From e14e005f41cf541017ab4e285f0b2ec23a21b7ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:30:44 +1000 Subject: - djm@cvs.openbsd.org 2004/05/09 01:19:28 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@ --- auth1.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'auth1.c') diff --git a/auth1.c b/auth1.c index f145cf03d..376007a05 100644 --- a/auth1.c +++ b/auth1.c @@ -10,14 +10,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" #include "packet.h" #include "buffer.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "compat.h" -- cgit v1.2.3 From 89413dbafa5a5f237ba1040b74e6437b8b1ff1e0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 May 2004 10:36:23 +1000 Subject: - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@ --- ChangeLog | 5 ++++- auth.c | 4 ++-- auth.h | 4 +--- auth1.c | 4 ++-- auth2.c | 4 ++-- servconf.c | 13 +++++++++++-- servconf.h | 4 +++- sshd_config | 3 ++- sshd_config.5 | 6 +++++- 9 files changed, 32 insertions(+), 15 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index ff05bc462..9ce0adb09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,9 @@ - jmc@cvs.openbsd.org 2004/05/22 16:01:05 [ssh.1] kill whitespace at eol; + - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 + [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] + Add MaxAuthTries sshd config option; ok markus@ 20040523 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in @@ -1150,4 +1153,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3364 2004/05/24 00:35:14 dtucker Exp $ +$Id: ChangeLog,v 1.3365 2004/05/24 00:36:23 dtucker Exp $ diff --git a/auth.c b/auth.c index 4f93ce5ae..ef3cdba3c 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.53 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: auth.c,v 1.54 2004/05/23 23:59:53 dtucker Exp $"); #ifdef HAVE_LOGIN_H #include @@ -242,7 +242,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) /* Raise logging level */ if (authenticated == 1 || !authctxt->valid || - authctxt->failures >= AUTH_FAIL_LOG || + authctxt->failures >= options.max_authtries / 2 || strcmp(method, "password") == 0) authlog = logit; diff --git a/auth.h b/auth.h index 3a7d222ef..2f094403d 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.49 2004/01/30 09:48:57 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.50 2004/05/23 23:59:53 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -181,8 +181,6 @@ void auth_debug_reset(void); struct passwd *fakepw(void); -#define AUTH_FAIL_MAX 6 -#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" #define SKEY_PROMPT "\nS/Key Password: " diff --git a/auth1.c b/auth1.c index 376007a05..471f27172 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.57 2004/05/23 23:59:53 dtucker Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -261,7 +261,7 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > AUTH_FAIL_MAX) + if (authctxt->failures++ > options.max_authtries) packet_disconnect(AUTH_FAIL_MSG, authctxt->user); packet_start(SSH_SMSG_FAILURE); diff --git a/auth2.c b/auth2.c index 1177efa73..e4a3cded9 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.105 2004/05/23 23:59:53 dtucker Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -243,7 +243,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* now we can break out */ authctxt->success = 1; } else { - if (authctxt->failures++ > AUTH_FAIL_MAX) + if (authctxt->failures++ > options.max_authtries) packet_disconnect(AUTH_FAIL_MSG, authctxt->user); methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); diff --git a/servconf.c b/servconf.c index 467ad64e8..ef8651651 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.132 2004/05/08 00:01:37 deraadt Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.133 2004/05/23 23:59:53 dtucker Exp $"); #include "ssh.h" #include "log.h" @@ -94,6 +94,7 @@ initialize_server_options(ServerOptions *options) options->max_startups_begin = -1; options->max_startups_rate = -1; options->max_startups = -1; + options->max_authtries = -1; options->banner = NULL; options->use_dns = -1; options->client_alive_interval = -1; @@ -212,6 +213,8 @@ fill_default_server_options(ServerOptions *options) options->max_startups_rate = 100; /* 100% */ if (options->max_startups_begin == -1) options->max_startups_begin = options->max_startups; + if (options->max_authtries == -1) + options->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->use_dns == -1) options->use_dns = 1; if (options->client_alive_interval == -1) @@ -262,7 +265,8 @@ typedef enum { sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, - sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, + sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, + sMaxStartups, sMaxAuthTries, sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, @@ -357,6 +361,7 @@ static struct { { "gatewayports", sGatewayPorts }, { "subsystem", sSubsystem }, { "maxstartups", sMaxStartups }, + { "maxauthtries", sMaxAuthTries }, { "banner", sBanner }, { "usedns", sUseDNS }, { "verifyreversemapping", sDeprecated }, @@ -869,6 +874,10 @@ parse_flag: options->max_startups = options->max_startups_begin; break; + case sMaxAuthTries: + intptr = &options->max_authtries; + goto parse_int; + case sBanner: charptr = &options->banner; goto parse_filename; diff --git a/servconf.h b/servconf.h index 1c6296acc..36d2e5ca6 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.68 2004/04/27 09:46:37 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.69 2004/05/23 23:59:53 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -33,6 +33,7 @@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 +#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ typedef struct { u_int num_ports; @@ -114,6 +115,7 @@ typedef struct { int max_startups_begin; int max_startups_rate; int max_startups; + int max_authtries; char *banner; /* SSH-2 banner message */ int use_dns; int client_alive_interval; /* diff --git a/sshd_config b/sshd_config index 2b8d9f695..65e6f1c32 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ +# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -35,6 +35,7 @@ #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes +#MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes diff --git a/sshd_config.5 b/sshd_config.5 index 05558c569..8edaf030c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.32 2004/04/28 07:02:56 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.33 2004/05/23 23:59:53 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -402,6 +402,10 @@ for data integrity protection. Multiple algorithms must be comma-separated. The default is .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . +.It Cm MaxAuthTries +Specifies the maximum number of authentication attempts permitted per +connection. Once the number of failures reaches half this value, additional +failures are logged. The default is 6. .It Cm MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the .Nm sshd -- cgit v1.2.3 From e35bf12eebca0c3ca248dca4c04bff83b9c475a1 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 22 Jun 2004 03:37:11 +0000 Subject: - (bal) [auth-passwd.c auth1.c] Clean up unused variables. --- ChangeLog | 3 ++- auth-passwd.c | 2 ++ auth1.c | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index b3d09c70d..00864980a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ 20040622 + - (bal) [auth-passwd.c auth1.c] Clean up unused variables. - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2004/06/20 17:36:59 [ssh.c] @@ -1361,4 +1362,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3429 2004/06/22 03:27:16 dtucker Exp $ +$Id: ChangeLog,v 1.3430 2004/06/22 03:37:11 mouring Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index da247df7d..7a68e0562 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -64,7 +64,9 @@ auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; int ok = authctxt->valid; +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; +#endif #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) diff --git a/auth1.c b/auth1.c index 471f27172..e541935ce 100644 --- a/auth1.c +++ b/auth1.c @@ -69,7 +69,6 @@ do_authloop(Authctxt *authctxt) u_int dlen; u_int ulen; int prev, type = 0; - struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "illegal user ", authctxt->user); @@ -232,9 +231,10 @@ do_authloop(Authctxt *authctxt) #ifdef HAVE_CYGWIN if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, + authctxt->pw)) { packet_disconnect("Authentication rejected for uid %d.", - pw == NULL ? -1 : pw->pw_uid); + authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); authenticated = 0; } #else -- cgit v1.2.3 From a8c73d3b8c471aaeca90e8d82e28014608bf2707 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 23 Jun 2004 09:17:54 +1000 Subject: - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 connections