From 46bc075474211c711b102f6278783bb68d7530a8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 May 2004 22:11:30 +1000 Subject: - djm@cvs.openbsd.org 2004/04/27 09:46:37 [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@ --- session.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) (limited to 'session.c') diff --git a/session.c b/session.c index 55db2ffd2..da11e5549 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.172 2004/01/30 09:48:57 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -42,6 +42,7 @@ RCSID("$OpenBSD: session.c,v 1.172 2004/01/30 09:48:57 markus Exp $"); #include "sshpty.h" #include "packet.h" #include "buffer.h" +#include "match.h" #include "mpaux.h" #include "uidswap.h" #include "compat.h" @@ -996,6 +997,10 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { /* Set basic environment. */ + for (i = 0; i < s->num_env; i++) + child_set_env(&env, &envsize, s->env[i].name, + s->env[i].val); + child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); #ifdef _AIX @@ -1831,6 +1836,41 @@ session_break_req(Session *s) return 1; } +static int +session_env_req(Session *s) +{ + char *name, *val; + u_int name_len, val_len, i; + + name = packet_get_string(&name_len); + val = packet_get_string(&val_len); + packet_check_eom(); + + /* Don't set too many environment variables */ + if (s->num_env > 128) { + debug2("Ignoring env request %s: too many env vars", name); + goto fail; + } + + for (i = 0; i < options.num_accept_env; i++) { + if (match_pattern(name, options.accept_env[i])) { + debug2("Setting env %d: %s=%s", s->num_env, name, val); + s->env = xrealloc(s->env, sizeof(*s->env) * + (s->num_env + 1)); + s->env[s->num_env].name = name; + s->env[s->num_env].val = val; + s->num_env++; + return (1); + } + } + debug2("Ignoring env request %s: disallowed name", name); + + fail: + xfree(name); + xfree(val); + return (0); +} + static int session_auth_agent_req(Session *s) { @@ -1880,6 +1920,8 @@ session_input_channel_req(Channel *c, const char *rtype) success = session_subsystem_req(s); } else if (strcmp(rtype, "break") == 0) { success = session_break_req(s); + } else if (strcmp(rtype, "env") == 0) { + success = session_env_req(s); } } if (strcmp(rtype, "window-change") == 0) { @@ -2017,6 +2059,8 @@ session_exit_message(Session *s, int status) void session_close(Session *s) { + int i; + debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) session_pty_cleanup(s); @@ -2031,6 +2075,12 @@ session_close(Session *s) if (s->auth_proto) xfree(s->auth_proto); s->used = 0; + for (i = 0; i < s->num_env; i++) { + xfree(s->env[i].name); + xfree(s->env[i].val); + } + if (s->env != NULL) + xfree(s->env); session_proctitle(s); } -- cgit v1.2.3 From e14e005f41cf541017ab4e285f0b2ec23a21b7ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:30:44 +1000 Subject: - djm@cvs.openbsd.org 2004/05/09 01:19:28 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@ --- ChangeLog | 6 +++++- OVERVIEW | 1 - auth-rsa.c | 3 +-- auth1.c | 3 +-- kex.c | 35 ++++++++++++++++++++++++++++++++++- monitor.c | 3 +-- session.c | 3 +-- sshconnect1.c | 6 +++--- sshd.c | 10 +++++----- 9 files changed, 51 insertions(+), 19 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index e12b47b0f..582632af3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,10 @@ - djm@cvs.openbsd.org 2004/05/09 00:06:47 [moduli.c ssh-keygen.c] removed: moduli.h zap another tiny header; ok deraadt@ + - djm@cvs.openbsd.org 2004/05/09 01:19:28 + [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c + sshd.c] removed: mpaux.c mpaux.h + kill some more tiny files; ok deraadt@ 20040502 - (dtucker) OpenBSD CVS Sync @@ -1096,4 +1100,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3347 2004/05/13 06:24:32 dtucker Exp $ +$Id: ChangeLog,v 1.3348 2004/05/13 06:30:44 dtucker Exp $ diff --git a/OVERVIEW b/OVERVIEW index df46ec28a..d1a768c10 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -40,7 +40,6 @@ these programs. Multiple Precision Integer Library - Uses the SSLeay BIGNUM sublibrary. - - Some auxiliary functions for mp-int manipulation are in mpaux.c. Random Numbers diff --git a/auth-rsa.c b/auth-rsa.c index 2f0746b30..8a02b8a8f 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.59 2004/05/09 01:19:27 djm Exp $"); #include #include @@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "xmalloc.h" #include "ssh1.h" -#include "mpaux.h" #include "uidswap.h" #include "match.h" #include "auth-options.h" diff --git a/auth1.c b/auth1.c index f145cf03d..376007a05 100644 --- a/auth1.c +++ b/auth1.c @@ -10,14 +10,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" #include "packet.h" #include "buffer.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "compat.h" diff --git a/kex.c b/kex.c index 5a952c9c2..30dd58a78 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.57 2004/05/09 01:19:27 djm Exp $"); #include @@ -479,6 +479,39 @@ kex_get_newkeys(int mode) return ret; } +void +derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, + u_int8_t cookie[8], u_int8_t id[16]) +{ + const EVP_MD *evp_md = EVP_md5(); + EVP_MD_CTX md; + u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE]; + int len; + + EVP_DigestInit(&md, evp_md); + + len = BN_num_bytes(host_modulus); + if (len < (512 / 8) || len > sizeof(nbuf)) + fatal("%s: bad host modulus (len %d)", __func__, len); + BN_bn2bin(host_modulus, nbuf); + EVP_DigestUpdate(&md, nbuf, len); + + len = BN_num_bytes(server_modulus); + if (len < (512 / 8) || len > sizeof(nbuf)) + fatal("%s: bad server modulus (len %d)", __func__, len); + BN_bn2bin(server_modulus, nbuf); + EVP_DigestUpdate(&md, nbuf, len); + + EVP_DigestUpdate(&md, cookie, 8); + + EVP_DigestFinal(&md, id, NULL); + memcpy(id, obuf, 16); + + memset(nbuf, 0, sizeof(nbuf)); + memset(obuf, 0, sizeof(obuf)); + memset(&md, 0, sizeof(md)); +} + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) void dump_digest(char *msg, u_char *digest, int len) diff --git a/monitor.c b/monitor.c index 9c30c1c39..4636000bb 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include @@ -63,7 +63,6 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include "bufaux.h" #include "compat.h" #include "ssh2.h" -#include "mpaux.h" #ifdef GSSAPI #include "ssh-gss.h" diff --git a/session.c b/session.c index da11e5549..2ecf637f9 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -43,7 +43,6 @@ RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); #include "packet.h" #include "buffer.h" #include "match.h" -#include "mpaux.h" #include "uidswap.h" #include "compat.h" #include "channels.h" diff --git a/sshconnect1.c b/sshconnect1.c index c579b01cc..ae33ab39d 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.58 2004/05/09 01:19:28 djm Exp $"); #include #include @@ -24,7 +24,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); #include "rsa.h" #include "buffer.h" #include "packet.h" -#include "mpaux.h" +#include "kex.h" #include "uidswap.h" #include "log.h" #include "readconf.h" @@ -528,7 +528,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; - compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); + derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); /* Generate a session key. */ arc4random_stir(); diff --git a/sshd.c b/sshd.c index 634284251..696978f00 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $"); #include #include @@ -60,7 +60,6 @@ RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); #include "rsa.h" #include "sshpty.h" #include "packet.