diff options
| author | cvs2svn <cvs2svn@FreeBSD.org> | 2005-06-05 15:41:58 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@FreeBSD.org> | 2005-06-05 15:41:58 +0000 |
| commit | 3f3ba33bc62a7a98071ccbc1c8cc94e89bb5ade6 (patch) | |
| tree | 84f267a53afefee5c9cce9a0cea06a90b98a6cea | |
| parent | 4518870c7202d4098a97eae7a1d3820d84a4b0f4 (diff) | |
| download | src-test2-3f3ba33bc62a7a98071ccbc1c8cc94e89bb5ade6.tar.gz src-test2-3f3ba33bc62a7a98071ccbc1c8cc94e89bb5ade6.zip | |
This commit was manufactured by cvs2svn to create tagvendor/openssh/4.1p1
'openssh-vendor-crypto-OpenSSH_4_1p1'.
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=147001
svn path=/vendor-crypto/openssh/4.1p1/; revision=147003; tag=vendor/openssh/4.1p1
86 files changed, 0 insertions, 10036 deletions
diff --git a/crypto/openssh/.cvsignore b/crypto/openssh/.cvsignore deleted file mode 100644 index 12de9ef50509..000000000000 --- a/crypto/openssh/.cvsignore +++ /dev/null @@ -1,24 +0,0 @@ -ssh -scp -sshd -ssh-add -ssh-keygen -ssh-keyscan -ssh-keysign -ssh-agent -sftp-server -sftp -configure -config.h.in -config.h -config.status -config.cache -config.log -stamp-h.in -Makefile -ssh_prng_cmds -*.out -*.0 -buildit.sh -autom4te.cache -ssh-rand-helper diff --git a/crypto/openssh/COPYING.Ylonen b/crypto/openssh/COPYING.Ylonen deleted file mode 100644 index 5e681edd2930..000000000000 --- a/crypto/openssh/COPYING.Ylonen +++ /dev/null @@ -1,70 +0,0 @@ -This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland - - -COPYING POLICY AND OTHER LEGAL ISSUES - -As far as I am concerned, the code I have written for this software -can be used freely for any purpose. Any derived versions of this -software must be clearly marked as such, and if the derived work is -incompatible with the protocol description in the RFC file, it must be -called by a name other than "ssh" or "Secure Shell". - -However, I am not implying to give any licenses to any patents or -copyrights held by third parties, and the software includes parts that -are not under my direct control. As far as I know, all included -source code is used in accordance with the relevant license agreements -and can be used freely for any purpose (the GNU license being the most -restrictive); see below for details. - -[ RSA is no longer included. ] -[ IDEA is no longer included. ] -[ DES is now external. ] -[ GMP is now external. No more GNU licence. ] -[ Zlib is now external. ] -[ The make-ssh-known-hosts script is no longer included. ] -[ TSS has been removed. ] -[ MD5 is now external. ] -[ RC4 support has been removed. ] -[ Blowfish is now external. ] - -The 32-bit CRC implementation in crc32.c is due to Gary S. Brown. -Comments in the file indicate it may be used for any purpose without -restrictions. - -The 32-bit CRC compensation attack detector in deattack.c was -contributed by CORE SDI S.A. under a BSD-style license. See -http://www.core-sdi.com/english/ssh/ for details. - -Note that any information and cryptographic algorithms used in this -software are publicly available on the Internet and at any major -bookstore, scientific library, and patent office worldwide. More -information can be found e.g. at "http://www.cs.hut.fi/crypto". - -The legal status of this program is some combination of all these -permissions and restrictions. Use only at your own responsibility. -You will be responsible for any legal consequences yourself; I am not -making any claims whether possessing or using this is legal or not in -your country, and I am not taking any responsibility on your behalf. - - - NO WARRANTY - -BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - -IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. diff --git a/crypto/openssh/Makefile b/crypto/openssh/Makefile deleted file mode 100644 index 0b9c668b6511..000000000000 --- a/crypto/openssh/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# $OpenBSD: Makefile,v 1.11 2002/05/23 19:24:30 markus Exp $ - -.include <bsd.own.mk> - -SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \ - ssh-keysign ssh-keyscan sftp scard - -distribution: - install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ - ${DESTDIR}/etc/ssh/ssh_config - install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \ - ${DESTDIR}/etc/ssh/sshd_config - -.include <bsd.subdir.mk> diff --git a/crypto/openssh/Makefile.inc b/crypto/openssh/Makefile.inc deleted file mode 100644 index c68f59a74e94..000000000000 --- a/crypto/openssh/Makefile.inc +++ /dev/null @@ -1,26 +0,0 @@ -# $OpenBSD: Makefile.inc,v 1.23 2002/03/06 00:23:27 markus Exp $ - -CFLAGS+= -I${.CURDIR}/.. - -CDIAGFLAGS= -Wall -#CDIAGFLAGS+= -Werror -CDIAGFLAGS+= -Wpointer-arith -CDIAGFLAGS+= -Wno-uninitialized -#CDIAGFLAGS+= -Wstrict-prototypes -CDIAGFLAGS+= -Wmissing-prototypes -CDIAGFLAGS+= -Wunused - -#DEBUG=-g - -#CFLAGS+= -DSMARTCARD -#LDADD+= -lsectok - -.include <bsd.obj.mk> - -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a -.else -LDADD+= -L${.CURDIR}/../lib -lssh -DPADD+= ${.CURDIR}/../lib/libssh.a -.endif diff --git a/crypto/openssh/README.openssh2 b/crypto/openssh/README.openssh2 deleted file mode 100644 index 12c90aa31690..000000000000 --- a/crypto/openssh/README.openssh2 +++ /dev/null @@ -1,44 +0,0 @@ -$Id: README.openssh2,v 1.8 2000/05/07 18:30:03 markus Exp $ - -howto: - 1) generate server key: - $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' - 2) enable ssh2: - server: add 'Protocol 2,1' to /etc/sshd_config - client: ssh -o 'Protocol 2,1', or add to .ssh/config - 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) - interop w/ ssh.com dsa-keys: - ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 - and vice versa - ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub - echo Key mykey.pub >> ~/.ssh2/authorization - -works: - secsh-transport: works w/o rekey - proposal exchange, i.e. different enc/mac/comp per direction - encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc - mac: hmac-md5, hmac-sha1, (hmac-ripemd160) - compression: zlib, none - secsh-userauth: passwd and pubkey with DSA - secsh-connection: pty+shell or command, flow control works (window adjust) - tcp-forwarding: -L works, -R incomplete - x11-fwd - dss/dsa: host key database in ~/.ssh/known_hosts2 - client interops w/ sshd2, lshd - server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp) - server supports multiple concurrent sessions (e.g. with SSH.com Windows client) -todo: - re-keying - secsh-connection features: - tcp-forwarding, agent-fwd - auth other than passwd, and DSA-pubkey: - keyboard-interactive, (PGP-pubkey?) - config - server-auth w/ old host-keys - cleanup - advanced key storage? - keynote - sftp - --markus -$Date: 2000/05/07 18:30:03 $ diff --git a/crypto/openssh/auth2-skey.c b/crypto/openssh/auth2-skey.c deleted file mode 100644 index 9de08fc09cfd..000000000000 --- a/crypto/openssh/auth2-skey.c +++ /dev/null @@ -1,104 +0,0 @@ -#include "includes.h" -RCSID("$OpenBSD: auth2-skey.c,v 1.1 2000/10/11 20:14:38 markus Exp $"); - -#include "ssh.h" -#include "ssh2.h" -#include "auth.h" -#include "packet.h" -#include "xmalloc.h" -#include "dispatch.h" - -void send_userauth_into_request(Authctxt *authctxt, int echo); -void input_userauth_info_response(int type, int plen, void *ctxt); - -/* - * try skey authentication, always return -1 (= postponed) since we have to - * wait for the s/key response. - */ -int -auth2_skey(Authctxt *authctxt) -{ - send_userauth_into_request(authctxt, 0); - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response); - return -1; -} - -void -send_userauth_into_request(Authctxt *authctxt, int echo) -{ - int retval = -1; - struct skey skey; - char challenge[SKEY_MAX_CHALLENGE]; - char *fake; - - if (authctxt->user == NULL) - fatal("send_userauth_into_request: internal error: no user"); - - /* get skey challenge */ - if (authctxt->valid) - retval = skeychallenge(&skey, authctxt->user, challenge); - - if (retval == -1) { - fake = skey_fake_keyinfo(authctxt->user); - strlcpy(challenge, fake, sizeof challenge); - } - /* send our info request */ - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring("S/Key Authentication"); /* Name */ - packet_put_cstring(challenge); /* Instruction */ - packet_put_cstring(""); /* Language */ - packet_put_int(1); /* Number of prompts */ - packet_put_cstring(echo ? - "Response [Echo]: ": "Response: "); /* Prompt */ - packet_put_char(echo); /* Echo */ - packet_send(); - packet_write_wait(); - memset(challenge, 'c', sizeof challenge); -} - -void -input_userauth_info_response(int type, int plen, void *ctxt) -{ - Authctxt *authctxt = ctxt; - int authenticated = 0; - unsigned int nresp, rlen; - char *resp, *method; - - if (authctxt == NULL) - fatal("input_userauth_info_response: no authentication context"); - - if (authctxt->attempt++ >= AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); - - nresp = packet_get_int(); - if (nresp == 1) { - /* we only support s/key and assume s/key for nresp == 1 */ - method = "s/key"; - resp = packet_get_string(&rlen); - packet_done(); - if (strlen(resp) == 0) { - /* - * if we received a null response, resend prompt with - * echo enabled - */ - authenticated = -1; - userauth_log(authctxt, authenticated, method); - send_userauth_into_request(authctxt, 1); - } else { - /* verify skey response */ - if (authctxt->valid && - skey_haskey(authctxt->pw->pw_name) == 0 && - skey_passcheck(authctxt->pw->pw_name, resp) != -1) { - authenticated = 1; - } else { - authenticated = 0; - } - memset(resp, 'r', rlen); - /* unregister callback */ - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); - userauth_log(authctxt, authenticated, method); - userauth_reply(authctxt, authenticated); - } - xfree(resp); - } -} diff --git a/crypto/openssh/aux.c b/crypto/openssh/aux.c deleted file mode 100644 index 899142da7167..000000000000 --- a/crypto/openssh/aux.c +++ /dev/null @@ -1,36 +0,0 @@ -#include "includes.h" -RCSID("$OpenBSD: aux.c,v 1.2 2000/05/17 09:47:59 markus Exp $"); - -#include "ssh.h" - -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - -void -set_nonblock(int fd) -{ - int val; - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; - } - if (val & O_NONBLOCK) - return; - debug("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno)); -} diff --git a/crypto/openssh/cli.c b/crypto/openssh/cli.c deleted file mode 100644 index 8f0b2b87e36c..000000000000 --- a/crypto/openssh/cli.c +++ /dev/null @@ -1,231 +0,0 @@ -/* $OpenBSD: cli.c,v 1.11 2001/03/06 00:33:04 deraadt Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: cli.c,v 1.11 2001/03/06 00:33:04 deraadt Exp $"); - -#include "xmalloc.h" -#include "log.h" -#include "cli.h" - -#include <vis.h> - -static int cli_input = -1; -static int cli_output = -1; -static int cli_from_stdin = 0; - -sigset_t oset; -sigset_t nset; -struct sigaction nsa; -struct sigaction osa; -struct termios ntio; -struct termios otio; -int echo_modified; - -volatile int intr; - -static int -cli_open(int from_stdin) -{ - if (cli_input >= 0 && cli_output >= 0 && cli_from_stdin == from_stdin) - return 1; - - if (from_stdin) { - if (!cli_from_stdin && cli_input >= 0) { - (void)close(cli_input); - } - cli_input = STDIN_FILENO; - cli_output = STDERR_FILENO; - } else { - cli_input = cli_output = open(_PATH_TTY, O_RDWR); - if (cli_input < 0) - fatal("You have no controlling tty. Cannot read passphrase."); - } - - cli_from_stdin = from_stdin; - - return cli_input >= 0 && cli_output >= 0 && cli_from_stdin == from_stdin; -} - -static void -cli_close(void) -{ - if (!cli_from_stdin && cli_input >= 0) - close(cli_input); - cli_input = -1; - cli_output = -1; - cli_from_stdin = 0; - return; -} - -void -intrcatch(int sig) -{ - intr = 1; -} - -static void -cli_echo_disable(void) -{ - sigemptyset(&nset); - sigaddset(&nset, SIGTSTP); - (void) sigprocmask(SIG_BLOCK, &nset, &oset); - - intr = 0; - - memset(&nsa, 0, sizeof(nsa)); - nsa.sa_handler = intrcatch; - (void) sigaction(SIGINT, &nsa, &osa); - - echo_modified = 0; - if (tcgetattr(cli_input, &otio) == 0 && (otio.c_lflag & ECHO)) { - echo_modified = 1; - ntio = otio; - ntio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); - (void) tcsetattr(cli_input, TCSANOW, &ntio); - } - return; -} - -static void -cli_echo_restore(void) -{ - if (echo_modified != 0) { - tcsetattr(cli_input, TCSANOW, &otio); - echo_modified = 0; - } - - (void) sigprocmask(SIG_SETMASK, &oset, NULL); - (void) sigaction(SIGINT, &osa, NULL); - - if (intr != 0) { - kill(getpid(), SIGINT); - sigemptyset(&nset); - /* XXX tty has not neccessarily drained by now? */ - sigsuspend(&nset); - intr = 0; - } - return; -} - -static int -cli_read(char* buf, int size, int echo) -{ - char ch = 0; - int i = 0; - int n; - - if (!echo) - cli_echo_disable(); - - while (ch != '\n') { - n = read(cli_input, &ch, 1); - if (n == -1 && (errno == EAGAIN || errno == EINTR)) - continue; - if (n != 1) - break; - if (ch == '\n' || intr != 0) - break; - if (i < size) - buf[i++] = ch; - } - buf[i] = '\0'; - - if (!echo) - cli_echo_restore(); - if (!intr && !echo) - (void) write(cli_output, "\n", 1); - return i; -} - -static int -cli_write(char* buf, int size) -{ - int i, len, pos, ret = 0; - char *output, *p; - - output = xmalloc(4*size); - for (p = output, i = 0; i < size; i++) { - if (buf[i] == '\n' || buf[i] == '\r') - *p++ = buf[i]; - else - p = vis(p, buf[i], 0, 0); - } - len = p - output; - - for (pos = 0; pos < len; pos += ret) { - ret = write(cli_output, output + pos, len - pos); - if (ret == -1) { - xfree(output); - return -1; - } - } - xfree(output); - return 0; -} - -/* - * Presents a prompt and returns the response allocated with xmalloc(). - * Uses /dev/tty or stdin/out depending on arg. Optionally disables echo - * of response depending on arg. Tries to ensure that no other userland - * buffer is storing the response. - */ -char* -cli_read_passphrase(char* prompt, int from_stdin, int echo_enable) -{ - char buf[BUFSIZ]; - char* p; - - if (!cli_open(from_stdin)) - fatal("Cannot read passphrase."); - - fflush(stdout); - - cli_write(prompt, strlen(prompt)); - cli_read(buf, sizeof buf, echo_enable); - - cli_close(); - - p = xstrdup(buf); - memset(buf, 0, sizeof(buf)); - return (p); -} - -char* -cli_prompt(char* prompt, int echo_enable) -{ - return cli_read_passphrase(prompt, 0, echo_enable); -} - -void -cli_mesg(char* mesg) -{ - cli_open(0); - cli_write(mesg, strlen(mesg)); - cli_write("\n", strlen("\n")); - cli_close(); - return; -} diff --git a/crypto/openssh/cli.h b/crypto/openssh/cli.h deleted file mode 100644 index 6f57c9b8ad0a..000000000000 --- a/crypto/openssh/cli.h +++ /dev/null @@ -1,42 +0,0 @@ -/* $OpenBSD: cli.h,v 1.4 2001/03/01 03:38:33 deraadt Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* $OpenBSD: cli.h,v 1.4 2001/03/01 03:38:33 deraadt Exp $ */ - -#ifndef CLI_H -#define CLI_H - -/* - * Presents a prompt and returns the response allocated with xmalloc(). - * Uses /dev/tty or stdin/out depending on arg. Optionally disables echo - * of response depending on arg. Tries to ensure that no other userland - * buffer is storing the response. - */ -char * cli_read_passphrase(char * prompt, int from_stdin, int echo_enable); -char * cli_prompt(char * prompt, int echo_enable); -void cli_mesg(char * mesg); - -#endif /* CLI_H */ diff --git a/crypto/openssh/contrib/Makefile b/crypto/openssh/contrib/Makefile deleted file mode 100644 index 2cef46f6c6d3..000000000000 --- a/crypto/openssh/contrib/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -all: - @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" - -gnome-ssh-askpass1: gnome-ssh-askpass1.c - $(CC) `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ - `gnome-config --libs gnome gnomeui` - -gnome-ssh-askpass2: gnome-ssh-askpass2.c - $(CC) `pkg-config --cflags gtk+-2.0` \ - gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ - `pkg-config --libs gtk+-2.0` - -clean: - rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass diff --git a/crypto/openssh/contrib/README b/crypto/openssh/contrib/README deleted file mode 100644 index 9de3d961d495..000000000000 --- a/crypto/openssh/contrib/README +++ /dev/null @@ -1,60 +0,0 @@ -Other patches and addons for OpenSSH. Please send submissions to -djm@mindrot.org - -Externally maintained ---------------------- - -SSH Proxy Command -- connect.c - -Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand -which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or -https CONNECT style proxy server. His page for connect.c has extensive -documentation on its use as well as compiled versions for Win32. - -http://www.taiyo.co.jp/~gotoh/ssh/connect.html - - -X11 SSH Askpass: - -Jim Knoble <jmknoble@pobox.com> has written an excellent X11 -passphrase requester. This is highly recommended: - -http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html - - -In this directory ------------------ - -ssh-copy-id: - -Phil Hands' <phil@hands.com> shell script to automate the process of adding -your public key to a remote machine's ~/.ssh/authorized_keys file. - -gnome-ssh-askpass[12]: - -A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or -"make gnome-ssh-askpass2" to build. - -sshd.pam.generic: - -A generic PAM config file which may be useful on your system. YMMV - -sshd.pam.freebsd: - -A PAM config file which works with FreeBSD's PAM port. Contributed by -Dominik Brettnacher <domi@saargate.de> - -mdoc2man.pl: - -Converts mdoc formated manpages into normal manpages. This can be used -on Solaris machines to provide manpages that are not preformated. -Contributed by Mark D. Roth <roth@feep.net> - -redhat: - -RPM spec file and scripts for building Redhat packages - -suse: - -RPM spec file and scripts for building SuSE packages - diff --git a/crypto/openssh/contrib/aix/README b/crypto/openssh/contrib/aix/README deleted file mode 100644 index 2a299350abb0..000000000000 --- a/crypto/openssh/contrib/aix/README +++ /dev/null @@ -1,50 +0,0 @@ -Overview: - -This directory contains files to build an AIX native (installp or SMIT -installable) openssh package. - - -Directions: - -(optional) create config.local in your build dir -./configure [options] -contrib/aix/buildbff.sh - -The file config.local or the environment is read to set the following options -(default first): -PERMIT_ROOT_LOGIN=[no|yes] -X11_FORWARDING=[no|yes] -AIX_SRC=[no|yes] - -Acknowledgements: - -The contents of this directory are based on Ben Lindstrom's Solaris -buildpkg.sh. Ben also supplied inventory.sh. - -Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's -and for comparison with the output from this script, however no code -from lppbuild is included and it is not required for operation. - -SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. -PrivSep account handling fixes contributed by W. Earl Allen. - - -Other notes: - -The script treats all packages as USR packages (not ROOT+USR when -appropriate). It seems to work, though...... - -If there are any patches to this that have not yet been integrated they -may be found at http://www.zip.com.au/~dtucker/openssh/. - - -Disclaimer: - -It is hoped that it is useful but there is no warranty. If it breaks -you get to keep both pieces. - - - - Darren Tucker (dtucker at zip dot com dot au) - 2002/03/01 - -$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ diff --git a/crypto/openssh/contrib/aix/buildbff.sh b/crypto/openssh/contrib/aix/buildbff.sh deleted file mode 100755 index 4a5c32b0ecb9..000000000000 --- a/crypto/openssh/contrib/aix/buildbff.sh +++ /dev/null @@ -1,383 +0,0 @@ -#!/bin/sh -# -# buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $ -# -# Author: Darren Tucker (dtucker at zip dot com dot au) -# This file is placed in the public domain and comes with absolutely -# no warranty. -# -# Based originally on Ben Lindstrom's buildpkg.sh for Solaris -# - -# -# Tunable configuration settings -# create a "config.local" in your build directory or set -# environment variables to override these. -# -[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no -[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no -[ -z "$AIX_SRC" ] && AIX_SRC=no - -umask 022 - -startdir=`pwd` - -# Path to inventory.sh: same place as buildbff.sh -if echo $0 | egrep '^/' -then - inventory=`dirname $0`/inventory.sh # absolute path -else - inventory=`pwd`/`dirname $0`/inventory.sh # relative path -fi - -# -# We still support running from contrib/aix, but this is deprecated -# -if pwd | egrep 'contrib/aix$' -then - echo "Changing directory to `pwd`/../.." - echo "Please run buildbff.sh from your build directory in future." - cd ../.. - contribaix=1 -fi - -if [ ! -f Makefile ] -then - echo "Makefile not found (did you run configure?)" - exit 1 -fi - -# -# Directories used during build: -# current dir = $objdir directory you ran ./configure in. -# $objdir/$PKGDIR/ directory package files are constructed in -# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT) -# -objdir=`pwd` -PKGNAME=openssh -PKGDIR=package - -# -# Collect local configuration settings to override defaults -# -if [ -s ./config.local ] -then - echo Reading local settings from config.local - . ./config.local -fi - -# -# Fill in some details from Makefile, like prefix and sysconfdir -# the eval also expands variables like sysconfdir=${prefix}/etc -# provided they are eval'ed in the correct order -# -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir -do - eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2` -done - -# -# Collect values of privsep user and privsep path -# currently only found in config.h -# -for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH -do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h` -done - -# Set privsep defaults if not defined -if [ -z "$SSH_PRIVSEP_USER" ] -then - SSH_PRIVSEP_USER=sshd -fi -if [ -z "$PRIVSEP_PATH" ] -then - PRIVSEP_PATH=/var/empty -fi - -# Clean package build directory -rm -rf $objdir/$PKGDIR -FAKE_ROOT=$objdir/$PKGDIR/root -mkdir -p $FAKE_ROOT - -# Start by faking root install -echo "Faking root install..." -cd $objdir -make install-nokeys DESTDIR=$FAKE_ROOT - -if [ $? -gt 0 ] -then - echo "Fake root install failed, stopping." - exit 1 -fi - -# -# Copy informational files to include in package -# -cp $srcdir/LICENCE $objdir/$PKGDIR/ -cp $srcdir/README* $objdir/$PKGDIR/ - -# -# Extract common info requires for the 'info' part of the package. -# AIX requires 4-part version numbers -# -VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _` -MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` -MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` -PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` -PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'` -[ "$PATCH" = "" ] && PATCH=0 -[ "$PORTABLE" = "" ] && PORTABLE=0 -BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE` - -echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" - -# -# Set ssh and sshd parameters as per config.local -# -if [ "${PERMIT_ROOT_LOGIN}" = no ] -then - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -fi -if [ "${X11_FORWARDING}" = yes ] -then - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -fi - - -# Rename config files; postinstall script will copy them if necessary -for cfgfile in ssh_config sshd_config ssh_prng_cmds -do - mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default -done - -# -# Generate lpp control files. -# working dir is $FAKE_ROOT but files are generated in dir above -# and moved into place just before creation of .bff -# -cd $FAKE_ROOT -echo Generating LPP control files -find . ! -name . -print >../openssh.al -$inventory >../openssh.inventory - -cat <<EOD >../openssh.copyright -This software is distributed under a BSD-style license. -For the full text of the license, see /usr/lpp/openssh/LICENCE -EOD - -# -# openssh.size file allows filesystem expansion as required -# generate list of directories containing files -# then calculate disk usage for each directory and store in openssh.size -# -files=`find . -type f -print` -dirs=`for file in $files; do dirname $file; done | sort -u` -for dir in $dirs -do - du $dir -done > ../openssh.size - -# -# Create postinstall script -# -cat <<EOF >>../openssh.post_i -#!/bin/sh - -echo Creating configs from defaults if necessary. -for cfgfile in ssh_config sshd_config ssh_prng_cmds -do - if [ ! -f $sysconfdir/\$cfgfile ] - then - echo "Creating \$cfgfile from default" - cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile - else - echo "\$cfgfile already exists." - fi -done -echo - -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null -then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." -else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi - - # Create user if required - if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi - - # create chroot directory if required - if [ -d $PRIVSEP_PATH ] - then - echo "PrivSep chroot directory $PRIVSEP_PATH already exists." - else - echo "Creating PrivSep chroot directory $PRIVSEP_PATH." - mkdir $PRIVSEP_PATH - chown 0 $PRIVSEP_PATH - chgrp 0 $PRIVSEP_PATH - chmod 755 $PRIVSEP_PATH - fi -fi -echo - -# Generate keys unless they already exist -echo Creating host keys if required. -if [ -f "$sysconfdir/ssh_host_key" ] ; then - echo "$sysconfdir/ssh_host_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" -fi -if [ -f $sysconfdir/ssh_host_dsa_key ] ; then - echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." -else - $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" -fi -if [ -f $sysconfdir/ssh_host_rsa_key ] ; then - echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" -fi -echo - -# Set startup command depending on SRC support -if [ "$AIX_SRC" = "yes" ] -then - echo Creating SRC sshd subsystem. - rmssys -s sshd 2>&1 >/dev/null - mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip - startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\"" - oldstartcmd="$sbindir/sshd" -else - startupcmd="$sbindir/sshd" - oldstartcmd="start $sbindir/sshd \\\"$src_running\\\"" -fi - -# If migrating to or from SRC, change previous startup command -# otherwise add to rc.tcpip -if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null -then - if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new - then - chmod 0755 /etc/rc.tcpip.new - mv /etc/rc.tcpip /etc/rc.tcpip.old && \ - mv /etc/rc.tcpip.new /etc/rc.tcpip - else - echo "Updating /etc/rc.tcpip failed, please check." - fi -else - # Add to system startup if required - if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null - then - echo "sshd found in rc.tcpip, not adding." - else - echo "Adding sshd to rc.tcpip" - echo >>/etc/rc.tcpip - echo "# Start sshd" >>/etc/rc.tcpip - echo "\$startupcmd" >>/etc/rc.tcpip - fi -fi -EOF - -# -# Create liblpp.a and move control files into it -# -echo Creating liblpp.a -( - cd .. - for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README* - do - ar -r liblpp.a $i - rm $i - done -) - -# -# Create lpp_name -# -# This will end up looking something like: -# 4 R I OpenSSH { -# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX -# [ -# % -# /usr/local/bin 8073 -# /usr/local/etc 189 -# /usr/local/libexec 185 -# /usr/local/man/man1 145 -# /usr/local/man/man8 83 -# /usr/local/sbin 2105 -# /usr/local/share 3 -# % -# ] -# } - -echo Creating lpp_name -cat <<EOF >../lpp_name -4 R I $PKGNAME { -$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX -[ -% -EOF - -for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh -do - # get size in 512 byte blocks - if [ -d $FAKE_ROOT/$i ] - then - size=`du $FAKE_ROOT/$i | awk '{print $1}'` - echo "$i $size" >>../lpp_name - fi -done - -echo '%' >>../lpp_name -echo ']' >>../lpp_name -echo '}' >>../lpp_name - -# -# Move pieces into place -# -mkdir -p usr/lpp/openssh -mv ../liblpp.a usr/lpp/openssh -mv ../lpp_name . - -# -# Now invoke backup to create .bff file -# note: lpp_name needs to be the first file so we generate the -# file list on the fly and feed it to backup using -i -# -echo Creating $PKGNAME-$VERSION.bff with backup... -rm -f $PKGNAME-$VERSION.bff -( - echo "./lpp_name" - find . ! -name lpp_name -a ! -name . -print -) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist - -# -# Move package into final location and clean up -# -mv ../$PKGNAME-$VERSION.bff $startdir -cd $startdir -rm -rf $objdir/$PKGDIR - -echo $0: done. - diff --git a/crypto/openssh/contrib/aix/inventory.sh b/crypto/openssh/contrib/aix/inventory.sh deleted file mode 100755 index e2641e79c4f9..000000000000 --- a/crypto/openssh/contrib/aix/inventory.