summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-01-18 02:04:35 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-01-18 02:04:35 +0000
commitbf555ba6210532f8598ff0f96961e82bcda3f09b (patch)
tree2b90d1026f300a2dd478c654e5e47ada304c3ffe
parent01fa6380e815a37ac5ffcf03b04c93d7b52ce765 (diff)
NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature.
-rw-r--r--ChangeLog67
-rw-r--r--Makefile.in2
-rw-r--r--auth-options.c6
-rw-r--r--bsd-strmode.c156
-rw-r--r--bsd-strmode.h5
-rw-r--r--bufaux.c4
-rw-r--r--clientloop.c7
-rw-r--r--clientloop.h24
-rw-r--r--configure.in2
-rw-r--r--dh.c4
-rw-r--r--key.c6
-rw-r--r--openbsd-compat.h1
-rw-r--r--packet.c19
-rw-r--r--packet.h4
-rw-r--r--radix.c16
-rw-r--r--scp.c4
-rw-r--r--session.c9
-rw-r--r--sftp-server.c115
-rw-r--r--ssh-add.c4
-rw-r--r--ssh-keygen.14
-rw-r--r--ssh-keygen.c4
-rw-r--r--ssh-keyscan.c27
-rw-r--r--ssh-rsa.c7
-rw-r--r--ssh.c19
-rw-r--r--sshconnect.c17
-rw-r--r--sshconnect.h2
-rw-r--r--sshconnect1.c8
-rw-r--r--sshd.c14
28 files changed, 424 insertions, 133 deletions
diff --git a/ChangeLog b/ChangeLog
index f3edcd44..656779c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,70 @@
+20010118
+ - (bal) Super Sized OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+ [sshd.c]
+ maxfd+1
+ - markus@cvs.openbsd.org 2001/01/13 17:59:18
+ [ssh-keygen.1]
+ small ssh-keygen manpage cleanup; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:03:07
+ [scp.c ssh-keygen.c sshd.c]
+ getopt() returns -1 not EOF; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:06:54
+ [ssh-keyscan.c]
+ use SSH_DEFAULT_PORT; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:12:47
+ [ssh-keyscan.c]
+ free() -> xfree(); fix memory leak; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:14:13
+ [ssh-add.c]
+ typo, from stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2001/01/13 18:32:50
+ [packet.c session.c ssh.c sshconnect.c sshd.c]
+ split out keepalive from packet_interactive (from dale@accentre.com)
+ set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+ - markus@cvs.openbsd.org 2001/01/13 18:36:45
+ [packet.c packet.h]
+ reorder, typo
+ - markus@cvs.openbsd.org 2001/01/13 18:38:00
+ [auth-options.c]
+ fix comment
+ - markus@cvs.openbsd.org 2001/01/13 18:43:31
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/01/13 19:14:08
+ [clientloop.h clientloop.c ssh.c]
+ move callback to headerfile
+ - markus@cvs.openbsd.org 2001/01/15 21:40:10
+ [ssh.c]
+ use log() instead of stderr
+ - markus@cvs.openbsd.org 2001/01/15 21:43:51
+ [dh.c]
+ use error() not stderr!
+ - markus@cvs.openbsd.org 2001/01/15 21:45:29
+ [sftp-server.c]
+ rename must fail if newpath exists, debug off by default
+ - markus@cvs.openbsd.org 2001/01/15 21:46:38
+ [sftp-server.c]
+ readable long listing for sftp-server, ok deraadt@
+ - markus@cvs.openbsd.org 2001/01/16 19:20:06
+ [key.c ssh-rsa.c]
+ make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+ galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
+ since they are in the wrong format, too. they must be removed from
+ .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+ (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+ .ssh/authorized_keys2) additionally, we now check that
+ BN_num_bits(rsa->n) >= 768.
+ - markus@cvs.openbsd.org 2001/01/16 20:54:27
+ [sftp-server.c]
+ remove some statics. simpler handles; idea from nisse@lysator.liu.se
+ - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+ [bufaux.c radix.c sshconnect.h sshconnect1.c]
+ indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+ be missing such feature.