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "uidswap.h" @@ -1689,9 +1688,10 @@ do_ssh1_kex(void) BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); - compute_session_id(session_id, cookie, - sensitive_data.ssh1_host_key->rsa->n, - sensitive_data.server_key->rsa->n); + derive_ssh1_session_id( + sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.server_key->rsa->n, + cookie, session_id); /* * Xor the first 16 bytes of the session key with the * session id. -- cgit v1.2.3 From 1f8311c836a20ce4923e2142d206f8d8073d0ca4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:39:33 +1000 Subject: - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok --- ChangeLog | 6 +++++- auth.c | 6 +++--- auth2-none.c | 11 ++++++++--- authfile.c | 16 +++++++++++----- channels.c | 4 ++-- monitor.c | 4 ++-- monitor_mm.c | 2 +- openbsd-compat/xmmap.c | 8 ++++---- packet.c | 12 +++++++----- packet.h | 4 ++-- progressmeter.c | 4 ++-- session.c | 5 ++--- 12 files changed, 49 insertions(+), 33 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 83594e4a5..fb81a8145 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,10 @@ - djm@cvs.openbsd.org 2004/05/09 01:26:48 [kex.c] don't overwrite what we are trying to compute + - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 + [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c + packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] + improve some code lint did not like; djm millert ok 20040502 - (dtucker) OpenBSD CVS Sync @@ -1103,4 +1107,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3349 2004/05/13 06:31:48 dtucker Exp $ +$Id: ChangeLog,v 1.3350 2004/05/13 06:39:33 dtucker Exp $ diff --git a/auth.c b/auth.c index 8acfcf86c..4f93ce5ae 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.52 2004/05/08 00:01:37 deraadt Exp $"); +RCSID("$OpenBSD: auth.c,v 1.53 2004/05/11 19:01:43 deraadt Exp $"); #ifdef HAVE_LOGIN_H #include @@ -562,8 +562,8 @@ fakepw(void) fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; - fake.pw_uid = -1; - fake.pw_gid = -1; + fake.pw_uid = (uid_t)-1; + fake.pw_gid = (gid_t)-1; #ifdef HAVE_PW_CLASS_IN_PASSWD fake.pw_class = ""; #endif diff --git a/auth2-none.c b/auth2-none.c index c342addec..2bf5b5c80 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $"); #include "auth.h" #include "xmalloc.h" @@ -46,7 +46,7 @@ auth2_read_banner(void) { struct stat st; char *banner = NULL; - off_t len, n; + size_t len, n; int fd; if ((fd = open(options.banner, O_RDONLY)) == -1) @@ -55,7 +55,12 @@ auth2_read_banner(void) close(fd); return (NULL); } - len = st.st_size; + if (st.st_size > 1*1024*1024) { + close(fd); + return (NULL); + } + + len = (size_t)st.st_size; /* truncate */ banner = xmalloc(len + 1); n = atomicio(read, fd, banner, len); close(fd); diff --git a/authfile.c b/authfile.c index 83ddd635f..305e9473b 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.55 2003/09/18 07:56:05 markus Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.56 2004/05/11 19:01:43 deraadt Exp $"); #include #include @@ -236,14 +236,16 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) struct stat st; char *cp; int i; - off_t len; + size_t len; if (fstat(fd, &st) < 0) { error("fstat for key file %.200s failed: %.100s", filename, strerror(errno)); return NULL; } - len = st.st_size; + if (st.st_size > 1*1024*1024) + close(fd); + len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); cp = buffer_append_space(&buffer, len); @@ -318,7 +320,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, char **commentp) { int i, check1, check2, cipher_type; - off_t len; + size_t len; Buffer buffer, decrypted; u_char *cp; CipherContext ciphercontext; @@ -332,7 +334,11 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, close(fd); return NULL; } - len = st.st_size; + if (st.st_size > 1*1024*1024) { + close(fd); + return (NULL); + } + len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); cp = buffer_append_space(&buffer, len); diff --git a/channels.c b/channels.c index e663c2159..55dc67342 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.200 2004/01/19 09:24:21 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.201 2004/05/11 19:01:43 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1031,7 +1031,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) buffer_get(&c->input, (char *)&dest_port, 2); dest_addr[addrlen] = '\0'; if (s5_req.atyp == SSH_SOCKS5_DOMAIN) - strlcpy(c->path, dest_addr, sizeof(c->path)); + strlcpy(c->path, (char *)dest_addr, sizeof(c->path)); else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) return -1; c->host_port = ntohs(dest_port); diff --git a/monitor.c b/monitor.c index 4636000bb..2200eb09d 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.57 2004/05/11 19:01:43 deraadt Exp $"); #include @@ -1479,7 +1479,7 @@ mm_answer_term(int socket, Buffer *req) res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; /* Terminate process */ - exit (res); + exit(res); } void diff --git a/monitor_mm.c b/monitor_mm.c index e57c87cc2..ff523a5b1 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $"); +RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $"); #ifdef HAVE_SYS_MMAN_H #include diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index 9dc4340a7..f1a637a34 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.3 2003/06/02 02:25:27 tim Exp $ */ +/* $Id: xmmap.c,v 1.4 2004/05/13 06:39:34 dtucker Exp $ */ #include "includes.h" @@ -40,10 +40,10 @@ void *xmmap(size_t size) #ifdef HAVE_MMAP # ifdef MAP_ANON address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, - -1, 0); + -1, (off_t)0); # else address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, - open("/dev/zero", O_RDWR), 0); + open("/dev/zero", O_RDWR), (off_t)0); # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" @@ -58,7 +58,7 @@ void *xmmap(size_t size) unlink(tmpname); ftruncate(tmpfd, size); address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, - tmpfd, 0); + tmpfd, (off_t)0); close(tmpfd); } diff --git a/packet.c b/packet.c index daae9ffaa..fe3eea094 