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -# -# inventory.sh -# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ -# -# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl -# This file is placed into the public domain. -# -# This will produce an AIX package inventory file, which looks like: -# -# /usr/local/bin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=755 -# type=DIRECTORY -# /usr/local/bin/slogin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=777 -# type=SYMLINK -# target=ssh -# /usr/local/share/Ssh.bin: -# class=apply,inventory,openssh -# owner=root -# group=system -# mode=644 -# type=FILE -# size=VOLATILE -# checksum=VOLATILE - -find . ! -name . -print | perl -ne '{ - chomp; - if ( -l $_ ) { - ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat; - } else { - ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat; - } - - # Start to display inventory information - $name = $_; - $name =~ s|^.||; # Strip leading dot from path - print "$name:\n"; - print "\tclass=apply,inventory,openssh\n"; - print "\towner=root\n"; - print "\tgroup=system\n"; - printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits - - if ( -l $_ ) { - # Entry is SymLink - print "\ttype=SYMLINK\n"; - printf "\ttarget=%s\n", readlink($_); - } elsif ( -f $_ ) { - # Entry is File - print "\ttype=FILE\n"; - print "\tsize=$sz\n"; - print "\tchecksum=VOLATILE\n"; - } elsif ( -d $_ ) { - # Entry is Directory - print "\ttype=DIRECTORY\n"; - } -}' diff --git a/crypto/openssh/contrib/aix/pam.conf b/crypto/openssh/contrib/aix/pam.conf deleted file mode 100644 index 1495f43cbf82..000000000000 --- a/crypto/openssh/contrib/aix/pam.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# PAM configuration file /etc/pam.conf -# Example for OpenSSH on AIX 5.2 -# - -# Authentication Management -sshd auth required /usr/lib/security/pam_aix -OTHER auth required /usr/lib/security/pam_aix - -# Account Management -sshd account required /usr/lib/security/pam_aix -OTHER account required /usr/lib/security/pam_aix - -# Session Management -sshd password required /usr/lib/security/pam_aix -OTHER password required /usr/lib/security/pam_aix - -# Password Management -sshd session required /usr/lib/security/pam_aix -OTHER session required /usr/lib/security/pam_aix diff --git a/crypto/openssh/contrib/caldera/openssh.spec b/crypto/openssh/contrib/caldera/openssh.spec deleted file mode 100644 index e690f102fb5b..000000000000 --- a/crypto/openssh/contrib/caldera/openssh.spec +++ /dev/null @@ -1,366 +0,0 @@ - -# Some of this will need re-evaluation post-LSB. The SVIdir is there -# because the link appeared broken. The rest is for easy compilation, -# the tradeoff open to discussion. (LC957) - -%define SVIdir /etc/rc.d/init.d -%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} -%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} - -%define _mandir %{_prefix}/share/man/en -%define _sysconfdir /etc/ssh -%define _libexecdir %{_libdir}/ssh - -# Do we want to disable root_login? (1=yes 0=no) -%define no_root_login 0 - -#old cvs stuff. please update before use. may be deprecated. -%define use_stable 1 -%if %{use_stable} - %define version 3.8.1p1 - %define cvs %{nil} - %define release 1 -%else - %define version 3.8.1p1 - %define cvs cvs20011009 - %define release 0r1 -%endif -%define xsa x11-ssh-askpass -%define askpass %{xsa}-1.2.4.1 - -# OpenSSH privilege separation requires a user & group ID -%define sshd_uid 67 -%define sshd_gid 67 - -Name : openssh -Version : %{version}%{cvs} -Release : %{release} -Group : System/Network - -Summary : OpenSSH free Secure Shell (SSH) implementation. -Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). -Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). -Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). -Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. -Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). -Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). - -Copyright : BSD -Packager : Raymund Will <ray@caldera.de> -URL : http://www.openssh.com/ - -Obsoletes : ssh, ssh-clients, openssh-clients - -BuildRoot : /tmp/%{name}-%{version} -BuildRequires : XFree86-imake - -# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable -# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs -Source0: see-above:/.../openssh-%{version}.tar.gz -%if %{use_stable} -Source1: see-above:/.../openssh-%{version}.tar.gz.sig -%endif -Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz -Source3: http://www.openssh.com/faq.html - -%Package server -Group : System/Network -Requires : openssh = %{version} -Obsoletes : ssh-server - -Summary : OpenSSH Secure Shell protocol server (sshd). -Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). -Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). -Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). -Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). -Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). -Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). - - -%Package askpass -Group : System/Network -Requires : openssh = %{version} -URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/ -Obsoletes : ssh-extras - -Summary : OpenSSH X11 pass-phrase dialog. -Summary(de) : OpenSSH X11 Passwort-Dialog. -Summary(es) : Aplicación de petición de frase clave OpenSSH X11. -Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. -Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. -Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. -Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. - - -%Description -OpenSSH (Secure Shell) provides access to a remote system. It replaces -telnet, rlogin, rexec, and rsh, and provides secure encrypted -communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP/IP ports can also be forwarded over -the secure channel. - -%Description -l de -OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt -telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte -Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres -Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso -über den sicheren Channel weitergeleitet werden. - -%Description -l es -OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a -telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas -entre dos equipos entre los que no se ha establecido confianza a través de una -red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden -ser canalizadas sobre el canal seguro. - -%Description -l fr -OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace -telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées -securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des -connexions X11 et des ports TCP/IP arbitraires peuvent également être -transmis sur le canal sécurisé. - -%Description -l it -OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. -Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure -e crittate tra due host non fidati su una rete non sicura. Le connessioni -X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso -un canale sicuro. - -%Description -l pt -OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados -pelo canal seguro. - -%Description -l pt_BR -O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas -pelo canal seguro. - -%Description server -This package installs the sshd, the server portion of OpenSSH. - -%Description -l de server -Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. - -%Description -l es server -Este paquete instala sshd, la parte servidor de OpenSSH. - -%Description -l fr server -Ce paquetage installe le 'sshd', partie serveur de OpenSSH. - -%Description -l it server -Questo pacchetto installa sshd, il server di OpenSSH. - -%Description -l pt server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description -l pt_BR server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description askpass -This package contains an X11-based pass-phrase dialog used per -default by ssh-add(1). It is based on %{askpass} -by Jim Knoble <jmknoble@pobox.com>. - - -%Prep -%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 -%if ! %{use_stable} - autoreconf -%endif - - -%Build -CFLAGS="$RPM_OPT_FLAGS" \ -%configure \ - --with-pam \ - --with-tcp-wrappers \ - --with-privsep-path=%{_var}/empty/sshd \ - #leave this line for easy edits. - -%__make CFLAGS="$RPM_OPT_FLAGS" - -cd %{askpass} -%configure \ - #leave this line for easy edits. - -xmkmf -%__make includes -%__make - - -%Install -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -make install DESTDIR=%{buildroot} -%makeinstall -C %{askpass} \ - BINDIR=%{_libexecdir} \ - MANPATH=%{_mandir} \ - DESTDIR=%{buildroot} - -# OpenLinux specific configuration -mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} -mkdir -p %{buildroot}%{_var}/empty/sshd - -# enabling X11 forwarding on the server is convenient and okay, -# on the client side it's a potential security risk! -%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ - %{buildroot}%{_sysconfdir}/sshd_config - -%if %{no_root_login} -%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ - %{buildroot}%{_sysconfdir}/sshd_config -%endif - -install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd -# FIXME: disabled, find out why this doesn't work with nis -%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ - %{buildroot}/etc/pam.d/sshd - -install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd - -# the last one is needless, but more future-proof -find %{buildroot}%{SVIdir} -type f -exec \ - %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ - s:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:/usr/sbin:%{_sbindir}:g'\ - \{\} \; - -cat <<-EoD > %{buildroot}%{SVIcdir}/sshd - IDENT=sshd - DESCRIPTIVE="OpenSSH secure shell daemon" - # This service will be marked as 'skipped' on boot if there - # is no host key. Use ssh-host-keygen to generate one - ONBOOT="yes" - OPTIONS="" -EoD - -SKG=%{buildroot}%{_sbindir}/ssh-host-keygen -install -m 0755 contrib/caldera/ssh-host-keygen $SKG -# Fix up some path names in the keygen toy^Hol - %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ - %{buildroot}%{_sbindir}/ssh-host-keygen - -# This looks terrible. Expect it to change. -# install remaining docs -DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" -mkdir -p $DocD/%{askpass} -cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD -install -p -m 0444 %{SOURCE3} $DocD/faq.html -cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} -%if %{use_stable} - cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 -%else - cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 - ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 -%endif - -find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf -rm %{buildroot}%{_mandir}/man1/slogin.1 && \ - ln -s %{_mandir}/man1/ssh.1.gz \ - %{buildroot}%{_mandir}/man1/slogin.1.gz - - -%Clean -#%{rmDESTDIR} -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -%Post -# Generate host key when none is present to get up and running, -# both client and server require this for host-based auth! -# ssh-host-keygen checks for existing keys. -/usr/sbin/ssh-host-keygen -: # to protect the rpm database - -%pre server -%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ - -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : -: # to protect the rpm database - -%Post server -if [ -x %{LSBinit}-install ]; then - %{LSBinit}-install sshd -else - lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 -fi - -! %{SVIdir}/sshd status || %{SVIdir}/sshd restart -: # to protect the rpm database - - -%PreUn server -[ "$1" = 0 ] || exit 0 - -! %{SVIdir}/sshd status || %{SVIdir}/sshd stop -: # to protect the rpm database - - -%PostUn server -if [ -x %{LSBinit}-remove ]; then - %{LSBinit}-remove sshd -else - lisa --SysV-init remove sshd $1 -fi -: # to protect the rpm database - - -%Files -%defattr(-,root,root) -%dir %{_sysconfdir} -%config %{_sysconfdir}/ssh_config -%{_bindir}/scp -%{_bindir}/sftp -%{_bindir}/ssh -%{_bindir}/slogin -%{_bindir}/ssh-add -%attr(2755,root,nobody) %{_bindir}/ssh-agent -%{_bindir}/ssh-keygen -%{_bindir}/ssh-keyscan -%dir %{_libexecdir} -%attr(4711,root,root) %{_libexecdir}/ssh-keysign -%{_sbindir}/ssh-host-keygen -%dir %{_defaultdocdir}/%{name}-%{version} -%{_defaultdocdir}/%{name}-%{version}/CREDITS -%{_defaultdocdir}/%{name}-%{version}/ChangeLog -%{_defaultdocdir}/%{name}-%{version}/LICENCE -%{_defaultdocdir}/%{name}-%{version}/OVERVIEW -%{_defaultdocdir}/%{name}-%{version}/README* -%{_defaultdocdir}/%{name}-%{version}/TODO -%{_defaultdocdir}/%{name}-%{version}/faq.html -%{_mandir}/man1/* -%{_mandir}/man8/ssh-keysign.8.gz -%{_mandir}/man5/ssh_config.5.gz - -%Files server -%defattr(-,root,root) -%dir %{_var}/empty/sshd -%config %{SVIdir}/sshd -%config /etc/pam.d/sshd -%config %{_sysconfdir}/moduli -%config %{_sysconfdir}/sshd_config -%config %{SVIcdir}/sshd -%{_libexecdir}/sftp-server -%{_sbindir}/sshd -%{_mandir}/man5/sshd_config.5.gz -%{_mandir}/man8/sftp-server.8.gz -%{_mandir}/man8/sshd.8.gz - -%Files askpass -%defattr(-,root,root) -%{_libexecdir}/ssh-askpass -%{_libexecdir}/x11-ssh-askpass -%{_defaultdocdir}/%{name}-%{version}/%{askpass} - - -%ChangeLog -* Mon Jan 01 1998 ... -Template Version: 1.31 - -$Id: openssh.spec,v 1.49 2004/03/21 22:40:04 djm Exp $ diff --git a/crypto/openssh/contrib/caldera/ssh-host-keygen b/crypto/openssh/contrib/caldera/ssh-host-keygen deleted file mode 100755 index 3c5c1718270a..000000000000 --- a/crypto/openssh/contrib/caldera/ssh-host-keygen +++ /dev/null @@ -1,36 +0,0 @@ -#! /bin/sh -# -# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ -# -# This script is normally run only *once* for a given host -# (in a given period of time) -- on updates/upgrades/recovery -# the ssh_host_key* files _should_ be retained! Otherwise false -# "man-in-the-middle-attack" alerts will frighten unsuspecting -# clients... - -keydir=@sysconfdir@ -keygen=@sshkeygen@ - -if [ -f $keydir/ssh_host_key -o \ - -f $keydir/ssh_host_key.pub ]; then - echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." -else - echo "Generating 1024 bit SSH1 RSA host key." - $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_rsa_key -o \ - -f $keydir/ssh_host_rsa_key.pub ]; then - echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." -else - echo "Generating 1024 bit SSH2 RSA host key." - $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_dsa_key -o \ - -f $keydir/ssh_host_dsa_key.pub ]; then - echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." -else - echo "Generating SSH2 DSA host key." - $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' -fi diff --git a/crypto/openssh/contrib/caldera/sshd.init b/crypto/openssh/contrib/caldera/sshd.init deleted file mode 100755 index 983146f4fe00..000000000000 --- a/crypto/openssh/contrib/caldera/sshd.init +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash -# -# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $ -# -### BEGIN INIT INFO -# Provides: -# Required-Start: $network -# Required-Stop: -# Default-Start: 3 4 5 -# Default-Stop: 0 1 2 6 -# Description: sshd -# Bring up/down the OpenSSH secure shell daemon. -### END INIT INFO -# -# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>. -# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>. -# Modified for OpenLinux by Raymund Will <ray@caldera.de> - -NAME=sshd -DAEMON=/usr/sbin/$NAME -# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem -# created by recent OpenSSH daemon/ssd combinations. See Caldera internal -# PR [linux/8278] for details... -PIDF=/var/run/$NAME.pid -NAME=$DAEMON - -_status() { - [ -z "$1" ] || local pidf="$1" - local ret=-1 - local pid - if [ -n "$pidf" ] && [ -r "$pidf" ]; then - pid=$(head -1 $pidf) - else - pid=$(pidof $NAME) - fi - - if [ ! -e $SVIlock ]; then - # no lock-file => not started == stopped? - ret=3 - elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then - # pid-file given but not present or no pid => died, but was not stopped - ret=2 - elif [ -r /proc/$pid/cmdline ] && - echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then - # pid-file given and present or pid found => check process... - # but don't compare exe, as this will fail after an update! - # compares OK => all's well, that ends well... - ret=0 - else - # no such process or exe does not match => stale pid-file or process died - # just recently... - ret=1 - fi - return $ret -} - -# Source function library (and set vital variables). -. @SVIdir@/functions - -case "$1" in - start) - [ ! -e $SVIlock ] || exit 0 - [ -x $DAEMON ] || exit 5 - SVIemptyConfig @sysconfdir@/sshd_config && exit 6 - - if [ ! \( -f @sysconfdir@/ssh_host_key -a \ - -f @sysconfdir@/ssh_host_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ - -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ - -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then - - echo "$SVIsubsys: host key not initialized: skipped!" - echo "$SVIsubsys: use ssh-host-keygen to generate one!" - exit 6 - fi - - echo -n "Starting $SVIsubsys services: " - ssd -S -x $DAEMON -n $NAME -- $OPTIONS - ret=$? - - echo "." - touch $SVIlock - ;; - - stop) - [ -e $SVIlock ] || exit 0 - - echo -n "Stopping $SVIsubsys services: " - ssd -K -p $PIDF -n $NAME - ret=$? - - echo "." - rm -f $SVIlock - ;; - - force-reload|reload) - [ -e $SVIlock ] || exit 0 - - echo "Reloading $SVIsubsys configuration files: " - ssd -K --signal 1 -q -p $PIDF -n $NAME - ret=$? - echo "done." - ;; - - restart) - $0 stop - $0 start - ret=$? - ;; - - status) - _status $PIDF - ret=$? - ;; - - *) - echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}" - ret=2 - ;; - -esac - -exit $ret - diff --git a/crypto/openssh/contrib/caldera/sshd.pam b/crypto/openssh/contrib/caldera/sshd.pam deleted file mode 100644 index 26dcb34d9e94..000000000000 --- a/crypto/openssh/contrib/caldera/sshd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow nodelay -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session required /lib/security/pam_pwdb.so -session required /lib/security/pam_limits.so diff --git a/crypto/openssh/contrib/cygwin/Makefile b/crypto/openssh/contrib/cygwin/Makefile deleted file mode 100644 index 09e8ea2db213..000000000000 --- a/crypto/openssh/contrib/cygwin/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -srcdir=../.. -prefix=/usr -exec_prefix=$(prefix) -bindir=$(prefix)/bin -datadir=$(prefix)/share -docdir=$(datadir)/doc -sshdocdir=$(docdir)/openssh -cygdocdir=$(docdir)/Cygwin -sysconfdir=/etc -defaultsdir=$(sysconfdir)/defaults/etc -PRIVSEP_PATH=/var/empty -INSTALL=/usr/bin/install -c - -DESTDIR= - -all: - @echo - @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'" - @echo "Be sure having DESTDIR set correctly!" - @echo - -move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config - $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir) - mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir) - mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir) - -remove-empty-dir: - rm -rf $(DESTDIR)$(PRIVSEP_PATH) - -install-sshdoc: - $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir) - $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS - $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog - $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE - $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW - $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README - $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns - $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep - $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard - $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff - $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO - $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG - -install-cygwindoc: README - $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir) - $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README - -install-doc: install-sshdoc install-cygwindoc - -install-scripts: ssh-host-config ssh-user-config - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config - $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config - -cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts - @echo "Cygwin specific configuration finished." diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README deleted file mode 100644 index fc0a2f69bd4b..000000000000 --- a/crypto/openssh/contrib/cygwin/README +++ /dev/null @@ -1,224 +0,0 @@ -This package describes important Cygwin specific stuff concerning OpenSSH. - -The binary package is usually built for recent Cygwin versions and might -not run on older versions. Please check http://cygwin.com/ for information -about current Cygwin releases. - -Build instructions are at the end of the file. - -=========================================================================== -Important change since 3.7.1p2-2: - -The ssh-host-config file doesn't create the /etc/ssh_config and -/etc/sshd_config files from builtin here-scripts anymore, but it uses -skeleton files installed in /etc/defaults/etc. - -Also it now tries hard to create appropriate permissions on files. -Same applies for ssh-user-config. - -After creating the sshd service with ssh-host-config, it's advisable to -call ssh-user-config for all affected users, also already exising user -configurations. In the latter case, file and directory permissions are -checked and changed, if requireed to match the host configuration. - -Important note for Windows 2003 Server users: ---------------------------------------------- - -2003 Server has a funny new feature. When starting services under SYSTEM -account, these services have nearly all user rights which SYSTEM holds... -except for the "Create a token object" right, which is needed to allow -public key authentication :-( - -There's no way around this, except for creating a substitute account which -has the appropriate privileges. Basically, this account should be member -of the administrators group, plus it should have the following user rights: - - Create a token object - Logon as a service - Replace a process level token - Increase Quota - -The ssh-host-config script asks you, if it should create such an account, -called "sshd_server". If you say "no" here, you're on your own. Please -follow the instruction in ssh-host-config exactly if possible. Note that -ssh-user-config sets the permissions on 2003 Server machines dependent of -whether a sshd_server account exists or not. -=========================================================================== - -=========================================================================== -Important change since 3.4p1-2: - -This version adds privilege separation as default setting, see -/usr/doc/openssh/README.privsep. According to that document the -privsep feature requires a non-privileged account called 'sshd'. - -The new ssh-host-config file which is part of this version asks -to create 'sshd' as local user if you want to use privilege -separation. If you confirm, it creates that NT user and adds -the necessary entry to /etc/passwd. - -On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" -since that feature doesn't make any sense on a system which doesn't -differ between privileged and unprivileged users. - -The new ssh-host-config script also adds the /var/empty directory -needed by privilege separation. When creating the /var/empty directory -by yourself, please note that in contrast to the README.privsep document -the owner sshould not be "root" but the user which is running sshd. So, -in the standard configuration this is SYSTEM. The ssh-host-config script -chowns /var/empty accordingly. -=========================================================================== - -=========================================================================== -Important change since 3.0.1p1-2: - -This version introduces the ability to register sshd as service on -Windows 9x/Me systems. This is done only when the options -D and/or --d are not given. -=========================================================================== - -=========================================================================== -Important change since 2.9p2: - -Since Cygwin is able to switch user context without password beginning -with version 1.3.2, OpenSSH now allows to do so when it's running under -a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to -allow that