From 596273516c67cfded71acee848de6db4daa41a1a Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 27 Jun 2002 18:02:21 +0000 Subject: - (bal) Cygwin uid0 fix by vinschen@redhat.com --- sshd.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 851fad4be..d2524c4bc 100644 --- a/sshd.c +++ b/sshd.c @@ -1035,7 +1035,14 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + +#ifdef HAVE_CYGWIN + if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && + (st.st_uid != getuid () || + (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) +#else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) +#endif fatal("Bad owner or mode for %s", _PATH_PRIVSEP_CHROOT_DIR); } -- cgit v1.2.3 From fbbfa8422f8317bcac829e1673dced62f49d59ba Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 4 Jul 2002 00:10:34 +0000 Subject: - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 [sshd.c] range check -u option at invocation --- ChangeLog | 5 ++++- sshd.c | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 4b093dae7..cad81cab6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,9 @@ - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 [monitor_wrap.c] use ssize_t + - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 + [sshd.c] + range check -u option at invocation 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & @@ -1232,4 +1235,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2321 2002/07/04 00:09:26 mouring Exp $ +$Id: ChangeLog,v 1.2322 2002/07/04 00:10:34 mouring Exp $ diff --git a/sshd.c b/sshd.c index d2524c4bc..21db6d5cf 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.252 2002/06/28 10:08:25 deraadt Exp $"); #include #include @@ -906,6 +906,8 @@ main(int ac, char **av) break; case 'u': utmp_len = atoi(optarg); + if (utmp_len < 0 || utmp_len > MAXHOSTNAMELEN) + usage(); break; case 'o': if (process_server_config_line(&options, optarg, -- cgit v1.2.3 From 810af968b8c36cb5fb960483d051ba0c7805296a Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 4 Jul 2002 00:11:40 +0000 Subject: - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 [sshd.c] gidset[2] -> gidset[1]; markus ok --- ChangeLog | 5 ++++- sshd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index cad81cab6..089a532ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 [sshd.c] range check -u option at invocation + - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 + [sshd.c] + gidset[2] -> gidset[1]; markus ok 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & @@ -1235,4 +1238,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2322 2002/07/04 00:10:34 mouring Exp $ +$Id: ChangeLog,v 1.2323 2002/07/04 00:11:40 mouring Exp $ diff --git a/sshd.c b/sshd.c index 21db6d5cf..c371e55ca 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.252 2002/06/28 10:08:25 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.253 2002/06/28 23:05:06 deraadt Exp $"); #include #include @@ -530,7 +530,7 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; - gid_t gidset[2]; + gid_t gidset[1]; struct passwd *pw; int i; -- cgit v1.2.3 From 5a9d0eaba699968ae29bf560e4546d09edcb440d Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 4 Jul 2002 00:12:53 +0000 Subject: - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 [auth2.c session.c sshd.c] lint asks that we use names that do not overlap --- ChangeLog | 5 ++++- auth2.c | 8 ++++---- session.c | 12 ++++++------ sshd.c | 24 ++++++++++++------------ 4 files changed, 26 insertions(+), 23 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 089a532ed..897fe8889 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 [sshd.c] gidset[2] -> gidset[1]; markus ok + - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 + [auth2.c session.c sshd.c] + lint asks that we use names that do not overlap 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & @@ -1238,4 +1241,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2323 2002/07/04 00:11:40 mouring Exp $ +$Id: ChangeLog,v 1.2324 2002/07/04 00:12:53 mouring Exp $ diff --git a/auth2.c b/auth2.c index 6dfd91f74..eea381d95 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.94 2002/06/30 21:54:16 deraadt Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -102,7 +102,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; u_int len; - int accept = 0; + int acceptit = 0; char *service = packet_get_string(&len); packet_check_eom(); @@ -111,14 +111,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt) if (strcmp(service, "ssh-userauth") == 0) { if (!authctxt->success) { - accept = 1; + acceptit = 1; /* now we can handle user-auth requests */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); } } /* XXX all other service requests are denied */ - if (accept) { + if (acceptit) { packet_start(SSH2_MSG_SERVICE_ACCEPT); packet_put_cstring(service); packet_send(); diff --git a/session.c b/session.c index 747a00afa..19b22c2aa 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.143 2002/06/30 21:54:16 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -992,13 +992,13 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { while (custom_environment) { struct envstring *ce = custom_environment; - char *s = ce->s; + char *str = ce->s; - for (i = 0; s[i] != '=' && s[i]; i++) + for (i = 0; str[i] != '=' && str[i]; i++) ; - if (s[i] == '=') { - s[i] = 0; - child_set_env(&env, &envsize, s, s + i + 1); + if (str[i] == '=') { + str[i] = 0; + child_set_env(&env, &envsize, str, str + i + 1); } custom_environment = ce->next; xfree(ce->s); diff --git a/sshd.c b/sshd.c index c371e55ca..765dac99c 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.253 2002/06/28 23:05:06 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.254 2002/06/30 21:54:16 deraadt Exp $"); #include #include @@ -320,7 +320,7 @@ grace_alarm_handler(int sig) static void generate_ephemeral_server_key(void) { - u_int32_t rand = 0; + u_int32_t rnd = 0; int i; verbose("Generating %s%d bit RSA key.", @@ -333,9 +333,9 @@ generate_ephemeral_server_key(void) for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { if (i % 4 == 0) - rand = arc4random(); - sensitive_data.ssh1_cookie[i] = rand & 0xff; - rand >>= 8; + rnd = arc4random(); + sensitive_data.ssh1_cookie[i] = rnd & 0xff; + rnd >>= 8; } arc4random_stir(); } @@ -529,7 +529,7 @@ demote_sensitive_data(void) static void privsep_preauth_child(void) { - u_int32_t rand[256]; + u_int32_t rnd[256]; gid_t gidset[1]; struct passwd *pw; int i; @@ -538,8 +538,8 @@ privsep_preauth_child(void) privsep_challenge_enable(); for (i = 0; i < 256; i++) - rand[i] = arc4random(); - RAND_seed(rand, sizeof(rand)); + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -1600,7 +1600,7 @@ do_ssh1_kex(void) u_char session_key[SSH_SESSION_KEY_LENGTH]; u_char cookie[8]; u_int cipher_type, auth_mask, protocol_flags; - u_int32_t rand = 0; + u_int32_t rnd = 0; /* * Generate check bytes that the client must send back in the user @@ -1613,9 +1613,9 @@ do_ssh1_kex(void) */ for (i = 0; i < 8; i++) { if (i % 4 == 0) - rand = arc4random(); - cookie[i] = rand & 0xff; - rand >>= 8; + rnd = arc4random(); + cookie[i] = rnd & 0xff; + rnd >>= 8; } /* -- cgit v1.2.3 From a962c2fb35b909a361b3ce0f9eaa670b72e15ece Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 4 Jul 2002 00:14:17 +0000 Subject: - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c sshconnect2.c sshd.c] minor KNF --- ChangeLog | 7 ++++++- auth-bsdauth.c | 4 ++-- auth-skey.c | 4 ++-- auth2-chall.c | 4 ++-- clientloop.c | 8 ++++---- key.c | 14 +++++++------- monitor_wrap.c | 6 +++--- monitor_wrap.h | 4 ++-- scard.h | 6 +++--- session.h | 4 ++-- sftp-glob.c | 10 +++++----- ssh.c | 7 ++++--- sshconnect2.c | 4 ++-- sshd.c | 9 +++++---- 14 files changed, 49 insertions(+), 42 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 897fe8889..6d4be3bb7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,11 @@ - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 [auth2.c session.c sshd.c] lint asks that we use names that do not overlap + - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 + [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c + monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c + sshconnect2.c sshd.c] + minor KNF 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & @@ -1241,4 +1246,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2324 2002/07/04 00:12:53 mouring Exp $ +$Id: ChangeLog,v 1.2325 2002/07/04 00:14:17 mouring Exp $ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 4f1b452b7..2ac27a7a2 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" @@ -69,7 +69,7 @@ bsdauth_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); + *prompts = xmalloc(*numprompts * sizeof(char *)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; (*prompts)[0] = xstrdup(challenge); diff --git a/auth-skey.c b/auth-skey.c index eb13c5cc5..f9ea03fd1 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); #ifdef SKEY @@ -53,7 +53,7 @@ skey_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); + *prompts = xmalloc(*numprompts * sizeof(char *)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; diff --git a/auth2-chall.c b/auth2-chall.c index e1440f47d..0d1709307 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); #include "ssh2.h" #include "auth.h" @@ -263,7 +263,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) if (nresp > 100) fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { - response = xmalloc(nresp * sizeof(char*)); + response = xmalloc(nresp * sizeof(char *)); for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } diff --git a/clientloop.c b/clientloop.c index cd2eab77a..a3950ab68 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.103 2002/06/30 21:59:45 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1114,7 +1114,7 @@ client_input_exit_status(int type, u_int32_t seq, void *ctxt) static Channel * client_request_forwarded_tcpip(const char *request_type, int rchan) { - Channel* c = NULL; + Channel *c = NULL; char *listen_address, *originator_address; int listen_port, originator_port; int sock; @@ -1144,7 +1144,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) return c; } -static Channel* +static Channel * client_request_x11(const char *request_type, int rchan) { Channel *c = NULL; @@ -1180,7 +1180,7 @@ client_request_x11(const char *request_type, int rchan) return c; } -static Channel* +static Channel * client_request_agent(const char *request_type, int rchan) { Channel *c = NULL; diff --git a/key.c b/key.c index fb1f8410a..718cd16c0 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); +RCSID("$OpenBSD: key.c,v 1.46 2002/06/30 21:59:45 deraadt Exp $"); #include @@ -171,7 +171,7 @@ key_equal(Key *a, Key *b) return 0; } -static u_char* +static u_char * key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) { const EVP_MD *md = NULL; @@ -227,8 +227,8 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) return retval; } -static char* -key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) +static char * +key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) { char *retval; int i; @@ -244,8 +244,8 @@ key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) return retval; } -static char* -key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) +static char * +key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) { char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', @@ -291,7 +291,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) return