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.112 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.113 2004/05/11 19:01:43 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -154,8 +154,10 @@ packet_set_connection(int fd_in, int fd_out) fatal("packet_set_connection: cannot load cipher 'none'"); connection_in = fd_in; connection_out = fd_out; - cipher_init(&send_context, none, "", 0, NULL, 0, CIPHER_ENCRYPT); - cipher_init(&receive_context, none, "", 0, NULL, 0, CIPHER_DECRYPT); + cipher_init(&send_context, none, (const u_char *)"", + 0, NULL, 0, CIPHER_ENCRYPT); + cipher_init(&receive_context, none, (const u_char *)"", + 0, NULL, 0, CIPHER_DECRYPT); newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL; if (!initialized) { initialized = 1; @@ -1449,7 +1451,7 @@ packet_is_interactive(void) return interactive_mode; } -u_int +int packet_set_maxsize(u_int s) { static int called = 0; @@ -1503,7 +1505,7 @@ packet_send_ignore(int nbytes) } } -#define MAX_PACKETS (1<<31) +#define MAX_PACKETS (1U<<31) int packet_need_rekeying(void) { diff --git a/packet.h b/packet.h index 7732fafb7..37f82f2f6 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.40 2003/06/24 08:23:46 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -82,7 +82,7 @@ void tty_make_modes(int, struct termios *); void tty_parse_modes(int, int *); extern u_int max_packet_size; -u_int packet_set_maxsize(u_int); +int packet_set_maxsize(u_int); #define packet_get_maxsize() max_packet_size /* don't allow remaining bytes after the end of the message */ diff --git a/progressmeter.c b/progressmeter.c index f42668526..e74f4785f 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.19 2004/02/05 15:33:33 markus Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.20 2004/05/11 19:01:43 deraadt Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -167,7 +167,7 @@ refresh_progress_meter(void) /* bandwidth usage */ format_rate(buf + strlen(buf), win_size - strlen(buf), - bytes_per_second); + (off_t)bytes_per_second); strlcat(buf, "/s ", win_size); /* ETA */ diff --git a/session.c b/session.c index 2ecf637f9..2fe511612 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.175 2004/05/11 19:01:43 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1824,9 +1824,8 @@ session_exec_req(Session *s) static int session_break_req(Session *s) { - u_int break_length; - break_length = packet_get_int(); /* ignored */ + packet_get_int(); /* ignored */ packet_check_eom(); if (s->ttyfd == -1 || -- cgit v1.2.3 From 723e945b55b29ecd7ce908cf81a67fd998764aff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 22 Jun 2004 12:57:08 +1000 Subject: - djm@cvs.openbsd.org 2004/06/21 17:53:03 [session.c] fix fd leak for multiple subsystem connections; with markus@ --- ChangeLog | 5 ++++- session.c | 8 ++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index fae8d6c6d..c4cf8c35e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ sshpty.c] make ssh -Wshadow clean, no functional changes markus@ ok + - djm@cvs.openbsd.org 2004/06/21 17:53:03 + [session.c] + fix fd leak for multiple subsystem connections; with markus@ 20040620 - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms. @@ -1340,4 +1343,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3421 2004/06/22 02:56:01 dtucker Exp $ +$Id: ChangeLog,v 1.3422 2004/06/22 02:57:08 dtucker Exp $ diff --git a/session.c b/session.c index 2fe511612..8720ae7be 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.175 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.176 2004/06/21 17:53:03 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -481,7 +481,11 @@ do_exec_no_pty(Session *s, const char *command) close(perr[1]); if (compat20) { - session_set_fds(s, pin[1], pout[0], s->is_subsystem ? -1 : perr[0]); + if (s->is_subsystem) { + close(perr[0]); + perr[0] = -1; + } + session_set_fds(s, pin[1], pout[0], perr[0]); } else { /* Enter the interactive session. */ server_loop(pid, pin[1], pout[0], perr[0]); -- cgit v1.2.3 From a6b1d169e601a5fe0dcd0e49c038671446932026 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Jun 2004 22:41:07 +1000 Subject: - djm@cvs.openbsd.org 2004/06/30 08:36:59 [session.c] unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ --- ChangeLog | 5 ++++- session.c | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 2f6d02306..9b90db35d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ - avsm@cvs.openbsd.org 2004/06/26 20:07:16 [sshd.c] initialise some fd variables to -1, djm@ ok + - djm@cvs.openbsd.org 2004/06/30 08:36:59 + [session.c] + unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@ 20040627 - (tim) update README files. @@ -1462,4 +1465,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3462 2004/06/30 12:40:20 djm Exp $ +$Id: ChangeLog,v 1.3463 2004/06/30 12:41:07 djm Exp $ diff --git a/session.c b/session.c index 8720ae7be..cf2098931 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.176 2004/06/21 17:53:03 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.177 2004/06/30 08:36:59 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1920,15 +1920,16 @@ session_input_channel_req(Channel *c, const char *rtype) success = session_auth_agent_req(s); } else if (strcmp(rtype, "subsystem") == 0) { success = session_subsystem_req(s); - } else if (strcmp(rtype, "break") == 0) { - success = session_break_req(s); } else if (strcmp(rtype, "env") == 0) { success = session_env_req(s); } } if (strcmp(rtype, "window-change") == 0) { success = session_window_change_req(s); + } else if (strcmp(rtype, "break") == 0) { + success = session_break_req(s); } + return success; } -- cgit v1.2.3 From 0a44d1ecf36455f7288a6f4349e676d922a46718 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 1 Jul 2004 09:48:29 +1000 Subject: - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. Ensures messages from PAM modules are displayed when privsep=no. Note: I did not want to just move display_loginmsg since that would change existing behaviour (order of expiry warnings, "Last Login", motd) to less like the native tools. --- ChangeLog | 6 +++++- session.c | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 9b90db35d..f47b68ea5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040701 + - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. + Ensures messages from PAM modules are displayed when privsep=no. + 20040630 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL appdata_ptr to the conversation function. ok djm@ @@ -1465,4 +1469,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3463 2004/06/30 12:41:07 djm Exp $ +$Id: ChangeLog,v 1.3464 2004/06/30 23:48:29 dtucker Exp $ diff --git a/session.c b/session.c index cf2098931..a3a7ee784 100644 --- a/session.c +++ b/session.c @@ -1431,6 +1431,13 @@ do_child(Session *s, const char *command) #else /* HAVE_OSF_SIA */ do_nologin(pw); do_setusercontext(pw); + /* + * PAM session modules in do_setusercontext may have + * generated messages, so if this in an interactive + * login then display them too. + */ + if (command == NULL) + display_loginmsg(); #endif /* HAVE_OSF_SIA */ } -- cgit v1.2.3 From fc9597034b819b295966f61d8dc797b53fda45c7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 16:12:08 +1000 Subject: - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces --- ChangeLog | 9 ++++++++- channels.c | 11 +++++------ cipher.c | 32 ++++++++++++++++---------------- clientloop.c | 18 +++++++++--------- clientloop.h | 4 ++-- compat.h | 4 ++-- moduli.c | 48 ++++++++++++++++++++++++------------------------ nchan.c | 16 ++++++++-------- pathnames.h | 4 ++-- progressmeter.c | 18 +++++++++--------- readconf.c | 6 +++--- readconf.h | 4 ++-- servconf.c | 4 ++-- session.c | 6 +++--- sftp-client.c | 8 ++++---- sftp.c | 8 ++++---- ssh-agent.1 | 4 ++-- ssh-keygen.c | 4 ++-- ssh.c | 10 +++++----- ssh1.h | 8 ++++---- sshd.c | 6 +++--- ttymodes.h | 18 +++++++++--------- 22 files changed, 128 insertions(+), 122 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index a36c1dd22..e09a0fc83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,13 @@ ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too. + - (dtucker) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 + [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c + readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c + session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h + sshd.c ttymodes.h] + spaces 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows @@ -1509,4 +1516,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3474 2004/07/17 04:07:42 dtucker Exp $ +$Id: ChangeLog,v 1.3475 2004/07/17 06:12:08 dtucker Exp $ diff --git a/channels.c b/channels.c index a72d9b93d..cf46ce09f 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.207 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.208 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -737,7 +737,7 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) FD_SET(c->efd, readset); } /* XXX: What about efd? races? */ - if (compat20 && c->ctl_fd != -1 && + if (compat20 && c->ctl_fd != -1 && c->istate == CHAN_INPUT_OPEN && c->ostate == CHAN_OUTPUT_OPEN) FD_SET(c->ctl_fd, readset); } @@ -2277,7 +2277,7 @@ channel_cancel_rport_listener(const char *host, u_short port) if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && strncmp(c->path, host, sizeof(c->path)) == 0 && - c->listening_port == port) { + c->listening_port == port) { debug2("%s: close clannel %d", __func__, i); channel_free(c); found = 1; @@ -2364,10 +2364,9 @@ channel_request_remote_forwarding(u_short listen_port, } /* - * Request cancellation of remote forwarding of connection host:port from + * Request cancellation of remote forwarding of connection host:port from * local side. */ - void channel_request_rforward_cancel(u_short port) { @@ -2378,7 +2377,7 @@ channel_request_rforward_cancel(u_short port) return; for (i = 0; i < num_permitted_opens; i++) { - if (permitted_opens[i].host_to_connect != NULL && + if (permitted_opens[i].host_to_connect != NULL && permitted_opens[i].listen_port == port) break; } diff --git a/cipher.c b/cipher.c index 64bd744b8..93f96be6d 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.69 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.70 2004/07/11 17:48:47 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -76,19 +76,19 @@ struct Cipher { u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, + { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, + + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, #else @@ -99,9 +99,9 @@ struct Cipher { SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, #endif #if OPENSSL_VERSION_NUMBER >= 0x00905000L - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, #endif #if defined(EVP_CTRL_SET_ACSS_MODE) { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, diff --git a/clientloop.c b/clientloop.c index 79aabbe06..def4d8a7b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.128 2004/06/18 11:11:54 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.129 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -402,7 +402,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (options.server_alive_interval == 0 || !compat20) tvp = NULL; - else { + else { tv.tv_sec = options.server_alive_interval; tv.tv_usec = 0; tvp = &tv; @@ -517,7 +517,7 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt) { int id; Channel *c; - + id = packet_get_int(); packet_check_eom(); @@ -540,13 +540,13 @@ client_extra_session2_setup(int id, void *arg) struct confirm_ctx *cctx = arg; Channel *c; int i; - + if (cctx == NULL) fatal("%s: cctx == NULL", __func__); if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - client_session2_setup(id, cctx->want_tty, cctx->want_subsys, + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); @@ -557,7 +557,7 @@ client_extra_session2_setup(int id, void *arg) for (i = 0; cctx->env[i] != NULL; i++) xfree(cctx->env[i]); xfree(cctx->env); - } + } xfree(cctx); } @@ -614,7 +614,7 @@ client_process_control(fd_set * readset) * Accept empty responses and responses consisting * of the word "yes" as affirmative. */ - if (*p == '\0' || *p == '\n' || + if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) allowed = 1; xfree(p); @@ -714,7 +714,7 @@ client_process_control(fd_set * readset) set_nonblock(client_fd); - c = channel_new("session", SSH_CHANNEL_OPENING, + c = channel_new("session", SSH_CHANNEL_OPENING, new_fd[0], new_fd[1], new_fd[2], CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); @@ -1673,7 +1673,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) } void -client_session2_setup(int id, int want_tty, int want_subsystem, +client_session2_setup(int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env, dispatch_fn *subsys_repl) { diff --git a/clientloop.h b/clientloop.h index c34d6674d..9992d5938 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.10 2004/06/17 14:52:48 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -38,5 +38,5 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); -void client_session2_setup(int, int, int, const char *, struct termios *, +void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); diff --git a/compat.h b/compat.h index efa0f081e..5efb5c29e 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -27,7 +27,7 @@ #ifndef COMPAT_H #define COMPAT_H -#define SSH_PROTO_UNKNOWN 0x00 +#define SSH_PROTO_UNKNOWN 0x00 #define SSH_PROTO_1 0x01 #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 diff --git a/moduli.c b/moduli.c index c8769c0aa..581b03503 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.8 