summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog40
-rw-r--r--atomicio.c2
-rw-r--r--auth-skey.c4
-rw-r--r--canohost.c4
-rw-r--r--channels.c63
-rw-r--r--channels.h11
-rw-r--r--cipher.c39
-rw-r--r--clientloop.c18
-rw-r--r--compat.c7
-rw-r--r--scp.c8
-rw-r--r--serverloop.c6
-rw-r--r--session.c17
-rw-r--r--ssh.17
-rw-r--r--ssh.c12
-rw-r--r--sshconnect2.c15
-rw-r--r--util.c13
16 files changed, 177 insertions, 89 deletions
diff --git a/ChangeLog b/ChangeLog
index 914891be..1bbfdcf0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,46 @@
- (djm) fix select hack in serverloop.c from Philippe WILLEM
<Philippe.WILLEM@urssaf.fr>
- (djm) Fix mangled AIXAUTHENTICATE code
+ - (djm) Sync with OpenBSD:
+ - markus@cvs.openbsd.org 2000/10/16 15:46:32
+ [ssh.1]
+ fixes from pekkas@netcore.fi
+ - markus@cvs.openbsd.org 2000/10/17 14:28:11
+ [atomicio.c]
+ return number of characters processed; ok deraadt@
+ - markus@cvs.openbsd.org 2000/10/18 12:04:02
+ [atomicio.c]
+ undo
+ - markus@cvs.openbsd.org 2000/10/18 12:23:02
+ [scp.c]
+ replace atomicio(read,...) with read(); ok deraadt@
+ - markus@cvs.openbsd.org 2000/10/18 12:42:00
+ [session.c]
+ restore old record login behaviour
+ - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
+ [auth-skey.c]
+ fmt string problem in unused code
+ - provos@cvs.openbsd.org 2000/10/19 10:45:16
+ [sshconnect2.c]
+ don't reference freed memory. okay deraadt@
+ - markus@cvs.openbsd.org 2000/10/21 11:04:23
+ [canohost.c]
+ typo, eramore@era-t.ericsson.se; ok niels@
+ - markus@cvs.openbsd.org 2000/10/23 13:31:55
+ [cipher.c]
+ non-alignment dependent swap_bytes(); from
+ simonb@wasabisystems.com/netbsd
+ - markus@cvs.openbsd.org 2000/10/26 12:38:28
+ [compat.c]
+ add older vandyke products
+ - markus@cvs.openbsd.org 2000/10/27 01:32:19
+ [channels.c channels.h clientloop.c serverloop.c session.c]
+ [ssh.c util.c]
+ enable non-blocking IO on channels, and tty's (except for the
+ client ttys).
+ - markus@cvs.openbsd.org 2000/10/27 01:48:22
+ channels.c channels.h clientloop.c
+ deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
20001027
- (djm) Increase REKEY_BYTES to 2^24 for arc4random
diff --git a/atomicio.c b/atomicio.c
index f5b1812f..29ff16c4 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: atomicio.c,v 1.5 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/auth-skey.c b/auth-skey.c
index 1e3cec86..7088b790 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-skey.c,v 1.8 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");
#ifdef SKEY
#include "ssh.h"
@@ -48,7 +48,7 @@ auth_skey_password(struct passwd * pw, const char *password)
skeyinfo = skey_fake_keyinfo(pw->pw_name);
}
if (skeyinfo != NULL)
- packet_send_debug(skeyinfo);
+ packet_send_debug("%s", skeyinfo);
/* Try again. */
return 0;
} else if (skey_haskey(pw->pw_name) == 0 &&
diff --git a/canohost.c b/canohost.c
index 98ce9744..6d36dd11 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.15 2000/09/07 21:13:37 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.16 2000/10/21 17:04:22 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -147,7 +147,7 @@ check_ip_options:
else
ipproto = IPPROTO_IP;
option_size = sizeof(options);
- if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options,
+ if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options,
&option_size) >= 0 && option_size != 0) {
cp = text;
/* Note: "text" buffer must be at least 3x as big as options. */
diff --git a/channels.c b/channels.c
index 96d8dc4b..028c09e6 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -174,7 +174,8 @@ channel_lookup(int id)
*/
void
-channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
+channel_register_fds(Channel *c, int rfd, int wfd, int efd,
+ int extusage, int nonblock)
{
/* Update the maximum file descriptor value. */
if (rfd > channel_max_fd_value)
@@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
c->sock = (rfd == wfd) ? rfd : -1;
c->efd = efd;
c->extended_usage = extusage;
- if (rfd != -1)
- set_nonblock(rfd);
- if (wfd != -1)
- set_nonblock(wfd);
- if (efd != -1)
- set_nonblock(efd);
+
+ /* enable nonblocking mode */
+ if (nonblock) {
+ if (rfd != -1)
+ set_nonblock(rfd);
+ if (wfd != -1)
+ set_nonblock(wfd);
+ if (efd != -1)
+ set_nonblock(efd);
+ }
}
/*
@@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
int
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
- int window, int maxpack, int extusage, char *remote_name)
+ int window, int maxpack, int extusage, char *remote_name, int nonblock)
{
int i, found;