retval; } -char* +char * key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { char *retval = NULL; diff --git a/monitor_wrap.c b/monitor_wrap.c index 00f6c610e..eb4453fc4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.13 2002/06/28 01:50:37 deraadt Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.14 2002/06/30 21:59:45 deraadt Exp $"); #include #include @@ -207,7 +207,7 @@ mm_getpwnamallow(const char *login) return (pw); } -char* mm_auth2_read_banner(void) +char *mm_auth2_read_banner(void) { Buffer m; char *banner; @@ -705,7 +705,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); + *prompts = xmalloc(*numprompts * sizeof(char *)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; } diff --git a/monitor_wrap.h b/monitor_wrap.h index ce721247b..f97862b5b 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.5 2002/05/12 23:53:45 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.6 2002/06/30 21:59:45 deraadt Exp $ */ /* * Copyright 2002 Niels Provos @@ -44,7 +44,7 @@ DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); -char* mm_auth2_read_banner(void); +char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); int mm_key_allowed(enum mm_keytype, char *, char *, Key *); int mm_user_key_allowed(struct passwd *, Key *); diff --git a/scard.h b/scard.h index c0aa9ed30..00999cb09 100644 --- a/scard.h +++ b/scard.h @@ -1,4 +1,4 @@ -/* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */ +/* $OpenBSD: scard.h,v 1.11 2002/06/30 21:59:45 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -33,8 +33,8 @@ #define SCARD_ERROR_NOCARD -2 #define SCARD_ERROR_APPLET -3 -Key **sc_get_keys(const char*, const char*); +Key **sc_get_keys(const char *, const char *); void sc_close(void); -int sc_put_key(Key *, const char*); +int sc_put_key(Key *, const char *); #endif diff --git a/session.h b/session.h index 3bce97891..d3ddfab75 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ +/* $OpenBSD: session.h,v 1.19 2002/06/30 21:59:45 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -57,7 +57,7 @@ struct Session { void do_authenticated(Authctxt *); -int session_open(Authctxt*, int); +int session_open(Authctxt *, int); int session_input_channel_req(Channel *, const char *); void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); diff --git a/sftp-glob.c b/sftp-glob.c index 1234074c4..2deb0eb49 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-glob.c,v 1.10 2002/02/13 00:59:23 djm Exp $"); +RCSID("$OpenBSD: sftp-glob.c,v 1.11 2002/06/30 21:59:45 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -51,12 +51,12 @@ fudge_opendir(const char *path) r = xmalloc(sizeof(*r)); - if (do_readdir(cur.conn, (char*)path, &r->dir)) + if (do_readdir(cur.conn, (char *)path, &r->dir)) return(NULL); r->offset = 0; - return((void*)r); + return((void *)r); } static struct dirent * @@ -129,7 +129,7 @@ fudge_lstat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_lstat(cur.conn, (char*)path, 0))) + if (!(a = do_lstat(cur.conn, (char *)path, 0))) return(-1); attrib_to_stat(a, st); @@ -142,7 +142,7 @@ fudge_stat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_stat(cur.conn, (char*)path, 0))) + if (!(a = do_stat(cur.conn, (char *)path, 0))) return(-1); attrib_to_stat(a, st); diff --git a/ssh.c b/ssh.c index 24ee54142..67d297c0a 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.179 2002/06/12 01:09:52 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.180 2002/06/30 21:59:45 deraadt Exp $"); #include #include @@ -552,7 +552,7 @@ again: if (buffer_len(&command) == 0) tty_flag = 1; - /* Force no tty*/ + /* Force no tty */ if (no_tty_flag) tty_flag = 0; /* Do not allocate a tty if stdin is not a tty. */ @@ -637,7 +637,8 @@ again: if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); + sensitive_data.keys = xmalloc(sensitive_data.nkeys * + sizeof(Key)); PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, diff --git a/sshconnect2.c b/sshconnect2.c index 215f76ca2..d396c77c6 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.106 2002/06/30 21:59:45 deraadt Exp $"); #include "ssh.h" #include "ssh2.h" @@ -422,7 +422,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) clear_auth_state(authctxt); dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); - /* try another method if we did not send a packet*/ + /* try another method if we did not send a packet */ if (sent == 0) userauth(authctxt, NULL); diff --git a/sshd.c b/sshd.c index 765dac99c..5e5fc4716 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.254 2002/06/30 21:54:16 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.255 2002/06/30 21:59:45 deraadt Exp $"); #include #include @@ -550,7 +550,7 @@ privsep_preauth_child(void) memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); endpwent(); - /* Change our root directory*/ + /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); @@ -573,7 +573,7 @@ privsep_preauth_child(void) #endif } -static Authctxt* +static Authctxt * privsep_preauth(void) { Authctxt *authctxt = NULL; @@ -958,7 +958,8 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_VERSION); /* load private host keys */ - sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*)); + sensitive_data.host_keys = xmalloc(options.num_host_key_files * + sizeof(Key *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; sensitive_data.server_key = NULL; -- cgit v1.2.3 From 9dd30817ef4314bd2fdc688c0d40fd6ca7208acc Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 7 Jul 2002 13:43:36 -0700 Subject: [acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ --- ChangeLog | 4 +++- acconfig.h | 6 +++--- configure.ac | 8 ++++---- sshd.c | 2 +- 4 files changed, 11 insertions(+), 9 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index