summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-05-01 21:10:33 +1000
committerDamien Miller <djm@mindrot.org>2000-05-01 21:10:33 +1000
commit35dabd0398dc4aa8735d5ec896ead6955b83b2ff (patch)
treedc981f761571cb7e6f5b7628bb7d19150559ae01
parent70fb671d218378f6df6a9121a71e8320768a0be3 (diff)
[scp.c]
- fix very rare EAGAIN/EINTR issues; based on work by djm [packet.c] - less debug, rm unused [auth2.c] - disable kerb,s/key in ssh2 [sshd.8] - Minor tweaks and typo fixes. [ssh-keygen.c] - Put -d into usage and reorder. markus ok.
-rw-r--r--ChangeLog10
-rw-r--r--auth2.c6
-rw-r--r--packet.c15
-rw-r--r--scp.c34
-rw-r--r--ssh-keygen.c4
-rw-r--r--sshd.818
6 files changed, 47 insertions, 40 deletions
diff --git a/ChangeLog b/ChangeLog
index eeceec34..f015f562 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,16 @@
- OpenBSD CVS update
[packet.c]
- send debug messages in SSH2 format
+ [scp.c]
+ - fix very rare EAGAIN/EINTR issues; based on work by djm
+ [packet.c]
+ - less debug, rm unused
+ [auth2.c]
+ - disable kerb,s/key in ssh2
+ [sshd.8]
+ - Minor tweaks and typo fixes.
+ [ssh-keygen.c]
+ - Put -d into usage and reorder. markus ok.
- Include missing headers for OpenSSL tests. Fix from Phil Karn
<karn@ka9q.ampr.org>
- Fixed __progname symbol collisions reported by Andre Lucas
diff --git a/auth2.c b/auth2.c
index 9937ed67..cfe63cdf 100644
--- a/auth2.c
+++ b/auth2.c
@@ -27,7 +27,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.3 2000/04/27 15:23:02 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.4 2000/05/01 07:45:08 markus Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
@@ -92,6 +92,10 @@ static int userauth_success = 0;
void
do_authentication2()
{
+ /* turn off skey/kerberos, not supported by SSH2 */
+ options.skey_authentication = 0;
+ options.kerberos_authentication = 0;
+
dispatch_init(&protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &userauth_success);
diff --git a/packet.c b/packet.c
index 73a96b98..e70d0609 100644
--- a/packet.c
+++ b/packet.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.20 2000/04/30 22:24:07 damien Exp $");
+RCSID("$Id: packet.c,v 1.21 2000/05/01 11:10:33 damien Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -130,7 +130,7 @@ clear_enc_keys(Enc *enc, int len)
void
packet_set_ssh2_format(void)
{
- debug("use_ssh2_packet_format");
+ DBG(debug("use_ssh2_packet_format"));
use_ssh2_packet_format = 1;
}
@@ -613,7 +613,7 @@ packet_send2()
fatal("packet_send2: no KEX");
if (mac->md != NULL)
mac->enabled = 1;
- debug("cipher_set_key_iv send_context");
+ DBG(debug("cipher_set_key_iv send_context"));
cipher_set_key_iv(&send_context, enc->type,
enc->key, enc->key_len,
enc->iv, enc->iv_len);
@@ -636,13 +636,6 @@ packet_send()
DBG(debug("packet_send done"));
}
-void
-packet_send_and_wait()
-{
- packet_send();
- packet_write_wait();
-}
-
/*
* Waits until a packet has been received, and returns its type. Note that
* no other data is processed until this returns, so this function should not
@@ -921,7 +914,7 @@ packet_read_poll2(int *payload_len_ptr)
fatal("packet_read_poll2: no KEX");
if (mac->md != NULL)
mac->enabled = 1;
- debug("cipher_set_key_iv receive_context");
+ DBG(debug("cipher_set_key_iv receive_context"));
cipher_set_key_iv(&receive_context, enc->type,
enc->key, enc->key_len,
enc->iv, enc->iv_len);
diff --git a/scp.c b/scp.c
index 64869f97..2ac10629 100644
--- a/scp.c
+++ b/scp.c
@@ -45,7 +45,7 @@
*/
#include "includes.h"
-RCSID("$Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $");
+RCSID("$Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -543,7 +543,7 @@ syserr: run_err("%s: %s", name, strerror(errno));
(void) sprintf(buf, "T%lu 0 %lu 0\n",
(unsigned long) stb.st_mtime,
(unsigned long) stb.st_atime);
- (void) write(remout, buf, strlen(buf));
+ (void) atomicio(write, remout, buf, strlen(buf));
if (response() < 0)
goto next;
}
@@ -556,7 +556,7 @@ syserr: run_err("%s: %s", name, strerror(errno));
fprintf(stderr, "Sending file modes: %s", buf);
fflush(stderr);
}
- (void) write(remout, buf, strlen(buf));
+ (void) atomicio(write, remout, buf, strlen(buf));
if (response() < 0)
goto next;
if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) {
@@ -578,7 +578,7 @@ next: (void) close(fd);
haderr = result >= 0 ? EIO : errno;
}
if (haderr)
- (void) write(remout, bp->buf, amt);
+ (void) atomicio(write, remout, bp->buf, amt);
else {
result = atomicio(write, remout, bp->buf, amt);
if (result != amt)
@@ -592,7 +592,7 @@ next: (void) close(fd);
if (close(fd) < 0 && !haderr)
haderr = errno;
if (!haderr)
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
else
run_err("%s: %s", name, strerror(haderr));
(void) response();
@@ -621,7 +621,7 @@ rsource(name, statp)
(void) sprintf(path, "T%lu 0 %lu 0\n",
(unsigned long) statp->st_mtime,
(unsigned long) statp->st_atime);
- (void) write(remout, path, strlen(path));
+ (void) atomicio(write, remout, path, strlen(path));
if (response() < 0) {
closedir(dirp);
return;
@@ -632,7 +632,7 @@ rsource(name, statp)
0, last);
if (verbose_mode)
fprintf(stderr, "Entering directory: %s", path);