+
+
20010117
- (djm) Only write random seed file at exit
- (djm) Make PAM support optional, enable with --with-pam
diff --git a/Makefile.in b/Makefile.in
index 1080f26e..d56cd640 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -39,7 +39,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keys
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
-LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
+LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
diff --git a/auth-options.c b/auth-options.c
index c598f70d..ef61d8df 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -2,10 +2,6 @@
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- * RSA-based authentication. This code determines whether to admit a login
- * based on RSA authentication. This file also contains functions to check
- * validity of the host key.
- *
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
@@ -14,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.7 2000/12/19 23:17:54 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
#include "ssh.h"
#include "packet.h"
diff --git a/bsd-strmode.c b/bsd-strmode.c
new file mode 100644
index 00000000..2e2d9054
--- /dev/null
+++ b/bsd-strmode.c
@@ -0,0 +1,156 @@
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRMODE
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+
+void
+strmode(mode, p)
+ register mode_t mode;
+ register char *p;
+{
+ /* print type */
+ switch (mode & S_IFMT) {
+ case S_IFDIR: /* directory */
+ *p++ = 'd';
+ break;
+ case S_IFCHR: /* character special */
+ *p++ = 'c';
+ break;
+ case S_IFBLK: /* block special */
+ *p++ = 'b';
+ break;
+ case S_IFREG: /* regular */
+ *p++ = '-';
+ break;
+ case S_IFLNK: /* symbolic link */
+ *p++ = 'l';
+ break;
+ case S_IFSOCK: /* socket */
+ *p++ = 's';
+ break;
+#ifdef S_IFIFO
+ case S_IFIFO: /* fifo */
+ *p++ = 'p';
+ break;
+#endif
+#ifdef S_IFWHT
+ case S_IFWHT: /* whiteout */
+ *p++ = 'w';
+ break;
+#endif
+ default: /* unknown */
+ *p++ = '?';
+ break;
+ }
+ /* usr */
+ if (mode & S_IRUSR)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWUSR)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXUSR | S_ISUID)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXUSR:
+ *p++ = 'x';
+ break;
+ case S_ISUID:
+ *p++ = 'S';
+ break;
+ case S_IXUSR | S_ISUID:
+ *p++ = 's';
+ break;
+ }
+ /* group */
+ if (mode & S_IRGRP)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWGRP)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXGRP | S_ISGID)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXGRP:
+ *p++ = 'x';
+ break;
+ case S_ISGID:
+ *p++ = 'S';
+ break;
+ case S_IXGRP | S_ISGID:
+ *p++ = 's';
+ break;
+ }
+ /* other */
+ if (mode & S_IROTH)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWOTH)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXOTH | S_ISVTX)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXOTH:
+ *p++ = 'x';
+ break;
+ case S_ISVTX:
+ *p++ = 'T';
+ break;
+ case S_IXOTH | S_ISVTX:
+ *p++ = 't';
+ break;
+ }
+ *p++ = ' '; /* will be a '+' if ACL's implemented */
+ *p = '\0';
+}
+#endif
diff --git a/bsd-strmode.h b/bsd-strmode.h
new file mode 100644
index 00000000..773d6bdc
--- /dev/null
+++ b/bsd-strmode.h
@@ -0,0 +1,5 @@
+#ifndef HAVE_STRMODE
+
+void strmode( register mode_t mode, register char *p);
+
+#endif
diff --git a/bufaux.c b/bufaux.c
index 149677f7..2d20ad6d 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.15 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
#include "ssh.h"
#include <openssl/bn.h>
@@ -90,7 +90,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
bytes = (bits + 7) / 8;
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
- bin = (u_char*) buffer_ptr(buffer);
+ bin = (u_char *) buffer_ptr(buffer);
BN_bin2bn(bin, bytes, value);
buffer_consume(buffer, bytes);
diff --git a/clientloop.c b/clientloop.c
index 44a79d0e..9079bcda 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -79,6 +79,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $");
