From e14e005f41cf541017ab4e285f0b2ec23a21b7ff Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 13 May 2004 16:30:44 +1000 Subject: - djm@cvs.openbsd.org 2004/05/09 01:19:28 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@ --- sshd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 634284251..696978f00 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $"); #include #include @@ -60,7 +60,6 @@ RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); #include "rsa.h" #include "sshpty.h" #include "packet.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "uidswap.h" @@ -1689,9 +1688,10 @@ do_ssh1_kex(void) BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); - compute_session_id(session_id, cookie, - sensitive_data.ssh1_host_key->rsa->n, - sensitive_data.server_key->rsa->n); + derive_ssh1_session_id( + sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.server_key->rsa->n, + cookie, session_id); /* * Xor the first 16 bytes of the session key with the * session id. -- cgit v1.2.3 From 12984968fb4efab7974e245e2d8a263149d6ace7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 24 May 2004 13:37:13 +1000 Subject: - (dtucker) [sshd.c] Fix typo in comment. --- ChangeLog | 3 ++- sshd.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index bc6b40dae..fdf691674 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" is terminated if the privsep slave exits during keyboard-interactive authentication. ok djm@ + - (dtucker) [sshd.c] Fix typo in comment. 20040523 - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in @@ -1157,4 +1158,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3366 2004/05/24 01:55:36 dtucker Exp $ +$Id: ChangeLog,v 1.3367 2004/05/24 03:37:13 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 696978f00..332a189e8 100644 --- a/sshd.c +++ b/sshd.c @@ -935,7 +935,7 @@ main(int ac, char **av) unsetenv("KRB5CCNAME"); #endif /* _AIX */ #ifdef _UNICOS - /* Cray can define user privs drop all prives now! + /* Cray can define user privs drop all privs now! * Not needed on PRIV_SU systems! */ drop_cray_privs(); -- cgit v1.2.3 From f675fc4948b2ec2c9ff86bcdd58e00947f0e319b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 10:30:09 +1000 Subject: - djm@cvs.openbsd.org 2004/06/13 12:53:24 [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@ --- ChangeLog | 7 ++++++- dh.c | 28 ++++++++++++++++++++++++---- dh.h | 3 ++- kex.c | 4 +++- kex.h | 4 +++- kexdhc.c | 13 +++++++++++-- kexdhs.c | 13 +++++++++++-- monitor.c | 3 ++- myproposal.h | 6 ++++-- ssh-keyscan.c | 3 ++- sshconnect2.c | 3 ++- sshd.c | 3 ++- 12 files changed, 72 insertions(+), 18 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 3fb1d4664..1d2563ba8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ - pedro@cvs.openbsd.org 2004/06/03 12:22:20 [sftp-client.c sftp.c] initialize pointers, ok markus@ + - djm@cvs.openbsd.org 2004/06/13 12:53:24 + [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] + [ssh-keyscan.c sshconnect2.c sshd.c] + implement diffie-hellman-group14-sha1 kex method (trivial extension to + existing diffie-hellman-group1-sha1); ok markus@ 20040603 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. @@ -1199,4 +1204,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3379 2004/06/15 00:28:56 djm Exp $ +$Id: ChangeLog,v 1.3380 2004/06/15 00:30:09 djm Exp $ diff --git a/dh.c b/dh.c index afd1e05d0..176fb7469 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $"); +RCSID("$OpenBSD: dh.c,v 1.30 2004/06/13 12:53:24 djm Exp $"); #include "xmalloc.h" @@ -115,8 +115,9 @@ choose_dh(int min, int wantbits, int max) if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { - logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI); - return (dh_new_group1()); + logit("WARNING: %s does not exist, using fixed modulus", + _PATH_DH_MODULI); + return (dh_new_group14()); } linenum = 0; @@ -169,7 +170,7 @@ choose_dh(int min, int wantbits, int max) return (dh_new_group(dhg.g, dhg.p)); } -/* diffie-hellman-group1-sha1 */ +/* diffie-hellman-groupN-sha1 */ int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) @@ -272,6 +273,25 @@ dh_new_group1(void) return (dh_new_group_asc(gen, group1)); } +DH * +dh_new_group14(void) +{ + static char *gen = "2", *group14 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group14)); +} + /* * Estimates the group order for a Diffie-Hellman group that has an * attack complexity approximately the same as O(2**bits). Estimate diff --git a/dh.h b/dh.h index a0c97b2ff..723dd08e4 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */ +/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -36,6 +36,7 @@ DH *choose_dh(int, int, int); DH *dh_new_group_asc(const char *, const char *); DH *dh_new_group(BIGNUM *, BIGNUM *); DH *dh_new_group1(void); +DH *dh_new_group14(void); void dh_gen_key(DH *, int); int dh_pub_is_valid(DH *, BIGNUM *); diff --git a/kex.c b/kex.c index fa5de7ed8..cda8bf9b7 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.58 2004/05/09 01:26:48 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.59 2004/06/13 12:53:24 djm Exp $"); #include @@ -293,6 +293,8 @@ choose_kex(Kex *k, char *client, char *server) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { k->kex_type = KEX_DH_GRP1_SHA1; + } else if (strcmp(k->name, KEX_DH14) == 0) { + k->kex_type = KEX_DH_GRP14_SHA1; } else if (strcmp(k->name, KEX_DHGEX) == 0) { k->kex_type = KEX_DH_GEX_SHA1; } else diff --git a/kex.h b/kex.h index 437735047..d9e9d6522 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.34 2004/05/21 08:43:03 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -32,6 +32,7 @@ #include "key.h" #define KEX_DH1 "diffie-hellman-group1-sha1" +#define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" enum kex_init_proposals { @@ -56,6 +57,7 @@ enum kex_modes { enum kex_exchange { KEX_DH_GRP1_SHA1, + KEX_DH_GRP14_SHA1, KEX_DH_GEX_SHA1, KEX_MAX }; diff --git a/kexdhc.c b/kexdhc.c index fe6dc53f8..f48bd4678 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -44,7 +44,16 @@ kexdh_client(Kex *kex) u_int klen, kout, slen, sbloblen; /* generate and send 'e', client DH public key */ - dh = dh_new_group1(); + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + dh = dh_new_group1(); + break; + case KEX_DH_GRP14_SHA1: + dh = dh_new_group14(); + break; + default: + fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); + } dh_gen_key(dh, kex->we_need * 8); packet_start(SSH2_MSG_KEXDH_INIT); packet_put_bignum2(dh->pub_key); diff --git a/kexdhs.c b/kexdhs.c index f04bce825..225e65592 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -45,7 +45,16 @@ kexdh_server(Kex *kex) u_int slen; /* generate server DH public key */ - dh = dh_new_group1(); + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + dh = dh_new_group1(); + break; + case KEX_DH_GRP14_SHA1: + dh = dh_new_group14(); + break; + default: + fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); + } dh_gen_key(dh, kex->we_need * 8); debug("expecting SSH2_MSG_KEXDH_INIT"); diff --git a/monitor.c b/monitor.c index 2200eb09d..c287a2da1 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.57 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.58 2004/06/13 12:53:24 djm Exp $"); #include @@ -1546,6 +1546,7 @@ mm_get_kex(Buffer *m) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); diff --git a/myproposal.h b/myproposal.h index 8b431d9d2..228ed6882 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.15 2003/05/17 04:27:52 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.16 2004/06/13 12:53:24 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -23,7 +23,9 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" +#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \ + "diffie-hellman-group14-sha1," \ + "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 266b23cb3..c4a2414b1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.47 2004/03/08 09:38:05 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.48 2004/06/13 12:53:24 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -349,6 +349,7 @@ keygrab_ssh2(con *c) "ssh-dss": "ssh-rsa"; c->c_kex = kex_setup(myproposal); c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->verify_host_key = hostjump; diff --git a/sshconnect2.c b/sshconnect2.c index 06d884285..68d56d020 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.137 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -120,6 +120,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* start key exchange */ kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff --git a/sshd.c b/sshd.c index 332a189e8..5f3878119 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.292 2004/06/13 12:53:24 djm Exp $"); #include #include @@ -1774,6 +1774,7 @@ do_ssh2_kex(void) /* start key exchange */ kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->client_version_string=client_version_string; -- cgit v1.2.3 From 232711f6dbc107711b3957bfa2fd798aec702241 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 15 Jun 2004 10:35:30 +1000 Subject: - djm@cvs.openbsd.org 2004/06/14 01:44:39 [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] [sshd.c] set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ --- ChangeLog | 6 +++++- channels.c | 6 +++--- clientloop.c | 4 ++-- misc.c | 34 ++++++++++++++++++++-------------- misc.h | 6 +++--- packet.c | 11 ++++------- ssh-agent.c | 5 ++--- ssh-keyscan.c | 6 +++--- sshd.c | 8 +++----- 9 files changed, 45 insertions(+), 41 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 36aeb85bb..d1d45db79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,10 @@ [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5] implement session multiplexing in the client (the server has supported this since 2.0); ok markus@ + - djm@cvs.openbsd.org 2004/06/14 01:44:39 + [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] + [sshd.c] + set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@ 20040603 - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. @@ -1213,4 +1217,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3382 2004/06/15 00:34:08 djm Exp $ +$Id: ChangeLog,v 1.3383 2004/06/15 00:35:30 djm Exp $ diff --git a/channels.c b/channels.c index 1fb1092c8..97c1fd31b 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.204 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.205 2004/06/14 01:44:38 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2509,8 +2509,8 @@ connect_to(const char *host, u_short port) verbose("socket: %.100s", strerror(errno)); continue; } - if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) - fatal("connect_to: F_SETFL: %s", strerror(errno)); + if (set_nonblock(sock) == -1) + fatal("%s: set_nonblock(%d)", __func__, sock); if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 && errno != EINPROGRESS) { error("connect_to %.100s port %s: %.100s", ntop, strport, diff --git a/clientloop.c b/clientloop.c index 6401588a9..eada56033 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.123 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.124 2004/06/14 01:44:38 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -167,7 +167,7 @@ static void enter_non_blocking(void) { in_non_blocking_mode = 1; - (void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); + set_nonblock(fileno(stdin)); } /* diff --git a/misc.c b/misc.c index 1f320353e..1c43bc007 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.23 2003/10/28 09:08:06 markus Exp $"); +RCSID("$OpenBSD: misc.c,v 1.24 2004/06/14 01:44:39 djm Exp $"); #include "misc.h" #include "log.h" @@ -46,7 +46,7 @@ chop(char *s) } /* set/unset filedescriptor to non-blocking */ -void +int set_nonblock(int fd) { int val; @@ -54,20 +54,23 @@ set_nonblock(int fd) val = fcntl(fd, F_GETFL, 0); if (val < 0) { error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; + return (-1); } if (val & O_NONBLOCK) { - debug2("fd %d is O_NONBLOCK", fd); - return; + debug3("fd %d is O_NONBLOCK", fd); + return (0); } debug2("fd %d setting O_NONBLOCK", fd); val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", - fd, strerror(errno)); + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, + strerror(errno)); + return (-1); + } + return (0); } -void +int unset_nonblock(int fd) { int val; @@ -75,17 +78,20 @@ unset_nonblock(int fd) val = fcntl(fd, F_GETFL, 0); if (val < 0) { error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; + return (-1); } if (!(val & O_NONBLOCK)) { - debug2("fd %d is not O_NONBLOCK", fd); - return; + debug3("fd %d is not O_NONBLOCK", fd); + return (0); } debug("fd %d clearing O_NONBLOCK", fd); val &= ~O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", + if (fcntl(fd, F_SETFL, val) == -1) { + debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", fd, strerror(errno)); + return (-1); + } + return (0); } /* disable nagle on socket */ diff --git a/misc.h b/misc.h index d4a23cba3..6a4eff136 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.14 2004/05/08 00:21:31 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,8 +16,8 @@ char *chop(char *); char *strdelim(char **); -void set_nonblock(int); -void unset_nonblock(int); +int set_nonblock(int); +int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); char *cleanhostname(char *); diff --git a/packet.c b/packet.c index fe3eea094..fca0075e7 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.113 2004/05/11 19:01:43 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.114 2004/06/14 01:44:39 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -319,13 +319,10 @@ void packet_set_nonblocking(void) { /* Set the socket into non-blocking mode. */ - if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %.100s", strerror(errno)); + set_nonblock(connection_in); - if (connection_out != connection_in) { - if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %.100s", strerror(errno)); - } + if (connection_out != connection_in) + set_nonblock(connection_out); } /* Returns the socket used for reading. */ diff --git a/ssh-agent.c b/ssh-agent.c index a38322160..ea84f2196 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.118 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.119 2004/06/14 01:44:39 djm Exp $"); #include #include @@ -789,8 +789,7 @@ new_socket(sock_type type, int fd) { u_int i, old_alloc, new_alloc; - if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) - error("fcntl O_NONBLOCK: %s", strerror(errno)); + set_nonblock(fd); if (fd > max_fd) max_fd = fd; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c4a2414b1..01615b5c3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.48 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.49 2004/06/14 01:44:39 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -397,8 +397,8 @@ tcpconnect(char *host) error("socket: %s", strerror(errno)); continue; } - if (fcntl(s, F_SETFL, O_NONBLOCK) < 0) - fatal("F_SETFL: %s", strerror(errno)); + if (set_nonblock(s) == -1) + fatal("%s: set_nonblock(%d)", __func__, s); if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); diff --git a/sshd.c b/sshd.c index 5f3878119..34379172f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.292 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.293 2004/06/14 01:44:39 djm Exp $"); #include #include @@ -1140,8 +1140,7 @@ main(int ac, char **av) verbose("socket: %.100s", strerror(errno)); continue; } - if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) < 0) { - error("listen_sock O_NONBLOCK: %s", strerror(errno)); + if (set_nonblock(listen_sock) == -1) { close(listen_sock); continue; } @@ -1284,8 +1283,7 @@ main(int ac, char **av) error("accept: %.100s", strerror(errno)); continue; } - if (fcntl(newsock, F_SETFL, 0) < 0) { - error("newsock del O_NONBLOCK: %s", strerror(errno)); + if (unset_nonblock(newsock) == -1) { close(newsock); continue; } -- cgit v1.2.3 From 645ab757bd58dc0c8e42b9886863ec95bf058c3e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 25 Jun 2004 13:33:20 +1000 Subject: - djm@cvs.openbsd.org 2004/06/24 19:30:54 [servconf.c servconf.h sshd.c] re-exec sshd on accept(); initial work, final debugging and ok markus@ --- ChangeLog | 8 ++- servconf.c | 48 +++++++++---- servconf.h | 8 ++- sshd.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 4 files changed, 261 insertions(+), 32 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 023fde0cd..4367699d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20040625 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/06/24 19:30:54 + [servconf.c servconf.h sshd.c] + re-exec sshd on accept(); initial work, final debugging and ok markus@ + 20040623 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 connections with empty passwords. Patch from davidwu at nbttech.com, @@ -1399,4 +1405,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3443 2004/06/23 14:34:53 dtucker Exp $ +$Id: ChangeLog,v 1.3444 2004/06/25 03:33:20 dtucker Exp $ diff --git a/servconf.c b/servconf.c index ef8651651..ea67f6288 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.133 2004/05/23 23:59:53 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.134 2004/06/24 19:30:54 djm Exp $"); #include "ssh.h" #include "log.h" @@ -942,26 +942,50 @@ parse_flag: /* Reads the server configuration file. */ void -read_server_config(ServerOptions *options, const char *filename) +load_server_config(const char *filename, Buffer *conf) { - int linenum, bad_options = 0; - char line[1024]; + char line[1024], *cp; FILE *f; - debug2("read_server_config: filename %s", filename); - f = fopen(filename, "r"); - if (!f) { + debug2("%s: filename %s", __func__, filename); + if ((f = fopen(filename, "r")) == NULL) { perror(filename); exit(1); } - linenum = 0; + buffer_clear(conf); while (fgets(line, sizeof(line), f)) { - /* Update line number counter. */ - linenum++; - if (process_server_config_line(options, line, filename, linenum) != 0) - bad_options++; + /* + * Trim out comments and strip whitespace + * NB - preserve newlines, they are needed to reproduce + * line numbers later for error messages + */ + if ((cp = strchr(line, '#')) != NULL) + memcpy(cp, "\n", 2); + cp = line + strspn(line, " \t\r"); + + buffer_append(conf, cp, strlen(cp)); } + buffer_append(conf, "\0", 1); fclose(f); + debug2("%s: done config len = %d", __func__, buffer_len(conf)); +} + +void +parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) +{ + int linenum, bad_options = 0; + char *cp, *cbuf; + + debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); + + cbuf = xstrdup(buffer_ptr(conf)); + linenum = 0; + while((cp = strsep(&cbuf, "\n")) != NULL) { + if (process_server_config_line(options, cp, filename, + linenum++) != 0) + bad_options++; + } + free(cbuf); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options); diff --git a/servconf.h b/servconf.h index 36d2e5ca6..ebd056814 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.69 2004/05/23 23:59:53 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,6 +16,8 @@ #ifndef SERVCONF_H #define SERVCONF_H +#include "buffer.h" + #define MAX_PORTS 256 /* Max # ports. */ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ @@ -134,9 +136,9 @@ typedef struct { } ServerOptions; void initialize_server_options(ServerOptions *); -void read_server_config(ServerOptions *, const char *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); - +void load_server_config(const char *, Buffer *); +void parse_server_config(ServerOptions *, const char *, Buffer *); #endif /* SERVCONF_H */ diff --git a/sshd.c b/sshd.c index 34379172f..98e90b5ac 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.293 2004/06/14 01:44:39 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.294 2004/06/24 19:30:54 djm Exp $"); #include #include @@ -65,6 +65,7 @@ RCSID("$OpenBSD: sshd.c,v 1.293 2004/06/14 01:44:39 djm Exp $"); #include "uidswap.h" #include "compat.h" #include "buffer.h" +#include "bufaux.h" #include "cipher.h" #include "kex.h" #include "key.h" @@ -76,6 +77,7 @@ RCSID("$OpenBSD: sshd.c,v 1.293 2004/06/14 01:44:39 djm Exp $"); #include "canohost.h" #include "auth.h" #include "misc.h" +#include "msg.h" #include "dispatch.h" #include "channels.h" #include "session.h" @@ -137,6 +139,12 @@ int log_stderr = 0; char **saved_argv; int saved_argc; +/* re-exec */ +int rexeced_flag = 0; +int rexec_flag = 1; +int rexec_argc = 0; +char **rexec_argv; + /* * The sockets that the server is listening; this is used in the SIGHUP * signal handler. @@ -771,6 +779,87 @@ usage(void) exit(1); } +static void +send_rexec_state(int fd, Buffer *conf) +{ + Buffer m; + + debug3("%s: entering fd = %d config len %d", __func__, fd, + buffer_len(conf)); + + /* + * Protocol from reexec master to child: + * string configuration + * u_int ephemeral_key_follows + * bignum e (only if ephemeral_key_follows == 1) + * bignum n " + * bignum d " + * bignum iqmp " + * bignum p " + * bignum q " + */ + buffer_init(&m); + buffer_put_cstring(&m, buffer_ptr(conf)); + + if (sensitive_data.server_key != NULL && + sensitive_data.server_key->type == KEY_RSA1) { + buffer_put_int(&m, 1); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); + buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); + } else + buffer_put_int(&m, 0); + + if (ssh_msg_send(fd, 0, &m) == -1) + fatal("%s: ssh_msg_send failed", __func__); + + buffer_free(&m); + + debug3("%s: done", __func__); +} + +static void +recv_rexec_state(int fd, Buffer *conf) +{ + Buffer m; + char *cp; + u_int len; + + debug3("%s: entering fd = %d", __func__, fd); + + buffer_init(&m); + + if (ssh_msg_recv(fd, &m) == -1) + fatal("%s: ssh_msg_recv failed", __func__); + if (buffer_get_char(&m) != 0) + fatal("%s: rexec version mismatch", __func__); + + cp = buffer_get_string(&m, &len); + if (conf != NULL) + buffer_append(conf, cp, len + 1); + xfree(cp); + + if (buffer_get_int(&m)) { + if (sensitive_data.server_key != NULL) + key_free(sensitive_data.server_key); + sensitive_data.server_key = key_new_private(KEY_RSA1); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->e); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->n); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->d); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); + buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); + rsa_generate_additional_parameters( + sensitive_data.server_key->rsa); + } + buffer_free(&m); + + debug3("%s: done", __func__); +} + /* * Main program for the daemon. */ @@ -791,11 +880,12 @@ main(int ac, char **av) char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char *line; int listen_sock, maxfd; - int startup_p[2]; + int startup_p[2], config_s[2]; int startups = 0; Key *key; Authctxt *authctxt; int ret, key_used = 0; + Buffer cfg; #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); @@ -823,7 +913,7 @@ main(int ac, char **av) initialize_server_options(&options); /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) { + while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { switch (opt) { case '4': IPv4or6 = AF_INET; @@ -850,6 +940,13 @@ main(int ac, char **av) case 'i': inetd_flag = 1; break; + case 'r': + rexec_flag = 0; + break; + case 'R': + rexeced_flag = 1; + inetd_flag = 1; + break; case 'Q': /* ignored */ break; @@ -913,6 +1010,13 @@ main(int ac, char **av) break; } } + if (rexeced_flag || inetd_flag) + rexec_flag = 0; + if (rexec_flag && (av[0] == NULL || *av[0] != '/')) + fatal("sshd re-exec requires execution with an absolute path"); + if (rexeced_flag) + closefrom(STDERR_FILENO + 3); + SSLeay_add_all_algorithms(); channel_set_af(IPv4or6); @@ -943,8 +1047,23 @@ main(int ac, char **av) seed_rng(); - /* Read server configuration options from the configuration file. */ - read_server_config(&options, config_file_name); + sensitive_data.server_key = NULL; + sensitive_data.ssh1_host_key = NULL; + sensitive_data.have_ssh1_key = 0; + sensitive_data.have_ssh2_key = 0; + + /* Fetch our configuration */ + buffer_init(&cfg); + if (rexeced_flag) + recv_rexec_state(STDERR_FILENO + 2, &cfg); + else + load_server_config(config_file_name, &cfg); + + parse_server_config(&options, + rexeced_flag ? "rexec" : config_file_name, &cfg); + + if (!rexec_flag) + buffer_free(&cfg); /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); @@ -962,10 +1081,6 @@ main(int ac, char **av) sizeof(Key *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; - sensitive_data.server_key = NULL; - sensitive_data.ssh1_host_key = NULL; - sensitive_data.have_ssh1_key = 0; - sensitive_data.have_ssh2_key = 0; for (i = 0; i < options.num_host_key_files; i++) { key = key_load_private(options.host_key_files[i], "", NULL); @@ -1064,6 +1179,16 @@ main(int ac, char **av) if (setgroups(0, NULL) < 0) debug("setgroups() failed: %.200s", strerror(errno)); + if (rexec_flag) { + rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2)); + for (i = 0; i < rexec_argc; i++) { + debug("rexec_argv[%d]='%s'", i, saved_argv[i]); + rexec_argv[i] = saved_argv[i]; + } + rexec_argv[rexec_argc] = "-R"; + rexec_argv[rexec_argc + 1] = NULL; + } + /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) log_stderr = 1; @@ -1105,19 +1230,34 @@ main(int ac, char **av) /* Start listening for a socket, unless started from inetd. */ if (inetd_flag) { - int s1; - s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */ - dup(s1); - sock_in = dup(0); - sock_out = dup(1); + int fd; + startup_pipe = -1; + if (rexeced_flag) { + close(STDERR_FILENO + 2); + sock_in = sock_out = dup(STDIN_FILENO); + if (!debug_flag) { + startup_pipe = dup(STDERR_FILENO + 1); + close(STDERR_FILENO + 1); + } + } else { + sock_in = dup(STDIN_FILENO); + sock_out = dup(STDOUT_FILENO); + } /* * We intentionally do not close the descriptors 0, 1, and 2 - * as our code for setting the descriptors won\'t work if + * as our code for setting the descriptors won't work if * ttyfd happens to be one of those. */ + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + if (fd > STDOUT_FILENO) + close(fd); + } debug("inetd sockets after dupping: %d, %d", sock_in, sock_out); - if (options.protocol & SSH_PROTO_1) + if ((options.protocol & SSH_PROTO_1) && + sensitive_data.server_key == NULL) generate_ephemeral_server_key(); } else { for (ai = options.listen_addrs; ai; ai = ai->ai_next) { @@ -1297,6 +1437,16 @@ main(int ac, char **av) continue; } + if (rexec_flag && socketpair(AF_UNIX, + SOCK_STREAM, 0, config_s) == -1) { + error("reexec socketpair: %s", + strerror(errno)); + close(newsock); + close(startup_p[0]); + close(startup_p[1]); + continue; + } + for (j = 0; j < options.max_startups; j++) if (startup_pipes[j] == -1) { startup_pipes[j] = startup_p[0]; @@ -1320,8 +1470,15 @@ main(int ac, char **av) close_listen_socks(); sock_in = newsock; sock_out = newsock; + close(startup_p[0]); + close(startup_p[1]); startup_pipe = -1; pid = getpid(); + if (rexec_flag) { + send_rexec_state(config_s[0], + &cfg); + close(config_s[0]); + } break; } else { /* @@ -1355,6 +1512,12 @@ main(int ac, char **av) close(startup_p[1]); + if (rexec_flag) { + send_rexec_state(config_s[0], &cfg); + close(config_s[0]); + close(config_s[1]); + } + /* Mark that the key has been used (it was "given" to the child). */ if ((options.protocol & SSH_PROTO_1) && key_used == 0) { @@ -1378,6 +1541,40 @@ main(int ac, char **av) /* This is the child processing a new connection. */ setproctitle("%s", "[accepted]"); + if (rexec_flag) { + int fd; + + debug("rexec newsock %d pipe %d sock %d", newsock, + startup_pipe, config_s[0]); + dup2(newsock, STDIN_FILENO); + dup2(STDIN_FILENO, STDOUT_FILENO); + if (startup_pipe == -1) + close(STDERR_FILENO + 1); + else + dup2(startup_pipe, STDERR_FILENO + 1); + + dup2(config_s[1], STDERR_FILENO + 2); + close(config_s[1]); + execv(rexec_argv[0], rexec_argv); + + /* Reexec has failed, fall back and continue */ + error("rexec of %s failed: %s", rexec_argv[0], strerror(errno)); + recv_rexec_state(STDERR_FILENO + 2, NULL); + log_init(__progname, options.log_level, + options.log_facility, log_stderr); + + /* Clean up fds */ + close(config_s[1]); + close(STDERR_FILENO + 1); + close(STDERR_FILENO + 2); + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + if (fd > STDERR_FILENO) + close(fd); + } + } + /* * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. We don't -- cgit v1.2.3 From 586b0b98bf9fe8a1d551a9706aed60851ff0e014 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 25 Jun 2004 13:34:31 +1000 Subject: - djm@cvs.openbsd.org 2004/06/25 01:16:09 [sshd.c] only perform tcp wrappers checks when the incoming connection is on a socket. silences useless warnings from regress tests that use proxycommand="sshd -i". prompted by david@ ok markus@ --- ChangeLog | 7 ++++++- sshd.