH_TUNMODE_POINTOPOINT: + case SSH_TUNMODE_ETHERNET: + break; + default: + packet_send_debug("Unsupported tunnel device mode."); + return NULL; + } + if ((options.permit_tun & mode) == 0) { + packet_send_debug("Server has rejected tunnel device " + "forwarding"); return NULL; } tun = packet_get_int(); - if (forced_tun_device != -1) { - if (tun != -1 && forced_tun_device != tun) + if (forced_tun_device != SSH_TUNID_ANY) { + if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; } - sock = tun_open(tun); + sock = tun_open(tun, mode); if (sock < 0) goto done; c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, diff --git a/ssh.c b/ssh.c index 8a4a0e4c9..dd627ce2e 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.255 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.256 2005/12/08 18:34:11 reyk Exp $"); #include #include @@ -341,9 +341,10 @@ again: exit(0); break; case 'w': - options.tun_open = 1; + if (options.tun_open == -1) + options.tun_open = SSH_TUNMODE_DEFAULT; options.tun_local = a2tun(optarg, &options.tun_remote); - if (options.tun_local < -1) { + if (options.tun_local == SSH_TUNID_ERR) { fprintf(stderr, "Bad tun device '%s'\n", optarg); exit(1); } @@ -1067,12 +1068,13 @@ ssh_session2_setup(int id, void *arg) packet_send(); } - if (options.tun_open) { + if (options.tun_open != SSH_TUNMODE_NO) { Channel *c; int fd; debug("Requesting tun."); - if ((fd = tun_open(options.tun_local)) >= 0) { + if ((fd = tun_open(options.tun_local, + options.tun_open)) >= 0) { c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); @@ -1082,6 +1084,7 @@ ssh_session2_setup(int id, void *arg) packet_put_int(c->self); packet_put_int(c->local_window_max); packet_put_int(c->local_maxpacket); + packet_put_int(options.tun_open); packet_put_int(options.tun_remote); packet_send(); } diff --git a/ssh_config.5 b/ssh_config.5 index 281b4046b..68061182c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.67 2005/12/08 15:06:29 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.68 2005/12/08 18:34:11 reyk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -911,9 +911,13 @@ with older servers. .It Cm Tunnel Request starting .Xr tun 4 -device forwarding between the client and the server. +device forwarding between the client and the server. This option also +allows requesting layer 2 (ethernet) instead of layer 3 +(point-to-point) tunneling from the server. The argument must be -.Dq yes +.Dq yes , +.Dq point-to-point , +.Dq ethernet or .Dq no . The default is diff --git a/sshd_config.5 b/sshd_config.5 index 3835fcd62..a10b365d3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.46 2005/12/06 22:38:28 reyk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.47 2005/12/08 18:34:11 reyk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -506,6 +506,12 @@ root is not allowed to log in. Specifies whether .Xr tun 4 device forwarding is allowed. +The argument must be +.Dq yes , +.Dq point-to-point , +.Dq ethernet +or +.Dq no . The default is .Dq no . .It Cm PermitUserEnvironment -- cgit v1.2.3 From 7746c391b105dd9b1a348b816ca0150bf701e1e2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:33:37 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/08 21:37:50 [ssh_config.5] new sentence, new line; --- ChangeLog | 5 ++++- ssh_config.5 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 508745b89..b16ff26ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@ + - jmc@cvs.openbsd.org 2005/12/08 21:37:50 + [ssh_config.5] + new sentence, new line; 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3440,4 +3443,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4024 2005/12/13 08:33:19 djm Exp $ +$Id: ChangeLog,v 1.4025 2005/12/13 08:33:37 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 68061182c..50df0d432 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.68 2005/12/08 18:34:11 reyk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.69 2005/12/08 21:37:50 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -911,9 +911,9 @@ with older servers. .It Cm Tunnel Request starting .Xr tun 4 -device forwarding between the client and the server. This option also -allows requesting layer 2 (ethernet) instead of layer 3 -(point-to-point) tunneling from the server. +device forwarding between the client and the server. +This option also allows requesting layer 2 (ethernet) +instead of layer 3 (point-to-point) tunneling from the server. The argument must be .Dq yes , .Dq point-to-point , -- cgit v1.2.3 From d47c62a714c2c3e6a564aa498e3ef0445c9f9ea3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 19:33:57 +1100 Subject: - markus@cvs.openbsd.org 2005/12/12 13:46:18 [channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@ --- ChangeLog | 6 +++++- channels.c | 45 ++++++++++++++++++++++++++++++++++++--------- channels.h | 3 ++- session.c | 4 ++-- 4 files changed, 45 insertions(+), 13 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b16ff26ef..00791e326 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,10 @@ - jmc@cvs.openbsd.org 2005/12/08 21:37:50 [ssh_config.5] new sentence, new line; + - markus@cvs.openbsd.org 2005/12/12 13:46:18 + [channels.c channels.h session.c] + make sure protocol messages for internal channels are ignored. + allow adjust messages for non-open channels; with and ok djm@ 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3443,4 +3447,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4025 2005/12/13 08:33:37 djm Exp $ +$Id: ChangeLog,v 1.4026 2005/12/13 08:33:57 djm Exp $ diff --git a/channels.c b/channels.c index b4fd89f96..e73dc247d 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.228 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.229 2005/12/12 13:46:18 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -142,22 +142,50 @@ static void port_open_helper(Channel *c, char *rtype); /* -- channel core */ Channel * -channel_lookup(int id) +channel_by_id(int id) { Channel *c; if (id < 0 || (u_int)id >= channels_alloc) { - logit("channel_lookup: %d: bad id", id); + logit("channel_by_id: %d: bad id", id); return NULL; } c = channels[id]; if (c == NULL) { - logit("channel_lookup: %d: bad id: channel free", id); + logit("channel_by_id: %d: bad id: channel free", id); return NULL; } return c; } +/* + * Returns the channel if it is allowed to receive protocol messages. + * Private channels, like listening sockets, may not receive messages. + */ +Channel * +channel_lookup(int id) +{ + Channel *c; + + if ((c = channel_by_id(id)) == NULL) + return (NULL); + + switch(c->type) { + case SSH_CHANNEL_X11_OPEN: + case SSH_CHANNEL_LARVAL: + case SSH_CHANNEL_CONNECTING: + case SSH_CHANNEL_DYNAMIC: + case SSH_CHANNEL_OPENING: + case SSH_CHANNEL_OPEN: + case SSH_CHANNEL_INPUT_DRAINING: + case SSH_CHANNEL_OUTPUT_DRAINING: + return (c); + break; + } + logit("Non-public channel %d, type %d.", id, c->type); + return (NULL); +} + /* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd @@ -631,7 +659,7 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx) void channel_register_cleanup(int id, channel_callback_fn *fn, int do_close) { - Channel *c = channel_lookup(id); + Channel *c = channel_by_id(id); if (c == NULL) { logit("channel_register_cleanup: %d: bad id", id); @@ -643,7 +671,7 @@ channel_register_cleanup(int id, channel_callback_fn *fn, int do_close) void channel_cancel_cleanup(int id) { - Channel *c = channel_lookup(id); + Channel *c = channel_by_id(id); if (c == NULL) { logit("channel_cancel_cleanup: %d: bad id", id); @@ -2183,9 +2211,8 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) id = packet_get_int(); c = channel_lookup(id); - if (c == NULL || c->type != SSH_CHANNEL_OPEN) { - logit("Received window adjust for " - "non-open channel %d.", id); + if (c == NULL) { + logit("Received window adjust for non-open channel %d.", id); return; } adjust = packet_get_int(); diff --git a/channels.h b/channels.h index 743a2065e..7990fe147 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.81 2005/12/06 22:38:27 reyk Exp $ */ +/* $OpenBSD: channels.h,v 1.82 2005/12/12 13:46:18 markus Exp $ */ /* * Author: Tatu Ylonen @@ -157,6 +157,7 @@ struct Channel { /* channel management */ +Channel *channel_by_id(int); Channel *channel_lookup(int); Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); void channel_set_fds(int, int, int, int, int, int, u_int); diff --git a/session.c b/session.c index 7863aa15f..8d186dd7d 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.188 2005/10/30 08:52:17 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.189 2005/12/12 13:46:18 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2101,7 +2101,7 @@ session_close_x11(int id) { Channel *c; - if ((c = channel_lookup(id)) == NULL) { + if ((c = channel_by_id(id)) == NULL) { debug("session_close_x11: x11 channel %d missing", id); } else { /* Detach X11 listener */ -- cgit v1.2.3 From 62a31c9fd06506ab976a4dc2050882f29ab24693 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Dec 2005 20:44:13 +1100 Subject: - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable again by providing a sys_tun_open() function for your platform and setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match OpenBSD's tunnel protocol, which prepends the address family to the packet --- ChangeLog | 7 ++++++- configure.ac | 3 ++- misc.c | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 00791e326..e1418db82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,11 @@ [channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@ + - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable + again by providing a sys_tun_open() function for your platform and + setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match + OpenBSD's tunnel protocol, which prepends the address family to the + packet 20051201 - (djm) [envpass.sh] Remove regress script that was accidentally committed @@ -3447,4 +3452,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4026 2005/12/13 08:33:57 djm Exp $ +$Id: ChangeLog,v 1.4027 2005/12/13 09:44:13 djm Exp $ diff --git a/configure.ac b/configure.ac index b24d37178..80daa0c23 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.313 2005/12/13 08:33:20 djm Exp $ +# $Id: configure.ac,v 1.314 2005/12/13 09:44:13 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -359,6 +359,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) + AC_DEFINE(SSH_TUN_BSD, 1, [Open tunnel devices the BSD way]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/misc.c b/misc.c index 4f41332f9..4141e6c48 100644 --- a/misc.c +++ b/misc.c @@ -541,6 +541,9 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, int tun_open(int tun, int mode) { +#if defined(CUSTOM_SYS_TUN_OPEN) + return (sys_tun_open(tun, mode)); +#elif defined(SSH_TUN_BSD) struct ifreq ifr; char name[100]; int fd = -1, sock; @@ -594,6 +597,10 @@ tun_open(int tun, int mode) debug("%s: failed to set %s mode %d: %s", __func__, name, mode, strerror(errno)); return (-1); +#else + error("Tunnel interfaces are not supported on this platform"); + return (-1); +#endif } void -- cgit v1.2.3 From 3154358d66c99636021e7f1b9555064d9cc38e00 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 14 Dec 2005 15:39:20 +1100 Subject: - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 [regress/scp-ssh-wrapper.sh] Fix assumption about how many args scp will pass; ok djm@ --- ChangeLog | 8 +++++++- regress/scp-ssh-wrapper.sh | 9 ++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e1418db82..0eb979374 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051214 + - (dtucker) OpenBSD CVS Sync (regress/) + - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 + [regress/scp-ssh-wrapper.sh] + Fix assumption about how many args scp will pass; ok djm@ + 20051213 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2005/11/30 11:18:27 @@ -3452,4 +3458,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4027 2005/12/13 09:44:13 djm Exp $ +$Id: ChangeLog,v 1.4028 2005/12/14 04:39:20 dtucker Exp $ diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh index 8e4314773..594337d11 100644 --- a/regress/scp-ssh-wrapper.sh +++ b/regress/scp-ssh-wrapper.sh @@ -16,8 +16,11 @@ printname () { done } -# discard first 5 args -shift; shift; shift; shift; shift +# Discard all but last argument. We use arg later. +while test "$1" != ""; do + arg="$1" + shift +done BAD="../../../../../../../../../../../../../${DIR}/dotpathdir" @@ -49,6 +52,6 @@ badserver_4) echo "X" ;; *) - exec $1 + exec $arg ;; esac -- cgit v1.2.3 From 98cfc4ce9d2a6f34b63f1354f3149b501398a160 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Dec 2005 22:04:08 +1100 Subject: - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which scp.c also uses, so undef them here. --- ChangeLog | 6 +++++- defines.h | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0eb979374..ef4f3c398 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20051217 + - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which + scp.c also uses, so undef them here. + 20051214 - (dtucker) OpenBSD CVS Sync (regress/) - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 @@ -3458,4 +3462,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4028 2005/12/14 04:39:20 dtucker Exp $ +$Id: ChangeLog,v 1.4029 2005/12/17 11:04:08 dtucker Exp $ diff --git a/defines.h b/defines.h index 92ebd2697..f25934176 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.129 2005/10/09 01:40:04 dtucker Exp $ */ +/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */ /* Constants */ @@ -715,4 +715,12 @@ struct winsize { # undef HAVE_MMAP #endif +/* some system headers on HP-UX define YES/NO */ +#ifdef YES +# undef YES +#endif +#ifdef NO +# undef NO +#endif + #endif /* _DEFINES_H */ -- cgit v1.2.3 From d40c66cf3f5d7713ea9489778dc450a48984a81d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Dec 2005 22:32:03 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our snprintf replacement can have a conflicting declaration in HP-UX's system headers (const vs. no const) so we now check for and work around it. Patch from the dynamic duo of David Leonard and Ted Percival. --- ChangeLog | 6 +++++- configure.ac | 16 +++++++++++++++- openbsd-compat/bsd-snprintf.c | 4 ++-- 3 files changed, 22 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ef4f3c398..d28bdf5d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20051217 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which scp.c also uses, so undef them here. + - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our + snprintf replacement can have a conflicting declaration in HP-UX's system + headers (const vs. no const) so we now check for and work around it. Patch + from the dynamic duo of David Leonard and Ted Percival. 20051214 - (dtucker) OpenBSD CVS Sync (regress/) @@ -3462,4 +3466,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4029 2005/12/17 11:04:08 dtucker Exp $ +$Id: ChangeLog,v 1.4030 2005/12/17 11:32:03 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 80daa0c23..df85e319f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.314 2005/12/13 09:44:13 djm Exp $ +# $Id: configure.ac,v 1.315 2005/12/17 11:32:03 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1343,6 +1343,20 @@ int main(void) ) fi +# On systems where [v]snprintf is broken, but is declared in stdio, +# check that the fmt argument is const char * or just char *. +# This is only useful for when BROKEN_SNPRINTF +AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include + int snprintf(char *a, size_t b, const char *c, ...) { return 0; } + int main(void) { snprintf(0, 0, 0); } + ]])], + [AC_MSG_RESULT(yes) + AC_DEFINE(SNPRINTF_CONST, [const], + [Define as const if snprintf() can declare const char *fmt])], + [AC_MSG_RESULT(no) + AC_DEFINE(SNPRINTF_CONST, [/* not const */])]) + # Check for missing getpeereid (or equiv) support NO_PEERCHECK="" if test "x$ac_cv_func_getpeereid" != "xyes" ; then diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index ca275abdf..e4ba154fd 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -89,7 +89,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.10 2005/11/24 08:58:21 djm Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.11 2005/12/17 11:32:04 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -788,7 +788,7 @@ int vsnprintf (char *str, size_t count, const char *fmt, va_list args) #endif #if !defined(HAVE_SNPRINTF) -int snprintf(char *str,size_t count,const char *fmt,...) +int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...) { size_t ret; va_list ap; -- cgit v1.2.3 From 129d0bb6a65dcd9639e841cc3fd2ef3490420d7b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Dec 2005 17:40:40 +1100 Subject: - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac openbsd-compat/openssl-compat.h] Check for and work around broken AES ciphers >128bit on (some) Solaris 10 systems. ok djm@ --- ChangeLog | 7 ++++++- cipher-aes.c | 12 ++++++------ cipher-ctr.c | 7 +++---- cipher.c | 4 ++-- configure.ac | 20 +++++++++++++++++++- openbsd-compat/openssl-compat.h | 8 ++++++-- 6 files changed, 42 insertions(+), 16 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d28bdf5d6..a8074f04a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20051219 + - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac + openbsd-compat/openssl-compat.h] Check for and work around broken AES + ciphers >128bit on (some) Solaris 10 systems. ok djm@ + 20051217 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which scp.c also uses, so undef them here. @@ -3466,4 +3471,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4030 2005/12/17 11:32:03 dtucker Exp $ +$Id: ChangeLog,v 1.4031 2005/12/19 06:40:40 dtucker Exp $ diff --git a/cipher-aes.c b/cipher-aes.c index 22d500d42..228ddb104 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -23,7 +23,11 @@ */ #include "includes.h" -#if OPENSSL_VERSION_NUMBER < 0x00907000L + +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" + +#ifdef USE_BUILTIN_RIJNDAEL RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $"); #include @@ -31,10 +35,6 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $"); #include "xmalloc.h" #include "log.h" -#if OPENSSL_VERSION_NUMBER < 0x00906000L -#define SSH_OLD_EVP -#endif - #define RIJNDAEL_BLOCKSIZE 16 struct ssh_rijndael_ctx { @@ -157,4 +157,4 @@ evp_rijndael(void) #endif return (&rijndal_cbc); } -#endif /* OPENSSL_VERSION_NUMBER */ +#endif /* USE_BUILTIN_RIJNDAEL */ diff --git a/cipher-ctr.c b/cipher-ctr.c index 856177349..8a98f3c42 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -21,11 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $"); #include "log.h" #include "xmalloc.h" -#if OPENSSL_VERSION_NUMBER < 0x00906000L -#define SSH_OLD_EVP -#endif +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#ifdef USE_BUILTIN_RIJNDAEL #include "rijndael.h" #define AES_KEY rijndael_ctx #define AES_BLOCK_SIZE 16 diff --git a/cipher.c b/cipher.c index 0dddf270a..1434d5524 100644 --- a/cipher.c +++ b/cipher.c @@ -334,7 +334,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#ifdef USE_BUILTIN_RIJNDAEL if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else @@ -365,7 +365,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return; -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#ifdef USE_BUILTIN_RIJNDAEL if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else diff --git a/configure.ac b/configure.ac index df85e319f..9325c4364 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.315 2005/12/17 11:32:03 dtucker Exp $ +# $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1803,6 +1803,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +# Check for OpenSSL without EVP_aes_{192,256}_cbc +AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) +AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)} + ]])], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1, + [libcrypto is missing AES 192 and 256 bit functions]) + ] +) + # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, # because the system crypt() is more featureful. if test "x$check_for_libcrypt_before" = "x1"; then diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 4988485f1..8a015ec43 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.2 2005/11/20 03:10:00 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -24,7 +24,11 @@ # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) +# define USE_BUILTIN_RIJNDAEL +#endif + +#ifdef USE_BUILTIN_RIJNDAEL # define EVP_aes_128_cbc evp_rijndael # define EVP_aes_192_cbc evp_rijndael # define EVP_aes_256_cbc evp_rijndael -- cgit v1.2.3 From 0d0e8f0173bd10a8a2325fbb3ef83e04a91abdcc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:08:42 +1100 Subject: - (dtucker) OpenBSD CVS Sync - reyk@cvs.openbsd.org 2005/12/13 15:03:02 [serverloop.c] if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY --- ChangeLog | 8 +++++++- serverloop.c | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a8074f04a..8100e9745 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051220 + - (dtucker) OpenBSD CVS Sync + - reyk@cvs.openbsd.org 2005/12/13 15:03:02 + [serverloop.c] + if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY + 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac openbsd-compat/openssl-compat.h] Check for and work around broken AES @@ -3471,4 +3477,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4031 2005/12/19 06:40:40 dtucker Exp $ +$Id: ChangeLog,v 1.4032 2005/12/20 05:08:42 dtucker Exp $ diff --git a/serverloop.c b/serverloop.c index eff27d9d6..a575ce0d1 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.123 2005/12/08 18:34:11 reyk Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $"); #include "xmalloc.h" #include "packet.h" @@ -936,7 +936,7 @@ server_request_tun(void) } tun = packet_get_int(); - if (forced_tun_device != SSH_TUNID_ANY) { + if (forced_tun_device != -1) { if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; -- cgit v1.2.3 From d3877b995ac0e1245c70e520cc986aac99c901be Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:09:36 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/16 18:07:08 [ssh.1] move the option descriptions up the page: start of a restructure; ok markus deraadt --- ChangeLog | 6 +- ssh.1 | 908 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 459 insertions(+), 455 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8100e9745..04d851cf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - reyk@cvs.openbsd.org 2005/12/13 15:03:02 [serverloop.c] if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY + - jmc@cvs.openbsd.org 2005/12/16 18:07:08 + [ssh.1] + move the option descriptions up the page: start of a restructure; + ok markus deraadt 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3477,4 +3481,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4032 2005/12/20 05:08:42 dtucker Exp $ +$Id: ChangeLog,v 1.4033 2005/12/20 05:09:36 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 9f89b9730..c50bc1526 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.217 2005/12/08 14:59:44 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.218 2005/12/16 18:07:08 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -107,430 +107,132 @@ If is specified, .Ar command is executed on the remote host instead of a login shell. -.Ss SSH protocol version 1 -The first authentication method is the -.Em rhosts -or -.Em hosts.equiv -method combined with RSA-based host authentication. -If the machine the user logs in from is listed in -.Pa /etc/hosts.equiv -or -.Pa /etc/shosts.equiv -on the remote machine, and the user names are -the same on both sides, or if the files -.Pa ~/.rhosts -or -.Pa ~/.shosts -exist in the user's home directory on the -remote machine and contain a line containing the name of the client -machine and the name of the user on that machine, the user is -considered for log in. -Additionally, if the server can verify the client's -host key (see -.Pa /etc/ssh/ssh_known_hosts -and -.Pa ~/.ssh/known_hosts -in the -.Sx FILES -section), only then is login permitted. -This authentication method closes security holes due to IP -spoofing, DNS spoofing and routing spoofing. -[Note to the administrator: -.Pa /etc/hosts.equiv , -.Pa ~/.rhosts , -and the rlogin/rsh protocol in general, are inherently insecure and should be -disabled if security is desired.] .Pp -As a second authentication method, +The options are as follows: +.Bl -tag -width Ds +.It Fl 1 +Forces .Nm -supports RSA based authentication. -The scheme is based on public-key cryptography: there are cryptosystems -where encryption and decryption are done using separate keys, and it -is not possible to derive the decryption key from the encryption key. -RSA is one such system. -The idea is that each user creates a public/private -key pair for authentication purposes. -The server knows the public key, and only the user knows the private key. -.Pp -The file -.Pa ~/.ssh/authorized_keys -lists the public keys that are permitted for logging in. -When the user logs in, the +to try protocol version 1 only. +.It Fl 2 +Forces .Nm -program tells the server which key pair it would like to use for -authentication. -The server checks if this key is permitted, and if so, -sends the user (actually the +to try protocol version 2 only. +.It Fl 4 +Forces .Nm -program running on behalf of the user) a challenge, a random number, -encrypted by the user's public key. -The challenge can only be decrypted using the proper private key. -The user's client then decrypts the challenge using the private key, -proving that he/she knows the private key -but without disclosing it to the server. -.Pp +to use IPv4 addresses only. +.It Fl 6 +Forces .Nm -implements the RSA authentication protocol automatically. -The user creates his/her RSA key pair by running -.Xr ssh-keygen 1 . -This stores the private key in -.Pa ~/.ssh/identity -and stores the public key in -.Pa ~/.ssh/identity.pub -in the user's home directory. -The user should then copy the -.Pa identity.pub -to -.Pa ~/.ssh/authorized_keys -in his/her home directory on the remote machine (the -.Pa authorized_keys -file corresponds to the conventional -.Pa ~/.rhosts -file, and has one key -per line, though the lines can be very long). -After this, the user can log in without giving the password. +to use IPv6 addresses only. +.It Fl A +Enables forwarding of the authentication agent connection. +This can also be specified on a per-host basis in a configuration file. .Pp -The most convenient way to use RSA authentication may be with an -authentication agent. -See -.Xr ssh-agent 1 -for more information. +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, +however they can perform operations on the keys that enable them to +authenticate using the identities loaded into the agent. +.It Fl a +Disables forwarding of the authentication agent connection. +.It Fl b Ar bind_address +Use +.Ar bind_address +on the local machine as the source address +of the connection. +Only useful on systems with more than one address. +.It Fl C +Requests compression of all data (including stdin, stdout, stderr, and +data for forwarded X11 and TCP/IP connections). +The compression algorithm is the same used by +.Xr gzip 1 , +and the +.Dq level +can be controlled by the +.Cm CompressionLevel +option for protocol version 1. +Compression is desirable on modem lines and other +slow connections, but will only slow down things on fast networks. +The default value can be set on a host-by-host basis in the +configuration files; see the +.Cm Compression +option. +.It Fl c Ar cipher_spec +Selects the cipher specification for encrypting the session. .Pp -If other authentication methods fail, +Protocol version 1 allows specification of a single cipher. +The supported values are +.Dq 3des , +.Dq blowfish +and +.Dq des . +.Ar 3des +(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. +It is believed to be secure. +.Ar blowfish +is a fast block cipher; it appears very secure and is much faster than +.Ar 3des . +.Ar des +is only supported in the .Nm -prompts the user for a password. -The password is sent to the remote -host for checking; however, since all communications are encrypted, -the password cannot be seen by someone listening on the network. -.Ss SSH protocol version 2 -When a user connects using protocol version 2, -similar authentication methods are available. -Using the default values for -.Cm PreferredAuthentications , -the client will try to authenticate first using the hostbased method; -if this method fails, public key authentication is attempted, -and finally if this method fails, keyboard-interactive and -password authentication are tried. -.Pp -The public key method is similar to RSA authentication described -in the previous section and allows the RSA or DSA algorithm to be used: -The client uses his private key, -.Pa ~/.ssh/id_dsa -or -.Pa ~/.ssh/id_rsa , -to sign the session identifier and sends the result to the server. -The server checks whether the matching public key is listed in -.Pa ~/.ssh/authorized_keys -and grants access if both the key is found and the signature is correct. -The session identifier is derived from a shared Diffie-Hellman value -and is only known to the client and the server. -.Pp -If public key authentication fails or is not available, a password -can be sent encrypted to the remote host to prove the user's identity. +client for interoperability with legacy protocol 1 implementations +that do not support the +.Ar 3des +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. +The default is +.Dq 3des . .Pp -Additionally, +For protocol version 2 +.Ar cipher_spec +is a comma-separated list of ciphers +listed in order of preference. +The supported ciphers are +.Dq 3des-cbc , +.Dq aes128-cbc , +.Dq aes192-cbc , +.Dq aes256-cbc , +.Dq aes128-ctr , +.Dq aes192-ctr , +.Dq aes256-ctr , +.Dq arcfour128 , +.Dq arcfour256 , +.Dq arcfour , +.Dq blowfish-cbc , +and +.Dq cast128-cbc . +The default is +.Bd -literal + ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, + arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, + aes192-ctr,aes256-ctr'' +.Ed +.It Fl D Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar port +.Sm on +.Xc +Specifies a local +.Dq dynamic +application-level port forwarding. +This works by allocating a socket to listen to +.Ar port +on the local side, optionally bound to the specified +.Ar bind_address . +Whenever a connection is made to this port, the +connection is forwarded over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. +Currently the SOCKS4 and SOCKS5 protocols are supported, and .Nm -supports hostbased or challenge response authentication. -.Pp -Protocol 2 provides additional mechanisms for confidentiality -(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) -and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). -Note that protocol 1 lacks a strong mechanism for ensuring the -integrity of the connection. -.Ss Login session and remote execution -When the user's identity has been accepted by the server, the server -either executes the given command, or logs into the machine and gives -the user a normal shell on the remote machine. -All communication with -the remote command or shell will be automatically encrypted. -.Pp -If a pseudo-terminal has been allocated (normal login session), the -user may use the escape characters noted below. -.Pp -If no pseudo-tty has been allocated, -the session is transparent and can be used to reliably transfer binary data. -On most systems, setting the escape character to -.Dq none -will also make the session transparent even if a tty is used. -.Pp -The session terminates when the command or shell on the remote -machine exits and all X11 and TCP/IP connections have been closed. -The exit status of the remote program is returned as the exit status of -.Nm ssh . -.Ss Escape Characters -When a pseudo-terminal has been requested, -.Nm -supports a number of functions through the use of an escape character. -.Pp -A single tilde character can be sent as -.Ic ~~ -or by following the tilde by a character other than those described below. -The escape character must always follow a newline to be interpreted as -special. -The escape character can be changed in configuration files using the -.Cm EscapeChar -configuration directive or on the command line by the -.Fl e -option. -.Pp -The supported escapes (assuming the default -.Ql ~ ) -are: -.Bl -tag -width Ds -.It Cm ~. -Disconnect. -.It Cm ~^Z -Background -.Nm ssh . -.It Cm ~# -List forwarded connections. -.It Cm ~& -Background -.Nm -at logout when waiting for forwarded connection / X11 sessions to terminate. -.It Cm ~? -Display a list of escape characters. -.It Cm ~B -Send a BREAK to the remote system -(only useful for SSH protocol version 2 and if the peer supports it). -.It Cm ~C -Open command line. -Currently this allows the addition of port forwardings using the -.Fl L -and -.Fl R -options (see below). -It also allows the cancellation of existing remote port-forwardings -using -.Fl KR Ar hostport . -.Ic !