From bd5361b23728640b7a6c2e4e10fcbd84101a6045 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 22 Sep 2003 20:59:16 +1000 Subject: - markus@cvs.openbsd.org 2003/09/18 07:52:54 [sshconnect.c] missing {}; bug #656; jclonguet at free.fr --- sshconnect.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index 40d22800f..f29ac8088 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.147 2003/06/29 12:44:38 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); #include @@ -271,9 +271,10 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, optval = 0; optlen = sizeof(optval); if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, - &optlen) == -1) + &optlen) == -1) { debug("getsockopt: %s", strerror(errno)); break; + } if (optval != 0) { errno = optval; break; -- cgit v1.2.3 From dda19d63ffeed569c57f4b9359bc358abe690d23 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Oct 2003 16:00:47 +1000 Subject: - jakob@cvs.openbsd.org 2003/10/14 19:42:10 [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@ --- ChangeLog | 5 ++++- dns.c | 7 ++----- dns.h | 4 +--- readconf.c | 6 +----- ssh-keygen.c | 12 +----------- sshconnect.c | 10 +--------- 6 files changed, 10 insertions(+), 34 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index 486a2a981..414a51f25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - markus@cvs.openbsd.org 2003/10/13 08:22:25 [scp.1 sftp.1] don't refer to options related to forwarding; ok jmc@ + - jakob@cvs.openbsd.org 2003/10/14 19:42:10 + [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] + include SSHFP lookup code (not enabled by default). ok markus@ 20031009 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ @@ -1347,4 +1350,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $ +$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $ diff --git a/dns.c b/dns.c index 90ab5601a..2fff1b802 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #include #ifdef LWRES #include @@ -44,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) return success; } - -#endif /* DNS */ diff --git a/dns.h b/dns.h index ba0ea9fb4..1eb07d96e 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */ +/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #ifndef DNS_H #define DNS_H @@ -54,4 +53,3 @@ int verify_host_key_dns(const char *, struct sockaddr *, Key *); int export_dns_rr(const char *, Key *, FILE *, int); #endif /* DNS_H */ -#endif /* DNS */ diff --git a/readconf.c b/readconf.c index e5f2620a7..86d28bc8d 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -183,11 +183,7 @@ static struct { #endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, -#ifdef DNS { "verifyhostkeydns", oVerifyHostKeyDNS }, -#else - { "verifyhostkeydns", oUnsupported }, -#endif { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "rekeylimit", oRekeyLimit }, { "connecttimeout", oConnectTimeout }, diff --git a/ssh-keygen.c b/ssh-keygen.c index 5b7bc400a..4a3cf241a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $"); #include #include @@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); #ifdef SMARTCARD #include "scard.h" #endif -#ifdef DNS #include "dns.h" -#endif /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw) exit(0); } -#ifdef DNS /* * Print the SSHFP RR. */ @@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname) printf("failed to read v2 public key from %s.\n", identity_file); exit(1); } -#endif /* DNS */ /* * Change the comment of a private key file. @@ -774,9 +770,7 @@ usage(void) fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); -#ifdef DNS fprintf(stderr, " -r hostname Print DNS resource record.\n"); -#endif /* DNS */ #ifdef SMARTCARD fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); @@ -959,11 +953,7 @@ main(int ac, char **av) if (print_public) do_print_public(pw); if (resource_record_hostname != NULL) { -#ifdef DNS do_print_resource_record(pw, resource_record_hostname); -#else /* DNS */ - fatal("no DNS support."); -#endif /* DNS */ } if (reader_id != NULL) { #ifdef SMARTCARD diff --git a/sshconnect.c b/sshconnect.c index f29ac8088..2c028f3a6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $"); #include @@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); #include "misc.h" #include "readpass.h" -#ifdef DNS #include "dns.h" -#endif char *client_version_string = NULL; char *server_version_string = NULL; -#ifdef DNS int verified_host_key_dns = 0; -#endif /* import */ extern Options options; @@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); msg2[0] = '\0'; -#ifdef DNS if (options.verify_host_key_dns) { if (verified_host_key_dns) snprintf(msg2, sizeof(msg2), @@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "No matching host key fingerprint" " found in DNS.\n"); } -#endif snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" @@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { struct stat st; -#ifdef DNS if (options.verify_host_key_dns) { switch(verify_host_key_dns(host, hostaddr, host_key)) { case DNS_VERIFY_OK: @@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) break; } } -#endif /* DNS */ /* return ok if the key can be found in an old keyfile */ if (stat(options.system_hostfile2, &st) == 0 || -- cgit v1.2.3 From 5a38897dbb417d2dacaaeae5bd5ce0718a7f3fb1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Nov 2003 21:10:47 +1100 Subject: - jakob@cvs.openbsd.org 2003/11/03 09:09:41 [sshconnect.c] move changed key warning into warn_changed_key(). ok markus@ --- ChangeLog | 6 ++++-- sshconnect.c | 37 +++++++++++++++++++++++++------------ 2 files changed, 29 insertions(+), 14 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index ad94d39ff..a210ccf31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,9 @@ [auth-chall.c] make this a little more idiot-proof; ok markus@ (includes portable-specific changes) - + - jakob@cvs.openbsd.org 2003/11/03 09:09:41 + [sshconnect.c] + move changed key warning into warn_changed_key(). ok markus@ 20031115 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and @@ -1425,4 +1427,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3098 2003/11/17 10:09:50 djm Exp $ +$Id: ChangeLog,v 1.3099 2003/11/17 10:10:47 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 2c028f3a6..3c8f480ed 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $"); #include @@ -52,6 +52,7 @@ extern pid_t proxy_command_pid; #endif static int show_other_keys(const char *, Key *); +static void warn_changed_key(Key *); /* * Connect to the given ssh server using a proxy command. @@ -785,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Offending key for IP in %s:%d", ip_file, ip_line); } /* The host key has changed. */ - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", type); - error("The fingerprint for the %s key sent by the remote host is\n%s.", - type, fp); - error("Please contact your system administrator."); + warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfile); error("Offending key in %s:%d", host_file, host_line); - xfree(fp); /* * If strict host key checking is in use, the user will have @@ -1045,3 +1036,25 @@ show_other_keys(const char *host, Key *key) } return (found); } + +static void +warn_changed_key(Key *host_key) +{ + char *fp; + char *type = key_type(host_key); + + fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); + error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); + error("It is also possible that the %s host key has just been changed.", type); + error("The fingerprint for the %s key sent by the remote host is\n%s.", + type, fp); + error("Please contact your system administrator."); + + xfree(fp); + xfree(type); +} -- cgit v1.2.3 From 8f746ec9703a0072c7a07a25e4c059f7533bf94b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Nov 2003 21:11:15 +1100 Subject: - jakob@cvs.openbsd.org 2003/11/03 09:37:32 [sshconnect.c] do not free static type pointer in warn_changed_key() --- ChangeLog | 5 ++++- sshconnect.c | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index a210ccf31..86f4bffe8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ - jakob@cvs.openbsd.org 2003/11/03 09:09:41 [sshconnect.c] move changed key warning into warn_changed_key(). ok markus@ + - jakob@cvs.openbsd.org 2003/11/03 09:37:32 + [sshconnect.c] + do not free static type pointer in warn_changed_key() 20031115 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and @@ -1427,4 +1430,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3099 2003/11/17 10:10:47 djm Exp $ +$Id: ChangeLog,v 1.3100 2003/11/17 10:11:15 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 3c8f480ed..55ebd7ef2 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.151 2003/11/03 09:37:32 jakob Exp $"); #include @@ -1041,7 +1041,7 @@ static void warn_changed_key(Key *host_key) { char *fp; - char *type = key_type(host_key); + const char *type = key_type(host_key); fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); @@ -1056,5 +1056,4 @@ warn_changed_key(Key *host_key) error("Please contact your system administrator."); xfree(fp); - xfree(type); } -- cgit v1.2.3 From f58b58ced10c2e9ae899f63d4e915ec9723cf5a1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Nov 2003 21:18:23 +1100 Subject: - jakob@cvs.openbsd.org 2003/11/10 16:23:41 [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] constify. ok markus@ & djm@ --- ChangeLog | 7 ++++++- bufaux.c | 6 +++--- bufaux.h | 6 +++--- cipher.c | 12 ++++++------ cipher.h | 12 ++++++------ hostfile.c | 10 +++++----- hostfile.h | 6 +++--- key.c | 40 +++++++++++++++++++++------------------- key.h | 46 +++++++++++++++++++++++----------------------- sftp-common.c | 10 +++++----- sftp-common.h | 10 +++++----- sftp-server.c | 16 ++++++++-------- ssh-dss.c | 20 ++++++++++---------- ssh-rsa.c | 10 +++++----- sshconnect.c | 4 ++-- sshd.c | 11 ++++++----- uuencode.c | 4 ++-- uuencode.h | 4 ++-- 18 files changed, 121 insertions(+), 113 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index e688333f2..d1b0f6421 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,11 @@ - jmc@cvs.openbsd.org 2003/11/08 19:17:29 [sftp-int.c] typos from Jonathon Gray; + - jakob@cvs.openbsd.org 2003/11/10 16:23:41 + [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] + [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] + [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] + constify. ok markus@ & djm@ 20031115 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and @@ -1443,4 +1448,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3103 2003/11/17 10:17:24 djm Exp $ +$Id: ChangeLog,v 1.3104 2003/11/17 10:18:23 djm Exp $ diff --git a/bufaux.c b/bufaux.c index 1df15b548..339d74435 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); #include #include "bufaux.h" @@ -50,7 +50,7 @@ RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $"); * by (bits+7)/8 bytes of binary data, msb first. */ void -buffer_put_bignum(Buffer *buffer, BIGNUM *value) +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) { int bits = BN_num_bits(value); int bin_size = (bits + 7) / 8; @@ -101,7 +101,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) * Stores an BIGNUM in the buffer in SSH2 format. */ void -buffer_put_bignum2(Buffer *buffer, BIGNUM *value) +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) { u_int bytes = BN_num_bytes(value) + 1; u_char *buf = xmalloc(bytes); diff --git a/bufaux.h b/bufaux.h index 935553579..61c72e353 100644 --- a/bufaux.h +++ b/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $ */ +/* $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -18,8 +18,8 @@ #include "buffer.h" #include -void buffer_put_bignum(Buffer *, BIGNUM *); -void buffer_put_bignum2(Buffer *, BIGNUM *); +void buffer_put_bignum(Buffer *, const BIGNUM *); +void buffer_put_bignum2(Buffer *, const BIGNUM *); void buffer_get_bignum(Buffer *, BIGNUM *); void buffer_get_bignum2(Buffer *, BIGNUM *); diff --git a/cipher.c b/cipher.c index ce533670b..a1c40cc4a 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $"); #include "xmalloc.h" #include "log.h" @@ -99,19 +99,19 @@ struct Cipher { /*--*/ u_int -cipher_blocksize(Cipher *c) +cipher_blocksize(const Cipher *c) { return (c->block_size); } u_int -cipher_keylen(Cipher *c) +cipher_keylen(const Cipher *c) { return (c->key_len); } u_int -cipher_get_number(Cipher *c) +cipher_get_number(const Cipher *c) { return (c->number); } @@ -311,7 +311,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, */ int -cipher_get_keyiv_len(CipherContext *cc) +cipher_get_keyiv_len(const CipherContext *cc) { Cipher *c = cc->cipher; int ivlen; @@ -397,7 +397,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) #endif int -cipher_get_keycontext(CipherContext *cc, u_char *dat) +cipher_get_keycontext(const CipherContext *cc, u_char *dat) { Cipher *c = cc->cipher; int plen = 0; diff --git a/cipher.h b/cipher.h index fc7f6dd0f..74b3669fd 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.33 2002/03/18 17:13:15 markus Exp $ */ +/* $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -79,13 +79,13 @@ void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); -u_int cipher_blocksize(Cipher *); -u_int cipher_keylen(Cipher *); +u_int cipher_blocksize(const Cipher *); +u_int cipher_keylen(const Cipher *); -u_int cipher_get_number(Cipher *); +u_int cipher_get_number(const Cipher *); void cipher_get_keyiv(CipherContext *, u_char *, u_int); void cipher_set_keyiv(CipherContext *, u_char *); -int cipher_get_keyiv_len(CipherContext *); -int cipher_get_keycontext(CipherContext *, u_char *); +int cipher_get_keyiv_len(const CipherContext *); +int cipher_get_keycontext(const CipherContext *, u_char *); void cipher_set_keycontext(CipherContext *, u_char *); #endif /* CIPHER_H */ diff --git a/hostfile.c b/hostfile.c index 42a8aa71d..88c054912 100644 --- a/hostfile.c +++ b/hostfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.31 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $"); #include "packet.h" #include "match.h" @@ -72,7 +72,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) } static int -hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) +hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum) { if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; @@ -98,7 +98,7 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i static HostStatus check_host_in_hostfile_by_key_or_type(const char *filename, - const char *host, Key *key, int keytype, Key *found, int *numret) + const char *host, const Key *key, int keytype, Key *found, int *numret) { FILE *f; char line[8192]; @@ -188,7 +188,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, } HostStatus -check_host_in_hostfile(const char *filename, const char *host, Key *key, +check_host_in_hostfile(const char *filename, const char *host, const Key *key, Key *found, int *numret) { if (key == NULL) @@ -211,7 +211,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, Key *key) +add_host_to_hostfile(const char *filename, const char *host, const Key *key) { FILE *f; int success = 0; diff --git a/hostfile.h b/hostfile.h index e3d116581..efcddc9f9 100644 --- a/hostfile.h +++ b/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */ +/* $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -20,8 +20,8 @@ typedef enum { int hostfile_read_key(char **, u_int *, Key *); HostStatus check_host_in_hostfile(const char *, const char *, - Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, Key *); + const Key *, Key *, int *); +int add_host_to_hostfile(const char *, const char *, const Key *); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); diff --git a/key.c b/key.c index 54318cbbf..323e6ff84 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $"); +RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $"); #include @@ -143,8 +143,9 @@ key_free(Key *k) } xfree(k); } + int -key_equal(Key *a, Key *b) +key_equal(const Key *a, const Key *b) { if (a == NULL || b == NULL || a->type != b->type) return 0; @@ -170,7 +171,8 @@ key_equal(Key *a, Key *b) } u_char* -key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) +key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) { const EVP_MD *md = NULL; EVP_MD_CTX ctx; @@ -292,7 +294,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) } char * -key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) +key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { char *retval = NULL; u_char *dgst_raw; @@ -490,7 +492,7 @@ key_read(Key *ret, char **cpp) } int -key_write(Key *key, FILE *f) +key_write(const Key *key, FILE *f) { int n, success = 0; u_int len, bits = 0; @@ -522,8 +524,8 @@ key_write(Key *key, FILE *f) return success; } -char * -key_type(Key *k) +const char * +key_type(const Key *k) { switch (k->type) { case KEY_RSA1: @@ -539,8 +541,8 @@ key_type(Key *k) return "unknown"; } -char * -key_ssh_name(Key *k) +const char * +key_ssh_name(const Key *k) { switch (k->type) { case KEY_RSA: @@ -554,7 +556,7 @@ key_ssh_name(Key *k) } u_int -key_size(Key *k) +key_size(const Key *k) { switch (k->type) { case KEY_RSA1: @@ -611,7 +613,7 @@ key_generate(int type, u_int bits) } Key * -key_from_private(Key *k) +key_from_private(const Key *k) { Key *n = NULL; switch (k->type) { @@ -676,7 +678,7 @@ key_names_valid2(const char *names) } Key * -key_from_blob(u_char *blob, u_int blen) +key_from_blob(const u_char *blob, u_int blen) { Buffer b; char *ktype; @@ -726,7 +728,7 @@ key_from_blob(u_char *blob, u_int blen) } int -key_to_blob(Key *key, u_char **blobp, u_int *lenp) +key_to_blob(const Key *key, u_char **blobp, u_int *lenp) { Buffer b; int len; @@ -768,9 +770,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) int key_sign( - Key *key, + const Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) + const u_char *data, u_int datalen) { switch (key->type) { case KEY_DSA: @@ -792,9 +794,9 @@ key_sign( */ int key_verify( - Key *key, - u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) + const Key *key, + const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { if (signaturelen == 0) return -1; @@ -815,7 +817,7 @@ key_verify( /* Converts a private to a public key */ Key * -key_demote(Key *k) +key_demote(const Key *k) { Key *pk; diff --git a/key.h b/key.h index 28753fdfa..50df8500b 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */ +/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -55,33 +55,33 @@ struct Key { DSA *dsa; }; -Key *key_new(int); -Key *key_new_private(int); -void key_free(Key *); -Key *key_demote(Key *); -int key_equal(Key *, Key *); -char *key_fingerprint(Key *, enum fp_type, enum fp_rep); -u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -char *key_type(Key *); -int key_write(Key *, FILE *); -int key_read(Key *, char **); -u_int key_size(Key *); +Key *key_new(int); +Key *key_new_private(int); +void key_free(Key *); +Key *key_demote(const Key *); +int key_equal(const Key *, const Key *); +char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); +u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); +const char *key_type(const Key *); +int key_write(const Key *, FILE *); +int key_read(Key *, char **); +u_int key_size(const Key *); Key *key_generate(int, u_int); -Key *key_from_private(Key *); +Key *key_from_private(const Key *); int key_type_from_name(char *); -Key *key_from_blob(u_char *, u_int); -int key_to_blob(Key *, u_char **, u_int *); -char *key_ssh_name(Key *); -int key_names_valid2(const char *); +Key *key_from_blob(const u_char *, u_int); +int key_to_blob(const Key *, u_char **, u_int *); +const char *key_ssh_name(const Key *); +int key_names_valid2(const char *); -int key_sign(Key *, u_char **, u_int *, u_char *, u_int); -int key_verify(Key *, u_char *, u_int, u_char *, u_int); +int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); -int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); +int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); #endif diff --git a/sftp-common.c b/sftp-common.c index 5313b134d..4cea3c305 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.9 2003/05/24 09:30:40 djm Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $"); #include "buffer.h" #include "bufaux.h" @@ -49,7 +49,7 @@ attrib_clear(Attrib *a) /* Convert from struct stat to filexfer attribs */ void -stat_to_attrib(struct