Channel *c;
@@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
buffer_init(&c->output);
buffer_init(&c->extended);
chan_init_iostates(c);
- channel_register_fds(c, rfd, wfd, efd, extusage);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
c->self = found;
c->type = type;
c->ctype = ctype;
@@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
int
channel_allocate(int type, int sock, char *remote_name)
{
- return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);
+ return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1);
}
@@ -548,7 +553,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
newch = channel_new("x11",
SSH_CHANNEL_OPENING, newsock, newsock, -1,
c->local_window_max, c->local_maxpacket,
- 0, xstrdup(buf));
+ 0, xstrdup(buf), 1);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("x11");
@@ -606,7 +611,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
newch = channel_new("direct-tcpip",
SSH_CHANNEL_OPENING, newsock, newsock, -1,
c->local_window_max, c->local_maxpacket,
- 0, xstrdup(buf));
+ 0, xstrdup(buf), 1);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("direct-tcpip");
@@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host,
"port listener", SSH_CHANNEL_PORT_LISTENER,
sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, xstrdup("port listener"));
+ 0, xstrdup("port listener"), 1);
strlcpy(channels[ch].path, host, sizeof(channels[ch].path));
channels[ch].host_port = host_port;
channels[ch].listening_port = port;
@@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
(void) channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, xstrdup("X11 inet listener"));
+ 0, xstrdup("X11 inet listener"), 1);
}
/* Return a suitable value for the DISPLAY environment variable. */
@@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt)
}
}
+/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
+void
+deny_input_open(int type, int plen, void *ctxt)
+{
+ int rchan = packet_get_int();
+ switch(type){
+ case SSH_SMSG_AGENT_OPEN:
+ error("Warning: ssh server tried agent forwarding.");
+ break;
+ case SSH_SMSG_X11_OPEN:
+ error("Warning: ssh server tried X11 forwarding.");
+ break;
+ default:
+ error("deny_input_open: type %d plen %d", type, plen);
+ break;
+ }
+ error("Warning: this is probably a break in attempt by a malicious server.");
+ packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
+ packet_put_int(rchan);
+ packet_send();
+}
+
/*
* Requests forwarding of X11 connections, generates fake authentication
* data, and enables authentication spoofing.
@@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn)
}
void
-channel_set_fds(int id, int rfd, int wfd, int efd, int extusage)
+channel_set_fds(int id, int rfd, int wfd, int efd,
+ int extusage, int nonblock)
{
Channel *c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
fatal("channel_activate for non-larval channel %d.", id);
-
- channel_register_fds(c, rfd, wfd, efd, extusage);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
c->type = SSH_CHANNEL_OPEN;
/* XXX window size? */
c->local_window = c->local_window_max = c->local_maxpacket * 2;
diff --git a/channels.h b/channels.h
index a74f5926..00526860 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: channels.h,v 1.20 2000/09/21 11:25:33 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.22 2000/10/27 07:48:22 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
@@ -117,7 +117,6 @@ struct Channel {
#define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2)
-void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage);
void channel_open(int id);
void channel_request(int id, char *service, int wantconfirm);
void channel_request_start(int id, char *service, int wantconfirm);
@@ -129,7 +128,13 @@ Channel *channel_lookup(int id);
int
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
- int window, int maxpack, int extended_usage, char *remote_name);
+ int window, int maxpack, int extended_usage, char *remote_name,
+ int nonblock);
+void
+channel_set_fds(int id, int rfd, int wfd, int efd,
+ int extusage, int nonblock);
+
+void deny_input_open(int type, int plen, void *ctxt);
void channel_input_channel_request(int type, int plen, void *ctxt);
void channel_input_close(int type, int plen, void *ctxt);
diff --git a/cipher.c b/cipher.c
index b9c1b28a..65cde473 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -218,28 +218,21 @@ blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
*/
static void
-swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
-{
- /* dst must be properly aligned. */
