From 6abf57ccbf13a043a2a2b7c8a662fc3e50d71d20 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 19 Jun 2005 07:31:37 +1000 Subject: - djm@cvs.openbsd.org 2005/05/20 12:57:01; [auth1.c] split protocol 1 auth methods into separate functions, makes authloop much more readable; fixes and ok markus@ (portable ok & polish dtucker@) --- auth1.c | 323 ++++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 192 insertions(+), 131 deletions(-) (limited to 'auth1.c') diff --git a/auth1.c b/auth1.c index d08928455..b7dfa987e 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -31,28 +31,181 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern Buffer loginmsg; -/* - * convert ssh auth msg type into description - */ +static int auth1_process_password(Authctxt *, char *, size_t); +static int auth1_process_rsa(Authctxt *, char *, size_t); +static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); +static int auth1_process_tis_challenge(Authctxt *, char *, size_t); +static int auth1_process_tis_response(Authctxt *, char *, size_t); + +static char *client_user = NULL; /* Used to fill in remote user for PAM */ + +struct AuthMethod1 { + int type; + char *name; + int *enabled; + int (*method)(Authctxt *, char *, size_t); +}; + +const struct AuthMethod1 auth1_methods[] = { + { + SSH_CMSG_AUTH_PASSWORD, "password", + &options.password_authentication, auth1_process_password + }, + { + SSH_CMSG_AUTH_RSA, "rsa", + &options.rsa_authentication, auth1_process_rsa + }, + { + SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa", + &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa + }, + { + SSH_CMSG_AUTH_TIS, "challenge-response", + &options.challenge_response_authentication, + auth1_process_tis_challenge + }, + { + SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response", + &options.challenge_response_authentication, + auth1_process_tis_response + }, + { -1, NULL, NULL, NULL} +}; + +static const struct AuthMethod1 +*lookup_authmethod1(int type) +{ + int i; + + for(i = 0; auth1_methods[i].name != NULL; i++) + if (auth1_methods[i].type == type) + return (&(auth1_methods[i])); + + return (NULL); +} + static char * get_authname(int type) { - static char buf[1024]; - switch (type) { - case SSH_CMSG_AUTH_PASSWORD: - return "password"; - case SSH_CMSG_AUTH_RSA: - return "rsa"; - case SSH_CMSG_AUTH_RHOSTS_RSA: - return "rhosts-rsa"; - case SSH_CMSG_AUTH_RHOSTS: - return "rhosts"; - case SSH_CMSG_AUTH_TIS: - case SSH_CMSG_AUTH_TIS_RESPONSE: - return "challenge-response"; + const struct AuthMethod1 *a; + static char buf[64]; + + if ((a = lookup_authmethod1(type)) != NULL) + return (a->name); + snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type); + return (buf); +} + +static int +auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) +{ + int authenticated = 0; + char *password; + u_int dlen; + + /* + * Read user password. It is in plain text, but was + * transmitted over the encrypted channel so it is + * not visible to an outside observer. + */ + password = packet_get_string(&dlen); + packet_check_eom(); + + /* Try authentication with the password. */ + authenticated = PRIVSEP(auth_password(authctxt, password)); + + memset(password, 0, dlen); + xfree(password); + + return (authenticated); +} + +static int +auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) +{ + int authenticated = 0; + BIGNUM *n; + + /* RSA authentication requested. */ + if ((n = BN_new()) == NULL) + fatal("do_authloop: BN_new failed"); + packet_get_bignum(n); + packet_check_eom(); + authenticated = auth_rsa(authctxt, n); + BN_clear_free(n); + + return (authenticated); +} + +static int +auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) +{ + int authenticated = 0; + u_int bits; + Key *client_host_key; + u_int ulen; + + /* + * Get client user name. Note that we just have to + * trust the client; root on the client machine can + * claim to be any user. + */ + client_user = packet_get_string(&ulen); + + /* Get the client host key. */ + client_host_key = key_new(KEY_RSA1); + bits = packet_get_int(); + packet_get_bignum(client_host_key->rsa->e); + packet_get_bignum(client_host_key->rsa->n); + + if (bits != BN_num_bits(client_host_key->rsa->n)) { + verbose("Warning: keysize mismatch for client_host_key: " + "actual %d, announced %d", + BN_num_bits(client_host_key->rsa->n), bits); } - snprintf(buf, sizeof buf, "bad-auth-msg-%d", type); - return buf; + packet_check_eom(); + + authenticated = auth_rhosts_rsa(authctxt, client_user, + client_host_key); + key_free(client_host_key); + + snprintf(info, infolen, " ruser %.100s", client_user); + + return (authenticated); +} + +static int +auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) +{ + char *challenge; + + if ((challenge = get_challenge(authctxt)) == NULL) + return (0); + + debug("sending challenge '%s'", challenge); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_cstring(challenge); + xfree(challenge); + packet_send(); + packet_write_wait(); + + return (-1); +} + +static int +auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) +{ + int authenticated = 0; + char *response; + u_int dlen; + + response = packet_get_string(&dlen); + packet_check_eom(); + authenticated = verify_response(authctxt, response); + memset(response, 'r', dlen); + xfree(response); + + return (authenticated); } /* @@ -63,14 +216,9 @@ static void do_authloop(Authctxt *authctxt) { int authenticated = 0; - u_int bits; - Key *client_host_key; - BIGNUM *n; - char *client_user, *password; char info[1024]; - u_int dlen; - u_int ulen; - int prev, type = 0; + int prev = 0, type = 0; + const struct AuthMethod1 *meth; debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "invalid user ", authctxt->user); @@ -95,8 +243,6 @@ do_authloop(Authctxt *authctxt) packet_send(); packet_write_wait(); - client_user = NULL; - for (;;) { /* default to fail */ authenticated = 0; @@ -118,107 +264,21 @@ do_authloop(Authctxt *authctxt) type != SSH_CMSG_AUTH_TIS_RESPONSE) abandon_challenge_response(authctxt); - /* Process the packet. */ - switch (type) { - case SSH_CMSG_AUTH_RHOSTS_RSA: - if (!options.rhosts_rsa_authentication) { - verbose("Rhosts with RSA authentication disabled."); - break; - } - /* - * Get client user name. Note that we just have to - * trust the client; root on the client machine can - * claim to be any user. - */ - client_user = packet_get_string(&ulen); - - /* Get the client host key. */ - client_host_key = key_new(KEY_RSA1); - bits = packet_get_int(); - packet_get_bignum(client_host_key->rsa->e); - packet_get_bignum(client_host_key->rsa->n); - - if (bits != BN_num_bits(client_host_key->rsa->n)) - verbose("Warning: keysize mismatch for client_host_key: " - "actual %d, announced %d", - BN_num_bits(client_host_key->rsa->n), bits); - packet_check_eom(); - - authenticated = auth_rhosts_rsa(authctxt, client_user, - client_host_key); - key_free(client_host_key); - - snprintf(info, sizeof info, " ruser %.100s", client_user); - break; - - case SSH_CMSG_AUTH_RSA: - if (!options.rsa_authentication) { - verbose("RSA authentication disabled."); - break; - } - /* RSA authentication requested. */ - if ((n = BN_new()) == NULL) - fatal("do_authloop: BN_new failed"); - packet_get_bignum(n); - packet_check_eom(); - authenticated = auth_rsa(authctxt, n); - BN_clear_free(n); - break; - - case SSH_CMSG_AUTH_PASSWORD: - if (!options.password_authentication) { - verbose("Password authentication disabled."); - break; - } - /* - * Read user password. It is in plain text, but was - * transmitted over the encrypted channel so it is - * not visible to an outside observer. - */ - password = packet_get_string(&dlen); - packet_check_eom(); - - /* Try authentication with the password. */ - authenticated = PRIVSEP(auth_password(authctxt, password)); - - memset(password, 0, strlen(password)); - xfree(password); - break; - - case SSH_CMSG_AUTH_TIS: - debug("rcvd SSH_CMSG_AUTH_TIS"); - if (options.challenge_response_authentication == 1) { - char *challenge = get_challenge(authctxt); - if (challenge != NULL) { - debug("sending challenge '%s'", challenge); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_cstring(challenge); - xfree(challenge); - packet_send(); - packet_write_wait(); - continue; - } - } - break; - case SSH_CMSG_AUTH_TIS_RESPONSE: - debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); - if (options.challenge_response_authentication == 1) { - char *response = packet_get_string(&dlen); - packet_check_eom(); - authenticated = verify_response(authctxt, response); - memset(response, 'r', dlen); - xfree(response); - } - break; - - default: - /* - * Any unknown messages will be ignored (and failure - * returned) during authentication. - */ - logit("Unknown message during authentication: type %d", type); - break; + if ((meth = lookup_authmethod1(type)) == NULL) { + logit("Unknown message during authentication: " + "type %d", type); + goto skip; + } + + if (!*(meth->enabled)) { + verbose("%s authentication disabled.", meth->name); + goto skip; } + + authenticated = meth->method(authctxt, info, sizeof(info)); + if (authenticated == -1) + continue; /* "postponed" */ + #ifdef BSD_AUTH if (authctxt->as) { auth_close(authctxt->as); @@ -247,8 +307,8 @@ do_authloop(Authctxt *authctxt) #else /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(get_authname(type))) { - authenticated = 0; + !auth_root_allowed(meth->name)) { + authenticated = 0; # ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); # endif @@ -276,6 +336,7 @@ do_authloop(Authctxt *authctxt) } #endif + skip: /* Log before sending the reply */ auth_log(authctxt, authenticated, get_authname(type), info); @@ -341,7 +402,7 @@ do_authentication(Authctxt *authctxt) /* * If we are not running as root, the user must have the same uid as - * the server. (Unless you are running Windows) + * the server. */ #ifndef HAVE_CYGWIN if (!use_privsep && getuid() != 0 && authctxt->pw && -- cgit v1.2.3 From 06221f152770ec493ff4e8ec5ff18b39e1258f72 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 19 Jun 2005 07:36:10 +1000 Subject: - djm@cvs.openbsd.org 2005/06/17 02:44:33 [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ --- ChangeLog | 4 +++- auth1.c | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index 76e88a032..d65980b44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ [auth1.c] split protocol 1 auth methods into separate functions, makes authloop much more readable; fixes and ok markus@ (portable ok & polish dtucker@) + - djm@cvs.openbsd.org 2005/06/17 02:44:33 + [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ 20050617 - (djm) OpenBSD CVS Sync @@ -2745,4 +2747,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3825 