with empty passwords. Patch from davidwu at nbttech.com, ok djm@ --- ChangeLog | 7 ++++++- auth1.c | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index 929418433..e8fe5b4ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20040623 + - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 + connections with empty passwords. Patch from davidwu at nbttech.com, + ok djm@ + 20040622 - (bal) [auth-passwd.c auth1.c] Clean up unused variables. - (dtucker) OpenBSD CVS Sync @@ -1369,4 +1374,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3432 2004/06/22 05:06:46 dtucker Exp $ +$Id: ChangeLog,v 1.3433 2004/06/22 23:17:54 dtucker Exp $ diff --git a/auth1.c b/auth1.c index e541935ce..ab6fd34dd 100644 --- a/auth1.c +++ b/auth1.c @@ -79,8 +79,13 @@ do_authloop(Authctxt *authctxt) (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif PRIVSEP(auth_password(authctxt, ""))) { - auth_log(authctxt, 1, "without authentication", ""); - return; +#ifdef USE_PAM + if (options.use_pam && (PRIVSEP(do_pam_account()))) +#endif + { + auth_log(authctxt, 1, "without authentication", ""); + return; + } } /* Indicate that authentication is needed. */ -- cgit v1.2.3 From 30d1f84911f7c8ed86913e3900d75693d133adee Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 21 Jul 2004 20:48:53 +1000 Subject: - djm@cvs.openbsd.org 2004/07/21 10:33:31 [auth1.c auth2.c] bz#899: Don't display invalid usernames in setproctitle --- ChangeLog | 5 ++++- auth1.c | 4 ++-- auth2.c | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index 554a6ab91..711c4c289 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [auth.c] s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, miod, ... + - djm@cvs.openbsd.org 2004/07/21 10:33:31 + [auth1.c auth2.c] + bz#899: Don't display invalid usernames in setproctitle 20040720 - (djm) [log.c] bz #111: Escape more control characters when sending data @@ -1550,4 +1553,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3484 2004/07/21 10:48:24 djm Exp $ +$Id: ChangeLog,v 1.3485 2004/07/21 10:48:53 djm Exp $ diff --git a/auth1.c b/auth1.c index ab6fd34dd..ea133b0cb 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.57 2004/05/23 23:59:53 dtucker Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.58 2004/07/21 10:33:31 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -306,7 +306,7 @@ do_authentication(Authctxt *authctxt) authctxt->pw = fakepw(); } - setproctitle("%s%s", authctxt->pw ? user : "unknown", + setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); #ifdef USE_PAM diff --git a/auth2.c b/auth2.c index e4a3cded9..a8c8bd283 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.105 2004/05/23 23:59:53 dtucker Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.106 2004/07/21 10:33:31 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -166,7 +166,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) PRIVSEP(start_pam(authctxt)); #endif } - setproctitle("%s%s", authctxt->pw ? user : "unknown", + setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; -- cgit v1.2.3 From 5cb30ad2ec4fe129e6d2e440eb2eba1c01f71661 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:40:24 +1000 Subject: - markus@cvs.openbsd.org 2004/07/28 09:40:29 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/ --- ChangeLog | 6 +++++- auth.c | 4 ++-- auth1.c | 6 +++--- auth2.c | 4 ++-- cipher.c | 4 ++-- cipher.h | 4 ++-- key.c | 6 +++--- session.c | 4 ++-- ssh.c | 4 ++-- sshconnect1.c | 4 ++-- 10 files changed, 25 insertions(+), 21 deletions(-) (limited to 'auth1.c') diff --git a/ChangeLog b/ChangeLog index fbe2bbaa0..3d0347876 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ - markus@cvs.openbsd.org 2004/07/28 08:56:22 [sshd.c] call setsid() _before_ re-exec + - markus@cvs.openbsd.org 2004/07/28 09:40:29 + [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c + sshconnect1.c] + more s/illegal/invalid/ 20040720 - (djm) OpenBSD CVS Sync @@ -1571,4 +1575,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3490 2004/08/12 12:36:51 dtucker Exp $ +$Id: ChangeLog,v 1.3491 2004/08/12 12:40:24 dtucker Exp $ diff --git a/auth.c b/auth.c index 0bb7e2807..0956b0b19 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.55 2004/07/21 08:56:12 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #ifdef HAVE_LOGIN_H #include @@ -233,7 +233,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, - authctxt->valid ? "" : "illegal user ", + authctxt->valid ? "" : "invalid user ", authctxt->user, get_remote_ipaddr(), get_remote_port(), diff --git a/auth1.c b/auth1.c index ea133b0cb..3f93b9869 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.58 2004/07/21 10:33:31 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -71,7 +71,7 @@ do_authloop(Authctxt *authctxt) int prev, type = 0; debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "illegal user ", authctxt->user); + authctxt->valid ? "" : "invalid user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ if (options.password_authentication && @@ -302,7 +302,7 @@ do_authentication(Authctxt *authctxt) if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) authctxt->valid = 1; else { - debug("do_authentication: illegal user %s", user); + debug("do_authentication: invalid user %s", user); authctxt->pw = fakepw(); } diff --git a/auth2.c b/auth2.c index a8c8bd283..b98309576 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.106 2004/07/21 10:33:31 djm Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -159,7 +159,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) PRIVSEP(start_pam(authctxt)); #endif } else { - logit("input_userauth_request: illegal user %s", user); + logit("input_userauth_request: invalid user %s", user); authctxt->pw = fakepw(); #ifdef USE_PAM if (options.use_pam) diff --git a/cipher.c b/cipher.c index 93f96be6d..075a4c5fc 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.70 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -106,7 +106,7 @@ struct Cipher { #if defined(EVP_CTRL_SET_ACSS_MODE) { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, #endif - { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } }; /*--*/ diff --git a/cipher.h b/cipher.h index 74b3669fd..6bb5719b0 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: cipher.h,v 1.35 2004/07/28 09:40:29 markus Exp $ */ /* * Author: Tatu Ylonen @@ -43,7 +43,7 @@ * be removed for compatibility. The maximum allowed value is 31. */ #define SSH_CIPHER_SSH2 -3 -#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ +#define SSH_CIPHER_INVALID -2 /* No valid cipher selected. */ #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ #define SSH_CIPHER_NONE 0 /* no encryption */ #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ diff --git a/key.c b/key.c index 323e6ff84..21b0869df 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #include @@ -782,7 +782,7 @@ key_sign( return ssh_rsa_sign(key, sigp, lenp, data, datalen); break; default: - error("key_sign: illegal key type %d", key->type); + error("key_sign: invalid key type %d", key->type); return -1; break; } @@ -809,7 +809,7 @@ key_verify( return ssh_rsa_verify(key, signature, signaturelen, data, datalen); break; default: - error("key_verify: illegal key type %d", key->type); + error("key_verify: invalid key type %d", key->type); return -1; break; } diff --git a/session.c b/session.c index 99b84394e..ee4008acf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -264,7 +264,7 @@ do_authenticated1(Authctxt *authctxt) compression_level = packet_get_int(); packet_check_eom(); if (compression_level < 1 || compression_level > 9) { - packet_send_debug("Received illegal compression level %d.", + packet_send_debug("Received invalid compression level %d.", compression_level); break; } diff --git a/ssh.c b/ssh.c index 6dff591f1..edf8f2c5e 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.223 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); #include #include @@ -344,7 +344,7 @@ again: if (ciphers_valid(optarg)) { /* SSH2 only */ options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_ILLEGAL; + options.cipher = SSH_CIPHER_INVALID; } else { /* SSH1 only */ options.cipher = cipher_number(optarg); diff --git a/sshconnect1.c b/sshconnect1.c index 61fecab14..6e2e31c02 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.59 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $"); #include #include @@ -598,7 +598,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) if (options.cipher == SSH_CIPHER_NOT_SET) { if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) options.cipher = ssh_cipher_default; - } else if (options.cipher == SSH_CIPHER_ILLEGAL || + } else if (options.cipher == SSH_CIPHER_INVALID || !(cipher_mask_ssh1(1) & (1 << options.cipher))) { logit("No valid SSH1 cipher, using %.100s instead.", cipher_name(ssh_cipher_default)); -- cgit v1.2.3