\& Ns Ar command -allows the user to execute a local command if the -.Ic PermitLocalCommand -option is enabled in -.Xr ssh_config 5 . -Basic help is available, using the -.Fl h -option. -.It Cm ~R -Request rekeying of the connection -(only useful for SSH protocol version 2 and if the peer supports it). -.El -.Ss X11 and TCP forwarding -If the -.Cm ForwardX11 -variable is set to -.Dq yes -(or see the description of the -.Fl X -and -.Fl x -options described later) -and the user is using X11 (the -.Ev DISPLAY -environment variable is set), the connection to the X11 display is -automatically forwarded to the remote side in such a way that any X11 -programs started from the shell (or command) will go through the -encrypted channel, and the connection to the real X server will be made -from the local machine. -The user should not manually set -.Ev DISPLAY . -Forwarding of X11 connections can be -configured on the command line or in configuration files. -.Pp -The -.Ev DISPLAY -value set by -.Nm -will point to the server machine, but with a display number greater than zero. -This is normal, and happens because -.Nm -creates a -.Dq proxy -X server on the server machine for forwarding the -connections over the encrypted channel. -.Pp -.Nm -will also automatically set up Xauthority data on the server machine. -For this purpose, it will generate a random authorization cookie, -store it in Xauthority on the server, and verify that any forwarded -connections carry this cookie and replace it by the real cookie when -the connection is opened. -The real authentication cookie is never -sent to the server machine (and no cookies are sent in the plain). -.Pp -If the -.Cm ForwardAgent -variable is set to -.Dq yes -(or see the description of the -.Fl A -and -.Fl a -options described later) and -the user is using an authentication agent, the connection to the agent -is automatically forwarded to the remote side. -.Pp -Forwarding of arbitrary TCP/IP connections over the secure channel can -be specified either on the command line or in a configuration file. -One possible application of TCP/IP forwarding is a secure connection to an -electronic purse; another is going through firewalls. -.Ss Server authentication -.Nm -automatically maintains and checks a database containing -identifications for all hosts it has ever been used with. -Host keys are stored in -.Pa ~/.ssh/known_hosts -in the user's home directory. -Additionally, the file -.Pa /etc/ssh/ssh_known_hosts -is automatically checked for known hosts. -Any new hosts are automatically added to the user's file. -If a host's identification ever changes, -.Nm -warns about this and disables password authentication to prevent a -trojan horse from getting the user's password. -Another purpose of this mechanism is to prevent man-in-the-middle attacks -which could otherwise be used to circumvent the encryption. -The -.Cm StrictHostKeyChecking -option can be used to prevent logins to machines whose -host key is not known or has changed. -.Pp -.Nm -can be configured to verify host identification using fingerprint resource -records (SSHFP) published in DNS. -The -.Cm VerifyHostKeyDNS -option can be used to control how DNS lookups are performed. -SSHFP resource records can be generated using -.Xr ssh-keygen 1 . -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 1 -Forces -.Nm -to try protocol version 1 only. -.It Fl 2 -Forces -.Nm -to try protocol version 2 only. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. -.It Fl A -Enables forwarding of the authentication agent connection. -This can also be specified on a per-host basis in a configuration file. -.Pp -Agent forwarding should be enabled with caution. -Users with the ability to bypass file permissions on the remote host -(for the agent's Unix-domain socket) -can access the local agent through the forwarded connection. -An attacker cannot obtain key material from the agent, -however they can perform operations on the keys that enable them to -authenticate using the identities loaded into the agent. -.It Fl a -Disables forwarding of the authentication agent connection. -.It Fl b Ar bind_address -Use -.Ar bind_address -on the local machine as the source address -of the connection. -Only useful on systems with more than one address. -.It Fl C -Requests compression of all data (including stdin, stdout, stderr, and -data for forwarded X11 and TCP/IP connections). -The compression algorithm is the same used by -.Xr gzip 1 , -and the -.Dq level -can be controlled by the -.Cm CompressionLevel -option for protocol version 1. -Compression is desirable on modem lines and other -slow connections, but will only slow down things on fast networks. -The default value can be set on a host-by-host basis in the -configuration files; see the -.Cm Compression -option. -.It Fl c Ar cipher_spec -Selects the cipher specification for encrypting the session. -.Pp -Protocol version 1 allows specification of a single cipher. -The supported values are -.Dq 3des , -.Dq blowfish -and -.Dq des . -.Ar 3des -(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. -It is believed to be secure. -.Ar blowfish -is a fast block cipher; it appears very secure and is much faster than -.Ar 3des . -.Ar des -is only supported in the -.Nm -client for interoperability with legacy protocol 1 implementations -that do not support the -.Ar 3des -cipher. -Its use is strongly discouraged due to cryptographic weaknesses. -The default is -.Dq 3des . -.Pp -For protocol version 2 -.Ar cipher_spec -is a comma-separated list of ciphers -listed in order of preference. -The supported ciphers are -.Dq 3des-cbc , -.Dq aes128-cbc , -.Dq aes192-cbc , -.Dq aes256-cbc , -.Dq aes128-ctr , -.Dq aes192-ctr , -.Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , -.Dq arcfour , -.Dq blowfish-cbc , -and -.Dq cast128-cbc . -The default is -.Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, - arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, - aes192-ctr,aes256-ctr'' -.Ed -.It Fl D Xo -.Sm off -.Oo Ar bind_address : Oc -.Ar port -.Sm on -.Xc -Specifies a local -.Dq dynamic -application-level port forwarding. -This works by allocating a socket to listen to -.Ar port -on the local side, optionally bound to the specified -.Ar bind_address . -Whenever a connection is made to this port, the -connection is forwarded over the secure channel, and the application -protocol is then used to determine where to connect to from the -remote machine. -Currently the SOCKS4 and SOCKS5 protocols are supported, and -.Nm -will act as a SOCKS server. -Only root can forward privileged ports. -Dynamic port forwardings can also be specified in the configuration file. +will act as a SOCKS server. +Only root can forward privileged ports. +Dynamic port forwardings can also be specified in the configuration file. .Pp IPv6 addresses can be specified with an alternative syntax: .Sm off @@ -871,53 +573,351 @@ Display the version number and exit. Verbose mode. Causes .Nm -to print debugging messages about its progress. -This is helpful in -debugging connection, authentication, and configuration problems. -Multiple -.Fl v -options increase the verbosity. -The maximum is 3. -.It Fl w Ar tunnel : Ns Ar tunnel -Requests a -.Xr tun 4 -device on the client and server like the -.Cm Tunnel -directive in -.Xr ssh_config 5 . -.It Fl X -Enables X11 forwarding. -This can also be specified on a per-host basis in a configuration file. +to print debugging messages about its progress. +This is helpful in +debugging connection, authentication, and configuration problems. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. +.It Fl w Ar tunnel : Ns Ar tunnel +Requests a +.Xr tun 4 +device on the client and server like the +.Cm Tunnel +directive in +.Xr ssh_config 5 . +.It Fl X +Enables X11 forwarding. +This can also be specified on a per-host basis in a configuration file. +.Pp +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. +.Pp +For this reason, X11 forwarding is subjected to X11 SECURITY extension +restrictions by default. +Please refer to the +.Nm +.Fl Y +option and the +.Cm ForwardX11Trusted +directive in +.Xr ssh_config 5 +for more information. +.It Fl x +Disables X11 forwarding. +.It Fl Y +Enables trusted X11 forwarding. +Trusted X11 forwardings are not subjected to the X11 SECURITY extension +controls. +.El +.Ss SSH protocol version 1 +The first authentication method is the +.Em rhosts +or +.Em hosts.equiv +method combined with RSA-based host authentication. +If the machine the user logs in from is listed in +.Pa /etc/hosts.equiv +or +.Pa /etc/shosts.equiv +on the remote machine, and the user names are +the same on both sides, or if the files +.Pa ~/.rhosts +or +.Pa ~/.shosts +exist in the user's home directory on the +remote machine and contain a line containing the name of the client +machine and the name of the user on that machine, the user is +considered for log in. +Additionally, if the server can verify the client's +host key (see +.Pa /etc/ssh/ssh_known_hosts +and +.Pa ~/.ssh/known_hosts +in the +.Sx FILES +section), only then is login permitted. +This authentication method closes security holes due to IP +spoofing, DNS spoofing and routing spoofing. +[Note to the administrator: +.Pa /etc/hosts.equiv , +.Pa ~/.rhosts , +and the rlogin/rsh protocol in general, are inherently insecure and should be +disabled if security is desired.] +.Pp +As a second authentication method, +.Nm +supports RSA based authentication. +The scheme is based on public-key cryptography: there are cryptosystems +where encryption and decryption are done using separate keys, and it +is not possible to derive the decryption key from the encryption key. +RSA is one such system. +The idea is that each user creates a public/private +key pair for authentication purposes. +The server knows the public key, and only the user knows the private key. +.Pp +The file +.Pa ~/.ssh/authorized_keys +lists the public keys that are permitted for logging in. +When the user logs in, the +.Nm +program tells the server which key pair it would like to use for +authentication. +The server checks if this key is permitted, and if so, +sends the user (actually the +.Nm +program running on behalf of the user) a challenge, a random number, +encrypted by the user's public key. +The challenge can only be decrypted using the proper private key. +The user's client then decrypts the challenge using the private key, +proving that he/she knows the private key +but without disclosing it to the server. +.Pp +.Nm +implements the RSA authentication protocol automatically. +The user creates his/her RSA key pair by running +.Xr ssh-keygen 1 . +This stores the private key in +.Pa ~/.ssh/identity +and stores the public key in +.Pa ~/.ssh/identity.pub +in the user's home directory. +The user should then copy the +.Pa identity.pub +to +.Pa ~/.ssh/authorized_keys +in his/her home directory on the remote machine (the +.Pa authorized_keys +file corresponds to the conventional +.Pa ~/.rhosts +file, and has one key +per line, though the lines can be very long). +After this, the user can log in without giving the password. +.Pp +The most convenient way to use RSA authentication may be with an +authentication agent. +See +.Xr ssh-agent 1 +for more information. +.Pp +If other authentication methods fail, +.Nm +prompts the user for a password. +The password is sent to the remote +host for checking; however, since all communications are encrypted, +the password cannot be seen by someone listening on the network. +.Ss SSH protocol version 2 +When a user connects using protocol version 2, +similar authentication methods are available. +Using the default values for +.Cm PreferredAuthentications , +the client will try to authenticate first using the hostbased method; +if this method fails, public key authentication is attempted, +and finally if this method fails, keyboard-interactive and +password authentication are tried. .Pp -X11 forwarding should be enabled with caution. -Users with the ability to bypass file permissions on the remote host -(for the user's X authorization database) -can access the local X11 display through the forwarded connection. -An attacker may then be able to perform activities such as keystroke monitoring. +The public key method is similar to RSA authentication described +in the previous section and allows the RSA or DSA algorithm to be used: +The client uses his private key, +.Pa ~/.ssh/id_dsa +or +.Pa ~/.ssh/id_rsa , +to sign the session identifier and sends the result to the server. +The server checks whether the matching public key is listed in +.Pa ~/.ssh/authorized_keys +and grants access if both the key is found and the signature is correct. +The session identifier is derived from a shared Diffie-Hellman value +and is only known to the client and the server. .Pp -For this reason, X11 forwarding is subjected to X11 SECURITY extension -restrictions by default. -Please refer to the +If public key authentication fails or is not available, a password +can be sent encrypted to the remote host to prove the user's identity. +.Pp +Additionally, .Nm -.Fl Y -option and the -.Cm ForwardX11Trusted -directive in -.Xr ssh_config 5 -for more information. -.It Fl x -Disables X11 forwarding. -.It Fl Y -Enables trusted X11 forwarding. -Trusted X11 forwardings are not subjected to the X11 SECURITY extension -controls. -.El -.Sh CONFIGURATION FILES +supports hostbased or challenge response authentication. +.Pp +Protocol 2 provides additional mechanisms for confidentiality +(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) +and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). +Note that protocol 1 lacks a strong mechanism for ensuring the +integrity of the connection. +.Ss Login session and remote execution +When the user's identity has been accepted by the server, the server +either executes the given command, or logs into the machine and gives +the user a normal shell on the remote machine. +All communication with +the remote command or shell will be automatically encrypted. +.Pp +If a pseudo-terminal has been allocated (normal login session), the +user may use the escape characters noted below. +.Pp +If no pseudo-tty has been allocated, +the session is transparent and can be used to reliably transfer binary data. +On most systems, setting the escape character to +.Dq none +will also make the session transparent even if a tty is used. +.Pp +The session terminates when the command or shell on the remote +machine exits and all X11 and TCP/IP connections have been closed. +The exit status of the remote program is returned as the exit status of +.Nm ssh . +.Pp .Nm may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . +.Ss Escape Characters +When a pseudo-terminal has been requested, +.Nm +supports a number of functions through the use of an escape character. +.Pp +A single tilde character can be sent as +.Ic ~~ +or by following the tilde by a character other than those described below. +The escape character must always follow a newline to be interpreted as +special. +The escape character can be changed in configuration files using the +.Cm EscapeChar +configuration directive or on the command line by the +.Fl e +option. +.Pp +The supported escapes (assuming the default +.Ql ~ ) +are: +.Bl -tag -width Ds +.It Cm ~. +Disconnect. +.It Cm ~^Z +Background +.Nm ssh . +.It Cm ~# +List forwarded connections. +.It Cm ~& +Background +.Nm +at logout when waiting for forwarded connection / X11 sessions to terminate. +.It Cm ~? +Display a list of escape characters. +.It Cm ~B +Send a BREAK to the remote system +(only useful for SSH protocol version 2 and if the peer supports it). +.It Cm ~C +Open command line. +Currently this allows the addition of port forwardings using the +.Fl L +and +.Fl R +options (see below). +It also allows the cancellation of existing remote port-forwardings +using +.Fl KR Ar hostport . +.Ic !\& Ns Ar command +allows the user to execute a local command if the +.Ic PermitLocalCommand +option is enabled in +.Xr ssh_config 5 . +Basic help is available, using the +.Fl h +option. +.It Cm ~R +Request rekeying of the connection +(only useful for SSH protocol version 2 and if the peer supports it). +.El +.Ss X11 and TCP forwarding +If the +.Cm ForwardX11 +variable is set to +.Dq yes +(or see the description of the +.Fl X +and +.Fl x +options described later) +and the user is using X11 (the +.Ev DISPLAY +environment variable is set), the connection to the X11 display is +automatically forwarded to the remote side in such a way that any X11 +programs started from the shell (or command) will go through the +encrypted channel, and the connection to the real X server will be made +from the local machine. +The user should not manually set +.Ev DISPLAY . +Forwarding of X11 connections can be +configured on the command line or in configuration files. +.Pp +The +.Ev DISPLAY +value set by +.Nm +will point to the server machine, but with a display number greater than zero. +This is normal, and happens because +.Nm +creates a +.Dq proxy +X server on the server machine for forwarding the +connections over the encrypted channel. +.Pp +.Nm +will also automatically set up Xauthority data on the server machine. +For this purpose, it will generate a random authorization cookie, +store it in Xauthority on the server, and verify that any forwarded +connections carry this cookie and replace it by the real cookie when +the connection is opened. +The real authentication cookie is never +sent to the server machine (and no cookies are sent in the plain). +.Pp +If the +.Cm ForwardAgent +variable is set to +.Dq yes +(or see the description of the +.Fl A +and +.Fl a +options described later) and +the user is using an authentication agent, the connection to the agent +is automatically forwarded to the remote side. +.Pp +Forwarding of arbitrary TCP/IP connections over the secure channel can +be specified either on the command line or in a configuration file. +One possible application of TCP/IP forwarding is a secure connection to an +electronic purse; another is going through firewalls. +.Ss Server authentication +.Nm +automatically maintains and checks a database containing +identifications for all hosts it has ever been used with. +Host keys are stored in +.Pa ~/.ssh/known_hosts +in the user's home directory. +Additionally, the file +.Pa /etc/ssh/ssh_known_hosts +is automatically checked for known hosts. +Any new hosts are automatically added to the user's file. +If a host's identification ever changes, +.Nm +warns about this and disables password authentication to prevent a +trojan horse from getting the user's password. +Another purpose of this mechanism is to prevent man-in-the-middle attacks +which could otherwise be used to circumvent the encryption. +The +.Cm StrictHostKeyChecking +option can be used to prevent logins to machines whose +host key is not known or has changed. +.Pp +.Nm +can be configured to verify host identification using fingerprint resource +records (SSHFP) published in DNS. +The +.Cm VerifyHostKeyDNS +option can be used to control how DNS lookups are performed. +SSHFP resource records can be generated using +.Xr ssh-keygen 1 . .Sh ENVIRONMENT .Nm will normally set the following environment variables: -- cgit v1.2.3 From b18c867c9d638589e9dc20bd52b32aac4f43d8dc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:10:09 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/16 18:08:53 [ssh.1] simplify a sentence; --- ChangeLog | 5 ++++- ssh.1 | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 04d851cf5..4026257d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ [ssh.1] move the option descriptions up the page: start of a restructure; ok markus deraadt + - jmc@cvs.openbsd.org 2005/12/16 18:08:53 + [ssh.1] + simplify a sentence; 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3481,4 +3484,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4033 2005/12/20 05:09:36 dtucker Exp $ +$Id: ChangeLog,v 1.4034 2005/12/20 05:10:09 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index c50bc1526..f09b95281 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.218 2005/12/16 18:07:08 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.219 2005/12/16 18:08:53 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -105,8 +105,7 @@ depending on the protocol version used. If .Ar command is specified, -.Ar command -is executed on the remote host instead of a login shell. +it is executed on the remote host instead of a login shell. .Pp The options are as follows: .Bl -tag -width Ds -- cgit v1.2.3 From 5434cfe3680541727dc7b89426ffb329a5141495 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:11:35 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/16 18:14:40 [ssh.1] signpost the protocol sections; --- ChangeLog | 5 ++++- ssh.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4026257d4..ed6e88550 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - jmc@cvs.openbsd.org 2005/12/16 18:08:53 [ssh.1] simplify a sentence; + - jmc@cvs.openbsd.org 2005/12/16 18:14:40 + [ssh.1] + signpost the protocol sections; 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3484,4 +3487,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4034 2005/12/20 05:10:09 dtucker Exp $ +$Id: ChangeLog,v 1.4035 2005/12/20 05:11:35 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 1e46dab64..31b614b1d 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.220 2005/12/16 18:12:22 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.221 2005/12/16 18:14:40 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -100,7 +100,7 @@ connects and logs into the specified name). The user must prove his/her identity to the remote machine using one of several methods -depending on the protocol version used. +depending on the protocol version used (see below). .Pp If .Ar command -- cgit v1.2.3 From 5652924ad9f3ebfb4691ef9893e154f5cd64de8d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:12:24 +1100 Subject: missed changelog entry --- ChangeLog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ed6e88550..be12b11ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ - jmc@cvs.openbsd.org 2005/12/16 18:08:53 [ssh.1] simplify a sentence; + - jmc@cvs.openbsd.org 2005/12/16 18:12:22 + [ssh.1] + make the description of -c a little nicer; - jmc@cvs.openbsd.org 2005/12/16 18:14:40 [ssh.1] signpost the protocol sections; @@ -3487,4 +3490,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4035 2005/12/20 05:11:35 dtucker Exp $ +$Id: ChangeLog,v 1.4036 2005/12/20 05:12:24 dtucker Exp $ -- cgit v1.2.3 From 635518705a419c9e5e85eaa715c607846895aacd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:14:15 +1100 Subject: - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 [ssh_config.5 session.c] spelling: fowarding, fowarded --- ChangeLog | 5 ++++- session.c | 4 ++-- ssh_config.5 | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index be12b11ab..26b7251bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - jmc@cvs.openbsd.org 2005/12/16 18:14:40 [ssh.1] signpost the protocol sections; + - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 + [ssh_config.5 session.c] + spelling: fowarding, fowarded 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3490,4 +3493,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4036 2005/12/20 05:12:24 dtucker Exp $ +$Id: ChangeLog,v 1.4037 2005/12/20 05:14:15 dtucker Exp $ diff --git a/session.c b/session.c index 8d186dd7d..8826fabaa 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.189 2005/12/12 13:46:18 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.190 2005/12/17 21:13:05 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1869,7 +1869,7 @@ session_x11_req(Session *s) if (s->auth_proto != NULL || s->auth_data != NULL) { error("session_x11_req: session %d: " - "x11 fowarding already active", s->self); + "x11 forwarding already active", s->self); return 0; } s->single_connection = packet_get_char(); diff --git a/ssh_config.5 b/ssh_config.5 index 50df0d432..56fc65ed0 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.69 2005/12/08 21:37:50 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.70 2005/12/17 21:13:05 stevesk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -285,7 +285,7 @@ will continue without connecting to a master instance. X11 and .Xr ssh-agent 1 forwarding is supported over these multiplexed connections, however the -display and agent fowarded will be the one belonging to the master +display and agent forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays or agents. .Pp Two additional options allow for opportunistic multiplexing: try to use a -- cgit v1.2.3 From 7eba820ca7e989ab723d87af630677ac892084ca Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:15:14 +1100 Subject: - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 [ssh_config.5] spelling: intented -> intended --- ChangeLog | 5 ++++- ssh_config.5 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 26b7251bd..df1e00318 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 [ssh_config.5 session.c] spelling: fowarding, fowarded + - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 + [ssh_config.5] + spelling: intented -> intended 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3493,4 +3496,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4037 2005/12/20 05:14:15 dtucker Exp $ +$Id: ChangeLog,v 1.4038 2005/12/20 05:15:14 dtucker Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 56fc65ed0..89b219c28 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.70 2005/12/17 21:13:05 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.71 2005/12/17 21:36:42 stevesk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -530,7 +530,7 @@ The argument to this keyword must be .Dq yes or .Dq no . -This option is intented for situations where +This option is intended for situations where .Nm ssh-agent offers many different identities. The default is -- cgit v1.2.3 From e9a9b71c6b7927ea0f875cde42dffc1f4b195011 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 20 Dec 2005 16:15:51 +1100 Subject: - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 [ssh.c] exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ --- ChangeLog | 5 ++++- ssh.c | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 15 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index df1e00318..981ef5691 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 [ssh_config.5] spelling: intented -> intended + - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 + [ssh.c] + exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ 20051219 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac @@ -3496,4 +3499,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4038 2005/12/20 05:15:14 dtucker Exp $ +$Id: ChangeLog,v 1.4039 2005/12/20 05:15:51 dtucker Exp $ diff --git a/ssh.c b/ssh.c index dd627ce2e..cdfc91633 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.256 2005/12/08 18:34:11 reyk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $"); #include #include @@ -164,7 +164,7 @@ usage(void) " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" " [-w tunnel:tunnel] [user@]hostname [command]\n" ); - exit(1); + exit(255); } static int ssh_session(void); @@ -223,7 +223,7 @@ main(int ac, char **av) pw = getpwuid(original_real_uid); if (!pw) { logit("You don't exist, go away!"); - exit(1); + exit(255); } /* Take a copy of the returned structure. */ pw = pwcopy(pw); @@ -346,7 +346,7 @@ again: options.tun_local = a2tun(optarg, &options.tun_remote); if (options.tun_local == SSH_TUNID_ERR) { fprintf(stderr, "Bad tun device '%s'\n", optarg); - exit(1); + exit(255); } break; case 'q': @@ -364,7 +364,7 @@ again: else { fprintf(stderr, "Bad escape character '%s'.\n", optarg); - exit(1); + exit(255); } break; case 'c': @@ -379,7 +379,7 @@ again: fprintf(stderr, "Unknown cipher type '%s'\n", optarg); - exit(1); + exit(255); } if (options.cipher == SSH_CIPHER_3DES) options.ciphers = "3des-cbc"; @@ -395,7 +395,7 @@ again: else { fprintf(stderr, "Unknown mac type '%s'\n", optarg); - exit(1); + exit(255); } break; case 'M': @@ -408,7 +408,7 @@ again: options.port = a2port(optarg); if (options.port == 0) { fprintf(stderr, "Bad port '%s'\n", optarg); - exit(1); + exit(255); } break; case 'l': @@ -422,7 +422,7 @@ again: fprintf(stderr, "Bad local forwarding specification '%s'\n", optarg); - exit(1); + exit(255); } break; @@ -433,7 +433,7 @@ again: fprintf(stderr, "Bad remote forwarding specification " "'%s'\n", optarg); - exit(1); + exit(255); } break; @@ -444,7 +444,7 @@ again: if ((fwd.listen_host = hpdelim(&cp)) == NULL) { fprintf(stderr, "Bad dynamic forwarding " "specification '%.100s'\n", optarg); - exit(1); + exit(255); } if (cp != NULL) { fwd.listen_port = a2port(cp); @@ -457,7 +457,7 @@ again: if (fwd.listen_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); - exit(1); + exit(255); } add_local_forward(&options, &fwd); xfree(p); @@ -478,7 +478,7 @@ again: line = xstrdup(optarg); if (process_config_line(&options, host ? host : "", line, "command-line", 0, &dummy) != 0) - exit(1); + exit(255); xfree(line); break; case 's': @@ -654,7 +654,7 @@ again: original_effective_uid == 0 && options.use_privileged_port, #endif options.proxy_command) != 0) - exit(1); + exit(255); /* * If we successfully made the connection, load the host private key -- cgit v1.2.3 From c93a813802cc2a339bcf1dc41c60878a5b1c0373 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:52:13 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/20 21:59:43 [ssh.1] merge the sections on protocols 1 and 2 into one section on authentication; feedback djm dtucker ok deraadt markus dtucker --- ChangeLog | 11 ++++- ssh.1 | 165 ++++++++++++++++++++++++++++++++++---------------------------- 2 files changed, 100 insertions(+), 76 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 981ef5691..cfb73fc1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20051224 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/12/20 21:59:43 + [ssh.1] + merge the sections on protocols 1 and 2 into one section on + authentication; + feedback djm dtucker + ok deraadt markus dtucker + 20051220 - (dtucker) OpenBSD CVS Sync - reyk@cvs.openbsd.org 2005/12/13 15:03:02 @@ -3499,4 +3508,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4039 2005/12/20 05:15:51 dtucker Exp $ +$Id: ChangeLog,v 1.4040 2005/12/24 03:52:13 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 31b614b1d..84bd62eb3 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.221 2005/12/16 18:14:40 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.222 2005/12/20 21:59:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -613,12 +613,38 @@ Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. .El -.Ss SSH protocol version 1 -The first authentication method is the -.Em rhosts -or -.Em hosts.equiv -method combined with RSA-based host authentication. +.Sh AUTHENTICATION +The OpenSSH SSH client supports OpenSSH protocols 1 and 2. +Protocol 2 is the default, with +.Nm +falling back to protocol 1 if it detects protocol 2 is unsupported. +These settings may be altered using the +.Cm Protocol +option in +.Xr ssh_config 5 , +or enforced using the +.Fl 1 +and +.Fl 2 +options (see above). +Both protocols support similar authentication methods, +but protocol 2 is preferred since +it provides additional mechanisms for confidentiality +(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) +and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). +Protocol 1 lacks a strong mechanism for ensuring the +integrity of the connection. +.Pp +The methods available for authentication are: +host-based authentication, +public key authentication, +challenge-response authentication, +and password authentication. +Authentication methods are tried in the order specified above, +though protocol 2 has a configuration option to change the default order: +.Cm PreferredAuthentications . +.Pp +Host-based authentication works as follows: If the machine the user logs in from is listed in .Pa /etc/hosts.equiv or @@ -631,33 +657,42 @@ or exist in the user's home directory on the remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is -considered for log in. -Additionally, if the server can verify the client's -host key (see +considered for login. +Additionally, the server +.Em must +be able to verify the client's +host key (see the description of .Pa /etc/ssh/ssh_known_hosts and -.Pa ~/.ssh/known_hosts -in the -.Sx FILES -section), only then is login permitted. +.Pa ~/.ssh/known_hosts , +below) +for login to be permitted. This authentication method closes security holes due to IP -spoofing, DNS spoofing and routing spoofing. +spoofing, DNS spoofing, and routing spoofing. [Note to the administrator: .Pa /etc/hosts.equiv , .Pa ~/.rhosts , and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] .Pp -As a second authentication method, -.Nm -supports RSA based authentication. -The scheme is based on public-key cryptography: there are cryptosystems -where encryption and decryption are done using separate keys, and it -is not possible to derive the decryption key from the encryption key. -RSA is one such system. +Public key authentication works as follows: +The scheme is based on public-key cryptography, +using cryptosystems +where encryption and decryption are done using separate keys, +and it is unfeasible to derive the decryption key from the encryption key. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. +.Nm +implements public key authentication protocol automatically, +using either the RSA or DSA algorithms. +Protocol 1 is restricted to using only RSA keys, +but protocol 2 may use either. +The +.Sx HISTORY +section of +.Xr ssl 8 +contains a brief discussion of the two algorithms. .Pp The file .Pa ~/.ssh/authorized_keys @@ -666,84 +701,64 @@ When the user logs in, the .Nm program tells the server which key pair it would like to use for authentication. -The server checks if this key is permitted, and if so, -sends the user (actually the -.Nm -program running on behalf of the user) a challenge, a random number, -encrypted by the user's public key. -The challenge can only be decrypted using the proper private key. -The user's client then decrypts the challenge using the private key, -proving that he/she knows the private key -but without disclosing it to the server. +The client proves that it has access to the private key +and the server checks that the corresponding public key +is authorized to accept the account. .Pp -.Nm -implements the RSA authentication protocol automatically. -The user creates his/her RSA key pair by running +The user creates his/her key pair by running .Xr ssh-keygen 1 . This stores the private key in .Pa ~/.ssh/identity +(protocol 1), +.Pa ~/.ssh/id_dsa +(protocol 2 DSA), +or +.Pa ~/.ssh/id_rsa +(protocol 2 RSA) and stores the public key in .Pa ~/.ssh/identity.pub +(protocol 1), +.Pa ~/.ssh/id_dsa.pub +(protocol 2 DSA), +or +.Pa ~/.ssh/id_rsa.pub +(protocol 2 RSA) in the user's home directory. -The user should then copy the -.Pa identity.pub +The user should then copy the public key to .Pa ~/.ssh/authorized_keys -in his/her home directory on the remote machine (the +in his/her home directory on the remote machine. +The .Pa authorized_keys file corresponds to the conventional .Pa ~/.rhosts file, and has one key -per line, though the lines can be very long). +per line, though the lines can be very long. After this, the user can log in without giving the password. .Pp -The most convenient way to use RSA authentication may be with an +The most convenient way to use public key authentication may be with an authentication agent. See .Xr ssh-agent 1 for more information. .Pp -If other authentication methods fail, +Challenge-response authentication works as follows: +The server sends an arbitrary +.Qq challenge +text, and prompts for a response. +Protocol 2 allows multiple challenges and responses; +protocol 1 is restricted to just one challenge/response. +Examples of challenge-response authentication include +BSD Authentication (see +.Xr login.conf 5 ) +and PAM (some non-OpenBSD systems). +.Pp +Finally, if other authentication methods fail, .Nm prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. -.Ss SSH protocol version 2 -When a user connects using protocol version 2, -similar authentication methods are available. -Using the default values for -.Cm PreferredAuthentications , -the client will try to authenticate first using the hostbased method; -if this method fails, public key authentication is attempted, -and finally if this method fails, keyboard-interactive and -password authentication are tried. -.Pp -The public key method is similar to RSA authentication described -in the previous section and allows the RSA or DSA algorithm to be used: -The client uses his private key, -.Pa ~/.ssh/id_dsa -or -.Pa ~/.ssh/id_rsa , -to sign the session identifier and sends the result to the server. -The server checks whether the matching public key is listed in -.Pa ~/.ssh/authorized_keys -and grants access if both the key is found and the signature is correct. -The session identifier is derived from a shared Diffie-Hellman value -and is only known to the client and the server. -.Pp -If public key authentication fails or is not available, a password -can be sent encrypted to the remote host to prove the user's identity. -.Pp -Additionally, -.Nm -supports hostbased or challenge response authentication. -.Pp -Protocol 2 provides additional mechanisms for confidentiality -(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) -and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). -Note that protocol 1 lacks a strong mechanism for ensuring the -integrity of the connection. .Ss Login session and remote execution When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives -- cgit v1.2.3 From 52d2061ab09517e31d4a7cb548bd05e7b232647c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:52:36 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/20 22:02:50 [ssh.1] .Ss -> .Sh: subsections have not made this page more readable --- ChangeLog | 5 ++++- ssh.1 | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cfb73fc1f..a2a23c85d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ authentication; feedback djm dtucker ok deraadt markus dtucker + - jmc@cvs.openbsd.org 2005/12/20 22:02:50 + [ssh.1] + .Ss -> .Sh: subsections have not made this page more readable 20051220 - (dtucker) OpenBSD CVS Sync @@ -3508,4 +3511,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4040 2005/12/24 03:52:13 djm Exp $ +$Id: ChangeLog,v 1.4041 2005/12/24 03:52:36 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 84bd62eb3..1bd0d620e 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.222 2005/12/20 21:59:43 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.223 2005/12/20 22:02:50 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -759,7 +759,7 @@ prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. -.Ss Login session and remote execution +.Sh LOGIN SESSION AND REMOTE EXECUTION When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -785,7 +785,7 @@ may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . -.Ss Escape Characters +.Sh ESCAPE CHARACTERS When a pseudo-terminal has been requested, .Nm supports a number of functions through the use of an escape character. @@ -843,7 +843,7 @@ option. Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). .El -.Ss X11 and TCP forwarding +.Sh X11 AND TCP FORWARDING If the .Cm ForwardX11 variable is set to @@ -902,7 +902,7 @@ Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file. One possible application of TCP/IP forwarding is a secure connection to an electronic purse; another is going through firewalls. -.Ss Server authentication +.Sh SERVER AUTHENTICATION .Nm automatically maintains and checks a database containing identifications for all hosts it has ever been used with. -- cgit v1.2.3 From e9b333a54494fbc51b76e6877d52ecb2ef8845fa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:53:04 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/20 22:09:41 [ssh.1] move info on ssh return values and config files up into the main description; --- ChangeLog | 6 +++++- ssh.1 | 24 +++++++++++------------- 2 files changed, 16 insertions(+), 14 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a2a23c85d..aaeeb0746 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ - jmc@cvs.openbsd.org 2005/12/20 22:02:50 [ssh.1] .Ss -> .Sh: subsections have not made this page more readable + - jmc@cvs.openbsd.org 2005/12/20 22:09:41 + [ssh.1] + move info on ssh return values and config files up into the main + description; 20051220 - (dtucker) OpenBSD CVS Sync @@ -3511,4 +3515,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4041 2005/12/24 03:52:36 djm Exp $ +$Id: ChangeLog,v 1.4042 2005/12/24 03:53:04 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 1bd0d620e..caa78f4af 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.223 2005/12/20 22:02:50 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.224 2005/12/20 22:09:41 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -613,6 +613,16 @@ Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. .El +.Pp +.Nm +may additionally obtain configuration data from +a per-user configuration file and a system-wide configuration file. +The file format and configuration options are described in +.Xr ssh_config 5 . +.Pp +.Nm +exits with the exit status of the remote command or with 255 +if an error occurred. .Sh AUTHENTICATION The OpenSSH SSH client supports OpenSSH protocols 1 and 2. Protocol 2 is the default, with @@ -777,14 +787,6 @@ will also make the session transparent even if a tty is used. .Pp The session terminates when the command or shell on the remote machine exits and all X11 and TCP/IP connections have been closed. -The exit status of the remote program is returned as the exit status of -.Nm ssh . -.Pp -.Nm -may additionally obtain configuration data from -a per-user configuration file and a system-wide configuration file. -The file format and configuration options are described in -.Xr ssh_config 5 . .Sh ESCAPE CHARACTERS When a pseudo-terminal has been requested, .Nm @@ -1223,10 +1225,6 @@ Contains additional definitions for environment variables, see section .Sx ENVIRONMENT above. .El -.Sh DIAGNOSTICS -.Nm -exits with the exit status of the remote command or with 255 -if an error occurred. .Sh SEE ALSO .Xr gzip 1 , .Xr rsh 1 , -- cgit v1.2.3 From 329cb016386a7e5eaa839fc34e6e53c9428e76db Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:53:23 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/21 11:48:16 [ssh.1] -L and -R descriptions are now above, not below, ~C description; --- ChangeLog | 5 ++++- ssh.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index aaeeb0746..cef2a84e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ [ssh.1] move info on ssh return values and config files up into the main description; + - jmc@cvs.openbsd.org 2005/12/21 11:48:16 + [ssh.1] + -L and -R descriptions are now above, not below, ~C description; 20051220 - (dtucker) OpenBSD CVS Sync @@ -3515,4 +3518,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4042 2005/12/24 03:53:04 djm Exp $ +$Id: ChangeLog,v 1.4043 2005/12/24 03:53:23 djm Exp $ diff --git a/ssh.1 b/ssh.1 index caa78f4af..10d77e568 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.224 2005/12/20 22:09:41 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.225 2005/12/21 11:48:16 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -829,7 +829,7 @@ Currently this allows the addition of port forwardings using the .Fl L and .Fl R -options (see below). +options (see above). It also allows the cancellation of existing remote port-forwardings using .Fl KR Ar hostport . -- cgit v1.2.3 From 9a765b22b78d3e2d3102db094bc08a3ad33436bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:53:44 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/21 11:57:25 [ssh.1] options now described `above', rather than `later'; --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cef2a84e9..3ebcd6ad5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - jmc@cvs.openbsd.org 2005/12/21 11:48:16 [ssh.1] -L and -R descriptions are now above, not below, ~C description; + - jmc@cvs.openbsd.org 2005/12/21 11:57:25 + [ssh.1] + options now described `above', rather than `later'; 20051220 - (dtucker) OpenBSD CVS Sync @@ -3518,4 +3521,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4043 2005/12/24 03:53:23 djm Exp $ +$Id: ChangeLog,v 1.4044 2005/12/24 03:53:44 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 10d77e568..2cf222234 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.225 2005/12/21 11:48:16 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.226 2005/12/21 11:57:25 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -854,7 +854,7 @@ variable is set to .Fl X and .Fl x -options described later) +options above) and the user is using X11 (the .Ev DISPLAY environment variable is set), the connection to the X11 display is @@ -896,7 +896,7 @@ variable is set to .Fl A and .Fl a -options described later) and +options above) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. .Pp -- cgit v1.2.3 From 1530f2431ce107abc29f1926badf84a28bb43b86 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:54:03 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/21 12:53:31 [ssh.1] -Y does X11 forwarding too; ok markus --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3ebcd6ad5..4fd581232 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,10 @@ - jmc@cvs.openbsd.org 2005/12/21 11:57:25 [ssh.1] options now described `above', rather than `later'; + - jmc@cvs.openbsd.org 2005/12/21 12:53:31 + [ssh.1] + -Y does X11 forwarding too; + ok markus 20051220 - (dtucker) OpenBSD CVS Sync @@ -3521,4 +3525,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4044 2005/12/24 03:53:44 djm Exp $ +$Id: ChangeLog,v 1.4045 2005/12/24 03:54:03 djm Exp $ -- cgit v1.2.3 From d7f308f6d8b3583d8c97fa71cfb9b10f07ee5418 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:55:16 +1100 Subject: - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 [sshd.8] clarify precedence of -p, Port, ListenAddress; ok and help jmc@ --- ChangeLog | 5 ++++- ssh.1 | 7 ++++--- sshd.8 | 10 +++++++--- 3 files changed, 15 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4fd581232..645feffc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ [ssh.1] -Y does X11 forwarding too; ok markus + - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 + [sshd.8] + clarify precedence of -p, Port, ListenAddress; ok and help jmc@ 20051220 - (dtucker) OpenBSD CVS Sync @@ -3525,4 +3528,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4045 2005/12/24 03:54:03 djm Exp $ +$Id: ChangeLog,v 1.4046 2005/12/24 03:55:16 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 2cf222234..36abe684a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.226 2005/12/21 11:57:25 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.227 2005/12/21 12:53:31 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -851,9 +851,10 @@ If the variable is set to .Dq yes (or see the description of the -.Fl X +.Fl X , +.Fl x , and -.Fl x +.Fl Y options above) and the user is using X11 (the .Ev DISPLAY diff --git a/sshd.8 b/sshd.8 index 53eddcdfb..ee6e7d797 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.209 2005/12/06 22:38:28 reyk Exp $ +.\" $OpenBSD: sshd.8,v 1.210 2005/12/21 22:44:26 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -288,8 +288,12 @@ For full details of the options, and their values, see Specifies the port on which the server listens for connections (default 22). Multiple port options are permitted. -Ports specified in the configuration file are ignored when a -command-line port is specified. +Ports specified in the configuration file with the +.Cm Port +option are ignored when a command-line port is specified. +Ports specified using the +.Cm ListenAddress +option override command-line ports. .It Fl q Quiet mode. Nothing is sent to the system log. -- cgit v1.2.3 From e8cd741929796ef87ee61eb27ae7149ed7cbe1bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:55:47 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/22 10:31:40 [ssh_config.5] put the description of "UsePrivilegedPort" in the correct place; --- ChangeLog | 5 ++++- ssh_config.5 | 36 ++++++++++++++++++------------------ 2 files changed, 22 insertions(+), 19 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 645feffc0..4072f14ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 [sshd.8] clarify precedence of -p, Port, ListenAddress; ok and help jmc@ + - jmc@cvs.openbsd.org 2005/12/22 10:31:40 + [ssh_config.5] + put the description of "UsePrivilegedPort" in the correct place; 20051220 - (dtucker) OpenBSD CVS Sync @@ -3528,4 +3531,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4046 2005/12/24 03:55:16 djm Exp $ +$Id: ChangeLog,v 1.4047 2005/12/24 03:55:47 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 89b219c28..072ea11a1 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.71 2005/12/17 21:36:42 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.72 2005/12/22 10:31:40 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -891,23 +891,6 @@ This is important in scripts, and many users want it too. .Pp To disable TCP keepalive messages, the value should be set to .Dq no . -.It Cm UsePrivilegedPort -Specifies whether to use a privileged port for outgoing connections. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -If set to -.Dq yes -.Nm ssh -must be setuid root. -Note that this option must be set to -.Dq yes -for -.Cm RhostsRSAAuthentication -with older servers. .It Cm Tunnel Request starting .Xr tun 4 @@ -927,6 +910,23 @@ Force a specified .Xr tun 4 device on the client. Without this option, the next available device will be used. +.It Cm UsePrivilegedPort +Specifies whether to use a privileged port for outgoing connections. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . +If set to +.Dq yes +.Nm ssh +must be setuid root. +Note that this option must be set to +.Dq yes +for +.Cm RhostsRSAAuthentication +with older servers. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. -- cgit v1.2.3 From cf1e342c6c10dc216ce165684bca058377c3b7e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:56:04 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/22 11:23:42 [ssh.1] expand the description of -w somewhat; help/ok reyk --- ChangeLog | 6 +++++- ssh.1 | 15 +++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4072f14ba..37cd66bd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,10 @@ - jmc@cvs.openbsd.org 2005/12/22 10:31:40 [ssh_config.5] put the description of "UsePrivilegedPort" in the correct place; + - jmc@cvs.openbsd.org 2005/12/22 11:23:42 + [ssh.1] + expand the description of -w somewhat; + help/ok reyk 20051220 - (dtucker) OpenBSD CVS Sync @@ -3531,4 +3535,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4047 2005/12/24 03:55:47 djm Exp $ +$Id: ChangeLog,v 1.4048 2005/12/24 03:56:04 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 36abe684a..c42d74eba 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.227 2005/12/21 12:53:31 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.228 2005/12/22 11:23:42 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -582,7 +582,18 @@ The maximum is 3. .It Fl w Ar tunnel : Ns Ar tunnel Requests a .Xr tun 4 -device on the client and server like the +device on the client +(first +.Ar tunnel +arg) +and server +(second +.Ar tunnel +arg). +The devices may be specified by numerical ID or the keyword +.Dq any , +which uses the next available tunnel device. +See also the .Cm Tunnel directive in .Xr ssh_config 5 . -- cgit v1.2.3 From 2142ba0769a2ddd69bcde786a78e83045216acae Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:56:29 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/23 14:55:53 [ssh.1] - sync the description of -e w/ synopsis - simplify the description of -I - note that -I is only available if support compiled in, and that it isn't by default feedback/ok djm@ --- ChangeLog | 9 ++++++++- ssh.1 | 9 +++++---- 2 files changed, 13 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 37cd66bd9..4795f9a62 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,13 @@ [ssh.1] expand the description of -w somewhat; help/ok reyk + - jmc@cvs.openbsd.org 2005/12/23 14:55:53 + [ssh.1] + - sync the description of -e w/ synopsis + - simplify the description of -I + - note that -I is only available if support compiled in, and that it + isn't by default + feedback/ok djm@ 20051220 - (dtucker) OpenBSD CVS Sync @@ -3535,4 +3542,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4048 2005/12/24 03:56:04 djm Exp $ +$Id: ChangeLog,v 1.4049 2005/12/24 03:56:29 djm Exp $ diff --git a/ssh.1 b/ssh.1 index c42d74eba..28633fff1 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.228 2005/12/22 11:23:42 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.229 2005/12/23 14:55:53 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -256,7 +256,7 @@ indicates that the listening port be bound for local use only, while an empty address or .Sq * indicates that the port should be available from all interfaces. -.It Fl e Ar ch | ^ch | none +.It Fl e Ar escape_char Sets the escape character for sessions with a pty (default: .Ql ~ ) . The escape character is only recognized at the beginning of a line. @@ -292,11 +292,12 @@ something like .It Fl g Allows remote hosts to connect to local forwarded ports. .It Fl I Ar smartcard_device -Specifies which smartcard device to use. -The argument is the device +Specify the device .Nm should use to communicate with a smartcard used for storing the user's private RSA key. +This option is only available if support for smartcard devices +is compiled in (default is no support). .It Fl i Ar identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. -- cgit v1.2.3 From 35978210462d089a53a3e4764b8fb21e1963acba Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:56:47 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/23 23:46:23 [ssh.1] less mark up for -c; --- ChangeLog | 5 ++++- ssh.1 | 30 +++++++++++++++--------------- 2 files changed, 19 insertions(+), 16 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4795f9a62..aa210591e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ - note that -I is only available if support compiled in, and that it isn't by default feedback/ok djm@ + - jmc@cvs.openbsd.org 2005/12/23 23:46:23 + [ssh.1] + less mark up for -c; 20051220 - (dtucker) OpenBSD CVS Sync @@ -3542,4 +3545,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4049 2005/12/24 03:56:29 djm Exp $ +$Id: ChangeLog,v 1.4050 2005/12/24 03:56:47 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 28633fff1..71baf45f5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.229 2005/12/23 14:55:53 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.230 2005/12/23 23:46:23 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -186,24 +186,24 @@ Its use is strongly discouraged due to cryptographic weaknesses. The default is .Dq 3des . .Pp -For protocol version 2 +For protocol version 2, .Ar cipher_spec is a comma-separated list of ciphers listed in order of preference. -The supported ciphers are -.Dq 3des-cbc , -.Dq aes128-cbc , -.Dq aes192-cbc , -.Dq aes256-cbc , -.Dq aes128-ctr , -.Dq aes192-ctr , -.Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , -.Dq arcfour , -.Dq blowfish-cbc , +The supported ciphers are: +3des-cbc, +aes128-cbc, +aes192-cbc, +aes256-cbc, +aes128-ctr, +aes192-ctr, +aes256-ctr, +arcfour128, +arcfour256, +arcfour, +blowfish-cbc, and -.Dq cast128-cbc . +cast128-cbc. The default is: .Bd -literal -offset indent aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, -- cgit v1.2.3 From 7bff1a9b5e6a0958ebc8201542eb6d359d987a1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 24 Dec 2005 14:59:12 +1100 Subject: - djm@cvs.openbsd.org 2005/12/24 02:27:41 [session.c sshd.c] eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler; "groovy" deraadt@ --- ChangeLog | 6 +++++- session.c | 11 +---------- sshd.c | 20 ++++++++++++-------- 3 files changed, 18 insertions(+), 19 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index aa210591e..3b7c6f700 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,10 @@ - jmc@cvs.openbsd.org 2005/12/23 23:46:23 [ssh.1] less mark up for -c; + - djm@cvs.openbsd.org 2005/12/24 02:27:41 + [session.c sshd.c] + eliminate some code duplicated in privsep and non-privsep paths, and + explicitly clear SIGALRM handler; "groovy" deraadt@ 20051220 - (dtucker) OpenBSD CVS Sync @@ -3545,4 +3549,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4050 2005/12/24 03:56:47 djm Exp $ +$Id: ChangeLog,v 1.4051 2005/12/24 03:59:12 djm Exp $ diff --git a/session.c b/session.c index 8826fabaa..2bf904404 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.190 2005/12/17 21:13:05 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -209,15 +209,6 @@ do_authenticated(Authctxt *authctxt) { setproctitle("%s", authctxt->pw->pw_name); - /* - * Cancel the alarm we set to limit the time taken for - * authentication. - */ - alarm(0); - if (startup_pipe != -1) { - close(startup_pipe); - startup_pipe = -1; - } /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); diff --git a/sshd.c b/sshd.c index f0fdf5a83..def90d827 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.317 2005/10/30 08:52:18 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $"); #include #include @@ -637,13 +637,6 @@ privsep_postauth(Authctxt *authctxt) goto skip; } - /* Authentication complete */ - alarm(0); - if (startup_pipe != -1) { - close(startup_pipe); - startup_pipe = -1; - } - /* New socket pair */ monitor_reinit(pmonitor); @@ -1732,6 +1725,17 @@ main(int ac, char **av) } authenticated: + /* + * Cancel the alarm we set to limit the time taken for + * authentication. + */ + alarm(0); + signal(SIGALRM, SIG_DFL); + if (startup_pipe != -1) { + close(startup_pipe); + startup_pipe = -1; + } + #ifdef SSH_AUDIT_EVENTS audit_event(SSH_AUTH_SUCCESS); #endif -- cgit v1.2.3 From 8db70e2398ff1830e18533a75c6e8e5fa98a78e2 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 28 Dec 2005 14:28:08 -0800 Subject: (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd --- ChangeLog | 5 ++++- buildpkg.sh.in | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3b7c6f700..f86d4090c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20051229 + - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd + 20051224 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2005/12/20 21:59:43 @@ -3549,4 +3552,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4051 2005/12/24 03:59:12 djm Exp $ +$Id: ChangeLog,v 1.4052 2005/12/28 22:28:08 tim Exp $ diff --git a/buildpkg.sh.in b/buildpkg.sh.in index f90ae6e81..cb9eb3048 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -353,7 +353,7 @@ else # Create user if required [ "\$DO_PASSWD" = yes ] && { # Use uid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null + if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null then : else -- cgit v1.2.3 From 5eb137c6d11be7db14dc03ea12a74884bebea3e3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:19:53 +1100 Subject: - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 [canohost.c channels.c clientloop.c] use 'break-in' for consistency; ok deraadt@ ok and input jmc@ --- ChangeLog | 8 +++++++- canohost.c | 6 +++--- channels.c | 4 ++-- clientloop.c | 6 +++--- 4 files changed, 15 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f86d4090c..451f1b323 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20051229 + - (djm) OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 + [canohost.c channels.c clientloop.c] + use 'break-in' for consistency; ok deraadt@ ok and input jmc@ + 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3552,4 +3558,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4052 2005/12/28 22:28:08 tim Exp $ +$Id: ChangeLog,v 1.4053 2005/12/31 05:19:53 djm Exp $ diff --git a/canohost.c b/canohost.c index bd7f830de..6ca60e6b4 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.47 2005/11/03 13:38:29 dtucker Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.48 2005/12/28 22:46:06 stevesk Exp $"); #include "packet.h" #include "xmalloc.h" @@ -102,7 +102,7 @@ get_remote_hostname(int sock, int use_dns) hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { logit("reverse mapping checking getaddrinfo for %.700s " - "failed - POSSIBLE BREAKIN ATTEMPT!", name); + "failed - POSSIBLE BREAK-IN ATTEMPT!", name); return xstrdup(ntop); } /* Look for the address from the list of addresses. */ @@ -117,7 +117,7 @@ get_remote_hostname(int sock, int use_dns) if (!ai) { /* Address not found for the host name. */ logit("Address %.100s maps to %.600s, but this does not " - "map back to the address - POSSIBLE BREAKIN ATTEMPT!", + "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", ntop, name); return xstrdup(ntop); } diff --git a/channels.c b/channels.c index e73dc247d..b431532a3 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.229 2005/12/12 13:46:18 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.230 2005/12/28 22:46:06 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -3025,7 +3025,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) error("deny_input_open: type %d", type); break; } - error("Warning: this is probably a break in attempt by a malicious server."); + error("Warning: this is probably a break-in attempt by a malicious server."); packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_send(); diff --git a/clientloop.c b/clientloop.c index 04f2d11be..a71552cad 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.147 2005/12/07 03:52:22 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.148 2005/12/28 22:46:06 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1688,7 +1688,7 @@ client_request_x11(const char *request_type, int rchan) if (!options.forward_x11) { error("Warning: ssh server tried X11 forwarding."); - error("Warning: this is probably a break in attempt by a malicious server."); + error("Warning: this is probably a break-in attempt by a malicious server."); return NULL; } originator = packet_get_string(NULL); @@ -1721,7 +1721,7 @@ client_request_agent(const char *request_type, int rchan) if (!options.forward_agent) { error("Warning: ssh server tried agent forwarding."); - error("Warning: this is probably a break in attempt by a malicious server."); + error("Warning: this is probably a break-in attempt by a malicious server."); return NULL; } sock = ssh_get_authentication_socket(); -- cgit v1.2.3 From 077b23864f567551dc7147db8ccd69559617976e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:22:32 +1100 Subject: - reyk@cvs.openbsd.org 2005/12/30 15:56:37 [channels.c channels.h clientloop.c] add channel output filter interface. ok djm@, suggested by markus@ --- ChangeLog | 6 +++++- channels.c | 35 ++++++++++++++++++++++++----------- channels.h | 12 ++++++++---- clientloop.c | 4 ++-- 4 files changed, 39 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 451f1b323..3c522ea36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 [canohost.c channels.c clientloop.c] use 'break-in' for consistency; ok deraadt@ ok and input jmc@ + - reyk@cvs.openbsd.org 2005/12/30 15:56:37 + [channels.c channels.h clientloop.c] + add channel output filter interface. + ok djm@, suggested by markus@ 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3558,4 +3562,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4053 2005/12/31 05:19:53 djm Exp $ +$Id: ChangeLog,v 1.4054 2005/12/31 05:22:32 djm Exp $ diff --git a/channels.c b/channels.c index b431532a3..ed5903f6f 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.230 2005/12/28 22:46:06 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.231 2005/12/30 15:56:36 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -58,8 +58,6 @@ RCSID("$OpenBSD: channels.c,v 1.230 2005/12/28 22:46:06 stevesk Exp $"); /* -- channel core */ -#define CHAN_RBUF 16*1024 - /* * Pointer to an array containing all allocated channels. The array is * dynamically extended as needed. @@ -301,6 +299,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->confirm = NULL; c->confirm_ctx = NULL; c->input_filter = NULL; + c->output_filter = NULL; debug("channel %d: new [%s]", found, remote_name); return c; } @@ -681,7 +680,8 @@ channel_cancel_cleanup(int id) c->detach_close = 0; } void -channel_register_filter(int id, channel_filter_fn *fn) +channel_register_filter(int id, channel_infilter_fn *ifn, + channel_outfilter_fn *ofn) { Channel *c = channel_lookup(id); @@ -689,7 +689,8 @@ channel_register_filter(int id, channel_filter_fn *fn) logit("channel_register_filter: %d: bad id", id); return; } - c->input_filter = fn; + c->input_filter = ifn; + c->output_filter = ofn; } void @@ -1454,7 +1455,7 @@ static int channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) { struct termios tio; - u_char *data; + u_char *data = NULL, *buf; u_int dlen; int len; @@ -1462,11 +1463,22 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) if (c->wfd != -1 && FD_ISSET(c->wfd, writeset) && buffer_len(&c->output) > 0) { + if (c->output_filter != NULL) { + if ((buf = c->output_filter(c, &data, &dlen)) == NULL) { + debug2("channel %d: filter stops", c->self); + chan_read_failed(c); + } + } else if (c->datagram) { + buf = data = buffer_get_string(&c->output, &dlen); + } else { + buf = data = buffer_ptr(&c->output); + dlen = buffer_len(&c->output); + } + if (c->datagram) { - data = buffer_get_string(&c->output, &dlen); /* ignore truncated writes, datagrams might get lost */ c->local_consumed += dlen + 4; - len = write(c->wfd, data, dlen); + len = write(c->wfd, buf, dlen); xfree(data); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; @@ -1486,7 +1498,8 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) if (compat20 && c->wfd_isatty) dlen = MIN(dlen, 8*1024); #endif - len = write(c->wfd, data, dlen); + + len = write(c->wfd, buf, dlen); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { @@ -1503,14 +1516,14 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) } return -1; } - if (compat20 && c->isatty && dlen >= 1 && data[0] != '\r') { + if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') { if (tcgetattr(c->wfd, &tio) == 0 && !