2004/05/21 08:43:03 markus Exp $ */ +/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -48,68 +48,68 @@ */ /* need line long enough for largest moduli plus headers */ -#define QLINESIZE (100+8192) +#define QLINESIZE (100+8192) /* Type: decimal. * Specifies the internal structure of the prime modulus. */ -#define QTYPE_UNKNOWN (0) -#define QTYPE_UNSTRUCTURED (1) -#define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) -#define QTYPE_SOPHIE_GERMAIN (4) -#define QTYPE_STRONG (5) +#define QTYPE_UNKNOWN (0) +#define QTYPE_UNSTRUCTURED (1) +#define QTYPE_SAFE (2) +#define QTYPE_SCHNOOR (3) +#define QTYPE_SOPHIE_GERMAIN (4) +#define QTYPE_STRONG (5) /* Tests: decimal (bit field). * Specifies the methods used in checking for primality. * Usually, more than one test is used. */ -#define QTEST_UNTESTED (0x00) -#define QTEST_COMPOSITE (0x01) -#define QTEST_SIEVE (0x02) -#define QTEST_MILLER_RABIN (0x04) -#define QTEST_JACOBI (0x08) -#define QTEST_ELLIPTIC (0x10) +#define QTEST_UNTESTED (0x00) +#define QTEST_COMPOSITE (0x01) +#define QTEST_SIEVE (0x02) +#define QTEST_MILLER_RABIN (0x04) +#define QTEST_JACOBI (0x08) +#define QTEST_ELLIPTIC (0x10) /* * Size: decimal. * Specifies the number of the most significant bit (0 to M). * WARNING: internally, usually 1 to N. */ -#define QSIZE_MINIMUM (511) +#define QSIZE_MINIMUM (511) /* * Prime sieving defines */ /* Constant: assuming 8 bit bytes and 32 bit words */ -#define SHIFT_BIT (3) -#define SHIFT_BYTE (2) -#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) -#define SHIFT_MEGABYTE (20) -#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) +#define SHIFT_BIT (3) +#define SHIFT_BYTE (2) +#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) +#define SHIFT_MEGABYTE (20) +#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) /* * Using virtual memory can cause thrashing. This should be the largest * number that is supported without a large amount of disk activity -- * that would increase the run time from hours to days or weeks! */ -#define LARGE_MINIMUM (8UL) /* megabytes */ +#define LARGE_MINIMUM (8UL) /* megabytes */ /* * Do not increase this number beyond the unsigned integer bit size. * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). */ -#define LARGE_MAXIMUM (127UL) /* megabytes */ +#define LARGE_MAXIMUM (127UL) /* megabytes */ /* * Constant: when used with 32-bit integers, the largest sieve prime * has to be less than 2**32. */ -#define SMALL_MAXIMUM (0xffffffffUL) +#define SMALL_MAXIMUM (0xffffffffUL) /* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ -#define TINY_NUMBER (1UL<<16) +#define TINY_NUMBER (1UL<<16) /* Ensure enough bit space for testing 2*q. */ #define TEST_MAXIMUM (1UL<<16) diff --git a/nchan.c b/nchan.c index ecf59c5db..aee3f37b0 100644 --- a/nchan.c +++ b/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -42,15 +42,15 @@ RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); * tear down of channels: * * 1.3: strict request-ack-protocol: - * CLOSE -> - * <- CLOSE_CONFIRM + * CLOSE -> + * <- CLOSE_CONFIRM * * 1.5: uses variations of: - * IEOF -> - * <- OCLOSE - * <- IEOF - * OCLOSE -> - * i.e. both sides have to close the channel + * IEOF -> + * <- OCLOSE + * <- IEOF + * OCLOSE -> + * i.e. both sides have to close the channel * * 2.0: the EOF messages are optional * diff --git a/pathnames.h b/pathnames.h index 53208cf58..cf42625a4 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.14 2004/01/30 09:48:57 markus Exp $ */ +/* $OpenBSD: pathnames.h,v 1.15 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -122,7 +122,7 @@ /* Location of ssh-keysign for hostbased authentication */ #ifndef _PATH_SSH_KEY_SIGN -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" +#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" #endif /* xauth for X11 forwarding */ diff --git a/progressmeter.c b/progressmeter.c index 629a536b2..93f5a3e62 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.21 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -48,15 +48,15 @@ void refresh_progress_meter(void); /* signal handler for updating the progress meter */ static void update_progress_meter(int); -static time_t start; /* start progress */ -static time_t last_update; /* last progress update */ -static char *file; /* name of the file being transferred */ -static off_t end_pos; /* ending position of transfer */ -static off_t cur_pos; /* transfer position as of last refresh */ +static time_t start; /* start progress */ +static time_t last_update; /* last progress update */ +static char *file; /* name of the file being transferred */ +static off_t end_pos; /* ending position of transfer */ +static off_t cur_pos; /* transfer position as of last refresh */ static volatile off_t *counter; /* progress counter */ -static long stalled; /* how long we have been stalled */ -static int bytes_per_second; /* current speed in bytes per second */ -static int win_size; /* terminal window size */ +static long stalled; /* how long we have been stalled */ +static int bytes_per_second; /* current speed in bytes per second */ +static int win_size; /* terminal window size */ /* units for format_size */ static const char unit[] = " KMGT"; diff --git a/readconf.c b/readconf.c index 429f69129..a4fe1fe02 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -804,7 +804,7 @@ parse_int: */ int -read_config_file(const char *filename, const char *host, Options *options, +read_config_file(const char *filename, const char *host, Options *options, int checkperm) { FILE *f; @@ -818,7 +818,7 @@ read_config_file(const char *filename, const char *host, Options *options, if (checkperm) { struct stat sb; - + if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); if (((sb.st_uid != 0 && sb.st_uid != getuid()) || diff --git a/readconf.h b/readconf.h index 5e504bece..ded422585 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.63 2004/06/13 15:03:02 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -103,7 +103,7 @@ typedef struct { int rekey_limit; int no_host_authentication_for_localhost; int identities_only; - int server_alive_interval; + int server_alive_interval; int server_alive_count_max; int num_send_env; diff --git a/servconf.c b/servconf.c index ea67f6288..02fae0fbe 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.134 2004/06/24 19:30:54 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.135 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "log.h" @@ -956,7 +956,7 @@ load_server_config(const char *filename, Buffer *conf) while (fgets(line, sizeof(line), f)) { /* * Trim out comments and strip whitespace - * NB - preserve newlines, they are needed to reproduce + * NB - preserve newlines, they are needed to reproduce * line numbers later for error messages */ if ((cp = strchr(line, '#')) != NULL) diff --git a/session.c b/session.c index a3a7ee784..7c8fe5faf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.177 2004/06/30 08:36:59 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1001,7 +1001,7 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { /* Set basic environment. */ for (i = 0; i < s->num_env; i++) - child_set_env(&env, &envsize, s->env[i].name, + child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); child_set_env(&env, &envsize, "USER", pw->pw_name); @@ -1320,7 +1320,7 @@ do_pwchange(Session *s) { fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { - fprintf(stderr, + fprintf(stderr, "You must change your password now and login again!