d94a6e342..10dc20a1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20020707 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) + - (tim) [acconfig.h configure.ac sshd.c] + s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ 20020705 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. @@ -1283,4 +1285,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2338 2002/07/07 20:30:45 tim Exp $ +$Id: ChangeLog,v 1.2339 2002/07/07 20:43:36 tim Exp $ diff --git a/acconfig.h b/acconfig.h index 3e51d6112..d809d059d 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ +/* $Id: acconfig.h,v 1.142 2002/07/07 20:43:36 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -358,8 +358,8 @@ /* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ #undef HAVE_MMAP_ANON_SHARED -/* Define if sendmsg()/recvmsg() has problems passing file descriptors */ -#undef BROKEN_FD_PASSING +/* Define if your platform needs to skip post auth file descriptor passing */ +#undef DISABLE_FD_PASSING @BOTTOM@ diff --git a/configure.ac b/configure.ac index 4b48be389..0f5ab9187 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.74 2002/07/05 14:12:34 tim Exp $ +# $Id: configure.ac,v 1.75 2002/07/07 20:43:36 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -91,7 +91,7 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(BROKEN_FD_PASSING) + AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) @@ -272,7 +272,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_FD_PASSING) + AC_DEFINE(DISABLE_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; @@ -280,7 +280,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) - AC_DEFINE(BROKEN_FD_PASSING) + AC_DEFINE(DISABLE_FD_PASSING) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" LIBS="$LIBS -lgen -lrsc" ;; diff --git a/sshd.c b/sshd.c index 5e5fc4716..c04f55f4b 100644 --- a/sshd.c +++ b/sshd.c @@ -624,7 +624,7 @@ privsep_postauth(Authctxt *authctxt) /* XXX - Remote port forwarding */ x_authctxt = authctxt; -#ifdef BROKEN_FD_PASSING +#ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 || options.use_login) { -- cgit v1.2.3 From 232ccf775459210ee79873d4411328bff6b8d66a Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 22 Jul 2002 23:34:25 +0000 Subject: - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. --- ChangeLog | 4 +++- configure.ac | 15 ++++++++++++--- defines.h | 10 +++++----- loginrec.c | 6 +++--- sshd.c | 2 +- sshpty.c | 4 ++-- 6 files changed, 26 insertions(+), 15 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 24796c4a2..4199bd21b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20020722 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk - (stevesk) [xmmap.c] missing prototype for fatal() + - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync + with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. 20020721 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's @@ -1412,4 +1414,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2388 2002/07/22 16:20:29 stevesk Exp $ +$Id: ChangeLog,v 1.2389 2002/07/22 23:34:25 mouring Exp $ diff --git a/configure.ac b/configure.ac index c055c578b..c8aa7e184 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.82 2002/07/19 19:41:11 tim Exp $ +# $Id: configure.ac,v 1.83 2002/07/22 23:34:25 mouring Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -279,13 +279,22 @@ mips-sony-bsd|mips-sony-newsos4) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; +*-*-unicosmk*) + no_libsocket=1 + no_libnsl=1 + AC_DEFINE(USE_PIPES) + AC_DEFINE(DISABLE_FD_PASSING) + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat *-*-unicos*) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" - LIBS="$LIBS -lgen -lrsc" + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat ;; *-dec-osf*) AC_MSG_CHECKING(for Digital Unix SIA) diff --git a/defines.h b/defines.h index d8e9c757a..57d416143 100644 --- a/defines.h +++ b/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.93 2002/07/18 16:31:52 tim Exp $ */ +/* $Id: defines.h,v 1.94 2002/07/22 23:34:25 mouring Exp $ */ /* Constants */ @@ -124,7 +124,7 @@ typedef char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# ifdef _CRAY +# if defined(_CRAY) && !defined(_CRAYSV2) # if (SIZEOF_SHORT_INT == 4) typedef short int16_t; # else @@ -137,7 +137,7 @@ typedef long int16_t; # if (SIZEOF_INT == 4) typedef int int32_t; # else -# ifdef _CRAY +# if defined(_CRAY) && !defined(_CRAYSV2) typedef long int32_t; # else # error "32 bit int type not found." @@ -161,7 +161,7 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# ifdef _CRAY +# if defined(_CRAY) && !defined(_CRAYSV2) # if (SIZEOF_SHORT_INT == 4) typedef unsigned short u_int16_t; # else @@ -174,7 +174,7 @@ typedef unsigned long u_int16_t; # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# ifdef _CRAY +# if defined(_CRAY) && !defined(_CRAYSV2) typedef unsigned long u_int32_t; # else # error "32 bit int type not found." diff --git a/loginrec.c b/loginrec.c index df4abeb79..6dc608a4e 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.42 2002/07/14 22:50:51 tim Exp $"); +RCSID("$Id: loginrec.c,v 1.43 2002/07/22 23:34:25 mouring Exp $"); #ifdef HAVE_UTIL_H # include @@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#ifdef _CRAY +#if defined(_CRAY) && !defined(_CRAYSV2) cray_set_tmpdir(ut); #endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#ifdef _CRAY +#if defined(_CRAY) && !defined(_CRAYSV2) cray_retain_utmp(ut, li->pid); #endif break; diff --git a/sshd.c b/sshd.c index c04f55f4b..8f9d3c392 100644 --- a/sshd.c +++ b/sshd.c @@ -934,7 +934,7 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); -#ifdef _CRAY +#if defined(_CRAY) && !defined(_CRAYSV2) /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! */ diff --git a/sshpty.c b/sshpty.c index 64ac4e599..e3027ca2e 100644 --- a/sshpty.c +++ b/sshpty.c @@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } return 1; #else /* HAVE_DEV_PTS_AND_PTC */ -#ifdef _CRAY +#if defined(_CRAY) && !defined(_CRAYSV2) char buf[64]; int i; int highpty; @@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void *old; #endif /* USE_VHANGUP */ -#ifdef _CRAY +#if defined(_CRAY) && !defined(_CRAYSV2) if (setsid() < 0) error("setsid: %.100s", strerror(errno)); -- cgit v1.2.3 From 264ee307a8fd171dbb44121ec05b83f4143408cf Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 23 Jul 2002 21:01:56 +0000 Subject: - markus@cvs.openbsd.org 2002/07/19 15:43:33 [log.c log.h session.c sshd.c] remove fatal cleanups after fork; based on discussions with and code from solar. --- ChangeLog | 7 ++++++- log.c | 14 +++++++++++++- log.h | 3 ++- session.c | 5 ++++- sshd.c | 13 +++++++++---- 5 files changed, 34 insertions(+), 8 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 01b30968c..3b92fd015 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 20020723 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. + - (bal) OpenBSD Sync + - markus@cvs.openbsd.org 2002/07/19 15:43:33 + [log.c log.h session.c sshd.c] + remove fatal cleanups after fork; based on discussions with and code + from solar. 20020722 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk @@ -1423,4 +1428,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2394 2002/07/23 21:00:17 mouring Exp $ +$Id: ChangeLog,v 1.2395 2002/07/23 21:01:56 mouring Exp $ diff --git a/log.c b/log.c index 8c09ec1b2..96626d7d4 100644 --- a/log.c +++ b/log.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.23 2002/07/06 01:00:49 deraadt Exp $"); +RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); #include "log.h" #include "xmalloc.h" @@ -223,6 +223,18 @@ fatal_remove_cleanup(void (*proc) (void *context), void *context) (u_long) proc, (u_long) context); } +/* Remove all cleanups, to be called after fork() */ +void +fatal_remove_all_cleanups(void) +{ + struct fatal_cleanup *cu, *next_cu; + + for (cu = fatal_cleanups; cu; cu = next_cu) { + next_cu = cu->next; + xfree(cu); + } +} + /* Cleanup and exit */ void fatal_cleanup(void) diff --git a/log.h b/log.h index 3e4c3c3a7..917fafa69 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.7 2002/05/19 20:54:52 deraadt Exp $ */ +/* $OpenBSD: log.h,v 1.8 2002/07/19 15:43:33 markus Exp $ */ /* * Author: Tatu Ylonen @@ -64,6 +64,7 @@ void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); void fatal_cleanup(void); void fatal_add_cleanup(void (*) (void *), void *); void fatal_remove_cleanup(void (*) (void *), void *); +void fatal_remove_all_cleanups(void); void do_log(LogLevel, const char *, va_list); diff --git a/session.c b/session.c index 3c759e472..38388d43a 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.143 2002/06/30 21:54:16 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.144 2002/07/19 15:43:33 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -470,6 +470,8 @@ do_exec_no_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { + fatal_remove_all_cleanups(); + /* Child. Reinitialize the log since the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -585,6 +587,7 @@ do_exec_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { + fatal_remove_all_cleanups(); /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); diff --git a/sshd.c b/sshd.c index 8f9d3c392..427ca3545 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.255 2002/06/30 21:59:45 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.256 2002/07/19 15:43:33 markus Exp $"); #include #include @@ -303,9 +303,6 @@ grace_alarm_handler(int sig) { /* XXX no idea how fix this signal handler */ - /* Close the connection. */ - packet_close(); - /* Log error and exit. */ fatal("Timeout before authentication for %s.", get_remote_ipaddr()); } @@ -589,6 +586,8 @@ privsep_preauth(void) if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { + fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); + debug2("Network child is on pid %ld", (long)pid); close(pmonitor->m_recvfd); @@ -602,6 +601,10 @@ privsep_preauth(void) while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; + + /* Reinstall, since the child has finished */ + fatal_add_cleanup((void (*) (void *)) packet_close, NULL); + return (authctxt); } else { /* child */ @@ -649,6 +652,8 @@ privsep_postauth(Authctxt *authctxt) if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { + fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); + debug2("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); monitor_child_postauth(pmonitor); -- cgit v1.2.3 From 41daec7538e7887dc540fdd56afbd21e3c42133e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 23 Jul 2002 21:15:13 +0000 Subject: - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 [sshd.c] utmp_len is unsigned; display error consistent with other options. ok markus@ --- ChangeLog | 6 +++++- sshd.c | 8 +++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 8a444a70c..0760974eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,10 @@ - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 [monitor.c] u_int here; ok provos@ + - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 + [sshd.c] + utmp_len is unsigned; display error consistent with other options. + ok markus@ 20020722 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk @@ -1445,4 +1449,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2401 2002/07/23 21:13:40 mouring Exp $ +$Id: ChangeLog,v 1.2402 2002/07/23 21:15:13 mouring Exp $ diff --git a/sshd.c b/sshd.c index 427ca3545..55c57e195 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.256 2002/07/19 15:43:33 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.257 2002/07/23 16:03:10 stevesk Exp $"); #include #include @@ -911,8 +911,10 @@ main(int ac, char **av) break; case 'u': utmp_len = atoi(optarg); - if (utmp_len < 0 || utmp_len > MAXHOSTNAMELEN) - usage(); + if (utmp_len > MAXHOSTNAMELEN) { + fprintf(stderr, "Invalid utmp length.