summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2000-11-21 21:24:55 +0000
committerBen Lindstrom <mouring@eviladmin.org>2000-11-21 21:24:55 +0000
commit14920293713ff4a5bbe45b495694bfd925d73894 (patch)
treed0f63720bdcbc574dc3c018beeb28e6da4b5e1fb
parent4a1d91646d4248c111f573e496cc0d10ba62e274 (diff)
20001123
- (bal) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/15 22:31:36 [auth-options.c] case insensitive key options; from stevesk@sweeden.hp.com - markus@cvs.openbsd.org 2000/11/16 17:55:43 [dh.c] do not use perror() in sshd, after child is forked() - markus@cvs.openbsd.org 2000/11/14 23:42:40 [auth-rsa.c] parse option only if key matches; fix some confusing seen by the client - markus@cvs.openbsd.org 2000/11/14 23:44:19 [session.c] check no_agent_forward_flag for ssh-2, too - markus@cvs.openbsd.org 2000/11/15 [ssh-agent.1] reorder SYNOPSIS; typo, use .It - markus@cvs.openbsd.org 2000/11/14 23:48:55 [ssh-agent.c] do not reorder keys if a key is removed - markus@cvs.openbsd.org 2000/11/15 19:58:08 [ssh.c] just ignore non existing user keys - millert@cvs.openbsd.org 200/11/15 20:24:43 [ssh-keygen.c] Add missing \n at end of error message.
-rw-r--r--ChangeLog27
-rw-r--r--auth-options.c16
-rw-r--r--auth-rsa.c14
-rw-r--r--dh.c6
-rw-r--r--session.c6
-rw-r--r--ssh-agent.118
-rw-r--r--ssh-agent.c18
-rw-r--r--ssh-keygen.c4
-rw-r--r--ssh.c4
9 files changed, 74 insertions, 39 deletions
diff --git a/ChangeLog b/ChangeLog
index 9247ca02..4cf384c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,30 @@
+20001123
+ - (bal) Merge OpenBSD changes:
+ - markus@cvs.openbsd.org 2000/11/15 22:31:36
+ [auth-options.c]
+ case insensitive key options; from stevesk@sweeden.hp.com
+ - markus@cvs.openbsd.org 2000/11/16 17:55:43
+ [dh.c]
+ do not use perror() in sshd, after child is forked()
+ - markus@cvs.openbsd.org 2000/11/14 23:42:40
+ [auth-rsa.c]
+ parse option only if key matches; fix some confusing seen by the client
+ - markus@cvs.openbsd.org 2000/11/14 23:44:19
+ [session.c]
+ check no_agent_forward_flag for ssh-2, too
+ - markus@cvs.openbsd.org 2000/11/15
+ [ssh-agent.1]
+ reorder SYNOPSIS; typo, use .It
+ - markus@cvs.openbsd.org 2000/11/14 23:48:55
+ [ssh-agent.c]
+ do not reorder keys if a key is removed
+ - markus@cvs.openbsd.org 2000/11/15 19:58:08
+ [ssh.c]
+ just ignore non existing user keys
+ - millert@cvs.openbsd.org 200/11/15 20:24:43
+ [ssh-keygen.c]
+ Add missing \n at end of error message.
+
20001122
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports
are compilable.
diff --git a/auth-options.c b/auth-options.c
index c9c149d6..181bf732 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.5 2000/10/09 21:32:34 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.6 2000/11/15 22:31:36 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -65,35 +65,35 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
while (*options && *options != ' ' && *options != '\t') {
cp = "no-port-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Port forwarding disabled.");
no_port_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-agent-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Agent forwarding disabled.");
no_agent_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-X11-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("X11 forwarding disabled.");
no_x11_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-pty";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Pty allocation disabled.");
no_pty_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "command=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i;
options += strlen(cp);
forced_command = xmalloc(strlen(options) + 1);
@@ -121,7 +121,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
goto next_option;
}
cp = "environment=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i;
char *s;
struct envstring *new_envstring;
@@ -156,7 +156,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
goto next_option;
}
cp = "from=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int mname, mip;
char *patterns = xmalloc(strlen(options) + 1);
int i;
diff --git a/auth-rsa.c b/auth-rsa.c
index e8bfa165..72cb909d 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.33 2000/11/14 23:42:40 markus Exp $");
#include "rsa.h"
#include "packet.h"
@@ -231,12 +231,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
}
} else
options = NULL;
- /*
- * If our options do not allow this key to be used,
- * do not send challenge.