\n"); execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); perror("passwd"); diff --git a/sftp-client.c b/sftp-client.c index 88276cd4a..0ffacbccc 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.50 2004/06/03 12:22:20 pedro Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -821,7 +821,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, u_int len; /* - * Simulate EOF on interrupt: stop sending new requests and + * Simulate EOF on interrupt: stop sending new requests and * allow outstanding requests to drain gracefully */ if (interrupted) { @@ -1053,9 +1053,9 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, int len; /* - * Can't use atomicio here because it returns 0 on EOF, + * Can't use atomicio here because it returns 0 on EOF, * thus losing the last block of the file. - * Simulate an EOF on interrupt, allowing ACKs from the + * Simulate an EOF on interrupt, allowing ACKs from the * server to drain. */ if (interrupted) diff --git a/sftp.c b/sftp.c index 4002304ec..f01c9194c 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.55 2004/06/25 23:21:38 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -1328,8 +1328,8 @@ connect_to_server(char *path, char **args, int *in, int *out) /* * The underlying ssh is in the same process group, so we must - * ignore SIGINT if we want to gracefully abort commands, - * otherwise the signal will make it to the ssh process and + * ignore SIGINT if we want to gracefully abort commands, + * otherwise the signal will make it to the ssh process and * kill it too */ signal(SIGINT, SIG_IGN); @@ -1415,7 +1415,7 @@ main(int argc, char **argv) fatal("Batch file already specified."); /* Allow "-" as stdin */ - if (strcmp(optarg, "-") != 0 && + if (strcmp(optarg, "-") != 0 && (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; diff --git a/ssh-agent.1 b/ssh-agent.1 index cfefd34e9..226804e5f 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.40 2004/05/13 02:47:50 dtucker Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -148,7 +148,7 @@ for Bourne-type shells such as or .Xr ksh 1 and -.Cm eval `ssh-agent -c` +.Cm eval `ssh-agent -c` for .Xr csh 1 and derivatives. diff --git a/ssh-keygen.c b/ssh-keygen.c index e8e579b5d..d39e7d881 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.116 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -895,7 +895,7 @@ main(int ac, char **av) if (log_level == SYSLOG_LEVEL_INFO) log_level = SYSLOG_LEVEL_DEBUG1; else { - if (log_level >= SYSLOG_LEVEL_DEBUG1 && + if (log_level >= SYSLOG_LEVEL_DEBUG1 && log_level < SYSLOG_LEVEL_DEBUG3) log_level++; } diff --git a/ssh.c b/ssh.c index f0c284df0..6dff591f1 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.223 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -551,7 +551,7 @@ again: (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options, 0); } @@ -1250,7 +1250,7 @@ control_client(const char *path) Buffer m; char *cp; extern char **environ; - + memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; addr_len = offsetof(struct sockaddr_un, sun_path) + @@ -1291,13 +1291,13 @@ control_client(const char *path) if (options.num_send_env == 0 || environ == NULL) { buffer_put_int(&m, 0); - } else { + } else { /* Pass environment */ num_env = 0; for (i = 0; environ[i] != NULL; i++) if (env_permitted(environ[i])) num_env++; /* Count */ - + buffer_put_int(&m, num_env); for (i = 0; environ[i] != NULL && num_env >= 0; i++) diff --git a/ssh1.h b/ssh1.h index 98d1dc930..cc7fbc8b0 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.3 2001/05/30 12:55:13 markus Exp $ */ +/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -29,8 +29,8 @@ #define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ -#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ -#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ +#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ +#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ #define SSH_CMSG_EXEC_SHELL 12 /* */ #define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ #define SSH_SMSG_SUCCESS 14 /* */ @@ -45,7 +45,7 @@ #define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ #define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ #define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ -/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ +/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ #define SSH_SMSG_X11_OPEN 27 /* channel (int) */ #define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ #define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ diff --git a/sshd.c b/sshd.c index 6df8f252a..ac62cb506 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.297 2004/06/26 20:07:16 avsm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -803,7 +803,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); - if (sensitive_data.server_key != NULL && + if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); @@ -1896,7 +1896,7 @@ do_ssh1_kex(void) session_key + sizeof(session_key) - len); derive_ssh1_session_id( - sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.ssh1_host_key->rsa->n, sensitive_data.server_key->rsa->n, cookie, session_id); /* diff --git a/ttymodes.h b/ttymodes.h index 7de4b8362..481282cd7 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -113,17 +113,17 @@ TTYCHAR(VDISCARD, 18) /* name, field, op */ TTYMODE(IGNPAR, c_iflag, 30) TTYMODE(PARMRK, c_iflag, 31) -TTYMODE(INPCK, c_iflag, 32) +TTYMODE(INPCK, c_iflag, 32) TTYMODE(ISTRIP, c_iflag, 33) -TTYMODE(INLCR, c_iflag, 34) -TTYMODE(IGNCR, c_iflag, 35) -TTYMODE(ICRNL, c_iflag, 36) +TTYMODE(INLCR, c_iflag, 34) +TTYMODE(IGNCR, c_iflag, 35) +TTYMODE(ICRNL, c_iflag, 36) #if defined(IUCLC) -TTYMODE(IUCLC, c_iflag, 37) +TTYMODE(IUCLC, c_iflag, 37) #endif -TTYMODE(IXON, c_iflag, 38) -TTYMODE(IXANY, c_iflag, 39) -TTYMODE(IXOFF, c_iflag, 40) +TTYMODE(IXON, c_iflag, 38) +TTYMODE(IXANY, c_iflag, 39) +TTYMODE(IXOFF, c_iflag, 40) #ifdef IMAXBEL TTYMODE(IMAXBEL,c_iflag, 41) #endif /* IMAXBEL */ -- cgit v1.2.3 From 0999174755bbc5b50d65bfa95e0b322ffd12337c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 17:05:14 +1000 Subject: - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@ --- ChangeLog | 8 +++++++- monitor.c | 16 +++++++++++----- monitor_wrap.c | 9 +++++++-- session.c | 42 ++++++++++++++---------------------------- session.h | 5 +---- sshd.c | 8 +++++++- sshlogin.