stat *st, Attrib *a) +stat_to_attrib(const struct stat *st, Attrib *a) { attrib_clear(a); a->flags = 0; @@ -67,7 +67,7 @@ stat_to_attrib(struct stat *st, Attrib *a) /* Convert from filexfer attribs to struct stat */ void -attrib_to_stat(Attrib *a, struct stat *st) +attrib_to_stat(const Attrib *a, struct stat *st) { memset(st, 0, sizeof(*st)); @@ -124,7 +124,7 @@ decode_attrib(Buffer *b) /* Encode attributes to buffer */ void -encode_attrib(Buffer *b, Attrib *a) +encode_attrib(Buffer *b, const Attrib *a) { buffer_put_int(b, a->flags); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) @@ -174,7 +174,7 @@ fx2txt(int status) * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh */ char * -ls_file(char *name, struct stat *st, int remote) +ls_file(const char *name, const struct stat *st, int remote) { int ulen, glen, sz = 0; struct passwd *pw; diff --git a/sftp-common.h b/sftp-common.h index 201611cc4..b42ba9140 100644 --- a/sftp-common.h +++ b/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -39,10 +39,10 @@ struct Attrib { }; void attrib_clear(Attrib *); -void stat_to_attrib(struct stat *, Attrib *); -void attrib_to_stat(Attrib *, struct stat *); +void stat_to_attrib(const struct stat *, Attrib *); +void attrib_to_stat(const Attrib *, struct stat *); Attrib *decode_attrib(Buffer *); -void encode_attrib(Buffer *, Attrib *); -char *ls_file(char *, struct stat *, int); +void encode_attrib(Buffer *, const Attrib *); +char *ls_file(const char *, const struct stat *, int); const char *fx2txt(int); diff --git a/sftp-server.c b/sftp-server.c index 9166853ed..d528a1d6e 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.44 2003/11/10 16:23:41 jakob Exp $"); #include "buffer.h" #include "bufaux.h" @@ -149,7 +149,7 @@ handle_init(void) } static int -handle_new(int use, char *name, int fd, DIR *dirp) +handle_new(int use, const char *name, int fd, DIR *dirp) { int i; @@ -184,7 +184,7 @@ handle_to_string(int handle, char **stringp, int *hlenp) } static int -handle_from_string(char *handle, u_int hlen) +handle_from_string(const char *handle, u_int hlen) { int val; @@ -298,7 +298,7 @@ send_status(u_int32_t id, u_int32_t error) buffer_free(&msg); } static void -send_data_or_handle(char type, u_int32_t id, char *data, int dlen) +send_data_or_handle(char type, u_int32_t id, const char *data, int dlen) { Buffer msg; @@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen) } static void -send_data(u_int32_t id, char *data, int dlen) +send_data(u_int32_t id, const char *data, int dlen) { TRACE("sent data id %u len %d", id, dlen); send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); @@ -330,7 +330,7 @@ send_handle(u_int32_t id, int handle) } static void -send_names(u_int32_t id, int count, Stat *stats) +send_names(u_int32_t id, int count, const Stat *stats) { Buffer msg; int i; @@ -350,7 +350,7 @@ send_names(u_int32_t id, int count, Stat *stats) } static void -send_attrib(u_int32_t id, Attrib *a) +send_attrib(u_int32_t id, const Attrib *a) { Buffer msg; @@ -567,7 +567,7 @@ process_fstat(void) } static struct timeval * -attrib_to_tv(Attrib *a) +attrib_to_tv(const Attrib *a) { static struct timeval tv[2]; diff --git a/ssh-dss.c b/ssh-dss.c index 6cedcc4dc..381b7dedb 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $"); #include #include @@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); #define SIGBLOB_LEN (2*INTBLOB_LEN) int -ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); @@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, return 0; } int -ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) +ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); @@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, /* fetch signature */ if (datafellows & SSH_BUG_SIGBLOB) { - sigblob = signature; + sigblob = xmalloc(signaturelen); + memcpy(sigblob, signature, signaturelen); len = signaturelen; } else { /* ietf-drafts */ @@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); - if (!(datafellows & SSH_BUG_SIGBLOB)) { - memset(sigblob, 0, len); - xfree(sigblob); - } + /* clean up */ + memset(sigblob, 0, len); + xfree(sigblob); /* sha1 the data */ EVP_DigestInit(&md, evp_md); diff --git a/ssh-rsa.c b/ssh-rsa.c index 53e5023f7..6e3be0a7e 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.30 2003/06/18 11:28:11 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); #include #include @@ -31,8 +31,8 @@ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int -ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) { const EVP_MD *evp_md; EVP_MD_CTX md; @@ -96,8 +96,8 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, } int -ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) +ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { Buffer b; const EVP_MD *evp_md; diff --git a/sshconnect.c b/sshconnect.c index 55ebd7ef2..bf8c23d73 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.151 2003/11/03 09:37:32 jakob Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.152 2003/11/10 16:23:41 jakob Exp $"); #include @@ -563,7 +563,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) { Key *file_key; - char *type = key_type(host_key); + const char *type = key_type(host_key); char *ip = NULL; char hostline[1000], *hostp, *fp; HostStatus host_status; diff --git a/sshd.c b/sshd.c index 7d97c92de..a9001a040 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.280 2003/10/02 10:41:59 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.281 2003/11/10 16:23:41 jakob Exp $"); #include #include @@ -668,7 +668,8 @@ static char * list_hostkey_types(void) { Buffer b; - char *p; + const char *p; + char *ret; int i; buffer_init(&b); @@ -687,10 +688,10 @@ list_hostkey_types(void) } } buffer_append(&b, "\0", 1); - p = xstrdup(buffer_ptr(&b)); + ret = xstrdup(buffer_ptr(&b)); buffer_free(&b); - debug("list_hostkey_types: %s", p); - return p; + debug("list_hostkey_types: %s", ret); + return ret; } Key * diff --git a/uuencode.c b/uuencode.c index 21eaf4d3f..0a7c8d16a 100644 --- a/uuencode.c +++ b/uuencode.c @@ -23,13 +23,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $"); +RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $"); #include "xmalloc.h" #include "uuencode.h" int -uuencode(u_char *src, u_int srclength, +uuencode(const u_char *src, u_int srclength, char *target, size_t targsize) { return __b64_ntop(src, srclength, target, targsize); diff --git a/uuencode.h b/uuencode.h index 682b623ac..08e87c4bc 100644 --- a/uuencode.h +++ b/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.9 2002/02/25 16:33:27 markus Exp $ */ +/* $OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ #ifndef UUENCODE_H #define UUENCODE_H -int uuencode(u_char *, u_int, char *, size_t); +int uuencode(const u_char *, u_int, char *, size_t); int uudecode(const char *, u_char *, size_t); void dump_base64(FILE *, u_char *, u_int); #endif -- cgit v1.2.3 From 150b55745b5a0790cfc8d5e6560ab5e7f2f94340 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Nov 2003 21:19:29 +1100 Subject: - jakob@cvs.openbsd.org 2003/11/12 16:39:58 [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] update SSHFP validation. ok markus@ --- ChangeLog | 5 ++++- dns.c | 68 +++++++++++++++++++++++++----------------------------------- dns.h | 13 ++++++------ readconf.c | 5 +++-- ssh_config.5 | 19 ++++++++++++++++- sshconnect.c | 40 ++++++++++++++++++----------------- 6 files changed, 81 insertions(+), 69 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index 40a393109..b5667e79a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,9 @@ - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 [scp.c] When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@ + - jakob@cvs.openbsd.org 2003/11/12 16:39:58 + [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] + update SSHFP validation. ok markus@ 20031115 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and @@ -1451,4 +1454,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3105 2003/11/17 10:19:05 djm Exp $ +$Id: ChangeLog,v 1.3106 2003/11/17 10:19:29 djm Exp $ diff --git a/dns.c b/dns.c index 2fff1b802..2342b6609 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -83,7 +83,7 @@ dns_result_totext(unsigned int error) */ static int dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, - u_char **digest, u_int *digest_len, Key *key) + u_char **digest, u_int *digest_len, const Key *key) { int success = 0; @@ -145,16 +145,15 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, /* * Verify the given hostname, address and host key using DNS. - * Returns 0 if key verifies or -1 if key does NOT verify + * Returns 0 if lookup succeeds, -1 otherwise */ int verify_host_key_dns(const char *hostname, struct sockaddr *address, - Key *hostkey) + const Key *hostkey, int *flags) { int counter; int result; struct rrsetinfo *fingerprints = NULL; - int failures = 0; u_int8_t hostkey_algorithm; u_int8_t hostkey_digest_type; @@ -166,6 +165,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, u_char *dnskey_digest; u_int dnskey_digest_len; + *flags = 0; debug3("verify_hostkey_dns"); if (hostkey == NULL) @@ -175,28 +175,29 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, DNS_RDATATYPE_SSHFP, 0, &fingerprints); if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); - return DNS_VERIFY_ERROR; + return -1; } -#ifdef DNSSEC - /* Only accept validated answers */ - if (!fingerprints->rri_flags & RRSET_VALIDATED) { - error("Ignored unvalidated fingerprint from DNS."); - freerrset(fingerprints); - return DNS_VERIFY_ERROR; + if (fingerprints->rri_flags & RRSET_VALIDATED) { + *flags |= DNS_VERIFY_SECURE; + debug("found %d secure fingerprints in DNS", + fingerprints->rri_nrdatas); + } else { + debug("found %d insecure fingerprints in DNS", + fingerprints->rri_nrdatas); } -#endif - - debug("found %d fingerprints in DNS", fingerprints->rri_nrdatas); /* Initialize host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); freerrset(fingerprints); - return DNS_VERIFY_ERROR; + return -1; } + if (fingerprints->rri_nrdatas) + *flags |= DNS_VERIFY_FOUND; + for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) { /* * Extract the key from the answer. Ignore any badly @@ -218,35 +219,22 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, memcmp(hostkey_digest, dnskey_digest, hostkey_digest_len) == 0) { - /* Matching algoritm and digest. */ - freerrset(fingerprints); - debug("matching host key fingerprint found in DNS"); - return DNS_VERIFY_OK; - } else { - /* Correct algorithm but bad digest */ - debug("verify_hostkey_dns: failed"); - failures++; + *flags |= DNS_VERIFY_MATCH; } } } freerrset(fingerprints); - if (failures) { - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", - key_type(hostkey)); - error("Please contact your system administrator."); - return DNS_VERIFY_FAILED; - } - - debug("fingerprints found in DNS, but none of them matched"); + if (*flags & DNS_VERIFY_FOUND) + if (*flags & DNS_VERIFY_MATCH) + debug("matching host key fingerprint found in DNS"); + else + debug("mismatching host key fingerprint found in DNS"); + else + debug("no host key fingerprint found in DNS"); - return DNS_VERIFY_ERROR; + return 0; } @@ -254,7 +242,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, * Export the fingerprint of a key as a DNS resource record */ int -export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) +export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) { u_int8_t rdata_pubkey_algorithm = 0; u_int8_t rdata_digest_type = SSHFP_HASH_SHA1; diff --git a/dns.h b/dns.h index 1eb07d96e..c5da22ef6 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */ +/* $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -45,11 +45,12 @@ enum sshfp_hashes { #define DNS_RDATACLASS_IN 1 #define DNS_RDATATYPE_SSHFP 44 -#define DNS_VERIFY_FAILED -1 -#define DNS_VERIFY_OK 0 -#define DNS_VERIFY_ERROR 1 +#define DNS_VERIFY_FOUND 0x00000001 +#define DNS_VERIFY_MATCH 0x00000002 +#define DNS_VERIFY_SECURE 0x00000004 -int verify_host_key_dns(const char *, struct sockaddr *, Key *); -int export_dns_rr(const char *, Key *, FILE *, int); + +int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *); +int export_dns_rr(const char *, const Key *, FILE *, int); #endif /* DNS_H */ diff --git a/readconf.c b/readconf.c index 86d28bc8d..da49a3944 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -401,10 +401,11 @@ parse_flag: case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; - goto parse_flag; + goto parse_yesnoask; case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; +parse_yesnoask: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing yes/no/ask argument.", diff --git a/ssh_config.5 b/ssh_config.5 index 9073ce51f..55ca907eb 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.23 2003/10/12 13:12:13 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.24 2003/11/12 16:39:58 jakob Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -642,6 +642,23 @@ host key database instead of .It Cm VerifyHostKeyDNS Specifies whether to verify the remote key using DNS and SSHFP resource records. +If this option is set to +.Dq yes , +the client will implicitly trust keys that matches a secure fingerprint +from DNS. +Insecure fingerprints will be handled as if this option was set to +.Dq ask . +If this option is set to +.Dq ask , +information on fingerprint match will be displayed, but the user will still +need to confirm new host keys according to the +.Cm StrictHostKeyChecking +option. +The argument must be +.Dq yes , +.Dq no +or +.Dq ask . The default is .Dq no . Note that this option applies to protocol version 2 only. diff --git a/sshconnect.c b/sshconnect.c index bf8c23d73..5972e2ba9 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.152 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.153 2003/11/12 16:39:58 jakob Exp $"); #include @@ -38,7 +38,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.152 2003/11/10 16:23:41 jakob Exp $"); char *client_version_string = NULL; char *server_version_string = NULL; -int verified_host_key_dns = 0; +int matching_host_key_dns = 0; /* import */ extern Options options; @@ -728,7 +728,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); msg2[0] = '\0'; if (options.verify_host_key_dns) { - if (verified_host_key_dns) + if (matching_host_key_dns) snprintf(msg2, sizeof(msg2), "Matching host key fingerprint" " found in DNS.\n"); @@ -892,23 +892,25 @@ int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { struct stat st; + int flags = 0; - if (options.verify_host_key_dns) { - switch(verify_host_key_dns(host, hostaddr, host_key)) { - case DNS_VERIFY_OK: -#ifdef DNSSEC - return 0; -#else - verified_host_key_dns = 1; - break; -#endif - case DNS_VERIFY_FAILED: - return -1; - case DNS_VERIFY_ERROR: - break; - default: - debug3("bad return value from verify_host_key_dns"); - break; + if (options.verify_host_key_dns && + verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { + + if (flags & DNS_VERIFY_FOUND) { + + if (options.verify_host_key_dns == 1 && + flags & DNS_VERIFY_MATCH && + flags & DNS_VERIFY_SECURE) + return 0; + + if (flags & DNS_VERIFY_MATCH) { + matching_host_key_dns = 1; + } else { + warn_changed_key(host_key); + error("Update the SSHFP RR in DNS with the new " + "host key to get rid of this message."); + } } } -- cgit v1.2.3 From a8e06cef35c205e1aa562513c6d034a10c8c9a6d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 21 Nov 2003 23:48:55 +1100 Subject: - djm@cvs.openbsd.org 2003/11/21 11:57:03 [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced) --- CREDITS | 4 +- ChangeLog | 6 +- INSTALL | 52 ++++---- LICENCE | 42 +++---- Makefile.in | 22 ++-- OVERVIEW | 18 +-- README | 20 +-- README.privsep | 12 +- README.smartcard | 14 +-- RFC.nroff | 4 +- TODO | 12 +- WARNING.RNG | 10 +- auth-chall.c | 2 +- auth-krb5.c | 6 +- auth-pam.c | 44 +++---- auth-passwd.c | 8 +- auth-sia.c | 2 +- auth.c | 10 +- auth1.c | 2 +- auth2-gss.c | 8 +- authfd.c | 4 +- authfd.h | 4 +- buffer.c | 2 +- channels.c | 6 +- cipher-ctr.c | 4 +- config.guess | 158 ++++++++++++------------ config.sub | 48 ++++---- configure.ac | 266 ++++++++++++++++++++-------------------- contrib/README | 6 +- contrib/aix/buildbff.sh | 50 ++++---- contrib/aix/inventory.sh | 4 +- contrib/caldera/ssh-host-keygen | 8 +- contrib/caldera/sshd.init | 8 +- contrib/cygwin/README | 4 +- contrib/cygwin/ssh-host-config | 18 +-- contrib/findssl.sh | 16 +-- contrib/gnome-ssh-askpass1.c | 14 +-- contrib/gnome-ssh-askpass2.c | 14 +-- contrib/redhat/openssh.spec | 6 +- contrib/solaris/README | 2 +- contrib/solaris/buildpkg.sh | 58 ++++----- contrib/solaris/opensshd.in | 16 +-- contrib/suse/openssh.spec | 24 ++-- defines.h | 4 +- dns.c | 6 +- entropy.c | 22 ++-- fixprogs | 2 +- gss-genr.c | 6 +- gss-serv-krb5.c | 14 +-- install-sh | 12 +- kex.c | 6 +- loginrec.c | 6 +- md5crypt.c | 8 +- mdoc2man.awk | 158 ++++++++++++------------ mkinstalldirs | 12 +- moduli.c | 62 +++++----- monitor.c | 4 +- monitor_wrap.c | 2 +- nchan.ms | 8 +- nchan2.ms | 8 +- packet.c | 2 +- readconf.h | 4 +- rijndael.c | 134 ++++++++++---------- scard-opensc.c | 16 +-- scp.c | 2 +- session.c | 8 +- sftp-client.c | 6 +- sftp-glob.c | 2 +- sftp-int.c | 14 +-- ssh-add.c | 8 +- ssh-agent.c | 4 +- ssh-keygen.c | 8 +- ssh-rand-helper.8 | 24 ++-- ssh-rand-helper.c | 38 +++--- ssh.c | 6 +- ssh_prng_cmds.in | 4 +- sshconnect.c | 10 +- sshconnect2.c | 8 +- sshd.c | 6 +- sshd_config.5 | 10 +- sshpty.c | 2 +- uidswap.c | 12 +- 82 files changed, 855 insertions(+), 851 deletions(-) (limited to 'sshconnect.c') diff --git a/CREDITS b/CREDITS index 092229cf7..86b20ebce 100644 --- a/CREDITS +++ b/CREDITS @@ -1,6 +1,6 @@ Tatu Ylonen - Creator of SSH -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song - Creators of OpenSSH Alain St-Denis - Irix fix @@ -94,5 +94,5 @@ Apologies to anyone I have missed. Damien Miller -$Id: CREDITS,v 1.74 2003/09/07 02:34:54 dtucker Exp $ +$Id: CREDITS,v 1.75 2003/11/21 12:48:55 djm Exp $ diff --git a/ChangeLog b/ChangeLog index 8a978ec04..1b3518803 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - markus@cvs.openbsd.org 2003/11/20 11:39:28 [progressmeter.c] fix rounding errors; from andreas@ + - djm@cvs.openbsd.org 2003/11/21 11:57:03 + [everything] + unexpand and delete whitespace at EOL; ok markus@ + (done locally and RCS IDs synced) 20031118 - (djm) Fix early exit for root auth success when UsePAM=yes and @@ -1494,4 +1498,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3118 2003/11/21 12:09:10 djm Exp $ +$Id: ChangeLog,v 1.3119 2003/11/21 12:48:55 djm Exp $ diff --git a/INSTALL b/INSTALL index 97ee76f64..a1c0e4b6b 100644 --- a/INSTALL +++ b/INSTALL @@ -4,21 +4,21 @@ You will need working installations of Zlib and OpenSSL. Zlib 1.1.4 or greater: -http://www.gzip.org/zlib/ +http://www.gzip.org/zlib/ OpenSSL 0.9.6 or greater: http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 +(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 Blowfish) do not work correctly.) OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard on Redhat and Debian Linux, Solaris and HP-UX 11. -NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random. If you don't you will have to rely on ssh-rand-helper, which +NB. If you operating system supports /dev/random, you should configure +OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of +/dev/random. If you don't you will have to rely on ssh-rand-helper, which is inferior to a good kernel-based solution. PAM: @@ -37,7 +37,7 @@ http://www.jmknoble.net/software/x11-ssh-askpass/ PRNGD: -If your system lacks Kernel based random collection, the use of Lutz +If your system lacks Kernel based random collection, the use of Lutz Jaenicke's PRNGd is recommended. http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html @@ -54,7 +54,7 @@ http://www.sparc.spb.su/solaris/skey/ If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be -supported. +supported. 