\n"); + exit(1); + } break; case 'o': if (process_server_config_line(&options, optarg, -- cgit v1.2.3 From e1383cee9d671906424797c084940b2d382f2813 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 19 Sep 2002 11:49:37 +1000 Subject: - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 [channels.c sshconnect.c sshd.c] remove use of SO_LINGER, it should not be needed. error check SO_REUSEADDR. fixup comments. ok markus@ --- ChangeLog | 6 +++++- channels.c | 15 +++++++-------- sshconnect.c | 12 +----------- sshd.c | 28 ++++++---------------------- 4 files changed, 19 insertions(+), 42 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 43c701af3..b0b40b288 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 [session.c ssh.1] add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ + - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 + [channels.c sshconnect.c sshd.c] + remove use of SO_LINGER, it should not be needed. error check + SO_REUSEADDR. fixup comments. ok markus@ 20020912 - (djm) Made GNOME askpass programs return non-zero if cancel button is @@ -656,4 +660,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2465 2002/09/19 01:47:55 djm Exp $ +$Id: ChangeLog,v 1.2466 2002/09/19 01:49:37 djm Exp $ diff --git a/channels.c b/channels.c index 0ae37b6d8..cf1a6462b 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.181 2002/09/09 14:54:14 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.182 2002/09/13 19:23:09 stevesk Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2022,7 +2022,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por struct addrinfo hints, *ai, *aitop; const char *host; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - struct linger linger; success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? @@ -2065,13 +2064,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* - * Set socket options. We would like the socket to disappear - * as soon as it has been closed for whatever reason. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, + sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + debug("Local forwarding listening on %s port %s.", ntop, strport); /* Bind the socket to the address. */ diff --git a/sshconnect.c b/sshconnect.c index 6004bf5e4..0cb824852 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.133 2002/07/29 18:57:30 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.134 2002/09/13 19:23:09 stevesk Exp $"); #include @@ -229,7 +229,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, int sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo hints, *ai, *aitop; - struct linger linger; struct servent *sp; /* * Did we get only other errors than "Connection refused" (which @@ -330,15 +329,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Connection established."); - /* - * Set socket options. We would like the socket to disappear as soon - * as it has been closed for whatever reason. - */ - /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); - /* Set keepalives if requested. */ if (options.keepalives && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, diff --git a/sshd.c b/sshd.c index 55c57e195..17f001669 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.257 2002/07/23 16:03:10 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.258 2002/09/13 19:23:09 stevesk Exp $"); #include #include @@ -806,7 +806,6 @@ main(int ac, char **av) const char *remote_ip; int remote_port; FILE *f; - struct linger linger; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; int listen_sock, maxfd; @@ -1152,17 +1151,12 @@ main(int ac, char **av) continue; } /* - * Set socket options. We try to make the port - * reusable and have it close as fast as possible - * without waiting in unnecessary wait states on - * close. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, - &linger, sizeof(linger)); + if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, + &on, sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); debug("Bind to port %s on %s.", strport, ntop); @@ -1411,16 +1405,6 @@ main(int ac, char **av) signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); - /* - * Set socket options for the connection. We want the socket to - * close as fast as possible without waiting for anything. If the - * connection is not a socket, these will do nothing. - */ - /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); - /* Set keepalives if requested. */ if (options.keepalives && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, -- cgit v1.2.3 From 81ed518b9b888502cc57b23c02c47634ca508748 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 25 Sep 2002 17:38:46 -0700 Subject: Cray fixes (bug 367) based on patch from Wendy Palm @ cray. This does not include the deattack.c fixes. --- ChangeLog | 4 +++- acconfig.h | 5 ++++- auth1.c | 9 +++++++++ auth2.c | 11 +++++++++++ configure.ac | 7 ++++--- defines.h | 14 +++++++------- includes.h | 8 ++++++++ loginrec.c | 6 +++--- openbsd-compat/bsd-cray.c | 4 ++-- openbsd-compat/bsd-cray.h | 4 ++-- serverloop.c | 2 ++ session.c | 27 ++++++++++++++++++++++++++- sshd.c | 2 +- sshpty.c | 8 ++++---- 14 files changed, 86 insertions(+), 25 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index a42c010af..24074d183 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20020925 - (bal) Fix issue where successfull login does not clear failure counts in AIX. Patch by dtucker@zip.com.au ok by djm + - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. + This does not include the deattack.c fixes. 