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 89 insertions(+), 42 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index a70a1fac1..8255b3e59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,12 @@ Fix incorrect macro, .I -> .Em From: Eric S. Raymond ok jmc@ + - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 + [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] + Move "Last logged in at.." message generation to the monitor, right + before recording the new login. Fixes missing lastlog message when + /var/log/lastlog is not world-readable and incorrect datestamp when + multiple sessions are used (bz #463); much assistance & ok markus@ 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows @@ -1521,4 +1527,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $ +$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $ diff --git a/monitor.c b/monitor.c index 3f468dfff..b7463400e 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); #include @@ -79,6 +79,7 @@ extern u_char session_id[]; extern Buffer input, output; extern Buffer auth_debug; extern int auth_debug_init; +extern Buffer loginmsg; /* State exported from the child */ @@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m) buffer_put_int(m, 1); buffer_put_cstring(m, s->tty); - mm_request_send(sock, MONITOR_ANS_PTY, m); - - mm_send_fd(sock, s->ptyfd); - mm_send_fd(sock, s->ttyfd); /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) @@ -1244,6 +1241,15 @@ mm_answer_pty(int sock, Buffer *m) /* Now we can close the file descriptor again */ close(0); + /* send messages generated by record_login */ + buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); + buffer_clear(&loginmsg); + + mm_request_send(sock, MONITOR_ANS_PTY, m); + + mm_send_fd(sock, s->ptyfd); + mm_send_fd(sock, s->ttyfd); + /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); diff --git a/monitor_wrap.c b/monitor_wrap.c index f6bc34ec8..0d7a0e3bd 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $"); #include #include @@ -70,6 +70,7 @@ extern z_stream incoming_stream; extern z_stream outgoing_stream; extern struct monitor *pmonitor; extern Buffer input, output; +extern Buffer loginmsg; extern ServerOptions options; int @@ -642,7 +643,7 @@ int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { Buffer m; - char *p; + char *p, *msg; int success = 0; buffer_init(&m); @@ -658,11 +659,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) return (0); } p = buffer_get_string(&m, NULL); + msg = buffer_get_string(&m, NULL); buffer_free(&m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ xfree(p); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); + *ptyfd = mm_receive_fd(pmonitor->m_recvfd); *ttyfd = mm_receive_fd(pmonitor->m_recvfd); diff --git a/session.c b/session.c index 7c8fe5faf..99b84394e 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -196,12 +196,11 @@ auth_input_request_forwarding(struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s\n", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } - fflush(stdout); + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + printf("%s", (char *)buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } } void @@ -676,14 +675,19 @@ do_exec(Session *s, const char *command) do_exec_no_pty(s, command); original_command = NULL; -} + /* + * Clear loginmsg: it's the child's responsibility to display + * it to the user, otherwise multiple sessions may accumulate + * multiple copies of the login messages. + */ + buffer_clear(&loginmsg); +} /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) { - char *time_string; socklen_t fromlen; struct sockaddr_storage from; struct passwd * pw = s->pw; @@ -728,19 +732,6 @@ do_login(Session *s, const char *command) display_loginmsg(); -#ifndef NO_SSH_LASTLOG - if (options.print_lastlog && s->last_login_time != 0) { - time_string = ctime(&s->last_login_time); - if (strchr(time_string, '\n')) - *strchr(time_string, '\n') = 0; - if (strcmp(s->hostname, "") == 0) - printf("Last login: %s\r\n", time_string); - else - printf("Last login: %s from %s\r\n", time_string, - s->hostname); - } -#endif /* NO_SSH_LASTLOG */ - do_motd(); } @@ -1318,6 +1309,7 @@ do_setusercontext(struct passwd *pw) static void do_pwchange(Session *s) { + fflush(NULL); fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, @@ -1703,12 +1695,6 @@ session_pty_req(Session *s) packet_disconnect("Protocol error: you already have a pty."); return 0; } - /* Get the time and hostname when the user last logged in. */ - if (options.print_lastlog) { - s->hostname[0] = '\0'; - s->last_login_time = get_last_login_time(s->pw->pw_uid, - s->pw->pw_name, s->hostname, sizeof(s->hostname)); - } s->term = packet_get_string(&len); diff --git a/session.h b/session.h index e52506652..48be5070c 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $ */ +/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -39,9 +39,6 @@ struct Session { int ptyfd, ttyfd, ptymaster; u_int row, col, xpixel, ypixel; char tty[TTYSZ]; - /* last login */ - char hostname[MAXHOSTNAMELEN]; - time_t last_login_time; /* X11 */ u_int display_number; char *display; diff --git a/sshd.c b/sshd.c index ac62cb506..a9e7ccb31 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $"); #include #include @@ -216,6 +216,9 @@ Buffer loginmsg; /* global authentication context */ Authctxt *the_authctxt = NULL; +/* message to be displayed after login */ +Buffer loginmsg; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -1680,6 +1683,9 @@ main(int ac, char **av) if (privsep_preauth(authctxt) == 1) goto authenticated; + /* prepare buffer to collect messages to display to user after login */ + buffer_init(&loginmsg); + /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { diff --git a/sshlogin.c b/sshlogin.c index 75446f9eb..41817ec96 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -39,9 +39,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $"); #include "loginrec.h" +#include "log.h" +#include "buffer.h" +#include "servconf.h" + +extern Buffer loginmsg; +extern ServerOptions options; /* * Returns the time when the user last logged in. Returns 0 if the @@ -59,6 +65,38 @@ get_last_login_time(uid_t uid, const char *logname, return li.tv_sec; } +/* + * Generate and store last login message. This must be done before + * login_login() is called and lastlog is updated. + */ +void +store_lastlog_message(const char *user, uid_t uid) +{ + char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512]; + time_t