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { /* * Simulate echo to reduce the impact of * traffic analysis. We need to match the * size of a SSH2_MSG_CHANNEL_DATA message - * (4 byte channel id + data) + * (4 byte channel id + buf) */ packet_send_ignore(4 + len); packet_send(); diff --git a/channels.h b/channels.h index 7990fe147..a97dd9007 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.82 2005/12/12 13:46:18 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.83 2005/12/30 15:56:37 reyk Exp $ */ /* * Author: Tatu Ylonen @@ -63,7 +63,8 @@ struct Channel; typedef struct Channel Channel; typedef void channel_callback_fn(int, void *); -typedef int channel_filter_fn(struct Channel *, char *, int); +typedef int channel_infilter_fn(struct Channel *, char *, int); +typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *); struct Channel { int type; /* channel type/state */ @@ -111,7 +112,8 @@ struct Channel { int detach_close; /* filter */ - channel_filter_fn *input_filter; + channel_infilter_fn *input_filter; + channel_outfilter_fn *output_filter; int datagram; /* keep boundaries */ }; @@ -145,6 +147,8 @@ struct Channel { #define CHAN_EOF_SENT 0x04 #define CHAN_EOF_RCVD 0x08 +#define CHAN_RBUF 16*1024 + /* check whether 'efd' is still in use */ #define CHANNEL_EFD_INPUT_ACTIVE(c) \ (compat20 && c->extended_usage == CHAN_EXTENDED_READ && \ @@ -169,7 +173,7 @@ void channel_send_open(int); void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *, int); void channel_register_confirm(int, channel_callback_fn *, void *); -void channel_register_filter(int, channel_filter_fn *); +void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *); void channel_cancel_cleanup(int); int channel_close_fd(int *); void channel_send_window_changes(void); diff --git a/clientloop.c b/clientloop.c index a71552cad..b76f7cfe0 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.148 2005/12/28 22:46:06 stevesk Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1386,7 +1386,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) session_ident = ssh2_chan_id; if (escape_char != SSH_ESCAPECHAR_NONE) channel_register_filter(session_ident, - simple_escape_filter); + simple_escape_filter, NULL); if (session_ident != -1) channel_register_cleanup(session_ident, client_channel_closed, 0); -- cgit v1.2.3 From 134eb81383dab4b7f87e45c3c52172cc139f347c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:22:55 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/30 16:59:00 [sftp.1] do not suggest that interactive authentication will work with the -b flag; based on a diff from john l. scarfone; ok djm --- ChangeLog | 8 +++++++- sftp.1 | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3c522ea36..29f4b599a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,12 @@ [channels.c channels.h clientloop.c] add channel output filter interface. ok djm@, suggested by markus@ + - jmc@cvs.openbsd.org 2005/12/30 16:59:00 + [sftp.1] + do not suggest that interactive authentication will work + with the -b flag; + based on a diff from john l. scarfone; + ok djm 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3562,4 +3568,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4054 2005/12/31 05:22:32 djm Exp $ +$Id: ChangeLog,v 1.4055 2005/12/31 05:22:55 djm Exp $ diff --git a/sftp.1 b/sftp.1 index c89ffc30f..6b500596c 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.62 2005/12/30 16:59:00 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -78,7 +78,7 @@ to start in a remote directory. The final usage format allows for automated sessions using the .Fl b option. -In such cases, it is usually necessary to configure public key authentication +In such cases, it is necessary to configure non-interactive authentication to obviate the need to enter a password at connection time (see .Xr sshd 8 and -- cgit v1.2.3 From 88b25524b885885896e23e01e1aa873864ca7386 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:23:15 +1100 Subject: - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 [ssh.1] document -MM; ok djm@ --- ChangeLog | 5 ++++- ssh.1 | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 29f4b599a..94e3f6e5a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ with the -b flag; based on a diff from john l. scarfone; ok djm + - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 + [ssh.1] + document -MM; ok djm@ 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3568,4 +3571,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4055 2005/12/31 05:22:55 djm Exp $ +$Id: ChangeLog,v 1.4056 2005/12/31 05:23:15 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 71baf45f5..5ce1cfe70 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.230 2005/12/23 23:46:23 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.231 2005/12/31 01:38:45 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -369,6 +369,13 @@ Places the client into .Dq master mode for connection sharing. +Multiple +.Fl M +options places +.Nm +into +.Dq master +mode with confirmation required before slave connections are accepted. Refer to the description of .Cm ControlMaster in -- cgit v1.2.3 From 598bbc2d8fd5025ad16f5d9ee71db4e0bf872cd2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:33:36 +1100 Subject: - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] [serverloop.c ssh.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding compatability support for Linux, diff from reyk@ --- ChangeLog | 6 +- configure.ac | 5 +- openbsd-compat/Makefile.in | 4 +- openbsd-compat/openbsd-compat.h | 3 +- openbsd-compat/port-tun.c | 155 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-tun.h | 33 +++++++++ serverloop.c | 5 ++ ssh.c | 5 ++ 8 files changed, 211 insertions(+), 5 deletions(-) create mode 100644 openbsd-compat/port-tun.c create mode 100644 openbsd-compat/port-tun.h (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 94e3f6e5a..ad7cd52fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 [ssh.1] document -MM; ok djm@ + - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] + [serverloop.c ssh.c openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding + compatability support for Linux, diff from reyk@ 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3571,4 +3575,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4056 2005/12/31 05:23:15 djm Exp $ +$Id: ChangeLog,v 1.4057 2005/12/31 05:33:36 djm Exp $ diff --git a/configure.ac b/configure.ac index 9325c4364..64046759f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $ +# $Id: configure.ac,v 1.317 2005/12/31 05:33:37 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -326,6 +326,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) [Define if cmsg_type is not passed correctly]) ;; esac + AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way]) + AC_DEFINE(SSH_TUN_COMPAT_AF, 1, [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) ;; mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 89ac6cdaf..3a8703bc1 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.36 2005/11/24 08:58:21 djm Exp $ +# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgroupl COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o port-uw.o +PORTS=port-irix.o port-aix.o port-uw.o port-tun.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index fe0c36dcd..1a3027353 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.32 2005/11/24 08:58:21 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -186,5 +186,6 @@ char *shadow_pw(struct passwd *pw); #include "port-irix.h" #include "port-aix.h" #include "port-uw.h" +#include "port-tun.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c new file mode 100644 index 000000000..479b46b7a --- /dev/null +++ b/openbsd-compat/port-tun.c @@ -0,0 +1,155 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include "log.h" +#include "misc.h" +#include "bufaux.h" + +/* + * This is the portable version of the SSH tunnel forwarding, it + * uses some preprocessor definitions for various platform-specific + * settings. + * + * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_COMPAT_AF Translate the OpenBSD address family + * SSH_TUN_PREPEND_AF Prepend/remove the address family + */ + +/* + * System-specific tunnel open function + */ + +#if defined(SSH_TUN_LINUX) +#include + +int +sys_tun_open(int tun, int mode) +{ + struct ifreq ifr; + int fd = -1; + const char *name = NULL; + + if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { + debug("%s: failed to open tunnel control interface: %s", + __func__, strerror(errno)); + return (-1); + } + + bzero(&ifr, sizeof(ifr)); + + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags = IFF_TAP; + name = "tap%d"; + } else { + ifr.ifr_flags = IFF_TUN; + name = "tun%d"; + } + ifr.ifr_flags |= IFF_NO_PI; + + if (tun != SSH_TUNID_ANY) { + if (tun > SSH_TUNID_MAX) { + debug("%s: invalid tunnel id %x: %s", __func__, + tun, strerror(errno)); + goto failed; + } + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); + } + + if (ioctl(fd, TUNSETIFF, &ifr) == -1) { + debug("%s: failed to configure tunnel (mode %d): %s", __func__, + mode, strerror(errno)); + goto failed; + } + + if (tun == SSH_TUNID_ANY) + debug("%s: tunnel mode %d fd %d", __func__, mode, fd); + else + debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + + return (fd); + + failed: + close(fd); + return (-1); +} +#endif /* SSH_TUN_LINUX */ + +/* + * System-specific channel filters + */ + +#if defined(SSH_TUN_FILTER) +#define OPENBSD_AF_INET 2 +#define OPENBSD_AF_INET6 24 + +int +sys_tun_infilter(struct Channel *c, char *buf, int len) +{ +#if defined(SSH_TUN_PREPEND_AF) + char rbuf[CHAN_RBUF]; +#endif + u_int32_t *af; + char *ptr = buf; + +#if defined(SSH_TUN_PREPEND_AF) + if (len > (int)(sizeof(rbuf) - sizeof(*af))) + return (-1); + ptr = (char *)&rbuf[0]; + bcopy(buf, ptr + sizeof(u_int32_t), len); + len += sizeof(u_int32_t); +#endif + +#if defined(SSH_TUN_COMPAT_AF) + if (len < (int)sizeof(u_int32_t)) + return (-1); + + af = (u_int32_t *)ptr; + if (*af == htonl(AF_INET6)) + *af = htonl(OPENBSD_AF_INET6); + else + *af = htonl(OPENBSD_AF_INET); +#endif + buffer_put_string(&c->input, ptr, len); + return (0); +} + +u_char * +sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen) +{ + u_char *buf; + u_int32_t *af; + + *data = buffer_get_string(&c->output, dlen); + if (*dlen < sizeof(*af)) + return (NULL); + buf = *data; + +#if defined(SSH_TUN_PREPEND_AF) + *dlen -= sizeof(u_int32_t); + buf = *data + sizeof(u_int32_t); +#elif defined(SSH_TUN_COMPAT_AF) + af = ntohl(*(u_int32_t *)buf); + if (*af == OPENBSD_AF_INET6) + *af = htonl(AF_INET6); + else + *af = htonl(AF_INET); +#endif + + return (buf); +} +#endif /* SSH_TUN_FILTER */ diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h new file mode 100644 index 000000000..942610c6d --- /dev/null +++ b/openbsd-compat/port-tun.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_TUN_H +#define _PORT_TUN_H + +#include "channels.h" + +#if defined(SSH_TUN_LINUX) +# define CUSTOM_SYS_TUN_OPEN +int sys_tun_open(int, int); +#endif + +#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) +# define SSH_TUN_FILTER +int sys_tun_infilter(struct Channel *, char *, int); +u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *); +#endif + +#endif diff --git a/serverloop.c b/serverloop.c index a575ce0d1..3d8e7cfb5 100644 --- a/serverloop.c +++ b/serverloop.c @@ -947,6 +947,11 @@ server_request_tun(void) c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; +#if defined(SSH_TUN_FILTER) + if (mode == SSH_TUNMODE_POINTOPOINT) + channel_register_filter(c->self, sys_tun_infilter, + sys_tun_outfilter); +#endif done: if (c == NULL) diff --git a/ssh.c b/ssh.c index cdfc91633..3940dabfd 100644 --- a/ssh.c +++ b/ssh.c @@ -1079,6 +1079,11 @@ ssh_session2_setup(int id, void *arg) CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; +#if defined(SSH_TUN_FILTER) + if (options.tun_open == SSH_TUNMODE_POINTOPOINT) + channel_register_filter(c->self, sys_tun_infilter, + sys_tun_outfilter); +#endif packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("tun@openssh.com"); packet_put_int(c->self); -- cgit v1.2.3 From 89e03bae5c7390019d66e1ff9a550b3b53150476 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 16:42:03 +1100 Subject: - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does not exist --- ChangeLog | 4 +++- configure.ac | 15 +++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ad7cd52fa..68e56b7a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ [serverloop.c ssh.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding compatability support for Linux, diff from reyk@ + - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does + not exist 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3575,4 +3577,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4057 2005/12/31 05:33:36 djm Exp $ +$Id: ChangeLog,v 1.4058 2005/12/31 05:42:03 djm Exp $ diff --git a/configure.ac b/configure.ac index 64046759f..3126cfcb0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.317 2005/12/31 05:33:37 djm Exp $ +# $Id: configure.ac,v 1.318 2005/12/31 05:42:03 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -326,9 +326,16 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) [Define if cmsg_type is not passed correctly]) ;; esac - AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way]) - AC_DEFINE(SSH_TUN_COMPAT_AF, 1, [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) + # tun(4) forwarding compat code + AC_CHECK_HEADERS(linux/tun.h) + if test "x$ac_cv_header_linux_tun_h" = "xyes" ; then + AC_DEFINE(SSH_TUN_LINUX, 1, + [Open tunnel devices the Linux tun/tap way]) + AC_DEFINE(SSH_TUN_COMPAT_AF, 1, + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) + fi ;; mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) -- cgit v1.2.3 From c4bcc917519e55f449044e558228a2e11b80740c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 31 Dec 2005 17:05:58 +1100 Subject: - (djm) [configure.ac] oops, make that linux/if_tun.h --- ChangeLog | 3 ++- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 68e56b7a8..c8a23a2fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ compatability support for Linux, diff from reyk@ - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does not exist + - (djm) [configure.ac] oops, make that linux/if_tun.h 20051229 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd @@ -3577,4 +3578,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4058 2005/12/31 05:42:03 djm Exp $ +$Id: ChangeLog,v 1.4059 2005/12/31 06:05:58 djm Exp $ diff --git a/configure.ac b/configure.ac index 3126cfcb0..26ed218d5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.318 2005/12/31 05:42:03 djm Exp $ +# $Id: configure.ac,v 1.319 2005/12/31 06:05:58 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -327,7 +327,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) ;; esac # tun(4) forwarding compat code - AC_CHECK_HEADERS(linux/tun.h) + AC_CHECK_HEADERS(linux/if_tun.h) if test "x$ac_cv_header_linux_tun_h" = "xyes" ; then AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way]) -- cgit v1.2.3 From 2dcddbfaf6b68bd58b5b1422ebeef7767c0c2633 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 1 Jan 2006 19:47:05 +1100 Subject: - (djm) [Makefile.in configure.ac includes.h misc.c] [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is limited to IPv4 tunnels only, and most versions don't support the tap(4) device at all. --- ChangeLog | 9 ++++- Makefile.in | 4 +- configure.ac | 12 +++++- includes.h | 3 -- misc.c | 2 +- openbsd-compat/port-tun.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++- openbsd-compat/port-tun.h | 2 +- 7 files changed, 119 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c8a23a2fe..de0835431 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060101 + - (djm) [Makefile.in configure.ac includes.h misc.c] + [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support + for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is + limited to IPv4 tunnels only, and most versions don't support the + tap(4) device at all. + 20051229 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 @@ -3578,4 +3585,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4059 2005/12/31 06:05:58 djm Exp $ +$Id: ChangeLog,v 1.4060 2006/01/01 08:47:05 djm Exp $ diff --git a/Makefile.in b/Makefile.in index fcbc522f2..af881c521 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $ +# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -139,7 +139,7 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index 26ed218d5..2f5906667 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.319 2005/12/31 06:05:58 djm Exp $ +# $Id: configure.ac,v 1.320 2006/01/01 08:47:05 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -346,10 +346,18 @@ mips-sony-bsd|mips-sony-newsos4) if test "x$withval" != "xno" ; then need_dash_r=1 fi + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) ;; *-*-freebsd*) check_for_libcrypt_later=1 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)]) + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) ;; *-*-bsdi*) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -369,7 +377,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-openbsd*) AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) - AC_DEFINE(SSH_TUN_BSD, 1, [Open tunnel devices the BSD way]) + AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then diff --git a/includes.h b/includes.h index cf2d6c699..808d5dc9a 100644 --- a/includes.h +++ b/includes.h @@ -148,9 +148,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #include /* For IPv6 macros */ #include /* For IPTOS macros */ #include -#ifdef HAVE_NET_IF_H -# include -#endif #include #if defined(HAVE_NETDB_H) # include diff --git a/misc.c b/misc.c index 4141e6c48..76dbf40ea 100644 --- a/misc.c +++ b/misc.c @@ -543,7 +543,7 @@ tun_open(int tun, int mode) { #if defined(CUSTOM_SYS_TUN_OPEN) return (sys_tun_open(tun, mode)); -#elif defined(SSH_TUN_BSD) +#elif defined(SSH_TUN_OPENBSD) struct ifreq ifr; char name[100]; int fd = -1, sock; diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 479b46b7a..00a0442b1 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -89,6 +89,88 @@ sys_tun_open(int tun, int mode) } #endif /* SSH_TUN_LINUX */ +#ifdef SSH_TUN_FREEBSD +#include +#include +#include + +int +sys_tun_open(int tun, int mode) +{ + struct ifreq ifr; + char name[100]; + int fd = -1, sock, flag; + const char *tunbase = "tun"; + + if (mode == SSH_TUNMODE_ETHERNET) { +#ifdef SSH_TUN_NO_L2 + debug("%s: no layer 2 tunnelling support", __func__); + return (-1); +#else + tunbase = "tap"; +#endif + } + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, + strerror(errno)); + return (-1); + } + + /* Turn on tunnel headers */ + flag = 1; +#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) + if (mode != SSH_TUNMODE_ETHERNET && + ioctl(fd, TUNSIFHEAD, &flag) == -1) { + debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, + strerror(errno)); + close(fd); + } +#endif + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +} +#endif /* SSH_TUN_FREEBSD */ + /* * System-specific channel filters */ @@ -102,16 +184,29 @@ sys_tun_infilter(struct Channel *c, char *buf, int len) { #if defined(SSH_TUN_PREPEND_AF) char rbuf[CHAN_RBUF]; + struct ip *iph; #endif u_int32_t *af; char *ptr = buf; #if defined(SSH_TUN_PREPEND_AF) - if (len > (int)(sizeof(rbuf) - sizeof(*af))) + if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af))) return (-1); ptr = (char *)&rbuf[0]; bcopy(buf, ptr + sizeof(u_int32_t), len); len += sizeof(u_int32_t); + af = (u_int32_t *)ptr; + + iph = (struct ip *)(ptr + sizeof(u_int32_t)); + switch (iph->ip_v) { + case 6: + *af = AF_INET6; + break; + case 4: + default: + *af = AF_INET; + break; + } #endif #if defined(SSH_TUN_COMPAT_AF) @@ -124,6 +219,7 @@ sys_tun_infilter(struct Channel *c, char *buf, int len) else *af = htonl(OPENBSD_AF_INET); #endif + buffer_put_string(&c->input, ptr, len); return (0); } diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h index 942610c6d..86d9272b4 100644 --- a/openbsd-compat/port-tun.h +++ b/openbsd-compat/port-tun.h @@ -19,7 +19,7 @@ #include "channels.h" -#if defined(SSH_TUN_LINUX) +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) # define CUSTOM_SYS_TUN_OPEN int sys_tun_open(int, int); #endif -- cgit v1.2.3 From bd4e4108179939db5c5fc117fed828996c1a62b6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 1 Jan 2006 21:03:30 +1100 Subject: - (djm) [configure.ac] Fix linux/if_tun.h test --- ChangeLog | 3 ++- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index de0835431..c38fd0ec9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is limited to IPv4 tunnels only, and most versions don't support the tap(4) device at all. + - (djm) [configure.ac] Fix linux/if_tun.h test 20051229 - (djm) OpenBSD CVS Sync @@ -3585,4 +3586,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4060 2006/01/01 08:47:05 djm Exp $ +$Id: ChangeLog,v 1.4061 2006/01/01 10:03:30 djm Exp $ diff --git a/configure.ac b/configure.ac index 2f5906667..a9654cbde 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.320 2006/01/01 08:47:05 djm Exp $ +# $Id: configure.ac,v 1.321 2006/01/01 10:03:30 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -328,7 +328,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) esac # tun(4) forwarding compat code AC_CHECK_HEADERS(linux/if_tun.h) - if test "x$ac_cv_header_linux_tun_h" = "xyes" ; then + if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way]) AC_DEFINE(SSH_TUN_COMPAT_AF, 1, -- cgit v1.2.3 From 5df52e89b4d83f4f56eba73f5d37ed5a6fc64c08 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 1 Jan 2006 21:15:50 +1100 Subject: - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too --- ChangeLog | 3 ++- openbsd-compat/port-tun.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c38fd0ec9..161143539 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ limited to IPv4 tunnels only, and most versions don't support the tap(4) device at all. - (djm) [configure.ac] Fix linux/if_tun.h test + - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too 20051229 - (djm) OpenBSD CVS Sync @@ -3586,4 +3587,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4061 2006/01/01 10:03:30 djm Exp $ +$Id: ChangeLog,v 1.4062 2006/01/01 10:15:50 djm Exp $ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index 00a0442b1..31921615f 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -35,6 +35,7 @@ */ #if defined(SSH_TUN_LINUX) +#include #include int -- cgit v1.2.3 From 90cd1c549b4e6be1c5a664ca4d4646a3d3768c2f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 20:23:18 +1100 Subject: - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support --- ChangeLog | 5 ++- README.tun | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 README.tun (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 161143539..972b172ad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060102 + - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support + 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support @@ -3587,4 +3590,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4062 2006/01/01 10:15:50 djm Exp $ +$Id: ChangeLog,v 1.4063 2006/01/02 09:23:18 djm Exp $ diff --git a/README.tun b/README.tun new file mode 100644 index 000000000..d814f396d --- /dev/null +++ b/README.tun @@ -0,0 +1,132 @@ +How to use OpenSSH-based virtual private networks +------------------------------------------------- + +OpenSSH contains support for VPN tunneling using the tun(4) network +tunnel pseudo-device which is available on most platforms, either for +layer 2 or 3 traffic. + +The following brief instructions on how to use this feature use +a network configuration specific to the OpenBSD operating system. + +(1) Server: Enable support for SSH tunneling + +To enable the ssh server to accept tunnel requests from the client, you +have to add the following option to the ssh server configuration file +(/etc/ssh/sshd_config): + + PermitTunnel yes + +Restart the server or send the hangup signal (SIGHUP) to let the server +reread it's configuration. + +(2) Server: Restrict client access and assign the tunnel + +The OpenSSH server simply uses the file /root/.ssh/authorized_keys to +restrict the client to connect to a specified tunnel and to +automatically start the related interface configuration command. These +settings are optional but recommended: + + tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... reyk@openbsd.org + +(3) Client: Configure the local network tunnel interface + +Use the hostname.if(5) interface-specific configuration file to set up +the network tunnel configuration with OpenBSD. For example, use the +following configuration in /etc/hostname.tun0 to set up the layer 3 +tunnel on the client: + + inet 192.168.5.1 255.255.255.252 192.168.5.2 + +OpenBSD also supports layer 2 tunneling over the tun device by adding +the link0 flag: + + inet 192.168.1.78 255.255.255.0 192.168.1.255 link0 + +Layer 2 tunnels can be used in combination with an Ethernet bridge(4) +interface, like the following example for /etc/bridgename.bridge0: + + add tun0 + add sis0 + up + +(4) Client: Configure the OpenSSH client + +To establish tunnel forwarding for connections to a specified +remote host by default, use the following ssh client configuration for +the privileged user (in /root/.ssh/config): + + Host sshgateway + Tunnel yes + TunnelDevice 0:any + PermitLocalCommand yes + LocalCommand sh /etc/netstart tun0 + +A more complicated configuration is possible to establish a tunnel to +a remote host which is not directly accessible by the client. +The following example describes a client configuration to connect to +the remote host over two ssh hops in between. It uses the OpenSSH +ProxyCommand in combination with the nc(1) program to forward the final +ssh tunnel destination over multiple ssh sessions. + + Host access.somewhere.net + User puffy + Host dmzgw + User puffy + ProxyCommand ssh access.somewhere.net nc dmzgw 22 + Host sshgateway + Tunnel Ethernet + TunnelDevice 0:any + PermitLocalCommand yes + LocalCommand sh /etc/netstart tun0 + ProxyCommand ssh dmzgw nc sshgateway 22 + +The following network plan illustrates the previous configuration in +combination with layer 2 tunneling and Ethernet bridging. + ++--------+ ( ) +----------------------+ +| Client |------( Internet )-----| access.somewhere.net | ++--------+ ( ) +----------------------+ + : 192.168.1.78 | + :............................. +-------+ + Forwarded ssh connection : | dmzgw | + Layer 2 tunnel : +-------+ + : | + : | + : +------------+ + :......| sshgateway | + | +------------+ +--- real connection Bridge -> | +----------+ +... "virtual connection" [ X ]--------| somehost | +[X] switch +----------+ + 192.168.1.25 + +(5) Client: Connect to the server and establish the tunnel + +Finally connect to the OpenSSH server to establish the tunnel by using +the following command: + + ssh sshgateway + +It is also possible to tell the client to fork into the background after +the connection has been successfully established: + + ssh -f sshgateway true + +Without the ssh configuration done in step (4), it is also possible +to use the following command lines: + + ssh -fw 0:1 sshgateway true + ifconfig tun0 192.168.5.1 192.168.5.2 netmask 255.255.255.252 + +Using OpenSSH tunnel forwarding is a simple way to establish secure +and ad hoc virtual private networks. Possible fields of application +could be wireless networks or administrative VPN tunnels. + +Nevertheless, ssh tunneling requires some packet header overhead and +runs on top of TCP. It is still suggested to use the IP Security +Protocol (IPSec) for robust and permanent VPN connections and to +interconnect corporate networks. + + Reyk Floeter + +$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $ -- cgit v1.2.3 From 48c94abf5b4d262ce4572c5b26d0ffdff8d25a87 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:38:00 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2005/12/31 10:46:17 [ssh.1] merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER AUTHENTICATION" sections into "AUTHENTICATION"; some rewording done to make the text read better, plus some improvements from djm; ok djm --- ChangeLog | 10 +++++++++- ssh.1 | 63 +++++++++++++++++++++++++++++++-------------------------------- 2 files changed, 40 insertions(+), 33 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 972b172ad..e5ec073ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 20060102 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/12/31 10:46:17 + [ssh.1] + merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER + AUTHENTICATION" sections into "AUTHENTICATION"; + some rewording done to make the text read better, plus some + improvements from djm; + ok djm 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3590,4 +3598,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4063 2006/01/02 09:23:18 djm Exp $ +$Id: ChangeLog,v 1.4064 2006/01/02 12:38:00 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 5ce1cfe70..ce1eeb49a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.231 2005/12/31 01:38:45 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.232 2005/12/31 10:46:17 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -788,7 +788,36 @@ prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. -.Sh LOGIN SESSION AND REMOTE EXECUTION +.Pp +.Nm +automatically maintains and checks a database containing +identification for all hosts it has ever been used with. +Host keys are stored in +.Pa ~/.ssh/known_hosts +in the user's home directory. +Additionally, the file +.Pa /etc/ssh/ssh_known_hosts +is automatically checked for known hosts. +Any new hosts are automatically added to the user's file. +If a host's identification ever changes, +.Nm +warns about this and disables password authentication to prevent +server spoofing or man-in-the-middle attacks, +which could otherwise be used to circumvent the encryption. +The +.Cm StrictHostKeyChecking +option can be used to control logins to machines whose +host key is not known or has changed. +.Pp +.Nm +can be configured to verify host identification using fingerprint resource +records (SSHFP) published in DNS. +The +.Cm VerifyHostKeyDNS +option can be used to control how DNS lookups are performed. +SSHFP resource records can be generated using +.Xr ssh-keygen 1 . +.Pp When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -924,36 +953,6 @@ Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file. One possible application of TCP/IP forwarding is a secure connection to an electronic purse; another is going through firewalls. -.Sh SERVER AUTHENTICATION -.Nm -automatically maintains and checks a database containing -identifications for all hosts it has ever been used with. -Host keys are stored in -.Pa ~/.ssh/known_hosts -in the user's home directory. -Additionally, the file -.Pa /etc/ssh/ssh_known_hosts -is automatically checked for known hosts. -Any new hosts are automatically added to the user's file. -If a host's identification ever changes, -.Nm -warns about this and disables password authentication to prevent a -trojan horse from getting the user's password. -Another purpose of this mechanism is to prevent man-in-the-middle attacks -which could otherwise be used to circumvent the encryption. -The -.Cm StrictHostKeyChecking -option can be used to prevent logins to machines whose -host key is not known or has changed. -.Pp -.Nm -can be configured to verify host identification using fingerprint resource -records (SSHFP) published in DNS. -The -.Cm VerifyHostKeyDNS -option can be used to control how DNS lookups are performed. -SSHFP resource records can be generated using -.Xr ssh-keygen 1 . .Sh ENVIRONMENT .Nm will normally set the following environment variables: -- cgit v1.2.3 From 14af93ee770f90a15ace4fb4f15506ffee75fe17 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:38:21 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/31 13:44:04 [ssh.1] clean up ENVIRONMENT a little; --- ChangeLog | 5 ++++- ssh.1 | 24 ++++++++++++++---------- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e5ec073ba..9f70be15b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ some rewording done to make the text read better, plus some improvements from djm; ok djm + - jmc@cvs.openbsd.org 2005/12/31 13:44:04 + [ssh.1] + clean up ENVIRONMENT a little; 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3598,4 +3601,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4064 2006/01/02 12:38:00 djm Exp $ +$Id: ChangeLog,v 1.4065 2006/01/02 12:38:21 djm Exp $ diff --git a/ssh.1 b/ssh.1 index ce1eeb49a..898379d94 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.232 2005/12/31 10:46:17 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.233 2005/12/31 13:44:04 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -964,9 +964,12 @@ variable indicates the location of the X11 server. It is automatically set by .Nm to point to a value of the form -.Dq hostname:n -where hostname indicates -the host where the shell runs, and n is an integer \*(Ge 1. +.Dq hostname:n , +where +.Dq hostname +indicates the host where the shell runs, and +.Sq n +is an integer \*(Ge 1. .Nm uses this special value to forward X11 connections over the secure channel. @@ -1012,15 +1015,16 @@ may be necessary to redirect the input from .Pa /dev/null to make this work.) .It Ev SSH_AUTH_SOCK -Identifies the path of a unix-domain socket used to communicate with the -agent. +Identifies the path of a +.Ux Ns -domain +socket used to communicate with the agent. .It Ev SSH_CONNECTION Identifies the client and server ends of the connection. The variable contains -four space-separated values: client ip-address, client port number, -server ip-address and server port number. +four space-separated values: client IP address, client port number, +server IP address, and server port number. .It Ev SSH_ORIGINAL_COMMAND -The variable contains the original command line if a forced command +This variable contains the original command line if a forced command is executed. It can be used to extract the original arguments. .It Ev SSH_TTY @@ -1042,7 +1046,7 @@ reads .Pa ~/.ssh/environment , and adds lines of the format .Dq VARNAME=value -to the environment if the file exists and if users are allowed to +to the environment if the file exists and users are allowed to change their environment. For more information, see the .Cm PermitUserEnvironment -- cgit v1.2.3 From 1164c299f15ecf424960d9dbebe71c19c3cf4b53 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:38:37 +1100 Subject: - jmc@cvs.openbsd.org 2005/12/31 13:45:19 [ssh.1] .Nm does not require an argument; --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9f70be15b..a1f0b7842 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ - jmc@cvs.openbsd.org 2005/12/31 13:44:04 [ssh.1] clean up ENVIRONMENT a little; + - jmc@cvs.openbsd.org 2005/12/31 13:45:19 + [ssh.1] + .Nm does not require an argument; 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3601,4 +3604,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4065 2006/01/02 12:38:21 djm Exp $ +$Id: ChangeLog,v 1.4066 2006/01/02 12:38:37 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 898379d94..2a8386dc4 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.233 2005/12/31 13:44:04 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.234 2005/12/31 13:45:19 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -859,7 +859,7 @@ are: Disconnect. .It Cm ~^Z Background -.Nm ssh . +.Nm . .It Cm ~# List forwarded connections. .It Cm ~& @@ -990,7 +990,7 @@ Set to the path of the user's mailbox. Set to the default .Ev PATH , as specified when compiling -.Nm ssh . +.Nm . .It Ev SSH_ASKPASS If .Nm -- cgit v1.2.3 From 3beb852e09a1de1b6db0103b1c39e56f9dfeff09 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:40:10 +1100 Subject: - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 [includes.h misc.c] move ; ok djm@ --- ChangeLog | 5 ++++- includes.h | 2 +- misc.c | 6 +++++- 3 files changed, 10 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a1f0b7842..73203f24f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ - jmc@cvs.openbsd.org 2005/12/31 13:45:19 [ssh.1] .Nm does not require an argument; + - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 + [includes.h misc.c] + move ; ok djm@ 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3604,4 +3607,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4066 2006/01/02 12:38:37 djm Exp $ +$Id: ChangeLog,v 1.4067 2006/01/02 12:40:10 djm Exp $ diff --git a/includes.h b/includes.h index 808d5dc9a..520817400 100644 --- a/includes.h +++ b/includes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: includes.h,v 1.21 2005/12/08 18:34:11 reyk Exp $ */ +/* $OpenBSD: includes.h,v 1.22 2006/01/01 08:59:27 stevesk Exp $ */ /* * Author: Tatu Ylonen diff --git a/misc.c b/misc.c index 76dbf40ea..ac939af7e 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.37 2005/12/08 18:34:11 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.38 2006/01/01 08:59:27 stevesk Exp $"); + +#ifdef SSH_TUN_OPENBSD +#include +#endif #include "misc.h" #include "log.h" -- cgit v1.2.3 From a210d522355b9dfacfc4691f483ee18896bfe4b8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:40:30 +1100 Subject: - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 [misc.c] no trailing "\n" for debug() --- ChangeLog | 5 ++++- misc.