#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
+#include "clientloop.h"
/* import options */
extern Options options;
@@ -1247,9 +1248,9 @@ client_input_channel_req(int id, void *arg)
}
void
-client_set_session_ident(int id)
+clientloop_set_session_ident(int id)
{
- debug2("client_set_session_ident: id %d", id);
+ debug2("clientloop_set_session_ident: id %d", id);
session_ident = id;
channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
client_input_channel_req, (void *)0);
diff --git a/clientloop.h b/clientloop.h
new file mode 100644
index 00000000..3ad72aa5
--- /dev/null
+++ b/clientloop.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+void clientloop_set_session_ident(int id);
diff --git a/configure.in b/configure.in
index 0dd8c004..ad05a6e7 100644
--- a/configure.in
+++ b/configure.in
@@ -315,7 +315,7 @@ AC_CHECK_FUNC(utimes,
AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
dnl Checks for time functions
AC_CHECK_FUNCS(gettimeofday time)
dnl Checks for libutil functions
diff --git a/dh.c b/dh.c
index 35e90143..87a47845 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
#include "xmalloc.h"
@@ -87,7 +87,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
return (1);
fail:
- fprintf(stderr, "Bad prime description in line %d\n", linenum);
+ error("Bad prime description in line %d\n", linenum);
return (0);
}
diff --git a/key.c b/key.c
index f9474b16..21e13b86 100644
--- a/key.c
+++ b/key.c
@@ -46,7 +46,7 @@
#include "buffer.h"
#include "bufaux.h"
-RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
Key *
key_new(int type)
@@ -555,8 +555,8 @@ key_from_blob(char *blob, int blen)
switch(type){
case KEY_RSA:
key = key_new(type);
- buffer_get_bignum2(&b, key->rsa->n);
buffer_get_bignum2(&b, key->rsa->e);
+ buffer_get_bignum2(&b, key->rsa->n);
#ifdef DEBUG_PK
RSA_print_fp(stderr, key->rsa, 8);
#endif
@@ -608,8 +608,8 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
break;
case KEY_RSA:
buffer_put_cstring(&b, key_ssh_name(key));
- buffer_put_bignum2(&b, key->rsa->n);
buffer_put_bignum2(&b, key->rsa->e);
+ buffer_put_bignum2(&b, key->rsa->n);
break;
default:
error("key_to_blob: illegal key type %d", key->type);
diff --git a/openbsd-compat.h b/openbsd-compat.h
index 9213bead..01dcb4a7 100644
--- a/openbsd-compat.h
+++ b/openbsd-compat.h
@@ -12,6 +12,7 @@
#include "bsd-misc.h"
#include "bsd-strlcpy.h"
#include "bsd-strlcat.h"
+#include "bsd-strmode.h"
#include "bsd-mktemp.h"
#include "bsd-snprintf.h"
#include "bsd-daemon.h"
diff --git a/packet.c b/packet.c
index cd42f2f7..bf3a7ee0 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.42 2001/01/09 21:19:50 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -1230,22 +1230,23 @@ packet_not_very_much_data_to_write()
/* Informs that the current session is interactive. Sets IP flags for that. */
void
-packet_set_interactive(int interactive, int keepalives)
+packet_set_interactive(int interactive)
{
+ static int called = 0;
+ int lowdelay = IPTOS_LOWDELAY;
+ int throughput = IPTOS_THROUGHPUT;
int on = 1;
+ if (called)
+ return;
+ called = 1;
+
/* Record that we are in interactive mode. */
interactive_mode = interactive;
/* Only set socket options if using a socket. */
if (!packet_connection_is_on_socket())
return;
- if (keepalives) {
- /* Set keepalives if requested. */
- if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on,
- sizeof(on)) < 0)
- error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
- }
/*
* IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
*/
@@ -1256,7 +1257,6 @@ packet_set_interactive(int interactive, int keepalives)
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
if (packet_connection_is_ipv4()) {
- int lowdelay = IPTOS_LOWDELAY;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
(void *) &lowdelay, sizeof(lowdelay)) < 0)
error("setsockopt IPTOS_LOWDELAY: %.100s",
@@ -1272,7 +1272,6 @@ packet_set_interactive(int interactive, int keepalives)
* IPTOS_THROUGHPUT.