feature. -=========================================================================== - -=========================================================================== -Important change since 2.3.0p1: - -When using `ntea' or `ntsec' you now have to care for the ownership -and permission bits of your host key files and your private key files. -The host key files have to be owned by the NT account which starts -sshd. The user key files have to be owned by the user. The permission -bits of the private key files (host and user) have to be at least -rw------- (0600)! - -Note that this is forced under `ntsec' only if the files are on a NTFS -filesystem (which is recommended) due to the lack of any basic security -features of the FAT/FAT32 filesystems. -=========================================================================== - -If you are installing OpenSSH the first time, you can generate global config -files and server keys by running - - /usr/bin/ssh-host-config - -Note that this binary archive doesn't contain default config files in /etc. -That files are only created if ssh-host-config is started. - -If you are updating your installation you may run the above ssh-host-config -as well to move your configuration files to the new location and to -erase the files at the old location. - -To support testing and unattended installation ssh-host-config got -some options: - -usage: ssh-host-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --cygwin -c <options> Use "options" as value for CYGWIN environment var. - --port -p <n> sshd listens on port n. - --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. - -Additionally ssh-host-config now asks if it should install sshd as a -service when running under NT/W2K. This requires cygrunsrv installed. - -You can create the private and public keys for a user now by running - - /usr/bin/ssh-user-config - -under the users account. - -To support testing and unattended installation ssh-user-config got -some options as well: - -usage: ssh-user-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --passphrase -p word Use "word" as passphrase automatically. - -Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd -(results in very slow deamon startup!) or from the command line (recommended -on 9X/ME). - -If you start sshd as deamon via cygrunsrv.exe you MUST give the -"-D" option to sshd. Otherwise the service can't get started at all. - -If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the -following line to your inetd.conf file: - -ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i - -Moreover you'll have to add the following line to your -${SYSTEMROOT}/system32/drivers/etc/services file: - - ssh 22/tcp #SSH daemon - -Please note that OpenSSH does never use the value of $HOME to -search for the users configuration files! It always uses the -value of the pw_dir field in /etc/passwd as the home directory. -If no home diretory is set in /etc/passwd, the root directory -is used instead! - -You may use all features of the CYGWIN=ntsec setting the same -way as they are used by Cygwin's login(1) port: - - The pw_gecos field may contain an additional field, that begins - with (upper case!) "U-", followed by the domain and the username - separated by a backslash. - CAUTION: The SID _must_ remain the _last_ field in pw_gecos! - BTW: The field separator in pw_gecos is the comma. - The username in pw_name itself may be any nice name: - - domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... - - Now you may use `domuser' as your login name with telnet! - This is possible additionally for local users, if you don't like - your NT login name ;-) You only have to leave out the domain: - - locuser::1104:513:John Doe,U-user,S-1-5-21-... - -Note that the CYGWIN=ntsec setting is required for public key authentication. - -SSH2 server and user keys are generated by the `ssh-*-config' scripts -as well. - -If you want to build from source, the following options to -configure are used for the Cygwin binary distribution: - - --prefix=/usr \ - --sysconfdir=/etc \ - --libexecdir='$(sbindir)' \ - --localstatedir=/var \ - --datadir='$(prefix)/share' \ - --mandir='$(datadir)/man' \ - --with-tcp-wrappers - -If you want to create a Cygwin package, equivalent to the one -in the Cygwin binary distribution, install like this: - - mkdir /tmp/cygwin-ssh - cd $(builddir) - make install DESTDIR=/tmp/cygwin-ssh - cd $(srcdir)/contrib/cygwin - make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh - cd /tmp/cygwin-ssh - find * \! -type d | tar cvjfT my-openssh.tar.bz2 - - -You must have installed the zlib and openssl-devel packages to be able to -build OpenSSH! - -Please send requests, error reports etc. to cygwin@cygwin.com. - -Have fun, - -Corinna Vinschen -Cygwin Developer -Red Hat Inc. diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config deleted file mode 100644 index 9c0dabf41b4d..000000000000 --- a/crypto/openssh/contrib/cygwin/ssh-host-config +++ /dev/null @@ -1,592 +0,0 @@ -#!/bin/bash -# -# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc. -# -# This file is part of the Cygwin port of OpenSSH. - -# Subdirectory where the new package is being installed -PREFIX=/usr - -# Directory where the config files are stored -SYSCONFDIR=/etc -LOCALSTATEDIR=/var - -progname=$0 -auto_answer="" -port_number=22 - -privsep_configured=no -privsep_used=yes -sshd_in_passwd=no -sshd_in_sam=no - -request() -{ - if [ "${auto_answer}" = "yes" ] - then - echo "$1 (yes/no) yes" - return 0 - elif [ "${auto_answer}" = "no" ] - then - echo "$1 (yes/no) no" - return 1 - fi - - answer="" - while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] - do - echo -n "$1 (yes/no) " - read -e answer - done - if [ "X${answer}" = "Xyes" ] - then - return 0 - else - return 1 - fi -} - -# Check options - -while : -do - case $# in - 0) - break - ;; - esac - - option=$1 - shift - - case "${option}" in - -d | --debug ) - set -x - ;; - - -y | --yes ) - auto_answer=yes - ;; - - -n | --no ) - auto_answer=no - ;; - - -c | --cygwin ) - cygwin_value="$1" - shift - ;; - - -p | --port ) - port_number=$1 - shift - ;; - - -w | --pwd ) - password_value="$1" - shift - ;; - - *) - echo "usage: ${progname} [OPTION]..." - echo - echo "This script creates an OpenSSH host configuration." - echo - echo "Options:" - echo " --debug -d Enable shell's debug output." - echo " --yes -y Answer all questions with \"yes\" automatically." - echo " --no -n Answer all questions with \"no\" automatically." - echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." - echo " --port -p <n> sshd listens on port n." - echo " --pwd -w <passwd> Use \"pwd\" as password for user 'sshd_server'." - echo - exit 1 - ;; - - esac -done - -# Check if running on NT -_sys="`uname`" -_nt=`expr "${_sys}" : "CYGWIN_NT"` -# If running on NT, check if running under 2003 Server or later -if [ ${_nt} -gt 0 ] -then - _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` -fi - -# Check for running ssh/sshd processes first. Refuse to do anything while -# some ssh processes are still running - -if ps -ef | grep -v grep | grep -q ssh -then - echo - echo "There are still ssh processes running. Please shut them down first." - echo - exit 1 -fi - -# Check for ${SYSCONFDIR} directory - -if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ] -then - echo - echo "${SYSCONFDIR} is existant but not a directory." - echo "Cannot create global configuration files." - echo - exit 1 -fi - -# Create it if necessary - -if [ ! -e "${SYSCONFDIR}" ] -then - mkdir "${SYSCONFDIR}" - if [ ! -e "${SYSCONFDIR}" ] - then - echo - echo "Creating ${SYSCONFDIR} directory failed" - echo - exit 1 - fi -fi - -# Create /var/log and /var/log/lastlog if not already existing - -if [ -f ${LOCALSTATEDIR}/log ] -then - echo "Creating ${LOCALSTATEDIR}/log failed!" -else - if [ ! -d ${LOCALSTATEDIR}/log ] - then - mkdir -p ${LOCALSTATEDIR}/log - fi - if [ -d ${LOCALSTATEDIR}/log/lastlog ] - then - chmod 777 ${LOCALSTATEDIR}/log/lastlog - elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] - then - cat /dev/null > ${LOCALSTATEDIR}/log/lastlog - chmod 666 ${LOCALSTATEDIR}/log/lastlog - fi -fi - -# Create /var/empty file used as chroot jail for privilege separation -if [ -f ${LOCALSTATEDIR}/empty ] -then - echo "Creating ${LOCALSTATEDIR}/empty failed!" -else - mkdir -p ${LOCALSTATEDIR}/empty - if [ ${_nt} -gt 0 ] - then - chmod 755 ${LOCALSTATEDIR}/empty - fi -fi - -# First generate host keys if not already existing - -if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_key" - ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null -fi - -if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key" - ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null -fi - -if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] -then - echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key" - ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null -fi - -# Check if ssh_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/ssh_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?" - then - rm -f "${SYSCONFDIR}/ssh_config" - if [ -f "${SYSCONFDIR}/ssh_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected." - fi - fi -fi - -# Create default ssh_config from skeleton file in /etc/defaults/etc - -if [ ! -f "${SYSCONFDIR}/ssh_config" ] -then - echo "Generating ${SYSCONFDIR}/ssh_config file" - cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config - if [ "${port_number}" != "22" ] - then - echo "Host localhost" >> ${SYSCONFDIR}/ssh_config - echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config - fi -fi - -# Check if sshd_config exists. If yes, ask for overwriting - -if [ -f "${SYSCONFDIR}/sshd_config" ] -then - if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?" - then - rm -f "${SYSCONFDIR}/sshd_config" - if [ -f "${SYSCONFDIR}/sshd_config" ] - then - echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." - fi - else - grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes - fi -fi - -# Prior to creating or modifying sshd_config, care for privilege separation - -if [ "${privsep_configured}" != "yes" ] -then - if [ ${_nt} -gt 0 ] - then - echo "Privilege separation is set to yes by default since OpenSSH 3.3." - echo "However, this requires a non-privileged account called 'sshd'." - echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." - echo - if request "Should privilege separation be used?" - then - privsep_used=yes - grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes - net user sshd >/dev/null 2>&1 && sshd_in_sam=yes - if [ "${sshd_in_passwd}" != "yes" ] - then - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: The following function requires administrator privileges!" - if request "Should this script create a local user 'sshd' on this machine?" - then - dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` - net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: Creating the user 'sshd' failed!" - fi - fi - fi - if [ "${sshd_in_sam}" != "yes" ] - then - echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" - echo " Privilege separation set to 'no' again!" - echo " Check your ${SYSCONFDIR}/sshd_config file!" - privsep_used=no - else - mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd - fi - fi - else - privsep_used=no - fi - else - # On 9x don't use privilege separation. Since security isn't - # available it just adds useless additional processes. - privsep_used=no - fi -fi - -# Create default sshd_config from skeleton files in /etc/defaults/etc or -# modify to add the missing privsep configuration option - -if [ ! -f "${SYSCONFDIR}/sshd_config" ] -then - echo "Generating ${SYSCONFDIR}/sshd_config file" - sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ - s/^#Port 22/Port ${port_number}/ - s/^#StrictModes yes/StrictModes no/" \ - < ${SYSCONFDIR}/defaults/etc/sshd_config \ - > ${SYSCONFDIR}/sshd_config -elif [ "${privsep_configured}" != "yes" ] -then - echo >> ${SYSCONFDIR}/sshd_config - echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config -fi - -# Care for services file -_my_etcdir="/ssh-host-config.$$" -if [ ${_nt} -gt 0 ] -then - _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc" - _services="${_my_etcdir}/services" - # On NT, 27 spaces, no space after the hash - _spaces=" #" -else - _win_etcdir="${WINDIR}" - _services="${_my_etcdir}/SERVICES" - # On 9x, 18 spaces (95 is very touchy), a space after the hash - _spaces=" # " -fi -_serv_tmp="${_my_etcdir}/srv.out.$$" - -mount -t -f "${_win_etcdir}" "${_my_etcdir}" - -# Depends on the above mount -_wservices=`cygpath -w "${_services}"` - -# Remove sshd 22/port from services -if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] -then - grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" - if [ -f "${_serv_tmp}" ] - then - if mv "${_serv_tmp}" "${_services}" - then - echo "Removing sshd from ${_wservices}" - else - echo "Removing sshd from ${_wservices} failed!" - fi - rm -f "${_serv_tmp}" - else - echo "Removing sshd from ${_wservices} failed!" - fi -fi - -# Add ssh 22/tcp and ssh 22/udp to services -if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] -then - if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" - then - if mv "${_serv_tmp}" "${_services}" - then - echo "Added ssh to ${_wservices}" - else - echo "Adding ssh to ${_wservices} failed!" - fi - rm -f "${_serv_tmp}" - else - echo "WARNING: Adding ssh to ${_wservices} failed!" - fi -fi - -umount "${_my_etcdir}" - -# Care for inetd.conf file -_inetcnf="${SYSCONFDIR}/inetd.conf" -_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" - -if [ -f "${_inetcnf}" ] -then - # Check if ssh service is already in use as sshd - with_comment=1 - grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0 - # Remove sshd line from inetd.conf - if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] - then - grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" - if [ -f "${_inetcnf_tmp}" ] - then - if mv "${_inetcnf_tmp}" "${_inetcnf}" - then - echo "Removed sshd from ${_inetcnf}" - else - echo "Removing sshd from ${_inetcnf} failed!" - fi - rm -f "${_inetcnf_tmp}" - else - echo "Removing sshd from ${_inetcnf} failed!" - fi - fi - - # Add ssh line to inetd.conf - if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] - then - if [ "${with_comment}" -eq 0 ] - then - echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" - else - echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" - fi - echo "Added ssh to ${_inetcnf}" - fi -fi - -# On NT ask if sshd should be installed as service -if [ ${_nt} -gt 0 ] -then - # But only if it is not already installed - if ! cygrunsrv -Q sshd > /dev/null 2>&1 - then - echo - echo - echo "Warning: The following functions require administrator privileges!" - echo - echo "Do you want to install sshd as service?" - if request "(Say \"no\" if it's already installed as service)" - then - if [ $_nt2003 -gt 0 ] - then - grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes - if [ "${sshd_server_in_passwd}" = "yes" ] - then - # Drop sshd_server from passwd since it could have wrong settings - grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$ - rm -f ${SYSCONFDIR}/passwd - mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd - chmod g-w,o-w ${SYSCONFDIR}/passwd - fi - net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes - if [ "${sshd_server_in_sam}" != "yes" ] - then - echo - echo "You appear to be running Windows 2003 Server or later. On 2003 and" - echo "later systems, it's not possible to use the LocalSystem account" - echo "if sshd should allow passwordless logon (e. g. public key authentication)." - echo "If you want to enable that functionality, it's required to create a new" - echo "account 'sshd_server' with special privileges, which is then used to run" - echo "the sshd service under." - echo - echo "Should this script create a new local account 'sshd_server' which has" - if request "the required privileges?" - then - _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` - if [ -z "${_admingroup}" ] - then - echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" - echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'" - echo "and restart this script." - exit 1 - fi - dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` - while [ "${sshd_server_in_sam}" != "yes" ] - do - if [ -n "${password_value}" ] - then - _password="${password_value}" - # Allow to ask for password if first try fails - password_value="" - else - echo - echo "Please enter a password for new user 'sshd_server'. Please be sure that" - echo "this password matches the password rules given on your system." - echo -n "Entering no password will exit the configuration. PASSWORD=" - read -e _password - if [ -z "${_password}" ] - then - echo - echo "Exiting configuration. No user sshd_server has been created," - echo "no sshd service installed." - exit 1 - fi - fi - net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes - if [ "${sshd_server_in_sam}" != "yes" ] - then - echo "Creating the user 'sshd_server' failed! Reason:" - cat /tmp/nu.$$ - rm /tmp/nu.$$ - fi - done - net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes - if [ "${sshd_server_in_admingroup}" != "yes" ] - then - echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!" - echo "Please add sshd_server to local group ${_admingroup} before" - echo "starting the sshd service!" - echo - fi - passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'` - if [ "${passwd_has_expiry_flags}" != "yes" ] - then - echo - echo "WARNING: User sshd_server has password expiry set to system default." - echo "Please check that password never expires or set it to your needs." - elif ! passwd -e sshd_server - then - echo - echo "WARNING: Setting password expiry for user sshd_server failed!" - echo "Please check that password never expires or set it to your needs." - fi - editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && - editrights -a SeCreateTokenPrivilege -u sshd_server && - editrights -a SeDenyInteractiveLogonRight -u sshd_server && - editrights -a SeDenyNetworkLogonRight -u sshd_server && - editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && - editrights -a SeIncreaseQuotaPrivilege -u sshd_server && - editrights -a SeServiceLogonRight -u sshd_server && - sshd_server_got_all_rights="yes" - if [ "${sshd_server_got_all_rights}" != "yes" ] - then - echo - echo "Assigning the appropriate privileges to user 'sshd_server' failed!" - echo "Can't create sshd service!" - exit 1 - fi - echo - echo "User 'sshd_server' has been created with password '${_password}'." - echo "If you change the password, please keep in mind to change the password" - echo "for the sshd service, too." - echo - echo "Also keep in mind that the user sshd_server needs read permissions on all" - echo "users' .ssh/authorized_keys file to allow public key authentication for" - echo "these users!. (Re-)running ssh-user-config for each user will set the" - echo "required permissions correctly." - echo - fi - fi - if [ "${sshd_server_in_sam}" = "yes" ] - then - mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd - fi - fi - if [ -n "${cygwin_value}" ] - then - _cygwin="${cygwin_value}" - else - echo - echo "Which value should the environment variable CYGWIN have when" - echo "sshd starts? It's recommended to set at least \"ntsec\" to be" - echo "able to change user context without password." - echo -n "Default is \"ntsec\". CYGWIN=" - read -e _cygwin - fi - [ -z "${_cygwin}" ] && _cygwin="ntsec" - if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] - then - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" - then - echo - echo "The service has been installed under sshd_server account." - echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." - fi - else - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" - then - echo - echo "The service has been installed under LocalSystem account." - echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." - fi - fi - fi - # Now check if sshd has been successfully installed. This allows to - # set the ownership of the affected files correctly. - if cygrunsrv -Q sshd > /dev/null 2>&1 - then - if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] - then - _user="sshd_server" - else - _user="system" - fi - chown "${_user}" ${SYSCONFDIR}/ssh* - chown "${_user}".544 ${LOCALSTATEDIR}/empty - if [ -f ${LOCALSTATEDIR}/log/sshd.log ] - then - chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log - fi - fi - fi -fi - -echo -echo "Host configuration finished. Have fun!" diff --git a/crypto/openssh/contrib/cygwin/ssh-user-config b/crypto/openssh/contrib/cygwin/ssh-user-config deleted file mode 100644 index fe07ce3609bb..000000000000 --- a/crypto/openssh/contrib/cygwin/ssh-user-config +++ /dev/null @@ -1,250 +0,0 @@ -#!/bin/sh -# -# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. -# -# This file is part of the Cygwin port of OpenSSH. - -# Directory where the config files are stored -SYSCONFDIR=/etc - -progname=$0 -auto_answer="" -auto_passphrase="no" -passphrase="" - -request() -{ - if [ "${auto_answer}" = "yes" ] - then - return 0 - elif [ "${auto_answer}" = "no" ] - then - return 1 - fi - - answer="" - while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] - do - echo -n "$1 (yes/no) " - read answer - done - if [ "X${answer}" = "Xyes" ] - then - return 0 - else - return 1 - fi -} - -# Check if running on NT -_sys="`uname -a`" -_nt=`expr "$_sys" : "CYGWIN_NT"` -# If running on NT, check if running under 2003 Server or later -if [ $_nt -gt 0 ] -then - _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` -fi - -# Check options - -while : -do - case $# in - 0) - break - ;; - esac - - option=$1 - shift - - case "$option" in - -d | --debug ) - set -x - ;; - - -y | --yes ) - auto_answer=yes - ;; - - -n | --no ) - auto_answer=no - ;; - - -p | --passphrase ) - with_passphrase="yes" - passphrase=$1 - shift - ;; - - *) - echo "usage: ${progname} [OPTION]..." - echo - echo "This script creates an OpenSSH user configuration." - echo - echo "Options:" - echo " --debug -d Enable shell's debug output." - echo " --yes -y Answer all questions with \"yes\" automatically." - echo " --no -n Answer all questions with \"no\" automatically." - echo " --passphrase -p word Use \"word\" as passphrase automatically." - echo - exit 1 - ;; - - esac -done - -# Ask user if user identity should be generated - -if [ ! -f ${SYSCONFDIR}/passwd ] -then - echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" - echo 'first using mkpasswd. Check if it contains an entry for you and' - echo 'please care for the home directory in your entry as well.' - exit 1 -fi - -uid=`id -u` -pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd` - -if [ "X${pwdhome}" = "X" ] -then - echo "There is no home directory set for you in ${SYSCONFDIR}/passwd." - echo 'Setting $HOME is not sufficient!' - exit 1 -fi - -if [ ! -d "${pwdhome}" ] -then - echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" - echo 'but it is not a valid directory. Cannot create user identity files.' - exit 1 -fi - -# If home is the root dir, set home to empty string to avoid error messages -# in subsequent parts of that script. -if [ "X${pwdhome}" = "X/" ] -then - # But first raise a warning! - echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" - if request "Would you like to proceed anyway?" - then - pwdhome='' - else - exit 1 - fi -fi - -if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] -then - echo - echo 'WARNING: group and other have been revoked write permission to your home' - echo " directory ${pwdhome}." - echo ' This is required by OpenSSH to allow public key authentication using' - echo ' the key files stored in your .ssh subdirectory.' - echo ' Revert this change ONLY if you know what you are doing!' - echo -fi - -if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] -then - echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." - exit 1 -fi - -if [ ! -e "${pwdhome}/.ssh" ] -then - mkdir "${pwdhome}/.ssh" - if [ ! -e "${pwdhome}/.ssh" ] - then - echo "Creating users ${pwdhome}/.ssh directory failed" - exit 1 - fi -fi - -if [ $_nt -gt 0 ] -then - _user="system" - if [ $_nt2003 -gt 0 ] - then - grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server" - fi - if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh" - then - echo "${pwdhome}/.ssh couldn't be given the correct permissions." - echo "Please try to solve this problem first." - exit 1 - fi -fi - -if [ ! -f "${pwdhome}/.ssh/identity" ] -then - if request "Shall I create an SSH1 RSA identity file for you?" - then - echo "Generating ${pwdhome}/.ssh/identity" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null - else - ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ ! -f "${pwdhome}/.ssh/id_rsa" ] -then - if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " - then - echo "Generating ${pwdhome}/.ssh/id_rsa" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null - else - ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ ! -f "${pwdhome}/.ssh/id_dsa" ] -then - if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " - then - echo "Generating ${pwdhome}/.ssh/id_dsa" - if [ "${with_passphrase}" = "yes" ] - then - ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null - else - ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null - fi - if request "Do you want to use this identity to login to this machine?" - then - echo "Adding to ${pwdhome}/.ssh/authorized_keys" - cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" - fi - fi -fi - -if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ] -then - if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" - then - echo - echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" - echo "failed. Please care for the correct permissions. The minimum requirement" - echo "is, the owner and ${_user} both need read permissions." - echo - fi -fi - -echo -echo "Configuration finished. Have fun!" diff --git a/crypto/openssh/contrib/findssl.sh b/crypto/openssh/contrib/findssl.sh deleted file mode 100644 index 0c08d4a189af..000000000000 --- a/crypto/openssh/contrib/findssl.sh +++ /dev/null @@ -1,159 +0,0 @@ -#!