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 73203f24f..b5a9c9bc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 [includes.h misc.c] move ; ok djm@ + - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 + [misc.c] + no trailing "\n" for debug() 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3607,4 +3610,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4067 2006/01/02 12:40:10 djm Exp $ +$Id: ChangeLog,v 1.4068 2006/01/02 12:40:30 djm Exp $ diff --git a/misc.c b/misc.c index ac939af7e..26d7cad2c 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.38 2006/01/01 08:59:27 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.39 2006/01/01 10:08:48 stevesk Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -563,7 +563,7 @@ tun_open(int tun, int mode) break; } } else { - debug("%s: invalid tunnel %u\n", __func__, tun); + debug("%s: invalid tunnel %u", __func__, tun); return (-1); } -- cgit v1.2.3 From 5444618987402d50fb9c6c722919fe2d428d05bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:40:50 +1100 Subject: - djm@cvs.openbsd.org 2006/01/02 01:20:31 [sftp-client.c sftp-common.h sftp-server.c] use a common max. packet length, no binary change --- ChangeLog | 5 ++++- sftp-client.c | 9 +++------ sftp-common.h | 5 ++++- sftp-server.c | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b5a9c9bc5..7e8839305 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 [misc.c] no trailing "\n" for debug() + - djm@cvs.openbsd.org 2006/01/02 01:20:31 + [sftp-client.c sftp-common.h sftp-server.c] + use a common max. packet length, no binary change 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3610,4 +3613,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4068 2006/01/02 12:40:30 djm Exp $ +$Id: ChangeLog,v 1.4069 2006/01/02 12:40:50 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index afbd1e6f3..05bce3368 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.58 2006/01/02 01:20:31 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -42,9 +42,6 @@ extern int showprogress; /* Minimum amount of data to read at at time */ #define MIN_READ_SIZE 512 -/* Maximum packet size */ -#define MAX_MSG_LENGTH (256 * 1024) - struct sftp_conn { int fd_in; int fd_out; @@ -59,7 +56,7 @@ send_msg(int fd, Buffer *m) { u_char mlen[4]; - if (buffer_len(m) > MAX_MSG_LENGTH) + if (buffer_len(m) > SFTP_MAX_MSG_LENGTH) fatal("Outbound message too long %u", buffer_len(m)); /* Send length first */ @@ -87,7 +84,7 @@ get_msg(int fd, Buffer *m) } msg_len = buffer_get_int(m); - if (msg_len > MAX_MSG_LENGTH) + if (msg_len > SFTP_MAX_MSG_LENGTH) fatal("Received message too long %u", msg_len); buffer_append_space(m, msg_len); diff --git a/sftp-common.h b/sftp-common.h index b42ba9140..2b1995a2d 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.6 2006/01/02 01:20:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,6 +25,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* Maximum packet that we are willing to send/accept */ +#define SFTP_MAX_MSG_LENGTH (256 * 1024) + typedef struct Attrib Attrib; /* File attributes */ diff --git a/sftp-server.c b/sftp-server.c index 4fa07e2f5..7060c44ad 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.50 2006/01/02 01:20:31 djm Exp $"); #include "buffer.h" #include "bufaux.h" @@ -946,7 +946,7 @@ process(void) return; /* Incomplete message. */ cp = buffer_ptr(&iqueue); msg_len = GET_32BIT(cp); - if (msg_len > 256 * 1024) { + if (msg_len > SFTP_MAX_MSG_LENGTH) { error("bad message "); exit(11); } -- cgit v1.2.3 From a1d9a18e142d05cb8cfe10dc7abf253f1e2c6a5b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:41:21 +1100 Subject: - reyk@cvs.openbsd.org 2006/01/02 07:53:44 [misc.c] clarify tun(4) opening - set the mode and bring the interface up. also (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. suggested and ok by djm@ --- ChangeLog | 7 ++++++- misc.c | 16 +++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7e8839305..577123925 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,11 @@ - djm@cvs.openbsd.org 2006/01/02 01:20:31 [sftp-client.c sftp-common.h sftp-server.c] use a common max. packet length, no binary change + - reyk@cvs.openbsd.org 2006/01/02 07:53:44 + [misc.c] + clarify tun(4) opening - set the mode and bring the interface up. also + (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. + suggested and ok by djm@ 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3613,4 +3618,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4069 2006/01/02 12:40:50 djm Exp $ +$Id: ChangeLog,v 1.4070 2006/01/02 12:41:21 djm Exp $ diff --git a/misc.c b/misc.c index 26d7cad2c..0339cede4 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.39 2006/01/01 10:08:48 stevesk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -581,11 +581,17 @@ tun_open(int tun, int mode) if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) goto failed; - if (mode == SSH_TUNMODE_ETHERNET) { + + /* Set interface mode */ + ifr.ifr_flags &= ~IFF_UP; + if (mode == SSH_TUNMODE_ETHERNET) ifr.ifr_flags |= IFF_LINK0; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - } + else + ifr.ifr_flags &= ~IFF_LINK0; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + + /* Bring interface up */ ifr.ifr_flags |= IFF_UP; if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) goto failed; -- cgit v1.2.3 From a07a59188a5a236c0fb8ef3fb8188ca3d6227458 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:41:37 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/02 12:31:06 [ssh.1] start to cut some duplicate info from FILES; help/ok djm --- ChangeLog | 6 +++++- ssh.1 | 31 +++++++------------------------ 2 files changed, 12 insertions(+), 25 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 577123925..99b7aedcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,10 @@ clarify tun(4) opening - set the mode and bring the interface up. also (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. suggested and ok by djm@ + - jmc@cvs.openbsd.org 2006/01/02 12:31:06 + [ssh.1] + start to cut some duplicate info from FILES; + help/ok djm 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3618,4 +3622,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4070 2006/01/02 12:41:21 djm Exp $ +$Id: ChangeLog,v 1.4071 2006/01/02 12:41:37 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 2a8386dc4..de9d9312f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.234 2005/12/31 13:45:19 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.235 2006/01/02 12:31:06 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1061,38 +1061,21 @@ in See .Xr sshd 8 . .It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa -Contains the authentication identity of the user. -They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. +Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). -Note that .Nm -ignores a private key file if it is accessible by others. +will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when -generating the key; the passphrase will be used to encrypt the +generating the key which will be used to encrypt the sensitive part of this file using 3DES. .It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub -Contains the public key for authentication (public part of the -identity file in human-readable form). -The contents of the -.Pa ~/.ssh/identity.pub -file should be added to the file -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using protocol version 1 RSA authentication. -The contents of the -.Pa ~/.ssh/id_dsa.pub -and -.Pa ~/.ssh/id_rsa.pub -file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using protocol version 2 DSA/RSA authentication. +Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. -These files are -never used automatically and are not necessary; they are only provided for +They are +never used automatically and are not necessary: they are only provided for the convenience of the user. .It Pa ~/.ssh/config This is the per-user configuration file. -- cgit v1.2.3 From b797770da28c07a10b51528f79af3bacae2ff613 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 3 Jan 2006 18:47:31 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/02 17:09:49 [ssh_config.5 sshd_config.5] some corrections from michael knudsen; --- ChangeLog | 8 +++++++- ssh_config.5 | 6 +++--- sshd_config.5 | 6 +++--- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 99b7aedcd..60ea75fd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060103 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/02 17:09:49 + [ssh_config.5 sshd_config.5] + some corrections from michael knudsen; + 20060102 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support - (djm) OpenBSD CVS Sync @@ -3622,4 +3628,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4071 2006/01/02 12:41:37 djm Exp $ +$Id: ChangeLog,v 1.4072 2006/01/03 07:47:31 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 072ea11a1..d091bcbf9 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.72 2005/12/22 10:31:40 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.73 2006/01/02 17:09:49 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -797,7 +797,7 @@ across multiple directives. The default is not to send any environment variables. .It Cm ServerAliveCountMax -Sets the number of server alive messages (see above) which may be +Sets the number of server alive messages (see below) which may be sent without .Nm ssh receiving any messages back from the server. @@ -819,7 +819,7 @@ server depend on knowing when a connection has become inactive. The default value is 3. If, for example, .Cm ServerAliveInterval -(above) is set to 15, and +(see below) is set to 15, and .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive ssh will disconnect after approximately 45 seconds. diff --git a/sshd_config.5 b/sshd_config.5 index a10b365d3..71a293ffb 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.47 2005/12/08 18:34:11 reyk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.48 2006/01/02 17:09:49 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -181,7 +181,7 @@ The default is aes192-ctr,aes256-ctr'' .Ed .It Cm ClientAliveCountMax -Sets the number of client alive messages (see above) which may be +Sets the number of client alive messages (see below) which may be sent without .Nm sshd receiving any messages back from the client. @@ -203,7 +203,7 @@ server depend on knowing when a connection has become inactive. The default value is 3. If .Cm ClientAliveInterval -(above) is set to 15, and +(see below) is set to 15, and .Cm ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds. -- cgit v1.2.3 From a969437645550a8f7595ba017c7658c4341d77d1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 4 Jan 2006 07:27:50 +1100 Subject: - (djm) [channels.c] clean up harmless merge error, from reyk@ --- ChangeLog | 5 ++++- channels.c | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 60ea75fd4..f5e287dc4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060103 + - (djm) [channels.c] clean up harmless merge error, from reyk@ + 20060103 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/02 17:09:49 @@ -3628,4 +3631,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4072 2006/01/03 07:47:31 djm Exp $ +$Id: ChangeLog,v 1.4073 2006/01/03 20:27:50 djm Exp $ diff --git a/channels.c b/channels.c index ed5903f6f..5fa80fbad 100644 --- a/channels.c +++ b/channels.c @@ -1491,8 +1491,6 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) } return 1; } - data = buffer_ptr(&c->output); - dlen = buffer_len(&c->output); #ifdef _AIX /* XXX: Later AIX versions can't push as much data to tty */ if (compat20 && c->wfd_isatty) -- cgit v1.2.3 From 7655f5cd9fe856bb833de92521d415b66bf4d5d4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:48:18 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/03 16:31:10 [ssh.1] move FILES to a -compact list, and make each files an item in that list. this avoids nastly line wrap when we have long pathnames, and treats each file as a separate item; remove the .Pa too, since it is useless. --- ChangeLog | 11 ++++++++++- ssh.1 | 52 ++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 46 insertions(+), 17 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f5e287dc4..021d06359 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20060106 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/03 16:31:10 + [ssh.1] + move FILES to a -compact list, and make each files an item in that list. + this avoids nastly line wrap when we have long pathnames, and treats + each file as a separate item; + remove the .Pa too, since it is useless. + 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3631,4 +3640,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4073 2006/01/03 20:27:50 djm Exp $ +$Id: ChangeLog,v 1.4074 2006/01/06 03:48:18 djm Exp $ diff --git a/ssh.1 b/ssh.1 index de9d9312f..e6204027f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.235 2006/01/02 12:31:06 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.236 2006/01/03 16:31:10 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1053,14 +1053,17 @@ For more information, see the option in .Xr sshd_config 5 . .Sh FILES -.Bl -tag -width Ds -.It Pa ~/.ssh/known_hosts +.Bl -tag -width Ds -compact +.It ~/.ssh/known_hosts Records host keys for all hosts the user has logged into that are not in .Pa /etc/ssh/ssh_known_hosts . See .Xr sshd 8 . -.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa +.Pp +.It ~/.ssh/identity +.It ~/.ssh/id_dsa +.It ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not @@ -1070,20 +1073,25 @@ will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. -.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub +.Pp +.It ~/.ssh/identity.pub +.It ~/.ssh/id_dsa.pub +.It ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. They are never used automatically and are not necessary: they are only provided for the convenience of the user. -.It Pa ~/.ssh/config +.Pp +.It ~/.ssh/config This is the per-user configuration file. The file format and configuration options are described in .Xr ssh_config 5 . Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. -.It Pa ~/.ssh/authorized_keys +.Pp +.It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 @@ -1093,7 +1101,8 @@ In the simplest form the format is the same as the identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh/ssh_known_hosts +.Pp +.It /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -1116,11 +1125,15 @@ to verify the client host when logging in; other names are needed because does not convert the user-supplied name to a canonical name before checking the key, because someone with access to the name servers would then be able to fool host authentication. +.Pp .It Pa /etc/ssh/ssh_config Systemwide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.Pp +.It /etc/ssh/ssh_host_key +.It /etc/ssh/ssh_host_dsa_key +.It /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for .Cm RhostsRSAAuthentication @@ -1143,7 +1156,8 @@ be setuid root when that authentication method is used. By default .Nm is not setuid root. -.It Pa ~/.rhosts +.Pp +.It ~/.rhosts This file is used in .Cm RhostsRSAAuthentication and @@ -1178,7 +1192,8 @@ The easiest way to do this is to connect back to the client from the server machine using ssh; this will automatically add the host key to .Pa ~/.ssh/known_hosts . -.It Pa ~/.shosts +.Pp +.It ~/.shosts This file is used exactly the same way as .Pa .rhosts . The purpose for @@ -1190,7 +1205,8 @@ authentication without permitting login with .Xr rlogin or .Xr rsh 1 . -.It Pa /etc/hosts.equiv +.Pp +.It /etc/hosts.equiv This file is used during .Cm RhostsRSAAuthentication and @@ -1205,20 +1221,23 @@ automatically permitted provided client and server user names are the same. Additionally, successful client host key authentication is required. This file should only be writable by root. -.It Pa /etc/shosts.equiv +.Pp +.It /etc/shosts.equiv This file is processed exactly as .Pa /etc/hosts.equiv . This file may be useful to permit logins using .Nm but not using rsh/rlogin. -.It Pa /etc/ssh/sshrc +.Pp +.It /etc/ssh/sshrc Commands in this file are executed by .Nm when the user logs in just before the user's shell (or command) is started. See the .Xr sshd 8 manual page for more information. -.It Pa ~/.ssh/rc +.Pp +.It ~/.ssh/rc Commands in this file are executed by .Nm when the user logs in just before the user's shell (or command) is @@ -1226,7 +1245,8 @@ started. See the .Xr sshd 8 manual page for more information. -.It Pa ~/.ssh/environment +.Pp +.It ~/.ssh/environment Contains additional definitions for environment variables, see section .Sx ENVIRONMENT above. -- cgit v1.2.3 From 6aa2290b0c57fb35125c03e99cfc017ee4730df9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:48:34 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/03 16:35:30 [ssh.1] use a larger width for the ENVIRONMENT list; --- ChangeLog | 5 ++++- ssh.1 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 021d06359..b5157efe9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ this avoids nastly line wrap when we have long pathnames, and treats each file as a separate item; remove the .Pa too, since it is useless. + - jmc@cvs.openbsd.org 2006/01/03 16:35:30 + [ssh.1] + use a larger width for the ENVIRONMENT list; 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3640,4 +3643,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4074 2006/01/06 03:48:18 djm Exp $ +$Id: ChangeLog,v 1.4075 2006/01/06 03:48:34 djm Exp $ diff --git a/ssh.1 b/ssh.1 index e6204027f..bf6e7cb4a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.236 2006/01/03 16:31:10 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.237 2006/01/03 16:35:30 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -956,7 +956,7 @@ electronic purse; another is going through firewalls. .Sh ENVIRONMENT .Nm will normally set the following environment variables: -.Bl -tag -width LOGNAME +.Bl -tag -width "SSH_ORIGINAL_COMMAND" .It Ev DISPLAY The .Ev DISPLAY -- cgit v1.2.3 From fb8ea74116bebb5cf68b1c346604895bd16c45e5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:48:52 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/03 16:52:36 [ssh.1] put FILES in some sort of order: sort by pathname --- ChangeLog | 5 +- ssh.1 | 234 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 121 insertions(+), 118 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b5157efe9..df3e17d21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ - jmc@cvs.openbsd.org 2006/01/03 16:35:30 [ssh.1] use a larger width for the ENVIRONMENT list; + - jmc@cvs.openbsd.org 2006/01/03 16:52:36 + [ssh.1] + put FILES in some sort of order: sort by pathname 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3643,4 +3646,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4075 2006/01/06 03:48:34 djm Exp $ +$Id: ChangeLog,v 1.4076 2006/01/06 03:48:52 djm Exp $ diff --git a/ssh.1 b/ssh.1 index bf6e7cb4a..6042633df 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.237 2006/01/03 16:35:30 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.238 2006/01/03 16:52:36 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1054,109 +1054,6 @@ option in .Xr sshd_config 5 . .Sh FILES .Bl -tag -width Ds -compact -.It ~/.ssh/known_hosts -Records host keys for all hosts the user has logged into that are not -in -.Pa /etc/ssh/ssh_known_hosts . -See -.Xr sshd 8 . -.Pp -.It ~/.ssh/identity -.It ~/.ssh/id_dsa -.It ~/.ssh/id_rsa -Contains the private key for authentication. -These files -contain sensitive data and should be readable by the user but not -accessible by others (read/write/execute). -.Nm -will simply ignore a private key file if it is accessible by others. -It is possible to specify a passphrase when -generating the key which will be used to encrypt the -sensitive part of this file using 3DES. -.Pp -.It ~/.ssh/identity.pub -.It ~/.ssh/id_dsa.pub -.It ~/.ssh/id_rsa.pub -Contains the public key for authentication. -These files are not -sensitive and can (but need not) be readable by anyone. -They are -never used automatically and are not necessary: they are only provided for -the convenience of the user. -.Pp -.It ~/.ssh/config -This is the per-user configuration file. -The file format and configuration options are described in -.Xr ssh_config 5 . -Because of the potential for abuse, this file must have strict permissions: -read/write for the user, and not accessible by others. -.Pp -.It ~/.ssh/authorized_keys -Lists the public keys (RSA/DSA) that can be used for logging in as this user. -The format of this file is described in the -.Xr sshd 8 -manual page. -In the simplest form the format is the same as the -.Pa .pub -identity files. -This file is not highly sensitive, but the recommended -permissions are read/write for the user, and not accessible by others. -.Pp -.It /etc/ssh/ssh_known_hosts -Systemwide list of known host keys. -This file should be prepared by the -system administrator to contain the public host keys of all machines in the -organization. -This file should be world-readable. -This file contains -public keys, one per line, in the following format (fields separated -by spaces): system name, public key and optional comment field. -When different names are used -for the same machine, all such names should be listed, separated by -commas. -The format is described in the -.Xr sshd 8 -manual page. -.Pp -The canonical system name (as returned by name servers) is used by -.Xr sshd 8 -to verify the client host when logging in; other names are needed because -.Nm -does not convert the user-supplied name to a canonical name before -checking the key, because someone with access to the name servers -would then be able to fool host authentication. -.Pp -.It Pa /etc/ssh/ssh_config -Systemwide configuration file. -The file format and configuration options are described in -.Xr ssh_config 5 . -.Pp -.It /etc/ssh/ssh_host_key -.It /etc/ssh/ssh_host_dsa_key -.It /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys -and are used for -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication . -If the protocol version 1 -.Cm RhostsRSAAuthentication -method is used, -.Nm -must be setuid root, since the host key is readable only by root. -For protocol version 2, -.Nm -uses -.Xr ssh-keysign 8 -to access the host keys for -.Cm HostbasedAuthentication . -This eliminates the requirement that -.Nm -be setuid root when that authentication method is used. -By default -.Nm -is not setuid root. -.Pp .It ~/.rhosts This file is used in .Cm RhostsRSAAuthentication @@ -1206,6 +1103,68 @@ authentication without permitting login with or .Xr rsh 1 . .Pp +.It ~/.ssh/authorized_keys +Lists the public keys (RSA/DSA) that can be used for logging in as this user. +The format of this file is described in the +.Xr sshd 8 +manual page. +In the simplest form the format is the same as the +.Pa .pub +identity files. +This file is not highly sensitive, but the recommended +permissions are read/write for the user, and not accessible by others. +.Pp +.It ~/.ssh/config +This is the per-user configuration file. +The file format and configuration options are described in +.Xr ssh_config 5 . +Because of the potential for abuse, this file must have strict permissions: +read/write for the user, and not accessible by others. +.Pp +.It ~/.ssh/environment +Contains additional definitions for environment variables, see section +.Sx ENVIRONMENT +above. +.Pp +.It ~/.ssh/identity +.It ~/.ssh/id_dsa +.It ~/.ssh/id_rsa +Contains the private key for authentication. +These files +contain sensitive data and should be readable by the user but not +accessible by others (read/write/execute). +.Nm +will simply ignore a private key file if it is accessible by others. +It is possible to specify a passphrase when +generating the key which will be used to encrypt the +sensitive part of this file using 3DES. +.Pp +.It ~/.ssh/identity.pub +.It ~/.ssh/id_dsa.pub +.It ~/.ssh/id_rsa.pub +Contains the public key for authentication. +These files are not +sensitive and can (but need not) be readable by anyone. +They are +never used automatically and are not necessary: they are only provided for +the convenience of the user. +.Pp +.It ~/.ssh/known_hosts +Records host keys for all hosts the user has logged into that are not +in +.Pa /etc/ssh/ssh_known_hosts . +See +.Xr sshd 8 . +.Pp +.It ~/.ssh/rc +Commands in this file are executed by +.Nm +when the user logs in just before the user's shell (or command) is +started. +See the +.Xr sshd 8 +manual page for more information. +.Pp .It /etc/hosts.equiv This file is used during .Cm RhostsRSAAuthentication @@ -1229,27 +1188,68 @@ This file may be useful to permit logins using .Nm but not using rsh/rlogin. .Pp -.It /etc/ssh/sshrc -Commands in this file are executed by +.It Pa /etc/ssh/ssh_config +Systemwide configuration file. +The file format and configuration options are described in +.Xr ssh_config 5 . +.Pp +.It /etc/ssh/ssh_host_key +.It /etc/ssh/ssh_host_dsa_key +.It /etc/ssh/ssh_host_rsa_key +These three files contain the private parts of the host keys +and are used for +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication . +If the protocol version 1 +.Cm RhostsRSAAuthentication +method is used, .Nm -when the user logs in just before the user's shell (or command) is started. -See the +must be setuid root, since the host key is readable only by root. +For protocol version 2, +.Nm +uses +.Xr ssh-keysign 8 +to access the host keys for +.Cm HostbasedAuthentication . +This eliminates the requirement that +.Nm +be setuid root when that authentication method is used. +By default +.Nm +is not setuid root. +.Pp +.It /etc/ssh/ssh_known_hosts +Systemwide list of known host keys. +This file should be prepared by the +system administrator to contain the public host keys of all machines in the +organization. +This file should be world-readable. +This file contains +public keys, one per line, in the following format (fields separated +by spaces): system name, public key and optional comment field. +When different names are used +for the same machine, all such names should be listed, separated by +commas. +The format is described in the .Xr sshd 8 -manual page for more information. +manual page. .Pp -.It ~/.ssh/rc +The canonical system name (as returned by name servers) is used by +.Xr sshd 8 +to verify the client host when logging in; other names are needed because +.Nm +does not convert the user-supplied name to a canonical name before +checking the key, because someone with access to the name servers +would then be able to fool host authentication. +.Pp +.It /etc/ssh/sshrc Commands in this file are executed by .Nm -when the user logs in just before the user's shell (or command) is -started. +when the user logs in just before the user's shell (or command) is started. See the .Xr sshd 8 manual page for more information. -.Pp -.It ~/.ssh/environment -Contains additional definitions for environment variables, see section -.Sx ENVIRONMENT -above. .El .Sh SEE ALSO .Xr gzip 1 , -- cgit v1.2.3 From 4c102eede39e71cf6a32b9cca6149ed67f6178aa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:49:17 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/03 16:55:18 [ssh.1] tweak the description of ~/.ssh/environment --- ChangeLog | 5 ++++- ssh.1 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index df3e17d21..1784bd131 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ - jmc@cvs.openbsd.org 2006/01/03 16:52:36 [ssh.1] put FILES in some sort of order: sort by pathname + - jmc@cvs.openbsd.org 2006/01/03 16:55:18 + [ssh.1] + tweak the description of ~/.ssh/environment 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3646,4 +3649,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4076 2006/01/06 03:48:52 djm Exp $ +$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 6042633df..27a51b690 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.238 2006/01/03 16:52:36 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1122,8 +1122,8 @@ Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. .Pp .It ~/.ssh/environment -Contains additional definitions for environment variables, see section -.Sx ENVIRONMENT +Contains additional definitions for environment variables; see +.Sx ENVIRONMENT , above. .Pp .It ~/.ssh/identity -- cgit v1.2.3 From 1bcdb50a3dd315178ad889070d0313e3a3e5ff04 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:49:38 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/04 18:42:46 [ssh.1] chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES entries; ok markus --- ChangeLog | 7 ++++++- ssh.1 | 69 ++++++++++++--------------------------------------------------- 2 files changed, 19 insertions(+), 57 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1784bd131..281faccab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ - jmc@cvs.openbsd.org 2006/01/03 16:55:18 [ssh.1] tweak the description of ~/.ssh/environment + - jmc@cvs.openbsd.org 2006/01/04 18:42:46 + [ssh.1] + chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES + entries; + ok markus 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3649,4 +3654,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $ +$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 27a51b690..d2f6f11e5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1055,19 +1055,9 @@ option in .Sh FILES .Bl -tag -width Ds -compact .It ~/.rhosts -This file is used in -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication to list the -host/user pairs that are permitted to log in. -(Note that this file is -also used by rlogin and rsh, which makes using this file insecure.) -Each line of the file contains a host name (in the canonical form -returned by name servers), and then a user name on that host, -separated by a space. +This file is used for host-based authentication (see above). On some machines this file may need to be -world-readable if the user's home directory is on a NFS partition, +world-readable if the user's home directory is on an NFS partition, because .Xr sshd 8 reads it as root. @@ -1077,31 +1067,11 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -Note that -.Xr sshd 8 -allows authentication only in combination with client host key -authentication before permitting log in. -If the server machine does not have the client's host key in -.Pa /etc/ssh/ssh_known_hosts , -it can be stored in -.Pa ~/.ssh/known_hosts . -The easiest way to do this is to -connect back to the client from the server machine using ssh; this -will automatically add the host key to -.Pa ~/.ssh/known_hosts . -.Pp .It ~/.shosts -This file is used exactly the same way as -.Pa .rhosts . -The purpose for -having this file is to be able to use -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication without permitting login with -.Xr rlogin -or -.Xr rsh 1 . +This file is used in exactly the same way as +.Pa .rhosts , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. @@ -1166,27 +1136,14 @@ See the manual page for more information. .Pp .It /etc/hosts.equiv -This file is used during -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication -authentication. -It contains -canonical hosts names, one per line (the full format is described in the -.Xr sshd 8 -manual page). -If the client host is found in this file, login is -automatically permitted provided client and server user names are the -same. -Additionally, successful client host key authentication is required. -This file should only be writable by root. +This file is for host-based authentication (see above). +It should only be writable by root. .Pp .It /etc/shosts.equiv -This file is processed exactly as -.Pa /etc/hosts.equiv . -This file may be useful to permit logins using -.Nm -but not using rsh/rlogin. +This file is used in exactly the same way as +.Pa hosts.equiv , +but allows host-based authentication without permitting login with +rlogin/rsh. .Pp .It Pa /etc/ssh/ssh_config Systemwide configuration file. -- cgit v1.2.3 From a246d3b9b25d2b0ea3f71972e11553fd7b70517f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:49:54 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/04 18:45:01 [ssh.1] remove .Xr's to rsh(1) and telnet(1): they are hardly needed; --- ChangeLog | 5 ++++- ssh.1 | 4 +--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 281faccab..c3e9d8851 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES entries; ok markus + - jmc@cvs.openbsd.org 2006/01/04 18:45:01 + [ssh.1] + remove .Xr's to rsh(1) and telnet(1): they are hardly needed; 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3654,4 +3657,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $ +$Id: ChangeLog,v 1.4079 2006/01/06 03:49:54 djm Exp $ diff --git a/ssh.1 b/ssh.1 index d2f6f11e5..ef4b3ff4c 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.241 2006/01/04 18:45:01 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1210,13 +1210,11 @@ manual page for more information. .El .Sh SEE ALSO .Xr gzip 1 , -.Xr rsh 1 , .Xr scp 1 , .Xr sftp 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr telnet 1 , .Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , -- cgit v1.2.3 From 128a0f114d2c0db4e4e94f055f591e79708f9990 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:50:11 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/04 19:40:24 [ssh.1] +.Xr ssh-keyscan 1 , --- ChangeLog | 5 ++++- ssh.1 | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c3e9d8851..fe17d953d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - jmc@cvs.openbsd.org 2006/01/04 18:45:01 [ssh.1] remove .Xr's to rsh(1) and telnet(1): they are hardly needed; + - jmc@cvs.openbsd.org 2006/01/04 19:40:24 + [ssh.1] + +.Xr ssh-keyscan 1 , 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3657,4 +3660,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4079 2006/01/06 03:49:54 djm Exp $ +$Id: ChangeLog,v 1.4080 2006/01/06 03:50:11 djm Exp $ diff --git a/ssh.1 b/ssh.1 index ef4b3ff4c..510cf6b69 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.241 2006/01/04 18:45:01 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.242 2006/01/04 19:40:24 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1215,6 +1215,7 @@ manual page for more information. .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , +.Xr ssh-keyscan 1 , .Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , -- cgit v1.2.3 From c27f83a63c818b04f957a3225d6781526084c481 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:50:26 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/04 19:50:09 [ssh.1] -.Xr gzip 1 , --- ChangeLog | 5 ++++- ssh.1 | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fe17d953d..08c2183d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ - jmc@cvs.openbsd.org 2006/01/04 19:40:24 [ssh.1] +.Xr ssh-keyscan 1 , + - jmc@cvs.openbsd.org 2006/01/04 19:50:09 + [ssh.1] + -.Xr gzip 1 , 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3660,4 +3663,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4080 2006/01/06 03:50:11 djm Exp $ +$Id: ChangeLog,v 1.4081 2006/01/06 03:50:26 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 510cf6b69..789e94733 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.242 2006/01/04 19:40:24 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.243 2006/01/04 19:50:09 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1209,7 +1209,6 @@ See the manual page for more information. .El .Sh SEE ALSO -.Xr gzip 1 , .Xr scp 1 , .Xr sftp 1 , .Xr ssh-add 1 , -- cgit v1.2.3 From 72c5b7d85d06d6f71960ff00e780b87ca9d33d78 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jan 2006 14:50:44 +1100 Subject: - djm@cvs.openbsd.org 2006/01/05 23:43:53 [misc.c] check that stdio file descriptors are actually closed before clobbering them in sanitise_stdfd(). problems occurred when a lower numbered fd was closed, but higher ones weren't. spotted by, and patch tested by Frédéric Olivié MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ChangeLog | 8 +++++++- misc.c | 14 ++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 08c2183d8..a994dcb07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,12 @@ - jmc@cvs.openbsd.org 2006/01/04 19:50:09 [ssh.1] -.Xr gzip 1 , + - djm@cvs.openbsd.org 2006/01/05 23:43:53 + [misc.c] + check that stdio file descriptors are actually closed before clobbering + them in sanitise_stdfd(). problems occurred when a lower numbered fd was + closed, but higher ones weren't. spotted by, and patch tested by + Frédéric Olivié 20060103 - (djm) [channels.c] clean up harmless merge error, from reyk@ @@ -3663,4 +3669,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4081 2006/01/06 03:50:26 djm Exp $ +$Id: ChangeLog,v 1.4082 2006/01/06 03:50:44 djm Exp $ diff --git a/misc.c b/misc.c index 0339cede4..b876c0030 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.40 2006/01/02 07:53:44 reyk Exp $"); +RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -616,18 +616,20 @@ tun_open(int tun, int mode) void sanitise_stdfd(void) { - int nullfd; + int nullfd, dupfd; - if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); exit(1); } - while (nullfd < 2) { - if (dup2(nullfd, nullfd + 1) == -1) { + while (++dupfd <= 2) { + /* Only clobber closed fds */ + if (fcntl(dupfd, F_GETFL, 0) >= 0) + continue; + if (dup2(nullfd, dupfd) == -1) { fprintf(stderr, "dup2: %s", strerror(errno)); exit(1); } - nullfd++; } if (nullfd > 2) close(nullfd); -- cgit v1.2.3 From e78c6ce8cfe5a31db0090f91728d3b14e9875cd5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 10 Jan 2006 00:02:44 +1100 Subject: - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on tcpip service so it's always started after IP is up. Patch from vinschen at redhat.com. --- ChangeLog | 7 ++++++- contrib/cygwin/ssh-host-config | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a994dcb07..612612b4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060109 + - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on + tcpip service so it's always started after IP is up. Patch from + vinschen at redhat.com. + 20060106 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/03 16:31:10 @@ -3669,4 +3674,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4082 2006/01/06 03:50:44 djm Exp $ +$Id: ChangeLog,v 1.4083 2006/01/09 13:02:44 dtucker Exp $ diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index fbfb5c195..0540890e6 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -551,14 +551,14 @@ then [ -z "${_cygwin}" ] && _cygwin="ntsec" if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] then - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" -y tcpip then echo echo "The service has been installed under sshd_server account." echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." fi else - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" -y tcpip then echo echo "The service has been installed under LocalSystem account." -- cgit v1.2.3 From e87eb4ce3ce4711b94a72d729352c240047f17c1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:08:36 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/06 13:27:32 [ssh.1] weed out some duplicate info in the known_hosts FILES entries; ok djm --- ChangeLog | 9 ++++++++- ssh.1 | 30 ++++++++---------------------- 2 files changed, 16 insertions(+), 23 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 612612b4a..462328c18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060114 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/06 13:27:32 + [ssh.1] + weed out some duplicate info in the known_hosts FILES entries; + ok djm + 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on tcpip service so it's always started after IP is up. Patch from @@ -3674,4 +3681,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4083 2006/01/09 13:02:44 dtucker Exp $ +$Id: ChangeLog,v 1.4084 2006/01/13 23:08:36 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 789e94733..cfe1655e6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.243 2006/01/04 19:50:09 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.244 2006/01/06 13:27:32 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1120,11 +1120,11 @@ never used automatically and are not necessary: they are only provided for the convenience of the user. .Pp .It ~/.ssh/known_hosts -Records host keys for all hosts the user has logged into that are not -in -.Pa /etc/ssh/ssh_known_hosts . +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. See -.Xr sshd 8 . +.Xr sshd 8 +for further details of the format of this file. .Pp .It ~/.ssh/rc Commands in this file are executed by @@ -1181,24 +1181,10 @@ Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. -This file should be world-readable. -This file contains -public keys, one per line, in the following format (fields separated -by spaces): system name, public key and optional comment field. -When different names are used -for the same machine, all such names should be listed, separated by -commas. -The format is described in the -.Xr sshd 8 -manual page. -.Pp -The canonical system name (as returned by name servers) is used by +It should be world-readable. +See .Xr sshd 8 -to verify the client host when logging in; other names are needed because -.Nm -does not convert the user-supplied name to a canonical name before -checking the key, because someone with access to the name servers -would then be able to fool host authentication. +for further details of the format of this file. .Pp .It /etc/ssh/sshrc Commands in this file are executed by -- cgit v1.2.3 From 7e76e1f101cf672df9ca1822f2a04cb4289df519 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:08:57 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/06 13:29:10 [ssh.1] final round of whacking FILES for duplicate info, and some consistency fixes; ok djm --- ChangeLog | 7 ++++++- ssh.1 | 25 ++++++++----------------- 2 files changed, 14 insertions(+), 18 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 462328c18..e453cd43c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh.1] weed out some duplicate info in the known_hosts FILES entries; ok djm + - jmc@cvs.openbsd.org 2006/01/06 13:29:10 + [ssh.1] + final round of whacking FILES for duplicate info, and some consistency + fixes; + ok djm 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3681,4 +3686,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4084 2006/01/13 23:08:36 djm Exp $ +$Id: ChangeLog,v 1.4085 2006/01/13 23:08:57 djm Exp $ diff --git a/ssh.1 b/ssh.1 index cfe1655e6..0ebe177f5 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.244 2006/01/06 13:27:32 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.245 2006/01/06 13:29:10 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1078,9 +1078,6 @@ Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 manual page. -In the simplest form the format is the same as the -.Pa .pub -identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp @@ -1129,7 +1126,7 @@ for further details of the format of this file. .It ~/.ssh/rc Commands in this file are executed by .Nm -when the user logs in just before the user's shell (or command) is +when the user logs in, just before the user's shell (or command) is started. See the .Xr sshd 8 @@ -1154,24 +1151,18 @@ The file format and configuration options are described in .It /etc/ssh/ssh_host_dsa_key .It /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys -and are used for -.Cm RhostsRSAAuthentication -and -.Cm HostbasedAuthentication . -If the protocol version 1 -.Cm RhostsRSAAuthentication -method is used, +and are used for host-based authentication. +If protocol version 1 is used, .Nm must be setuid root, since the host key is readable only by root. For protocol version 2, .Nm uses .Xr ssh-keysign 8 -to access the host keys for -.Cm HostbasedAuthentication . -This eliminates the requirement that +to access the host keys, +eliminating the requirement that .Nm -be setuid root when that authentication method is used. +be setuid root when host-based authentication is used. By default .Nm is not setuid root. @@ -1189,7 +1180,7 @@ for further details of the format of this file. .It /etc/ssh/sshrc Commands in this file are executed by .Nm -when the user logs in just before the user's shell (or command) is started. +when the user logs in, just before the user's shell (or command) is started. See the .Xr sshd 8 manual page for more information. -- cgit v1.2.3 From f31771810cf89a3e687112e71264be266012b2de Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:09:13 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 14:44:12 [ssh.1] split sections on tcp and x11 forwarding into two sections. add an example in the tcp section, based on sth i wrote for ssh faq; help + ok: djm markus dtucker --- ChangeLog | 7 ++++++- ssh.1 | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 68 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e453cd43c..51f05cac2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,11 @@ final round of whacking FILES for duplicate info, and some consistency fixes; ok djm + - jmc@cvs.openbsd.org 2006/01/12 14:44:12 + [ssh.1] + split sections on tcp and x11 forwarding into two sections. + add an example in the tcp section, based on sth i wrote for ssh faq; + help + ok: djm markus dtucker 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3686,4 +3691,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4085 2006/01/13 23:08:57 djm Exp $ +$Id: ChangeLog,v 1.4086 2006/01/13 23:09:13 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 0ebe177f5..c15cfc319 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.245 2006/01/06 13:29:10 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.246 2006/01/12 14:44:12 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -893,7 +893,67 @@ option. Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). .El -.Sh X11 AND TCP FORWARDING +.Sh TCP FORWARDING +Forwarding of arbitrary TCP connections over the secure channel can +be specified either on the command line or in a configuration file. +One possible application of TCP forwarding is a secure connection to a +mail server; another is going through firewalls. +.Pp +In the example below, we look at encrypting communication between +an IRC client and server, even though the IRC server does not directly +support encrypted communications. +This works as follows: +the user connects to the remote host using +.Nm , +specifying a port to be used to forward connections +to the remote server. +After that it is possible to start the service which is to be encrypted +on the client machine, +connecting to the same local port, +and +.Nm +will encrypt and forward the connection. +.Pp +The following example tunnels an IRC session from client machine +.Dq 127.0.0.1 +(localhost) +to remote server +.Dq server.example.com : +.Bd -literal -offset 4n +$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 +$ irc -c '#users' -p 1234 pinky 127.0.0.1 +.Ed +.Pp +This tunnels a connection to IRC server +.Dq server.example.com , +joining channel +.Dq #users , +nickname +.Dq pinky , +using port 1234. +It doesn't matter which port is used, +as long as it's greater than 1023 +(remember, only root can open sockets on privileged ports) +and doesn't conflict with any ports already in use. +The connection is forwarded to port 6667 on the remote server, +since that's the standard port for IRC services. +.Pp +The +.Fl f +option backgrounds +.Nm +and the remote command +.Dq sleep 10 +is specified to allow an amount of time +(10 seconds, in the example) +to start the service which is to be tunnelled. +If no connections are made within the time specified, +.Nm +will exit. +Once opened, +a SSH connection will remain active +until all actively forwarded connections have closed. +.Sh X11 FORWARDING If the .Cm ForwardX11 variable is set to @@ -948,11 +1008,6 @@ and options above) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. -.Pp -Forwarding of arbitrary TCP/IP connections over the secure channel can -be specified either on the command line or in a configuration file. -One possible application of TCP/IP forwarding is a secure connection to an -electronic purse; another is going through firewalls. .Sh ENVIRONMENT .Nm will normally set the following environment variables: -- cgit v1.2.3 From 8bfaf93f607ab97ed09a9247bbf23ca82ffcf75e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:09:30 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 18:48:48 [ssh.1] refer to `TCP' rather than `TCP/IP' in the context of connection forwarding; ok markus --- ChangeLog | 7 ++++++- ssh.1 | 8 ++++---- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 51f05cac2..b562035ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,11 @@ split sections on tcp and x11 forwarding into two sections. add an example in the tcp section, based on sth i wrote for ssh faq; help + ok: djm markus dtucker + - jmc@cvs.openbsd.org 2006/01/12 18:48:48 + [ssh.1] + refer to `TCP' rather than `TCP/IP' in the context of connection + forwarding; + ok markus 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3691,4 +3696,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4086 2006/01/13 23:09:13 djm Exp $ +$Id: ChangeLog,v 1.4087 2006/01/13 23:09:30 djm Exp $ diff --git a/ssh.1 b/ssh.1 index c15cfc319..b430ff823 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.246 2006/01/12 14:44:12 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.247 2006/01/12 18:48:48 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -89,7 +89,7 @@ executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP/IP ports +X11 connections and arbitrary TCP ports can also be forwarded over the secure channel. .Pp .Nm @@ -146,7 +146,7 @@ of the connection. Only useful on systems with more than one address. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and -data for forwarded X11 and TCP/IP connections). +data for forwarded X11 and TCP connections). The compression algorithm is the same used by .Xr gzip 1 , and the @@ -834,7 +834,7 @@ On most systems, setting the escape character to will also make the session transparent even if a tty is used. .Pp The session terminates when the command or shell on the remote -machine exits and all X11 and TCP/IP connections have been closed. +machine exits and all X11 and TCP connections have been closed. .Sh ESCAPE CHARACTERS When a pseudo-terminal has been requested, .Nm -- cgit v1.2.3 From 7c24b81699c9b45f277ccefa5523e1a8d64a98a5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:09:56 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 22:20:00 [sshd.8] refer to TCP forwarding, rather than TCP/IP forwarding; --- ChangeLog | 5 ++++- sshd.8 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b562035ef..b68b88e9a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ refer to `TCP' rather than `TCP/IP' in the context of connection forwarding; ok markus + - jmc@cvs.openbsd.org 2006/01/12 22:20:00 + [sshd.8] + refer to TCP forwarding, rather than TCP/IP forwarding; 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3696,4 +3699,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4087 2006/01/13 23:09:30 djm Exp $ +$Id: ChangeLog,v 1.4088 2006/01/13 23:09:56 djm Exp $ diff --git a/sshd.8 b/sshd.8 index ee6e7d797..241aefd43 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.210 2005/12/21 22:44:26 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.211 2006/01/12 22:20:00 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -169,7 +169,7 @@ If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request things like allocating a pseudo-tty, forwarding X11 connections, -forwarding TCP/IP connections, or forwarding the authentication agent +forwarding TCP connections, or forwarding the authentication agent connection over the secure channel. .Pp Finally, the client either requests a shell or execution of a command. @@ -480,7 +480,7 @@ A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. -Note that the client may specify TCP/IP and/or X11 +Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. Note that this option applies to shell, command or subsystem execution. .It Cm environment="NAME=value" @@ -497,7 +497,7 @@ This option is automatically disabled if .Cm UseLogin is enabled. .It Cm no-port-forwarding -Forbids TCP/IP forwarding when this key is used for authentication. +Forbids TCP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. This might be used, e.g., in connection with the .Cm command -- cgit v1.2.3 From e9d001e02b55f065b7a16d3e2b3d041d32ee9176 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:10:17 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 22:26:02 [ssh_config.5] refer to TCP forwarding, rather than TCP/IP forwarding; --- ChangeLog | 5 ++++- ssh_config.5 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b68b88e9a..18b9ec375 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - jmc@cvs.openbsd.org 2006/01/12 22:20:00 [sshd.8] refer to TCP forwarding, rather than TCP/IP forwarding; + - jmc@cvs.openbsd.org 2006/01/12 22:26:02 + [ssh_config.5] + refer to TCP forwarding, rather than TCP/IP forwarding; 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3699,4 +3702,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4088 2006/01/13 23:09:56 djm Exp $ +$Id: ChangeLog,v 1.4089 2006/01/13 23:10:17 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index d091bcbf9..e8186a988 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.73 2006/01/02 17:09:49 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.74 2006/01/12 22:26:02 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -318,7 +318,7 @@ used for opportunistic connection sharing include all three of these escape sequences. This ensures that shared connections are uniquely identified. .It Cm DynamicForward -Specifies that a TCP/IP port on the local machine be forwarded +Specifies that a TCP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. @@ -565,7 +565,7 @@ This directive is ignored unless .Cm PermitLocalCommand has been enabled. .It Cm LocalForward -Specifies that a TCP/IP port on the local machine be forwarded over +Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be .Sm off @@ -719,7 +719,7 @@ The default is .Dq yes . This option applies to protocol version 2 only. .It Cm RemoteForward -Specifies that a TCP/IP port on the remote machine be forwarded over +Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be .Sm off -- cgit v1.2.3 From 4a8dc9e2974063b51da3c5c9e6732f64362a783a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:10:31 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 22:34:12 [ssh.1] back out a sentence - AUTHENTICATION already documents this; --- ChangeLog | 5 ++++- ssh.1 | 5 +---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 18b9ec375..8cb8fd131 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,9 @@ - jmc@cvs.openbsd.org 2006/01/12 22:26:02 [ssh_config.5] refer to TCP forwarding, rather than TCP/IP forwarding; + - jmc@cvs.openbsd.org 2006/01/12 22:34:12 + [ssh.1] + back out a sentence - AUTHENTICATION already documents this; 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3702,4 +3705,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4089 2006/01/13 23:10:17 djm Exp $ +$Id: ChangeLog,v 1.4090 2006/01/13 23:10:31 djm Exp $ diff --git a/ssh.1 b/ssh.1 index b430ff823..59694822a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.247 2006/01/12 18:48:48 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.248 2006/01/12 22:34:12 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -950,9 +950,6 @@ to start the service which is to be tunnelled. If no connections are made within the time specified, .Nm will exit. -Once opened, -a SSH connection will remain active -until all actively forwarded connections have closed. .Sh X11 FORWARDING If the .Cm ForwardX11 -- cgit v1.2.3 From 94299ec251c84fb07329f3322cd5d6390d70eb7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 20 Jan 2006 11:30:14 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/15 17:37:05 [ssh.1] correction from deraadt --- ChangeLog | 8 +++++++- ssh.1 | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8cb8fd131..d550404a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060120 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/15 17:37:05 + [ssh.1] + correction from deraadt + 20060114 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/06 13:27:32 @@ -3705,4 +3711,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4090 2006/01/13 23:10:31 djm Exp $ +$Id: ChangeLog,v 1.4091 2006/01/20 00:30:14 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 59694822a..59ec74b3f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.248 2006/01/12 22:34:12 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.249 2006/01/15 17:37:05 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -643,7 +643,7 @@ The file format and configuration options are described in exits with the exit status of the remote command or with 255 if an error occurred. .Sh AUTHENTICATION -The OpenSSH SSH client supports OpenSSH protocols 1 and 2. +The OpenSSH SSH client supports SSH protocols 1 and 2. Protocol 2 is the default, with .Nm falling back to protocol 1 if it detects protocol 2 is unsupported. -- cgit v1.2.3 From 248dd13c4686bcf1c1b29533a7f5c2e4264083cf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 20 Jan 2006 11:30:58 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/18 10:53:29 [ssh.1] add a section on ssh-based vpn, based on reyk's README.tun; --- ChangeLog | 5 ++++- ssh.1 | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 56 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d550404a7..ea78b6504 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - jmc@cvs.openbsd.org 2006/01/15 17:37:05 [ssh.1] correction from deraadt + - jmc@cvs.openbsd.org 2006/01/18 10:53:29 + [ssh.1] + add a section on ssh-based vpn, based on reyk's README.tun; 20060114 - (djm) OpenBSD CVS Sync @@ -3711,4 +3714,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4091 2006/01/20 00:30:14 dtucker Exp $ +$Id: ChangeLog,v 1.4092 2006/01/20 00:30:58 dtucker Exp $ diff --git a/ssh.1 b/ssh.1 index 59ec74b3f..661e8f962 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.249 2006/01/15 17:37:05 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.250 2006/01/18 10:53:29 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1005,6 +1005,56 @@ and options above) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. +.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS +.Nm +contains support for Virtual Private Network (VPN) tunnelling +using the +.Xr tun 4 +network pseudo-device, +allowing two networks to be joined securely. +The +.Xr sshd_config 5 +configuration option +.Cm PermitTunnel +controls whether the server supports this, +and at what level (layer 2 or 3 traffic). +.Pp +The following example would connect client network 10.0.50.0/24 +with remote network 10.0.99.0/24, provided that the SSH server +running on the gateway to the remote network, +at 192.168.1.15, allows it: +.Bd -literal -offset indent +# ssh -f -w 0:1 192.168.1.15 true +# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 +.Ed +.Pp +Client access may be more finely tuned via the +.Pa /root/.ssh/authorized_keys +file (see below) and the +.Cm PermitRootLogin +server option. +The following entry would permit connections on the first +.Xr tun 4 +device from user +.Dq jane +and on the second device from user +.Dq john , +if +.Cm PermitRootLogin +is set to +.Dq forced-commands-only : +.Bd -literal -offset 2n +tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane +tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john +.Ed +.Pp +Since a SSH-based setup entails a fair amount of overhead, +it may be more suited to temporary setups, +such as for wireless VPNs. +More permanent VPNs are better provided by tools such as +.Xr ipsecctl 8 +and +.Xr isakmpd 8 . .Sh ENVIRONMENT .Nm will normally set the following environment variables: @@ -1244,6 +1294,7 @@ manual page for more information. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , +.Xr tun 4 , .Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , -- cgit v1.2.3 From 62388b2b63394c6a6ee44271426a13de5e0ce827 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 20 Jan 2006 11:31:47 +1100 Subject: - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 [scp.1 ssh.1 ssh_config.5 sftp.1] Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ --- ChangeLog | 6 +++++- scp.1 | 3 ++- sftp.1 | 3 ++- ssh.1 | 3 ++- ssh_config.5 | 17 ++++++++++++++++- 5 files changed, 27 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ea78b6504..5fa01b32d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - jmc@cvs.openbsd.org 2006/01/18 10:53:29 [ssh.1] add a section on ssh-based vpn, based on reyk's README.tun; + - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 + [scp.1 ssh.1 ssh_config.5 sftp.1] + Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot + #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ 20060114 - (djm) OpenBSD CVS Sync @@ -3714,4 +3718,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4092 2006/01/20 00:30:58 dtucker Exp $ +$Id: ChangeLog,v 1.4093 2006/01/20 00:31:47 dtucker Exp $ diff --git a/scp.1 b/scp.1 index b5191e318..d9b1f8e8f 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.39 2006/01/20 00:14:55 dtucker Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -152,6 +152,7 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication +.It RekeyLimit .It RhostsRSAAuthentication .It RSAAuthentication .It SendEnv diff --git a/sftp.1 b/sftp.1 index 6b500596c..47aafa89e 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.62 2005/12/30 16:59:00 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.63 2006/01/20 00:14:55 dtucker Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -180,6 +180,7 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication +.It RekeyLimit .It RhostsRSAAuthentication .It RSAAuthentication .It SendEnv diff --git a/ssh.1 b/ssh.1 index 661e8f962..3fe142dc1 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.250 2006/01/18 10:53:29 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.251 2006/01/20 00:14:55 dtucker Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -477,6 +477,7 @@ For full details of the options listed below, and their possible values, see .It Protocol .It ProxyCommand .It PubkeyAuthentication +.It RekeyLimit .It RemoteForward .It RhostsRSAAuthentication .It RSAAuthentication diff --git a/ssh_config.5 b/ssh_config.5 index e8186a988..790c9b204 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.74 2006/01/12 22:26:02 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.75 2006/01/20 00:14:55 dtucker Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -718,6 +718,21 @@ or The default is .Dq yes . This option applies to protocol version 2 only. +.It Cm RekeyLimit +Specifies the maximum amount of data that may be transmitted before the +session key will be renegotiated. +The argument is the number of bytes, with an optional suffix of +.Dq K , +.Dq M , +or +.Dq G +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. +The default is between +.Dq 1G +and +.Dq 4G , +depending on the cipher. +Note that this option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. -- cgit v1.2.3 From fbea76400f557cb4ec6a7c97c92f895d8d0929a7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Jan 2006 00:22:39 +1100 Subject: - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ --- ChangeLog | 6 +++++- configure.ac | 7 ++++++- opensshd.init.in | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5fa01b32d..da8a70a7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060129 + - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the + opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ + 20060120 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/15 17:37:05 @@ -3718,4 +3722,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4093 2006/01/20 00:31:47 dtucker Exp $ +$Id: ChangeLog,v 1.4094 2006/01/29 13:22:39 dtucker Exp $ diff --git a/configure.ac b/configure.ac index a9654cbde..70e26deea 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.321 2006/01/01 10:03:30 djm Exp $ +# $Id: configure.ac,v 1.322 2006/01/29 13:22:39 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -47,6 +47,11 @@ AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd, AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd, [/usr/sbin${PATH_SEPARATOR}/etc]) AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no) +if test -x /sbin/sh; then + AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh) +else + AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh) +fi # System features AC_SYS_LARGEFILE diff --git a/opensshd.init.in b/opensshd.init.in index ffa7cdac2..c36c5c88a 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -1,4 +1,4 @@ -#!/sbin/sh +#!