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- int throughput = IPTOS_THROUGHPUT;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
sizeof(throughput)) < 0)
error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
diff --git a/packet.h b/packet.h
index 597fbb15..00f0c377 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: packet.h,v 1.18 2000/12/19 23:17:57 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
@@ -65,7 +65,7 @@ void packet_start_compression(int level);
* Informs that the current session is interactive. Sets IP flags for
* optimal performance in interactive use.
*/
-void packet_set_interactive(int interactive, int keepalives);
+void packet_set_interactive(int interactive);
/* Returns true if the current connection is interactive. */
int packet_is_interactive(void);
diff --git a/radix.c b/radix.c
index 939d0f7f..3b149a82 100644
--- a/radix.c
+++ b/radix.c
@@ -25,7 +25,7 @@
#include "includes.h"
#include "uuencode.h"
-RCSID("$OpenBSD: radix.c,v 1.14 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: radix.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
#ifdef AFS
#include <krb.h>
@@ -37,7 +37,7 @@ typedef u_short my_u_short;
/* Nasty macros from BIND-4.9.2 */
#define GETSHORT(s, cp) { \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
(s) = (((my_u_short)t_cp[0]) << 8) \
| (((my_u_short)t_cp[1])) \
; \
@@ -45,7 +45,7 @@ typedef u_short my_u_short;
}
#define GETLONG(l, cp) { \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
(l) = (((my_u_int32_t)t_cp[0]) << 24) \
| (((my_u_int32_t)t_cp[1]) << 16) \
| (((my_u_int32_t)t_cp[2]) << 8) \
@@ -56,7 +56,7 @@ typedef u_short my_u_short;
#define PUTSHORT(s, cp) { \
register my_u_short t_s = (my_u_short)(s); \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_s >> 8; \
*t_cp = t_s; \
(cp) += 2; \
@@ -64,7 +64,7 @@ typedef u_short my_u_short;
#define PUTLONG(l, cp) { \
register my_u_int32_t t_l = (my_u_int32_t)(l); \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_l >> 24; \
*t_cp++ = t_l >> 16; \
*t_cp++ = t_l >> 8; \
@@ -73,9 +73,9 @@ typedef u_short my_u_short;
}
#define GETSTRING(s, p, p_l) { \
- register char* p_targ = (p) + p_l; \
- register char* s_c = (s); \
- register char* p_c = (p); \
+ register char *p_targ = (p) + p_l; \
+ register char *s_c = (s); \
+ register char *p_c = (p); \
while (*p_c && (p_c < p_targ)) { \
*s_c++ = *p_c++; \
} \
diff --git a/scp.c b/scp.c
index 74774928..d353b5ea 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.48 2001/01/01 14:52:49 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -247,7 +247,7 @@ main(argc, argv)
addargs("-oFallBackToRsh no");
fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != EOF)
+ while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != -1)
switch (ch) {
/* User-visible flags. */
case '4':
diff --git a/session.c b/session.c
index 74f5fe25..e52aed5a 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.48 2001/01/13 18:43:31 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -405,10 +405,6 @@ do_authenticated(struct passwd * pw)
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
- /* Set interactive/non-interactive mode. */
- packet_set_interactive(have_pty || s->display != NULL,
- options.keepalives);
-
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
@@ -548,6 +544,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
+ /* Set interactive/non-interactive mode. */