/bin/sh -# -# findssl.sh -# Search for all instances of OpenSSL headers and libraries -# and print their versions. -# Intended to help diagnose OpenSSH's "OpenSSL headers do not -# match your library" errors. -# -# Written by Darren Tucker (dtucker at zip dot com dot au) -# This file is placed in the public domain. -# -# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $ -# 2002-07-27: Initial release. -# 2002-08-04: Added public domain notice. -# 2003-06-24: Incorporated readme, set library paths. First cvs version. -# -# "OpenSSL headers do not match your library" are usually caused by -# OpenSSH's configure picking up an older version of OpenSSL headers -# or libraries. You can use the following # procedure to help identify -# the cause. -# -# The output of configure will tell you the versions of the OpenSSL -# headers and libraries that were picked up, for example: -# -# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002) -# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) -# checking whether OpenSSL's headers match the library... no -# configure: error: Your OpenSSL headers do not match your library -# -# Now run findssl.sh. This should identify the headers and libraries -# present and their versions. You should be able to identify the -# libraries and headers used and adjust your CFLAGS or remove incorrect -# versions. The output will show OpenSSL's internal version identifier -# and should look something like: - -# $ ./findssl.sh -# Searching for OpenSSL header files. -# 0x0090604fL /usr/include/openssl/opensslv.h -# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h -# -# Searching for OpenSSL shared library files. -# 0x0090602fL /lib/libcrypto.so.0.9.6b -# 0x0090602fL /lib/libcrypto.so.2 -# 0x0090581fL /usr/lib/libcrypto.so.0 -# 0x0090602fL /usr/lib/libcrypto.so -# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a -# 0x0090600fL /usr/lib/libcrypto.so.0.9.6 -# 0x0090600fL /usr/lib/libcrypto.so.1 -# -# Searching for OpenSSL static library files. -# 0x0090602fL /usr/lib/libcrypto.a -# 0x0090604fL /usr/local/ssl/lib/libcrypto.a -# -# In this example, I gave configure no extra flags, so it's picking up -# the OpenSSL header from /usr/include/openssl (90604f) and the library -# from /usr/lib/ (90602f). - -# -# Adjust these to suit your compiler. -# You may also need to set the *LIB*PATH environment variables if -# DEFAULT_LIBPATH is not correct for your system. -# -CC=gcc -STATIC=-static - -# -# Set up conftest C source -# -rm -f findssl.log -cat >conftest.c <<EOD -#include <stdio.h> -int main(){printf("0x%08xL\n", SSLeay());} -EOD - -# -# Set default library paths if not already set -# -DEFAULT_LIBPATH=/usr/lib:/usr/local/lib -LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH} -LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} -LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} -export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH - -# -# Search for OpenSSL headers and print versions -# -echo Searching for OpenSSL header files. -if [ -x "`which locate`" ] -then - headers=`locate opensslv.h` -else - headers=`find / -name opensslv.h -print 2>/dev/null` -fi - -for header in $headers -do - ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header` - echo "$ver $header" -done -echo - -# -# Search for shared libraries. -# Relies on shared libraries looking like "libcrypto.s*" -# -echo Searching for OpenSSL shared library files. -if [ -x "`which locate`" ] -then - libraries=`locate libcrypto.s` -else - libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null` -fi - -for lib in $libraries -do - (echo "Trying libcrypto $lib" >>findssl.log - dir=`dirname $lib` - LIBPATH="$dir:$LIBPATH" - LD_LIBRARY_PATH="$dir:$LIBPATH" - LIBRARY_PATH="$dir:$LIBPATH" - export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH - ${CC} -o conftest conftest.c $lib 2>>findssl.log - if [ -x ./conftest ] - then - ver=`./conftest 2>/dev/null` - rm -f ./conftest - echo "$ver $lib" - fi) -done -echo - -# -# Search for static OpenSSL libraries and print versions -# -echo Searching for OpenSSL static library files. -if [ -x "`which locate`" ] -then - libraries=`locate libcrypto.a` -else - libraries=`find / -name libcrypto.a -print 2>/dev/null` -fi - -for lib in $libraries -do - libdir=`dirname $lib` - echo "Trying libcrypto $lib" >>findssl.log - ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log - if [ -x ./conftest ] - then - ver=`./conftest 2>/dev/null` - rm -f ./conftest - echo "$ver $lib" - fi -done - -# -# Clean up -# -rm -f conftest.c diff --git a/crypto/openssh/contrib/gnome-ssh-askpass1.c b/crypto/openssh/contrib/gnome-ssh-askpass1.c deleted file mode 100644 index 4d51032d1d36..000000000000 --- a/crypto/openssh/contrib/gnome-ssh-askpass1.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2000-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". - * - * There is only two run-time options: if you set the environment variable - * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if - * you don't trust your X server. We grab the keyboard always. - */ - -/* - * Compile with: - * - * cc `gnome-config --cflags gnome gnomeui` \ - * gnome-ssh-askpass1.c -o gnome-ssh-askpass \ - * `gnome-config --libs gnome gnomeui` - * - */ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <gnome.h> -#include <X11/Xlib.h> -#include <gdk/gdkx.h> - -void -report_failed_grab (void) -{ - GtkWidget *err; - - err = gnome_message_box_new("Could not grab keyboard or mouse.\n" - "A malicious client may be eavesdropping on your session.", - GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL); - - gnome_dialog_run_and_close(GNOME_DIALOG(err)); -} - -int -passphrase_dialog(char *message) -{ - char *passphrase; - char **messages; - int result, i, grab_server, grab_pointer; - GtkWidget *dialog, *entry, *label; - - grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); - grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); - - dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK, - GNOME_STOCK_BUTTON_CANCEL, NULL); - - messages = g_strsplit(message, "\\n", 0); - if (messages) - for(i = 0; messages[i]; i++) { - label = gtk_label_new(messages[i]); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), - label, FALSE, FALSE, 0); - } - - entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, - FALSE, 0); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - - /* Center window and prepare for grab */ - gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL); - gnome_dialog_set_default(GNOME_DIALOG(dialog), 0); - gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE); - gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE); - gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox), - GNOME_PAD); - gtk_widget_show_all(dialog); - - /* Grab focus */ - if (grab_server) - XGrabServer(GDK_DISPLAY()); - if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, - NULL, NULL, GDK_CURRENT_TIME)) - goto nograb; - if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME)) - goto nograbkb; - - /* Make <enter> close dialog */ - gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry)); - - /* Run dialog */ - result = gnome_dialog_run(GNOME_DIALOG(dialog)); - - /* Ungrab */ - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - if (grab_pointer) - gdk_pointer_ungrab(GDK_CURRENT_TIME); - gdk_keyboard_ungrab(GDK_CURRENT_TIME); - gdk_flush(); - - /* Report passphrase if user selected OK */ - passphrase = gtk_entry_get_text(GTK_ENTRY(entry)); - if (result == 0) - puts(passphrase); - - /* Zero passphrase in memory */ - memset(passphrase, '\0', strlen(passphrase)); - gtk_entry_set_text(GTK_ENTRY(entry), passphrase); - - gnome_dialog_close(GNOME_DIALOG(dialog)); - return (result == 0 ? 0 : -1); - - /* At least one grab failed - ungrab what we got, and report - the failure to the user. Note that XGrabServer() cannot - fail. */ - nograbkb: - gdk_pointer_ungrab(GDK_CURRENT_TIME); - nograb: - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - gnome_dialog_close(GNOME_DIALOG(dialog)); - - report_failed_grab(); - return (-1); -} - -int -main(int argc, char **argv) -{ - char *message; - int result; - - gnome_init("GNOME ssh-askpass", "0.1", argc, argv); - - if (argc == 2) - message = argv[1]; - else - message = "Enter your OpenSSH passphrase:"; - - setvbuf(stdout, 0, _IONBF, 0); - result = passphrase_dialog(message); - - return (result); -} diff --git a/crypto/openssh/contrib/gnome-ssh-askpass2.c b/crypto/openssh/contrib/gnome-ssh-askpass2.c deleted file mode 100644 index 0ce8daec9b14..000000000000 --- a/crypto/openssh/contrib/gnome-ssh-askpass2.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */ - -/* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". - * - * There is only two run-time options: if you set the environment variable - * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if - * you don't trust your X server. We grab the keyboard always. - */ - -#define GRAB_TRIES 16 -#define GRAB_WAIT 250 /* milliseconds */ - -/* - * Compile with: - * - * cc -Wall `pkg-config --cflags gtk+-2.0` \ - * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ - * `pkg-config --libs gtk+-2.0` - * - */ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <X11/Xlib.h> -#include <gtk/gtk.h> -#include <gdk/gdkx.h> - -static void -report_failed_grab (const char *what) -{ - GtkWidget *err; - - err = gtk_message_dialog_new(NULL, 0, - GTK_MESSAGE_ERROR, - GTK_BUTTONS_CLOSE, - "Could not grab %s. " - "A malicious client may be eavesdropping " - "on your session.", what); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label), - TRUE); - - gtk_dialog_run(GTK_DIALOG(err)); - - gtk_widget_destroy(err); -} - -static void -ok_dialog(GtkWidget *entry, gpointer dialog) -{ - g_return_if_fail(GTK_IS_DIALOG(dialog)); - gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); -} - -static int -passphrase_dialog(char *message) -{ - const char *failed; - char *passphrase, *local; - int result, grab_tries, grab_server, grab_pointer; - GtkWidget *dialog, *entry; - GdkGrabStatus status; - - grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); - grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); - grab_tries = 0; - - dialog = gtk_message_dialog_new(NULL, 0, - GTK_MESSAGE_QUESTION, - GTK_BUTTONS_OK_CANCEL, - "%s", - message); - - entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, - FALSE, 0); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - gtk_widget_show(entry); - - gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); - gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label), - TRUE); - - /* Make <enter> close dialog */ - gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - g_signal_connect(G_OBJECT(entry), "activate", - G_CALLBACK(ok_dialog), dialog); - - /* Grab focus */ - gtk_widget_show_now(dialog); - if (grab_pointer) { - for(;;) { - status = gdk_pointer_grab( - (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, - NULL, GDK_CURRENT_TIME); - if (status == GDK_GRAB_SUCCESS) - break; - usleep(GRAB_WAIT * 1000); - if (++grab_tries > GRAB_TRIES) { - failed = "mouse"; - goto nograb; - } - } - } - for(;;) { - status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, - FALSE, GDK_CURRENT_TIME); - if (status == GDK_GRAB_SUCCESS) - break; - usleep(GRAB_WAIT * 1000); - if (++grab_tries > GRAB_TRIES) { - failed = "keyboard"; - goto nograbkb; - } - } - if (grab_server) { - gdk_x11_grab_server(); - } - - result = gtk_dialog_run(GTK_DIALOG(dialog)); - - /* Ungrab */ - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - if (grab_pointer) - gdk_pointer_ungrab(GDK_CURRENT_TIME); - gdk_keyboard_ungrab(GDK_CURRENT_TIME); - gdk_flush(); - - /* Report passphrase if user selected OK */ - passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); - if (result == GTK_RESPONSE_OK) { - local = g_locale_from_utf8(passphrase, strlen(passphrase), - NULL, NULL, NULL); - if (local != NULL) { - puts(local); - memset(local, '\0', strlen(local)); - g_free(local); - } else { - puts(passphrase); - } - } - - /* Zero passphrase in memory */ - memset(passphrase, '\b', strlen(passphrase)); - gtk_entry_set_text(GTK_ENTRY(entry), passphrase); - memset(passphrase, '\0', strlen(passphrase)); - g_free(passphrase); - - gtk_widget_destroy(dialog); - return (result == GTK_RESPONSE_OK ? 0 : -1); - - /* At least one grab failed - ungrab what we got, and report - the failure to the user. Note that XGrabServer() cannot - fail. */ - nograbkb: - gdk_pointer_ungrab(GDK_CURRENT_TIME); - nograb: - if (grab_server) - XUngrabServer(GDK_DISPLAY()); - gtk_widget_destroy(dialog); - - report_failed_grab(failed); - - return (-1); -} - -int -main(int argc, char **argv) -{ - char *message; - int result; - - gtk_init(&argc, &argv); - - if (argc > 1) { - message = g_strjoinv(" ", argv + 1); - } else { - message = g_strdup("Enter your OpenSSH passphrase:"); - } - - setvbuf(stdout, 0, _IONBF, 0); - result = passphrase_dialog(message); - g_free(message); - - return (result); -} diff --git a/crypto/openssh/contrib/hpux/README b/crypto/openssh/contrib/hpux/README deleted file mode 100644 index f8bfa84e4986..000000000000 --- a/crypto/openssh/contrib/hpux/README +++ /dev/null @@ -1,45 +0,0 @@ -README for OpenSSH HP-UX contrib files -Kevin Steves <stevesk@pobox.com> - -sshd: configuration file for sshd.rc -sshd.rc: SSH startup script -egd: configuration file for egd.rc -egd.rc: EGD (entropy gathering daemon) startup script - -To install: - -sshd.rc: - -o Verify paths in sshd.rc match your local installation - (WHAT_PATH and WHAT_PID) -o Customize sshd if needed (SSHD_ARGS) -o Install: - - # cp sshd /etc/rc.config.d - # chmod 444 /etc/rc.config.d/sshd - # cp sshd.rc /sbin/init.d - # chmod 555 /sbin/init.d/sshd.rc - # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd - # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd - -egd.rc: - -o Verify egd.pl path in egd.rc matches your local installation - (WHAT_PATH) -o Customize egd if needed (EGD_ARGS and EGD_LOG) -o Add pseudo account: - - # groupadd egd - # useradd -g egd egd - # mkdir -p /etc/opt/egd - # chown egd:egd /etc/opt/egd - # chmod 711 /etc/opt/egd - -o Install: - - # cp egd /etc/rc.config.d - # chmod 444 /etc/rc.config.d/egd - # cp egd.rc /sbin/init.d - # chmod 555 /sbin/init.d/egd.rc - # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd - # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd diff --git a/crypto/openssh/contrib/hpux/egd b/crypto/openssh/contrib/hpux/egd deleted file mode 100644 index 21af0bd13e7a..000000000000 --- a/crypto/openssh/contrib/hpux/egd +++ /dev/null @@ -1,15 +0,0 @@ -# EGD_START: Set to 1 to start entropy gathering daemon -# EGD_ARGS: Command line arguments to pass to egd -# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log) -# -# To configure the egd environment: - -# groupadd egd -# useradd -g egd egd -# mkdir -p /etc/opt/egd -# chown egd:egd /etc/opt/egd -# chmod 711 /etc/opt/egd - -EGD_START=1 -EGD_ARGS='/etc/opt/egd/entropy' -EGD_LOG= diff --git a/crypto/openssh/contrib/hpux/egd.rc b/crypto/openssh/contrib/hpux/egd.rc deleted file mode 100755 index 919dea7255cd..000000000000 --- a/crypto/openssh/contrib/hpux/egd.rc +++ /dev/null @@ -1,98 +0,0 @@ -#!/sbin/sh - -# -# egd.rc: EGD start-up and shutdown script -# - -# Allowed exit values: -# 0 = success; causes "OK" to show up in checklist. -# 1 = failure; causes "FAIL" to show up in checklist. -# 2 = skip; causes "N/A" to show up in the checklist. -# Use this value if execution of this script is overridden -# by the use of a control variable, or if this script is not -# appropriate to execute for some other reason. -# 3 = reboot; causes the system to be rebooted after execution. - -# Input and output: -# stdin is redirected from /dev/null -# -# stdout and stderr are redirected to the /etc/rc.log file -# during checklist mode, or to the console in raw mode. - -umask 022 - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -WHAT='EGD (entropy gathering daemon)' -WHAT_PATH=/opt/perl/bin/egd.pl -WHAT_CONFIG=/etc/rc.config.d/egd -WHAT_LOG=/etc/opt/egd/egd.log - -# NOTE: If your script executes in run state 0 or state 1, then /usr might -# not be available. Do not attempt to access commands or files in -# /usr unless your script executes in run state 2 or greater. Other -# file systems typically not mounted until run state 2 include /var -# and /opt. - -rval=0 - -# Check the exit value of a command run by this script. If non-zero, the -# exit code is echoed to the log file and the return value of this script -# is set to indicate failure. - -set_return() { - x=$? - if [ $x -ne 0 ]; then - echo "EXIT CODE: $x" - rval=1 # script FAILed - fi -} - -case $1 in -'start_msg') - echo "Starting $WHAT" - ;; - -'stop_msg') - echo "Stopping $WHAT" - ;; - -'start') - if [ -f $WHAT_CONFIG ] ; then - . $WHAT_CONFIG - else - echo "ERROR: $WHAT_CONFIG defaults file MISSING" - fi - - - if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then - EGD_LOG=${EGD_LOG:-$WHAT_LOG} - su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" && - echo $WHAT started - set_return - else - rval=2 - fi - ;; - -'stop') - pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'` - if [ "X$pid" != "X" ]; then - if kill "$pid"; then - echo "$WHAT stopped" - else - rval=1 - echo "Unable to stop $WHAT" - fi - fi - set_return - ;; - -*) - echo "usage: $0 {start|stop|start_msg|stop_msg}" - rval=1 - ;; -esac - -exit $rval diff --git a/crypto/openssh/contrib/hpux/sshd b/crypto/openssh/contrib/hpux/sshd deleted file mode 100644 index 8eb5e92a30bc..000000000000 --- a/crypto/openssh/contrib/hpux/sshd +++ /dev/null @@ -1,5 +0,0 @@ -# SSHD_START: Set to 1 to start SSH daemon -# SSHD_ARGS: Command line arguments to pass to sshd -# -SSHD_START=1 -SSHD_ARGS= diff --git a/crypto/openssh/contrib/hpux/sshd.rc b/crypto/openssh/contrib/hpux/sshd.rc deleted file mode 100755 index f9a10999b01c..000000000000 --- a/crypto/openssh/contrib/hpux/sshd.rc +++ /dev/null @@ -1,90 +0,0 @@ -#!/sbin/sh - -# -# sshd.rc: SSH daemon start-up and shutdown script -# - -# Allowed exit values: -# 0 = success; causes "OK" to show up in checklist. -# 1 = failure; causes "FAIL" to show up in checklist. -# 2 = skip; causes "N/A" to show up in the checklist. -# Use this value if execution of this script is overridden -# by the use of a control variable, or if this script is not -# appropriate to execute for some other reason. -# 3 = reboot; causes the system to be rebooted after execution. - -# Input and output: -# stdin is redirected from /dev/null -# -# stdout and stderr are redirected to the /etc/rc.log file -# during checklist mode, or to the console in raw mode. - -PATH=/usr/sbin:/usr/bin:/sbin -export PATH - -WHAT='OpenSSH' -WHAT_PATH=/opt/openssh/sbin/sshd -WHAT_PID=/var/run/sshd.pid -WHAT_CONFIG=/etc/rc.config.d/sshd - -# NOTE: If your script executes in run state 0 or state 1, then /usr might -# not be available. Do not attempt to access commands or files in -# /usr unless your script executes in run state 2 or greater. Other -# file systems typically not mounted until run state 2 include /var -# and /opt. - -rval=0 - -# Check the exit value of a command run by this script. If non-zero, the -# exit code is echoed to the log file and the return value of this script -# is set to indicate failure. - -set_return() { - x=$? - if [ $x -ne 0 ]; then - echo "EXIT CODE: $x" - rval=1 # script FAILed - fi -} - -case $1 in -'start_msg') - echo "Starting $WHAT" - ;; - -'stop_msg') - echo "Stopping $WHAT" - ;; - -'start') - if [ -f $WHAT_CONFIG ] ; then - . $WHAT_CONFIG - else - echo "ERROR: $WHAT_CONFIG defaults file MISSING" - fi - - if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then - $WHAT_PATH $SSHD_ARGS && echo "$WHAT started" - set_return - else - rval=2 - fi - ;; - -'stop') - if kill `cat $WHAT_PID`; then - echo "$WHAT stopped" - else - rval=1 - echo "Unable to stop $WHAT" - fi - set_return - ;; - -*) - echo "usage: $0 {start|stop|start_msg|stop_msg}" - rval=1 - ;; -esac - -exit $rval diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh deleted file mode 100644 index dd77712cdb3a..000000000000 --- a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh +++ /dev/null @@ -1 +0,0 @@ -setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh deleted file mode 100644 index 355189f45cbe..000000000000 --- a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh +++ /dev/null @@ -1,2 +0,0 @@ -SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass -export SSH_ASKPASS diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec deleted file mode 100644 index b7470092b50f..000000000000 --- a/crypto/openssh/contrib/redhat/openssh.spec +++ /dev/null @@ -1,804 +0,0 @@ -%define ver 3.8.1p1 -%define rel 1 - -# OpenSSH privilege separation requires a user & group ID -%define sshd_uid 74 -%define sshd_gid 74 - -# Version of ssh-askpass -%define aversion 1.2.4.1 - -# Do we want to disable building of x11-askpass? (1=yes 0=no) -%define no_x11_askpass 0 - -# Do we want to disable building of gnome-askpass? (1=yes 0=no) -%define no_gnome_askpass 0 - -# Do we want to link against a static libcrypto? (1=yes 0=no) -%define static_libcrypto 0 - -# Do we want smartcard support (1=yes 0=no) -%define scard 0 - -# Use GTK2 instead of GNOME in gnome-ssh-askpass -%define gtk2 1 - -# Is this build for RHL 6.x? -%define build6x 0 - -# Do we want kerberos5 support (1=yes 0=no) -%define kerberos5 1 - -# Reserve options to override askpass settings with: -# rpm -ba|--rebuild --define 'skip_xxx 1' -%{?skip_x11_askpass:%define no_x11_askpass 1} -%{?skip_gnome_askpass:%define no_gnome_askpass 1} - -# Add option to build without GTK2 for older platforms with only GTK+. -# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples. -# rpm -ba|--rebuild --define 'no_gtk2 1' -%{?no_gtk2:%define gtk2 0} - -# Is this a build for RHL 6.x or earlier? -%{?build_6x:%define build6x 1} - -# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. -%if %{build6x} -%define _sysconfdir /etc -%endif - -# Options for static OpenSSL link: -# rpm -ba|--rebuild --define "static_openssl 1" -%{?static_openssl:%define static_libcrypto 1} - -# Options for Smartcard support: (needs libsectok and openssl-engine) -# rpm -ba|--rebuild --define "smartcard 1" -%{?smartcard:%define scard 1} - -# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) -%define rescue 0 -%{?build_rescue:%define rescue 1} - -# Turn off some stuff for resuce builds -%if %{rescue} -%define kerberos5 0 -%endif - -Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. -Name: openssh -Version: %{ver} -%if %{rescue} -Release: %{rel}rescue -%else -Release: %{rel} -%endif -URL: http://www.openssh.com/portable.html -Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz -License: BSD -Group: Applications/Internet -BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot -Obsoletes: ssh -%if %{build6x} -PreReq: initscripts >= 5.00 -%else -PreReq: initscripts >= 5.20 -%endif -BuildPreReq: perl, openssl-devel, tcp_wrappers -BuildPreReq: /bin/login -%if ! %{build6x} -BuildPreReq: glibc-devel, pam -%else -BuildPreReq: /usr/include/security/pam_appl.h -%endif -%if ! %{no_x11_askpass} -BuildPreReq: XFree86-devel -%endif -%if ! %{no_gnome_askpass} -BuildPreReq: pkgconfig -%endif -%if %{kerberos5} -BuildPreReq: krb5-devel -BuildPreReq: krb5-libs -%endif - -%package clients -Summary: OpenSSH clients. -Requires: openssh = %{version}-%{release} -Group: Applications/Internet -Obsoletes: ssh-clients - -%package server -Summary: The OpenSSH server daemon. -Group: System Environment/Daemons -Obsoletes: ssh-server -PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9 -%if ! %{build6x} -Requires: /etc/pam.d/system-auth -%endif - -%package askpass -Summary: A passphrase dialog for OpenSSH and X. -Group: Applications/Internet -Requires: openssh = %{version}-%{release} -Obsoletes: ssh-extras - -%package askpass-gnome -Summary: A passphrase dialog for OpenSSH, X, and GNOME. -Group: Applications/Internet -Requires: openssh = %{version}-%{release} -Obsoletes: ssh-extras - -%description -SSH (Secure SHell) is a program for logging into and executing -commands on a remote machine. SSH is intended to replace rlogin and -rsh, and to provide secure encrypted communications between two -untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's version of the last free version of SSH, bringing -it up to date in terms of security and features, as well as removing -all patented algorithms to separate libraries. - -This package includes the core files necessary for both the OpenSSH -client and server. To make this package useful, you should also -install openssh-clients, openssh-server, or both. - -%description clients -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package includes -the clients necessary to make encrypted connections to SSH servers. -You'll also need to install the openssh package on OpenSSH clients. - -%description server -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -the secure shell daemon (sshd). The sshd daemon allows SSH clients to -securely connect to your SSH server. You also need to have the openssh -package installed. - -%description askpass -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -an X11 passphrase dialog for OpenSSH. - -%description askpass-gnome -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop -environment. - -%prep - -%if ! %{no_x11_askpass} -%setup -q -a 1 -%else -%setup -q -%endif - -%build -%if %{rescue} -CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS -%endif - -%if %{kerberos5} -K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'` -echo K5DIR=$K5DIR -%endif - -%configure \ - --sysconfdir=%{_sysconfdir}/ssh \ - --libexecdir=%{_libexecdir}/openssh \ - --datadir=%{_datadir}/openssh \ - --with-tcp-wrappers \ - --with-rsh=%{_bindir}/rsh \ - --with-default-path=/usr/local/bin:/bin:/usr/bin \ - --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ - --with-privsep-path=%{_var}/empty/sshd \ - --with-md5-passwords \ -%if %{scard} - --with-smartcard \ -%endif -%if %{rescue} - --without-pam \ -%else - --with-pam \ -%endif -%if %{kerberos5} - --with-kerberos5=$K5DIR \ -%endif - - -%if %{static_libcrypto} -perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile -%endif - -make - -%if ! %{no_x11_askpass} -pushd x11-ssh-askpass-%{aversion} -%configure --libexecdir=%{_libexecdir}/openssh -xmkmf -a -make -popd -%endif - -# Define a variable to toggle gnome1/gtk2 building. This is necessary -# because RPM doesn't handle nested %if statements. -%if %{gtk2} - gtk2=yes -%else - gtk2=no -%endif - -%if ! %{no_gnome_askpass} -pushd contrib -if [ $gtk2 = yes ] ; then - make gnome-ssh-askpass2 - mv gnome-ssh-askpass2 gnome-ssh-askpass -else - make gnome-ssh-askpass1 - mv gnome-ssh-askpass1 gnome-ssh-askpass -fi -popd -%endif - -%install -rm -rf $RPM_BUILD_ROOT -mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh -mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh -mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd - -make install DESTDIR=$RPM_BUILD_ROOT - -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh -%if %{build6x} -install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd -%else -install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd -%endif -install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd - -%if ! %{no_x11_askpass} -install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass -ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass -%endif - -%if ! %{no_gnome_askpass} -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass -%endif - -%if ! %{scard} - rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin -%endif - -%if ! %{no_gnome_askpass} -install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ -%endif - -perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* - -%clean -rm -rf $RPM_BUILD_ROOT - -%triggerun server -- ssh-server -if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then - touch /var/run/sshd.restart -fi - -%triggerun server -- openssh-server < 2.5.0p1 -# Count the number of HostKey and HostDsaKey statements we have. -gawk 'BEGIN {IGNORECASE=1} - /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1} - END {exit sawhostkey}' /etc/ssh/sshd_config -# And if we only found one, we know the client was relying on the old default -# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't -# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying -# one nullifies the default, which would have loaded both. -if [ $? -eq 1 ] ; then - echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config - echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config -fi - -%triggerpostun server -- ssh-server -if [ "$1" != 0 ] ; then - /sbin/chkconfig --add sshd - if test -f /var/run/sshd.restart ; then - rm -f /var/run/sshd.restart - /sbin/service sshd start > /dev/null 2>&1 || : - fi -fi - -%pre server -%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ - -g sshd -M -r sshd 2>/dev/null || : - -%post server -/sbin/chkconfig --add sshd - -%postun server -/sbin/service sshd condrestart > /dev/null 2>&1 || : - -%preun server -if [ "$1" = 0 ] -then - /sbin/service sshd stop > /dev/null 2>&1 || : - /sbin/chkconfig --del sshd -fi - -%files -%defattr(-,root,root) -%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* -%attr(0755,root,root) %{_bindir}/scp -%attr(0644,root,root) %{_mandir}/man1/scp.1* -%attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli -%if ! %{rescue} -%attr(0755,root,root) %{_bindir}/ssh-keygen -%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* -%attr(0755,root,root) %dir %{_libexecdir}/openssh -%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign -%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* -%endif -%if %{scard} -%attr(0755,root,root) %dir %{_datadir}/openssh -%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin -%endif - -%files clients -%defattr(-,root,root) -%attr(0755,root,root) %{_bindir}/ssh -%attr(0644,root,root) %{_mandir}/man1/ssh.1* -%attr(0644,root,root) %{_mandir}/man5/ssh_config.5* -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%attr(-,root,root) %{_bindir}/slogin -%attr(-,root,root) %{_mandir}/man1/slogin.1* -%if ! %{rescue} -%attr(2755,root,nobody) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/ssh-keyscan -%attr(0755,root,root) %{_bindir}/sftp -%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-add.