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 4367699d2..2e5b94c41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ - djm@cvs.openbsd.org 2004/06/24 19:30:54 [servconf.c servconf.h sshd.c] re-exec sshd on accept(); initial work, final debugging and ok markus@ + - djm@cvs.openbsd.org 2004/06/25 01:16:09 + [sshd.c] + only perform tcp wrappers checks when the incoming connection is on a + socket. silences useless warnings from regress tests that use + proxycommand="sshd -i". prompted by david@ ok markus@ 20040623 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 @@ -1405,4 +1410,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3444 2004/06/25 03:33:20 dtucker Exp $ +$Id: ChangeLog,v 1.3445 2004/06/25 03:34:31 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 98e90b5ac..2408fcb5a 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.294 2004/06/24 19:30:54 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.295 2004/06/25 01:16:09 djm Exp $"); #include #include @@ -1620,7 +1620,7 @@ main(int ac, char **av) #ifdef LIBWRAP /* Check whether logins are denied from this host. */ - { + if (packet_connection_is_on_socket()) { struct request_info req; request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); -- cgit v1.2.3 From 17c5d03ad3bcb782b5b3768b3e70a050d86d5fa1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 25 Jun 2004 14:22:23 +1000 Subject: - (dtucker) [sshd.c] add line missing from reexec sync. --- ChangeLog | 3 ++- sshd.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 87659375b..94172428a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,7 @@ clean reexec-specific junk out of text-exec.sh and simplify; idea markus@ - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h] Add closefrom() for platforms that don't have it. + - (dtucker) [sshd.c] add line missing from reexec sync. 20040623 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1 @@ -1418,4 +1419,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3448 2004/06/25 04:03:34 dtucker Exp $ +$Id: ChangeLog,v 1.3449 2004/06/25 04:22:23 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 2408fcb5a..015eeac9a 100644 --- a/sshd.c +++ b/sshd.c @@ -895,6 +895,7 @@ main(int ac, char **av) /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; + rexec_argc = ac; saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1)); for (i = 0; i < ac; i++) saved_argv[i] = xstrdup(av[i]); -- cgit v1.2.3 From 035a5b47cc29f9d343153d4d7c09c20ebd0eff52 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 26 Jun 2004 08:16:31 +1000 Subject: - OpenBSD CVS Sync - djm@cvs.openbsd.org 2004/06/25 18:43:36 [sshd.c] fix broken fd handling in the re-exec fallback path, particularly when /dev/crypto is in use; ok deraadt@ markus@ --- ChangeLog | 9 ++++++++- sshd.c | 42 ++++++++++++++++++++++++++++-------------- 2 files changed, 36 insertions(+), 15 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 1252df061..2eff2d437 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20040626 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/06/25 18:43:36 + [sshd.c] + fix broken fd handling in the re-exec fallback path, particularly when + /dev/crypto is in use; ok deraadt@ markus@ + 20040625 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2004/06/24 19:30:54 @@ -1423,4 +1430,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3450 2004/06/25 07:06:02 dtucker Exp $ +$Id: ChangeLog,v 1.3451 2004/06/25 22:16:31 djm Exp $ diff --git a/sshd.c b/sshd.c index 015eeac9a..e5f54cbe6 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.295 2004/06/25 01:16:09 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.296 2004/06/25 18:43:36 djm Exp $"); #include #include @@ -97,6 +97,12 @@ int deny_severity = LOG_WARNING; #define O_NOCTTY 0 #endif +/* Re-exec fds */ +#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) +#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) +#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) +#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) + #ifdef HAVE___PROGNAME extern char *__progname; #else @@ -1016,7 +1022,9 @@ main(int ac, char **av) if (rexec_flag && (av[0] == NULL || *av[0] != '/')) fatal("sshd re-exec requires execution with an absolute path"); if (rexeced_flag) - closefrom(STDERR_FILENO + 3); + closefrom(REEXEC_MIN_FREE_FD); + else + closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); SSLeay_add_all_algorithms(); channel_set_af(IPv4or6); @@ -1056,7 +1064,7 @@ main(int ac, char **av) /* Fetch our configuration */ buffer_init(&cfg); if (rexeced_flag) - recv_rexec_state(STDERR_FILENO + 2, &cfg); + recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); else load_server_config(config_file_name, &cfg); @@ -1235,11 +1243,11 @@ main(int ac, char **av) startup_pipe = -1; if (rexeced_flag) { - close(STDERR_FILENO + 2); + close(REEXEC_CONFIG_PASS_FD); sock_in = sock_out = dup(STDIN_FILENO); if (!debug_flag) { - startup_pipe = dup(STDERR_FILENO + 1); - close(STDERR_FILENO + 1); + startup_pipe = dup(REEXEC_STARTUP_PIPE_FD); + close(REEXEC_STARTUP_PIPE_FD); } } else { sock_in = dup(STDIN_FILENO); @@ -1501,6 +1509,7 @@ main(int ac, char **av) sock_in = newsock; sock_out = newsock; log_init(__progname, options.log_level, options.log_facility, log_stderr); + close(config_s[0]); break; } } @@ -1545,35 +1554,40 @@ main(int ac, char **av) if (rexec_flag) { int fd; - debug("rexec newsock %d pipe %d sock %d", newsock, - startup_pipe, config_s[0]); + debug("rexec start in %d out %d newsock %d pipe %d sock %d", + sock_in, sock_out, newsock, startup_pipe, config_s[0]); dup2(newsock, STDIN_FILENO); dup2(STDIN_FILENO, STDOUT_FILENO); if (startup_pipe == -1) - close(STDERR_FILENO + 1); + close(REEXEC_STARTUP_PIPE_FD); else - dup2(startup_pipe, STDERR_FILENO + 1); + dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); - dup2(config_s[1], STDERR_FILENO + 2); + dup2(config_s[1], REEXEC_CONFIG_PASS_FD); close(config_s[1]); + close(startup_pipe); + execv(rexec_argv[0], rexec_argv); /* Reexec has failed, fall back and continue */ error("rexec of %s failed: %s", rexec_argv[0], strerror(errno)); - recv_rexec_state(STDERR_FILENO + 2, NULL); + recv_rexec_state(REEXEC_CONFIG_PASS_FD, NULL); log_init(__progname, options.log_level, options.log_facility, log_stderr); /* Clean up fds */ + startup_pipe = REEXEC_STARTUP_PIPE_FD; close(config_s[1]); - close(STDERR_FILENO + 1); - close(STDERR_FILENO + 2); + close(REEXEC_CONFIG_PASS_FD); + newsock = sock_out = sock_in = dup(STDIN_FILENO); if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { dup2(fd, STDIN_FILENO); dup2(fd, STDOUT_FILENO); if (fd > STDERR_FILENO) close(fd); } + debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d", + sock_in, sock_out, newsock, startup_pipe, config_s[0]); } /* -- cgit v1.2.3 From 386c6a2c707b0c2a7b3370ba669881e72670ed14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 30 Jun 2004 22:40:20 +1000 Subject: - avsm@cvs.openbsd.org 2004/06/26 20:07:16 [sshd.c] initialise some fd variables to -1, djm@ ok --- ChangeLog | 5 ++++- sshd.c | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 0333ba30d..2f6d02306 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - jmc@cvs.openbsd.org 2004/06/26 09:14:40 [sshd_config.5] new sentence, new line; + - avsm@cvs.openbsd.org 2004/06/26 20:07:16 + [sshd.c] + initialise some fd variables to -1, djm@ ok 20040627 - (tim) update README files. @@ -1459,4 +1462,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3461 2004/06/30 12:39:34 djm Exp $ +$Id: ChangeLog,v 1.3462 2004/06/30 12:40:20 djm Exp $ diff --git a/sshd.c b/sshd.c index e5f54cbe6..101419bed 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.296 2004/06/25 18:43:36 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.297 2004/06/26 20:07:16 avsm Exp $"); #include #include @@ -874,7 +874,8 @@ main(int ac, char **av) { extern char *optarg; extern int optind; - int opt, sock_in = 0, sock_out = 0, newsock, j, i, fdsetsz, on = 1; + int opt, j, i, fdsetsz, on = 1; + int sock_in = -1, sock_out = -1, newsock = -1; pid_t pid; socklen_t fromlen; fd_set *fdset; -- cgit v1.2.3 From ba6de952a00558e6d93b8c9edd81806a99716411 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 14:07:42 +1000 Subject: - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too. --- ChangeLog | 8 +++++++- logintest.c | 6 +----- openbsd-compat/bsd-misc.c | 6 +++++- scp.c | 4 ---- sftp-server.c | 4 ---- sftp.c | 4 ---- ssh-add.c | 6 ------ ssh-agent.c | 4 ---- ssh-keygen.c | 4 ---- ssh-keyscan.c | 4 ---- ssh-keysign.c | 4 ---- ssh-rand-helper.c | 6 +----- ssh.c | 4 ---- sshd.c | 4 ---- 14 files changed, 14 insertions(+), 54 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index f6447bb86..a36c1dd22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20040717 + - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c + ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c + openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces + diff vs OpenBSD; ok mouring@, tested by tim@ too. + 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows the monitor to properly clean up the PAM thread (Debian bug #252676). @@ -1503,4 +1509,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3473 2004/07/11 06:54:08 dtucker Exp $ +$Id: ChangeLog,v 1.3474 2004/07/17 04:07:42 dtucker Exp $ diff --git a/logintest.c b/logintest.c index 3f3997d10..95cce5a3a 100644 --- a/logintest.c +++ b/logintest.c @@ -43,13 +43,9 @@ #include "loginrec.h" -RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $"); +RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $"); -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif #define PAUSE_BEFORE_LOGOUT 3 diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index