- */
- if (!auth_parse_options(pw, options, linenum))
- continue;
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
@@ -259,6 +253,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
file, linenum, BN_num_bits(pk->n), bits);
/* We have found the desired key. */
+ /*
+ * If our options do not allow this key to be used,
+ * do not send challenge.
+ */
+ if (!auth_parse_options(pw, options, linenum))
+ continue;
/* Perform the challenge-response dialog for this key. */
if (!auth_rsa_challenge_dialog(pk)) {
diff --git a/dh.c b/dh.c
index ff84619c..35e90143 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.2 2000/10/11 20:11:35 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
#include "xmalloc.h"
@@ -102,7 +102,6 @@ choose_dh(int minbits)
f = fopen(DH_PRIMES, "r");
if (!f) {
- perror(DH_PRIMES);
log("WARNING: %s does not exist, using old prime", DH_PRIMES);
return (dh_new_group1());
}
@@ -133,8 +132,7 @@ choose_dh(int minbits)
f = fopen(DH_PRIMES, "r");
if (!f) {
- perror(DH_PRIMES);
- exit(1);
+ fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
}
linenum = 0;
diff --git a/session.c b/session.c
index 890e16d5..826307ef 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.43 2000/11/06 23:04:56 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.44 2000/11/14 23:44:19 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -1745,6 +1745,10 @@ session_auth_agent_req(Session *s)
{
static int called = 0;
packet_done();
+ if (no_agent_forwarding_flag) {
+ debug("session_auth_agent_req: no_agent_forwarding_flag");
+ return 0;
+ }
if (called) {
return 0;
} else {
diff --git a/ssh-agent.1 b/ssh-agent.1
index 31ea2b31..3ee5074b 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.17 2000/11/10 05:10:40 aaron Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.19 2000/11/15 20:09:01 markus Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,12 +42,12 @@
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
-.Op Fl c Li | Fl s
-.Op Fl k
-.Oo
.Ar command
-.Op Ar args ...
-.Oc
+.Ar args ...
+.Nm ssh-agent
+.Op Fl c Li | Fl s
+.Nm ssh-agent
+.Fl k
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for public key authentication
@@ -154,7 +154,7 @@ but is normally added to the agent using
at login time.
.It Pa $HOME/.ssh/id_dsa
Contains the DSA authentication identity of the user.
-.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
+.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.
@@ -172,7 +172,7 @@ This version of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see
-.Xr crypto 3 )
+.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
@@ -191,4 +191,4 @@ supports one-time password authentication with
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
-.Xr crypto 3
+.Xr ssl 8
diff --git a/ssh-agent.c b/ssh-agent.c
index f5f87cca..6f89dd5c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -308,8 +308,9 @@ process_remove_identity(SocketEntry *e, int version)
/*
* We have this key. Free the old key. Since we
* don\'t want to leave empty slots in the middle of
- * the array, we actually free the key there and copy
- * data from the last entry.
+ * the array, we actually free the key there and move
+ * all the entries between the empty slot and the end
+ * of the array.
*/
Idtab *tab = idtab_lookup(version);
key_free(tab->identities[idx].key);
@@ -318,8 +319,13 @@ process_remove_identity(SocketEntry *e, int version)
fatal("process_remove_identity: "
"internal error: tab->nentries %d",
tab->nentries);
- if (idx != tab->nentries - 1)
- tab->identities[idx] = tab->identities[tab->nentries - 1];
+ if (idx != tab->nentries - 1) {
+ int i;
+ for (i = idx; i < tab->nentries - 1; i++)
+ tab->identities[i] = tab->identities[i+1];
+ }
+ tab->identities[tab->nentries - 1].key = NULL;
+ tab->identities[tab->nentries - 1].comment = NULL;
tab->nentries--;
success = 1;
}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 3653fc24..5da90035 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -727,7 +727,7 @@ main(int ac, char **av)
if (key_type_name != NULL) {
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s", key_type_name);
+ fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
}
diff --git a/ssh.c b/ssh.c
index a1cedc7e..b41c87e1 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.72 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -1049,7 +1049,7 @@ guess_identity_file_type(const char *filename)
int type = KEY_RSA1; /* default */
if (stat(filename, &st) < 0) {
- perror(filename);
+ /* ignore this key */
return KEY_UNSPEC;
}
public = key_new(type);