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* -%attr(0644,root,root) %{_mandir}/man1/sftp.1* -%endif - -%if ! %{rescue} -%files server -%defattr(-,root,root) -%dir %attr(0111,root,root) %{_var}/empty/sshd -%attr(0755,root,root) %{_sbindir}/sshd -%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server -%attr(0644,root,root) %{_mandir}/man8/sshd.8* -%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* -%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* -%attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config -%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd -%attr(0755,root,root) %config /etc/rc.d/init.d/sshd -%endif - -%if ! %{no_x11_askpass} -%files askpass -%defattr(-,root,root) -%doc x11-ssh-askpass-%{aversion}/README -%doc x11-ssh-askpass-%{aversion}/ChangeLog -%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad -%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass -%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass -%endif - -%if ! %{no_gnome_askpass} -%files askpass-gnome -%defattr(-,root,root) -%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.* -%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass -%endif - -%changelog -* Mon Jun 2 2003 Damien Miller <djm@mindrot.org> -- Remove noip6 option. This may be controlled at run-time in client config - file using new AddressFamily directive - -* Mon May 12 2003 Damien Miller <djm@mindrot.org> -- Don't install profile.d scripts when not building with GNOME/GTK askpass - (patch from bet@rahul.net) - -* Wed Oct 01 2002 Damien Miller <djm@mindrot.org> -- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks - -* Mon Sep 30 2002 Damien Miller <djm@mindrot.org> -- Use contrib/ Makefile for building askpass programs - -* Fri Jun 21 2002 Damien Miller <djm@mindrot.org> -- Merge in spec changes from seba@iq.pl (Sebastian Pachuta) -- Add new {ssh,sshd}_config.5 manpages -- Add new ssh-keysign program and remove setuid from ssh client - -* Fri May 10 2002 Damien Miller <djm@mindrot.org> -- Merge in spec changes from RedHat, reorgansie a little -- Add Privsep user, group and directory - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2 -- bump and grind (through the build system) - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1 -- require sharutils for building (mindrot #137) -- require db1-devel only when building for 6.x (#55105), which probably won't - work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck -- require pam-devel by file (not by package name) again -- add Markus's patch to compile with OpenSSL 0.9.5a (from - http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're - building for 6.x - -* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0 -- update to 3.1p1 - -* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305 -- update to SNAP-20020305 -- drop debug patch, fixed upstream - -* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220 -- update to SNAP-20020220 for testing purposes (you've been warned, if there's - anything to be warned about, gss patches won't apply, I don't mind) - -* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3 -- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key - exchange, authentication, and named key support - -* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2 -- remove dependency on db1-devel, which has just been swallowed up whole - by gnome-libs-devel - -* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> -- adjust build dependencies so that build6x actually works right (fix - from Hugo van der Kooij) - -* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1 -- update to 3.0.2p1 - -* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1 -- update to 3.0.1p1 - -* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to current CVS (not for use in distribution) - -* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1 -- merge some of Damien Miller <djm@mindrot.org> changes from the upstream - 3.0p1 spec file and init script - -* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 3.0p1 -- update to x11-ssh-askpass 1.2.4.1 -- change build dependency on a file from pam-devel to the pam-devel package -- replace primes with moduli - -* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9 -- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs - -* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8 -- Merge changes to rescue build from current sysadmin survival cd - -* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7 -- fix scp's server's reporting of file sizes, and build with the proper - preprocessor define to get large-file capable open(), stat(), etc. - (sftp has been doing this correctly all along) (#51827) -- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247) -- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298) -- mark profile.d scriptlets as config files (#42337) -- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug -- change a couple of log() statements to debug() statements (#50751) -- pull cvs patch to add -t flag to sshd (#28611) -- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221) - -* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6 -- add db1-devel as a BuildPrerequisite (noted by Hans Ecke) - -* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com> -- pull cvs patch to fix remote port forwarding with protocol 2 - -* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com> -- pull cvs patch to add session initialization to no-pty sessions -- pull cvs patch to not cut off challengeresponse auth needlessly -- refuse to do X11 forwarding if xauth isn't there, handy if you enable - it by default on a system that doesn't have X installed (#49263) - -* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com> -- don't apply patches to code we don't intend to build (spotted by Matt Galgoci) - -* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com> -- pass OPTIONS correctly to initlog (#50151) - -* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- switch to x11-ssh-askpass 1.2.2 - -* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> -- rebuild in new environment - -* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- disable the gssapi patch - -* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.9p2 -- refresh to a new version of the gssapi patch - -* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com> -- change Copyright: BSD to License: BSD -- add Markus Friedl's unverified patch for the cookie file deletion problem - so that we can verify it -- drop patch to check if xauth is present (was folded into cookie patch) -- don't apply gssapi patches for the errata candidate -- clear supplemental groups list at startup - -* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com> -- fix an error parsing the new default sshd_config -- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not - dealing with comments right - -* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com> -- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house, - to be removed before the next beta cycle because it's a big departure - from the upstream version - -* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com> -- finish marking strings in the init script for translation -- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd - at startup (change merged from openssh.com init script, originally by - Pekka Savola) -- refuse to do X11 forwarding if xauth isn't there, handy if you enable - it by default on a system that doesn't have X installed - -* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.9 -- drop various patches that came from or went upstream or to or from CVS - -* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer) - -* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com> -- remove explicit openssl requirement, fixes builddistro issue -- make initscript stop() function wait until sshd really dead to avoid - races in condrestart - -* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- mention that challengereponse supports PAM, so disabling password doesn't - limit users to pubkey and rsa auth (#34378) -- bypass the daemon() function in the init script and call initlog directly, - because daemon() won't start a daemon it detects is already running (like - open connections) -- require the version of openssl we had when we were built - -* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com> -- make do_pam_setcred() smart enough to know when to establish creds and - when to reinitialize them -- add in a couple of other fixes from Damien for inclusion in the errata - -* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.5.2p2 -- call setcred() again after initgroups, because the "creds" could actually - be group memberships - -* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com> -- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation) -- don't enable challenge-response by default until we find a way to not - have too many userauth requests (we may make up to six pubkey and up to - three password attempts as it is) -- remove build dependency on rsh to match openssh.com's packages more closely - -* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com> -- remove dependency on openssl -- would need to be too precise - -* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com> -- rebuild in new environment - -* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> -- Revert the patch to move pam_open_session. -- Init script and spec file changes from Pekka Savola. (#28750) -- Patch sftp to recognize '-o protocol' arguments. (#29540) - -* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com> -- Chuck the closing patch. -- Add a trigger to add host keys for protocol 2 to the config file, now that - configuration file syntax requires us to specify it with HostKey if we - specify any other HostKey values, which we do. - -* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com> -- Redo patch to move pam_open_session after the server setuid()s to the user. -- Rework the nopam patch to use be picked up by autoconf. - -* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com> -- Update for 2.5.1p1. -- Add init script mods from Pekka Savola. -- Tweak the init script to match the CVS contrib script more closely. -- Redo patch to ssh-add to try to adding both identity and id_dsa to also try - adding id_rsa. - -* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com> -- Update for 2.5.0p1. -- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass -- Resync with parts of Damien Miller's openssh.spec from CVS, including - update of x11 askpass to 1.2.0. -- Only require openssl (don't prereq) because we generate keys in the init - script now. - -* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com> -- Don't open a PAM session until we've forked and become the user (#25690). -- Apply Andrew Bartlett's patch for letting pam_authenticate() know which - host the user is attempting a login from. -- Resync with parts of Damien Miller's openssh.spec from CVS. -- Don't expose KbdInt responses in debug messages (from CVS). -- Detect and handle errors in rsa_{public,private}_decrypt (from CVS). - -* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com> -- i18n-tweak to initscript. - -* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com> -- More gettextizing. -- Close all files after going into daemon mode (needs more testing). -- Extract patch from CVS to handle auth banners (in the client). -- Extract patch from CVS to handle compat weirdness. - -* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com> -- Finish with the gettextizing. - -* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com> -- Fix a bug in auth2-pam.c (#23877) -- Gettextize the init script. - -* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com> -- Incorporate a switch for using PAM configs for 6.x, just in case. - -* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Incorporate Bero's changes for a build specifically for rescue CDs. - -* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com> -- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has - succeeded, to allow public-key authentication after a failure with "none" - authentication. (#21268) - -* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to x11-askpass 1.1.1. (#21301) -- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290) - -* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com> -- Merge multiple PAM text messages into subsequent prompts when possible when - doing keyboard-interactive authentication. - -* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com> -- Disable the built-in MD5 password support. We're using PAM. -- Take a crack at doing keyboard-interactive authentication with PAM, and - enable use of it in the default client configuration so that the client - will try it when the server disallows password authentication. -- Build with debugging flags. Build root policies strip all binaries anyway. - -* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com> -- Use DESTDIR instead of %%makeinstall. -- Remove /usr/X11R6/bin from the path-fixing patch. - -* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add the primes file from the latest snapshot to the main package (#20884). -- Add the dev package to the prereq list (#19984). -- Remove the default path and mimic login's behavior in the server itself. - -* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com> -- Resync with conditional options in Damien Miller's .spec file for an errata. -- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh. - -* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to OpenSSH 2.3.0p1. -- Update to x11-askpass 1.1.0. -- Enable keyboard-interactive authentication. - -* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to ssh-askpass-x11 1.0.3. -- Change authentication related messages to be private (#19966). - -* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com> -- Patch ssh-keygen to be able to list signatures for DSA public key files - it generates. - -* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always - build PAM authentication in. -- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed. -- Clean out no-longer-used patches. -- Patch ssh-add to try to add both identity and id_dsa, and to error only - when neither exists. - -* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update x11-askpass to 1.0.2. (#17835) -- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will - always find them in the right place. (#17909) -- Set the default path to be the same as the one supplied by /bin/login, but - add /usr/X11R6/bin. (#17909) -- Try to handle obsoletion of ssh-server more cleanly. Package names - are different, but init script name isn't. (#17865) - -* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.2.0p1. (#17835) -- Tweak the init script to allow proper restarting. (#18023) - -* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 20000823 snapshot. -- Change subpackage requirements from %%{version} to %%{version}-%%{release} -- Back out the pipe patch. - -* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p4, which includes fixes for config file parsing problems. -- Move the init script back. -- Add Damien's quick fix for wackiness. - -* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok(). - -* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com> -- Move condrestart to server postun. -- Move key generation to init script. -- Actually use the right patch for moving the key generation to the init script. -- Clean up the init script a bit. - -* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com> -- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard. - -* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.1.1p2. -- Use of strtok() considered harmful. - -* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com> -- Get the build root out of the man pages. - -* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> -- Add and use condrestart support in the init script. -- Add newer initscripts as a prereq. - -* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> -- Build in new environment (release 2) -- Move -clients subpackage to Applications/Internet group - -* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com> -- Update to 2.2.1p1 - -* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com> -- Patch to build with neither RSA nor RSAref. -- Miscellaneous FHS-compliance tweaks. -- Fix for possibly-compressed man pages. - -* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> -- Updated for new location -- Updated for new gnome-ssh-askpass build - -* Sun Dec 26 1999 Damien Miller <djm@mindrot.org> -- Added Jim Knoble's <jmknoble@pobox.com> askpass - -* Mon Nov 15 1999 Damien Miller <djm@mindrot.org> -- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com> - -* Sat Nov 13 1999 Damien Miller <djm@mindrot.org> -- Added 'Obsoletes' directives - -* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au> -- Use make install -- Subpackages - -* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> -- Added links for slogin -- Fixed perms on manpages - -* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> -- Renamed init script - -* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> -- Back to old binary names - -* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au> -- Use autoconf -- New binary names - -* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au> -- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec. diff --git a/crypto/openssh/contrib/redhat/sshd.init b/crypto/openssh/contrib/redhat/sshd.init deleted file mode 100755 index 4ee8630c3954..000000000000 --- a/crypto/openssh/contrib/redhat/sshd.init +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash -# -# Init file for OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: OpenSSH server daemon -# -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid - -# source function library -. /etc/rc.d/init.d/functions - -# pull in sysconfig settings -[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd - -RETVAL=0 -prog="sshd" - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd -RSA1_KEY=/etc/ssh/ssh_host_key -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid - -do_rsa1_keygen() { - if [ ! -s $RSA1_KEY ]; then - echo -n $"Generating SSH1 RSA host key: " - if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA1_KEY - chmod 644 $RSA1_KEY.pub - success $"RSA1 key generation" - echo - else - failure $"RSA1 key generation" - echo - exit 1 - fi - fi -} - -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n $"Generating SSH2 RSA host key: " - if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA_KEY - chmod 644 $RSA_KEY.pub - success $"RSA key generation" - echo - else - failure $"RSA key generation" - echo - exit 1 - fi - fi -} - -do_dsa_keygen() { - if [ ! -s $DSA_KEY ]; then - echo -n $"Generating SSH2 DSA host key: " - if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $DSA_KEY - chmod 644 $DSA_KEY.pub - success $"DSA key generation" - echo - else - failure $"DSA key generation" - echo - exit 1 - fi - fi -} - -do_restart_sanity_check() -{ - $SSHD -t - RETVAL=$? - if [ ! "$RETVAL" = 0 ]; then - failure $"Configuration file or keys are invalid" - echo - fi -} - -start() -{ - # Create keys if necessary - do_rsa1_keygen - do_rsa_keygen - do_dsa_keygen - - echo -n $"Starting $prog:" - initlog -c "$SSHD $OPTIONS" && success || failure - RETVAL=$? - [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd - echo -} - -stop() -{ - echo -n $"Stopping $prog:" - killproc $SSHD -TERM - RETVAL=$? - [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd - echo -} - -reload() -{ - echo -n $"Reloading $prog:" - killproc $SSHD -HUP - RETVAL=$? - echo -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; - reload) - reload - ;; - condrestart) - if [ -f /var/lock/subsys/sshd ] ; then - do_restart_sanity_check - if [ "$RETVAL" = 0 ] ; then - stop - # avoid race - sleep 3 - start - fi - fi - ;; - status) - status $SSHD - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" - RETVAL=1 -esac -exit $RETVAL diff --git a/crypto/openssh/contrib/redhat/sshd.pam b/crypto/openssh/contrib/redhat/sshd.pam deleted file mode 100644 index 24f3b46516eb..000000000000 --- a/crypto/openssh/contrib/redhat/sshd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required pam_stack.so service=system-auth -auth required pam_nologin.so -account required pam_stack.so service=system-auth -password required pam_stack.so service=system-auth -session required pam_stack.so service=system-auth -session required pam_limits.so -session optional pam_console.so diff --git a/crypto/openssh/contrib/solaris/README b/crypto/openssh/contrib/solaris/README deleted file mode 100755 index eb4c590f4eaa..000000000000 --- a/crypto/openssh/contrib/solaris/README +++ /dev/null @@ -1,24 +0,0 @@ -The following is a new package build script for Solaris. This is being -introduced into OpenSSH 3.0 and above in hopes of simplifying the build -process. As of 3.1p2 the script should work on all platforms that have -SVR4 style package tools. - -The build process is called a 'dummy install'.. Which means the software does -a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should -be handled correctly and key are defered until the first time the sshd -is started. - -Directions: - -1. make -F Makefile.in distprep (Only if you are getting from the CVS tree) -2. ./configure --with-pam [..any other options you want..] -3. look at the top of contrib/solaris/buildpkg.sh for the configurable options. -4. ./contrib/solaris/buildpkg.sh - -If all goes well you should have a solaris package ready to be installed. - -If you have any problems with this script please post them to -openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. - -- Ben Lindstrom - diff --git a/crypto/openssh/contrib/solaris/buildpkg.sh b/crypto/openssh/contrib/solaris/buildpkg.sh deleted file mode 100755 index 29d096306488..000000000000 --- a/crypto/openssh/contrib/solaris/buildpkg.sh +++ /dev/null @@ -1,386 +0,0 @@ -#!