- u_int32_t *dst = (u_int32_t *) dst_;
- union {
- u_int32_t i;
- char c[4];
- } t;
-
- /* Process 8 bytes every lap. */
- for (n = n / 8; n > 0; n--) {
- t.c[3] = *src++;
- t.c[2] = *src++;
- t.c[1] = *src++;
- t.c[0] = *src++;
- *dst++ = t.i;
-
- t.c[3] = *src++;
- t.c[2] = *src++;
- t.c[1] = *src++;
- t.c[0] = *src++;
- *dst++ = t.i;
+swap_bytes(const unsigned char *src, unsigned char *dst, int n)
+{
+ char c[4];
+
+ /* Process 4 bytes every lap. */
+ for (n = n / 4; n > 0; n--) {
+ c[3] = *src++;
+ c[2] = *src++;
+ c[1] = *src++;
+ c[0] = *src++;
+
+ *dst++ = c[0];
+ *dst++ = c[1];
+ *dst++ = c[2];
+ *dst++ = c[3];
}
}
diff --git a/clientloop.c b/clientloop.c
index 90a781ec..bccb9be2 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $");
#include "buffer.h"
#include "bufaux.h"
+
+/* import options */
+extern Options options;
+
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
@@ -790,7 +794,6 @@ simple_escape_filter(Channel *c, char *buf, int len)
int
client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
- extern Options options;
double start_time, total_time;
int len;
char buf[100];
@@ -1033,7 +1036,7 @@ client_input_channel_open(int type, int plen, void *ctxt)
debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "x11") == 0) {
+ if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
int sock;
char *originator;
int originator_port;
@@ -1052,7 +1055,7 @@ client_input_channel_open(int type, int plen, void *ctxt)
if (sock >= 0) {
id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
- CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"));
+ CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1);
c = channel_lookup(id);
}
}
@@ -1105,11 +1108,14 @@ client_init_dispatch_13()
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+ &auth_input_open_request : &deny_input_open);
+ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+ &x11_input_open : &deny_input_open);
}
void
client_init_dispatch_15()
diff --git a/compat.c b/compat.c
index 49bc0519..a4e05ebf 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.26 2000/10/26 18:38:28 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -72,7 +72,10 @@ compat_datafellows(const char *version)
SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
{ "^2\\.[23]\\.0 ", SSH_BUG_HMAC},
{ "^2\\.[2-9]\\.", 0 },
- { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
+ { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
+ { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
+ { "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
+ { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
{ NULL, 0 }
};
/* process table, return first match */
diff --git a/scp.c b/scp.c
index 75e50ce2..86276d6d 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.43 2000/10/18 18:23:02 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -838,8 +838,10 @@ bad: run_err("%s: %s", np, strerror(errno));
amt = size - i;
count += amt;
do {
- j = atomicio(read, remin, cp, amt);
- if (j <= 0) {
+ j = read(remin, cp, amt);
+ if (j == -1 && (errno == EINTR || errno == EAGAIN)) {
+ continue;
+ } else if (j <= 0) {
run_err("%s", j ? strerror(errno) :
"dropped connection");
exit(1);
diff --git a/serverloop.c b/serverloop.c
index a9e47876..6a81806b 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,6 +35,8 @@
*/
#include "includes.h"
+RCSID("$OpenBSD: serverloop.c,v 1.34 2000/10/27 07:32:18 markus Exp $");
+
#include "xmalloc.h"
#include "ssh.h"
#include "packet.h"
@@ -766,7 +768,7 @@ input_direct_tcpip(void)
return -1;
return channel_new("direct-tcpip", SSH_CHANNEL_OPEN,
sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
- CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"));
+ CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1);
}
void
@@ -800,7 +802,7 @@ server_input_channel_open(int type, int plen, void *ctxt)
*/
id = channel_new(ctype, SSH_CHANNEL_LARVAL,
-1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT,
- 0, xstrdup("server-session"));
+ 0, xstrdup("server-session"), 1);
if (session_open(id) == 1) {
channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
session_input_channel_req, (void *)0);
diff --git a/session.c b/session.c
index 4325ed3a..4b58131a 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.42 2000/10/27 07:32:18 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -119,7 +119,7 @@ void session_pty_cleanup(Session *s);
void session_proctitle(Session *s);
void do_exec_pty(Session *s, const char *command, struct passwd * pw);