2. Building / Installation -------------------------- @@ -73,7 +73,7 @@ installation prefix, use the --prefix option to configure: make make install -Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override +Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override specific paths, for example: ./configure --prefix=/opt --sysconfdir=/etc/ssh @@ -104,26 +104,26 @@ There are a few other options to the configure script: --with-pam enables PAM support. If PAM support is compiled in, it must also be enabled in sshd_config (refer to the UsePAM directive). ---with-prngd-socket=/some/file allows you to enable EGD or PRNGD -support and to specify a PRNGd socket. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy +--with-prngd-socket=/some/file allows you to enable EGD or PRNGD +support and to specify a PRNGd socket. Use this if your Unix lacks +/dev/random and you don't want to use OpenSSH's builtin entropy collection support. ---with-prngd-port=portnum allows you to enable EGD or PRNGD support -and to specify a EGD localhost TCP port. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy +--with-prngd-port=portnum allows you to enable EGD or PRNGD support +and to specify a EGD localhost TCP port. Use this if your Unix lacks +/dev/random and you don't want to use OpenSSH's builtin entropy collection support. ---with-lastlog=FILE will specify the location of the lastlog file. +--with-lastlog=FILE will specify the location of the lastlog file. ./configure searches a few locations for lastlog, but may not find it if lastlog is installed in a different place. --without-lastlog will disable lastlog support entirely. ---with-osfsia, --without-osfsia will enable or disable OSF1's Security +--with-osfsia, --without-osfsia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. ---with-skey=PATH will enable S/Key one time password support. You will +--with-skey=PATH will enable S/Key one time password support. You will need the S/Key libraries and header files installed for this to work. --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) @@ -134,12 +134,12 @@ if your operating system uses MD5 passwords and the system crypt() does not support them directly (see the crypt(3/3c) man page). If enabled, the resulting binary will support both MD5 and traditional crypt passwords. ---with-utmpx enables utmpx support. utmpx support is automatic for +--with-utmpx enables utmpx support. utmpx support is automatic for some platforms. --without-shadow disables shadow password support. ---with-ipaddr-display forces the use of a numeric IP address in the +--with-ipaddr-display forces the use of a numeric IP address in the $DISPLAY environment variable. Some broken systems need this. --with-default-path=PATH allows you to specify a default $PATH for sessions @@ -169,35 +169,35 @@ CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure 3. Configuration ---------------- -The runtime configuration files are installed by in ${prefix}/etc or +The runtime configuration files are installed by in ${prefix}/etc or whatever you specified as your --sysconfdir (/usr/local/etc by default). -The default configuration should be instantly usable, though you should +The default configuration should be instantly usable, though you should review it to ensure that it matches your security requirements. To generate a host key, run "make host-key". Alternately you can do so -manually using the following commands: +manually using the following commands: ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" Replacing /etc/ssh with the correct path to the configuration directory. -(${prefix}/etc or whatever you specified with --sysconfdir during +(${prefix}/etc or whatever you specified with --sysconfdir during configuration) If you have configured OpenSSH with EGD support, ensure that EGD is running and has collected some Entropy. -For more information on configuration, please refer to the manual pages +For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. 4. Problems? ------------ -If you experience problems compiling, installing or running OpenSSH. +If you experience problems compiling, installing or running OpenSSH. Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.62 2003/10/21 02:41:14 dtucker Exp $ +$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $ diff --git a/LICENCE b/LICENCE index b47556dda..dab902150 100644 --- a/LICENCE +++ b/LICENCE @@ -45,16 +45,16 @@ OpenSSH contains no GPL code. software are publicly available on the Internet and at any major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/crypto". - + The legal status of this program is some combination of all these permissions and restrictions. Use only at your own responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or using this is legal or not in your country, and I am not taking any responsibility on your behalf. - - - NO WARRANTY - + + + NO WARRANTY + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES @@ -64,7 +64,7 @@ OpenSSH contains no GPL code. TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, @@ -112,15 +112,15 @@ OpenSSH contains no GPL code. with the following license: * @version 3.0 (December 2000) - * + * * Optimised ANSI C code for the Rijndael cipher (now AES) - * + * * @author Vincent Rijmen * @author Antoon Bosselaers * @author Paulo Barreto - * + * * This code is hereby placed in the public domain. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -183,7 +183,7 @@ OpenSSH contains no GPL code. Nils Nordman Simon Wilkinson - Portable OpenSSH additionally includes code from the following copyright + Portable OpenSSH additionally includes code from the following copyright holders, also under the 2-term BSD license: Ben Lindstrom @@ -229,24 +229,24 @@ OpenSSH contains no GPL code. a) md5crypt.c, md5crypt.h * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet - * some day, and you think this stuff is worth it, you can buy me a + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet + * some day, and you think this stuff is worth it, you can buy me a * beer in return. Poul-Henning Kamp b) snprintf replacement * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell - * (papowell@astart.com) It may be used for any purpose as long as this + * This code is based on code written by Patrick Powell + * (papowell@astart.com) It may be used for any purpose as long as this * notice remains intact on all source code distributions c) Compatibility code (openbsd-compat) - Apart from the previously mentioned licenses, various pieces of code + Apart from the previously mentioned licenses, various pieces of code in the openbsd-compat/ subdirectory are licensed as follows: - Some code is licensed under a 3-term BSD license, to the following + Some code is licensed under a 3-term BSD license, to the following copyright holders: Todd C. Miller @@ -279,7 +279,7 @@ OpenSSH contains no GPL code. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - Some code is licensed under an ISC-style license, to the following + Some code is licensed under an ISC-style license, to the following copyright holders: Internet Software Consortium. @@ -297,7 +297,7 @@ OpenSSH contains no GPL code. * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - Some code is licensed under a MIT-style license to the following + Some code is licensed under a MIT-style license to the following copyright holders: Free Software Foundation, Inc. @@ -329,4 +329,4 @@ OpenSSH contains no GPL code. ------ -$OpenBSD: LICENCE,v 1.17 2003/08/22 20:55:06 markus Exp $ +$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 61e3d4076..f1098fcb0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.252 2003/10/07 00:18:22 djm Exp $ +# $Id: Makefile.in,v 1.253 2003/11/21 12:48:55 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -140,22 +140,22 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o - $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o - $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o - $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o - $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o - $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o - $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -193,12 +193,12 @@ moduli: echo clean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.o *.a $(TARGETS) logintest config.cache config.log + rm -f *.out core (cd openbsd-compat && $(MAKE) clean) distclean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log + rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core rm -f Makefile config.h config.status ssh_prng_cmds *~ rm -rf autom4te.cache @@ -343,7 +343,7 @@ uninstallall: uninstall -rmdir $(DESTDIR)$(mandir) -rmdir $(DESTDIR)$(libexecdir) -uninstall: +uninstall: -rm -f $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) diff --git a/OVERVIEW b/OVERVIEW index ff03ecab2..df46ec28a 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -5,7 +5,7 @@ to developers.] This document is intended for those who wish to read the ssh source code. This tries to give an overview of the structure of the code. - + Copyright (c) 1995 Tatu Ylonen Updated 17 Nov 1995. Updated 19 Oct 1999 for OpenSSH-1.2 @@ -20,7 +20,7 @@ There are some subsystems/abstractions that are used by a number of these programs. Buffer manipulation routines - + - These provide an arbitrary size buffer, where data can be appended. Data can be consumed from either end. The code is used heavily throughout ssh. The basic buffer manipulation functions are in @@ -28,7 +28,7 @@ these programs. data types is in bufaux.c. Compression Library - + - Ssh uses the GNU GZIP compression library (ZLIB). Encryption/Decryption @@ -89,7 +89,7 @@ these programs. code is linked into the server. The routines also manipulate known hosts files using code in hostfile.c. Code in canohost.c is used to retrieve the canonical host name of the remote host. - Code in match.c is used to match host names. + Code in match.c is used to match host names. - In the client end, authentication code is in sshconnect.c. It reads Passwords/passphrases using code in readpass.c. It reads @@ -147,10 +147,10 @@ these programs. operations, and finally the server enters the normal session mode by calling server_loop in serverloop.c. This does the real work, calling functions in other modules. - + - The code for the server is in sshd.c. It contains a lot of stuff, including: - - server main program + - server main program - waiting for connections - processing new connection - authentication @@ -162,9 +162,9 @@ these programs. - There are several other files in the distribution that contain various auxiliary routines: - ssh.h the main header file for ssh (various definitions) - getput.h byte-order independent storage of integers - includes.h includes most system headers. Lots of #ifdefs. + ssh.h the main header file for ssh (various definitions) + getput.h byte-order independent storage of integers + includes.h includes most system headers. Lots of #ifdefs. tildexpand.c expand tilde in file names uidswap.c uid-swapping xmalloc.c "safe" malloc routines diff --git a/README b/README index 5709fbeaf..6cd096006 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -- A Japanese translation of this document and of the OpenSSH FAQ is +- A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html - Thanks to HARUYAMA Seigo @@ -13,10 +13,10 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a homepage at http://www.openssh.com/ This port consists of the re-introduction of autoconf support, PAM -support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements -for OpenBSD library functions that are (regrettably) absent from other -unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, -Irix and AIX. Support for SCO, NeXT and other Unices is underway. +support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements +for OpenBSD library functions that are (regrettably) absent from other +unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, +Irix and AIX. Support for SCO, NeXT and other Unices is underway. This version actively tracks changes in the OpenBSD CVS repository. The PAM support is now more functional than the popular packages of @@ -32,20 +32,20 @@ Please send bug reports and patches to the mailing list openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed users. -If you are a citizen of an USA-embargoed country to which export of -cryptographic products is restricted, then please refrain from sending +If you are a citizen of an USA-embargoed country to which export of +cryptographic products is restricted, then please refrain from sending crypto-related code or patches to the list. We cannot accept them. Other code contribution are accepted, but please follow the OpenBSD style guidelines[6]. Please refer to the INSTALL document for information on how to install -OpenSSH on your system. There are a number of differences between this +OpenSSH on your system. There are a number of differences between this port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] for details and general tips. Damien Miller -Miscellania - +Miscellania - This version of OpenSSH is based upon code retrieved from the OpenBSD CVS repository which in turn was based on the last free sample @@ -63,4 +63,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $ +$Id: README,v 1.52 2003/11/21 12:48:55 djm Exp $ diff --git a/README.privsep b/README.privsep index 64adad83b..9d48bbcf9 100644 --- a/README.privsep +++ b/README.privsep @@ -1,15 +1,15 @@ Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege -escalation by containing corruption to an unprivileged process. +escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html Privilege separation is now enabled by default; see the UsePrivilegeSeparation option in sshd_config(5). -On systems which lack mmap or anonymous (MAP_ANON) memory mapping, -compression must be disabled in order for privilege separation to +On systems which lack mmap or anonymous (MAP_ANON) memory mapping, +compression must be disabled in order for privilege separation to function. When privsep is enabled, during the pre-authentication phase sshd will @@ -38,9 +38,9 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on Linux. +PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system -configuration. +configuration. On Compaq Tru64 Unix, only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled automatically (so @@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.12 2003/08/26 00:48:15 djm Exp $ +$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $ diff --git a/README.smartcard b/README.smartcard index 88810fc83..fdf83ecab 100644 --- a/README.smartcard +++ b/README.smartcard @@ -1,7 +1,7 @@ How to use smartcards with OpenSSH? OpenSSH contains experimental support for authentication using -Cyberflex smartcards and TODOS card readers, in addition to the cards +Cyberflex smartcards and TODOS card readers, in addition to the cards with PKCS#15 structure supported by OpenSC. To enable this you need to: @@ -27,8 +27,8 @@ Using libsectok: sectok> login -d sectok> jload /usr/libdata/ssh/Ssh.bin sectok> setpass - Enter new AUT0 passphrase: - Re-enter passphrase: + Enter new AUT0 passphrase: + Re-enter passphrase: sectok> quit Do not forget the passphrase. There is no way to @@ -51,9 +51,9 @@ Using libsectok: $ sectok sectok> login -d - sectok> acl 0012 world: w - world: w - AUT0: w inval + sectok> acl 0012 world: w + world: w + AUT0: w inval sectok> quit If you do this, anyone who has access to your card @@ -90,4 +90,4 @@ Common operations: -markus, Tue Jul 17 23:54:51 CEST 2001 -$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $ +$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $ diff --git a/RFC.nroff b/RFC.nroff index bf7146a70..d6baed652 100644 --- a/RFC.nroff +++ b/RFC.nroff @@ -137,7 +137,7 @@ pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting authentication agent forwarding, and executing the shell or a command. When a shell or command is executed, the connection enters interactive -session mode. In this mode, data is passed in both directions, +session mode. In this mode, data is passed in both directions, new forwarded connections may be opened, etc. The interactive session normally terminates when the server sends the exit status of the program to the client. @@ -372,7 +372,7 @@ previous versions keep the same major protocol version; changes that are not compatible increment the major version (which will hopefully never happen). The version described in this document is 1.3. -The client will +The client will .ti 0 Key Exchange and Server Host Authentication diff --git a/TODO b/TODO index bca818523..03e268594 100644 --- a/TODO +++ b/TODO @@ -8,7 +8,7 @@ Documentation: - Install FAQ? - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it - would be best to use them. + would be best to use them. - Create a Documentation/ directory? @@ -17,7 +17,7 @@ Programming: - Grep for 'XXX' comments and fix - Link order is incorrect for some systems using Kerberos 4 and AFS. Result - is multiple inclusion of DES symbols. Holger Trapp + is multiple inclusion of DES symbols. Holger Trapp reports that changing the configure generated link order from: -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto @@ -26,7 +26,7 @@ Programming: fixing the problem. - Write a test program that calls stat() to search for EGD/PRNGd socket - rather than use the (non-portable) "test -S". + rather than use the (non-portable) "test -S". - More platforms for for setproctitle() emulation (testing needed) @@ -70,7 +70,7 @@ Clean up configure/makefiles: to allow people to (right/wrongfully) link against Bind directly. - Consider splitting configure.ac into seperate files which do logically - similar tests. E.g move all the type detection stuff into one file, + similar tests. E.g move all the type detection stuff into one file, entropy related stuff into another. Packaging: @@ -86,7 +86,7 @@ PrivSep Issues: + /dev/zero solution (Solaris) + No/broken MAP_ANON (Irix) + broken /dev/zero parse (Linux) -- PAM +- PAM + See above PAM notes - AIX + usrinfo() does not set TTY, but only required for legacy systems. Works @@ -96,4 +96,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $ +$Id: TODO,v 1.56 2003/11/21 12:48:55 djm Exp $ diff --git a/WARNING.RNG b/WARNING.RNG index ae43930a7..5d4ea8753 100644 --- a/WARNING.RNG +++ b/WARNING.RNG @@ -44,16 +44,16 @@ the specified program. The random number code will also read and save a seed file to ~/.ssh/prng_seed. This contents of this file are added to the random -number generator at startup. The goal here is to maintain as much +number generator at startup. The goal here is to maintain as much randomness between sessions as possible. The default entropy collection code has two main problems: 1. It is slow. -Executing each program in the list can take a large amount of time, -especially on slower machines. Additionally some program can take a -disproportionate time to execute. +Executing each program in the list can take a large amount of time, +especially on slower machines. Additionally some program can take a +disproportionate time to execute. Tuning the default entropy collection code is difficult at this point. It requires doing 'times ./ssh-rand-helper' and modifying the @@ -93,4 +93,4 @@ If you are forced to use ssh-rand-helper consider still downloading prngd/egd and configure OpenSSH using --with-prngd-port=xx or --with-prngd-socket=xx (refer to INSTALL for more information). -$Id: WARNING.RNG,v 1.5 2002/04/14 13:16:05 djm Exp $ +$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $ diff --git a/auth-chall.c b/auth-chall.c index dd55d6eb0..a9d314dd2 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -84,7 +84,7 @@ verify_response(Authctxt *authctxt, const char *response) if ((device->query(authctxt->kbdintctxt, &name, &info, &numprompts, &prompts, &echo_on)) != 0) break; - if (numprompts == 0 && + if (numprompts == 0 && device->respond(authctxt->kbdintctxt, 0, resp) == 0) authenticated = 1; diff --git a/auth-krb5.c b/auth-krb5.c index 101e53bca..b41c4882b 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -136,11 +136,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) { problem = -1; goto out; - } + } snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); diff --git a/auth-pam.c b/auth-pam.c index 2594bed3d..8b1915669 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.82 