20020923 - (djm) OpenBSD CVS Sync @@ -719,4 +721,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2481 2002/09/25 23:14:14 mouring Exp $ +$Id: ChangeLog,v 1.2482 2002/09/26 00:38:46 tim Exp $ diff --git a/acconfig.h b/acconfig.h index f8fc650d7..3e058f3ea 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.144 2002/07/14 20:36:50 tim Exp $ */ +/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -150,6 +150,9 @@ /* Define if you don't want to use lastlog */ #undef DISABLE_LASTLOG +/* Define if you don't want to use lastlog in session.c */ +#undef NO_SSH_LASTLOG + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP diff --git a/auth1.c b/auth1.c index 4d2b92a22..676c8a667 100644 --- a/auth1.c +++ b/auth1.c @@ -304,6 +304,15 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); +#ifdef _UNICOS + if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) + cray_login_failure(authctxt->user, IA_UDBERR); + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + #ifdef HAVE_CYGWIN if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { diff --git a/auth2.c b/auth2.c index 1cb9769ff..17c58552a 100644 --- a/auth2.c +++ b/auth2.c @@ -216,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #endif /* USE_PAM */ +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); @@ -235,6 +242,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +#ifdef _UNICOS + if (strcmp(method, "password") == 0) + cray_login_failure(authctxt->user, IA_UDBERR); +#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/configure.ac b/configure.ac index f88d993e6..5fe50e56b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.88 2002/09/23 23:54:12 tim Exp $ +# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -303,6 +303,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(NO_SSH_LASTLOG) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" MANTYPE=cat @@ -376,14 +377,14 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ sys/mman.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h \ - sys/un.h time.h ttyent.h usersec.h \ + sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) # Checks for libraries. diff --git a/defines.h b/defines.h index 42b12e9a4..ab19a077c 100644 --- a/defines.h +++ b/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.95 2002/08/21 02:54:12 mouring Exp $ */ +/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ /* Constants */ @@ -124,7 +124,7 @@ typedef char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef short int16_t; # else @@ -132,16 +132,16 @@ typedef long int16_t; # endif # else # error "16 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif # if (SIZEOF_INT == 4) typedef int int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef long int32_t; # else # error "32 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif #endif @@ -161,7 +161,7 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef unsigned short u_int16_t; # else @@ -174,7 +174,7 @@ typedef unsigned long u_int16_t; # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef unsigned long u_int32_t; # else # error "32 bit int type not found." diff --git a/includes.h b/includes.h index f6aa2ae67..d7b875c52 100644 --- a/includes.h +++ b/includes.h @@ -149,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_IA_H +# include +#endif + +#ifdef HAVE_TMPDIR_H +# include +#endif + #include /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" diff --git a/loginrec.c b/loginrec.c index 6dc608a4e..02c3106a3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.43 2002/07/22 23:34:25 mouring Exp $"); +RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); #ifdef HAVE_UTIL_H # include @@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_set_tmpdir(ut); #endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_retain_utmp(ut, li->pid); #endif break; diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 8a14b0807..edb3112b3 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.7 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.c * @@ -34,7 +34,7 @@ * on UNICOS systems. * */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS #include #include diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 0b75b2268..8868b4364 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.4 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.h * @@ -37,7 +37,7 @@ #ifndef _BSD_CRAY_H #define _BSD_CRAY_H -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS void cray_init_job(struct passwd *); /* init cray job */ void cray_job_termination_handler(int); /* process end of job signal */ void cray_login_failure(char *username, int errcode); diff --git a/serverloop.c b/serverloop.c index 5112de680..58e20dfb9 100644 --- a/serverloop.c +++ b/serverloop.c @@ -144,7 +144,9 @@ sigchld_handler(int sig) int save_errno = errno; debug("Received SIGCHLD."); child_terminated = 1; +#ifndef _UNICOS mysignal(SIGCHLD, sigchld_handler); +#endif notify_parent(); errno = save_errno; } diff --git a/session.c b/session.c index 0ccd2006d..9074525a4 100644 --- a/session.c +++ b/session.c @@ -512,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command) perror("dup2 stderr"); #endif /* USE_PIPES */ +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -603,8 +610,12 @@ do_exec_pty(Session *s, const char *command) /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA - if (!(options.use_login && command == NULL)) + if (!