c58cce0f4..07b7c0755 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -17,7 +17,11 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.22 2004/06/25 04:03:34 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.23 2004/07/17 04:07:42 dtucker Exp $"); + +#ifndef HAVE__PROGNAME +char *__progname; +#endif /* * NB. duplicate __progname in case it is an alias for argv[0] diff --git a/scp.c b/scp.c index e559122a1..33c5891f2 100644 --- a/scp.c +++ b/scp.c @@ -80,11 +80,7 @@ RCSID("$OpenBSD: scp.c,v 1.116 2004/07/08 12:47:21 dtucker Exp $"); #include "misc.h" #include "progressmeter.h" -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif void bwlimit(int); diff --git a/sftp-server.c b/sftp-server.c index 1ff4750ea..e82280057 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -31,11 +31,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); #define get_string(lenp) buffer_get_string(&iqueue, lenp); #define TRACE debug -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* input and output queue */ Buffer iqueue; diff --git a/sftp.c b/sftp.c index 1bc91a16e..4002304ec 100644 --- a/sftp.c +++ b/sftp.c @@ -55,11 +55,7 @@ int sort_flag; int remote_glob(struct sftp_conn *, const char *, int, int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */ -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Separators for interactive commands */ #define WHITESPACE " \t\r\n" diff --git a/ssh-add.c b/ssh-add.c index 709a36bc1..06a52464e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -49,12 +49,6 @@ RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $"); #include "pathnames.h" #include "misc.h" -#ifdef HAVE___PROGNAME -extern char *__progname; -#else -char *__progname; -#endif - /* argv0 */ extern char *__progname; diff --git a/ssh-agent.c b/ssh-agent.c index ea84f2196..54ab4d7a2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -106,11 +106,7 @@ char socket_dir[1024]; int locked = 0; char *lock_passwd = NULL; -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Default lifetime (0 == forever) */ static int lifetime = 0; diff --git a/ssh-keygen.c b/ssh-keygen.c index d4d19d3a1..e8e579b5d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -76,11 +76,7 @@ int print_generic = 0; char *key_type_name = NULL; /* argv0 */ -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif char hostname[MAXHOSTNAMELEN]; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 01615b5c3..fd3185adf 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -49,11 +49,7 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif fd_set *read_wait; size_t read_wait_size; int ncon; diff --git a/ssh-keysign.c b/ssh-keysign.c index e642948a0..cf8b0c2d2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -45,11 +45,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); /* XXX readconf.c needs these */ uid_t original_real_uid; -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif static int valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 471e7295b..86af3893d 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.17 2004/06/15 00:34:08 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -63,11 +63,7 @@ RCSID("$Id: ssh-rand-helper.c,v 1.17 2004/06/15 00:34:08 djm Exp $"); # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" #endif -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif #define WHITESPACE " \t\n" diff --git a/ssh.c b/ssh.c index 767d99ca9..f0c284df0 100644 --- a/ssh.c +++ b/ssh.c @@ -76,11 +76,7 @@ RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $"); #include "scard.h" #endif -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Flag indicating whether debug mode is on. This can be set on the command line. */ int debug_flag = 0; diff --git a/sshd.c b/sshd.c index 101419bed..6df8f252a 100644 --- a/sshd.c +++ b/sshd.c @@ -103,11 +103,7 @@ int deny_severity = LOG_WARNING; #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Server configuration options. */ ServerOptions options; -- cgit v1.2.3 From fc9597034b819b295966f61d8dc797b53fda45c7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 16:12:08 +1000 Subject: - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces --- ChangeLog | 9 ++++++++- channels.c | 11 +++++------ cipher.c | 32 ++++++++++++++++---------------- clientloop.c | 18 +++++++++--------- clientloop.h | 4 ++-- compat.h | 4 ++-- moduli.c | 48 ++++++++++++++++++++++++------------------------ nchan.c | 16 ++++++++-------- pathnames.h | 4 ++-- progressmeter.c | 18 +++++++++--------- readconf.c | 6 +++--- readconf.h | 4 ++-- servconf.c | 4 ++-- session.c | 6 +++--- sftp-client.c | 8 ++++---- sftp.c | 8 ++++---- ssh-agent.1 | 4 ++-- ssh-keygen.c | 4 ++-- ssh.c | 10 +++++----- ssh1.h | 8 ++++---- sshd.c | 6 +++--- ttymodes.h | 18 +++++++++--------- 22 files changed, 128 insertions(+), 122 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index a36c1dd22..e09a0fc83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,13 @@ ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too. + - (dtucker) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 + [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c + readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c + session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h + sshd.c ttymodes.h] + spaces 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows @@ -1509,4 +1516,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3474 2004/07/17 04:07:42 dtucker Exp $ +$Id: ChangeLog,v 1.3475 2004/07/17 06:12:08 dtucker Exp $ diff --git a/channels.c b/channels.c index a72d9b93d..cf46ce09f 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.207 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.208 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -737,7 +737,7 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) FD_SET(c->efd, readset); } /* XXX: What about efd? races? */ - if (compat20 && c->ctl_fd != -1 && + if (compat20 && c->ctl_fd != -1 && c->istate == CHAN_INPUT_OPEN && c->ostate == CHAN_OUTPUT_OPEN) FD_SET(c->ctl_fd, readset); } @@ -2277,7 +2277,7 @@ channel_cancel_rport_listener(const char *host, u_short port) if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && strncmp(c->path, host, sizeof(c->path)) == 0 && - c->listening_port == port) { + c->listening_port == port) { debug2("%s: close clannel %d", __func__, i); channel_free(c); found = 1; @@ -2364,10 +2364,9 @@ channel_request_remote_forwarding(u_short listen_port, } /* - * Request cancellation of remote forwarding of connection host:port from + * Request cancellation of remote forwarding of connection host:port from * local side. */ - void channel_request_rforward_cancel(u_short port) { @@ -2378,7 +2377,7 @@ channel_request_rforward_cancel(u_short port) return; for (i = 0; i < num_permitted_opens; i++) { - if (permitted_opens[i].host_to_connect != NULL && + if (permitted_opens[i].host_to_connect != NULL && permitted_opens[i].listen_port == port) break; } diff --git a/cipher.c b/cipher.c index 64bd744b8..93f96be6d 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.69 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.70 2004/07/11 17:48:47 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -76,19 +76,19 @@ struct Cipher { u_int key_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, + { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, + + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, #else @@ -99,9 +99,9 @@ struct Cipher { SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, #endif #if OPENSSL_VERSION_NUMBER >= 0x00905000L - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, #endif #if defined(EVP_CTRL_SET_ACSS_MODE) { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, diff --git a/clientloop.c b/clientloop.c index 79aabbe06..def4d8a7b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.128 2004/06/18 11:11:54 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.129 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -402,7 +402,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (options.server_alive_interval == 0 || !compat20) tvp = NULL; - else { + else { tv.tv_sec = options.server_alive_interval; tv.tv_usec = 0; tvp = &tv; @@ -517,7 +517,7 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt) { int id; Channel *c; - + id = packet_get_int(); packet_check_eom(); @@ -540,13 +540,13 @@ client_extra_session2_setup(int id, void *arg) struct confirm_ctx *cctx = arg; Channel *c; int i; - + if (cctx == NULL) fatal("%s: cctx == NULL", __func__); if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - client_session2_setup(id, cctx->want_tty, cctx->want_subsys, + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); @@ -557,7 +557,7 @@ client_extra_session2_setup(int id, void *arg) for (i = 0; cctx->env[i] != NULL; i++) xfree(cctx->env[i]); xfree(cctx->env); - } + } xfree(cctx); } @@ -614,7 +614,7 @@ client_process_control(fd_set * readset) * Accept empty responses and responses consisting * of the word "yes" as affirmative. */ - if (*p == '\0' || *p == '\n' || + if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) allowed = 1; xfree(p); @@ -714,7 +714,7 @@ client_process_control(fd_set * readset) set_nonblock(client_fd); - c = channel_new("session", SSH_CHANNEL_OPENING, + c = channel_new("session", SSH_CHANNEL_OPENING, new_fd[0], new_fd[1], new_fd[2], CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); @@ -1673,7 +1673,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) } void -client_session2_setup(int id, int want_tty, int want_subsystem, +client_session2_setup(int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env, dispatch_fn *subsys_repl) { diff --git a/clientloop.h b/clientloop.h index c34d6674d..9992d5938 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.10 2004/06/17 14:52:48 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -38,5 +38,5 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); -void client_session2_setup(int, int, int, const char *, struct termios *, +void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); diff --git a/compat.h b/compat.h index efa0f081e..5efb5c29e 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -27,7 +27,7 @@ #ifndef COMPAT_H #define COMPAT_H -#define SSH_PROTO_UNKNOWN 0x00 +#define SSH_PROTO_UNKNOWN 0x00 #define SSH_PROTO_1 0x01 #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 diff --git a/moduli.c b/moduli.c index c8769c0aa..581b03503 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.8 2004/05/21 08:43:03 markus Exp $ */ +/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -48,68 +48,68 @@ */ /* need line long enough for largest moduli plus headers */ -#define QLINESIZE (100+8192) +#define QLINESIZE (100+8192) /* Type: decimal. * Specifies the internal structure of the prime modulus. */ -#define QTYPE_UNKNOWN (0) -#define QTYPE_UNSTRUCTURED (1) -#define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) -#define QTYPE_SOPHIE_GERMAIN (4) -#define QTYPE_STRONG (5) +#define QTYPE_UNKNOWN (0) +#define QTYPE_UNSTRUCTURED (1) +#define QTYPE_SAFE (2) +#define QTYPE_SCHNOOR (3) +#define QTYPE_SOPHIE_GERMAIN (4) +#define QTYPE_STRONG (5) /* Tests: decimal (bit field). * Specifies the methods used in checking for primality. * Usually, more than one test is used. */ -#define QTEST_UNTESTED (0x00) -#define QTEST_COMPOSITE (0x01) -#define QTEST_SIEVE (0x02) -#define QTEST_MILLER_RABIN (0x04) -#define QTEST_JACOBI (0x08) -#define QTEST_ELLIPTIC (0x10) +#define QTEST_UNTESTED (0x00) +#define QTEST_COMPOSITE (0x01) +#define QTEST_SIEVE (0x02) +#define QTEST_MILLER_RABIN (0x04) +#define QTEST_JACOBI (0x08) +#define QTEST_ELLIPTIC (0x10) /* * Size: decimal. * Specifies the number of the most significant bit (0 to M). * WARNING: internally, usually 1 to N. */ -#define QSIZE_MINIMUM (511) +#define QSIZE_MINIMUM (511) /* * Prime sieving defines */ /* Constant: assuming 8 bit bytes and 32 bit words */ -#define SHIFT_BIT (3) -#define SHIFT_BYTE (2) -#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) -#define SHIFT_MEGABYTE (20) -#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) +#define SHIFT_BIT (3) +#define SHIFT_BYTE (2) +#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) +#define SHIFT_MEGABYTE (20) +#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) /* * Using virtual memory can cause thrashing. This should be the largest * number that is supported without a large amount of disk activity -- * that would increase the run time from hours to days or weeks! */ -#define LARGE_MINIMUM (8UL) /* megabytes */ +#define LARGE_MINIMUM (8UL) /* megabytes */ /* * Do not increase this number beyond the unsigned integer bit size. * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). */ -#define LARGE_MAXIMUM (127UL) /* megabytes */ +#define LARGE_MAXIMUM (127UL) /* megabytes */ /* * Constant: when used with 32-bit integers, the largest sieve prime * has to be less than 2**32. */ -#define SMALL_MAXIMUM (0xffffffffUL) +#define SMALL_MAXIMUM (0xffffffffUL) /* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ -#define TINY_NUMBER (1UL<<16) +#define TINY_NUMBER (1UL<<16) /* Ensure enough bit space for testing 2*q. */ #define TEST_MAXIMUM (1UL<<16) diff --git a/nchan.c b/nchan.c index ecf59c5db..aee3f37b0 100644 --- a/nchan.c +++ b/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -42,15 +42,15 @@ RCSID("$OpenBSD: nchan.c,v 1.50 2004/06/21 17:36:31 avsm Exp $"); * tear down of channels: * * 1.3: strict request-ack-protocol: - * CLOSE -> - * <- CLOSE_CONFIRM + * CLOSE -> + * <- CLOSE_CONFIRM * * 1.5: uses variations of: - * IEOF -> - * <- OCLOSE - * <- IEOF - * OCLOSE -> - * i.e. both sides have to close the channel + * IEOF -> + * <- OCLOSE + * <- IEOF + * OCLOSE -> + * i.e. both sides have to close the channel * * 2.0: the EOF messages are optional * diff --git a/pathnames.h b/pathnames.h index 53208cf58..cf42625a4 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.14 2004/01/30 09:48:57 markus Exp $ */ +/* $OpenBSD: pathnames.h,v 1.15 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -122,7 +122,7 @@ /* Location of ssh-keysign for hostbased authentication */ #ifndef _PATH_SSH_KEY_SIGN -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" +#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" #endif /* xauth for X11 forwarding */ diff --git a/progressmeter.c b/progressmeter.c index 629a536b2..93f5a3e62 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.21 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -48,15 +48,15 @@ void refresh_progress_meter(void); /* signal handler for updating the progress meter */ static void update_progress_meter(int); -static time_t start; /* start progress */ -static time_t last_update; /* last progress update */ -static char *file; /* name of the file being transferred */ -static off_t end_pos; /* ending position of transfer */ -static off_t cur_pos; /* transfer position as of last refresh */ +static time_t start; /* start progress */ +static time_t last_update; /* last progress update */ +static char *file; /* name of the file being transferred */ +static off_t end_pos; /* ending position of transfer */ +static off_t cur_pos; /* transfer position as of last refresh */ static volatile off_t *counter; /* progress counter */ -static long stalled; /* how long we have been stalled */ -static int bytes_per_second; /* current speed in bytes per second */ -static int win_size; /* terminal window size */ +static long stalled; /* how long we have been stalled */ +static int bytes_per_second; /* current speed in bytes per second */ +static int win_size; /* terminal window size */ /* units for format_size */ static const char unit[] = " KMGT"; diff --git a/readconf.c b/readconf.c index 429f69129..a4fe1fe02 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -804,7 +804,7 @@ parse_int: */ int -read_config_file(const char *filename, const char *host, Options *options, +read_config_file(const char *filename, const char *host, Options *options, int checkperm) { FILE *f; @@ -818,7 +818,7 @@ read_config_file(const char *filename, const char *host, Options *options, if (checkperm) { struct stat sb; - + if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); if (((sb.st_uid != 0 && sb.st_uid != getuid()) || diff --git a/readconf.h b/readconf.h index 5e504bece..ded422585 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.63 2004/06/13 15:03:02 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -103,7 +103,7 @@ typedef struct { int rekey_limit; int no_host_authentication_for_localhost; int identities_only; - int server_alive_interval; + int server_alive_interval; int server_alive_count_max; int num_send_env; diff --git a/servconf.c b/servconf.c index ea67f6288..02fae0fbe 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.134 2004/06/24 19:30:54 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.135 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "log.h" @@ -956,7 +956,7 @@ load_server_config(const char *filename, Buffer *conf) while (fgets(line, sizeof(line), f)) { /* * Trim out comments and strip whitespace - * NB - preserve newlines, they are needed to reproduce + * NB - preserve newlines, they are needed to reproduce * line numbers later for error messages */ if ((cp = strchr(line, '#')) != NULL) diff --git a/session.c b/session.c index a3a7ee784..7c8fe5faf 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.177 2004/06/30 08:36:59 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1001,7 +1001,7 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { /* Set basic environment. */ for (i = 0; i < s->num_env; i++) - child_set_env(&env, &envsize, s->env[i].name, + child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); child_set_env(&env, &envsize, "USER", pw->pw_name); @@ -1320,7 +1320,7 @@ do_pwchange(Session *s) { fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { - fprintf(stderr, + fprintf(stderr, "You must change your password now and login again!