2003/11/18 01:45:36 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.83 2003/11/21 12:48:55 djm Exp $"); #ifdef USE_PAM #include @@ -59,11 +59,11 @@ extern Buffer loginmsg; #ifdef USE_POSIX_THREADS #include /* - * Avoid namespace clash when *not* using pthreads for systems *with* - * pthreads, which unconditionally define pthread_t via sys/types.h + * Avoid namespace clash when *not* using pthreads for systems *with* + * pthreads, which unconditionally define pthread_t via sys/types.h * (e.g. Linux) */ -typedef pthread_t sp_pthread_t; +typedef pthread_t sp_pthread_t; #else /* * Simulate threads with processes. @@ -136,7 +136,7 @@ static char ** pam_getenvlist(pam_handle_t *pamh) { /* - * XXX - If necessary, we can still support envrionment passing + * XXX - If necessary, we can still support envrionment passing * for platforms without pam_getenvlist by searching for known * env vars (e.g. KRB5CCNAME) from the PAM environment. */ @@ -203,21 +203,21 @@ sshpam_thread_conv(int n, const struct pam_message **msg, for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, + if (ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) goto fail; - if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) + if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) goto fail; if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, + if (ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) goto fail; if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) @@ -227,16 +227,16 @@ sshpam_thread_conv(int n, const struct pam_message **msg, reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, + if (ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) goto fail; break; case PAM_TEXT_INFO: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, + if (ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) goto fail; break; @@ -402,11 +402,11 @@ sshpam_init(const char *user) return (-1); } #ifdef PAM_TTY_KLUDGE - /* - * Some silly PAM modules (e.g. pam_time) require a TTY to operate. - * sshd doesn't set the tty until too late in the auth process and + /* + * Some silly PAM modules (e.g. pam_time) require a TTY to operate. + * sshd doesn't set the tty until too late in the auth process and * may not even set one (for tty-less connections) - */ + */ debug("PAM: setting PAM_TTY to \"ssh\""); sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh"); if (sshpam_err != PAM_SUCCESS) { @@ -695,7 +695,7 @@ pam_tty_conv(int n, const struct pam_message **msg, switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: reply[i].resp = - read_passphrase(PAM_MSG_MEMBER(msg, i, msg), + read_passphrase(PAM_MSG_MEMBER(msg, i, msg), RP_ALLOW_STDIN); reply[i].resp_retcode = PAM_SUCCESS; break; @@ -752,7 +752,7 @@ do_pam_chauthtok(void) void do_pam_session(void) { - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&tty_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", @@ -764,13 +764,13 @@ do_pam_session(void) sshpam_session_open = 1; } -/* +/* * Set a PAM environment string. We need to do this so that the session * modules can handle things like Kerberos/GSI credentials that appear * during the ssh authentication process. */ int -do_pam_putenv(char *name, char *value) +do_pam_putenv(char *name, char *value) { int ret = 1; #ifdef HAVE_PAM_PUTENV diff --git a/auth-passwd.c b/auth-passwd.c index b7e275556..4cbfe3689 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -97,7 +97,7 @@ auth_password(Authctxt *authctxt, const char *password) if (authenticate(pw->pw_name, password, &reenter, &authmsg) == 0 && ok) { char *msg; - char *host = + char *host = (char *)get_canonical_hostname(options.use_dns); authsuccess = 1; @@ -106,13 +106,13 @@ auth_password(Authctxt *authctxt, const char *password) debug3("AIX/authenticate succeeded for user %s: %.100s", pw->pw_name, authmsg); - /* No pty yet, so just label the line as "ssh" */ + /* No pty yet, so just label the line as "ssh" */ aix_setauthdb(authctxt->user); - if (loginsuccess(authctxt->user, host, "ssh", + if (loginsuccess(authctxt->user, host, "ssh", &msg) == 0) { if (msg != NULL) { debug("%s: msg %s", __func__, msg); - buffer_append(&loginmsg, msg, + buffer_append(&loginmsg, msg, strlen(msg)); xfree(msg); } diff --git a/auth-sia.c b/auth-sia.c index cae5f0912..544b601b3 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -83,7 +83,7 @@ session_setup_sia(struct passwd *pw, char *tty) host = get_canonical_hostname(options.use_dns); - if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, + if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, 0, NULL) != SIASUCCESS) fatal("sia_ses_init failed"); diff --git a/auth.c b/auth.c index fcafae861..a8cf0ce20 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.50 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); #ifdef HAVE_LOGIN_H #include @@ -129,7 +129,7 @@ allowed_user(struct passwd * pw) #endif /* HAS_SHADOW_EXPIRE */ #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - /* grab passwd field for locked account check */ + /* grab passwd field for locked account check */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) if (spw != NULL) passwd = spw->sp_pwdp; @@ -137,7 +137,7 @@ allowed_user(struct passwd * pw) passwd = pw->pw_passwd; #endif - /* check for locked account */ + /* check for locked account */ if (!options.use_pam && passwd && *passwd) { int locked = 0; @@ -249,7 +249,7 @@ allowed_user(struct passwd * pw) if ((pw->pw_uid != 0) && (geteuid() == 0)) { char *msg; - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) { + if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) { int loginrestrict_errno = errno; if (msg && *msg) { @@ -259,7 +259,7 @@ allowed_user(struct passwd * pw) pw->pw_name, msg); } /* Don't fail if /etc/nologin set */ - if (!(loginrestrict_errno == EPERM && + if (!(loginrestrict_errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)) return 0; } diff --git a/auth1.c b/auth1.c index 2156c927d..0615f4ae5 100644 --- a/auth1.c +++ b/auth1.c @@ -246,7 +246,7 @@ do_authloop(Authctxt *authctxt) #endif #ifdef USE_PAM - if (options.use_pam && authenticated && + if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) authenticated = 0; #endif diff --git a/auth2-gss.c b/auth2-gss.c index 220862dc8..799d3326c 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.6 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -82,11 +82,11 @@ userauth_gssapi(Authctxt *authctxt) present = 0; doid = packet_get_string(&len); - if (len > 2 && + if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && doid[1] == len - 2) { - oid.elements = doid + 2; - oid.length = len - 2; + oid.elements = doid + 2; + oid.length = len - 2; gss_test_oid_set_member(&ms, &oid, supported, &present); } else { diff --git a/authfd.c b/authfd.c index 5fdf1ca3d..6a7c07205 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.62 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.63 2003/11/21 11:57:03 djm Exp $"); #include @@ -590,7 +590,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_update_card(AuthenticationConnection *auth, int add, +ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin, u_int life, u_int confirm) { Buffer msg; diff --git a/authfd.h b/authfd.h index 74b825c51..0a6a4e3ec 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */ /* * Author: Tatu Ylonen @@ -83,7 +83,7 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *, int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_lock_agent(AuthenticationConnection *, int, const char *); -int ssh_update_card(AuthenticationConnection *, int, const char *, +int ssh_update_card(AuthenticationConnection *, int, const char *, const char *, u_int, u_int); int diff --git a/buffer.c b/buffer.c index 69d5b57c0..236aeb0cd 100644 --- a/buffer.c +++ b/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.20 2003/09/19 09:03:00 markus Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $"); #include "xmalloc.h" #include "buffer.h" diff --git a/channels.c b/channels.c index 060d0f507..4150b5504 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.197 2003/09/23 20:41:11 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.198 2003/11/21 11:57:03 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -970,7 +970,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) have = buffer_len(&c->input); if (!(c->flags & SSH_SOCKS5_AUTHDONE)) { /* format: ver | nmethods | methods */ - if (have < 2) + if (have < 2) return 0; nmethods = p[1]; if (have < nmethods + 2) @@ -1397,7 +1397,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); #ifdef _AIX - /* XXX: Later AIX versions can't push as much data to tty */ + /* XXX: Later AIX versions can't push as much data to tty */ if (compat20 && c->wfd_isatty && dlen > 8*1024) dlen = 8*1024; #endif diff --git a/cipher-ctr.c b/cipher-ctr.c index 4f0814b22..a9ddb8a66 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.3 2003/11/21 11:57:03 djm Exp $"); #include @@ -94,7 +94,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key != NULL) - AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx); + AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx); if (iv != NULL) memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); return (1); diff --git a/config.guess b/config.guess index e8f206123..3fe4d4f35 100755 --- a/config.guess +++ b/config.guess @@ -174,7 +174,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in fi ;; *) - os=netbsd + os=netbsd ;; esac # The OS release @@ -382,23 +382,23 @@ EOF # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit 0 ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; @@ -462,8 +462,8 @@ EOF echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ @@ -476,7 +476,7 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; @@ -573,52 +573,52 @@ EOF 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac + esac ;; + esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c - #define _HPUX_SOURCE - #include - #include + #define _HPUX_SOURCE + #include + #include - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } EOF (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy` if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi @@ -689,22 +689,22 @@ EOF exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; @@ -731,10 +731,10 @@ EOF exit 0 ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; @@ -836,7 +836,7 @@ EOF EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; - esac + esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} @@ -875,7 +875,7 @@ EOF s/.*supported targets: *// s/ .*// p'` - case "$ld_supported_targets" in + case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; @@ -925,11 +925,11 @@ EOF echo i386-sequent-sysv4 exit 0 ;; i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. + # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit 0 ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) @@ -971,10 +971,10 @@ EOF exit 0 ;; pc:*:*:*) # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp - exit 0 ;; + exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; @@ -1003,8 +1003,8 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; @@ -1041,9 +1041,9 @@ EOF fi exit 0 ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; + # says + echo i586-unisys-sysv4 + exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm @@ -1065,11 +1065,11 @@ EOF exit 0 ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv${UNAME_RELEASE} else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit 0 ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit 0 ;; @@ -1179,11 +1179,11 @@ main () #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 - "4" + "4" #else "" #endif - ); exit (0); + ); exit (0); #endif #endif diff --git a/config.sub b/config.sub index a0b7bb9e8..75a74f78e 100755 --- a/config.sub +++ b/config.sub @@ -162,10 +162,10 @@ case $os in os=-chorusos basic_machine=$1 ;; - -chorusrdb) - os=-chorusrdb + -chorusrdb) + os=-chorusrdb basic_machine=$1 - ;; + ;; -hiux*) os=-hiuxwe2 ;; @@ -748,7 +748,7 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen | viac3) @@ -775,22 +775,22 @@ case $basic_machine in power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown - ;; + ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown - ;; + ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; @@ -886,11 +886,11 @@ case $basic_machine in sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; - sv1) + sv1) basic_machine=sv1-cray os=-unicos ;; - sx*-nec) + sx*-nec) basic_machine=sx6-nec os=-sysv ;; @@ -948,8 +948,8 @@ case $basic_machine in os=-vms ;; vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -974,7 +974,7 @@ case $basic_machine in basic_machine=i386-pc os=-windows32-msvcrt ;; - xps | xps100) + xps | xps100) basic_machine=xps100-honeywell ;; ymp) @@ -1029,7 +1029,7 @@ case $basic_machine in sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -1074,8 +1074,8 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases + # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` @@ -1179,7 +1179,7 @@ case $os in os=-rtmk-nova ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 ;; -nsk*) os=-nsk @@ -1218,8 +1218,8 @@ case $os in -xenix) os=-xenix ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint ;; -none) ;; @@ -1256,7 +1256,7 @@ case $basic_machine in pdp10-*) os=-tops20 ;; - pdp11-*) + pdp11-*) os=-none ;; *-dec | vax-*) @@ -1349,19 +1349,19 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) diff --git a/configure.ac b/configure.ac index 3d230a6e9..5f302f5e5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.173 2003/10/15 06:57:57 dtucker Exp $ +# $Id: configure.ac,v 1.174 2003/11/21 12:48:55 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -48,7 +48,7 @@ fi AC_SUBST(LD) AC_C_INLINE -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" fi @@ -57,7 +57,7 @@ case "$host" in *-*-aix*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" - AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) if (test -z "$blibpath"); then blibpath="/usr/lib:/lib:/usr/local/lib" fi @@ -252,7 +252,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-solaris*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" need_dash_r=1 AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) @@ -581,10 +581,10 @@ AC_ARG_WITH(zlib, AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])) dnl UnixWare 2.x -AC_CHECK_FUNC(strcasecmp, +AC_CHECK_FUNC(strcasecmp, [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] ) -AC_CHECK_FUNC(utimes, +AC_CHECK_FUNC(utimes, [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) LIBS="$LIBS -lc89"]) ] ) @@ -604,7 +604,7 @@ AC_EGREP_CPP(FOUNDIT, #ifdef GLOB_ALTDIRFUNC FOUNDIT #endif - ], + ], [ AC_DEFINE(GLOB_HAS_ALTDIRFUNC) AC_MSG_RESULT(yes) @@ -617,17 +617,17 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) AC_EGREP_CPP(FOUNDIT, - [ - #include + [ + #include int main(void){glob_t g; g.gl_matchc = 1;} - ], - [ - AC_DEFINE(GLOB_HAS_GL_MATCHC) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] + ], + [ + AC_DEFINE(GLOB_HAS_GL_MATCHC) + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + ] ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) @@ -637,7 +637,7 @@ AC_TRY_RUN( #include int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ], - [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) @@ -645,10 +645,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ) # Check whether user wants S/Key support -SKEY_MSG="no" +SKEY_MSG="no" AC_ARG_WITH(skey, [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -659,7 +659,7 @@ AC_ARG_WITH(skey, AC_DEFINE(SKEY) LIBS="-lskey $LIBS" - SKEY_MSG="yes" + SKEY_MSG="yes" AC_MSG_CHECKING([for s/key support]) AC_TRY_RUN( @@ -681,7 +681,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -771,7 +771,7 @@ AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) dnl tcsendbreak might be a macro AC_CHECK_DECL(tcsendbreak, [AC_DEFINE(HAVE_TCSENDBREAK)], - [AC_CHECK_FUNCS(tcsendbreak)], + [AC_CHECK_FUNCS(tcsendbreak)], [#include ] ) @@ -784,12 +784,12 @@ dnl Checks for utmpx functions AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) -AC_CHECK_FUNC(daemon, +AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON)], [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] ) -AC_CHECK_FUNC(getpagesize, +AC_CHECK_FUNC(getpagesize, [AC_DEFINE(HAVE_GETPAGESIZE)], [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] ) @@ -802,7 +802,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ], - [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) @@ -826,14 +826,14 @@ unlink(template); exit(0); [ AC_MSG_RESULT(no) ], - [ + [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_STRICT_MKSTEMP) ], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_STRICT_MKSTEMP) - ] + ] ) fi @@ -858,7 +858,7 @@ main() exit(1); } else if (pid > 0) { /* parent */ waitpid(pid, &status, 0); - if (WIFEXITED(status)) + if (WIFEXITED(status)) exit(WEXITSTATUS(status)); else exit(2); @@ -922,8 +922,8 @@ if test "x$PAM_MSG" = "xyes" ; then [ #include #include - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], + ], + [(void)pam_strerror((pam_handle_t *)NULL, -1);], [AC_MSG_RESULT(no)], [ AC_DEFINE(HAVE_OLD_PAM) @@ -994,12 +994,12 @@ AC_TRY_RUN( #include #define DATA "conftest.sslincver" int main(void) { - FILE *fd; - int rc; + FILE *fd; + int rc; - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) exit(1); @@ -1027,12 +1027,12 @@ AC_TRY_RUN( #include #define DATA "conftest.ssllibver" int main(void) { - FILE *fd; - int rc; + FILE *fd; + int rc; - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) exit(1); @@ -1069,7 +1069,7 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the +# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAM if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") @@ -1104,7 +1104,7 @@ AC_ARG_WITH(rand-helper, [ --with-rand-helper Use subprocess to gather strong randomness ], [ if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if + # Force use of OpenSSL's internal RNG, even if # the previous test showed it to be unseeded. if test -z "$OPENSSL_SEEDS_ITSELF" ; then AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) @@ -1241,7 +1241,7 @@ test -d /sbin && PATH=$PATH:/sbin test -d /usr/sbin && PATH=$PATH:/usr/sbin PATH=$PATH:/etc:$OPATH -# These programs are used by the command hashing source to gather entropy +# These programs are used by the command hashing source to gather entropy OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) @@ -1297,8 +1297,8 @@ fi # More checks for data types AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ AC_TRY_COMPILE( - [ #include ], - [ u_int a; a = 1;], + [ #include ], + [ u_int a; a = 1;], [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" ] ) @@ -1310,8 +1310,8 @@ fi AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ AC_TRY_COMPILE( - [ #include ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], + [ #include ], + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" ] ) @@ -1322,12 +1322,12 @@ if test "x$ac_cv_have_intxx_t" = "xyes" ; then fi if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") + test "x$ac_cv_header_stdint_h" = "xyes") then AC_MSG_CHECKING([for intXX_t types in stdint.h]) AC_TRY_COMPILE( - [ #include ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], + [ #include ], + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_INTXX_T) AC_MSG_RESULT(yes) @@ -1347,8 +1347,8 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ #ifdef HAVE_SYS_BITYPES_H # include #endif - ], - [ int64_t a; a = 1;], + ], + [ int64_t a; a = 1;], [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" ] ) @@ -1359,8 +1359,8 @@ fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ AC_TRY_COMPILE( - [ #include ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], + [ #include ], + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" ] ) @@ -1373,8 +1373,8 @@ fi if test -z "$have_u_intxx_t" ; then AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) AC_TRY_COMPILE( - [ #include ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], + [ #include ], + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_U_INTXX_T) AC_MSG_RESULT(yes) @@ -1385,8 +1385,8 @@ fi AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ AC_TRY_COMPILE( - [ #include ], - [ u_int64_t a; a = 1;], + [ #include ], + [ u_int64_t a; a = 1;], [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" ] ) @@ -1399,7 +1399,7 @@ fi if test -z "$have_u_int64_t" ; then AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) AC_TRY_COMPILE( - [ #include ], + [ #include ], [ u_int64_t a; a = 1], [ AC_DEFINE(HAVE_U_INT64_T) @@ -1414,8 +1414,8 @@ if test -z "$have_u_intxx_t" ; then AC_TRY_COMPILE( [ #include - ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], + ], + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" ] ) @@ -1428,8 +1428,8 @@ fi if test -z "$have_uintxx_t" ; then AC_MSG_CHECKING([for uintXX_t types in stdint.h]) AC_TRY_COMPILE( - [ #include ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], + [ #include ], + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_UINTXX_T) AC_MSG_RESULT(yes) @@ -1439,25 +1439,25 @@ if test -z "$have_uintxx_t" ; then fi if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") + test "x$ac_cv_header_sys_bitypes_h" = "xyes") then AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) AC_TRY_COMPILE( [ #include - ], + ], [ int8_t a; int16_t b; int32_t c; u_int8_t e; u_int16_t f; u_int32_t g; a = b = c = e = f = g = 1; - ], + ], [ AC_DEFINE(HAVE_U_INTXX_T) AC_DEFINE(HAVE_INTXX_T) AC_MSG_RESULT(yes) ], [AC_MSG_RESULT(no)] - ) + ) fi @@ -1638,8 +1638,8 @@ fi AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ AC_TRY_COMPILE( - [ #include ], - [ struct timeval tv; tv.tv_sec = 1;], + [ #include ], + [ struct timeval tv; tv.tv_sec = 1;], [ ac_cv_have_struct_timeval="yes" ], [ ac_cv_have_struct_timeval="no" ] ) @@ -1679,7 +1679,7 @@ main() strcpy(expected_out, "9223372036854775807"); snprintf(buf, mazsize, "%lld", num); if(strcmp(buf, expected_out) != 0) - exit(1); + exit(1); exit(0); } #else @@ -1837,8 +1837,8 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then fi AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ - AC_TRY_LINK([], - [ extern char *__progname; printf("%s", __progname); ], + AC_TRY_LINK([], + [ extern char *__progname; printf("%s", __progname); ], [ ac_cv_libc_defines___progname="yes" ], [ ac_cv_libc_defines___progname="no" ] ) @@ -1850,8 +1850,8 @@ fi AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ AC_TRY_LINK([ #include -], - [ printf("%s", __FUNCTION__); ], +], + [ printf("%s", __FUNCTION__); ], [ ac_cv_cc_implements___FUNCTION__="yes" ], [ ac_cv_cc_implements___FUNCTION__="no" ] ) @@ -1863,8 +1863,8 @@ fi AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ AC_TRY_LINK([ #include -], - [ printf("%s", __func__); ], +], + [ printf("%s", __func__); ], [ ac_cv_cc_implements___func__="yes" ], [ ac_cv_cc_implements___func__="no" ] ) @@ -1889,8 +1889,8 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then fi AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ - AC_TRY_LINK([], - [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], + AC_TRY_LINK([], + [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], [ ac_cv_libc_defines_sys_errlist="yes" ], [ ac_cv_libc_defines_sys_errlist="no" ] ) @@ -1901,8 +1901,8 @@ fi AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ - AC_TRY_LINK([], - [ extern int sys_nerr; printf("%i", sys_nerr);], + AC_TRY_LINK([], + [ extern int sys_nerr; printf("%i", sys_nerr);], [ ac_cv_libc_defines_sys_nerr="yes" ], [ ac_cv_libc_defines_sys_nerr="no" ] ) @@ -1911,7 +1911,7 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then AC_DEFINE(HAVE_SYS_NERR) fi -SCARD_MSG="no" +SCARD_MSG="no" # Check whether user wants sectok support AC_ARG_WITH(sectok, [ --with-sectok Enable smartcard support using libsectok], @@ -1937,7 +1937,7 @@ AC_ARG_WITH(sectok, fi AC_DEFINE(SMARTCARD) AC_DEFINE(USE_SECTOK) - SCARD_MSG="yes, using sectok" + SCARD_MSG="yes, using sectok" fi ] ) @@ -1957,12 +1957,12 @@ if test x$opensc_config_prefix != x ; then LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" AC_DEFINE(SMARTCARD) AC_DEFINE(USE_OPENSC) - SCARD_MSG="yes, using OpenSC" + SCARD_MSG="yes, using OpenSC" fi fi # Check libraries needed by DNS fingerprint support -AC_SEARCH_LIBS(getrrsetbyname, resolv, +AC_SEARCH_LIBS(getrrsetbyname, resolv, [AC_DEFINE(HAVE_GETRRSETBYNAME)], [ # Needed by our getrrsetbyname() @@ -1975,37 +1975,37 @@ AC_SEARCH_LIBS(getrrsetbyname, resolv, ]) # Check whether user wants Kerberos 5 support -KRB5_MSG="no" +KRB5_MSG="no" AC_ARG_WITH(kerberos5, - [ --with-kerberos5=PATH Enable Kerberos 5 support], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi + [ --with-kerberos5=PATH Enable Kerberos 5 support], + [ + if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_DEFINE(KRB5) + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + AC_DEFINE(KRB5) KRB5_MSG="yes" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) - K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - ] - ) - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi + AC_MSG_CHECKING(whether we are using Heimdal) + AC_TRY_COMPILE([ #include ], + [ char *tmp = heimdal_version; ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(HEIMDAL) + K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" + ], + [ AC_MSG_RESULT(no) + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + ] + ) + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi AC_SEARCH_LIBS(dn_expand, resolv) AC_CHECK_LIB(gssapi,gss_init_sec_context, @@ -2013,7 +2013,7 @@ AC_ARG_WITH(kerberos5, K5LIBS="-lgssapi $K5LIBS" ], [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], + K5LIBS="-lgssapi_krb5 $K5LIBS" ], AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), $K5LIBS) ], @@ -2021,10 +2021,10 @@ AC_ARG_WITH(kerberos5, AC_CHECK_HEADER(gssapi.h, , [ unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" AC_CHECK_HEADERS(gssapi.h, , AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) - ) + ) ] ) @@ -2033,9 +2033,9 @@ AC_ARG_WITH(kerberos5, AC_CHECK_HEADER(gssapi_krb5.h, , [ CPPFLAGS="$oldCPP" ]) - KRB5=yes - fi - ] + KRB5=yes + fi + ] ) LIBS="$LIBS $K5LIBS" @@ -2100,7 +2100,7 @@ fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then - AC_CHECK_FILE("/dev/ptmx", + AC_CHECK_FILE("/dev/ptmx", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) have_dev_ptmx=1 @@ -2108,7 +2108,7 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", +AC_CHECK_FILE("/dev/ptc", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) have_dev_ptc=1 @@ -2149,13 +2149,13 @@ fi AC_SUBST(mansubdir) # Check whether to enable MD5 passwords -MD5_MSG="no" +MD5_MSG="no" AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ if test "x$withval" != "xno" ; then AC_DEFINE(HAVE_MD5_PASSWORDS) - MD5_MSG="yes" + MD5_MSG="yes" fi ] ) @@ -2195,13 +2195,13 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then DISPLAY_HACK_MSG="yes" AC_DEFINE(IPADDR_IN_DISPLAY) else - DISPLAY_HACK_MSG="no" + DISPLAY_HACK_MSG="no" AC_ARG_WITH(ipaddr-display, [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], [ if test "x$withval" != "xno" ; then AC_DEFINE(IPADDR_IN_DISPLAY) - DISPLAY_HACK_MSG="yes" + DISPLAY_HACK_MSG="yes" fi ] ) @@ -2225,7 +2225,7 @@ if test $ac_cv_func_login_getcapbool = "yes" -a \ fi # Whether to mess with the default path -SERVER_PATH_MSG="(default)" +SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, [ --with-default-path= Specify default \$PATH environment for server], [ @@ -2240,7 +2240,7 @@ Edit /etc/login.conf instead.]) $external_path_file .]) fi user_path="$withval" - SERVER_PATH_MSG="$withval" + SERVER_PATH_MSG="$withval" fi ], [ if test "x$external_path_file" = "x/etc/login.conf" ; then @@ -2324,14 +2324,14 @@ AC_ARG_WITH(superuser-path, AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) -IPV4_IN6_HACK_MSG="no" +IPV4_IN6_HACK_MSG="no" AC_ARG_WITH(4in6, [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], [ if test "x$withval" != "xno" ; then AC_MSG_RESULT(yes) AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT(no) fi @@ -2339,7 +2339,7 @@ AC_ARG_WITH(4in6, if test "x$inet6_default_4in6" = "xyes"; then AC_MSG_RESULT([yes (default)]) AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT([no (default)]) fi @@ -2364,7 +2364,7 @@ piddir=/var/run if test ! -d $piddir ; then piddir=`eval echo ${sysconfdir}` case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; esac fi @@ -2436,7 +2436,7 @@ AC_ARG_ENABLE(pututline, [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTLINE) + AC_DEFINE(DISABLE_PUTUTLINE) fi ] ) @@ -2719,7 +2719,7 @@ echo "" if test "x$PAM_MSG" = "xyes" ; then echo "PAM is enabled. You may need to install a PAM control file " echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " + echo "Example PAM control files can be found in the contrib/ " echo "subdirectory" echo "" fi diff --git a/contrib/README b/contrib/README index 67dbbd277..9de3d961d 100644 --- a/contrib/README +++ b/contrib/README @@ -1,4 +1,4 @@ -Other patches and addons for OpenSSH. Please send submissions to +Other patches and addons for OpenSSH. Please send submissions to djm@mindrot.org Externally maintained @@ -7,7 +7,7 @@ Externally maintained SSH Proxy Command -- connect.c Shun-ichi GOTO has written a very useful ProxyCommand -which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or +which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or https CONNECT style proxy server. His page for connect.c has extensive documentation on its use as well as compiled versions for Win32. @@ -47,7 +47,7 @@ Dominik Brettnacher mdoc2man.pl: Converts mdoc formated manpages into normal manpages. This can be used -on Solaris machines to provide manpages that are not preformated. +on Solaris machines to provide manpages that are not preformated. Contributed by Mark D. Roth redhat: diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 727ac446d..4a5c32b0e 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,12 +1,12 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $ +# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely # no warranty. -# +# # Based originally on Ben Lindstrom's buildpkg.sh for Solaris # @@ -45,7 +45,7 @@ fi if [ ! -f Makefile ] then echo "Makefile not found (did you run configure?)" - exit 1 + exit 1 fi # @@ -96,12 +96,12 @@ then PRIVSEP_PATH=/var/empty fi -# Clean package build directory +# Clean package build directory rm -rf $objdir/$PKGDIR FAKE_ROOT=$objdir/$PKGDIR/root mkdir -p $FAKE_ROOT -# Start by faking root install +# Start by faking root install echo "Faking root install..." cd $objdir make install-nokeys DESTDIR=$FAKE_ROOT @@ -136,15 +136,15 @@ echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" # # Set ssh and sshd parameters as per config.local # -if [ "${PERMIT_ROOT_LOGIN}" = no ] +if [ "${PERMIT_ROOT_LOGIN}" = no ] then - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config + perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config fi if [ "${X11_FORWARDING}" = yes ] then - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config + perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config fi @@ -190,13 +190,13 @@ cat <>../openssh.post_i echo Creating configs from defaults if necessary. for cfgfile in ssh_config sshd_config ssh_prng_cmds do - if [ ! -f $sysconfdir/\$cfgfile ] - then - echo "Creating \$cfgfile from default" - cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile - else - echo "\$cfgfile already exists." - fi + if [ ! -f $sysconfdir/\$cfgfile ] + then + echo "Creating \$cfgfile from default" + cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile + else + echo "\$cfgfile already exists." + fi done echo @@ -244,19 +244,19 @@ echo # Generate keys unless they already exist echo Creating host keys if required. if [ -f "$sysconfdir/ssh_host_key" ] ; then - echo "$sysconfdir/ssh_host_key already exists, skipping." + echo "$sysconfdir/ssh_host_key already exists, skipping." else - $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" + $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" fi if [ -f $sysconfdir/ssh_host_dsa_key ] ; then - echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." + echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." else - $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" + $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" fi if [ -f $sysconfdir/ssh_host_rsa_key ] ; then - echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" + echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." +else + $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" fi echo @@ -369,7 +369,7 @@ echo Creating $PKGNAME-$VERSION.bff with backup... rm -f $PKGNAME-$VERSION.bff ( echo "./lpp_name" - find . ! -name lpp_name -a ! -name . -print + find . ! -name lpp_name -a ! -name . -print ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist # diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 4f408e678..e2641e79c 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -1,7 +1,7 @@ #!/bin/sh # # inventory.sh -# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $ +# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ # # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # This file is placed into the public domain. @@ -59,5 +59,5 @@ find . ! -name . -print | perl -ne '{ } elsif ( -d $_ ) { # Entry is Directory print "\ttype=DIRECTORY\n"; - } + } }' diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen index 28a97b9b4..3c5c17182 100755 --- a/contrib/caldera/ssh-host-keygen +++ b/contrib/caldera/ssh-host-keygen @@ -1,6 +1,6 @@ #! /bin/sh # -# $Id: ssh-host-keygen,v 1.1 2001/04/27 05:50:50 tim Exp $ +# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ # # This script is normally run only *once* for a given host # (in a given period of time) -- on updates/upgrades/recovery @@ -12,7 +12,7 @@ keydir=@sysconfdir@ keygen=@sshkeygen@ if [ -f $keydir/ssh_host_key -o \ - -f $keydir/ssh_host_key.pub ]; then + -f $keydir/ssh_host_key.pub ]; then echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." else echo "Generating 1024 bit SSH1 RSA host key." @@ -20,7 +20,7 @@ else fi if [ -f $keydir/ssh_host_rsa_key -o \ - -f $keydir/ssh_host_rsa_key.pub ]; then + -f $keydir/ssh_host_rsa_key.pub ]; then echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." else echo "Generating 1024 bit SSH2 RSA host key." @@ -28,7 +28,7 @@ else fi if [ -f $keydir/ssh_host_dsa_key -o \ - -f $keydir/ssh_host_dsa_key.pub ]; then + -f $keydir/ssh_host_dsa_key.pub ]; then echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." else echo "Generating SSH2 DSA host key." diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init index 90b36379a..983146f4f 100755 --- a/contrib/caldera/sshd.init +++ b/contrib/caldera/sshd.init @@ -1,6 +1,6 @@ #! /bin/bash # -# $Id: sshd.init,v 1.3 2001/11/03 19:09:33 tim Exp $ +# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $ # ### BEGIN INIT INFO # Provides: @@ -64,11 +64,11 @@ case "$1" in SVIemptyConfig @sysconfdir@/sshd_config && exit 6 if [ ! \( -f @sysconfdir@/ssh_host_key -a \ - -f @sysconfdir@/ssh_host_key.pub \) -a \ + -f @sysconfdir@/ssh_host_key.pub \) -a \ ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ - -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ + -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ - -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then + -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then echo "$SVIsubsys: host key not initialized: skipped!" echo "$SVIsubsys: use ssh-host-keygen to generate one!" diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 1cc6ae65c..1ed934307 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -25,7 +25,7 @@ Important note for Windows 2003 Server users: --------------------------------------------- 2003 Server has a funny new feature. When starting services under SYSTEM -account, these services have nearly all user rights which SYSTEM holds... +account, these services have nearly all user rights which SYSTEM holds... except for the "Create a token object" right, which is needed to allow public key authentication :-( @@ -103,7 +103,7 @@ features of the FAT/FAT32 filesystems. If you are installing OpenSSH the first time, you can generate global config files and server keys by running - + /usr/bin/ssh-host-config Note that this binary archive doesn't contain default config files in /etc. diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 18793ca85..9c0dabf41 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -263,7 +263,7 @@ then net user sshd >/dev/null 2>&1 && sshd_in_sam=yes if [ "${sshd_in_passwd}" != "yes" ] then - if [ "${sshd_in_sam}" != "yes" ] + if [ "${sshd_in_sam}" != "yes" ] then echo "Warning: The following function requires administrator privileges!" if request "Should this script create a local user 'sshd' on this machine?" @@ -339,13 +339,13 @@ if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] then grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" if [ -f "${_serv_tmp}" ] - then + then if mv "${_serv_tmp}" "${_services}" then echo "Removing sshd from ${_wservices}" else echo "Removing sshd from ${_wservices} failed!" - fi + fi rm -f "${_serv_tmp}" else echo "Removing sshd from ${_wservices} failed!" @@ -388,9 +388,9 @@ then then if mv "${_inetcnf_tmp}" "${_inetcnf}" then - echo "Removed sshd from ${_inetcnf}" + echo "Removed sshd from ${_inetcnf}" else - echo "Removing sshd from ${_inetcnf} failed!" + echo "Removing sshd from ${_inetcnf} failed!" fi rm -f "${_inetcnf_tmp}" else @@ -462,7 +462,7 @@ then do if [ -n "${password_value}" ] then - _password="${password_value}" + _password="${password_value}" # Allow to ask for password if first try fails password_value="" else @@ -541,7 +541,7 @@ then fi if [ -n "${cygwin_value}" ] then - _cygwin="${cygwin_value}" + _cygwin="${cygwin_value}" else echo echo "Which value should the environment variable CYGWIN have when" @@ -574,9 +574,9 @@ then then if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] then - _user="sshd_server" + _user="sshd_server" else - _user="system" + _user="system" fi chown "${_user}" ${SYSCONFDIR}/ssh* chown "${_user}".544 ${LOCALSTATEDIR}/empty diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 87a4abce2..0c08d4a18 100644 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh @@ -9,24 +9,24 @@ # Written by Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain. # -# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $ +# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $ # 2002-07-27: Initial release. # 2002-08-04: Added public domain notice. # 2003-06-24: Incorporated readme, set library paths. First cvs version. # -# "OpenSSL headers do not match your library" are usually caused by +# "OpenSSL headers do not match your library" are usually caused by # OpenSSH's configure picking up an older version of OpenSSL headers # or libraries. You can use the following # procedure to help identify # the cause. -# +# # The output of configure will tell you the versions of the OpenSSL # headers and libraries that were picked up, for example: -# +# # checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002) # checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) # checking whether OpenSSL's headers match the library... no # configure: error: Your OpenSSL headers do not match your library -# +# # Now run findssl.sh. This should identify the headers and libraries # present and their versions. You should be able to identify the # libraries and headers used and adjust your CFLAGS or remove incorrect @@ -37,7 +37,7 @@ # Searching for OpenSSL header files. # 0x0090604fL /usr/include/openssl/opensslv.h # 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h -# +# # Searching for OpenSSL shared library files. # 0x0090602fL /lib/libcrypto.so.0.9.6b # 0x0090602fL /lib/libcrypto.so.2 @@ -46,11 +46,11 @@ # 0x0090581fL /usr/lib/libcrypto.so.0.9.5a # 0x0090600fL /usr/lib/libcrypto.so.0.9.6 # 0x0090600fL /usr/lib/libcrypto.so.1 -# +# # Searching for OpenSSL static library files. # 0x0090602fL /usr/lib/libcrypto.a # 0x0090604fL /usr/local/ssl/lib/libcrypto.a -# +# # In this example, I gave configure no extra flags, so it's picking up # the OpenSSL header from /usr/include/openssl (90604f) and the library # from /usr/lib/ (90602f). diff --git a/contrib/gnome-ssh-askpass1.c b/contrib/gnome-ssh-askpass1.c index b6b342b84..4d51032d1 100644 --- a/contrib/gnome-ssh-askpass1.c +++ b/contrib/gnome-ssh-askpass1.c @@ -23,14 +23,14 @@ */ /* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". + * This is a simple GNOME SSH passphrase grabber. To use it, set the + * environment variable SSH_ASKPASS to point to the location of + * gnome-ssh-askpass before calling "ssh-add < /dev/null". * * There is only two run-time options: if you set the environment variable * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if + * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the + * pointer will be grabbed too. These may have some benefit to security if * you don't trust your X server. We grab the keyboard always. */ @@ -87,7 +87,7 @@ passphrase_dialog(char *message) } entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, + gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, FALSE, 0); gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); gtk_widget_grab_focus(entry); @@ -105,7 +105,7 @@ passphrase_dialog(char *message) /* Grab focus */ if (grab_server) XGrabServer(GDK_DISPLAY()); - if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, + if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, NULL, NULL, GDK_CURRENT_TIME)) goto nograb; if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME)) diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 9e8eaf920..0ce8daec9 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c @@ -25,14 +25,14 @@ /* GTK2 support by Nalin Dahyabhai */ /* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". + * This is a simple GNOME SSH passphrase grabber. To use it, set the + * environment variable SSH_ASKPASS to point to the location of + * gnome-ssh-askpass before calling "ssh-add < /dev/null". * * There is only two run-time options: if you set the environment variable * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if + * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the + * pointer will be grabbed too. These may have some benefit to security if * you don't trust your X server. We grab the keyboard always. */ @@ -103,7 +103,7 @@ passphrase_dialog(char *message) message); entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, + gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, FALSE, 0); gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); gtk_widget_grab_focus(entry); @@ -124,7 +124,7 @@ passphrase_dialog(char *message) if (grab_pointer) { for(;;) { status = gdk_pointer_grab( - (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, + (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, NULL, GDK_CURRENT_TIME); if (status == GDK_GRAB_SUCCESS) break; diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index dd00c9fa9..a4d49f61c 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -200,7 +200,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --with-pam \ %endif %if %{kerberos5} - --with-kerberos5=/usr/kerberos \ + --with-kerberos5=/usr/kerberos \ %endif @@ -398,7 +398,7 @@ fi %changelog * Mon Jun 2 2003 Damien Miller -- Remove noip6 option. This may be controlled at run-time in client config +- Remove noip6 option. This may be controlled at run-time in client config file using new AddressFamily directive * Mon May 12 2003 Damien Miller @@ -558,7 +558,7 @@ fi * Sun Apr 8 2001 Preston Brown - remove explicit openssl requirement, fixes builddistro issue -- make initscript stop() function wait until sshd really dead to avoid +- make initscript stop() function wait until sshd really dead to avoid races in condrestart * Mon Apr 2 2001 Nalin Dahyabhai diff --git a/contrib/solaris/README b/contrib/solaris/README index 9b0a46e29..eb4c590f4 100644 --- a/contrib/solaris/README +++ b/contrib/solaris/README @@ -17,7 +17,7 @@ Directions: If all goes well you should have a solaris package ready to be installed. -If you have any problems with this script please post them to +If you have any problems with this script please post them to openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. - Ben Lindstrom diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index c41b3f963..55203d7d5 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh @@ -5,7 +5,7 @@ # The following code has been provide under Public Domain License. I really # don't care what you use it for. Just as long as you don't complain to me # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) -# +# umask 022 # # Options for building the package @@ -13,7 +13,7 @@ umask 022 # # uncommenting TEST_DIR and using # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty -# and +# and # PKGNAME=tOpenSSH should allow testing a package without interfering # with a real OpenSSH package on a system. This is not needed on systems # that support the -R option to pkgadd. @@ -81,7 +81,7 @@ export PATH # we will look for config.local to override the above options [ -s ./config.local ] && . ./config.local -## Start by faking root install +## Start by faking root install echo "Faking root install..." START=`pwd` OPENSSHD_IN=`dirname $0`/opensshd.in @@ -98,20 +98,20 @@ fi ## Fill in some details, like prefix and sysconfdir for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` + eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` done ## Collect value of privsep user for confvar in SSH_PRIVSEP_USER do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` done ## Set privsep defaults if not defined if [ -z "$SSH_PRIVSEP_USER" ] then - SSH_PRIVSEP_USER=sshd + SSH_PRIVSEP_USER=sshd fi ## Extract common info requires for the 'info' part of the package. @@ -243,16 +243,16 @@ fi if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" - echo "or group." + echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" + echo "or group." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." + echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - # create group if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else + # create group if required + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep group $SSH_PRIVSEP_USER already exists." + else # Use gid of 67 if possible if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null then @@ -260,15 +260,15 @@ else else sshdgid="-g $SSHDGID" fi - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER - fi - - # Create user if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER + fi + + # Create user if required + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + else # Use uid of 67 if possible if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null then @@ -276,10 +276,10 @@ else else sshduid="-u $SSHDUID" fi - echo "Creating PrivSep user $SSH_PRIVSEP_USER." + echo "Creating PrivSep user $SSH_PRIVSEP_USER." \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER - fi + fi fi [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start @@ -358,12 +358,12 @@ cat >mk-proto.awk << _EOF BEGIN { print "i pkginfo"; print "i preinstall"; \\ print "i postinstall"; print "i preremove"; \\ print "i request"; print "i space"; \\ - split("$SYSTEM_DIR",sys_files); } + split("$SYSTEM_DIR",sys_files); } { for (dir in sys_files) { if ( \$3 != sys_files[dir] ) - { \$5="root"; \$6="sys"; } - else - { \$4="?"; \$5="?"; \$6="?"; break;} + { \$5="root"; \$6="sys"; } + else + { \$4="?"; \$5="?"; \$6="?"; break;} } } { print; } _EOF diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in index 48b6c5702..50e18deea 100755 --- a/contrib/solaris/opensshd.in +++ b/contrib/solaris/opensshd.in @@ -22,24 +22,24 @@ HOST_KEY_RSA=$etcdir/ssh_host_rsa_key checkkeys() { if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" + ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" fi if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" + ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" fi if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" + ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" fi } stop_service() { if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then - PID=`${CAT} ${PIDFILE}` + PID=`${CAT} ${PIDFILE}` fi if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then - ${KILL} ${PID} + ${KILL} ${PID} else - echo "Unable to read PID file" + echo "Unable to read PID file" fi } @@ -55,8 +55,8 @@ start_service() { sshd_rc=$? if [ $sshd_rc -ne 0 ]; then - echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." - exit $sshd_rc + echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." + exit $sshd_rc fi echo done. } diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 940bc4ade..d984ff22d 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -30,7 +30,7 @@ two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all +up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). This package includes all files necessary for both the OpenSSH @@ -100,8 +100,8 @@ make cd contrib gcc -O -g `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` + gnome-ssh-askpass.c -o gnome-ssh-askpass \ + `gnome-config --libs gnome gnomeui` cd .. %install @@ -140,34 +140,34 @@ else echo " /var/adm/fillup-templates/rc.config.sshd" fi if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - echo "Generating SSH host key..." + echo "Generating SSH host key..." /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 fi if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then - echo "Generating SSH DSA host key..." + echo "Generating SSH DSA host key..." /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 fi if test -r /var/run/sshd.pid then - echo "Restarting the running SSH daemon..." + echo "Restarting the running SSH daemon..." /usr/sbin/rcsshd restart >&2 fi %preun if [ "$1" = 0 ] then - echo "Stopping the SSH daemon..." + echo "Stopping the SSH daemon..." /usr/sbin/rcsshd stop >&2 echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd + rm /sbin/init.d/rc2.d/K20sshd + rm /sbin/init.d/rc2.d/S20sshd + rm /sbin/init.d/rc3.d/K20sshd + rm /sbin/init.d/rc3.d/S20sshd fi %files %defattr(-,root,root) -%doc ChangeLog OVERVIEW README* +%doc ChangeLog OVERVIEW README* %doc RFC.nroff TODO CREDITS LICENCE %attr(0755,root,root) %dir /etc/ssh %attr(0644,root,root) %config /etc/ssh/ssh_config diff --git a/defines.h b/defines.h index e662966fb..adf45d7fa 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.103 2003/09/16 01:52:19 dtucker Exp $ */ +/* $Id: defines.h,v 1.104 2003/11/21 12:48:55 djm Exp $ */ /* Constants */ @@ -84,7 +84,7 @@ enum # define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR)) #endif /* S_ISDIR */ -#ifndef S_ISREG +#ifndef S_ISREG # define S_ISREG(mode) (((mode) & (_S_IFMT)) == (_S_IFREG)) #endif /* S_ISREG */ diff --git a/dns.c b/dns.c index 2342b6609..ad634f1f7 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -145,7 +145,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, /* * Verify the given hostname, address and host key using DNS. - * Returns 0 if lookup succeeds, -1 otherwise + * Returns 0 if lookup succeeds, -1 otherwise */ int verify_host_key_dns(const char *hostname, struct sockaddr *address, diff --git a/entropy.c b/entropy.c index 216879786..f5381e32f 100644 --- a/entropy.c +++ b/entropy.c @@ -36,16 +36,16 @@ /* * Portable OpenSSH PRNG seeding: - * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then we execute a "ssh-rand-helper" program which - * collects entropy and writes it to stdout. The child program must + * If OpenSSL has not "internally seeded" itself (e.g. pulled data from + * /dev/random), then we execute a "ssh-rand-helper" program which + * collects entropy and writes it to stdout. The child program must * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr * attached, so error/debugging output should be visible. * * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.46 2003/08/25 01:16:21 mouring Exp $"); +RCSID("$Id: entropy.c,v 1.47 2003/11/21 12:48:55 djm Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -86,16 +86,16 @@ seed_rng(void) close(p[1]); close(devnull); - if (original_uid != original_euid && - ( seteuid(getuid()) == -1 || + if (original_uid != original_euid && + ( seteuid(getuid()) == -1 || setuid(original_uid) == -1) ) { - fprintf(stderr, "(rand child) setuid(%li): %s\n", + fprintf(stderr, "(rand child) setuid(%li): %s\n", (long int)original_uid, strerror(errno)); _exit(1); } execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL); - fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", + fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", SSH_RAND_HELPER, strerror(errno)); _exit(1); } @@ -114,12 +114,12 @@ seed_rng(void) close(p[0]); if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", + fatal("Couldn't wait for ssh-rand-helper completion: %s", strerror(errno)); signal(SIGCHLD, old_sigchld); /* We don't mind if the child exits upon a SIGPIPE */ - if (!WIFEXITED(ret) && + if (!WIFEXITED(ret) && (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE)) fatal("ssh-rand-helper terminated abnormally"); if (WEXITSTATUS(ret) != 0) @@ -134,7 +134,7 @@ seed_rng(void) } void -init_rng(void) +init_rng(void) { /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status diff --git a/fixprogs b/fixprogs index 61840cf81..af76ee392 100755 --- a/fixprogs +++ b/fixprogs @@ -65,7 +65,7 @@ foreach (@infile) { ($null, $null, $rate) = split(/,/, $ent[0]); $est = $rate / $entscale; # scale the estimate back } - } + } print OUT "\"$cmd\" $path $est\n"; } diff --git a/gss-genr.c b/gss-genr.c index 6b7caad0e..1e044dbbb 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.2 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -258,8 +258,8 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) } void -ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, - const char *context) +ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, + const char *context) { buffer_init(b); buffer_put_string(b, session_id2, session_id2_len); diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index f48e09911..e358bcbdc 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,7 +48,7 @@ static krb5_context krb_context = NULL; /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ -static int +static int ssh_gssapi_krb5_init() { krb5_error_code problem; @@ -127,10 +127,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) { int tmpfd; char ccname[40]; - - snprintf(ccname, sizeof(ccname), + + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); - + if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) { logit("mkstemp(): %.100s", strerror(errno)); problem = errno; @@ -151,7 +151,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) } #endif /* #ifdef HEIMDAL */ - if ((problem = krb5_parse_name(krb_context, + if ((problem = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { logit("krb5_parse_name(): %.100s", krb5_get_err_text(krb_context, problem)); @@ -169,7 +169,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_free_principal(krb_context, princ); - if ((maj_status = gss_krb5_copy_ccache(&min_status, + if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds, ccache))) { logit("gss_krb5_copy_ccache() failed"); krb5_cc_destroy(krb_context, ccache); diff --git a/install-sh b/install-sh index e9de23842..220abbf61 100755 --- a/install-sh +++ b/install-sh @@ -125,7 +125,7 @@ if [ x"$dir_arg" != x ]; then else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad +# might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] @@ -180,7 +180,7 @@ while [ $# -ne 0 ] ; do shift if [ ! -d "${pathcomp}" ] ; - then + then $mkdirprog "${pathcomp}" else true @@ -202,17 +202,17 @@ else # If we're going to rename the final executable, determine the name now. - if [ x"$transformarg" = x ] + if [ x"$transformarg" = x ] then dstfile=`basename $dst` else - dstfile=`basename $dst $transformbasename | + dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename - if [ x"$dstfile" = x ] + if [ x"$dstfile" = x ] then dstfile=`basename $dst` else @@ -243,7 +243,7 @@ else # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile + $doit $mvcmd $dsttmp $dstdir/$dstfile fi && diff --git a/kex.c b/kex.c index b070ccf42..5a952c9c2 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); #include @@ -310,7 +310,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server) xfree(hostkeyalg); } -static int +static int proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) { static int check[] = { @@ -392,7 +392,7 @@ kex_choose_conf(Kex *kex) kex->we_need = need; /* ignore the next message if the proposals do not match */ - if (first_kex_follows && !proposals_match(my, peer) && + if (first_kex_follows && !proposals_match(my, peer) && !(datafellows & SSH_BUG_FIRSTKEX)) { type = packet_read(); debug2("skipping next packet (type %u)", type); diff --git a/loginrec.c b/loginrec.c index bdac3e959..ce9e26fc5 100644 --- a/loginrec.c +++ b/loginrec.c @@ -158,7 +158,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.52 2003/07/06 05:20:46 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.53 2003/11/21 12:48:55 djm Exp $"); #ifdef HAVE_UTIL_H # include @@ -442,7 +442,7 @@ login_write (struct logininfo *li) int login_utmp_only(struct logininfo *li) { - li->type = LTYPE_LOGIN; + li->type = LTYPE_LOGIN; login_set_current_time(li); # ifdef USE_UTMP utmp_write_entry(li); @@ -1534,7 +1534,7 @@ lastlog_get_entry(struct logininfo *li) lastlog_populate_entry(li, &last); return (1); case -1: - error("%s: Error reading from %s: %s", __func__, + error("%s: Error reading from %s: %s", __func__, LASTLOG_FILE, strerror(errno)); return (0); default: diff --git a/md5crypt.c b/md5crypt.c index e14d53ac1..b5e3b91ab 100644 --- a/md5crypt.c +++ b/md5crypt.c @@ -1,9 +1,9 @@ /* * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet some - * day, and you think this stuff is worth it, you can buy me a beer in + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet some + * day, and you think this stuff is worth it, you can buy me a beer in * return. Poul-Henning Kamp * ---------------------------------------------------------------------------- */ @@ -13,7 +13,7 @@ #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) #include -RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $"); +RCSID("$Id: md5crypt.c,v 1.8 2003/11/21 12:48:55 djm Exp $"); /* 0 ... 63 => ascii - 64 */ static unsigned char itoa64[] = diff --git a/mdoc2man.awk b/mdoc2man.awk index 856e2d7c5..9135af07e 100644 --- a/mdoc2man.awk +++ b/mdoc2man.awk @@ -76,19 +76,19 @@ function add(str) { skip=1 ext=1 if(length(line)&&!(match(line," $")||prenl)) - add(OFS) + add(OFS) } else if(match(words[w],"^Xc$")) { skip=1 ext=0 if(!extopt) - prenl++ + prenl++ w=nwords } else if(match(words[w],"^Bd$")) { skip=1 if(match(words[w+1],"-literal")) { - literal=1 - prenl++ - w=nwords + literal=1 + prenl++ + w=nwords } } else if(match(words[w],"^Ed$")) { skip=1 @@ -96,7 +96,7 @@ function add(str) { } else if(match(words[w],"^Ns$")) { skip=1 if(!nospace) - nospace=1 + nospace=1 sub(" $","",line) } else if(match(words[w],"^No$")) { skip=1 @@ -107,20 +107,20 @@ function add(str) { add("``") add(words[++w]) while(w0;i--) { - add(refauthors[i]) - if(i>1) - add(", ") + add(refauthors[i]) + if(i>1) + add(", ") } if(nrefauthors>1) - add(" and ") + add(" and ") add(refauthors[0] ", \\fI" reftitle "\\fP") if(length(refissue)) - add(", " refissue) + add(", " refissue) if(length(refdate)) - add(", " refdate) + add(", " refdate) if(length(refopt)) - add(", " refopt) + add(", " refopt) add(".") reference=0 } else if(reference) { if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() } if(match(words[w],"^%T$")) { - reftitle=wtail() - sub("^\"","",reftitle) - sub("\"$","",reftitle) + reftitle=wtail() + sub("^\"","",reftitle) + sub("\"$","",reftitle) } if(match(words[w],"^%N$")) { refissue=wtail() } if(match(words[w],"^%D$")) { refdate=wtail() } if(match(words[w],"^%O$")) { refopt=wtail() } } else if(match(words[w],"^Nm$")) { if(synopsis) { - add(".br") - prenl++ + add(".br") + prenl++ } n=words[++w] if(!length(name)) - name=n + name=n if(!length(n)) - n=name + n=name add("\\fB" n "\\fP") if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Nd$")) { add("\\- " wtail()) } else if(match(words[w],"^Fl$")) { add("\\fB\\-" words[++w] "\\fP") if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Ar$")) { add("\\fI") if(w==nwords) - add("file ...