/bin/sh -# -# Fake Root Solaris/SVR4/SVR5 Build System - Prototype -# -# The following code has been provide under Public Domain License. I really -# don't care what you use it for. Just as long as you don't complain to me -# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) -# -umask 022 -# -# Options for building the package -# You can create a config.local with your customized options -# -# uncommenting TEST_DIR and using -# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty -# and -# PKGNAME=tOpenSSH should allow testing a package without interfering -# with a real OpenSSH package on a system. This is not needed on systems -# that support the -R option to pkgadd. -#TEST_DIR=/var/tmp # leave commented out for production build -PKGNAME=OpenSSH -SYSVINIT_NAME=opensshd -MAKE=${MAKE:="make"} -SSHDUID=67 # Default privsep uid -SSHDGID=67 # Default privsep gid -# uncomment these next three as needed -#PERMIT_ROOT_LOGIN=no -#X11_FORWARDING=yes -#USR_LOCAL_IS_SYMLINK=yes -# list of system directories we do NOT want to change owner/group/perms -# when installing our package -SYSTEM_DIR="/etc \ -/etc/init.d \ -/etc/rcS.d \ -/etc/rc0.d \ -/etc/rc1.d \ -/etc/rc2.d \ -/etc/opt \ -/opt \ -/opt/bin \ -/usr \ -/usr/bin \ -/usr/lib \ -/usr/sbin \ -/usr/share \ -/usr/share/man \ -/usr/share/man/man1 \ -/usr/share/man/man8 \ -/usr/local \ -/usr/local/bin \ -/usr/local/etc \ -/usr/local/libexec \ -/usr/local/man \ -/usr/local/man/man1 \ -/usr/local/man/man8 \ -/usr/local/sbin \ -/usr/local/share \ -/var \ -/var/opt \ -/var/run \ -/var/tmp \ -/tmp" - -# We may need to build as root so we make sure PATH is set up -# only set the path if it's not set already -[ -d /usr/local/bin ] && { - echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin -} -[ -d /usr/ccs/bin ] && { - echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin -} -export PATH -# - -[ -f Makefile ] || { - echo "Please run this script from your build directory" - exit 1 -} - -# we will look for config.local to override the above options -[ -s ./config.local ] && . ./config.local - -## Start by faking root install -echo "Faking root install..." -START=`pwd` -OPENSSHD_IN=`dirname $0`/opensshd.in -FAKE_ROOT=$START/package -[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT -mkdir $FAKE_ROOT -${MAKE} install-nokeys DESTDIR=$FAKE_ROOT -if [ $? -gt 0 ] -then - echo "Fake root install failed, stopping." - exit 1 -fi - -## Fill in some details, like prefix and sysconfdir -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir -do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` -done - - -## Collect value of privsep user -for confvar in SSH_PRIVSEP_USER -do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` -done - -## Set privsep defaults if not defined -if [ -z "$SSH_PRIVSEP_USER" ] -then - SSH_PRIVSEP_USER=sshd -fi - -## Extract common info requires for the 'info' part of the package. -VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` - -UNAME_S=`uname -s` -case ${UNAME_S} in - SunOS) UNAME_S=Solaris - ARCH=`uname -p` - RCS_D=yes - DEF_MSG="(default: n)" - ;; - *) ARCH=`uname -m` - DEF_MSG="\n" ;; -esac - -## Setup our run level stuff while we are at it. -mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d - -## setup our initscript correctly -sed -e "s#%%configDir%%#${sysconfdir}#g" \ - -e "s#%%openSSHDir%%#$prefix#g" \ - -e "s#%%pidDir%%#${piddir}#g" \ - ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} -chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} - -[ "${PERMIT_ROOT_LOGIN}" = no ] && \ - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -[ "${X11_FORWARDING}" = yes ] && \ - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -# fix PrintMotd -perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config - -# We don't want to overwrite config files on multiple installs -mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default -mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default -[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \ -mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default - -cd $FAKE_ROOT - -## Ok, this is outright wrong, but it will work. I'm tired of pkgmk -## whining. -for i in *; do - PROTO_ARGS="$PROTO_ARGS $i=/$i"; -done - -## Build info file -echo "Building pkginfo file..." -cat > pkginfo << _EOF -PKG=$PKGNAME -NAME="OpenSSH Portable for ${UNAME_S}" -DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." -VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" -ARCH=$ARCH -VERSION=$VERSION -CATEGORY="Security,application" -BASEDIR=/ -CLASSES="none" -_EOF - -## Build preinstall file -echo "Building preinstall file..." -cat > preinstall << _EOF -#! /sbin/sh -# -[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop -exit 0 -_EOF - -## Build postinstall file -echo "Building postinstall file..." -cat > postinstall << _EOF -#! /sbin/sh -# -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { - [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds -} - -# make rc?.d dirs only if we are doing a test install -[ -n "${TEST_DIR}" ] && { - [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d - mkdir -p ${TEST_DIR}/etc/rc0.d - mkdir -p ${TEST_DIR}/etc/rc1.d - mkdir -p ${TEST_DIR}/etc/rc2.d -} - -if [ "\${USE_SYM_LINKS}" = yes ] -then - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s -else - [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l -fi - -# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) -[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys - -installf -f ${PKGNAME} - -# Use chroot to handle PKG_INSTALL_ROOT -if [ ! -z "\${PKG_INSTALL_ROOT}" ] -then - chroot="chroot \${PKG_INSTALL_ROOT}" -fi -# If this is a test build, we will skip the groupadd/useradd/passwd commands -if [ ! -z "${TEST_DIR}" ] -then - chroot=echo -fi - -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null -then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" - echo "or group." -else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - # Use gid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null - then - : - else - sshdgid="-g $SSHDGID" - fi - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER - fi - - # Create user if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - # Use uid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null - then - : - else - sshduid="-u $SSHDUID" - fi - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER - \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER - fi -fi - -[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start -exit 0 -_EOF - -## Build preremove file -echo "Building preremove file..." -cat > preremove << _EOF -#! /sbin/sh -# -${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop -exit 0 -_EOF - -## Build request file -echo "Building request file..." -cat > request << _EOF -trap 'exit 3' 15 -USE_SYM_LINKS=no -PRE_INS_STOP=no -POST_INS_START=no -# Use symbolic links? -ans=\`ckyorn -d n \ --p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? -case \$ans in - [y,Y]*) USE_SYM_LINKS=yes ;; -esac - -# determine if should restart the daemon -if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] -then - ans=\`ckyorn -d n \ --p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) PRE_INS_STOP=yes - POST_INS_START=yes - ;; - esac - -else - -# determine if we should start sshd - ans=\`ckyorn -d n \ --p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) POST_INS_START=yes ;; - esac -fi - -# make parameters available to installation service, -# and so to any other packaging scripts -cat >\$1 <<! -USE_SYM_LINKS='\$USE_SYM_LINKS' -PRE_INS_STOP='\$PRE_INS_STOP' -POST_INS_START='\$POST_INS_START' -! -exit 0 - -_EOF - -## Build space file -echo "Building space file..." -cat > space << _EOF -# extra space required by start/stop links added by installf in postinstall -$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1 -$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1 -$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1 -_EOF -[ "$RCS_D" = yes ] && \ -echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space - -## Next Build our prototype -echo "Building prototype file..." -cat >mk-proto.awk << _EOF - BEGIN { print "i pkginfo"; print "i preinstall"; \\ - print "i postinstall"; print "i preremove"; \\ - print "i request"; print "i space"; \\ - split("$SYSTEM_DIR",sys_files); } - { - for (dir in sys_files) { if ( \$3 != sys_files[dir] ) - { \$5="root"; \$6="sys"; } - else - { \$4="?"; \$5="?"; \$6="?"; break;} - } } - { print; } -_EOF -find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ - pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype - -# /usr/local is a symlink on some systems -[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { - grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new - mv prototype.new prototype -} - -## Step back a directory and now build the package. -echo "Building package.." -cd .. -pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o -echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg -rm -rf $FAKE_ROOT - diff --git a/crypto/openssh/contrib/solaris/opensshd.in b/crypto/openssh/contrib/solaris/opensshd.in deleted file mode 100755 index 50e18deea314..000000000000 --- a/crypto/openssh/contrib/solaris/opensshd.in +++ /dev/null @@ -1,82 +0,0 @@ -#!/sbin/sh -# Donated code that was put under PD license. -# -# Stripped PRNGd out of it for the time being. - -umask 022 - -CAT=/usr/bin/cat -KILL=/usr/bin/kill - -prefix=%%openSSHDir%% -etcdir=%%configDir%% -piddir=%%pidDir%% - -SSHD=$prefix/sbin/sshd -PIDFILE=$piddir/sshd.pid -SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_RSA1=$etcdir/ssh_host_key -HOST_KEY_DSA=$etcdir/ssh_host_dsa_key -HOST_KEY_RSA=$etcdir/ssh_host_rsa_key - - -checkkeys() { - if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" - fi - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi -} - -stop_service() { - if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then - PID=`${CAT} ${PIDFILE}` - fi - if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then - ${KILL} ${PID} - else - echo "Unable to read PID file" - fi -} - -start_service() { - # XXX We really should check if the service is already going, but - # XXX we will opt out at this time. - Bal - - # Check to see if we have keys that need to be made - checkkeys - - # Start SSHD - echo "starting $SSHD... \c" ; $SSHD - - sshd_rc=$? - if [ $sshd_rc -ne 0 ]; then - echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." - exit $sshd_rc - fi - echo done. -} - -case $1 in - -'start') - start_service - ;; - -'stop') - stop_service - ;; - -'restart') - stop_service - start_service - ;; - -*) - echo "$0: usage: $0 {start|stop|restart}" - ;; -esac diff --git a/crypto/openssh/contrib/ssh-copy-id b/crypto/openssh/contrib/ssh-copy-id deleted file mode 100644 index a1c0a9234316..000000000000 --- a/crypto/openssh/contrib/ssh-copy-id +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -# Shell script to install your identity.pub on a remote machine -# Takes the remote machine name as an argument. -# Obviously, the remote machine must accept password authentication, -# or one of the other keys in your ssh-agent, for this to work. - -ID_FILE="${HOME}/.ssh/identity.pub" - -if [ "-i" = "$1" ]; then - shift - # check if we have 2 parameters left, if so the first is the new ID file - if [ -n "$2" ]; then - if expr "$1" : ".*\.pub" ; then - ID_FILE="$1" - else - ID_FILE="$1.pub" - fi - shift # and this should leave $1 as the target name - fi -else - if [ x$SSH_AUTH_SOCK != x ] ; then - GET_ID="$GET_ID ssh-add -L" - fi -fi - -if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then - GET_ID="cat ${ID_FILE}" -fi - -if [ -z "`eval $GET_ID`" ]; then - echo "$0: ERROR: No identities found" >&2 - exit 1 -fi - -if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then - echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 - exit 1 -fi - -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 - -cat <<EOF -Now try logging into the machine, with "ssh '$1'", and check in: - - .ssh/authorized_keys - -to make sure we haven't added extra keys that you weren't expecting. - -EOF diff --git a/crypto/openssh/contrib/ssh-copy-id.1 b/crypto/openssh/contrib/ssh-copy-id.1 deleted file mode 100644 index b331fa149e9e..000000000000 --- a/crypto/openssh/contrib/ssh-copy-id.1 +++ /dev/null @@ -1,67 +0,0 @@ -.ig \" -*- nroff -*- -Copyright (c) 1999 Philip Hands Computing <http://www.hands.com/> - -Permission is granted to make and distribute verbatim copies of -this manual provided the copyright notice and this permission notice -are preserved on all copies. - -Permission is granted to copy and distribute modified versions of this -manual under the conditions for verbatim copying, provided that the -entire resulting derived work is distributed under the terms of a -permission notice identical to this one. - -Permission is granted to copy and distribute translations of this -manual into another language, under the above conditions for modified -versions, except that this permission notice may be included in -translations approved by the Free Software Foundation instead of in -the original English. -.. -.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH" -.SH NAME -ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys -.SH SYNOPSIS -.B ssh-copy-id [-i [identity_file]] -.I "[user@]machine" -.br -.SH DESCRIPTION -.BR ssh-copy-id -is a script that uses ssh to log into a remote machine (presumably -using a login password, so password authentication should be enabled, -unless you've done some clever use of multiple identities) -.PP -It also changes the permissions of the remote user's home, -.BR ~/.ssh , -and -.B ~/.ssh/authorized_keys -to remove group writability (which would otherwise prevent you from logging in, if the remote -.B sshd -has -.B StrictModes -set in its configuration). -.PP -If the -.B -i -option is given then the identity file (defaults to -.BR ~/.ssh/identity.pub ) -is used, regardless of whether there are any keys in your -.BR ssh-agent . -Otherwise, if this: -.PP -.B " ssh-add -L" -.PP -provides any output, it uses that in preference to the identity file. -.PP -If the -.B -i -option is used, or the -.B ssh-add -produced no output, then it uses the contents of the identity -file. Once it has one or more fingerprints (by whatever means) it -uses ssh to append them to -.B ~/.ssh/authorized_keys -on the remote machine (creating the file, and directory, if necessary) - -.SH "SEE ALSO" -.BR ssh (1), -.BR ssh-agent (1), -.BR sshd (8) diff --git a/crypto/openssh/contrib/sshd.pam.freebsd b/crypto/openssh/contrib/sshd.pam.freebsd deleted file mode 100644 index c0bc36410e40..000000000000 --- a/crypto/openssh/contrib/sshd.pam.freebsd +++ /dev/null @@ -1,5 +0,0 @@ -sshd auth required pam_unix.so try_first_pass -sshd account required pam_unix.so -sshd password required pam_permit.so -sshd session required pam_permit.so - diff --git a/crypto/openssh/contrib/sshd.pam.generic b/crypto/openssh/contrib/sshd.pam.generic deleted file mode 100644 index cf5af30248a9..000000000000 --- a/crypto/openssh/contrib/sshd.pam.generic +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_unix.so shadow nodelay -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_unix.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_unix.so shadow nullok use_authtok -session required /lib/security/pam_unix.so -session required /lib/security/pam_limits.so diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec deleted file mode 100644 index 2b43d0368abd..000000000000 --- a/crypto/openssh/contrib/suse/openssh.spec +++ /dev/null @@ -1,199 +0,0 @@ -Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation -Name: openssh -Version: 3.8.1p1 -URL: http://www.openssh.com/ -Release: 1 -Source0: openssh-%{version}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /tmp/openssh-%{version}-buildroot -PreReq: openssl -Obsoletes: ssh -# -# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) -# building prerequisites -- stuff for -# OpenSSL (openssl-devel), -# TCP Wrappers (nkitb), -# and Gnome (glibdev, gtkdev, and gnlibsd) -# -BuildPrereq: openssl -BuildPrereq: nkitb -BuildPrereq: glibdev -BuildPrereq: gtkdev -BuildPrereq: gnlibsd - -%description -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package includes all files necessary for both the OpenSSH -client and server. Additionally, this package contains the GNOME -passphrase dialog. - -%changelog -* Mon Jun 12 2000 Damien Miller <djm@mindrot.org> -- Glob manpages to catch compressed files -* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> -- Updated for new location -- Updated for new gnome-ssh-askpass build -* Sun Dec 26 1999 Chris Saia <csaia@wtower.com> -- Made symlink to gnome-ssh-askpass called ssh-askpass -* Wed Nov 24 1999 Chris Saia <csaia@wtower.com> -- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and - /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into - his released tarfile -- Changed permissions on ssh_config in the install procedure to 644 from 600 - even though it was correct in the %files section and thus right in the RPMs -- Postinstall script for the server now only prints "Generating SSH host - key..." if we need to actually do this, in order to eliminate a confusing - message if an SSH host key is already in place -- Marked all manual pages as %doc(umentation) -* Mon Nov 22 1999 Chris Saia <csaia@wtower.com> -- Added flag to configure daemon with TCP Wrappers support -- Added building prerequisites (works in RPM 3.0 and newer) -* Thu Nov 18 1999 Chris Saia <csaia@wtower.com> -- Made this package correct for SuSE. -- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly - with SuSE, and lib_pwdb.so isn't installed by default. -* Mon Nov 15 1999 Damien Miller <djm@mindrot.org> -- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com> -* Sat Nov 13 1999 Damien Miller <djm@mindrot.org> -- Added 'Obsoletes' directives -* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au> -- Use make install -- Subpackages -* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> -- Added links for slogin -- Fixed perms on manpages -* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> -- Renamed init script -* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> -- Back to old binary names -* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au> -- Use autoconf -- New binary names -* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au> -- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec. - -%prep - -%setup -q - -%build -CFLAGS="$RPM_OPT_FLAGS" \ -./configure --prefix=/usr \ - --sysconfdir=/etc/ssh \ - --datadir=/usr/share/openssh \ - --with-pam \ - --with-gnome-askpass \ - --with-tcp-wrappers \ - --with-ipv4-default \ - --libexecdir=/usr/lib/ssh -make - -cd contrib -gcc -O -g `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` -cd .. - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT/ -install -d $RPM_BUILD_ROOT/etc/ssh/ -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/sbin/init.d/ -install -d $RPM_BUILD_ROOT/var/adm/fillup-templates -install -d $RPM_BUILD_ROOT/usr/lib/ssh -install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd -ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass -ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass -install -m744 contrib/suse/rc.config.sshd \ - $RPM_BUILD_ROOT/var/adm/fillup-templates - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -if [ "$1" = 1 ]; then - echo "Creating SSH stop/start scripts in the rc directories..." - ln -s ../sshd /sbin/init.d/rc2.d/K20sshd - ln -s ../sshd /sbin/init.d/rc2.d/S20sshd - ln -s ../sshd /sbin/init.d/rc3.d/K20sshd - ln -s ../sshd /sbin/init.d/rc3.d/S20sshd -fi -echo "Updating /etc/rc.config..." -if [ -x /bin/fillup ] ; then - /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd -else - echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." - echo "Update /etc/rc.config by hand from the following template file:" - echo " /var/adm/fillup-templates/rc.config.sshd" -fi -if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - echo "Generating SSH host key..." - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 -fi -if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then - echo "Generating SSH DSA host key..." - /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 -fi -if test -r /var/run/sshd.pid -then - echo "Restarting the running SSH daemon..." - /usr/sbin/rcsshd restart >&2 -fi - -%preun -if [ "$1" = 0 ] -then - echo "Stopping the SSH daemon..." - /usr/sbin/rcsshd stop >&2 - echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd -fi - -%files -%defattr(-,root,root) -%doc ChangeLog OVERVIEW README* -%doc RFC.nroff TODO CREDITS LICENCE -%attr(0755,root,root) %dir /etc/ssh -%attr(0644,root,root) %config /etc/ssh/ssh_config -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0600,root,root) %config /etc/ssh/moduli -%attr(0644,root,root) %config /etc/pam.d/sshd -%attr(0755,root,root) %config /sbin/init.d/sshd -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/scp -%attr(4755,root,root) /usr/bin/ssh -%attr(-,root,root) /usr/bin/slogin -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0755,root,root) /usr/bin/ssh-keyscan -%attr(0755,root,root) /usr/bin/sftp -%attr(0755,root,root) /usr/sbin/sshd -%attr(-,root,root) /usr/sbin/rcsshd -%attr(0755,root,root) %dir /usr/lib/ssh -%attr(0755,root,root) /usr/lib/ssh/ssh-askpass -%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass -%attr(0644,root,root) %doc /usr/man/man1/scp.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh.1* -%attr(-,root,root) %doc /usr/man/man1/slogin.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1* -%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1* -%attr(0644,root,root) %doc /usr/man/man8/sshd.8* -%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd - diff --git a/crypto/openssh/contrib/suse/rc.config.sshd b/crypto/openssh/contrib/suse/rc.config.sshd deleted file mode 100644 index baaa7a5a1f44..000000000000 --- a/crypto/openssh/contrib/suse/rc.config.sshd +++ /dev/null @@ -1,5 +0,0 @@ -# -# Start the Secure Shell (SSH) Daemon? -# -START_SSHD="yes" - diff --git a/crypto/openssh/contrib/suse/rc.sshd b/crypto/openssh/contrib/suse/rc.sshd deleted file mode 100644 index f7d431ebbc1b..000000000000 --- a/crypto/openssh/contrib/suse/rc.sshd +++ /dev/null @@ -1,80 +0,0 @@ -#! /bin/sh -# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. -# -# Author: Chris Saia <csaia@wtower.com> -# -# /sbin/init.d/sshd -# -# and symbolic its link -# -# /sbin/rcsshd -# - -. /etc/rc.config - -# Determine the base and follow a runlevel link name. -base=${0##*/} -link=${base#*[SK][0-9][0-9]} - -# Force execution if not called by a runlevel directory. -test $link = $base && START_SSHD=yes -test "$START_SSHD" = yes || exit 0 - -# The echo return value for success (defined in /etc/rc.config). -return=$rc_done -case "$1" in - start) - echo -n "Starting service sshd" - ## Start daemon with startproc(8). If this fails - ## the echo return value is set appropriate. - - startproc /usr/sbin/sshd || return=$rc_failed - - echo -e "$return" - ;; - stop) - echo -n "Stopping service sshd" - ## Stop daemon with killproc(8) and if this fails - ## set echo the echo return value. - - killproc -TERM /usr/sbin/sshd || return=$rc_failed - - echo -e "$return" - ;; - restart) - ## If first returns OK call the second, if first or - ## second command fails, set echo return value. - $0 stop && $0 start || return=$rc_failed - ;; - reload) - ## Choose ONE of the following two cases: - - ## First possibility: A few services accepts a signal - ## to reread the (changed) configuration. - - echo -n "Reload service sshd" - killproc -HUP /usr/sbin/sshd || return=$rc_failed - echo -e "$return" - ;; - status) - echo -n "Checking for service sshd" - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - checkproc /usr/sbin/sshd && echo OK || echo No process - ;; - probe) - ## Optional: Probe for the necessity of a reload, - ## give out the argument which is required for a reload. - - test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" - exit 1 - ;; -esac - -# Inform the caller not only verbosely and set an exit status. -test "$return" = "$rc_done" || exit 1 -exit 0 diff --git a/crypto/openssh/dsa.c b/crypto/openssh/dsa.c deleted file mode 100644 index 4ff4b58f2b49..000000000000 --- a/crypto/openssh/dsa.c +++ /dev/null @@ -1,304 +0,0 @@ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: dsa.c,v 1.11 2000/09/07 20:27:51 deraadt Exp $"); - -#include "ssh.h" -#include "xmalloc.h" -#include "buffer.h" -#include "bufaux.h" -#include "compat.h" - -#include <openssl/bn.h> -#include <openssl/dh.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/evp.h> -#include <openssl/bio.h> -#include <openssl/pem.h> - -#include <openssl/hmac.h> -#include "kex.h" -#include "key.h" -#include "uuencode.h" - -#define INTBLOB_LEN 20 -#define SIGBLOB_LEN (2*INTBLOB_LEN) - -Key * -dsa_key_from_blob(char *blob, int blen) -{ - Buffer b; - char *ktype; - int rlen; - DSA *dsa; - Key *key; - -#ifdef DEBUG_DSS - dump_base64(stderr, blob, blen); -#endif - /* fetch & parse DSA/DSS pubkey */ - buffer_init(&b); - buffer_append(&b, blob, blen); - ktype = buffer_get_string(&b, NULL); - if (strcmp(KEX_DSS, ktype) != 0) { - error("dsa_key_from_blob: cannot handle type %s", ktype); - buffer_free(&b); - xfree(ktype); - return NULL; - } - key = key_new(KEY_DSA); - dsa = key->dsa; - buffer_get_bignum2(&b, dsa->p); - buffer_get_bignum2(&b, dsa->q); - buffer_get_bignum2(&b, dsa->g); - buffer_get_bignum2(&b, dsa->pub_key); - rlen = buffer_len(&b); - if(rlen != 0) - error("dsa_key_from_blob: remaining bytes in key blob %d", rlen); - buffer_free(&b); - xfree(ktype); - -#ifdef DEBUG_DSS - DSA_print_fp(stderr, dsa, 8); -#endif - return key; -} -int -dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp) -{ - Buffer b; - int len; - unsigned char *buf; - - if (key == NULL || key->type != KEY_DSA) - return 0; - buffer_init(&b); - buffer_put_cstring(&b, KEX_DSS); - buffer_put_bignum2(&b, key->dsa->p); - buffer_put_bignum2(&b, key->dsa->q); - buffer_put_bignum2(&b, key->dsa->g); - buffer_put_bignum2(&b, key->dsa->pub_key); - len = buffer_len(&b); - buf = xmalloc(len); - memcpy(buf, buffer_ptr(&b), len); - memset(buffer_ptr(&b), 0, len); - buffer_free(&b); - if (lenp != NULL) - *lenp = len; - if (blobp != NULL) - *blobp = buf; - return len; -} -int -dsa_sign( - Key *key, - unsigned char **sigp, int *lenp, - unsigned char *data, int datalen) -{ - unsigned char *digest; - unsigned char *ret; - DSA_SIG *sig; - EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - unsigned int rlen; - unsigned int slen; - unsigned int len; - unsigned char sigblob[SIGBLOB_LEN]; - Buffer b; - - if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { - error("dsa_sign: no DSA key"); - return -1; - } - digest = xmalloc(evp_md->md_size); - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); - - sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); - if (sig == NULL) { - fatal("dsa_sign: cannot sign"); - } - - rlen = BN_num_bytes(sig->r); - slen = BN_num_bytes(sig->s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - error("bad sig size %d %d", rlen, slen); - DSA_SIG_free(sig); - return -1; - } - debug("sig size %d %d", rlen, slen); - - memset(sigblob, 0, SIGBLOB_LEN); - BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); - BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); - DSA_SIG_free(sig); - - if (datafellows & SSH_BUG_SIGBLOB) { - debug("datafellows"); - ret = xmalloc(SIGBLOB_LEN); - memcpy(ret, sigblob, SIGBLOB_LEN); - if (lenp != NULL) - *lenp = SIGBLOB_LEN; - if (sigp != NULL) - *sigp = ret; - } else { - /* ietf-drafts */ - buffer_init(&b); - buffer_put_cstring(&b, KEX_DSS); - buffer_put_string(&b, sigblob, SIGBLOB_LEN); - len = buffer_len(&b); - ret = xmalloc(len); - memcpy(ret, buffer_ptr(&b), len); - buffer_free(&b); - if (lenp != NULL) - *lenp = len; - if (sigp != NULL) - *sigp = ret; - } - return 0; -} -int -dsa_verify( - Key *key, - unsigned char *signature, int signaturelen, - unsigned char *data, int datalen) -{ - Buffer b; - unsigned char *digest; - DSA_SIG *sig; - EVP_MD *evp_md = EVP_sha1(); - EVP_MD_CTX md; - unsigned char *sigblob; - char *txt; - unsigned int len; - int rlen; - int ret; - - if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { - error("dsa_verify: no DSA key"); - return -1; - } - - if (!