@STARTUP_SCRIPT_SHELL@ # Donated code that was put under PD license. # # Stripped PRNGd out of it for the time being. -- cgit v1.2.3 From ddfddf1ba3f767c27b8a57d0d70648ce925609a4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:39:03 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/20 11:21:45 [ssh_config.5] - word change, agreed w/ markus - consistency fixes --- ChangeLog | 9 ++++++++- ssh_config.5 | 12 ++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index da8a70a7f..ada3d3ae8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060131 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/20 11:21:45 + [ssh_config.5] + - word change, agreed w/ markus + - consistency fixes + 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ @@ -3722,4 +3729,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4094 2006/01/29 13:22:39 dtucker Exp $ +$Id: ChangeLog,v 1.4095 2006/01/31 10:39:03 djm Exp $ diff --git a/ssh_config.5 b/ssh_config.5 index 790c9b204..5c94ffc9c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.75 2006/01/20 00:14:55 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.76 2006/01/20 11:21:45 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -720,19 +720,19 @@ The default is This option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the -session key will be renegotiated. +session key is renegotiated. The argument is the number of bytes, with an optional suffix of -.Dq K , -.Dq M , +.Sq K , +.Sq M , or -.Dq G +.Sq G to indicate Kilobytes, Megabytes, or Gigabytes, respectively. The default is between .Dq 1G and .Dq 4G , depending on the cipher. -Note that this option applies to protocol version 2 only. +This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. -- cgit v1.2.3 From 99cc4a8f1e4e1ab45e41600518aa888e24b4df64 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:45:53 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/25 09:04:34 [sshd.8] move the options description up the page, and a few additional tweaks whilst in here; ok markus --- ChangeLog | 7 +- sshd.8 | 231 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 121 insertions(+), 117 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ada3d3ae8..5ec6e615d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh_config.5] - word change, agreed w/ markus - consistency fixes + - jmc@cvs.openbsd.org 2006/01/25 09:04:34 + [sshd.8] + move the options description up the page, and a few additional tweaks + whilst in here; + ok markus 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3729,4 +3734,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4095 2006/01/31 10:39:03 djm Exp $ +$Id: ChangeLog,v 1.4096 2006/01/31 10:45:53 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 241aefd43..3ca929d50 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.211 2006/01/12 22:20:00 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.212 2006/01/25 09:04:34 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -56,16 +56,14 @@ .Ek .Sh DESCRIPTION .Nm -(SSH Daemon) is the daemon program for +(OpenSSH Daemon) is the daemon program for .Xr ssh 1 . Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. -The programs are intended to be as easy to -install and use as possible. .Pp .Nm -is the daemon that listens for connections from clients. +listens for connections from clients. It is normally started at boot from .Pa /etc/rc . It forks a new @@ -73,122 +71,13 @@ daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. -This implementation of -.Nm -supports both SSH protocol version 1 and 2 simultaneously. -.Nm -works as follows: -.Ss SSH protocol version 1 -Each host has a host-specific RSA key -(normally 2048 bits) used to identify the host. -Additionally, when -the daemon starts, it generates a server RSA key (normally 768 bits). -This key is normally regenerated every hour if it has been used, and -is never stored on disk. -.Pp -Whenever a client connects, the daemon responds with its public -host and server keys. -The client compares the -RSA host key against its own database to verify that it has not changed. -The client then generates a 256-bit random number. -It encrypts this -random number using both the host key and the server key, and sends -the encrypted number to the server. -Both sides then use this -random number as a session key which is used to encrypt all further -communications in the session. -The rest of the session is encrypted -using a conventional cipher, currently Blowfish or 3DES, with 3DES -being used by default. -The client selects the encryption algorithm -to use from those offered by the server. -.Pp -Next, the server and the client enter an authentication dialog. -The client tries to authenticate itself using -.Em .rhosts -authentication combined with RSA host -authentication, RSA challenge-response authentication, or password -based authentication. -.Pp -Regardless of the authentication type, the account is checked to -ensure that it is accessible. An account is not accessible if it is -locked, listed in -.Cm DenyUsers -or its group is listed in -.Cm DenyGroups -\&. The definition of a locked account is system dependant. Some platforms -have their own account database (eg AIX) and some modify the passwd field ( -.Ql \&*LK\&* -on Solaris and UnixWare, -.Ql \&* -on HP-UX, containing -.Ql Nologin -on Tru64, -a leading -.Ql \&*LOCKED\&* -on FreeBSD and a leading -.Ql \&!! -on Linux). If there is a requirement to disable password authentication -for the account while allowing still public-key, then the passwd field -should be set to something other than these values (eg -.Ql NP -or -.Ql \&*NP\&* -). -.Pp -.Nm rshd , -.Nm rlogind , -and -.Nm rexecd -are disabled (thus completely disabling -.Xr rlogin -and -.Xr rsh -into the machine). -.Ss SSH protocol version 2 -Version 2 works similarly: -Each host has a host-specific key (RSA or DSA) used to identify the host. -However, when the daemon starts, it does not generate a server key. -Forward security is provided through a Diffie-Hellman key agreement. -This key agreement results in a shared session key. -.Pp -The rest of the session is encrypted using a symmetric cipher, currently -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. -The client selects the encryption algorithm -to use from those offered by the server. -Additionally, session integrity is provided -through a cryptographic message authentication code -(hmac-sha1 or hmac-md5). -.Pp -Protocol version 2 provides a public key based -user (PubkeyAuthentication) or -client host (HostbasedAuthentication) authentication method, -conventional password authentication and challenge response based methods. -.Ss Command execution and data forwarding -If the client successfully authenticates itself, a dialog for -preparing the session is entered. -At this time the client may request -things like allocating a pseudo-tty, forwarding X11 connections, -forwarding TCP connections, or forwarding the authentication agent -connection over the secure channel. -.Pp -Finally, the client either requests a shell or execution of a command. -The sides then enter session mode. -In this mode, either side may send -data at any time, and such data is forwarded to/from the shell or -command on the server side, and the user terminal in the client side. -.Pp -When the user program terminates and all forwarded X11 and other -connections have been closed, the server sends command exit status to -the client, and both sides exit. .Pp .Nm can be configured using command-line options or a configuration file (by default -.Xr sshd_config 5 ) . -Command-line options override values specified in the +.Xr sshd_config 5 ) ; +command-line options override values specified in the configuration file. -.Pp .Nm rereads its configuration file when it receives a hangup signal, .Dv SIGHUP , @@ -338,6 +227,116 @@ USER@HOST pattern in or .Cm DenyUsers . .El +.Pp +This implementation of +.Nm +supports both SSH protocol version 1 and 2 simultaneously. +.Nm +works as follows: +.Ss SSH protocol version 1 +Each host has a host-specific RSA key +(normally 2048 bits) used to identify the host. +Additionally, when +the daemon starts, it generates a server RSA key (normally 768 bits). +This key is normally regenerated every hour if it has been used, and +is never stored on disk. +.Pp +Whenever a client connects, the daemon responds with its public +host and server keys. +The client compares the +RSA host key against its own database to verify that it has not changed. +The client then generates a 256-bit random number. +It encrypts this +random number using both the host key and the server key, and sends +the encrypted number to the server. +Both sides then use this +random number as a session key which is used to encrypt all further +communications in the session. +The rest of the session is encrypted +using a conventional cipher, currently Blowfish or 3DES, with 3DES +being used by default. +The client selects the encryption algorithm +to use from those offered by the server. +.Pp +Next, the server and the client enter an authentication dialog. +The client tries to authenticate itself using +.Em rhosts +authentication combined with RSA host +authentication, RSA challenge-response authentication, or password +based authentication. +.Pp +Regardless of the authentication type, the account is checked to +ensure that it is accessible. An account is not accessible if it is +locked, listed in +.Cm DenyUsers +or its group is listed in +.Cm DenyGroups +\&. The definition of a locked account is system dependant. Some platforms +have their own account database (eg AIX) and some modify the passwd field ( +.Ql \&*LK\&* +on Solaris and UnixWare, +.Ql \&* +on HP-UX, containing +.Ql Nologin +on Tru64, +a leading +.Ql \&*LOCKED\&* +on FreeBSD and a leading +.Ql \&!! +on Linux). If there is a requirement to disable password authentication +for the account while allowing still public-key, then the passwd field +should be set to something other than these values (eg +.Ql NP +or +.Ql \&*NP\&* +). +.Pp +System security is not improved unless +.Nm rshd , +.Nm rlogind , +and +.Nm rexecd +are disabled (thus completely disabling +.Xr rlogin +and +.Xr rsh +into the machine). +.Ss SSH protocol version 2 +Version 2 works similarly: +Each host has a host-specific key (RSA or DSA) used to identify the host. +However, when the daemon starts, it does not generate a server key. +Forward security is provided through a Diffie-Hellman key agreement. +This key agreement results in a shared session key. +.Pp +The rest of the session is encrypted using a symmetric cipher, currently +128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. +The client selects the encryption algorithm +to use from those offered by the server. +Additionally, session integrity is provided +through a cryptographic message authentication code +(hmac-sha1 or hmac-md5). +.Pp +Protocol version 2 provides a public key based +user (PubkeyAuthentication) or +client host (HostbasedAuthentication) authentication method, +conventional password authentication and challenge response based methods. +.Ss Command execution and data forwarding +If the client successfully authenticates itself, a dialog for +preparing the session is entered. +At this time the client may request +things like allocating a pseudo-tty, forwarding X11 connections, +forwarding TCP connections, or forwarding the authentication agent +connection over the secure channel. +.Pp +Finally, the client either requests a shell or execution of a command. +The sides then enter session mode. +In this mode, either side may send +data at any time, and such data is forwarded to/from the shell or +command on the server side, and the user terminal in the client side. +.Pp +When the user program terminates and all forwarded X11 and other +connections have been closed, the server sends command exit status to +the client, and both sides exit. .Sh CONFIGURATION FILE .Nm reads configuration data from -- cgit v1.2.3 From 7602cba59d11822c51346b44c043a39ef2fe608a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:46:20 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/25 09:07:22 [sshd.8] move subsections to full sections; --- ChangeLog | 5 ++++- sshd.8 | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5ec6e615d..9229652e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ move the options description up the page, and a few additional tweaks whilst in here; ok markus + - jmc@cvs.openbsd.org 2006/01/25 09:07:22 + [sshd.8] + move subsections to full sections; 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3734,4 +3737,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4096 2006/01/31 10:45:53 djm Exp $ +$Id: ChangeLog,v 1.4097 2006/01/31 10:46:20 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 3ca929d50..15c7651ba 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.212 2006/01/25 09:04:34 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.213 2006/01/25 09:07:22 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -233,7 +233,7 @@ This implementation of supports both SSH protocol version 1 and 2 simultaneously. .Nm works as follows: -.Ss SSH protocol version 1 +.Sh SSH PROTOCOL VERSION 1 Each host has a host-specific RSA key (normally 2048 bits) used to identify the host. Additionally, when @@ -301,7 +301,7 @@ are disabled (thus completely disabling and .Xr rsh into the machine). -.Ss SSH protocol version 2 +.Sh SSH PROTOCOL VERSION 2 Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. However, when the daemon starts, it does not generate a server key. @@ -320,7 +320,7 @@ Protocol version 2 provides a public key based user (PubkeyAuthentication) or client host (HostbasedAuthentication) authentication method, conventional password authentication and challenge response based methods. -.Ss Command execution and data forwarding +.Sh COMMAND EXECUTION AND DATA FORWARDING If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request -- cgit v1.2.3 From bbc59094b95aee8456918c35a8138179d34008a1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:46:51 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/26 08:47:56 [ssh.1] add a section on verifying host keys in dns; written with a lot of help from jakob; feedback dtucker/markus; ok markus --- ChangeLog | 8 +++++++- ssh.1 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 58 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9229652e8..f38e515fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,12 @@ - jmc@cvs.openbsd.org 2006/01/25 09:07:22 [sshd.8] move subsections to full sections; + - jmc@cvs.openbsd.org 2006/01/26 08:47:56 + [ssh.1] + add a section on verifying host keys in dns; + written with a lot of help from jakob; + feedback dtucker/markus; + ok markus 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3737,4 +3743,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4097 2006/01/31 10:46:20 djm Exp $ +$Id: ChangeLog,v 1.4098 2006/01/31 10:46:51 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 3fe142dc1..309782879 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.251 2006/01/20 00:14:55 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.252 2006/01/26 08:47:56 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -810,15 +810,6 @@ The option can be used to control logins to machines whose host key is not known or has changed. .Pp -.Nm -can be configured to verify host identification using fingerprint resource -records (SSHFP) published in DNS. -The -.Cm VerifyHostKeyDNS -option can be used to control how DNS lookups are performed. -SSHFP resource records can be generated using -.Xr ssh-keygen 1 . -.Pp When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -1006,6 +997,56 @@ and options above) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. +.Sh VERIFYING HOST KEYS +When connecting to a server for the first time, +a fingerprint of the server's public key is presented to the user +(unless the option +.Cm StrictHostKeyChecking +has been disabled). +Fingerprints can be determined using +.Xr ssh-keygen 1 : +.Pp +.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key +.Pp +If the fingerprint is already known, +it can be matched and verified, +and the key can be accepted. +If the fingerprint is unknown, +an alternative method of verification is available: +SSH fingerprints verified by DNS. +An additional resource record (RR), +SSHFP, +is added to a zonefile +and the connecting client is able to match the fingerprint +with that of the key presented. +.Pp +In this example, we are connecting a client to a server, +.Dq host.example.com . +The SSHFP resource records should first be added to the zonefile for +host.example.com: +.Bd -literal -offset indent +$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. +$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. +.Ed +.Pp +The output lines will have to be added to the zonefile. +To check that the zone is answering fingerprint queries: +.Pp +.Dl $ dig -t SSHFP host.example.com +.Pp +Finally the client connects: +.Bd -literal -offset indent +$ ssh -o "VerifyHostKeyDNS ask" host.example.com +[...] +Matching host key fingerprint found in DNS. +Are you sure you want to continue connecting (yes/no)? +.Ed +.Pp +See the +.Cm VerifyHostKeyDNS +option in +.Xr ssh_config 5 +for more information. .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS .Nm contains support for Virtual Private Network (VPN) tunnelling -- cgit v1.2.3 From e204f6aa0dc399dfb709f3def13b9c4f8ab35357 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:47:15 +1100 Subject: - reyk@cvs.openbsd.org 2006/01/30 12:22:22 [channels.c] mark channel as write failed or dead instead of read failed on error of the channel output filter. ok markus@ --- ChangeLog | 7 ++++++- channels.c | 8 ++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f38e515fd..879ac1065 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ written with a lot of help from jakob; feedback dtucker/markus; ok markus + - reyk@cvs.openbsd.org 2006/01/30 12:22:22 + [channels.c] + mark channel as write failed or dead instead of read failed on error + of the channel output filter. + ok markus@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3743,4 +3748,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4098 2006/01/31 10:46:51 djm Exp $ +$Id: ChangeLog,v 1.4099 2006/01/31 10:47:15 djm Exp $ diff --git a/channels.c b/channels.c index 5fa80fbad..1252f3446 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.231 2005/12/30 15:56:36 reyk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1466,7 +1466,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) if (c->output_filter != NULL) { if ((buf = c->output_filter(c, &data, &dlen)) == NULL) { debug2("channel %d: filter stops", c->self); - chan_read_failed(c); + if (c->type != SSH_CHANNEL_OPEN) + chan_mark_dead(c); + else + chan_write_failed(c); + return -1; } } else if (c->datagram) { buf = data = buffer_get_string(&c->output, &dlen); -- cgit v1.2.3 From b5dd55cccc7096d3db59378bba44920183f34110 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:47:58 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/30 13:37:49 [ssh.1] remove an incorrect sentence; reported by roumen petrov; ok djm markus --- ChangeLog | 7 ++++++- ssh.1 | 5 +---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 879ac1065..51c272248 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,11 @@ mark channel as write failed or dead instead of read failed on error of the channel output filter. ok markus@ + - jmc@cvs.openbsd.org 2006/01/30 13:37:49 + [ssh.1] + remove an incorrect sentence; + reported by roumen petrov; + ok djm markus 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3748,4 +3753,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4099 2006/01/31 10:47:15 djm Exp $ +$Id: ChangeLog,v 1.4100 2006/01/31 10:47:58 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 309782879..f4c677628 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.252 2006/01/26 08:47:56 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.253 2006/01/30 13:37:49 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1256,9 +1256,6 @@ sensitive part of this file using 3DES. Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. -They are -never used automatically and are not necessary: they are only provided for -the convenience of the user. .Pp .It ~/.ssh/known_hosts Contains a list of host keys for all hosts the user has logged into -- cgit v1.2.3 From 3eec6b73a2c446225fce546d61d83cfc695fbaa0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:49:27 +1100 Subject: - djm@cvs.openbsd.org 2006/01/31 10:19:02 [misc.c misc.h scp.c sftp.c] fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ --- ChangeLog | 7 +++- misc.c | 45 +++++++++++++++++++-- misc.h | 8 +++- scp.c | 132 +++++++++++++++++++++++++++++++++++++++++--------------------- sftp.c | 8 ++-- 5 files changed, 145 insertions(+), 55 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 51c272248..b98fc9115 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,11 @@ remove an incorrect sentence; reported by roumen petrov; ok djm markus + - djm@cvs.openbsd.org 2006/01/31 10:19:02 + [misc.c misc.h scp.c sftp.c] + fix local arbitrary command execution vulnerability on local/local and + remote/remote copies (CVE-2006-0225, bz #1094), patch by + t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3753,4 +3758,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4100 2006/01/31 10:47:58 djm Exp $ +$Id: ChangeLog,v 1.4101 2006/01/31 10:49:27 djm Exp $ diff --git a/misc.c b/misc.c index b876c0030..29e928886 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.41 2006/01/05 23:43:53 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $"); #ifdef SSH_TUN_OPENBSD #include @@ -391,12 +391,15 @@ void addargs(arglist *args, char *fmt, ...) { va_list ap; - char buf[1024]; + char *cp; u_int nalloc; + int r; va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); + r = vasprintf(&cp, fmt, ap); va_end(ap); + if (r == -1) + fatal("addargs: argument too long"); nalloc = args->nalloc; if (args->list == NULL) { @@ -407,10 +410,44 @@ addargs(arglist *args, char *fmt, ...) args->list = xrealloc(args->list, nalloc * sizeof(char *)); args->nalloc = nalloc; - args->list[args->num++] = xstrdup(buf); + args->list[args->num++] = cp; args->list[args->num] = NULL; } +void +replacearg(arglist *args, u_int which, char *fmt, ...) +{ + va_list ap; + char *cp; + int r; + + va_start(ap, fmt); + r = vasprintf(&cp, fmt, ap); + va_end(ap); + if (r == -1) + fatal("replacearg: argument too long"); + + if (which >= args->num) + fatal("replacearg: tried to replace invalid arg %d >= %d", + which, args->num); + xfree(args->list[which]); + args->list[which] = cp; +} + +void +freeargs(arglist *args) +{ + u_int i; + + if (args->list != NULL) { + for (i = 0; i < args->num; i++) + xfree(args->list[i]); + xfree(args->list); + args->nalloc = args->num = 0; + args->list = NULL; + } +} + /* * Expands tildes in the file name. Returns data allocated by xmalloc. * Warning: this calls getpw*. diff --git a/misc.h b/misc.h index 415910686..0a1a09a68 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.28 2005/12/08 18:34:11 reyk Exp $ */ +/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,11 @@ struct arglist { u_int num; u_int nalloc; }; -void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); +void addargs(arglist *, char *, ...) + __attribute__((format(printf, 2, 3))); +void replacearg(arglist *, u_int, char *, ...) + __attribute__((format(printf, 3, 4))); +void freeargs(arglist *); /* readpass.c */ diff --git a/scp.c b/scp.c index 5dced6ce4..2467dcb5c 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.128 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.129 2006/01/31 10:19:02 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -118,6 +118,48 @@ killchild(int signo) exit(1); } +static int +do_local_cmd(arglist *a) +{ + u_int i; + int status; + pid_t pid; + + if (a->num == 0) + fatal("do_local_cmd: no arguments"); + + if (verbose_mode) { + fprintf(stderr, "Executing:"); + for (i = 0; i < a->num; i++) + fprintf(stderr, " %s", a->list[i]); + fprintf(stderr, "\n"); + } + if ((pid = fork()) == -1) + fatal("do_local_cmd: fork: %s", strerror(errno)); + + if (pid == 0) { + execvp(a->list[0], a->list); + perror(a->list[0]); + exit(1); + } + + do_cmd_pid = pid; + signal(SIGTERM, killchild); + signal(SIGINT, killchild); + signal(SIGHUP, killchild); + + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("do_local_cmd: waitpid: %s", strerror(errno)); + + do_cmd_pid = -1; + + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) + return (-1); + + return (0); +} + /* * This function executes the given command as the specified user on the * given host. This returns < 0 if execution fails, and >= 0 otherwise. This @@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) close(pin[0]); close(pout[1]); - args.list[0] = ssh_program; + replacearg(&args, 0, "%s", ssh_program); if (remuser != NULL) addargs(&args, "-l%s", remuser); addargs(&args, "%s", host); @@ -227,8 +269,9 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, "%s", ssh_program); addargs(&args, "-x"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); @@ -368,6 +411,10 @@ toremote(char *targ, int argc, char **argv) { int i, len; char *bp, *host, *src, *suser, *thost, *tuser, *arg; + arglist alist; + + memset(&alist, '\0', sizeof(alist)); + alist.list = NULL; *targ++ = 0; if (*targ == 0) @@ -385,56 +432,48 @@ toremote(char *targ, int argc, char **argv) tuser = NULL; } + if (tuser != NULL && !okname(tuser)) { + xfree(arg); + return; + } + for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); if (src) { /* remote to remote */ - static char *ssh_options = - "-x -o'ClearAllForwardings yes'"; + freeargs(&alist); + addargs(&alist, "%s", ssh_program); + if (verbose_mode) + addargs(&alist, "-v"); + addargs(&alist, "-x"); + addargs(&alist, "-oClearAllForwardings yes"); + addargs(&alist, "-n"); + *src++ = 0; if (*src == 0) src = "."; host = strrchr(argv[i], '@'); - len = strlen(ssh_program) + strlen(argv[i]) + - strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + - strlen(ssh_options) + CMDNEEDS + 20; - bp = xmalloc(len); + if (host) { *host++ = 0; host = cleanhostname(host); suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; - else if (!okname(suser)) { - xfree(bp); + else if (!okname(suser)) continue; - } - if (tuser && !okname(tuser)) { - xfree(bp); - continue; - } - snprintf(bp, len, - "%s%s %s -n " - "-l %s %s %s %s '%s%s%s:%s'", - ssh_program, verbose_mode ? " -v" : "", - ssh_options, suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); + addargs(&alist, "-l"); + addargs(&alist, "%s", suser); } else { host = cleanhostname(argv[i]); - snprintf(bp, len, - "exec %s%s %s -n %s " - "%s %s '%s%s%s:%s'", - ssh_program, verbose_mode ? " -v" : "", - ssh_options, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); } - if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp) != 0) + addargs(&alist, "%s", host); + addargs(&alist, "%s", cmd); + addargs(&alist, "%s", src); + addargs(&alist, "%s%s%s:%s", + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + if (do_local_cmd(&alist) != 0) errs = 1; - (void) xfree(bp); } else { /* local to remote */ if (remin == -1) { len = strlen(targ) + CMDNEEDS + 20; @@ -458,20 +497,23 @@ tolocal(int argc, char **argv) { int i, len; char *bp, *host, *src, *suser; + arglist alist; + + memset(&alist, '\0', sizeof(alist)); + alist.list = NULL; for (i = 0; i < argc - 1; i++) { if (!(src = colon(argv[i]))) { /* Local to local. */ - len = strlen(_PATH_CP) + strlen(argv[i]) + - strlen(argv[argc - 1]) + 20; - bp = xmalloc(len); - (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, - iamrecursive ? " -r" : "", pflag ? " -p" : "", - argv[i], argv[argc - 1]); - if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) + freeargs(&alist); + addargs(&alist, "%s", _PATH_CP); + if (iamrecursive) + addargs(&alist, "-r"); + if (pflag) + addargs(&alist, "-p"); + addargs(&alist, "%s", argv[i]); + addargs(&alist, "%s", argv[argc-1]); + if (do_local_cmd(&alist)) ++errs; - (void) xfree(bp); continue; } *src++ = 0; diff --git a/sftp.c b/sftp.c index 24f6dc538..a2e3f6aad 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.69 2005/12/06 22:38:27 reyk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -1453,8 +1453,9 @@ main(int argc, char **argv) sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, ssh_program); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); addargs(&args, "-oPermitLocalCommand no"); @@ -1489,6 +1490,7 @@ main(int argc, char **argv) break; case 'S': ssh_program = optarg; + replacearg(&args, 0, "%s", ssh_program); break; case 'b': if (batchmode) @@ -1565,7 +1567,6 @@ main(int argc, char **argv) addargs(&args, "%s", host); addargs(&args, "%s", (sftp_server != NULL ? sftp_server : "sftp")); - args.list[0] = ssh_program; if (!batchmode) fprintf(stderr, "Connecting to %s...\n", host); @@ -1578,6 +1579,7 @@ main(int argc, char **argv) fprintf(stderr, "Attaching to %s...\n", sftp_direct); connect_to_server(sftp_direct, args.list, &in, &out); } + freeargs(&args); err = interactive_loop(in, out, file1, file2); -- cgit v1.2.3 From c34940c1f522b09ffe7086dea0253ebe5c104417 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:57:27 +1100 Subject: - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 [regress/multiplex.sh] Don't call cleanup in multiplex as test-exec will cleanup anyway found by tim@, ok djm@ NB. ID sync only, we already had this --- ChangeLog | 11 ++++++++++- regress/multiplex.sh | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b98fc9115..d58050a0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,15 @@ fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ + - (djm) Sync regress tests to OpenBSD: + - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 + [regress/forwarding.sh] + Regress test for ClearAllForwardings (bz #994); ok markus@ + - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 + [regress/multiplex.sh] + Don't call cleanup in multiplex as test-exec will cleanup anyway + found by tim@, ok djm@ + NB. ID sync only, we already had this 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3758,4 +3767,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4101 2006/01/31 10:49:27 djm Exp $ +$Id: ChangeLog,v 1.4103 2006/01/31 10:58:38 djm Exp $ diff --git a/regress/multiplex.sh b/regress/multiplex.sh index a172e5790..4fba7b5ac 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ +# $OpenBSD: multiplex.sh,v 1.11 2005/04/25 09:54:09 dtucker Exp $ # Placed in the Public Domain. CTL=/tmp/openssh.regress.ctl-sock.$$ -- cgit v1.2.3 From f0cbb3d7cbaad8ac4fad999f4e98d69da510d0ef Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:58:23 +1100 Subject: - (djm) Sync regress tests to OpenBSD: - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 [regress/forwarding.sh] Regress test for ClearAllForwardings (bz #994); ok markus@ --- ChangeLog | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d58050a0c..cf9e53bcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,11 +37,6 @@ - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 [regress/forwarding.sh] Regress test for ClearAllForwardings (bz #994); ok markus@ - - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 - [regress/multiplex.sh] - Don't call cleanup in multiplex as test-exec will cleanup anyway - found by tim@, ok djm@ - NB. ID sync only, we already had this 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3767,4 +3762,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4103 2006/01/31 10:58:38 djm Exp $ +$Id: ChangeLog,v 1.4102 2006/01/31 10:58:23 djm Exp $ -- cgit v1.2.3 From 76be6b8765f88b72c354941b523efbefa14561fe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:59:01 +1100 Subject: - djm@cvs.openbsd.org 2005/05/20 23:14:15 [regress/test-exec.sh] force addressfamily=inet for tests, unbreaking dynamic-forward regress for recently committed nc SOCKS5 changes --- ChangeLog | 11 ++++++++++- regress/test-exec.sh | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cf9e53bcf..cb5a6fc48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,15 @@ - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 [regress/forwarding.sh] Regress test for ClearAllForwardings (bz #994); ok markus@ + - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 + [regress/multiplex.sh] + Don't call cleanup in multiplex as test-exec will cleanup anyway + found by tim@, ok djm@ + NB. ID sync only, we already had this + - djm@cvs.openbsd.org 2005/05/20 23:14:15 + [regress/test-exec.sh] + force addressfamily=inet for tests, unbreaking dynamic-forward regress for + recently committed nc SOCKS5 changes 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3762,4 +3771,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4102 2006/01/31 10:58:23 djm Exp $ +$Id: ChangeLog,v 1.4104 2006/01/31 10:59:01 djm Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index de643154e..bfbb305b4 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -194,6 +194,7 @@ trap fatal 3 2 cat << EOF > $OBJ/sshd_config StrictModes no Port $PORT + AddressFamily inet ListenAddress 127.0.0.1 #ListenAddress ::1 PidFile $PIDFILE -- cgit v1.2.3 From ec7b2f12f00cf0655d88dc543323621df2f36c64 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 21:59:35 +1100 Subject: - djm@cvs.openbsd.org 2005/05/24 04:10:54 [regress/try-ciphers.sh] oops, new arcfour modes here too --- ChangeLog | 5 ++++- regress/try-ciphers.sh | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cb5a6fc48..932ba4151 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,9 @@ [regress/test-exec.sh] force addressfamily=inet for tests, unbreaking dynamic-forward regress for recently committed nc SOCKS5 changes + - djm@cvs.openbsd.org 2005/05/24 04:10:54 + [try-ciphers.sh] + oops, new arcfour modes here too 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3771,4 +3774,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4104 2006/01/31 10:59:01 djm Exp $ +$Id: ChangeLog,v 1.4105 2006/01/31 10:59:35 djm Exp $ diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index c6e1b9152..379fe353a 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh @@ -1,9 +1,10 @@ -# $OpenBSD: try-ciphers.sh,v 1.9 2004/02/28 13:44:45 dtucker Exp $ +# $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $ # Placed in the Public Domain. tid="try ciphers" -ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour +ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc + arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" -- cgit v1.2.3 From 10c5fa7e8766c332b1e04e95fc5d761ee2407214 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:01:42 +1100 Subject: - markus@cvs.openbsd.org 2005/06/30 11:02:37 [regress/scp.sh] allow SUDO=sudo; from Alexander Bluhm --- ChangeLog | 7 +++++-- regress/scp.sh | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 932ba4151..ea8ae91ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,8 +47,11 @@ force addressfamily=inet for tests, unbreaking dynamic-forward regress for recently committed nc SOCKS5 changes - djm@cvs.openbsd.org 2005/05/24 04:10:54 - [try-ciphers.sh] + [regress/try-ciphers.sh] oops, new arcfour modes here too + - markus@cvs.openbsd.org 2005/06/30 11:02:37 + [regress/scp.sh] + allow SUDO=sudo; from Alexander Bluhm 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3774,4 +3777,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4105 2006/01/31 10:59:35 djm Exp $ +$Id: ChangeLog,v 1.4106 2006/01/31 11:01:42 djm Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index c3034b6e7..1043b8ea2 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $ +# $OpenBSD: scp.sh,v 1.4 2005/06/30 11:02:37 markus Exp $ # Placed in the Public Domain. tid="scp" @@ -73,7 +73,7 @@ if [ ! -z "$SUDO" ]; then chmod 660 ${DIR2}/copy $SUDO chown root ${DIR2}/copy $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 - diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" $SUDO rm ${DIR2}/copy fi -- cgit v1.2.3 From 27a0dfaea9e4bcea6d434a5ea5363869dfe2f73a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:02:16 +1100 Subject: - grunk@cvs.openbsd.org 2005/11/14 21:25:56 [regress/agent-getpeereid.sh] all other scripts in this dir use $SUDO, not 'sudo', so pull this even ok markus@ --- ChangeLog | 6 +++++- regress/agent-getpeereid.sh | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ea8ae91ae..b9e4e2a50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -52,6 +52,10 @@ - markus@cvs.openbsd.org 2005/06/30 11:02:37 [regress/scp.sh] allow SUDO=sudo; from Alexander Bluhm + - grunk@cvs.openbsd.org 2005/11/14 21:25:56 + [regress/agent-getpeereid.sh] + all other scripts in this dir use $SUDO, not 'sudo', so pull this even + ok markus@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3777,4 +3781,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4106 2006/01/31 11:01:42 djm Exp $ +$Id: ChangeLog,v 1.4107 2006/01/31 11:02:16 djm Exp $ diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 46d20dc2b..6186a8d48 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.2 2005/11/14 21:25:56 grunk Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -27,7 +27,7 @@ else fail "ssh-add failed with $r != 1" fi - < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 + < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 r=$? if [ $r -lt 2 ]; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" -- cgit v1.2.3 From 15a815bb6476ddba55508b177773c9c99c6fe46e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:03:11 +1100 Subject: - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 [regress/scp-ssh-wrapper.sh] Fix assumption about how many args scp will pass; ok djm@ NB. ID sync only, we already had this --- ChangeLog | 6 +++++- regress/scp-ssh-wrapper.sh | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b9e4e2a50..377e6242b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,10 @@ [regress/agent-getpeereid.sh] all other scripts in this dir use $SUDO, not 'sudo', so pull this even ok markus@ + - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 + [regress/scp-ssh-wrapper.sh] + Fix assumption about how many args scp will pass; ok djm@ + NB. ID sync only, we already had this 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3781,4 +3785,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4107 2006/01/31 11:02:16 djm Exp $ +$Id: ChangeLog,v 1.4108 2006/01/31 11:03:11 djm Exp $ diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh index 594337d11..d1005a995 100644 --- a/regress/scp-ssh-wrapper.sh +++ b/regress/scp-ssh-wrapper.