\\fP") + add("file ...\\fP") else { - add(words[++w] "\\fP") - while(match(words[w+1],"^\\|$")) - add(OFS words[++w] " \\fI" words[++w] "\\fP") + add(words[++w] "\\fP") + while(match(words[w+1],"^\\|$")) + add(OFS words[++w] " \\fI" words[++w] "\\fP") } if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Cm$")) { add("\\fB" words[++w] "\\fP") while(w * Copyright 1996-1998, 2003 William Allen Simpson @@ -46,7 +46,7 @@ /* - * Debugging defines + * Debugging defines */ /* define DEBUG_LARGE 1 */ @@ -244,9 +244,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) largememory = memory; /* - * Set power to the length in bits of the prime to be generated. - * This is changed to 1 less than the desired safe prime moduli p. - */ + * Set power to the length in bits of the prime to be generated. + * This is changed to 1 less than the desired safe prime moduli p. + */ if (power > TEST_MAXIMUM) { error("Too many bits: %u > %lu", power, TEST_MAXIMUM); return (-1); @@ -257,16 +257,16 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) power--; /* decrement before squaring */ /* - * The density of ordinary primes is on the order of 1/bits, so the - * density of safe primes should be about (1/bits)**2. Set test range - * to something well above bits**2 to be reasonably sure (but not - * guaranteed) of catching at least one safe prime. + * The density of ordinary primes is on the order of 1/bits, so the + * density of safe primes should be about (1/bits)**2. Set test range + * to something well above bits**2 to be reasonably sure (but not + * guaranteed) of catching at least one safe prime. */ largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER)); /* - * Need idea of how much memory is available. We don't have to use all - * of it. + * Need idea of how much memory is available. We don't have to use all + * of it. */ if (largememory > LARGE_MAXIMUM) { logit("Limited memory: %u MB; limit %lu MB", @@ -315,8 +315,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) q = BN_new(); /* - * Generate random starting point for subprime search, or use - * specified parameter. + * Generate random starting point for subprime search, or use + * specified parameter. */ largebase = BN_new(); if (start == NULL) @@ -329,13 +329,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) time(&time_start); - logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), + logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), largenumbers, power); debug2("start point: 0x%s", BN_bn2hex(largebase)); /* - * TinySieve - */ + * TinySieve + */ for (i = 0; i < tinybits; i++) { if (BIT_TEST(TinySieve, i)) continue; /* 2*i+3 is composite */ @@ -351,9 +351,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) } /* - * Start the small block search at the next possible prime. To avoid - * fencepost errors, the last pass is skipped. - */ + * Start the small block search at the next possible prime. To avoid + * fencepost errors, the last pass is skipped. + */ for (smallbase = TINY_NUMBER + 3; smallbase < (SMALL_MAXIMUM - TINY_NUMBER); smallbase += TINY_NUMBER) { @@ -386,8 +386,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) } /* - * SmallSieve - */ + * SmallSieve + */ for (i = 0; i < smallbits; i++) { if (BIT_TEST(SmallSieve, i)) continue; /* 2*i+smallbase is composite */ @@ -438,7 +438,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) * The result is a list of so-call "safe" primes */ int -prime_test(FILE *in, FILE *out, u_int32_t trials, +prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) { BIGNUM *q, *p, *a; @@ -562,10 +562,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, count_possible++; /* - * The (1/4)^N performance bound on Miller-Rabin is - * extremely pessimistic, so don't spend a lot of time - * really verifying that q is prime until after we know - * that p is also prime. A single pass will weed out the + * The (1/4)^N performance bound on Miller-Rabin is + * extremely pessimistic, so don't spend a lot of time + * really verifying that q is prime until after we know + * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { @@ -575,9 +575,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, } /* - * q is possibly prime, so go ahead and really make sure - * that p is prime. If it is, then we can go back and do - * the same for q. If p is composite, chances are that + * q is possibly prime, so go ahead and really make sure + * that p is prime. If it is, then we can go back and do + * the same for q. If p is composite, chances are that * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ @@ -594,7 +594,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, } debug("%10u: q is almost certainly prime", count_in); - if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), + if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), in_tries, in_size, generator_known, p)) { res = -1; break; @@ -610,7 +610,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, BN_CTX_free(ctx); logit("%.24s Found %u safe primes of %u candidates in %ld seconds", - ctime(&time_stop), count_out, count_possible, + ctime(&time_stop), count_out, count_possible, (long) (time_stop - time_start)); return (res); diff --git a/monitor.c b/monitor.c index d4c1c6eb2..449397e30 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.53 2003/11/18 10:53:07 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.54 2003/11/21 11:57:03 djm Exp $"); #include @@ -313,7 +313,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) Buffer m; buffer_init(&m); - mm_request_receive_expect(pmonitor->m_sendfd, + mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_PAM_ACCOUNT, &m); authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m); buffer_free(&m); diff --git a/monitor_wrap.c b/monitor_wrap.c index c685535d3..7ca9672ff 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -715,7 +715,7 @@ mm_do_pam_account(void) buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); - mm_request_receive_expect(pmonitor->m_recvfd, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_ACCOUNT, &m); ret = buffer_get_int(&m); diff --git a/nchan.ms b/nchan.ms index 2d080228c..57576017b 100644 --- a/nchan.ms +++ b/nchan.ms @@ -1,8 +1,8 @@ -.\" $OpenBSD: nchan.ms,v 1.7 2001/01/29 01:58:17 niklas Exp $ +.\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $ +.\" .\" -.\" .\" Copyright (c) 1999 Markus Friedl. All rights reserved. -.\" +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -11,7 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. diff --git a/nchan2.ms b/nchan2.ms index 1cc51fa12..a7a67b127 100644 --- a/nchan2.ms +++ b/nchan2.ms @@ -1,7 +1,7 @@ -.\" $OpenBSD: nchan2.ms,v 1.2 2001/10/03 10:05:57 markus Exp $ -.\" +.\" $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $ +.\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. -.\" +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. diff --git a/packet.c b/packet.c index 52b4f664c..16d5f972c 100644 --- a/packet.c +++ b/packet.c @@ -304,7 +304,7 @@ packet_connection_is_ipv4(void) if (to.ss_family == AF_INET) return 1; #ifdef IPV4_IN_IPV6 - if (to.ss_family == AF_INET6 && + if (to.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) return 1; #endif diff --git a/readconf.h b/readconf.h index 8aab2e606..650132346 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.56 2003/10/11 08:24:08 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */ /* * Author: Tatu Ylonen @@ -61,7 +61,7 @@ typedef struct { int connection_attempts; /* Max attempts (seconds) before * giving up */ int connection_timeout; /* Max time (seconds) before - * aborting connection attempt */ + * aborting connection attempt */ int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ diff --git a/rijndael.c b/rijndael.c index 6965ca3b0..1cd24de14 100644 --- a/rijndael.c +++ b/rijndael.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */ +/* $OpenBSD: rijndael.c,v 1.15 2003/11/21 11:57:03 djm Exp $ */ /** * rijndael-alg-fst.c @@ -725,7 +725,7 @@ static const u32 rcon[] = { * @return the number of rounds for the given cipher key size. */ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; + int i = 0; u32 temp; rk[0] = GETU32(cipherKey ); @@ -797,7 +797,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int (Te4[(temp ) & 0xff] & 0x000000ff); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[15] = rk[ 7] ^ rk[14]; rk += 8; } } @@ -871,50 +871,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 s3 = GETU32(pt + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (Nr > 10) { /* round 10: */ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; @@ -1187,33 +1187,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 * apply last round and * map cipher state to byte array block: */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; PUTU32(pt + 12, s3); } diff --git a/scard-opensc.c b/scard-opensc.c index 2489fec45..ff3017f5e 100644 --- a/scard-opensc.c +++ b/scard-opensc.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2002 Juha Yrjölä. All rights reserved. * Copyright (c) 2001 Markus Friedl. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -81,7 +81,7 @@ sc_close(void) } } -static int +static int sc_init(void) { int r; @@ -91,7 +91,7 @@ sc_init(void) goto err; if (sc_reader_id >= ctx->reader_count) { r = SC_ERROR_NO_READERS_FOUND; - error("Illegal reader number %d (max %d)", sc_reader_id, + error("Illegal reader number %d (max %d)", sc_reader_id, ctx->reader_count -1); goto err; } @@ -131,7 +131,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, goto err; } } - r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, + r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, usage, &key_obj); if (r) { error("Unable to find private key from SmartCard: %s", @@ -193,7 +193,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT); if (r) return -1; - r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, + r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, from, flen, to, flen); sc_unlock(card); if (r < 0) { @@ -223,7 +223,7 @@ sc_sign(int type, u_char *m, unsigned int m_len, * the key will be rejected as using a non-repudiation key * for authentication is not recommended. Note: This does not * prevent the use of a non-repudiation key for authentication - * if the sign or signrecover flag is set as well. + * if the sign or signrecover flag is set as well. */ r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN); if (r) @@ -337,7 +337,7 @@ convert_rsa_to_rsa1(Key * in, Key * out) return; } -static int +static int sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) { int r; @@ -358,7 +358,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) } x509 = X509_new(); if (x509 == NULL) { - r = -1; + r = -1; goto err; } p = cert->data; diff --git a/scp.c b/scp.c index 36cf1b442..cece74a98 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.111 2003/11/12 10:12:15 dtucker Exp $"); +RCSID("$OpenBSD: scp.c,v 1.112 2003/11/21 11:57:03 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" diff --git a/session.c b/session.c index b1e6255f4..3a3a09b5b 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.168 2003/11/21 11:57:03 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -980,7 +980,7 @@ do_setup_env(Session *s, const char *shell) #endif #ifdef GSSAPI - /* Allow any GSSAPI methods that we've used to alter + /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit */ ssh_gssapi_do_child(&env, &envsize); @@ -1012,7 +1012,7 @@ do_setup_env(Session *s, const char *shell) path = child_get_env(env, "PATH"); # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { - child_set_env(&env, &envsize, "PATH", + child_set_env(&env, &envsize, "PATH", s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); } @@ -1266,7 +1266,7 @@ do_setusercontext(struct passwd *pw) endgrent(); # ifdef USE_PAM /* - * PAM credentials may take the form of supplementary groups. + * PAM credentials may take the form of supplementary groups. * These will have been wiped by the above initgroups() call. * Reestablish them here. */ diff --git a/sftp-client.c b/sftp-client.c index ffff0fe5a..8e657d1b5 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.45 2003/11/21 11:57:03 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -798,7 +798,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, return(-1); } - local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, + local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode | S_IWRITE); if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", @@ -946,7 +946,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, /* Override umask and utimes if asked */ #ifdef HAVE_FCHMOD if (pflag && fchmod(local_fd, mode) == -1) -#else +#else if (pflag && chmod(local_path, mode) == -1) #endif /* HAVE_FCHMOD */ error("Couldn't set mode on \"%s\": %s", local_path, diff --git a/sftp-glob.c b/sftp-glob.c index ee122a2cd..4f2234654 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -89,7 +89,7 @@ fudge_readdir(struct SFTP_OPENDIR *od) #ifdef __GNU_LIBRARY__ /* * Idiot glibc uses extensions to struct dirent for readdir with - * ALTDIRFUNCs. Not that this is documented anywhere but the + * ALTDIRFUNCs. Not that this is documented anywhere but the * source... Fake an inode number to appease it. */ ret->d_ino = inum++; diff --git a/sftp-int.c b/sftp-int.c index bc5cce8de..4c280b492 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.64 2003/11/08 19:17:29 jmc Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.65 2003/11/21 11:57:03 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -361,7 +361,7 @@ get_pathname(const char **cpp, char **path) } if (cp[i] == '\\') { /* Escaped characters */ i++; - if (cp[i] != '\'' && cp[i] != '\"' && + if (cp[i] != '\'' && cp[i] != '\"' && cp[i] != '\\') { error("Bad escaped character '\%c'", cp[i]); @@ -389,7 +389,7 @@ get_pathname(const char **cpp, char **path) return (0); fail: - xfree(*path); + xfree(*path); *path = NULL; return (-1); } @@ -530,7 +530,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) for (i = 0; g.gl_pathv[i]; i++) { if (!is_reg(g.gl_pathv[i])) { - error("skipping non-regular file %s", + error("skipping non-regular file %s", g.gl_pathv[i]); continue; } @@ -598,7 +598,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) for (n = 0; d[n] != NULL; n++) m = MAX(m, strlen(d[n]->filename)); - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; columns = width / (m + 2); @@ -668,7 +668,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { if ((a = do_lstat(conn, path, 1)) == NULL) { globfree(&g); - return (-1); + return (-1); } if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && S_ISDIR(a->perm)) { @@ -682,7 +682,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, struct winsize ws; /* Count entries for sort and find longest filename */ - for (i = 0; g.gl_pathv[i]; i++) + for (i = 0; g.gl_pathv[i]; i++) m = MAX(m, strlen(g.gl_pathv[i])); if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) diff --git a/ssh-add.c b/ssh-add.c index 2e394e5c1..e7699c95c 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.68 2003/06/16 10:22:45 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $"); #include @@ -169,14 +169,14 @@ add_file(AuthenticationConnection *ac, const char *filename) } } - if (ssh_add_identity_constrained(ac, private, comment, lifetime, - confirm)) { + if (ssh_add_identity_constrained(ac, private, comment, lifetime, + confirm)) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; if (lifetime != 0) fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); - if (confirm != 0) + if (confirm != 0) fprintf(stderr, "The user has to confirm each use of the key\n"); } else if (ssh_add_identity(ac, private, comment)) { diff --git a/ssh-agent.c b/ssh-agent.c index d595479f9..b1d603006 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.115 2003/10/14 19:54:39 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.116 2003/11/21 11:57:03 djm Exp $"); #include #include @@ -179,7 +179,7 @@ confirm_key(Identity *id) p = read_passphrase(prompt, RP_ALLOW_EOF); if (p != NULL) { /* - * Accept empty responses and responses consisting + * Accept empty responses and responses consisting * of the word "yes" as affirmative. */ if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) diff --git a/ssh-keygen.c b/ssh-keygen.c index 4a3cf241a..95d22b6a4 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.111 2003/11/21 11:57:03 djm Exp $"); #include #include @@ -902,13 +902,13 @@ main(int ac, char **av) case 'a': trials = atoi(optarg); if (trials < TRIAL_MINIMUM) { - fatal("Minimum primality trials is %d", + fatal("Minimum primality trials is %d", TRIAL_MINIMUM); } break; case 'M': memory = atoi(optarg); - if (memory != 0 && + if (memory != 0 && (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { fatal("Invalid memory amount (min %ld, max %ld)", LARGE_MINIMUM, LARGE_MAXIMUM); @@ -987,7 +987,7 @@ main(int ac, char **av) if (have_identity && strcmp(identity_file, "-") != 0) { if ((in = fopen(identity_file, "r")) == NULL) { fatal("Couldn't open modulus candidate " - "file \"%s\": %s", identity_file, + "file \"%s\": %s", identity_file, strerror(errno)); } } else diff --git a/ssh-rand-helper.8 b/ssh-rand-helper.8 index a89185c0a..df559d332 100644 --- a/ssh-rand-helper.8 +++ b/ssh-rand-helper.8 @@ -1,4 +1,4 @@ -.\" $Id: ssh-rand-helper.8,v 1.1 2002/04/14 09:27:13 djm Exp $ +.\" $Id: ssh-rand-helper.8,v 1.2 2003/11/21 12:48:56 djm Exp $ .\" .\" Copyright (c) 2002 Damien Miller. All rights reserved. .\" @@ -34,22 +34,22 @@ .Op Fl b Ar bytes .Sh DESCRIPTION .Nm -is a small helper program used by +is a small helper program used by .