(datafellows & SSH_BUG_SIGBLOB) && - signaturelen == SIGBLOB_LEN) { - datafellows |= ~SSH_BUG_SIGBLOB; - log("autodetect SSH_BUG_SIGBLOB"); - } else if ((datafellows & SSH_BUG_SIGBLOB) && - signaturelen != SIGBLOB_LEN) { - log("autoremove SSH_BUG_SIGBLOB"); - datafellows &= ~SSH_BUG_SIGBLOB; - } - - debug("len %d datafellows %d", signaturelen, datafellows); - - /* fetch signature */ - if (datafellows & SSH_BUG_SIGBLOB) { - sigblob = signature; - len = signaturelen; - } else { - /* ietf-drafts */ - char *ktype; - buffer_init(&b); - buffer_append(&b, (char *) signature, signaturelen); - ktype = buffer_get_string(&b, NULL); - if (strcmp(KEX_DSS, ktype) != 0) { - error("dsa_verify: cannot handle type %s", ktype); - buffer_free(&b); - return -1; - } - sigblob = (unsigned char *)buffer_get_string(&b, &len); - rlen = buffer_len(&b); - if(rlen != 0) { - error("remaining bytes in signature %d", rlen); - buffer_free(&b); - return -1; - } - buffer_free(&b); - xfree(ktype); - } - - if (len != SIGBLOB_LEN) { - fatal("bad sigbloblen %d != SIGBLOB_LEN", len); - } - - /* parse signature */ - sig = DSA_SIG_new(); - sig->r = BN_new(); - sig->s = BN_new(); - BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); - BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); - - if (!(datafellows & SSH_BUG_SIGBLOB)) { - memset(sigblob, 0, len); - xfree(sigblob); - } - - /* sha1 the data */ - digest = xmalloc(evp_md->md_size); - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, data, datalen); - EVP_DigestFinal(&md, digest, NULL); - - ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa); - - memset(digest, 0, evp_md->md_size); - xfree(digest); - DSA_SIG_free(sig); - - switch (ret) { - case 1: - txt = "correct"; - break; - case 0: - txt = "incorrect"; - break; - case -1: - default: - txt = "error"; - break; - } - debug("dsa_verify: signature %s", txt); - return ret; -} - -Key * -dsa_generate_key(unsigned int bits) -{ - DSA *dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); - Key *k; - if (dsa == NULL) { - fatal("DSA_generate_parameters failed"); - } - if (!DSA_generate_key(dsa)) { - fatal("DSA_generate_keys failed"); - } - - k = key_new(KEY_EMPTY); - k->type = KEY_DSA; - k->dsa = dsa; - return k; -} diff --git a/crypto/openssh/dsa.h b/crypto/openssh/dsa.h deleted file mode 100644 index 252e7880beb5..000000000000 --- a/crypto/openssh/dsa.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef DSA_H -#define DSA_H - -Key *dsa_key_from_blob(char *blob, int blen); -int dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp); - -int -dsa_sign( - Key *key, - unsigned char **sigp, int *lenp, - unsigned char *data, int datalen); - -int -dsa_verify( - Key *key, - unsigned char *signature, int signaturelen, - unsigned char *data, int datalen); - -Key * -dsa_generate_key(unsigned int bits); - -#endif diff --git a/crypto/openssh/fingerprint.c b/crypto/openssh/fingerprint.c deleted file mode 100644 index 4b0966d91557..000000000000 --- a/crypto/openssh/fingerprint.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1999 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Markus Friedl. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $"); - -#include "ssh.h" -#include "xmalloc.h" -#include <openssl/md5.h> - -#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x" - -/* - * Generate key fingerprint in ascii format. - * Based on ideas and code from Bjoern Groenvall <bg@sics.se> - */ -char * -fingerprint(BIGNUM *e, BIGNUM *n) -{ - static char retval[80]; - MD5_CTX md; - unsigned char d[16]; - unsigned char *buf; - int nlen, elen; - - nlen = BN_num_bytes(n); - elen = BN_num_bytes(e); - - buf = xmalloc(nlen + elen); - - BN_bn2bin(n, buf); - BN_bn2bin(e, buf + nlen); - - MD5_Init(&md); - MD5_Update(&md, buf, nlen + elen); - MD5_Final(d, &md); - snprintf(retval, sizeof(retval), FPRINT, - d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], - d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); - memset(buf, 0, nlen + elen); - xfree(buf); - return retval; -} diff --git a/crypto/openssh/fingerprint.h b/crypto/openssh/fingerprint.h deleted file mode 100644 index fbb0d4c46206..000000000000 --- a/crypto/openssh/fingerprint.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 1999 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Markus Friedl. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* RCSID("$Id: fingerprint.h,v 1.3 1999/11/24 16:15:25 markus Exp $"); */ - -#ifndef FINGERPRINT_H -#define FINGERPRINT_H -char *fingerprint(BIGNUM * e, BIGNUM * n); -#endif diff --git a/crypto/openssh/hmac.c b/crypto/openssh/hmac.c deleted file mode 100644 index 48a176304beb..000000000000 --- a/crypto/openssh/hmac.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: hmac.c,v 1.4 2000/09/07 20:27:51 deraadt Exp $"); - -#include "xmalloc.h" -#include "ssh.h" -#include "getput.h" - -#include <openssl/hmac.h> - -unsigned char * -hmac( - EVP_MD *evp_md, - unsigned int seqno, - unsigned char *data, int datalen, - unsigned char *key, int keylen) -{ - HMAC_CTX c; - static unsigned char m[EVP_MAX_MD_SIZE]; - unsigned char b[4]; - - if (key == NULL) - fatal("hmac: no key"); - HMAC_Init(&c, key, keylen, evp_md); - PUT_32BIT(b, seqno); - HMAC_Update(&c, b, sizeof b); - HMAC_Update(&c, data, datalen); - HMAC_Final(&c, m, NULL); - HMAC_cleanup(&c); - return(m); -} diff --git a/crypto/openssh/hmac.h b/crypto/openssh/hmac.h deleted file mode 100644 index 281300e25c48..000000000000 --- a/crypto/openssh/hmac.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef HMAC_H -#define HMAC_H - -unsigned char * -hmac( - EVP_MD *evp_md, - unsigned int seqno, - unsigned char *data, int datalen, - unsigned char *key, int len); - -#endif diff --git a/crypto/openssh/lib/Makefile b/crypto/openssh/lib/Makefile deleted file mode 100644 index ac950a9ac3af..000000000000 --- a/crypto/openssh/lib/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -# $OpenBSD: Makefile,v 1.36 2002/06/11 15:23:29 hin Exp $ - -.PATH: ${.CURDIR}/.. - -LIB= ssh -SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ - cipher.c compat.c compress.c crc32.c deattack.c fatal.c \ - hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ - rsa.c tildexpand.c ttymodes.c xmalloc.c atomicio.c \ - key.c dispatch.c kex.c mac.c uuencode.c misc.c \ - rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \ - scard.c monitor_wrap.c monitor_fdpass.c msg.c - -DEBUGLIBS= no -NOPROFILE= yes -NOPIC= yes - -install: - @echo -n - -.include <bsd.own.mk> - -.if (${KERBEROS5:L} == "yes") -CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV -.endif # KERBEROS5 - -.if (${KERBEROS:L} == "yes") -CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV -.if (${AFS:L} == "yes") -CFLAGS+= -DAFS -SRCS+= radix.c -.endif # AFS -.endif # KERBEROS - -.include <bsd.lib.mk> diff --git a/crypto/openssh/log-client.c b/crypto/openssh/log-client.c deleted file mode 100644 index 505c8c33787a..000000000000 --- a/crypto/openssh/log-client.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Client-side versions of debug(), log(), etc. These print to stderr. - * This is a stripped down version of log-server.c. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: log-client.c,v 1.12 2000/09/12 20:53:10 markus Exp $"); - -#include "xmalloc.h" -#include "ssh.h" - -static LogLevel log_level = SYSLOG_LEVEL_INFO; - -/* Initialize the log. - * av0 program name (should be argv[0]) - * level logging level - */ - -void -log_init(char *av0, LogLevel level, SyslogFacility ignored1, int ignored2) -{ - switch (level) { - case SYSLOG_LEVEL_QUIET: - case SYSLOG_LEVEL_ERROR: - case SYSLOG_LEVEL_FATAL: - case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_VERBOSE: - case SYSLOG_LEVEL_DEBUG1: - case SYSLOG_LEVEL_DEBUG2: - case SYSLOG_LEVEL_DEBUG3: - log_level = level; - break; - default: - /* unchanged */ - break; - } -} - -#define MSGBUFSIZ 1024 - -void -do_log(LogLevel level, const char *fmt, va_list args) -{ - char msgbuf[MSGBUFSIZ]; - - if (level > log_level) - return; - if (level >= SYSLOG_LEVEL_DEBUG1) - fprintf(stderr, "debug: "); - vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); - fprintf(stderr, "%s\r\n", msgbuf); -} diff --git a/crypto/openssh/log-server.c b/crypto/openssh/log-server.c deleted file mode 100644 index de3d5cfeb970..000000000000 --- a/crypto/openssh/log-server.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Server-side versions of debug(), log(), etc. These normally send the output - * to the system log. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: log-server.c,v 1.17 2000/09/12 20:53:10 markus Exp $"); - -#include <syslog.h> -#include "packet.h" -#include "xmalloc.h" -#include "ssh.h" - -static LogLevel log_level = SYSLOG_LEVEL_INFO; -static int log_on_stderr = 0; -static int log_facility = LOG_AUTH; - -/* Initialize the log. - * av0 program name (should be argv[0]) - * on_stderr print also on stderr - * level logging level - */ - -void -log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) -{ - switch (level) { - case SYSLOG_LEVEL_QUIET: - case SYSLOG_LEVEL_ERROR: - case SYSLOG_LEVEL_FATAL: - case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_VERBOSE: - case SYSLOG_LEVEL_DEBUG1: - case SYSLOG_LEVEL_DEBUG2: - case SYSLOG_LEVEL_DEBUG3: - log_level = level; - break; - default: - fprintf(stderr, "Unrecognized internal syslog level code %d\n", - (int) level); - exit(1); - } - switch (facility) { - case SYSLOG_FACILITY_DAEMON: - log_facility = LOG_DAEMON; - break; - case SYSLOG_FACILITY_USER: - log_facility = LOG_USER; - break; - case SYSLOG_FACILITY_AUTH: - log_facility = LOG_AUTH; - break; - case SYSLOG_FACILITY_LOCAL0: - log_facility = LOG_LOCAL0; - break; - case SYSLOG_FACILITY_LOCAL1: - log_facility = LOG_LOCAL1; - break; - case SYSLOG_FACILITY_LOCAL2: - log_facility = LOG_LOCAL2; - break; - case SYSLOG_FACILITY_LOCAL3: - log_facility = LOG_LOCAL3; - break; - case SYSLOG_FACILITY_LOCAL4: - log_facility = LOG_LOCAL4; - break; - case SYSLOG_FACILITY_LOCAL5: - log_facility = LOG_LOCAL5; - break; - case SYSLOG_FACILITY_LOCAL6: - log_facility = LOG_LOCAL6; - break; - case SYSLOG_FACILITY_LOCAL7: - log_facility = LOG_LOCAL7; - break; - default: - fprintf(stderr, "Unrecognized internal syslog facility code %d\n", - (int) facility); - exit(1); - } - log_on_stderr = on_stderr; -} - -#define MSGBUFSIZ 1024 - -void -do_log(LogLevel level, const char *fmt, va_list args) -{ - char msgbuf[MSGBUFSIZ]; - char fmtbuf[MSGBUFSIZ]; - char *txt = NULL; - int pri = LOG_INFO; - extern char *__progname; - - if (level > log_level) - return; - switch (level) { - case SYSLOG_LEVEL_ERROR: - txt = "error"; - pri = LOG_ERR; - break; - case SYSLOG_LEVEL_FATAL: - txt = "fatal"; - pri = LOG_ERR; - break; - case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_VERBOSE: - pri = LOG_INFO; - break; - case SYSLOG_LEVEL_DEBUG1: - txt = "debug1"; - pri = LOG_DEBUG; - break; - case SYSLOG_LEVEL_DEBUG2: - txt = "debug2"; - pri = LOG_DEBUG; - break; - case SYSLOG_LEVEL_DEBUG3: - txt = "debug3"; - pri = LOG_DEBUG; - break; - default: - txt = "internal error"; - pri = LOG_ERR; - break; - } - if (txt != NULL) { - snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); - vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); - } else { - vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); - } - if (log_on_stderr) { - fprintf(stderr, "%s\n", msgbuf); - } else { - openlog(__progname, LOG_PID, log_facility); - syslog(pri, "%.500s", msgbuf); - closelog(); - } -} diff --git a/crypto/openssh/login.c b/crypto/openssh/login.c deleted file mode 100644 index 1d59cd825f73..000000000000 --- a/crypto/openssh/login.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * This file performs some of the things login(1) normally does. We cannot - * easily use something like login -p -h host -f user, because there are - * several different logins around, and it is hard to determined what kind of - * login the current system has. Also, we want to be able to execute commands - * on a tty. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * Copyright (c) 1999 Theo de Raadt. All rights reserved. - * Copyright (c) 1999 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: login.c,v 1.15 2000/09/07 20:27:52 deraadt Exp $"); - -#include <util.h> -#include <utmp.h> -#include "ssh.h" - -/* - * Returns the time when the user last logged in. Returns 0 if the - * information is not available. This must be called before record_login. - * The host the user logged in from will be returned in buf. - */ - -/* - * Returns the time when the user last logged in (or 0 if no previous login - * is found). The name of the host used last time is returned in buf. - */ - -unsigned long -get_last_login_time(uid_t uid, const char *logname, - char *buf, unsigned int bufsize) -{ - struct lastlog ll; - char *lastlog; - int fd; - - lastlog = _PATH_LASTLOG; - buf[0] = '\0'; - - fd = open(lastlog, O_RDONLY); - if (fd < 0) - return 0; - lseek(fd, (off_t) ((long) uid * sizeof(ll)), SEEK_SET); - if (read(fd, &ll, sizeof(ll)) != sizeof(ll)) { - close(fd); - return 0; - } - close(fd); - if (bufsize > sizeof(ll.ll_host) + 1) - bufsize = sizeof(ll.ll_host) + 1; - strncpy(buf, ll.ll_host, bufsize - 1); - buf[bufsize - 1] = 0; - return ll.ll_time; -} - -/* - * Records that the user has logged in. I these parts of operating systems - * were more standardized. - */ - -void -record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, - const char *host, struct sockaddr * addr) -{ - int fd; - struct lastlog ll; - char *lastlog; - struct utmp u; - const char *utmp, *wtmp; - - /* Construct an utmp/wtmp entry. */ - memset(&u, 0, sizeof(u)); - strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line)); - u.ut_time = time(NULL); - strncpy(u.ut_name, user, sizeof(u.ut_name)); - strncpy(u.ut_host, host, sizeof(u.ut_host)); - - /* Figure out the file names. */ - utmp = _PATH_UTMP; - wtmp = _PATH_WTMP; - - login(&u); - lastlog = _PATH_LASTLOG; - - /* Update lastlog unless actually recording a logout. */ - if (strcmp(user, "") != 0) { - /* - * It is safer to bzero the lastlog structure first because - * some systems might have some extra fields in it (e.g. SGI) - */ - memset(&ll, 0, sizeof(ll)); - - /* Update lastlog. */ - ll.ll_time = time(NULL); - strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line)); - strncpy(ll.ll_host, host, sizeof(ll.ll_host)); - fd = open(lastlog, O_RDWR); - if (fd >= 0) { - lseek(fd, (off_t) ((long) uid * sizeof(ll)), SEEK_SET); - if (write(fd, &ll, sizeof(ll)) != sizeof(ll)) - log("Could not write %.100s: %.100s", lastlog, strerror(errno)); - close(fd); - } - } -} - -/* Records that the user has logged out. */ - -void -record_logout(pid_t pid, const char *ttyname) -{ - const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */ - if (logout(line)) - logwtmp(line, "", ""); -} diff --git a/crypto/openssh/moduli.h b/crypto/openssh/moduli.h deleted file mode 100644 index 9cd1cd3f86c0..000000000000 --- a/crypto/openssh/moduli.h +++ /dev/null @@ -1,23 +0,0 @@ -/* $OpenBSD: moduli.h,v 1.1 2003/07/28 09:49:56 djm Exp $ */ - -#include <sys/types.h> -#include <openssl/bn.h> - -/* - * Using virtual memory can cause thrashing. This should be the largest - * number that is supported without a large amount of disk activity -- - * that would increase the run time from hours to days or weeks! - */ -#define LARGE_MINIMUM (8UL) /* megabytes */ - -/* - * Do not increase this number beyond the unsigned integer bit size. - * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). - */ -#define LARGE_MAXIMUM (127UL) /* megabytes */ - -/* Minimum number of primality tests to perform */ -#define TRIAL_MINIMUM (4) - -int gen_candidates(FILE *, int, int, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); diff --git a/crypto/openssh/nchan.h b/crypto/openssh/nchan.h deleted file mode 100644 index 623ecccc31cf..000000000000 --- a/crypto/openssh/nchan.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 1999 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* RCSID("$OpenBSD: nchan.h,v 1.10 2001/02/28 08:54:55 markus Exp $"); */ - -#ifndef NCHAN_H -#define NCHAN_H - -/* - * SSH Protocol 1.5 aka New Channel Protocol - * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. - * Written by Markus Friedl in October 1999 - * - * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the - * tear down of channels: - * - * 1.3: strict request-ack-protocol: - * CLOSE -> - * <- CLOSE_CONFIRM - * - * 1.5: uses variations of: - * IEOF -> - * <- OCLOSE - * <- IEOF - * OCLOSE -> - * i.e. both sides have to close the channel - * - * See the debugging output from 'ssh -v' and 'sshd -d' of - * ssh-1.2.27 as an example. - * - */ - -/* ssh-proto-1.5 overloads prot-1.3-message-types */ -#define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE -#define SSH_MSG_CHANNEL_OUTPUT_CLOSE SSH_MSG_CHANNEL_CLOSE_CONFIRMATION - -/* possible input states */ -#define CHAN_INPUT_OPEN 0x01 -#define CHAN_INPUT_WAIT_DRAIN 0x02 -#define CHAN_INPUT_WAIT_OCLOSE 0x04 -#define CHAN_INPUT_CLOSED 0x08 - -/* possible output states */ -#define CHAN_OUTPUT_OPEN 0x10 -#define CHAN_OUTPUT_WAIT_DRAIN 0x20 -#define CHAN_OUTPUT_WAIT_IEOF 0x40 -#define CHAN_OUTPUT_CLOSED 0x80 - -#define CHAN_CLOSE_SENT 0x01 -#define CHAN_CLOSE_RCVD 0x02 - - -/* Channel EVENTS */ -typedef void chan_event_fn(Channel * c); - -/* for the input state */ -extern chan_event_fn *chan_rcvd_oclose; -extern chan_event_fn *chan_read_failed; -extern chan_event_fn *chan_ibuf_empty; - -/* for the output state */ -extern chan_event_fn *chan_rcvd_ieof; -extern chan_event_fn *chan_write_failed; -extern chan_event_fn *chan_obuf_empty; - -int chan_is_dead(Channel * c); - -void chan_init_iostates(Channel * c); -void chan_init(void); -#endif diff --git a/crypto/openssh/openbsd-compat/.cvsignore b/crypto/openssh/openbsd-compat/.cvsignore deleted file mode 100644 index f3c7a7c5da68..000000000000 --- a/crypto/openssh/openbsd-compat/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/crypto/openssh/openbsd-compat/fake-queue.h b/crypto/openssh/openbsd-compat/fake-queue.h deleted file mode 100644 index 176fe31741c3..000000000000 --- a/crypto/openssh/openbsd-compat/fake-queue.h +++ /dev/null @@ -1,584 +0,0 @@ -/* $OpenBSD: queue.h,v 1.22 2001/06/23 04:39:35 angelos Exp $ */ -/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ - -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)queue.h 8.5 (Berkeley) 8/20/94 - */ - -#ifndef _FAKE_QUEUE_H_ -#define _FAKE_QUEUE_H_ - -/* - * Ignore all <sys/queue.h> since older platforms have broken/incomplete - * <sys/queue.h> that are too hard to work around. - */ -#undef SLIST_HEAD -#undef SLIST_HEAD_INITIALIZER -#undef SLIST_ENTRY -#undef SLIST_FIRST -#undef SLIST_END -#undef SLIST_EMPTY -#undef SLIST_NEXT -#undef SLIST_FOREACH -#undef SLIST_INIT -#undef SLIST_INSERT_AFTER -#undef SLIST_INSERT_HEAD -#undef SLIST_REMOVE_HEAD -#undef SLIST_REMOVE -#undef LIST_HEAD -#undef LIST_HEAD_INITIALIZER -#undef LIST_ENTRY -#undef LIST_FIRST -#undef LIST_END -#undef LIST_EMPTY -#undef LIST_NEXT -#undef LIST_FOREACH -#undef LIST_INIT -#undef LIST_INSERT_AFTER -#undef LIST_INSERT_BEFORE -#undef LIST_INSERT_HEAD -#undef LIST_REMOVE -#undef LIST_REPLACE -#undef SIMPLEQ_HEAD -#undef SIMPLEQ_HEAD_INITIALIZER -#undef SIMPLEQ_ENTRY -#undef SIMPLEQ_FIRST -#undef SIMPLEQ_END -#undef SIMPLEQ_EMPTY -#undef SIMPLEQ_NEXT -#undef SIMPLEQ_FOREACH -#undef SIMPLEQ_INIT -#undef SIMPLEQ_INSERT_HEAD -#undef SIMPLEQ_INSERT_TAIL -#undef SIMPLEQ_INSERT_AFTER -#undef SIMPLEQ_REMOVE_HEAD -#undef TAILQ_HEAD -#undef TAILQ_HEAD_INITIALIZER -#undef TAILQ_ENTRY -#undef TAILQ_FIRST -#undef TAILQ_END -#undef TAILQ_NEXT -#undef TAILQ_LAST -#undef TAILQ_PREV -#undef TAILQ_EMPTY -#undef TAILQ_FOREACH -#undef TAILQ_FOREACH_REVERSE -#undef TAILQ_INIT -#undef TAILQ_INSERT_HEAD -#undef TAILQ_INSERT_TAIL -#undef TAILQ_INSERT_AFTER -#undef TAILQ_INSERT_BEFORE -#undef TAILQ_REMOVE -#undef TAILQ_REPLACE -#undef CIRCLEQ_HEAD -#undef CIRCLEQ_HEAD_INITIALIZER -#undef CIRCLEQ_ENTRY -#undef CIRCLEQ_FIRST -#undef CIRCLEQ_LAST -#undef CIRCLEQ_END -#undef CIRCLEQ_NEXT -#undef CIRCLEQ_PREV -#undef CIRCLEQ_EMPTY -#undef CIRCLEQ_FOREACH -#undef CIRCLEQ_FOREACH_REVERSE -#undef CIRCLEQ_INIT -#undef CIRCLEQ_INSERT_AFTER -#undef CIRCLEQ_INSERT_BEFORE -#undef CIRCLEQ_INSERT_HEAD -#undef CIRCLEQ_INSERT_TAIL -#undef CIRCLEQ_REMOVE -#undef CIRCLEQ_REPLACE - -/* - * This file defines five types of data structures: singly-linked lists, - * lists, simple queues, tail queues, and circular queues. - * - * - * A singly-linked list is headed by a single forward pointer. The elements - * are singly linked for minimum space and pointer manipulation overhead at - * the expense of O(n) removal for arbitrary elements. New elements can be - * added to the list after an existing element or at the head of the list. - * Elements being removed from the head of the list should use the explicit - * macro for this purpose for optimum efficiency. A singly-linked list may - * only be traversed in the forward direction. Singly-linked lists are ideal - * for applications with large datasets and few or no removals or for - * implementing a LIFO queue. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before - * or after an existing element or at the head of the list. A list - * may only be traversed in the forward direction. - * - * A simple queue is headed by a pair of pointers, one the head of the - * list and the other to the tail of the list. The elements are singly - * linked to save space, so elements can only be removed from the - * head of the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the - * list. A simple queue may only be traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or - * after an existing element, at the head of the list, or at the end of - * the list. A tail queue may be traversed in either direction. - * - * A circle queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the list. - * A circle queue may be traversed in either direction, but has a more - * complex end of list detection. - * - * For details on the use of these macros, see the queue(3) manual page. - */ - -/* - * Singly-linked List definitions. - */ -#define SLIST_HEAD(name, type) \ -struct name { \ - struct type *slh_first; /* first element */ \ -} - -#define SLIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define SLIST_ENTRY(type) \ -struct { \ - struct type *sle_next; /* next element */ \ -} - -/* - * Singly-linked List access methods. - */ -#define SLIST_FIRST(head) ((head)->slh_first) -#define SLIST_END(head) NULL -#define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) -#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) - -#define SLIST_FOREACH(var, head, field) \ - for((var) = SLIST_FIRST(head); \ - (var) != SLIST_END(head); \ - (var) = SLIST_NEXT(var, field)) - -/* - * Singly-linked List functions. - */ -#define SLIST_INIT(head) { \ - SLIST_FIRST(head) = SLIST_END(head); \ -} - -#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ - (elm)->field.sle_next = (slistelm)->field.sle_next; \ - (slistelm)->field.sle_next = (elm); \ -} while (0) - -#define SLIST_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.sle_next = (head)->slh_first; \ - (head)->slh_first = (elm); \ -} while (0) - -#define SLIST_REMOVE_HEAD(head, field) do { \ - (head)->slh_first = (head)->slh_first->field.sle_next; \ -} while (0) - -#define SLIST_REMOVE(head, elm, type, field) do { \ - if ((head)->slh_first == (elm)) { \ - SLIST_REMOVE_HEAD((head), field); \ - } \ - else { \ - struct type *curelm = (head)->slh_first; \ - while( curelm->field.sle_next != (elm) ) \ - curelm = curelm->field.sle_next; \ - curelm->field.sle_next = \ - curelm->field.sle_next->field.sle_next; \ - } \ -} while (0) - -/* - * List definitions. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_HEAD_INITIALIZER(head) \ - { NULL } - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List access methods - */ -#define LIST_FIRST(head) ((head)->lh_first) -#define LIST_END(head) NULL -#define LIST_EMPTY(head) (LIST_FIRST(head) == LIST_END(head)) -#define LIST_NEXT(elm, field) ((elm)->field.le_next) - -#define LIST_FOREACH(var, head, field) \ - for((var) = LIST_FIRST(head); \ - (var)!