2005/06/18 21:31:37 djm Exp $ +$Id: ChangeLog,v 1.3826 2005/06/18 21:36:10 djm Exp $ diff --git a/auth1.c b/auth1.c index b7dfa987e..0f6be8201 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.60 2005/05/20 12:57:01 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -140,7 +140,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) static int auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) { - int authenticated = 0; + int keybits, authenticated = 0; u_int bits; Key *client_host_key; u_int ulen; @@ -158,7 +158,8 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) packet_get_bignum(client_host_key->rsa->e); packet_get_bignum(client_host_key->rsa->n); - if (bits != BN_num_bits(client_host_key->rsa->n)) { + keybits = BN_num_bits(client_host_key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) { verbose("Warning: keysize mismatch for client_host_key: " "actual %d, announced %d", BN_num_bits(client_host_key->rsa->n), bits); -- cgit v1.2.3 From 46d38de48b1018c74040d2399bafbedf50247529 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:02:09 +1000 Subject: - djm@cvs.openbsd.org 2005/07/16 01:35:24 [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing --- ChangeLog | 9 ++++++++- auth1.c | 4 ++-- channels.c | 4 ++-- cipher.c | 4 ++-- clientloop.c | 4 ++-- kex.c | 4 ++-- session.c | 12 ++++++------ ssh.c | 12 ++++++------ sshconnect.c | 4 ++-- 9 files changed, 32 insertions(+), 25 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index d46f02d2b..08b382213 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20050717 +- OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/07/16 01:35:24 + [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] + [sshconnect.c] + spacing + 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication socketpair stays open on in both the monitor and PAM process. Patch from @@ -2830,4 +2837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3846 2005/07/16 01:33:06 dtucker Exp $ +$Id: ChangeLog,v 1.3847 2005/07/17 07:02:09 djm Exp $ diff --git a/auth1.c b/auth1.c index 0f6be8201..ff937f80f 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -179,7 +179,7 @@ static int auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) { char *challenge; - + if ((challenge = get_challenge(authctxt)) == NULL) return (0); diff --git a/channels.c b/channels.c index a7c69a066..b7ff85007 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.220 2005/07/04 14:04:11 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.221 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2986,7 +2986,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, /* Save protocol name. */ x11_saved_proto = xstrdup(proto); /* - * Extract real authentication data and generate fake data + * Extract real authentication data and generate fake data * of the same length. */ x11_saved_data = xmalloc(data_len); diff --git a/cipher.c b/cipher.c index fc1e2ae1c..0dddf270a 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -249,7 +249,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, cipher->name); #endif - if (cipher->discard_len > 0) { + if (cipher->discard_len > 0) { junk = xmalloc(cipher->discard_len); discard = xmalloc(cipher->discard_len); if (EVP_Cipher(&cc->evp, discard, junk, diff --git a/clientloop.c b/clientloop.c index 9611a5e3e..47f3c7ecd 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.140 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -642,7 +642,7 @@ client_extra_session2_setup(int id, void *arg) if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ diff --git a/kex.c b/kex.c index 8736aa286..32c6d03ea 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include @@ -411,7 +411,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) u_int have; int mdsz = EVP_MD_size(evp_md); u_char *digest; - + if (mdsz < 0) fatal("derive_key: mdsz < 0"); digest = xmalloc(roundup(need, mdsz)); diff --git a/session.c b/session.c index a1dc6835a..13c3b001f 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.183 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -196,11 +196,11 @@ auth_input_request_forwarding(struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + printf("%s", (char *)buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } } void diff --git a/ssh.c b/ssh.c index 43d97abcc..cabc538e3 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.247 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.248 2005/07/16 01:35:24 djm Exp $"); #include #include @@ -790,8 +790,8 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_remote_forwards; i++) { debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", - (options.remote_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.remote_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, @@ -1037,7 +1037,7 @@ ssh_session2_setup(int id, void *arg) const char *display; int interactive = tty_flag; - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ @@ -1253,7 +1253,7 @@ control_client(const char *path) close(sock); return; } - + if (stdin_null_flag) { if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("open(/dev/null): %s", strerror(errno)); @@ -1262,7 +1262,7 @@ control_client(const char *path) if (fd > STDERR_FILENO) close(fd); } - + term = getenv("TERM"); flags = 0; diff --git a/sshconnect.c b/sshconnect.c index 