+ packet_set_interactive(s->display != NULL);
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
@@ -665,6 +663,7 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
s->ptymaster = ptymaster;
/* Enter interactive session. */
+ packet_set_interactive(1);
if (compat20) {
session_set_fds(s, ptyfd, fdout, -1);
} else {
diff --git a/sftp-server.c b/sftp-server.c
index e4432ca5..b99f087f 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.10 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
#include "ssh.h"
#include "buffer.h"
@@ -189,23 +189,21 @@ encode_attrib(Buffer *b, Attrib *a)
}
}
-Attrib *
-stat_to_attrib(struct stat *st)
+void
+stat_to_attrib(struct stat *st, Attrib *a)
{
- static Attrib a;
- attrib_clear(&a);
- a.flags = 0;
- a.flags |= SSH2_FILEXFER_ATTR_SIZE;
- a.size = st->st_size;
- a.flags |= SSH2_FILEXFER_ATTR_UIDGID;
- a.uid = st->st_uid;
- a.gid = st->st_gid;
- a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
- a.perm = st->st_mode;
- a.flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
- a.atime = st->st_atime;
- a.mtime = st->st_mtime;
- return &a;
+ attrib_clear(a);
+ a->flags = 0;
+ a->flags |= SSH2_FILEXFER_ATTR_SIZE;
+ a->size = st->st_size;
+ a->flags |= SSH2_FILEXFER_ATTR_UIDGID;
+ a->uid = st->st_uid;
+ a->gid = st->st_gid;
+ a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+ a->perm = st->st_mode;
+ a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
+ a->atime = st->st_atime;
+ a->mtime = st->st_mtime;
}
Attrib *
@@ -264,24 +262,21 @@ handle_is_ok(int i, int type)
int
handle_to_string(int handle, char **stringp, int *hlenp)
{
- char buf[1024];
if (stringp == NULL || hlenp == NULL)
return -1;
- snprintf(buf, sizeof buf, "%d", handle);
- *stringp = xstrdup(buf);
- *hlenp = strlen(*stringp);
+ *stringp = xmalloc(sizeof(int32_t));
+ PUT_32BIT(*stringp, handle);
+ *hlenp = sizeof(int32_t);
return 0;
}
int
handle_from_string(char *handle, u_int hlen)
{
-/* XXX OVERFLOW ? */
- char *ep;
- long lval = strtol(handle, &ep, 10);
- int val = lval;
- if (*ep != '\0')
+ int val;
+ if (hlen != sizeof(int32_t))
return -1;
+ val = GET_32BIT(handle);
if (handle_is_ok(val, HANDLE_FILE) ||
handle_is_ok(val, HANDLE_DIR))
return val;
@@ -568,7 +563,7 @@ process_write(void)
void
process_do_stat(int do_lstat)
{
- Attrib *a;
+ Attrib a;
struct stat st;
u_int32_t id;
char *name;
@@ -581,8 +576,8 @@ process_do_stat(int do_lstat)
if (ret < 0) {
status = errno_to_portable(errno);
} else {
- a = stat_to_attrib(&st);
- send_attrib(id, a);
+ stat_to_attrib(&st, &a);
+ send_attrib(id, &a);
status = SSH2_FX_OK;
}
if (status != SSH2_FX_OK)
@@ -605,7 +600,7 @@ process_lstat(void)
void
process_fstat(void)
{
- Attrib *a;
+ Attrib a;
struct stat st;
u_int32_t id;
int fd, ret, handle, status = SSH2_FX_FAILURE;
@@ -619,8 +614,8 @@ process_fstat(void)
if (ret < 0) {
status = errno_to_portable(errno);
} else {
- a = stat_to_attrib(&st);
- send_attrib(id, a);
+ stat_to_attrib(&st, &a);
+ send_attrib(id, &a);
status = SSH2_FX_OK;
}
}
@@ -736,18 +731,41 @@ process_opendir(void)
}
/*
- * XXX, draft-ietf-secsh-filexfer-00.txt says:
- * The recommended format for the longname field is as follows:
- * -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer
- * 1234567890 123 12345678 12345678 12345678 123456789012
+ * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh
*/
char *
ls_file(char *name, struct stat *st)
{
- char buf[1024];