- (void) write(remout, path, strlen(path));
+ (void) atomicio(write, remout, path, strlen(path));
if (response() < 0) {
closedir(dirp);
return;
@@ -651,7 +651,7 @@ rsource(name, statp)
source(1, vect);
}
(void) closedir(dirp);
- (void) write(remout, "E\n", 2);
+ (void) atomicio(write, remout, "E\n", 2);
(void) response();
}
@@ -687,7 +687,7 @@ sink(argc, argv)
if (targetshouldbedirectory)
verifydir(targ);
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
targisdir = 1;
for (first = 1;; first = 0) {
@@ -705,7 +705,7 @@ sink(argc, argv)
if (buf[0] == '\01' || buf[0] == '\02') {
if (iamremote == 0)
- (void) write(STDERR_FILENO,
+ (void) atomicio(write, STDERR_FILENO,
buf + 1, strlen(buf + 1));
if (buf[0] == '\02')
exit(1);
@@ -713,7 +713,7 @@ sink(argc, argv)
continue;
}
if (buf[0] == 'E') {
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
return;
}
if (ch == '\n')
@@ -737,7 +737,7 @@ sink(argc, argv)
getnum(dummy_usec);
if (*cp++ != '\0')
SCREWUP("atime.usec not delimited");
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
continue;
}
if (*cp != 'C' && *cp != 'D') {
@@ -816,7 +816,7 @@ sink(argc, argv)
bad: run_err("%s: %s", np, strerror(errno));
continue;
}
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
if ((bp = allocbuf(&buffer, ofd, 4096)) == NULL) {
(void) close(ofd);
continue;
@@ -897,7 +897,7 @@ bad: run_err("%s: %s", np, strerror(errno));
run_err("%s: %s", np, strerror(wrerrno));
break;
case NO:
- (void) write(remout, "", 1);
+ (void) atomicio(write, remout, "", 1);
break;
case DISPLAYED:
break;
@@ -932,7 +932,7 @@ response()
} while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n');
if (!iamremote)
- (void) write(STDERR_FILENO, rbuf, cp - rbuf);
+ (void) atomicio(write, STDERR_FILENO, rbuf, cp - rbuf);
++errs;
if (resp == 1)
return (-1);
@@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $
+ * $Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $
*/
char *
@@ -1240,7 +1240,7 @@ progressmeter(int flag)
alarmtimer(1);
} else if (flag == 1) {
alarmtimer(0);
- write(fileno(stdout), "\n", 1);
+ atomicio(write, fileno(stdout), "\n", 1);
statbytes = 0;
}
}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d8639689..2154e1eb 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.15 2000/05/01 10:59:51 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.16 2000/05/01 11:10:34 damien Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -492,7 +492,7 @@ void
usage(void)
{
printf("ssh-keygen version %s\n", SSH_VERSION);
- printf("Usage: %s [-b bits] [-p] [-c] [-l] [-x] [-X] [-y] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
+ printf("Usage: %s [-b bits] [-c] [-d] [-f file] [-l] [-p] [-q] [-x] [-y] [-C comment] [-N new-pass] [-P pass] [-X]\n", __progname);
exit(1);
}
diff --git a/sshd.8 b/sshd.8
index cd7f9002..9d8764a9 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: sshd.8,v 1.18 2000/04/20 13:27:27 damien Exp $
+.\" $Id: sshd.8,v 1.19 2000/05/01 11:10:34 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSHD 8
@@ -31,7 +31,7 @@
.Nm
(Secure Shell Daemon) is the daemon program for
.Xr ssh 1 .
-Together these programs replace rlogin and rsh programs, and
+Together these programs replace rlogin and rsh, and
provide secure encrypted communications between two untrusted hosts
over an insecure network.
The programs are intended to be as easy to
@@ -56,19 +56,19 @@ the daemon starts, it generates a server RSA key (normally 768 bits).
This key is normally regenerated every hour if it has been used, and
is never stored on disk.
.Pp
-Whenever a client connects the daemon, the daemon sends its host
-and server public keys to the client.
+Whenever a client connects the daemon responds with its public
+host and server keys.
The client compares the
host key against its own database to verify that it has not changed.
The client then generates a 256 bit random number.
It encrypts this
random number using both the host key and the server key, and sends
the encrypted number to the server.
-Both sides then start to use this
+Both sides then use this
random number as a session key which is used to encrypt all further
communications in the session.
The rest of the session is encrypted
-using a conventional cipher, currently Blowfish and 3DES, with 3DES
+using a conventional cipher, currently Blowfish or 3DES, with 3DES
being used by default.
The client selects the encryption algorithm
to use from those offered by the server.
@@ -95,7 +95,7 @@ are disabled (thus completely disabling
.Xr rlogin 1
and
.Xr rsh 1
-into that machine).
+into the machine).
.Pp
If the client successfully authenticates itself, a dialog for
preparing the session is entered.
@@ -188,9 +188,9 @@ authentication, and termination of each connection is logged.
Do not print an error message if RSA support is missing.
.It Fl V Ar client_protocol_id
SSH2 compatibility mode.
-When this options is specified
+When this option is specified
.Nm
-assumes the client has sent the given version string
+assumes the client has sent the supplied version string
and skips the
Protocol Version Identification Exchange.
.It Fl 4