92f0f3800..84f287145 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.166 2005/06/17 22:53:47 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.167 2005/07/16 01:35:24 djm Exp $"); #include @@ -404,7 +404,7 @@ ssh_exchange_identification(void) for (i = 0; i < sizeof(buf) - 1; i++) { size_t len = atomicio(read, connection_in, &buf[i], 1); - if (len != 1 && errno == EPIPE) + if (len != 1 && errno == EPIPE) fatal("ssh_exchange_identification: Connection closed by remote host"); else if (len != 1) fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); -- cgit v1.2.3 From 94cf4c8448bab8f1ad563868089bb0ea1ff92213 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:04:47 +1000 Subject: - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") --- ChangeLog | 5 ++- acss.c | 128 +++++++++++++++++++++++++++--------------------------- auth-pam.c | 8 ++-- auth-shadow.c | 4 +- auth-skey.c | 2 +- auth1.c | 4 +- canohost.c | 2 +- cipher-acss.c | 6 +-- loginrec.c | 34 +++++++-------- ssh-rand-helper.c | 4 +- sshd.c | 2 +- 11 files changed, 101 insertions(+), 98 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index 08b382213..774cf1a97 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing + - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] + [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL + in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2837,4 +2840,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3847 2005/07/17 07:02:09 djm Exp $ +$Id: ChangeLog,v 1.3848 2005/07/17 07:04:47 djm Exp $ diff --git a/acss.c b/acss.c index 9364ba9fe..99efde071 100644 --- a/acss.c +++ b/acss.c @@ -1,4 +1,4 @@ -/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ +/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */ /* * Copyright (c) 2004 The OpenBSD project * @@ -24,37 +24,37 @@ /* decryption sbox */ static unsigned char sboxdec[] = { - 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, - 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, - 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, - 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, - 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, - 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, - 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, - 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, - 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, - 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, - 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, - 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, - 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, - 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, - 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, - 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, - 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, - 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, - 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, - 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, - 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, - 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, - 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, - 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, - 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, - 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, - 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, - 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, - 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, - 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, - 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, + 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, + 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, + 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, + 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, + 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, + 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, + 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, + 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, + 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, + 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, + 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, + 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, + 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, + 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, + 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, + 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, + 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, + 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, + 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, + 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, + 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, + 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, + 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, + 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, + 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, + 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, + 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, + 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, + 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, + 