- snprintf(buf, sizeof buf, "0%o %d %d %lld %d %s",
- st->st_mode, st->st_uid, st->st_gid, (long long)st->st_size,
- (int)st->st_mtime, name);
+ int sz = 0;
+ struct passwd *pw;
+ struct group *gr;
+ struct tm *ltime = localtime(&st->st_mtime);
+ char *user, *group;
+ char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
+
+ strmode(st->st_mode, mode);
+ if ((pw = getpwuid(st->st_uid)) != NULL) {
+ user = pw->pw_name;
+ } else {
+ snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+ user = ubuf;
+ }
+ if ((gr = getgrgid(st->st_gid)) != NULL) {
+ group = gr->gr_name;
+ } else {
+ snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+ group = gbuf;
+ }
+ if (ltime != NULL) {
+ if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
+ sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
+ else
+ sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
+ }
+ if (sz == 0)
+ tbuf[0] = '\0';
+ snprintf(buf, sizeof buf, "%s %3d %-8.8s %-8.8s %8qd %s %s", mode,
+ st->st_nlink, user, group, (long long)st->st_size, tbuf, name);
return xstrdup(buf);
}
@@ -768,7 +786,6 @@ process_readdir(void)
if (dirp == NULL || path == NULL) {
send_status(id, SSH2_FX_FAILURE);
} else {
- Attrib *a;
struct stat st;
char pathname[1024];
Stat *stats;
@@ -784,12 +801,12 @@ process_readdir(void)
"%s/%s", path, dp->d_name);
if (lstat(pathname, &st) < 0)
continue;
- a = stat_to_attrib(&st);
- stats[count].attrib = *a;
+ stat_to_attrib(&st, &(stats[count].attrib));
stats[count].name = xstrdup(dp->d_name);
stats[count].long_name = ls_file(dp->d_name, &st);
count++;
/* send up to 100 entries in one message */
+ /* XXX check packet size instead */
if (count == 100)
break;
}
@@ -888,15 +905,19 @@ void
process_rename(void)
{
u_int32_t id;
+ struct stat st;
char *oldpath, *newpath;
- int ret, status;
+ int ret, status = SSH2_FX_FAILURE;
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("rename id %d old %s new %s", id, oldpath, newpath);
- ret = rename(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ /* fail if 'newpath' exists */
+ if (stat(newpath, &st) == -1) {
+ ret = rename(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ }
send_status(id, status);
xfree(oldpath);
xfree(newpath);
@@ -1006,7 +1027,9 @@ main(int ac, char **av)
__progname = get_progname(av[0]);
handle_init();
+#ifdef DEBUG_SFTP_SERVER
log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+#endif
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
diff --git a/ssh-add.c b/ssh-add.c
index 857f3d74..c3b3ab4a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.23 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rsa.h>
@@ -91,7 +91,7 @@ delete_all(AuthenticationConnection *ac)
if (success)
fprintf(stderr, "All identities removed.\n");
else
- fprintf(stderr, "Failed to remove all identitities.\n");
+ fprintf(stderr, "Failed to remove all identities.\n");
}
char *
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index b1430f14..f7b08c98 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -81,7 +81,7 @@ generates and manages authentication keys for
defaults to generating an RSA key for use by protocols 1.3 and 1.5;
specifying the
.Fl t
-allows you to create a key for use by protocol 2.0.
+option allows you to create a key for use by protocol 2.0.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
@@ -100,7 +100,7 @@ The public key is stored in a file with the same name but
appended.
The program also asks for a passphrase.