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $ +# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $ # Placed in the Public Domain. printname () { -- cgit v1.2.3 From 0b996462f842e6b5a5d409ad4538e1779dd69bf6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:05:23 +1100 Subject: - djm@cvs.openbsd.org 2006/01/27 06:49:21 [scp.sh] regress test for local to local scp copies; ok dtucker@ --- ChangeLog | 5 ++++- regress/scp.sh | 20 +++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 377e6242b..4cdd5714d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -60,6 +60,9 @@ [regress/scp-ssh-wrapper.sh] Fix assumption about how many args scp will pass; ok djm@ NB. ID sync only, we already had this + - djm@cvs.openbsd.org 2006/01/27 06:49:21 + [scp.sh] + regress test for local to local scp copies; ok dtucker@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3785,4 +3788,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4108 2006/01/31 11:03:11 djm Exp $ +$Id: ChangeLog,v 1.4109 2006/01/31 11:05:23 djm Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index 1043b8ea2..02f541011 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.4 2005/06/30 11:02:37 markus Exp $ +# $OpenBSD: scp.sh,v 1.5 2006/01/27 06:49:21 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -28,6 +28,11 @@ scpclean() { mkdir ${DIR} ${DIR2} } +verbose "$tid: simple copy local file to local file" +scpclean +$SCP $scpopts ${DATA} ${COPY} || fail "copy failed" +cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tid: simple copy local file to remote file" scpclean $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" @@ -44,6 +49,12 @@ cp ${DATA} ${COPY} $SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" cmp ${COPY} ${DIR}/copy || fail "corrupted copy" +verbose "$tid: simple copy local file to local dir" +scpclean +cp ${DATA} ${COPY} +$SCP $scpopts ${COPY} ${DIR} || fail "copy failed" +cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tid: simple copy remote file to local dir" scpclean cp ${DATA} ${COPY} @@ -57,6 +68,13 @@ cp ${DATA} ${DIR}/copy $SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" +verbose "$tid: recursive local dir to local dir" +scpclean +rm -rf ${DIR2} +cp ${DATA} ${DIR}/copy +$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" +diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tid: recursive remote dir to local dir" scpclean rm -rf ${DIR2} -- cgit v1.2.3 From 7410ad79f85a62361a6e40ac4ea11e6504408666 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:06:14 +1100 Subject: - djm@cvs.openbsd.org 2006/01/31 10:23:23 [scp.sh] regression test for CVE-2006-0225 written by dtucker@ --- ChangeLog | 5 ++++- regress/scp.sh | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4cdd5714d..1851eab95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -63,6 +63,9 @@ - djm@cvs.openbsd.org 2006/01/27 06:49:21 [scp.sh] regress test for local to local scp copies; ok dtucker@ + - djm@cvs.openbsd.org 2006/01/31 10:23:23 + [scp.sh] + regression test for CVE-2006-0225 written by dtucker@ 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3788,4 +3791,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4109 2006/01/31 11:05:23 djm Exp $ +$Id: ChangeLog,v 1.4110 2006/01/31 11:06:14 djm Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index 02f541011..bfda670bb 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.5 2006/01/27 06:49:21 djm Exp $ +# $OpenBSD: scp.sh,v 1.6 2006/01/31 10:23:23 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -82,6 +82,13 @@ cp ${DATA} ${DIR}/copy $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" +verbose "$tid: shell metacharacters" +scpclean +(cd ${DIR} && \ +touch '`touch metachartest`' && \ +$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ +[ ! -f metachartest ] ) || fail "shell metacharacters" + if [ ! -z "$SUDO" ]; then verbose "$tid: skipped file after scp -p with failed chown+utimes" scpclean -- cgit v1.2.3 From 50c6eedce395ad0b828067c5e65ce9eb9e1543af Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:06:41 +1100 Subject: - djm@cvs.openbsd.org 2006/01/31 10:36:33 [scp.sh] regress test for "scp a b c" where "c" is not a directory --- ChangeLog | 5 ++++- regress/scp.sh | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1851eab95..901611fef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,9 @@ - djm@cvs.openbsd.org 2006/01/31 10:23:23 [scp.sh] regression test for CVE-2006-0225 written by dtucker@ + - djm@cvs.openbsd.org 2006/01/31 10:36:33 + [scp.sh] + regress test for "scp a b c" where "c" is not a directory 20060129 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the @@ -3791,4 +3794,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4110 2006/01/31 11:06:14 djm Exp $ +$Id: ChangeLog,v 1.4111 2006/01/31 11:06:41 djm Exp $ diff --git a/regress/scp.sh b/regress/scp.sh index bfda670bb..c5d412dd9 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.6 2006/01/31 10:23:23 djm Exp $ +# $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -116,5 +116,12 @@ for i in 0 1 2 3 4; do [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" done +verbose "$tid: detect non-directory target" +scpclean +echo a > ${COPY} +echo b > ${COPY2} +$SCP $scpopts ${DATA} ${COPY} ${COPY2} +cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" + scpclean rm -f ${OBJ}/scp-ssh-wrapper.scp -- cgit v1.2.3 From 923f1ce0b779e59bb7c0cf46351b8a262964e7f3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 22:11:37 +1100 Subject: - djm@cvs.openbsd.org 2006/01/31 10:35:43 [scp.c] "scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@ --- ChangeLog | 6 +++++- scp.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 901611fef..8d7e1ccc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,10 @@ fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ + - djm@cvs.openbsd.org 2006/01/31 10:35:43 + [scp.c] + "scp a b c" shouldn't clobber "c" when it is not a directory, report and + fix from biorn@; ok markus@ - (djm) Sync regress tests to OpenBSD: - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 [regress/forwarding.sh] @@ -3794,4 +3798,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4111 2006/01/31 11:06:41 djm Exp $ +$Id: ChangeLog,v 1.4112 2006/01/31 11:11:37 djm Exp $ diff --git a/scp.c b/scp.c index 2467dcb5c..620024ea7 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.129 2006/01/31 10:19:02 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -383,9 +383,9 @@ main(int argc, char **argv) if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ toremote(targ, argc, argv); else { - tolocal(argc, argv); /* Dest is local host. */ if (targetshouldbedirectory) verifydir(argv[argc - 1]); + tolocal(argc, argv); /* Dest is local host. */ } /* * Finally check the exit status of the ssh process, if one was forked -- cgit v1.2.3 From e682cb07803f71ec01e15394ac8445431cfda176 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 11:21:01 +1100 Subject: - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to determine the user's login name - needed for regress tests on Solaris 10 and OpenSolaris --- ChangeLog | 7 ++++++- regress/test-exec.sh | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8d7e1ccc3..dfd6db809 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060201 + - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to + determine the user's login name - needed for regress tests on Solaris + 10 and OpenSolaris + 20060131 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/20 11:21:45 @@ -3798,4 +3803,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4112 2006/01/31 11:11:37 djm Exp $ +$Id: ChangeLog,v 1.4113 2006/02/01 00:21:01 djm Exp $ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index bfbb305b4..59ae33c08 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -24,6 +24,8 @@ if [ -x /usr/ucb/whoami ]; then USER=`/usr/ucb/whoami` elif whoami >/dev/null 2>&1; then USER=`whoami` +elif logname >/dev/null 2>&1; then + USER=`logname` else USER=`id -un` fi -- cgit v1.2.3 From 8bbdf90f3333a148eb655993e47b0168d907693d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:05:25 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/02/01 09:06:50 [sshd.8] - merge sections on protocols 1 and 2 into a single section - remove configuration file section ok markus --- ChangeLog | 8 ++++++- sshd.8 | 81 +++++++++++++++++++++++++++------------------------------------ 2 files changed, 42 insertions(+), 47 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index dfd6db809..1d352d967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to determine the user's login name - needed for regress tests on Solaris 10 and OpenSolaris + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/02/01 09:06:50 + [sshd.8] + - merge sections on protocols 1 and 2 into a single section + - remove configuration file section + ok markus 20060131 - (djm) OpenBSD CVS Sync @@ -3803,4 +3809,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4113 2006/02/01 00:21:01 djm Exp $ +$Id: ChangeLog,v 1.4114 2006/02/01 11:05:25 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 15c7651ba..0bc5f820a 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.213 2006/01/25 09:07:22 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.214 2006/02/01 09:06:50 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -227,20 +227,26 @@ USER@HOST pattern in or .Cm DenyUsers . .El -.Pp -This implementation of -.Nm -supports both SSH protocol version 1 and 2 simultaneously. -.Nm -works as follows: -.Sh SSH PROTOCOL VERSION 1 -Each host has a host-specific RSA key -(normally 2048 bits) used to identify the host. -Additionally, when -the daemon starts, it generates a server RSA key (normally 768 bits). +.Sh AUTHENTICATION +The OpenSSH SSH daemon supports SSH protocols 1 and 2. +Both protocols are supported by default, +though this can be changed via the +.Cm Protocol +option in +.Xr sshd_config 5 . +Protocol 2 supports both RSA and DSA keys; +protocol 1 only supports RSA keys. +For both protocols, +each host has a host-specific key, +normally 2048 bits, +used to identify the host. +.Pp +Forward security for protocol 1 is provided through +an additional server key, +normally 768 bits, +generated when the server starts. This key is normally regenerated every hour if it has been used, and is never stored on disk. -.Pp Whenever a client connects, the daemon responds with its public host and server keys. The client compares the @@ -258,12 +264,23 @@ being used by default. The client selects the encryption algorithm to use from those offered by the server. .Pp -Next, the server and the client enter an authentication dialog. +For protocol 2, +forward security is provided through a Diffie-Hellman key agreement. +This key agreement results in a shared session key. +The rest of the session is encrypted using a symmetric cipher, currently +128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. +The client selects the encryption algorithm +to use from those offered by the server. +Additionally, session integrity is provided +through a cryptographic message authentication code +(hmac-sha1 or hmac-md5). +.Pp +Finally, the server and the client enter an authentication dialog. The client tries to authenticate itself using -.Em rhosts -authentication combined with RSA host -authentication, RSA challenge-response authentication, or password -based authentication. +host-based authentication, +public key authentication, +challenge-response authentication, +or password authentication. .Pp Regardless of the authentication type, the account is checked to ensure that it is accessible. An account is not accessible if it is @@ -301,25 +318,6 @@ are disabled (thus completely disabling and .Xr rsh into the machine). -.Sh SSH PROTOCOL VERSION 2 -Version 2 works similarly: -Each host has a host-specific key (RSA or DSA) used to identify the host. -However, when the daemon starts, it does not generate a server key. -Forward security is provided through a Diffie-Hellman key agreement. -This key agreement results in a shared session key. -.Pp -The rest of the session is encrypted using a symmetric cipher, currently -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. -The client selects the encryption algorithm -to use from those offered by the server. -Additionally, session integrity is provided -through a cryptographic message authentication code -(hmac-sha1 or hmac-md5). -.Pp -Protocol version 2 provides a public key based -user (PubkeyAuthentication) or -client host (HostbasedAuthentication) authentication method, -conventional password authentication and challenge response based methods. .Sh COMMAND EXECUTION AND DATA FORWARDING If the client successfully authenticates itself, a dialog for preparing the session is entered. @@ -337,15 +335,6 @@ command on the server side, and the user terminal in the client side. When the user program terminates and all forwarded X11 and other connections have been closed, the server sends command exit status to the client, and both sides exit. -.Sh CONFIGURATION FILE -.Nm -reads configuration data from -.Pa /etc/ssh/sshd_config -(or the file specified with -.Fl f -on the command line). -The file format and configuration options are described in -.Xr sshd_config 5 . .Sh LOGIN PROCESS When a user successfully logs in, .Nm -- cgit v1.2.3 From 2ac05779f76c651928eba7899165a4dca02f7b8f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:05:42 +1100 Subject: - jmc@cvs.openbsd.org 2006/02/01 09:11:41 [sshd.8] small tweak; --- ChangeLog | 5 ++++- sshd.8 | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1d352d967..1b9dc9cb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ - merge sections on protocols 1 and 2 into a single section - remove configuration file section ok markus + - jmc@cvs.openbsd.org 2006/02/01 09:11:41 + [sshd.8] + small tweak; 20060131 - (djm) OpenBSD CVS Sync @@ -3809,4 +3812,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4114 2006/02/01 11:05:25 djm Exp $ +$Id: ChangeLog,v 1.4115 2006/02/01 11:05:42 djm Exp $ diff --git a/sshd.8 b/sshd.8 index 0bc5f820a..51d339b65 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.214 2006/02/01 09:06:50 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -217,7 +217,7 @@ from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include .Cm RhostsRSAAuthentication , -.Cm HostbasedAuthentication +.Cm HostbasedAuthentication , and using a .Cm from="pattern-list" option in a key file. -- cgit v1.2.3 From 0d689568a480b317b6149f679b3e0bd17bb0e5ff Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:10:47 +1100 Subject: - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update versions ahead of release --- ChangeLog | 4 +++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1b9dc9cb5..08aded0bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ - jmc@cvs.openbsd.org 2006/02/01 09:11:41 [sshd.8] small tweak; + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update versions ahead of release 20060131 - (djm) OpenBSD CVS Sync @@ -3812,4 +3814,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4115 2006/02/01 11:05:42 djm Exp $ +$Id: ChangeLog,v 1.4116 2006/02/01 11:10:47 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index bfde0fefc..077b86b3a 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.2p1 + %define version 4.3p1 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.55 2005/09/01 09:10:49 djm Exp $ +$Id: openssh.spec,v 1.56 2006/02/01 11:10:48 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 049b07fe4..545e27b64 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.2p1 +%define ver 4.3p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 27d043e3b..e7739bd91 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.2p1 +Version: 4.3p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From c79824bbabd95f0cb8aae3ed33687e7459be55d5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:27:31 +1100 Subject: - markus@cvs.openbsd.org 2006/02/01 11:27:22 [version.h] openssh 4.3 --- ChangeLog | 5 ++++- version.h | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 08aded0bf..1b2629237 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ small tweak; - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update versions ahead of release + - markus@cvs.openbsd.org 2006/02/01 11:27:22 + [version.h] + openssh 4.3 20060131 - (djm) OpenBSD CVS Sync @@ -3814,4 +3817,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4116 2006/02/01 11:10:47 djm Exp $ +$Id: ChangeLog,v 1.4117 2006/02/01 11:27:31 djm Exp $ diff --git a/version.h b/version.h index b9c87e2fb..2b729524e 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.45 2005/08/31 09:28:42 markus Exp $ */ +/* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */ -#define SSH_VERSION "OpenSSH_4.2" +#define SSH_VERSION "OpenSSH_4.3" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From bfd52192f3f6b2c836136019e07dbcbb56cc63a0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:32:17 +1100 Subject: - (djm) Release OpenSSH 4.3p1 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1b2629237..cc7daba5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,7 @@ - markus@cvs.openbsd.org 2006/02/01 11:27:22 [version.h] openssh 4.3 + - (djm) Release OpenSSH 4.3p1 20060131 - (djm) OpenBSD CVS Sync @@ -3817,4 +3818,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117 2006/02/01 11:27:31 djm Exp $ +$Id: ChangeLog,v 1.4118 2006/02/01 11:32:17 djm Exp $ -- cgit v1.2.3 From 94adad6303bec6aa9042d85d0ac47c23fe4b3b01 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Feb 2006 22:33:14 +1100 Subject: - (djm) Release OpenSSH 4.3p1 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cc7daba5e..b55b7692c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3818,4 +3818,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4118 2006/02/01 11:32:17 djm Exp $ +$Id: ChangeLog,v 1.4117.2.1 2006/02/01 11:33:14 djm Exp $ -- cgit v1.2.3 From a983b762cd5b717f30d011823cfb47540d5320c0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 2 Feb 2006 18:44:04 +1100 Subject: - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. --- ChangeLog | 6 +++++- configure.ac | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b55b7692c..164b6595a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060202 + - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it + works with picky compilers. Patch from alex.kiernan at thus.net. + 20060201 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to determine the user's login name - needed for regress tests on Solaris @@ -3818,4 +3822,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.1 2006/02/01 11:33:14 djm Exp $ +$Id: ChangeLog,v 1.4117.2.2 2006/02/02 07:44:04 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 70e26deea..8e1ea9764 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322 2006/01/29 13:22:39 dtucker Exp $ +# $Id: configure.ac,v 1.322.2.1 2006/02/02 07:44:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1832,7 +1832,7 @@ AC_COMPILE_IFELSE( [AC_LANG_SOURCE([[ #include #include -int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)} +int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);} ]])], [ AC_MSG_RESULT(no) -- cgit v1.2.3 From e9d6269fc51cf153cdca40cc82c5ec188df74c17 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 2 Feb 2006 19:16:11 -0800 Subject: - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run by a platform specific check, builtin standard includes tests will be skipped on the other platforms. Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. OK tim@, djm@. --- ChangeLog | 10 +++++++++- configure.ac | 3 ++- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 164b6595a..5e33dc517 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20060203 + - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first + AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run + by a platform specific check, builtin standard includes tests will be + skipped on the other platforms. + Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. + OK tim@, djm@. + 20060202 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it works with picky compilers. Patch from alex.kiernan at thus.net. @@ -3822,4 +3830,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.2 2006/02/02 07:44:04 dtucker Exp $ +$Id: ChangeLog,v 1.4117.2.3 2006/02/03 03:16:11 tim Exp $ diff --git a/configure.ac b/configure.ac index 8e1ea9764..20b15c622 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322.2.1 2006/02/02 07:44:05 dtucker Exp $ +# $Id: configure.ac,v 1.322.2.2 2006/02/03 03:16:11 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -27,6 +27,7 @@ AC_PROG_AWK AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL +AC_PROG_EGREP AC_PATH_PROG(AR, ar) AC_PATH_PROG(CAT, cat) AC_PATH_PROG(KILL, kill) -- cgit v1.2.3 From bde717b825beca3b819a17cb813dec44a293a353 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:34:55 -0800 Subject: - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 11 +++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5e33dc517..8464c7c45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060205 + - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test + for Solaris. OK dtucker@. + 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run @@ -3830,4 +3834,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.3 2006/02/03 03:16:11 tim Exp $ +$Id: ChangeLog,v 1.4117.2.4 2006/02/05 01:34:55 tim Exp $ diff --git a/configure.ac b/configure.ac index 20b15c622..f1cf15e8c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322.2.2 2006/02/03 03:16:11 tim Exp $ +# $Id: configure.ac,v 1.322.2.3 2006/02/05 01:34:55 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,6 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) +AC_REVISION($Revision: 1.322.2.3 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -673,7 +674,6 @@ AC_CHECK_HEADERS( \ glob.h \ ia.h \ iaf.h \ - lastlog.h \ limits.h \ login.h \ login_cap.h \ @@ -724,6 +724,13 @@ AC_CHECK_HEADERS( \ vis.h \ ) +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + # sys/ptms.h requires sys/stream.h to be included first on Solaris AC_CHECK_HEADERS(sys/ptms.h, [], [], [ #ifdef HAVE_SYS_STREAM_H -- cgit v1.2.3 From f046fa3e8e29759bc3cc40df7f671f97c9512697 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sat, 4 Feb 2006 17:44:00 -0800 Subject: - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by kraai at ftbfs.org. --- ChangeLog | 4 +++- configure.ac | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8464c7c45..86c883e69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. + - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by + kraai at ftbfs.org. 20060203 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first @@ -3834,4 +3836,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.4 2006/02/05 01:34:55 tim Exp $ +$Id: ChangeLog,v 1.4117.2.5 2006/02/05 01:44:00 tim Exp $ diff --git a/configure.ac b/configure.ac index f1cf15e8c..16f168bab 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322.2.3 2006/02/05 01:34:55 tim Exp $ +# $Id: configure.ac,v 1.322.2.4 2006/02/05 01:44:01 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.322.2.3 $) +AC_REVISION($Revision: 1.322.2.4 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -577,12 +577,13 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) ;; -*-*-nto-qnx) +*-*-nto-qnx*) AC_DEFINE(USE_PIPES) AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) + AC_DEFINE(DISABLE_LASTLOG) ;; *-*-ultrix*) -- cgit v1.2.3 From f8e2ef1557d84c70abd1a0e360830a85fedf53a4 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 5 Feb 2006 11:28:11 -0800 Subject: - (tim) [configure.ac] Remove unnecessary tests for net/if.h and netinet/in_systm.h. OK dtucker@. --- ChangeLog | 6 +++++- configure.ac | 6 ++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 86c883e69..40bce675b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20060206 + - (tim) [configure.ac] Remove unnecessary tests for net/if.h and + netinet/in_systm.h. OK dtucker@. + 20060205 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test for Solaris. OK dtucker@. @@ -3836,4 +3840,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.5 2006/02/05 01:44:00 tim Exp $ +$Id: ChangeLog,v 1.4117.2.6 2006/02/05 19:28:11 tim Exp $ diff --git a/configure.ac b/configure.ac index 16f168bab..512d57b7f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322.2.4 2006/02/05 01:44:01 tim Exp $ +# $Id: configure.ac,v 1.322.2.5 2006/02/05 19:28:11 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.322.2.4 $) +AC_REVISION($Revision: 1.322.2.5 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -680,10 +680,8 @@ AC_CHECK_HEADERS( \ login_cap.h \ maillock.h \ ndir.h \ - net/if.h \ netdb.h \ netgroup.h \ - netinet/in_systm.h \ pam/pam_appl.h \ paths.h \ pty.h \ -- cgit v1.2.3 From cefc0e9b28624243e3c704684164676acf6befe2 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 7 Feb 2006 15:18:54 -0800 Subject: - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. --- ChangeLog | 7 ++++++- session.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 40bce675b..0ebdc2106 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060208 + - (tim) [session.c] Logout records were not updated on systems with + post auth privsep disabled due to bug 1086 changes. Analysis and patch + by vinschen at redhat.com. OK tim@, dtucker@. + 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and netinet/in_systm.h. OK dtucker@. @@ -3840,4 +3845,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.6 2006/02/05 19:28:11 tim Exp $ +$Id: ChangeLog,v 1.4117.2.7 2006/02/07 23:18:54 tim Exp $ diff --git a/session.c b/session.c index 2bf904404..0cbd5fbb2 100644 --- a/session.c +++ b/session.c @@ -2176,7 +2176,6 @@ session_exit_message(Session *s, int status) /* disconnect channel */ debug("session_exit_message: release channel %d", s->chanid); - s->pid = 0; /* * Adjust cleanup callback attachment to send close messages when @@ -2238,6 +2237,7 @@ session_close_by_pid(pid_t pid, int status) session_exit_message(s, status); if (s->ttyfd != -1) session_pty_cleanup(s); + s->pid = 0; } /* -- cgit v1.2.3 From 73456443c3530dc774e759ab18a451011bee5f38 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 8 Feb 2006 22:11:05 +1100 Subject: - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ --- ChangeLog | 4 +++- configure.ac | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0ebdc2106..467358c70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@. + - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP + -> NEED_SETPGRP), reported by Berhard Simon. ok tim@ 20060206 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and @@ -3845,4 +3847,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.7 2006/02/07 23:18:54 tim Exp $ +$Id: ChangeLog,v 1.4117.2.8 2006/02/08 11:11:05 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 512d57b7f..ff1972ed6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.322.2.5 2006/02/05 19:28:11 tim Exp $ +# $Id: configure.ac,v 1.322.2.6 2006/02/08 11:11:06 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.322.2.5 $) +AC_REVISION($Revision: 1.322.2.6 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -345,7 +345,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) fi ;; mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty]) + AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) SONY=1 ;; *-*-netbsd*) @@ -589,7 +589,7 @@ mips-sony-bsd|mips-sony-newsos4) *-*-ultrix*) AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPRGP) + AC_DEFINE(NEED_SETPGRP) AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) ;; -- cgit v1.2.3 From c949a5921bc16c7a4f40ec098aa9cff4d53dc1ab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Feb 2006 10:43:33 +1100 Subject: - (dtucker) [README] Bump release notes URL. --- ChangeLog | 5 ++++- README | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 467358c70..78c0d3c85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060211 + - (dtucker) [README] Bump release notes URL. + 20060208 - (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch @@ -3847,4 +3850,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.8 2006/02/08 11:11:05 dtucker Exp $ +$Id: ChangeLog,v 1.4117.2.9 2006/02/10 23:43:33 dtucker Exp $ diff --git a/README b/README index 924293b66..c8c413195 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.3 for the release notes. +See http://www.openssh.com/txt/release-4.3p2 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.61 2005/12/01 11:21:04 dtucker Exp $ +$Id: README,v 1.61.2.1 2006/02/10 23:43:34 dtucker Exp $ -- cgit v1.2.3 From 56cf3dc50961bcc871a2d86984049e80c24d6456 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 11 Feb 2006 11:00:44 +1100 Subject: - (djm) Release 4.3p2 --- ChangeLog | 3 ++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- version.h | 2 +- 5 files changed, 7 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 78c0d3c85..c9b5018bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060211 - (dtucker) [README] Bump release notes URL. + - (djm) Release 4.3p2 20060208 - (tim) [session.c] Logout records were not updated on systems with @@ -3850,4 +3851,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4117.2.9 2006/02/10 23:43:33 dtucker Exp $ +$Id: ChangeLog,v 1.4117.2.10 2006/02/11 00:00:44 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 077b86b3a..09c08f194 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 4.3p1 + %define version 4.3p2 %define cvs %{nil} %define release 1 %else @@ -357,4 +357,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.56 2006/02/01 11:10:48 djm Exp $ +$Id: openssh.spec,v 1.56.2.1 2006/02/11 00:00:45 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 545e27b64..cbdf7bbc7 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 4.3p1 +%define ver 4.3p2 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index e7739bd91..b49e78c65 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 4.3p1 +Version: 4.3p2 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/version.h b/version.h index 2b729524e..d5fd0c6ce 100644 --- a/version.h +++ b/version.h @@ -2,5 +2,5 @@ #define SSH_VERSION "OpenSSH_4.3" -#define SSH_PORTABLE "p1" +#define SSH_PORTABLE "p2" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3