\n"); execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); perror("passwd"); diff --git a/sftp-client.c b/sftp-client.c index 88276cd4a..0ffacbccc 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.50 2004/06/03 12:22:20 pedro Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -821,7 +821,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, u_int len; /* - * Simulate EOF on interrupt: stop sending new requests and + * Simulate EOF on interrupt: stop sending new requests and * allow outstanding requests to drain gracefully */ if (interrupted) { @@ -1053,9 +1053,9 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, int len; /* - * Can't use atomicio here because it returns 0 on EOF, + * Can't use atomicio here because it returns 0 on EOF, * thus losing the last block of the file. - * Simulate an EOF on interrupt, allowing ACKs from the + * Simulate an EOF on interrupt, allowing ACKs from the * server to drain. */ if (interrupted) diff --git a/sftp.c b/sftp.c index 4002304ec..f01c9194c 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.55 2004/06/25 23:21:38 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -1328,8 +1328,8 @@ connect_to_server(char *path, char **args, int *in, int *out) /* * The underlying ssh is in the same process group, so we must - * ignore SIGINT if we want to gracefully abort commands, - * otherwise the signal will make it to the ssh process and + * ignore SIGINT if we want to gracefully abort commands, + * otherwise the signal will make it to the ssh process and * kill it too */ signal(SIGINT, SIG_IGN); @@ -1415,7 +1415,7 @@ main(int argc, char **argv) fatal("Batch file already specified."); /* Allow "-" as stdin */ - if (strcmp(optarg, "-") != 0 && + if (strcmp(optarg, "-") != 0 && (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; diff --git a/ssh-agent.1 b/ssh-agent.1 index cfefd34e9..226804e5f 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.40 2004/05/13 02:47:50 dtucker Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -148,7 +148,7 @@ for Bourne-type shells such as or .Xr ksh 1 and -.Cm eval `ssh-agent -c` +.Cm eval `ssh-agent -c` for .Xr csh 1 and derivatives. diff --git a/ssh-keygen.c b/ssh-keygen.c index e8e579b5d..d39e7d881 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.116 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -895,7 +895,7 @@ main(int ac, char **av) if (log_level == SYSLOG_LEVEL_INFO) log_level = SYSLOG_LEVEL_DEBUG1; else { - if (log_level >= SYSLOG_LEVEL_DEBUG1 && + if (log_level >= SYSLOG_LEVEL_DEBUG1 && log_level < SYSLOG_LEVEL_DEBUG3) log_level++; } diff --git a/ssh.c b/ssh.c index f0c284df0..6dff591f1 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.223 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -551,7 +551,7 @@ again: (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options, 0); } @@ -1250,7 +1250,7 @@ control_client(const char *path) Buffer m; char *cp; extern char **environ; - + memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; addr_len = offsetof(struct sockaddr_un, sun_path) + @@ -1291,13 +1291,13 @@ control_client(const char *path) if (options.num_send_env == 0 || environ == NULL) { buffer_put_int(&m, 0); - } else { + } else { /* Pass environment */ num_env = 0; for (i = 0; environ[i] != NULL; i++) if (env_permitted(environ[i])) num_env++; /* Count */ - + buffer_put_int(&m, num_env); for (i = 0; environ[i] != NULL && num_env >= 0; i++) diff --git a/ssh1.h b/ssh1.h index 98d1dc930..cc7fbc8b0 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.3 2001/05/30 12:55:13 markus Exp $ */ +/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -29,8 +29,8 @@ #define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ #define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ -#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ -#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ +#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ +#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ #define SSH_CMSG_EXEC_SHELL 12 /* */ #define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ #define SSH_SMSG_SUCCESS 14 /* */ @@ -45,7 +45,7 @@ #define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ #define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ #define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ -/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ +/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ #define SSH_SMSG_X11_OPEN 27 /* channel (int) */ #define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ #define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ diff --git a/sshd.c b/sshd.c index 6df8f252a..ac62cb506 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.297 2004/06/26 20:07:16 avsm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $"); #include #include @@ -803,7 +803,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); - if (sensitive_data.server_key != NULL && + if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); @@ -1896,7 +1896,7 @@ do_ssh1_kex(void) session_key + sizeof(session_key) - len); derive_ssh1_session_id( - sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.ssh1_host_key->rsa->n, sensitive_data.server_key->rsa->n, cookie, session_id); /* diff --git a/ttymodes.h b/ttymodes.h index 7de4b8362..481282cd7 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -113,17 +113,17 @@ TTYCHAR(VDISCARD, 18) /* name, field, op */ TTYMODE(IGNPAR, c_iflag, 30) TTYMODE(PARMRK, c_iflag, 31) -TTYMODE(INPCK, c_iflag, 32) +TTYMODE(INPCK, c_iflag, 32) TTYMODE(ISTRIP, c_iflag, 33) -TTYMODE(INLCR, c_iflag, 34) -TTYMODE(IGNCR, c_iflag, 35) -TTYMODE(ICRNL, c_iflag, 36) +TTYMODE(INLCR, c_iflag, 34) +TTYMODE(IGNCR, c_iflag, 35) +TTYMODE(ICRNL, c_iflag, 36) #if defined(IUCLC) -TTYMODE(IUCLC, c_iflag, 37) +TTYMODE(IUCLC, c_iflag, 37) #endif -TTYMODE(IXON, c_iflag, 38) -TTYMODE(IXANY, c_iflag, 39) -TTYMODE(IXOFF, c_iflag, 40) +TTYMODE(IXON, c_iflag, 38) +TTYMODE(IXANY, c_iflag, 39) +TTYMODE(IXOFF, c_iflag, 40) #ifdef IMAXBEL TTYMODE(IMAXBEL,c_iflag, 41) #endif /* IMAXBEL */ -- cgit v1.2.3 From 0999174755bbc5b50d65bfa95e0b322ffd12337c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 17:05:14 +1000 Subject: - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@ --- ChangeLog | 8 +++++++- monitor.c | 16 +++++++++++----- monitor_wrap.c | 9 +++++++-- session.c | 42 ++++++++++++++---------------------------- session.h | 5 +---- sshd.c | 8 +++++++- sshlogin.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 89 insertions(+), 42 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index a70a1fac1..8255b3e59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,12 @@ Fix incorrect macro, .I -> .Em From: Eric S. Raymond ok jmc@ + - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 + [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] + Move "Last logged in at.." message generation to the monitor, right + before recording the new login. Fixes missing lastlog message when + /var/log/lastlog is not world-readable and incorrect datestamp when + multiple sessions are used (bz #463); much assistance & ok markus@ 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows @@ -1521,4 +1527,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3476 2004/07/17 06:13:15 dtucker Exp $ +$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $ diff --git a/monitor.c b/monitor.c index 3f468dfff..b7463400e 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.60 2004/06/22 05:05:45 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); #include @@ -79,6 +79,7 @@ extern u_char session_id[]; extern Buffer input, output; extern Buffer auth_debug; extern int auth_debug_init; +extern Buffer loginmsg; /* State exported from the child */ @@ -1230,10 +1231,6 @@ mm_answer_pty(int sock, Buffer *m) buffer_put_int(m, 1); buffer_put_cstring(m, s->tty); - mm_request_send(sock, MONITOR_ANS_PTY, m); - - mm_send_fd(sock, s->ptyfd); - mm_send_fd(sock, s->ttyfd); /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) @@ -1244,6 +1241,15 @@ mm_answer_pty(int sock, Buffer *m) /* Now we can close the file descriptor again */ close(0); + /* send messages generated by record_login */ + buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); + buffer_clear(&loginmsg); + + mm_request_send(sock, MONITOR_ANS_PTY, m); + + mm_send_fd(sock, s->ptyfd); + mm_send_fd(sock, s->ttyfd); + /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); diff --git a/monitor_wrap.c b/monitor_wrap.c index f6bc34ec8..0d7a0e3bd 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.38 2004/07/03 11:02:25 dtucker Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $"); #include #include @@ -70,6 +70,7 @@ extern z_stream incoming_stream; extern z_stream outgoing_stream; extern struct monitor *pmonitor; extern Buffer input, output; +extern Buffer loginmsg; extern ServerOptions options; int @@ -642,7 +643,7 @@ int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { Buffer m; - char *p; + char *p, *msg; int success = 0; buffer_init(&m); @@ -658,11 +659,15 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) return (0); } p = buffer_get_string(&m, NULL); + msg = buffer_get_string(&m, NULL); buffer_free(&m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ xfree(p); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); + *ptyfd = mm_receive_fd(pmonitor->m_recvfd); *ttyfd = mm_receive_fd(pmonitor->m_recvfd); diff --git a/session.c b/session.c index 7c8fe5faf..99b84394e 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.178 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.179 2004/07/17 05:31:41 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -196,12 +196,11 @@ auth_input_request_forwarding(struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s\n", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } - fflush(stdout); + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + printf("%s", (char *)buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } } void @@ -676,14 +675,19 @@ do_exec(Session *s, const char *command) do_exec_no_pty(s, command); original_command = NULL; -} + /* + * Clear loginmsg: it's the child's responsibility to display + * it to the user, otherwise multiple sessions may accumulate + * multiple copies of the login messages. + */ + buffer_clear(&loginmsg); +} /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) { - char *time_string; socklen_t fromlen; struct sockaddr_storage from; struct passwd * pw = s->pw; @@ -728,19 +732,6 @@ do_login(Session *s, const char *command) display_loginmsg(); -#ifndef NO_SSH_LASTLOG - if (options.print_lastlog && s->last_login_time != 0) { - time_string = ctime(&s->last_login_time); - if (strchr(time_string, '\n')) - *strchr(time_string, '\n') = 0; - if (strcmp(s->hostname, "") == 0) - printf("Last login: %s\r\n", time_string); - else - printf("Last login: %s from %s\r\n", time_string, - s->hostname); - } -#endif /* NO_SSH_LASTLOG */ - do_motd(); } @@ -1318,6 +1309,7 @@ do_setusercontext(struct passwd *pw) static void do_pwchange(Session *s) { + fflush(NULL); fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, @@ -1703,12 +1695,6 @@ session_pty_req(Session *s) packet_disconnect("Protocol error: you already have a pty."); return 0; } - /* Get the time and hostname when the user last logged in. */ - if (options.print_lastlog) { - s->hostname[0] = '\0'; - s->last_login_time = get_last_login_time(s->pw->pw_uid, - s->pw->pw_name, s->hostname, sizeof(s->hostname)); - } s->term = packet_get_string(&len); diff --git a/session.h b/session.h index e52506652..48be5070c 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.22 2004/04/27 09:46:37 djm Exp $ */ +/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -39,9 +39,6 @@ struct Session { int ptyfd, ttyfd, ptymaster; u_int row, col, xpixel, ypixel; char tty[TTYSZ]; - /* last login */ - char hostname[MAXHOSTNAMELEN]; - time_t last_login_time; /* X11 */ u_int display_number; char *display; diff --git a/sshd.c b/sshd.c index ac62cb506..a9e7ccb31 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.298 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $"); #include #include @@ -216,6 +216,9 @@ Buffer loginmsg; /* global authentication context */ Authctxt *the_authctxt = NULL; +/* message to be displayed after login */ +Buffer loginmsg; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -1680,6 +1683,9 @@ main(int ac, char **av) if (privsep_preauth(authctxt) == 1) goto authenticated; + /* prepare buffer to collect messages to display to user after login */ + buffer_init(&loginmsg); + /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { diff --git a/sshlogin.c b/sshlogin.c index 75446f9eb..41817ec96 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -39,9 +39,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.9 2004/07/03 05:11:33 dtucker Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.10 2004/07/17 05:31:41 dtucker Exp $"); #include "loginrec.h" +#include "log.h" +#include "buffer.h" +#include "servconf.h" + +extern Buffer loginmsg; +extern ServerOptions options; /* * Returns the time when the user last logged in. Returns 0 if the @@ -59,6 +65,38 @@ get_last_login_time(uid_t uid, const char *logname, return li.tv_sec; } +/* + * Generate and store last login message. This must be done before + * login_login() is called and lastlog is updated. + */ +void +store_lastlog_message(const char *user, uid_t uid) +{ + char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512]; + time_t last_login_time; + +#ifndef NO_SSH_LASTLOG + if (!options.print_lastlog) + return; + + last_login_time = get_last_login_time(uid, user, hostname, + sizeof(hostname)); + + if (last_login_time != 0) { + time_string = ctime(&last_login_time); + if (strchr(time_string, '\n')) + *strchr(time_string, '\n') = '\0'; + if (strcmp(hostname, "") == 0) + snprintf(buf, sizeof(buf), "Last login: %s\r\n", + time_string); + else + snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", + time_string, hostname); + buffer_append(&loginmsg, buf, strlen(buf)); + } +#endif /* NO_SSH_LASTLOG */ +} + /* * Records that the user has logged in. I wish these parts of operating * systems were more standardized. @@ -69,6 +107,9 @@ record_login(pid_t pid, const char *tty, const char *user, uid_t uid, { struct logininfo *li; + /* save previous login details before writing new */ + store_lastlog_message(user, uid); + li = login_alloc_entry(pid, user, host, tty); login_set_addr(li, addr, addrlen); login_login(li); -- cgit v1.2.3 From 8ae66a50327751f881156aaf0997d03791d5b08a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:16:55 +1000 Subject: - (dtucker) [sshd.c] Remove duplicate variable imported during sync. --- ChangeLog | 5 ++++- sshd.c | 3 --- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 4b7097c4d..48ffaa566 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20040812 + - (dtucker) [sshd.c] Remove duplicate variable imported during sync. + 20040720 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/07/21 08:56:12 @@ -1564,4 +1567,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3488 2004/07/21 11:53:34 djm Exp $ +$Id: ChangeLog,v 1.3489 2004/08/12 12:16:55 dtucker Exp $ diff --git a/sshd.c b/sshd.c index a9e7ccb31..8b797e07e 100644 --- a/sshd.c +++ b/sshd.c @@ -210,9 +210,6 @@ int startup_pipe; /* in child */ int use_privsep; struct monitor *pmonitor = NULL; -/* message to be displayed after login */ -Buffer loginmsg; - /* global authentication context */ Authctxt *the_authctxt = NULL; -- cgit v1.2.3 From 6832b83744b807437488d7e122128f9b363dac43 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:36:51 +1000 Subject: - markus@cvs.openbsd.org 2004/07/28 08:56:22 [sshd.c] call setsid() _before_ re-exec --- ChangeLog | 6 +++++- sshd.c | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 17 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 48ffaa566..fbe2bbaa0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20040812 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/07/28 08:56:22 + [sshd.c] + call setsid() _before_ re-exec 20040720 - (djm) OpenBSD CVS Sync @@ -1567,4 +1571,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3489 2004/08/12 12:16:55 dtucker Exp $ +$Id: ChangeLog,v 1.3490 2004/08/12 12:36:51 dtucker Exp $ diff --git a/sshd.c b/sshd.c index 8b797e07e..cc051432f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.299 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.300 2004/07/28 08:56:22 markus Exp $"); #include #include @@ -1548,6 +1548,21 @@ main(int ac, char **av) /* This is the child processing a new connection. */ setproctitle("%s", "[accepted]"); + /* + * Create a new session and process group since the 4.4BSD + * setlogin() affects the entire process group. We don't + * want the child to be able to affect the parent. + */ +#if !defined(SSHD_ACQUIRES_CTTY) + /* + * If setsid is called, on some platforms sshd will later acquire a + * controlling terminal which will result in "could not set + * controlling tty" errors. + */ + if (!debug_flag && !inetd_flag && setsid() < 0) + error("setsid: %.100s", strerror(errno)); +#endif + if (rexec_flag) { int fd; @@ -1587,21 +1602,6 @@ main(int ac, char **av) sock_in, sock_out, newsock, startup_pipe, config_s[0]); } - /* - * Create a new session and process group since the 4.4BSD - * setlogin() affects the entire process group. We don't - * want the child to be able to affect the parent. - */ -#if !defined(SSHD_ACQUIRES_CTTY) - /* - * If setsid is called, on some platforms sshd will later acquire a - * controlling terminal which will result in "could not set - * controlling tty" errors. - */ - if (!debug_flag && !inetd_flag && setsid() < 0) - error("setsid: %.100s", strerror(errno)); -#endif - /* * Disable the key regeneration alarm. We will not regenerate the * key since we are no longer in a position to give it to anyone. We -- cgit v1.2.3 From d8835934c4cf129b842b0f391783754cdaa0190c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 22:42:29 +1000 Subject: - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 [sshd.c] Don't try to close startup_pipe if it's not open; ok djm@ --- ChangeLog | 5 ++++- sshd.c | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index 26abc8812..73be25d81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 [servconf.c] Fix minor leak; "looks right" deraadt@ + - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 + [sshd.c] + Don't try to close startup_pipe if it's not open; ok djm@ 20040720 - (djm) OpenBSD CVS Sync @@ -1582,4 +1585,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3493 2004/08/12 12:41:44 dtucker Exp $ +$Id: ChangeLog,v 1.3494 2004/08/12 12:42:29 dtucker Exp $ diff --git a/sshd.c b/sshd.c index cc051432f..e3acbcc81 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.300 2004/07/28 08:56:22 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.301 2004/08/11 11:50:09 dtucker Exp $"); #include #include @@ -1577,7 +1577,8 @@ main(int ac, char **av) dup2(config_s[1], REEXEC_CONFIG_PASS_FD); close(config_s[1]); - close(startup_pipe); + if (startup_pipe != -1) + close(startup_pipe); execv(rexec_argv[0], rexec_argv); -- cgit v1.2.3 From eb57862e7c4be89ccb0428298e9737ff7e2398f9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 12 Aug 2004 23:08:14 +1000 Subject: - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling messages generated before the postauth privsep split. --- ChangeLog | 4 +++- sshd.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'sshd.c') diff --git a/ChangeLog b/ChangeLog index e78d2f124..3a661ec69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,8 @@ - djm@cvs.openbsd.org 2004/08/11 12:01:16 [sshlogin.c] make store_lastlog_message() static to appease -Wall; ok markus + - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling + messages generated before the postauth privsep split. 20040720 - (djm) OpenBSD CVS Sync @@ -1592,4 +1594,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3496 2004/08/12 12:50:03 dtucker Exp $ +$Id: ChangeLog,v 1.3497 2004/08/12 13:08:14 dtucker Exp $ diff --git a/sshd.c b/sshd.c index e3acbcc81..60f63ef7b 100644 --- a/sshd.c +++ b/sshd.c @@ -659,6 +659,7 @@ privsep_postauth(Authctxt *authctxt) else if (pmonitor->m_pid != 0) { debug2("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); + buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); /* NEVERREACHED */ -- cgit v1.2.3