The passphrase may be empty to indicate no passphrase
-(host keys must have empty passphrase), or it may be a string of
+(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
Good passphrases are 10-30 characters long and are
not simple sentences or otherwise easily guessable (English
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 87be6a5f..5d9fa644 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.38 2000/12/28 18:58:39 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -643,7 +643,7 @@ main(int ac, char **av)
exit(1);
}
- while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
+ while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != -1) {
switch (opt) {
case 'b':
bits = atoi(optarg);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5d5427aa..69b029b0 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.7 2001/01/08 22:03:23 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
@@ -31,7 +31,6 @@ static int argno = 1; /* Number of argument currently being parsed */
int family = AF_UNSPEC; /* IPv4, IPv6 or both */
-#define PORT 22
#define MAXMAXFD 256
/* The number of seconds after which to give up on a TCP connection */
@@ -103,7 +102,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
if (filename) {
lb->filename = filename;
if (!(lb->stream = fopen(filename, "r"))) {
- free(lb);
+ xfree(lb);
if (errfun)
(*errfun) ("%s: %s\n", filename, strerror(errno));
return (NULL);
@@ -116,7 +115,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
if (errfun)
(*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
- free(lb);
+ xfree(lb);
return (NULL);
}
lb->errfun = errfun;
@@ -128,8 +127,8 @@ static inline void
Linebuf_free(Linebuf * lb)
{
fclose(lb->stream);
- free(lb->buf);
- free(lb);
+ xfree(lb->buf);
+ xfree(lb);
}
static inline void
@@ -298,7 +297,7 @@ tcpconnect(char *host)
char strport[NI_MAXSERV];
int gaierr, s = -1;
- snprintf(strport, sizeof strport, "%d", PORT);
+ snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
@@ -335,7 +334,7 @@ conalloc(char *iname, char *oname)
do {
name = xstrsep(&namelist, ",");
if (!name) {
- free(namebase);
+ xfree(namebase);
return (-1);
}
} while ((s = tcpconnect(name)) < 0);
@@ -368,10 +367,10 @@ confree(int s)
close(s);
if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
fatal("confree: attempt to free bad fdno %d", s);
- free(fdcon[s].c_namebase);
- free(fdcon[s].c_output_name);
+ xfree(fdcon[s].c_namebase);
+ xfree(fdcon[s].c_output_name);
if (fdcon[s].c_status == CS_KEYS)
- free(fdcon[s].c_data);
+ xfree(fdcon[s].c_data);
fdcon[s].c_status = CS_UNUSED;
TAILQ_REMOVE(&tq, &fdcon[s], c_link);
FD_CLR(s, &read_wait);
@@ -395,11 +394,11 @@ conrecycle(int s)
char *iname, *oname;
iname = xstrdup(c->c_namelist);
- oname = c->c_output_name;
- c->c_output_name = NULL;/* prevent it from being freed */
+ oname = xstrdup(c->c_output_name);
confree(s);
ret = conalloc(iname, oname);
- free(iname);
+ xfree(iname);
+ xfree(oname);
return (ret);
}
diff --git a/ssh-rsa.c b/ssh-rsa.c
index aab9168e..e53af9e0 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -122,6 +122,11 @@ ssh_rsa_verify(
error("ssh_rsa_verify: no RSA key");
return -1;
}
+ if (BN_num_bits(key->rsa->n) < 768) {
+ error("ssh_rsa_verify: n too small: %d bits",
+ BN_num_bits(key->rsa->n));
+ return -1;
+ }
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
diff --git a/ssh.c b/ssh.c
index 7035486e..f1beb8c5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -59,6 +59,7 @@ RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "clientloop.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@@ -526,14 +527,14 @@ main(int ac, char **av)
/* Do not allocate a tty if stdin is not a tty. */
if (!isatty(fileno(stdin)) && !force_tty_flag) {
if (tty_flag)
- fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
+ log("Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
tty_flag = 0;
}
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
- fprintf(stderr, "You don't exist, go away!\n");
+ log("You don't exist, go away!\n");
exit(1);
}
/* Take a copy of the returned structure. */
@@ -870,8 +871,7 @@ ssh_session(void)
}
}
/* Tell the packet module whether this is an interactive session. */
- packet_set_interactive(interactive, options.keepalives);
-
+ packet_set_interactive(interactive);
/* Request authentication agent forwarding if appropriate. */
check_agent_present();
@@ -919,12 +919,12 @@ ssh_session(void)
return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0);
}
-extern void client_set_session_ident(int id);