last_login_time; + +#ifndef NO_SSH_LASTLOG + if (!options.print_lastlog) + return; + + last_login_time = get_last_login_time(uid, user, hostname, + sizeof(hostname)); + + if (last_login_time != 0) { + time_string = ctime(&last_login_time); + if (strchr(time_string, '\n')) + *strchr(time_string, '\n') = '\0'; + if (strcmp(hostname, "") == 0) + snprintf(buf, sizeof(buf), "Last login: %s\r\n", + time_string); + else + snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", + time_string, hostname); + buffer_append(&loginmsg, buf, strlen(buf)); + } +#endif /* NO_SSH_LASTLOG */ +} + /* * Records that the user has logged in. I wish these parts of operating * systems were more standardized. @@ -69,6 +107,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid, { struct logininfo *li; + /* save previous login details before writing new */ + store_lastlog_message(user, uid); + li = login_alloc_entry(pid, user, host, tty); login_set_addr(li, addr, addrlen); login_login(li); -- cgit v1.2.3 From 5cb30ad2ec4fe129e6d2e440eb2eba1c01f71661 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:40:24 +1000 Subject: - markus@cvs.openbsd.org 2004/07/28 09:40:29 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/ --- ChangeLog | 6 +++++- auth.c | 4 ++-- auth1.c | 6 +++--- auth2.c | 4 ++-- cipher.c | 4 ++-- cipher.h | 4 ++-- key.c | 6 +++--- session.c | 4 ++-- ssh.c | 4 ++-- sshconnect1.c | 4 ++-- 10 files changed, 25 insertions(+), 21 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index fbe2bbaa0..3d0347876 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ - markus@cvs.openbsd.org 2004/07/28 08:56:22 [sshd.c] call setsid() _before_ re-exec + - markus@cvs.openbsd.org 2004/07/28 09:40:29 + [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c + sshconnect1.c] + more s/illegal/invalid/ 20040720 - (djm) OpenBSD CVS Sync @@ -1571,4 +1575,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3490 2004/08/12 12:36:51 dtucker Exp $ +$Id: ChangeLog,v 1.3491 2004/08/12 12:40:24 dtucker Exp $ diff --git a/auth.c b/auth.c index 0bb7e2807..0956b0b19 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.55 2004/07/21 08:56:12 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #ifdef HAVE_LOGIN_H #include @@ -233,7 +233,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, - authctxt->valid ? "" : "illegal user ", + authctxt->valid ? "" : "invalid user ", authctxt->user, get_remote_ipaddr(), get_remote_port(), diff --git a/auth1.c b/auth1.c index ea133b0cb..3f93b9869 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.58 2004/07/21 10:33:31 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -71,7 +71,7 @@ do_authloop(Authctxt *authctxt) int prev, type = 0; debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "illegal user ", authctxt->user); + authctxt->valid ? "" : "invalid user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ if (options.password_authentication && @@ -302,7 +302,7 @@ do_authentication(Authctxt *authctxt) if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) authctxt->valid = 1; else { - debug("do_authentication: illegal user %s", user); + debug("do_authentication: invalid user %s", user); authctxt->pw = fakepw(); } diff --git a/auth2.c b/auth2.c index a8c8bd283..b98309576 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.106 2004/07/21 10:33:31 djm Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -159,7 +159,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) PRIVSEP(start_pam(authctxt)); #endif } else { - logit("input_userauth_request: illegal user %s", user); + logit("input_userauth_request: invalid user %s", user); authctxt->pw = fakepw(); #ifdef USE_PAM if (options.use_pam) diff --git a/cipher.c b/cipher.c index 93f96be6d..075a4c5fc 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.70 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -106,7 +106,7 @@ struct Cipher { #if defined(EVP_CTRL_SET_ACSS_MODE) { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, #endif - { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } }; /*--*/ diff --git a/cipher.h b/cipher.h index 74b3669fd..6bb5719b0 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: cipher.h,v 1.35 2004/07/28 09:40:29 markus Exp $ */ /* * Author: Tatu Ylonen @@ -43,7 +43,7 @@ * be removed for compatibility. The maximum allowed value is 31. */ #define SSH_CIPHER_SSH2 -3 -#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ +#define SSH_CIPHER_INVALID -2 /* No valid cipher selected. */ #define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ #define SSH_CIPHER_NONE 0 /* no encryption */ #define SSH_CIPHER_IDEA 1 /* IDEA CFB */ diff --git a/key.c b/key.c index 323e6ff84..21b0869df 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #include @@ -782,7 +782,7 @@ key_sign( return ssh_rsa_sign(key, sigp, lenp, data, datalen); break; default: - error("key_sign: illegal key type %d", key->type); + error("key_sign: invalid key type %d", key->type); return -1; break; } @@ -809,7 +809,7 @@ key_verify( return ssh_rsa_verify(key, signature, signaturelen, data, datalen); break; default: - error("key_verify: illegal key type %d", key->type); + error("key_verify: invalid key type %d", key->type); return -1; break; } diff --git a/session.c b/session.c index 99b84394e..ee4008acf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -264,7 +264,7 @@ do_authenticated1(Authctxt *authctxt) compression_level = packet_get_int(); packet_check_eom(); if (compression_level < 1 || compression_level > 9) { - packet_send_debug("Received illegal compression level %d.", + packet_send_debug("Received invalid compression level %d.", compression_level); break; } diff --git a/ssh.c b/ssh.c index 6dff591f1..edf8f2c5e 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.223 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); #include #include @@ -344,7 +344,7 @@ again: if (ciphers_valid(optarg)) { /* SSH2 only */ options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_ILLEGAL; + options.cipher = SSH_CIPHER_INVALID; } else { /* SSH1 only */ options.cipher = cipher_number(optarg); diff --git a/sshconnect1.c b/sshconnect1.c index 61fecab14..6e2e31c02 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.59 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $"); #include #include @@ -598,7 +598,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) if (options.cipher == SSH_CIPHER_NOT_SET) { if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) options.cipher = ssh_cipher_default; - } else if (options.cipher == SSH_CIPHER_ILLEGAL || + } else if (options.cipher == SSH_CIPHER_INVALID || !(cipher_mask_ssh1(1) & (1 << options.cipher))) { logit("No valid SSH1 cipher, using %.100s instead.", cipher_name(ssh_cipher_default)); -- cgit v1.2.3