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, + 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff }; @@ -95,38 +95,38 @@ static unsigned char sboxenc[] = { }; static unsigned char reverse[] = { - 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, - 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, - 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, - 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, - 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, - 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, - 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, - 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, - 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, - 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, - 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, - 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, - 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, - 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, - 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, - 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, - 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, - 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, - 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, - 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, - 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, - 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, - 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, - 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, - 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, - 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, - 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, - 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, - 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, - 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, - 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, - 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff + 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, + 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, + 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, + 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, + 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, + 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, + 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, + 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, + 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, + 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, + 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, + 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, + 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, + 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, + 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, + 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, + 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, + 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, + 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, + 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, + 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, + 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, + 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, + 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, + 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, + 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, + 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, + 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, + 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, + 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, + 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, + 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff }; /* diff --git a/auth-pam.c b/auth-pam.c index fecba5de0..4a2841924 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.124 2005/07/16 01:33:06 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.125 2005/07/17 07:04:47 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -123,7 +123,7 @@ static struct pam_ctxt *cleanup_ctxt; static int sshpam_thread_status = -1; static mysig_t sshpam_oldsig; -static void +static void sshpam_sigchld_handler(int sig) { signal(SIGCHLD, SIG_DFL); @@ -853,7 +853,7 @@ do_pam_account(void) sshpam_err = pam_acct_mgmt(sshpam_handle, 0); debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, pam_strerror(sshpam_handle, sshpam_err)); - + if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; return (sshpam_account_status); @@ -1111,7 +1111,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, *resp = reply; return (PAM_SUCCESS); - fail: + fail: for(i = 0; i < n; i++) { if (reply[i].resp != NULL) xfree(reply[i].resp); diff --git a/auth-shadow.c b/auth-shadow.c index f6004f68f..59737b93c 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include @@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt) #if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) { struct pr_passwd *pr; - + pr = getprpwnam((char *)user); /* Test for Trusted Mode expiry disabled */ diff --git a/auth-skey.c b/auth-skey.c index ac1af69ed..f676dbec9 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -47,7 +47,7 @@ skey_query(void *ctx, char **name, char **infotxt, int len; struct skey skey; - if (_compat_skeychallenge(&skey, authctxt->user, challenge, + if (_compat_skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1) return -1; diff --git a/auth1.c b/auth1.c index ff937f80f..74e213d13 100644 --- a/auth1.c +++ b/auth1.c @@ -171,7 +171,7 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) key_free(client_host_key); snprintf(info, infolen, " ruser %.100s", client_user); - + return (authenticated); } @@ -299,7 +299,7 @@ do_authloop(Authctxt *authctxt) #ifdef HAVE_CYGWIN if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, authctxt->pw)) { packet_disconnect("Authentication rejected for uid %d.", authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); diff --git a/canohost.c b/canohost.c index 04dc3d182..c27086bfd 100644 --- a/canohost.c +++ b/canohost.c @@ -174,7 +174,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) struct in_addr inaddr; u_int16_t port; - if (addr->ss_family != AF_INET6 || + if (addr->ss_family != AF_INET6 || !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr)) return; diff --git a/cipher-acss.c b/cipher-acss.c index 3a966a74d..a95fa6747 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -17,7 +17,7 @@ #include "includes.h" #include -RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $"); +RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $"); #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) @@ -33,7 +33,7 @@ typedef struct { #define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 static int -acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); @@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int -acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, +acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { acss(&data(ctx)->ks,inl,in,out); diff --git a/loginrec.c b/loginrec.c index 2543617ba..5d6e120c4 100644 --- a/loginrec.c +++ b/loginrec.c @@ -165,7 +165,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.68 2005/06/19 00:19:43 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.69 2005/07/17 07:04:47 djm Exp $"); /** ** prototypes for helper functions in this file @@ -362,7 +362,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username, strlcpy(li->username, username, sizeof(li->username)); pw = getpwnam(li->username); if (pw == NULL) { - fatal("%s: Cannot find user \"%s\"", __func__, + fatal("%s: Cannot find user \"%s\"", __func__, li->username); } li->uid = pw->pw_uid; @@ -374,7 +374,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username, return (1); } -/* +/* * login_set_current_time(struct logininfo *) - set the current time * * Set the current time in a logininfo structure. This function is @@ -443,7 +443,7 @@ login_write(struct logininfo *li) wtmpx_write_entry(li); #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN - if (li->type == LTYPE_LOGIN && + if (li->type == LTYPE_LOGIN && !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif @@ -558,7 +558,7 @@ line_stripname(char *dst, const char *src, int dstsize) return (dst); } -/* +/* * line_abbrevname(): Return the abbreviated (usually four-character) * form of the line (Just use the last characters of the * full name.) @@ -808,7 +808,7 @@ utmp_write_library(struct logininfo *li, struct utmp *ut) } # else /* UTMP_USE_LIBRARY */ -/* +/* * Write a utmp entry direct to the file * This is a slightly modification of code in OpenBSD's login.c */ @@ -852,7 +852,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %d slot in %s", + logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); return (0); } @@ -1052,7 +1052,7 @@ utmpx_write_entry(struct logininfo *li) #ifdef USE_WTMP -/* +/* * Write a wtmp entry direct to the end of the file * This is a slight modification of code in OpenBSD's logwtmp.c */ @@ -1113,7 +1113,7 @@ wtmp_write_entry(struct logininfo *li) } -/* +/* * Notes on fetching login data from wtmp/wtmpx * * Logouts are usually recorded with (amongst other things) a blank @@ -1157,12 +1157,12 @@ wtmp_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMP_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("%s: couldn't stat %s: %s", __func__, + logit("%s: couldn't stat %s: %s", __func__, WTMP_FILE, strerror(errno)); close(fd); return (0); @@ -1177,7 +1177,7 @@ wtmp_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) { - logit("%s: read of %s failed: %s", __func__, + logit("%s: read of %s failed: %s", __func__, WTMP_FILE, strerror(errno)); close (fd); return (0); @@ -1235,7 +1235,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) int fd, ret = 1; if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } @@ -1322,12 +1322,12 @@ wtmpx_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { - logit("%s: problem opening %s: %s", __func__, + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); return (0); } if (fstat(fd, &st) != 0) { - logit("%s: couldn't stat %s: %s", __func__, + logit("%s: couldn't stat %s: %s", __func__, WTMPX_FILE, strerror(errno)); close(fd); return (0); @@ -1342,13 +1342,13 @@ wtmpx_get_entry(struct logininfo *li) while (!found) { if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) { - logit("%s: read of %s failed: %s", __func__, + logit("%s: read of %s failed: %s", __func__, WTMPX_FILE, strerror(errno)); close (fd); return (0); } /* - * Logouts are recorded as a blank username on a particular + * Logouts are recorded as a blank username on a particular * line. So, we just need to find the username in struct utmpx */ if (wtmpx_islogin(li, &utx)) { diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index aab51fdf7..5486a4632 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.24 2005/06/19 00:19:44 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.25 2005/07/17 07:04:47 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -600,7 +600,7 @@ prng_write_seedfile(void) save_errno = errno; unlink(tmpseed); fatal("problem renaming PRNG seedfile from %.100s " - "to %.100s (%.100s)", tmpseed, filename, + "to %.100s (%.100s)", tmpseed, filename, strerror(save_errno)); } } diff --git a/sshd.c b/sshd.c index b0d65575f..40da37513 100644 --- a/sshd.c +++ b/sshd.c @@ -1034,7 +1034,7 @@ main(int ac, char **av) /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment - */ + */ if (getenv("KRB5CCNAME") != NULL) unsetenv("KRB5CCNAME"); -- cgit v1.2.3 From b6f72f5294ee8ab476ba59a97e8509ef864c5072 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:26:43 +1000 Subject: -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too --- ChangeLog | 4 +++- audit.c | 8 ++++---- auth1.c | 2 +- auth2.c | 2 +- entropy.c | 6 +++--- loginrec.c | 5 +++-- serverloop.c | 2 +- ssh-rand-helper.c | 6 +++--- 8 files changed, 19 insertions(+), 16 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index f1bf43095..346e87961 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] [sshconnect.c sshconnect2.c] knf says that a 2nd level indent is four (not three or five) spaces + -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] + [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication @@ -2855,4 +2857,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3851 2005/07/17 07:22:45 djm Exp $ +$Id: ChangeLog,v 1.3852 2005/07/17 07:26:43 djm Exp $ diff --git a/audit.c b/audit.c index 18fc41047..c77d0c012 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ +/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -120,7 +120,7 @@ void audit_connection_from(const char *host, int port) { debug("audit connection from %s port %d euid %d", host, port, - (int)geteuid()); + (int)geteuid()); } /* @@ -147,7 +147,7 @@ audit_session_open(const char *ttyn) const char *t = ttyn ? ttyn : "(no tty)"; debug("audit session open euid %d user %s tty name %s", geteuid(), - audit_username(), t); + audit_username(), t); } /* @@ -163,7 +163,7 @@ audit_session_close(const char *ttyn) const char *t = ttyn ? ttyn : "(no tty)"; debug("audit session close euid %d user %s tty name %s", geteuid(), - audit_username(), t); + audit_username(), t); } /* diff --git a/auth1.c b/auth1.c index 74e213d13..4bc2bf76d 100644 --- a/auth1.c +++ b/auth1.c @@ -323,7 +323,7 @@ do_authloop(Authctxt *authctxt) size_t len; error("Access denied for user %s by PAM account " - "configuration", authctxt->user); + "configuration", authctxt->user); len = buffer_len(&loginmsg); buffer_append(&loginmsg, "\0", 1); msg = buffer_ptr(&loginmsg); diff --git a/auth2.c b/auth2.c index 2265d311e..613b0e2bc 100644 --- a/auth2.c +++ b/auth2.c @@ -234,7 +234,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) packet_write_wait(); } fatal("Access denied for user %s by PAM account " - "configuration", authctxt->user); + "configuration", authctxt->user); } } #endif diff --git a/entropy.c b/entropy.c index 0997174b6..410bbb927 100644 --- a/entropy.c +++ b/entropy.c @@ -45,7 +45,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $"); +RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -114,8 +114,8 @@ seed_rng(void) close(p[0]); if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", - strerror(errno)); + fatal("Couldn't wait for ssh-rand-helper completion: %s", + strerror(errno)); signal(SIGCHLD, old_sigchld); /* We don't mind if the child exits upon a SIGPIPE */ diff --git a/loginrec.c b/loginrec.c index 5d6e120c4..c3783c991 100644 --- a/loginrec.c +++ b/loginrec.c @@ -165,7 +165,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.69 2005/07/17 07:04:47 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $"); /** ** prototypes for helper functions in this file @@ -444,7 +444,8 @@ login_write(struct logininfo *li) #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && - !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) + !sys_auth_record_login(li->username,li->hostname,li->line, + &loginmsg)) logit("Writing login record failed for %s", li->username); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/serverloop.c b/serverloop.c index b0c4aafa0..d2eff170a 100644 --- a/serverloop.c +++ b/serverloop.c @@ -983,7 +983,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) #ifndef NO_IPPORT_RESERVED_CONCEPT || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif - ) { + ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 5486a4632..87e52cf75 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.25 2005/07/17 07:04:47 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -398,8 +398,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) debug3("Time elapsed: %d msec", msec_elapsed); if (waitpid(pid, &status, 0) == -1) { - error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); + error("Couldn't wait for child '%s' completion: %s", + src->cmdstring, strerror(errno)); return 0.0; } -- cgit v1.2.3