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr ssh-keyscan 1 +.Xr ssh-keyscan 1 and .Xr sshd 8 -to gather random numbers of cryptographic quality if the +to gather random numbers of cryptographic quality if the .Xr openssl 4 library has not been configured to provide them itself. .Pp -Normally +Normally .Nm will generate a strong random seed and provide it to the calling -program via standard output. If standard output is a tty, +program via standard output. If standard output is a tty, .Nm will instead print the seed in hexidecimal format unless told otherwise. .Pp @@ -57,19 +57,19 @@ will instead print the seed in hexidecimal format unless told otherwise. will by default gather random numbers from the system commands listed in .Pa /etc/ssh/ssh_prng_cmds . -The output of each of the commands listed will be hashed and used to -generate a random seed for the calling program. +The output of each of the commands listed will be hashed and used to +generate a random seed for the calling program. .Nm -will also store seed files in +will also store seed files in .Pa ~/.ssh/prng_seed between executions. .Pp -Alternately, +Alternately, .Nm -may be configured at build time to collect random numbers from a +may be configured at build time to collect random numbers from a EGD/PRNGd server via a unix domain or localhost tcp socket. .Pp -This program is not intended to be run by the end-user, so the few +This program is not intended to be run by the end-user, so the few commandline options are for debugging purposes only. .Bl -tag -width Ds .It Fl b Ar bytes diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index effc8745e..abdb779f0 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.14 2003/09/22 15:36:15 mouring Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.15 2003/11/21 12:48:56 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -115,19 +115,19 @@ double stir_gettimeofday(double entropy_estimate); double stir_clock(double entropy_estimate); double stir_rusage(int who, double entropy_estimate); double hash_command_output(entropy_cmd_t *src, unsigned char *hash); -int get_random_bytes_prngd(unsigned char *buf, int len, +int get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path); /* * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon * listening either on 'tcp_port', or via Unix domain socket at * * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be + * Either a non-zero tcp_port or a non-null socket_path must be * supplied. * Returns 0 on success, -1 on error */ int -get_random_bytes_prngd(unsigned char *buf, int len, +get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path) { int fd, addr_len, rval, errors; @@ -289,7 +289,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (devnull == -1) { devnull = open("/dev/null", O_RDWR); if (devnull == -1) - fatal("Couldn't open /dev/null: %s", + fatal("Couldn't open /dev/null: %s", strerror(errno)); } @@ -314,7 +314,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) execv(src->path, (char**)(src->args)); - debug("(child) Couldn't exec '%s': %s", + debug("(child) Couldn't exec '%s': %s", src->cmdstring, strerror(errno)); _exit(-1); default: /* Parent */ @@ -376,7 +376,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case -1: default: /* error */ - debug("Command '%s': select() failed: %s", + debug("Command '%s': select() failed: %s", src->cmdstring, strerror(errno)); error_abort = 1; break; @@ -400,8 +400,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (error_abort) { /* * Closing p[0] on timeout causes the entropy command to - * SIGPIPE. Take whatever output we got, and mark this - * command as slow + * SIGPIPE. Take whatever output we got, and mark this + * command as slow */ debug2("Command '%s' timed out", src->cmdstring); src->sticky_badness *= 2; @@ -479,7 +479,7 @@ stir_from_programs(void) /* Stir it in */ RAND_add(hash, sizeof(hash), entropy); - debug3("Got %0.2f bytes of entropy from '%s'", + debug3("Got %0.2f bytes of entropy from '%s'", entropy, entropy_cmds[c].cmdstring); total_entropy += entropy; @@ -491,7 +491,7 @@ stir_from_programs(void) total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); } else { debug2("Command '%s' disabled (badness %d)", - entropy_cmds[c].cmdstring, + entropy_cmds[c].cmdstring, entropy_cmds[c].badness); if (entropy_cmds[c].badness > 0) @@ -511,8 +511,8 @@ prng_check_seedfile(char *filename) struct stat st; /* - * XXX raceable: eg replace seed between this stat and subsequent - * open. Not such a problem because we don't really trust the + * XXX raceable: eg replace seed between this stat and subsequent + * open. Not such a problem because we don't really trust the * seed file anyway. * XXX: use secure path checking as elsewhere in OpenSSH */ @@ -651,7 +651,7 @@ prng_read_commands(char *cmdfilename) continue; /* done with this line */ /* - * The first non-whitespace char should be a double quote + * The first non-whitespace char should be a double quote * delimiting the commandline */ if (*cp != '"') { @@ -726,7 +726,7 @@ prng_read_commands(char *cmdfilename) /* * If we've filled the array, reallocate it twice the size - * Do this now because even if this we're on the last + * Do this now because even if this we're on the last * command we need another slot to mark the last entry */ if (cur_cmd == num_cmds) { @@ -761,7 +761,7 @@ usage(void) OUTPUT_SEED_SIZE); } -int +int main(int argc, char **argv) { unsigned char *buf; @@ -816,11 +816,11 @@ main(int argc, char **argv) /* * Seed the RNG from wherever we can */ - + /* Take whatever is on the stack, but don't credit it */ RAND_add(buf, bytes, 0); - debug("Seeded RNG with %i bytes from system calls", + debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); #ifdef PRNGD_PORT @@ -835,7 +835,7 @@ main(int argc, char **argv) /* Read in collection commands */ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", + debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs()); #endif diff --git a/ssh.c b/ssh.c index 39d1b2f6a..e8639f66b 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.202 2003/10/11 08:24:08 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.203 2003/11/21 11:57:03 djm Exp $"); #include #include @@ -221,7 +221,7 @@ main(int ac, char **av) */ original_real_uid = getuid(); original_effective_uid = geteuid(); - + /* * Use uid-swapping to give up root privileges for the duration of * option processing. We will re-instantiate the rights when we are @@ -717,7 +717,7 @@ again: packet_close(); /* - * Send SIGHUP to proxy command if used. We don't wait() in + * Send SIGHUP to proxy command if used. We don't wait() in * case it hangs and instead rely on init to reap the child */ if (proxy_command_pid > 1) diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in index 50e7771f9..0d29d49f1 100644 --- a/ssh_prng_cmds.in +++ b/ssh_prng_cmds.in @@ -2,10 +2,10 @@ # Format is: "program-name args" path rate -# The "rate" represents the number of bits of usuable entropy per +# The "rate" represents the number of bits of usuable entropy per # byte of command output. Be conservative. # -# $Id: ssh_prng_cmds.in,v 1.8 2002/07/14 21:43:58 tim Exp $ +# $Id: ssh_prng_cmds.in,v 1.9 2003/11/21 12:48:56 djm Exp $ "ls -alni /var/log" @PROG_LS@ 0.02 "ls -alni /var/adm" @PROG_LS@ 0.02 diff --git a/sshconnect.c b/sshconnect.c index 5972e2ba9..3d6cc375a 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.153 2003/11/12 16:39:58 jakob Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $"); #include @@ -74,7 +74,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) * Build the final command string in the buffer by making the * appropriate substitutions to the given proxy command. * - * Use "exec" to avoid "sh -c" processes on some platforms + * Use "exec" to avoid "sh -c" processes on some platforms * (e.g. Solaris) */ buffer_init(&command); @@ -261,15 +261,15 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, break; case -1: /* Select error */ - debug("select: %s", strerror(errno)); + debug("select: %s", strerror(errno)); break; case 1: /* Completed or failed */ optval = 0; optlen = sizeof(optval); - if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, + if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) { - debug("getsockopt: %s", strerror(errno)); + debug("getsockopt: %s", strerror(errno)); break; } if (optval != 0) { diff --git a/sshconnect2.c b/sshconnect2.c index f6368aadd..76670e8a8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.132 2003/11/17 11:06:07 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.133 2003/11/21 11:57:03 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -476,7 +476,7 @@ done: } #ifdef GSSAPI -int +int userauth_gssapi(Authctxt *authctxt) { Gssctxt *gssctxt = NULL; @@ -584,7 +584,7 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) buffer_free(&b); gss_release_buffer(&ms, &mic); - } + } } return status; @@ -1033,7 +1033,7 @@ pubkey_prepare(Authctxt *authctxt) key = ssh_get_next_identity(ac, &comment, 2)) { found = 0; TAILQ_FOREACH(id, &files, next) { - /* agent keys from the config file are preferred */ + /* agent keys from the config file are preferred */ if (key_equal(key, id->key)) { key_free(key); xfree(comment); diff --git a/sshd.c b/sshd.c index a9001a040..e92a13c5f 100644 --- a/sshd.c +++ b/sshd.c @@ -1055,8 +1055,8 @@ main(int ac, char **av) /* * Clear out any supplemental groups we may have inherited. This * prevents inadvertent creation of files with bad modes (in the - * portable version at least, it's certainly possible for PAM - * to create a file, and we can't control the code in every + * portable version at least, it's certainly possible for PAM + * to create a file, and we can't control the code in every * module which might be used). */ if (setgroups(0, NULL) < 0) @@ -1446,7 +1446,7 @@ main(int ac, char **av) packet_set_nonblocking(); - /* prepare buffers to collect authentication messages */ + /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); /* allocate authentication context */ diff --git a/sshd_config.5 b/sshd_config.5 index b402bbdad..06a197b76 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.25 2003/09/01 09:50:04 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -227,7 +227,7 @@ The default is .Dq no . .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. -The default is +The default is .Dq no . Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials @@ -608,10 +608,10 @@ If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePAM -Enables PAM authentication (via challenge-response) and session set up. -If you enable this, you should probably disable +Enables PAM authentication (via challenge-response) and session set up. +If you enable this, you should probably disable .Cm PasswordAuthentication . -If you enable +If you enable .CM UsePAM then you will not be able to run sshd as a non-root user. The default is .Dq no . diff --git a/sshpty.c b/sshpty.c index 4747ceaf4..50b1f2ba3 100644 --- a/sshpty.c +++ b/sshpty.c @@ -343,7 +343,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); - else + else close(fd); #endif /* _UNICOS */ } diff --git a/uidswap.c b/uidswap.c index 9e161d0f0..a5f76fdcd 100644 --- a/uidswap.c +++ b/uidswap.c @@ -180,28 +180,28 @@ permanently_set_uid(struct passwd *pw) #endif /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { - fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", - __func__, (u_int)getgid(), (u_int)getegid(), + fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", + __func__, (u_int)getgid(), (u_int)getegid(), (u_int)pw->pw_gid); } #ifndef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ - if (old_uid != pw->pw_uid && + if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); #endif /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), + fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", + __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)pw->pw_uid); } } -- cgit v1.2.3 From 12c150e7e0711e29ea5dc78d3c9ed46221319dc5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Dec 2003 16:31:10 +1100 Subject: - markus@cvs.openbsd.org 2003/12/09 21:53:37 [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@ --- ChangeLog | 7 ++++++- readconf.c | 19 ++++++++++--------- readconf.h | 4 ++-- scp.1 | 4 ++-- servconf.c | 17 +++++++++-------- servconf.h | 4 ++-- sftp.1 | 4 ++-- ssh.1 | 4 ++-- ssh_config.5 | 36 ++++++++++++++++++------------------ sshconnect.c | 6 +++--- sshd.c | 6 +++--- sshd_config.5 | 48 ++++++++++++++++++++++++------------------------ 12 files changed, 83 insertions(+), 76 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index d737c855d..0b97adc72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,11 @@ - markus@cvs.openbsd.org 2003/12/09 17:30:05 [ssh.c] don't modify argv for ssh -o; similar to sshd.c 1.283 + - markus@cvs.openbsd.org 2003/12/09 21:53:37 + [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] + [ssh_config.5 sshconnect.c sshd.c sshd_config.5] + rename keepalive to tcpkeepalive; the old name causes too much + confusion; ok djm, dtucker; with help from jmc@ 20031209 - (dtucker) OpenBSD CVS Sync @@ -1581,4 +1586,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3142 2003/12/17 05:30:06 djm Exp $ +$Id: ChangeLog,v 1.3143 2003/12/17 05:31:10 djm Exp $ diff --git a/readconf.c b/readconf.c index da49a3944..cd2c81443 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); RSAAuthentication yes RhostsRSAAuthentication yes StrictHostKeyChecking yes - KeepAlives no + TcpKeepAlive no IdentityFile ~/.ssh/identity Port 22 EscapeChar ~ @@ -96,7 +96,7 @@ typedef enum { oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -169,7 +169,8 @@ static struct { { "stricthostkeychecking", oStrictHostKeyChecking }, { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, - { "keepalive", oKeepAlives }, + { "tcpkeepalive", oTCPKeepAlive }, + { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, @@ -427,8 +428,8 @@ parse_yesnoask: intptr = &options->compression; goto parse_flag; - case oKeepAlives: - intptr = &options->keepalives; + case oTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case oNoHostAuthenticationForLocalhost: @@ -826,7 +827,7 @@ initialize_options(Options * options) options->check_host_ip = -1; options->strict_host_key_checking = -1; options->compression = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->compression_level = -1; options->port = -1; options->address_family = -1; @@ -909,8 +910,8 @@ fill_default_options(Options * options) options->strict_host_key_checking = 2; /* 2 is default */ if (options->compression == -1) options->compression = 0; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->compression_level == -1) options->compression_level = 6; if (options->port == -1) diff --git a/readconf.h b/readconf.h index 650132346..f2a859fbe 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $ */ /* * Author: Tatu Ylonen @@ -53,7 +53,7 @@ typedef struct { int compression; /* Compress packets in both directions. */ int compression_level; /* Compression level 1 (fast) to 9 * (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ + int tcp_keep_alive; /* Set SO_KEEPALIVE. */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ diff --git a/scp.1 b/scp.1 index 4dab2a1db..cbebb949a 100644 --- a/scp.1 +++ b/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $ +.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -137,7 +137,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -152,6 +151,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/servconf.c b/servconf.c index 0df62ad63..a6824a863 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $"); #include "ssh.h" #include "log.h" @@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options) options->x11_use_localhost = -1; options->xauth_location = NULL; options->strict_modes = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; options->rhosts_rsa_authentication = -1; @@ -159,8 +159,8 @@ fill_default_server_options(ServerOptions *options) options->xauth_location = _PATH_XAUTH; if (options->strict_modes == -1) options->strict_modes = 1; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->log_facility == SYSLOG_FACILITY_NOT_SET) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) @@ -254,7 +254,7 @@ typedef enum { sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sKeepAlives, + sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, @@ -334,7 +334,8 @@ static struct { { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, - { "keepalive", sKeepAlives }, + { "tcpkeepalive", sTCPKeepAlive }, + { "keepalive", sTCPKeepAlive }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -677,8 +678,8 @@ parse_flag: intptr = &options->strict_modes; goto parse_flag; - case sKeepAlives: - intptr = &options->keepalives; + case sTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case sEmptyPasswd: diff --git a/servconf.h b/servconf.h index 828e94c5c..3cf47bf2f 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.66 2003/12/09 21:53:37 markus Exp $ */ /* * Author: Tatu Ylonen @@ -58,7 +58,7 @@ typedef struct { int x11_use_localhost; /* If true, use localhost for fake X11 server. */ char *xauth_location; /* Location of xauth program */ int strict_modes; /* If true, require string home dir modes. */ - int keepalives; /* If true, set SO_KEEPALIVE. */ + int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ int protocol; /* Supported protocol versions. */ diff --git a/sftp.1 b/sftp.1 index 00253037d..91a288dfc 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $ +.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -173,6 +172,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/ssh.1 b/ssh.1 index 25de869ad..33521268b 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $ +.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -634,7 +634,6 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile -.It KeepAlive .It LocalForward .It LogLevel .It MACs @@ -651,6 +650,7 @@ For full details of the options listed below, and their possible values, see .It RSAAuthentication .It SmartcardDevice .It StrictHostKeyChecking +.It TCPKeepAlive .It UsePrivilegedPort .It User .It UserKnownHostsFile diff --git a/ssh_config.5 b/ssh_config.5 index 8857073a5..3aafa4e7d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.25 2003/11/12 20:14:51 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.26 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -408,23 +408,6 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -.Pp -The default is -.Dq yes -(to send keepalives), and the client will notice -if the network goes down or the remote host dies. -This is important in scripts, and many users want it too. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. @@ -613,6 +596,23 @@ or .Dq ask . The default is .Dq ask . +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the client will notice +if the network goes down or the remote host dies. +This is important in scripts, and many users want it too. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be diff --git a/sshconnect.c b/sshconnect.c index 3d6cc375a..80b45c79e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $"); #include @@ -415,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Connection established."); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); diff --git a/sshd.c b/sshd.c index 50856317a..ab029b00f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.283 2003/12/09 17:29:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $"); #include #include @@ -1398,8 +1398,8 @@ main(int ac, char **av) signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); diff --git a/sshd_config.5 b/sshd_config.5 index 06a197b76..ad3cf76df 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent, will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from -.Cm KeepAlive +.Cm TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by -.Cm KeepAlive +.Cm TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. @@ -292,27 +292,6 @@ or .Cm HostbasedAuthentication . The default is .Dq no . -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -On the other hand, if keepalives are not sent, -sessions may hang indefinitely on the server, leaving -.Dq ghost -users and consuming server resources. -.Pp -The default is -.Dq yes -(to send keepalives), and the server will notice -if the network goes down or the client host crashes. -This avoids infinitely hanging sessions. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +On the other hand, if TCP keepalives are not sent, +sessions may hang indefinitely on the server, leaving +.Dq ghost +users and consuming server resources. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the server will notice +if the network goes down or the client host crashes. +This avoids infinitely hanging sessions. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UseDNS Specifies whether .Nm sshd -- cgit v1.2.3 From f6723f08e0b54e00f988f58ff0f1d4d8575ee7bd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 27 Jan 2004 21:21:27 +1100 Subject: - djm@cvs.openbsd.org 2004/01/25 03:49:09 [sshconnect.c] reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) from jclonguet AT free.fr; ok millert@ --- ChangeLog | 6 +++++- sshconnect.c | 11 ++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index 90c575141..de87d774b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ [cipher.c] rename acss@opebsd.org to acss@openssh.org ok deraadt@ + - djm@cvs.openbsd.org 2004/01/25 03:49:09 + [sshconnect.c] + reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785) + from jclonguet AT free.fr; ok millert@ - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS if libcrypto lacks it @@ -1754,4 +1758,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3195 2004/01/27 10:20:59 djm Exp $ +$Id: ChangeLog,v 1.3196 2004/01/27 10:21:27 djm Exp $ diff --git a/sshconnect.c b/sshconnect.c index 80b45c79e..dfeddd39e 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.156 2004/01/25 03:49:09 djm Exp $"); #include @@ -231,12 +231,12 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, if (timeout <= 0) return (connect(sockfd, serv_addr, addrlen)); - if (fcntl(sockfd, F_SETFL, O_NONBLOCK) < 0) - return (-1); - + set_nonblock(sockfd); rc = connect(sockfd, serv_addr, addrlen); - if (rc == 0) + if (rc == 0) { + unset_nonblock(sockfd); return (0); + } if (errno != EINPROGRESS) return (-1); @@ -277,6 +277,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, break; } result = 0; + unset_nonblock(sockfd); break; default: /* Should not occur */ -- cgit v1.2.3