(options.use_login && command == NULL)) { +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _UNICOS */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else do_pre_login(s); @@ -615,6 +626,9 @@ do_exec_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -755,6 +769,7 @@ do_login(Session *s, const char *command) printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ +#ifndef NO_SSH_LASTLOG if (options.print_lastlog && s->last_login_time != 0) { time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) @@ -765,6 +780,7 @@ do_login(Session *s, const char *command) printf("Last login: %s from %s\r\n", time_string, s->hostname); } +#endif /* NO_SSH_LASTLOG */ do_motd(); } @@ -1024,6 +1040,11 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); +#ifdef _UNICOS + if (cray_tmpdir[0] != '\0') + child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _UNICOS */ + #ifdef _AIX { char *cp; @@ -1275,6 +1296,10 @@ do_child(Session *s, const char *command) if (options.use_login && command != NULL) options.use_login = 0; +#ifdef _UNICOS + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _UNICOS */ + /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. diff --git a/sshd.c b/sshd.c index 17f001669..37026dc2e 100644 --- a/sshd.c +++ b/sshd.c @@ -940,7 +940,7 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! */ diff --git a/sshpty.c b/sshpty.c index e3027ca2e..28d0e310c 100644 --- a/sshpty.c +++ b/sshpty.c @@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } return 1; #else /* HAVE_DEV_PTS_AND_PTC */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS char buf[64]; int i; int highpty; @@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void *old; #endif /* USE_VHANGUP */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS if (setsid() < 0) error("setsid: %.100s", strerror(errno)); @@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) error("%.100s: %.100s", ttyname, strerror(errno)); close(*ttyfd); *ttyfd = fd; -#else /* _CRAY */ +#else /* _UNICOS */ /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY @@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) strerror(errno)); else close(fd); -#endif /* _CRAY */ +#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ -- cgit v1.2.3 From d27a76de65d557e36420046e44a014d3190f89cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 27 Sep 2002 13:22:31 +1000 Subject: - markus@cvs.openbsd.org 2002/09/25 15:19:02 [sshd.c] typo; pilot@monkey.org --- ChangeLog | 5 ++++- sshd.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index b5e3f2ed1..3f62f5740 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2002/09/25 11:17:16 [sshd_config] sync LoginGraceTime with default + - markus@cvs.openbsd.org 2002/09/25 15:19:02 + [sshd.c] + typo; pilot@monkey.org 20020925 - (bal) Fix issue where successfull login does not clear failure counts @@ -727,4 +730,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2483 2002/09/27 03:21:57 djm Exp $ +$Id: ChangeLog,v 1.2484 2002/09/27 03:22:31 djm Exp $ diff --git a/sshd.c b/sshd.c index 37026dc2e..986c71273 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.258 2002/09/13 19:23:09 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.259 2002/09/25 15:19:02 markus Exp $"); #include #include @@ -304,7 +304,7 @@ grace_alarm_handler(int sig) /* XXX no idea how fix this signal handler */ /* Log error and exit. */ - fatal("Timeout before authentication for %s.", get_remote_ipaddr()); + fatal("Timeout before authentication for %s", get_remote_ipaddr()); } /* -- cgit v1.2.3 From e9264973ad26e4ee2acebf01126e28a712cca2a8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 30 Sep 2002 11:59:21 +1000 Subject: - (djm) OpenBSD CVS Sync - mickey@cvs.openbsd.org 2002/09/27 10:42:09 [compat.c compat.h sshd.c] add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok --- ChangeLog | 10 ++++++++-- compat.c | 4 +++- compat.h | 3 ++- sshd.c | 8 +++++++- 4 files changed, 20 insertions(+), 5 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index efb44797a..d8adacccb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ 20020930 - - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, tweak README + - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, + tweak README + - (djm) OpenBSD CVS Sync + - mickey@cvs.openbsd.org 2002/09/27 10:42:09 + [compat.c compat.h sshd.c] + add a generic match for a prober, such as sie big brother; + idea from stevesk@; markus@ ok 20020927 - (djm) OpenBSD CVS Sync @@ -737,4 +743,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2486 2002/09/30 00:40:39 djm Exp $ +$Id: ChangeLog,v 1.2487 2002/09/30 01:59:21 djm Exp $ diff --git a/compat.c b/compat.c index e49aa0d2a..757b0e679 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.64 2002/09/19 14:53:14 stevesk Exp $"); +RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); #include "buffer.h" #include "packet.h" @@ -146,6 +146,8 @@ compat_datafellows(const char *version) "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, { "*SSH_Version_Mapper*", SSH_BUG_SCANNER }, + { "Probe-*", + SSH_BUG_PROBE }, { NULL, 0 } }; diff --git a/compat.h b/compat.h index 7afca0460..9299805af 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -54,6 +54,7 @@ #define SSH_BUG_DUMMYCHAN 0x00100000 #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_K5USER 0x00400000 +#define SSH_BUG_PROBE 0x00800000 void enable_compat13(void); void enable_compat20(void); diff --git a/sshd.c b/sshd.c index 986c71273..f8bd7ce54 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.259 2002/09/25 15:19:02 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); #include #include @@ -424,6 +424,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_PROBE) { + log("probed from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + if (datafellows & SSH_BUG_SCANNER) { log("scanned from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); -- cgit v1.2.3