-
void
ssh_session2_callback(int id, void *arg)
{
int len;
+ int interactive = 0;
+
debug("client_init id %d arg %d", id, (int)arg);
if (no_shell_flag)
@@ -948,6 +948,7 @@ ssh_session2_callback(int id, void *arg)
packet_put_int(ws.ws_ypixel);
packet_put_cstring(""); /* XXX: encode terminal modes */
packet_send();
+ interactive = 1;
/* XXX wait for reply */
}
if (options.forward_x11 &&
@@ -958,6 +959,7 @@ ssh_session2_callback(int id, void *arg)
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication spoofing.");
x11_request_forwarding_with_spoofing(id, proto, data);
+ interactive = 1;
/* XXX wait for reply */
}
@@ -982,7 +984,8 @@ ssh_session2_callback(int id, void *arg)
/* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */
done:
/* register different callback, etc. XXX */
- client_set_session_ident(id);
+ packet_set_interactive(interactive);
+ clientloop_set_session_ident(id);
}
int
diff --git a/sshconnect.c b/sshconnect.c
index 59b273a9..e40ba984 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -187,12 +187,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
int anonymous, uid_t original_real_uid,
const char *proxy_command)
{
+ int gaierr;
+ int on = 1;
int sock = -1, attempt;
- struct servent *sp;
- struct addrinfo hints, *ai, *aitop;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- int gaierr;
+ struct addrinfo hints, *ai, *aitop;
struct linger linger;
+ struct servent *sp;
debug("ssh_connect: getuid %u geteuid %u anon %d",
(u_int) getuid(), (u_int) geteuid(), anonymous);
@@ -298,7 +299,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
/* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
linger.l_onoff = 1;
linger.l_linger = 5;
- setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
+ setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
+
+ /* Set keepalives if requested. */
+ if (options.keepalives &&
+ setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
/* Set the connection. */
packet_set_connection(sock, sock);
diff --git a/sshconnect.h b/sshconnect.h
index 146a65ba..72000467 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -30,7 +30,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
void ssh_kex(char *host, struct sockaddr *hostaddr);
void
-ssh_userauth(const char* local_user, const char* server_user, char *host,
+ssh_userauth(const char * local_user, const char * server_user, char *host,
int host_key_valid, RSA *own_host_key);
void ssh_kex2(char *host, struct sockaddr *hostaddr);
diff --git a/sshconnect1.c b/sshconnect1.c
index 09d0210a..17b381c1 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.14 2001/01/08 21:55:41 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -577,7 +577,7 @@ send_afs_tokens(void)
creds.pinst[0] = '\0';
/* Encode token, ship it off. */
- if (creds_to_radix(&creds, (u_char*) buffer, sizeof buffer) <= 0)
+ if (creds_to_radix(&creds, (u_char *) buffer, sizeof buffer) <= 0)
break;
packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
packet_put_string(buffer, strlen(buffer));
@@ -897,8 +897,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
*/
void
ssh_userauth(
- const char* local_user,
- const char* server_user,
+ const char *local_user,
+ const char *server_user,
char *host,
int host_key_valid, RSA *own_host_key)
{
diff --git a/sshd.c b/sshd.c
index 298a1b6b..be7ae5ab 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.147 2001/01/10 19:43:20 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.150 2001/01/13 18:32:51 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -580,7 +580,7 @@ main(int ac, char **av)
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != -1) {
switch (opt) {
case '4':
IPv4or6 = AF_INET;
@@ -927,7 +927,7 @@ main(int ac, char **av)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
- fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+ fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
@@ -938,7 +938,7 @@ main(int ac, char **av)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
- if (select(maxfd + 1, fdset, NULL, NULL, NULL) < 0) {
+ if (select(maxfd+1, fdset, NULL, NULL, NULL) < 0) {
if (errno != EINTR)
error("select: %.100s", strerror(errno));
continue;
@@ -1080,6 +1080,12 @@ main(int ac, char **av)
linger.l_linger = 5;
setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
+ /* Set keepalives if requested. */
+ if (options.keepalives &&
+ setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
/*
* Register our connection. This turns encryption off because we do
* not have a key.