void do_exec_no_pty(Session *s, const char *command, struct passwd * pw);
-void do_login(Session *s);
+void do_login(Session *s, const char *command);
void
do_child(const char *command, struct passwd * pw, const char *term,
@@ -627,8 +627,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
close(ttyfd);
/* record login, etc. similar to login(1) */
- if (command == NULL && !options.use_login)
- do_login(s);
+ if (!(options.use_login && command == NULL))
+ do_login(s, command);
/* Do common processing for the child, such as execing the command. */
do_child(command, pw, s->term, s->display, s->auth_proto,
@@ -684,7 +684,7 @@ get_remote_name_or_ip(void)
/* administrative, login(1)-like work */
void
-do_login(Session *s)
+do_login(Session *s, const char *command)
{
FILE *f;
char *time_string;
@@ -731,7 +731,9 @@ do_login(Session *s)
}
#endif
- /* Done if .hushlogin exists. */
+ /* Done if .hushlogin exists or a command given. */
+ if (command != NULL)
+ return;
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
@@ -1778,7 +1780,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
fatal("no channel for session %d", s->self);
channel_set_fds(s->chanid,
fdout, fdin, fderr,
- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ);
+ fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1);
}
void
diff --git a/ssh.1 b/ssh.1
index dac24a43..786df184 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,6 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
+.\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -367,7 +368,7 @@ It is believed to be secure.
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
It is presumably more secure than the
.Ar des
-cipher which is no longer supported in
+cipher which is no longer fully supported in
.Nm ssh .
.Ar blowfish
is a fast block cipher, it appears very secure and is much faster than
@@ -628,9 +629,9 @@ If the option is set to
the check will not be executed.
.It Cm Cipher
Specifies the cipher to use for encrypting the session
-in protocol version 1
+in protocol version 1.
Currently,
-.Dq blowfish ,
+.Dq blowfish
and
.Dq 3des
are supported.
diff --git a/ssh.c b/ssh.c
index ed31007a..429d571b 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.68 2000/10/11 20:27:24 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.69 2000/10/27 07:32:19 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -1008,6 +1008,14 @@ ssh_session2(void)
if (in < 0 || out < 0 || err < 0)
fatal("dup() in/out/err failed");
+ /* enable nonblocking unless tty */
+ if (!isatty(in))
+ set_nonblock(in);
+ if (!isatty(out))
+ set_nonblock(out);
+ if (!isatty(err))
+ set_nonblock(err);
+
/* should be pre-session */
init_local_fwd();
@@ -1025,7 +1033,7 @@ ssh_session2(void)
id = channel_new(
"session", SSH_CHANNEL_OPENING, in, out, err,
window, packetmax, CHAN_EXTENDED_WRITE,
- xstrdup("client-session"));
+ xstrdup("client-session"), /*nonblock*/0);
channel_open(id);
channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0);
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f3b5a26..6ba23d44 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -979,7 +979,7 @@ authmethod_lookup(const char *name)
Authmethod *
authmethod_get(char *authlist)
{
- char *name = NULL;
+ char *name = NULL, *authname_old;
Authmethod *method = NULL;
/* Use a suitable default if we're passed a nil list. */
@@ -1013,16 +1013,17 @@ authmethod_get(char *authlist)
method = NULL;
}
- if (authname_current != NULL)
- xfree(authname_current);
-
+ authname_old = authname_current;
if (method != NULL) {
debug("next auth method to try is %s", name);
authname_current = xstrdup(name);
- return method;
} else {
debug("no more auth methods to try");
authname_current = NULL;
- return NULL;
}
+
+ if (authname_old != NULL)
+ xfree(authname_old);
+
+ return (method);
}
diff --git a/util.c b/util.c
index 71808f14..1a591a6f 100644
--- a/util.c
+++ b/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $ */
+/* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $");
+RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
#include "ssh.h"
@@ -48,18 +48,15 @@ void
set_nonblock(int fd)
{
int val;
- if (isatty(fd)) {
- /* do not mess with tty's */
- debug("no set_nonblock for tty fd %d", fd);
- return;
- }
val = fcntl(fd, F_GETFL, 0);
if (val < 0) {
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
return;
}
- if (val & O_NONBLOCK)
+ if (val & O_NONBLOCK) {
+ debug("fd %d IS O_NONBLOCK", fd);
return;
+ }
debug("fd %d setting O_NONBLOCK", fd);
val |= O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)