= LIST_END(head); \ - (var) = LIST_NEXT(var, field)) - -/* - * List functions. - */ -#define LIST_INIT(head) do { \ - LIST_FIRST(head) = LIST_END(head); \ -} while (0) - -#define LIST_INSERT_AFTER(listelm, elm, field) do { \ - if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ - (listelm)->field.le_next->field.le_prev = \ - &(elm)->field.le_next; \ - (listelm)->field.le_next = (elm); \ - (elm)->field.le_prev = &(listelm)->field.le_next; \ -} while (0) - -#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.le_prev = (listelm)->field.le_prev; \ - (elm)->field.le_next = (listelm); \ - *(listelm)->field.le_prev = (elm); \ - (listelm)->field.le_prev = &(elm)->field.le_next; \ -} while (0) - -#define LIST_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.le_next = (head)->lh_first) != NULL) \ - (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ - (head)->lh_first = (elm); \ - (elm)->field.le_prev = &(head)->lh_first; \ -} while (0) - -#define LIST_REMOVE(elm, field) do { \ - if ((elm)->field.le_next != NULL) \ - (elm)->field.le_next->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = (elm)->field.le_next; \ -} while (0) - -#define LIST_REPLACE(elm, elm2, field) do { \ - if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ - (elm2)->field.le_next->field.le_prev = \ - &(elm2)->field.le_next; \ - (elm2)->field.le_prev = (elm)->field.le_prev; \ - *(elm2)->field.le_prev = (elm2); \ -} while (0) - -/* - * Simple queue definitions. - */ -#define SIMPLEQ_HEAD(name, type) \ -struct name { \ - struct type *sqh_first; /* first element */ \ - struct type **sqh_last; /* addr of last next element */ \ -} - -#define SIMPLEQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).sqh_first } - -#define SIMPLEQ_ENTRY(type) \ -struct { \ - struct type *sqe_next; /* next element */ \ -} - -/* - * Simple queue access methods. - */ -#define SIMPLEQ_FIRST(head) ((head)->sqh_first) -#define SIMPLEQ_END(head) NULL -#define SIMPLEQ_EMPTY(head) (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head)) -#define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) - -#define SIMPLEQ_FOREACH(var, head, field) \ - for((var) = SIMPLEQ_FIRST(head); \ - (var) != SIMPLEQ_END(head); \ - (var) = SIMPLEQ_NEXT(var, field)) - -/* - * Simple queue functions. - */ -#define SIMPLEQ_INIT(head) do { \ - (head)->sqh_first = NULL; \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (head)->sqh_first = (elm); \ -} while (0) - -#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.sqe_next = NULL; \ - *(head)->sqh_last = (elm); \ - (head)->sqh_last = &(elm)->field.sqe_next; \ -} while (0) - -#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ - (head)->sqh_last = &(elm)->field.sqe_next; \ - (listelm)->field.sqe_next = (elm); \ -} while (0) - -#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do { \ - if (((head)->sqh_first = (elm)->field.sqe_next) == NULL) \ - (head)->sqh_last = &(head)->sqh_first; \ -} while (0) - -/* - * Tail queue definitions. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ -} - -#define TAILQ_HEAD_INITIALIZER(head) \ - { NULL, &(head).tqh_first } - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ -} - -/* - * tail queue access methods - */ -#define TAILQ_FIRST(head) ((head)->tqh_first) -#define TAILQ_END(head) NULL -#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) -#define TAILQ_LAST(head, headname) \ - (*(((struct headname *)((head)->tqh_last))->tqh_last)) -/* XXX */ -#define TAILQ_PREV(elm, headname, field) \ - (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) -#define TAILQ_EMPTY(head) \ - (TAILQ_FIRST(head) == TAILQ_END(head)) - -#define TAILQ_FOREACH(var, head, field) \ - for((var) = TAILQ_FIRST(head); \ - (var) != TAILQ_END(head); \ - (var) = TAILQ_NEXT(var, field)) - -#define TAILQ_FOREACH_REVERSE(var, head, field, headname) \ - for((var) = TAILQ_LAST(head, headname); \ - (var) != TAILQ_END(head); \ - (var) = TAILQ_PREV(var, headname, field)) - -/* - * Tail queue functions. - */ -#define TAILQ_INIT(head) do { \ - (head)->tqh_first = NULL; \ - (head)->tqh_last = &(head)->tqh_first; \ -} while (0) - -#define TAILQ_INSERT_HEAD(head, elm, field) do { \ - if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ - (head)->tqh_first->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (head)->tqh_first = (elm); \ - (elm)->field.tqe_prev = &(head)->tqh_first; \ -} while (0) - -#define TAILQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.tqe_next = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &(elm)->field.tqe_next; \ -} while (0) - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ - if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (listelm)->field.tqe_next = (elm); \ - (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ -} while (0) - -#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ - (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ - (elm)->field.tqe_next = (listelm); \ - *(listelm)->field.tqe_prev = (elm); \ - (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ -} while (0) - -#define TAILQ_REMOVE(head, elm, field) do { \ - if (((elm)->field.tqe_next) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ -} while (0) - -#define TAILQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ - (elm2)->field.tqe_next->field.tqe_prev = \ - &(elm2)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm2)->field.tqe_next; \ - (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ - *(elm2)->field.tqe_prev = (elm2); \ -} while (0) - -/* - * Circular queue definitions. - */ -#define CIRCLEQ_HEAD(name, type) \ -struct name { \ - struct type *cqh_first; /* first element */ \ - struct type *cqh_last; /* last element */ \ -} - -#define CIRCLEQ_HEAD_INITIALIZER(head) \ - { CIRCLEQ_END(&head), CIRCLEQ_END(&head) } - -#define CIRCLEQ_ENTRY(type) \ -struct { \ - struct type *cqe_next; /* next element */ \ - struct type *cqe_prev; /* previous element */ \ -} - -/* - * Circular queue access methods - */ -#define CIRCLEQ_FIRST(head) ((head)->cqh_first) -#define CIRCLEQ_LAST(head) ((head)->cqh_last) -#define CIRCLEQ_END(head) ((void *)(head)) -#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next) -#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev) -#define CIRCLEQ_EMPTY(head) \ - (CIRCLEQ_FIRST(head) == CIRCLEQ_END(head)) - -#define CIRCLEQ_FOREACH(var, head, field) \ - for((var) = CIRCLEQ_FIRST(head); \ - (var) != CIRCLEQ_END(head); \ - (var) = CIRCLEQ_NEXT(var, field)) - -#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \ - for((var) = CIRCLEQ_LAST(head); \ - (var) != CIRCLEQ_END(head); \ - (var) = CIRCLEQ_PREV(var, field)) - -/* - * Circular queue functions. - */ -#define CIRCLEQ_INIT(head) do { \ - (head)->cqh_first = CIRCLEQ_END(head); \ - (head)->cqh_last = CIRCLEQ_END(head); \ -} while (0) - -#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm)->field.cqe_next; \ - (elm)->field.cqe_prev = (listelm); \ - if ((listelm)->field.cqe_next == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (listelm)->field.cqe_next->field.cqe_prev = (elm); \ - (listelm)->field.cqe_next = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \ - (elm)->field.cqe_next = (listelm); \ - (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ - if ((listelm)->field.cqe_prev == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (listelm)->field.cqe_prev->field.cqe_next = (elm); \ - (listelm)->field.cqe_prev = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \ - (elm)->field.cqe_next = (head)->cqh_first; \ - (elm)->field.cqe_prev = CIRCLEQ_END(head); \ - if ((head)->cqh_last == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm); \ - else \ - (head)->cqh_first->field.cqe_prev = (elm); \ - (head)->cqh_first = (elm); \ -} while (0) - -#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \ - (elm)->field.cqe_next = CIRCLEQ_END(head); \ - (elm)->field.cqe_prev = (head)->cqh_last; \ - if ((head)->cqh_first == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm); \ - else \ - (head)->cqh_last->field.cqe_next = (elm); \ - (head)->cqh_last = (elm); \ -} while (0) - -#define CIRCLEQ_REMOVE(head, elm, field) do { \ - if ((elm)->field.cqe_next == CIRCLEQ_END(head)) \ - (head)->cqh_last = (elm)->field.cqe_prev; \ - else \ - (elm)->field.cqe_next->field.cqe_prev = \ - (elm)->field.cqe_prev; \ - if ((elm)->field.cqe_prev == CIRCLEQ_END(head)) \ - (head)->cqh_first = (elm)->field.cqe_next; \ - else \ - (elm)->field.cqe_prev->field.cqe_next = \ - (elm)->field.cqe_next; \ -} while (0) - -#define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ - if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \ - CIRCLEQ_END(head)) \ - (head).cqh_last = (elm2); \ - else \ - (elm2)->field.cqe_next->field.cqe_prev = (elm2); \ - if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \ - CIRCLEQ_END(head)) \ - (head).cqh_first = (elm2); \ - else \ - (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ -} while (0) - -#endif /* !_FAKE_QUEUE_H_ */ diff --git a/crypto/openssh/openbsd-compat/tree.h b/crypto/openssh/openbsd-compat/tree.h deleted file mode 100644 index 30b4a8561ce3..000000000000 --- a/crypto/openssh/openbsd-compat/tree.h +++ /dev/null @@ -1,667 +0,0 @@ -/* - * Copyright 2002 Niels Provos <provos@citi.umich.edu> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _SYS_TREE_H_ -#define _SYS_TREE_H_ - -/* - * This file defines data structures for different types of trees: - * splay trees and red-black trees. - * - * A splay tree is a self-organizing data structure. Every operation - * on the tree causes a splay to happen. The splay moves the requested - * node to the root of the tree and partly rebalances it. - * - * This has the benefit that request locality causes faster lookups as - * the requested nodes move to the top of the tree. On the other hand, - * every lookup causes memory writes. - * - * The Balance Theorem bounds the total access time for m operations - * and n inserts on an initially empty tree as O((m + n)lg n). The - * amortized cost for a sequence of m accesses to a splay tree is O(lg n); - * - * A red-black tree is a binary search tree with the node color as an - * extra attribute. It fulfills a set of conditions: - * - every search path from the root to a leaf consists of the - * same number of black nodes, - * - each red node (except for the root) has a black parent, - * - each leaf node is black. - * - * Every operation on a red-black tree is bounded as O(lg n). - * The maximum height of a red-black tree is 2lg (n+1). - */ - -#define SPLAY_HEAD(name, type) \ -struct name { \ - struct type *sph_root; /* root of the tree */ \ -} - -#define SPLAY_INITIALIZER(root) \ - { NULL } - -#define SPLAY_INIT(root) do { \ - (root)->sph_root = NULL; \ -} while (0) - -#define SPLAY_ENTRY(type) \ -struct { \ - struct type *spe_left; /* left element */ \ - struct type *spe_right; /* right element */ \ -} - -#define SPLAY_LEFT(elm, field) (elm)->field.spe_left -#define SPLAY_RIGHT(elm, field) (elm)->field.spe_right -#define SPLAY_ROOT(head) (head)->sph_root -#define SPLAY_EMPTY(head) (SPLAY_ROOT(head) == NULL) - -/* SPLAY_ROTATE_{LEFT,RIGHT} expect that tmp hold SPLAY_{RIGHT,LEFT} */ -#define SPLAY_ROTATE_RIGHT(head, tmp, field) do { \ - SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(tmp, field); \ - SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ - (head)->sph_root = tmp; \ -} while (0) - -#define SPLAY_ROTATE_LEFT(head, tmp, field) do { \ - SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(tmp, field); \ - SPLAY_LEFT(tmp, field) = (head)->sph_root; \ - (head)->sph_root = tmp; \ -} while (0) - -#define SPLAY_LINKLEFT(head, tmp, field) do { \ - SPLAY_LEFT(tmp, field) = (head)->sph_root; \ - tmp = (head)->sph_root; \ - (head)->sph_root = SPLAY_LEFT((head)->sph_root, field); \ -} while (0) - -#define SPLAY_LINKRIGHT(head, tmp, field) do { \ - SPLAY_RIGHT(tmp, field) = (head)->sph_root; \ - tmp = (head)->sph_root; \ - (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field); \ -} while (0) - -#define SPLAY_ASSEMBLE(head, node, left, right, field) do { \ - SPLAY_RIGHT(left, field) = SPLAY_LEFT((head)->sph_root, field); \ - SPLAY_LEFT(right, field) = SPLAY_RIGHT((head)->sph_root, field);\ - SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(node, field); \ - SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(node, field); \ -} while (0) - -/* Generates prototypes and inline functions */ - -#define SPLAY_PROTOTYPE(name, type, field, cmp) \ -void name##_SPLAY(struct name *, struct type *); \ -void name##_SPLAY_MINMAX(struct name *, int); \ - \ -static __inline void \ -name##_SPLAY_INSERT(struct name *head, struct type *elm) \ -{ \ - if (SPLAY_EMPTY(head)) { \ - SPLAY_LEFT(elm, field) = SPLAY_RIGHT(elm, field) = NULL; \ - } else { \ - int __comp; \ - name##_SPLAY(head, elm); \ - __comp = (cmp)(elm, (head)->sph_root); \ - if(__comp < 0) { \ - SPLAY_LEFT(elm, field) = SPLAY_LEFT((head)->sph_root, field);\ - SPLAY_RIGHT(elm, field) = (head)->sph_root; \ - SPLAY_LEFT((head)->sph_root, field) = NULL; \ - } else if (__comp > 0) { \ - SPLAY_RIGHT(elm, field) = SPLAY_RIGHT((head)->sph_root, field);\ - SPLAY_LEFT(elm, field) = (head)->sph_root; \ - SPLAY_RIGHT((head)->sph_root, field) = NULL; \ - } else \ - return; \ - } \ - (head)->sph_root = (elm); \ -} \ - \ -static __inline void \ -name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ -{ \ - struct type *__tmp; \ - if (SPLAY_EMPTY(head)) \ - return; \ - name##_SPLAY(head, elm); \ - if ((cmp)(elm, (head)->sph_root) == 0) { \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ - (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field);\ - } else { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - (head)->sph_root = SPLAY_LEFT((head)->sph_root, field);\ - name##_SPLAY(head, elm); \ - SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ - } \ - } \ -} \ - \ -/* Finds the node with the same key as elm */ \ -static __inline struct type * \ -name##_SPLAY_FIND(struct name *head, struct type *elm) \ -{ \ - if (SPLAY_EMPTY(head)) \ - return(NULL); \ - name##_SPLAY(head, elm); \ - if ((cmp)(elm, (head)->sph_root) == 0) \ - return (head->sph_root); \ - return (NULL); \ -} \ - \ -static __inline struct type * \ -name##_SPLAY_NEXT(struct name *head, struct type *elm) \ -{ \ - name##_SPLAY(head, elm); \ - if (SPLAY_RIGHT(elm, field) != NULL) { \ - elm = SPLAY_RIGHT(elm, field); \ - while (SPLAY_LEFT(elm, field) != NULL) { \ - elm = SPLAY_LEFT(elm, field); \ - } \ - } else \ - elm = NULL; \ - return (elm); \ -} \ - \ -static __inline struct type * \ -name##_SPLAY_MIN_MAX(struct name *head, int val) \ -{ \ - name##_SPLAY_MINMAX(head, val); \ - return (SPLAY_ROOT(head)); \ -} - -/* Main splay operation. - * Moves node close to the key of elm to top - */ -#define SPLAY_GENERATE(name, type, field, cmp) \ -void name##_SPLAY(struct name *head, struct type *elm) \ -{ \ - struct type __node, *__left, *__right, *__tmp; \ - int __comp; \ -\ - SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ - __left = __right = &__node; \ -\ - while ((__comp = (cmp)(elm, (head)->sph_root))) { \ - if (__comp < 0) { \ - __tmp = SPLAY_LEFT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if ((cmp)(elm, __tmp) < 0){ \ - SPLAY_ROTATE_RIGHT(head, __tmp, field); \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKLEFT(head, __right, field); \ - } else if (__comp > 0) { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if ((cmp)(elm, __tmp) > 0){ \ - SPLAY_ROTATE_LEFT(head, __tmp, field); \ - if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKRIGHT(head, __left, field); \ - } \ - } \ - SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ -} \ - \ -/* Splay with either the minimum or the maximum element \ - * Used to find minimum or maximum element in tree. \ - */ \ -void name##_SPLAY_MINMAX(struct name *head, int __comp) \ -{ \ - struct type __node, *__left, *__right, *__tmp; \ -\ - SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\ - __left = __right = &__node; \ -\ - while (1) { \ - if (__comp < 0) { \ - __tmp = SPLAY_LEFT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if (__comp < 0){ \ - SPLAY_ROTATE_RIGHT(head, __tmp, field); \ - if (SPLAY_LEFT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKLEFT(head, __right, field); \ - } else if (__comp > 0) { \ - __tmp = SPLAY_RIGHT((head)->sph_root, field); \ - if (__tmp == NULL) \ - break; \ - if (__comp > 0) { \ - SPLAY_ROTATE_LEFT(head, __tmp, field); \ - if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\ - break; \ - } \ - SPLAY_LINKRIGHT(head, __left, field); \ - } \ - } \ - SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \ -} - -#define SPLAY_NEGINF -1 -#define SPLAY_INF 1 - -#define SPLAY_INSERT(name, x, y) name##_SPLAY_INSERT(x, y) -#define SPLAY_REMOVE(name, x, y) name##_SPLAY_REMOVE(x, y) -#define SPLAY_FIND(name, x, y) name##_SPLAY_FIND(x, y) -#define SPLAY_NEXT(name, x, y) name##_SPLAY_NEXT(x, y) -#define SPLAY_MIN(name, x) (SPLAY_EMPTY(x) ? NULL \ - : name##_SPLAY_MIN_MAX(x, SPLAY_NEGINF)) -#define SPLAY_MAX(name, x) (SPLAY_EMPTY(x) ? NULL \ - : name##_SPLAY_MIN_MAX(x, SPLAY_INF)) - -#define SPLAY_FOREACH(x, name, head) \ - for ((x) = SPLAY_MIN(name, head); \ - (x) != NULL; \ - (x) = SPLAY_NEXT(name, head, x)) - -/* Macros that define a red-back tree */ -#define RB_HEAD(name, type) \ -struct name { \ - struct type *rbh_root; /* root of the tree */ \ -} - -#define RB_INITIALIZER(root) \ - { NULL } - -#define RB_INIT(root) do { \ - (root)->rbh_root = NULL; \ -} while (0) - -#define RB_BLACK 0 -#define RB_RED 1 -#define RB_ENTRY(type) \ -struct { \ - struct type *rbe_left; /* left element */ \ - struct type *rbe_right; /* right element */ \ - struct type *rbe_parent; /* parent element */ \ - int rbe_color; /* node color */ \ -} - -#define RB_LEFT(elm, field) (elm)->field.rbe_left -#define RB_RIGHT(elm, field) (elm)->field.rbe_right -#define RB_PARENT(elm, field) (elm)->field.rbe_parent -#define RB_COLOR(elm, field) (elm)->field.rbe_color -#define RB_ROOT(head) (head)->rbh_root -#define RB_EMPTY(head) (RB_ROOT(head) == NULL) - -#define RB_SET(elm, parent, field) do { \ - RB_PARENT(elm, field) = parent; \ - RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \ - RB_COLOR(elm, field) = RB_RED; \ -} while (0) - -#define RB_SET_BLACKRED(black, red, field) do { \ - RB_COLOR(black, field) = RB_BLACK; \ - RB_COLOR(red, field) = RB_RED; \ -} while (0) - -#ifndef RB_AUGMENT -#define RB_AUGMENT(x) -#endif - -#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \ - (tmp) = RB_RIGHT(elm, field); \ - if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field))) { \ - RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \ - } \ - RB_AUGMENT(elm); \ - if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ - if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ - RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ - else \ - RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ - } else \ - (head)->rbh_root = (tmp); \ - RB_LEFT(tmp, field) = (elm); \ - RB_PARENT(elm, field) = (tmp); \ - RB_AUGMENT(tmp); \ -} while (0) - -#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ - (tmp) = RB_LEFT(elm, field); \ - if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field))) { \ - RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \ - } \ - RB_AUGMENT(elm); \ - if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \ - if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ - RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ - else \ - RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ - } else \ - (head)->rbh_root = (tmp); \ - RB_RIGHT(tmp, field) = (elm); \ - RB_PARENT(elm, field) = (tmp); \ - RB_AUGMENT(tmp); \ -} while (0) - -/* Generates prototypes and inline functions */ -#define RB_PROTOTYPE(name, type, field, cmp) \ -void name##_RB_INSERT_COLOR(struct name *, struct type *); \ -void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ -void name##_RB_REMOVE(struct name *, struct type *); \ -struct type *name##_RB_INSERT(struct name *, struct type *); \ -struct type *name##_RB_FIND(struct name *, struct type *); \ -struct type *name##_RB_NEXT(struct name *, struct type *); \ -struct type *name##_RB_MINMAX(struct name *, int); \ - \ - -/* Main rb operation. - * Moves node close to the key of elm to top - */ -#define RB_GENERATE(name, type, field, cmp) \ -void \ -name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ -{ \ - struct type *parent, *gparent, *tmp; \ - while ((parent = RB_PARENT(elm, field)) && \ - RB_COLOR(parent, field) == RB_RED) { \ - gparent = RB_PARENT(parent, field); \ - if (parent == RB_LEFT(gparent, field)) { \ - tmp = RB_RIGHT(gparent, field); \ - if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ - RB_COLOR(tmp, field) = RB_BLACK; \ - RB_SET_BLACKRED(parent, gparent, field);\ - elm = gparent; \ - continue; \ - } \ - if (RB_RIGHT(parent, field) == elm) { \ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - tmp = parent; \ - parent = elm; \ - elm = tmp; \ - } \ - RB_SET_BLACKRED(parent, gparent, field); \ - RB_ROTATE_RIGHT(head, gparent, tmp, field); \ - } else { \ - tmp = RB_LEFT(gparent, field); \ - if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ - RB_COLOR(tmp, field) = RB_BLACK; \ - RB_SET_BLACKRED(parent, gparent, field);\ - elm = gparent; \ - continue; \ - } \ - if (RB_LEFT(parent, field) == elm) { \ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - tmp = parent; \ - parent = elm; \ - elm = tmp; \ - } \ - RB_SET_BLACKRED(parent, gparent, field); \ - RB_ROTATE_LEFT(head, gparent, tmp, field); \ - } \ - } \ - RB_COLOR(head->rbh_root, field) = RB_BLACK; \ -} \ - \ -void \ -name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \ -{ \ - struct type *tmp; \ - while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \ - elm != RB_ROOT(head)) { \ - if (RB_LEFT(parent, field) == elm) { \ - tmp = RB_RIGHT(parent, field); \ - if (RB_COLOR(tmp, field) == RB_RED) { \ - RB_SET_BLACKRED(tmp, parent, field); \ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - tmp = RB_RIGHT(parent, field); \ - } \ - if ((RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ - (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ - RB_COLOR(tmp, field) = RB_RED; \ - elm = parent; \ - parent = RB_PARENT(elm, field); \ - } else { \ - if (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\ - struct type *oleft; \ - if ((oleft = RB_LEFT(tmp, field)))\ - RB_COLOR(oleft, field) = RB_BLACK;\ - RB_COLOR(tmp, field) = RB_RED; \ - RB_ROTATE_RIGHT(head, tmp, oleft, field);\ - tmp = RB_RIGHT(parent, field); \ - } \ - RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ - RB_COLOR(parent, field) = RB_BLACK; \ - if (RB_RIGHT(tmp, field)) \ - RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\ - RB_ROTATE_LEFT(head, parent, tmp, field);\ - elm = RB_ROOT(head); \ - break; \ - } \ - } else { \ - tmp = RB_LEFT(parent, field); \ - if (RB_COLOR(tmp, field) == RB_RED) { \ - RB_SET_BLACKRED(tmp, parent, field); \ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - tmp = RB_LEFT(parent, field); \ - } \ - if ((RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ - (RB_RIGHT(tmp, field) == NULL || \ - RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ - RB_COLOR(tmp, field) = RB_RED; \ - elm = parent; \ - parent = RB_PARENT(elm, field); \ - } else { \ - if (RB_LEFT(tmp, field) == NULL || \ - RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\ - struct type *oright; \ - if ((oright = RB_RIGHT(tmp, field)))\ - RB_COLOR(oright, field) = RB_BLACK;\ - RB_COLOR(tmp, field) = RB_RED; \ - RB_ROTATE_LEFT(head, tmp, oright, field);\ - tmp = RB_LEFT(parent, field); \ - } \ - RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ - RB_COLOR(parent, field) = RB_BLACK; \ - if (RB_LEFT(tmp, field)) \ - RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\ - RB_ROTATE_RIGHT(head, parent, tmp, field);\ - elm = RB_ROOT(head); \ - break; \ - } \ - } \ - } \ - if (elm) \ - RB_COLOR(elm, field) = RB_BLACK; \ -} \ - \ -void \ -name##_RB_REMOVE(struct name *head, struct type *elm) \ -{ \ - struct type *child, *parent; \ - int color; \ - if (RB_LEFT(elm, field) == NULL) \ - child = RB_RIGHT(elm, field); \ - else if (RB_RIGHT(elm, field) == NULL) \ - child = RB_LEFT(elm, field); \ - else { \ - struct type *old = elm, *left; \ - elm = RB_RIGHT(elm, field); \ - while ((left = RB_LEFT(elm, field))) \ - elm = left; \ - child = RB_RIGHT(elm, field); \ - parent = RB_PARENT(elm, field); \ - color = RB_COLOR(elm, field); \ - if (child) \ - RB_PARENT(child, field) = parent; \ - if (parent) { \ - if (RB_LEFT(parent, field) == elm) \ - RB_LEFT(parent, field) = child; \ - else \ - RB_RIGHT(parent, field) = child; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = child; \ - if (RB_PARENT(elm, field) == old) \ - parent = elm; \ - (elm)->field = (old)->field; \ - if (RB_PARENT(old, field)) { \ - if (RB_LEFT(RB_PARENT(old, field), field) == old)\ - RB_LEFT(RB_PARENT(old, field), field) = elm;\ - else \ - RB_RIGHT(RB_PARENT(old, field), field) = elm;\ - RB_AUGMENT(RB_PARENT(old, field)); \ - } else \ - RB_ROOT(head) = elm; \ - RB_PARENT(RB_LEFT(old, field), field) = elm; \ - if (RB_RIGHT(old, field)) \ - RB_PARENT(RB_RIGHT(old, field), field) = elm; \ - if (parent) { \ - left = parent; \ - do { \ - RB_AUGMENT(left); \ - } while ((left = RB_PARENT(left, field))); \ - } \ - goto color; \ - } \ - parent = RB_PARENT(elm, field); \ - color = RB_COLOR(elm, field); \ - if (child) \ - RB_PARENT(child, field) = parent; \ - if (parent) { \ - if (RB_LEFT(parent, field) == elm) \ - RB_LEFT(parent, field) = child; \ - else \ - RB_RIGHT(parent, field) = child; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = child; \ -color: \ - if (color == RB_BLACK) \ - name##_RB_REMOVE_COLOR(head, parent, child); \ -} \ - \ -/* Inserts a node into the RB tree */ \ -struct type * \ -name##_RB_INSERT(struct name *head, struct type *elm) \ -{ \ - struct type *tmp; \ - struct type *parent = NULL; \ - int comp = 0; \ - tmp = RB_ROOT(head); \ - while (tmp) { \ - parent = tmp; \ - comp = (cmp)(elm, parent); \ - if (comp < 0) \ - tmp = RB_LEFT(tmp, field); \ - else if (comp > 0) \ - tmp = RB_RIGHT(tmp, field); \ - else \ - return (tmp); \ - } \ - RB_SET(elm, parent, field); \ - if (parent != NULL) { \ - if (comp < 0) \ - RB_LEFT(parent, field) = elm; \ - else \ - RB_RIGHT(parent, field) = elm; \ - RB_AUGMENT(parent); \ - } else \ - RB_ROOT(head) = elm; \ - name##_RB_INSERT_COLOR(head, elm); \ - return (NULL); \ -} \ - \ -/* Finds the node with the same key as elm */ \ -struct type * \ -name##_RB_FIND(struct name *head, struct type *elm) \ -{ \ - struct type *tmp = RB_ROOT(head); \ - int comp; \ - while (tmp) { \ - comp = cmp(elm, tmp); \ - if (comp < 0) \ - tmp = RB_LEFT(tmp, field); \ - else if (comp > 0) \ - tmp = RB_RIGHT(tmp, field); \ - else \ - return (tmp); \ - } \ - return (NULL); \ -} \ - \ -struct type * \ -name##_RB_NEXT(struct name *head, struct type *elm) \ -{ \ - if (RB_RIGHT(elm, field)) { \ - elm = RB_RIGHT(elm, field); \ - while (RB_LEFT(elm, field)) \ - elm = RB_LEFT(elm, field); \ - } else { \ - if (RB_PARENT(elm, field) && \ - (elm == RB_LEFT(RB_PARENT(elm, field), field))) \ - elm = RB_PARENT(elm, field); \ - else { \ - while (RB_PARENT(elm, field) && \ - (elm == RB_RIGHT(RB_PARENT(elm, field), field)))\ - elm = RB_PARENT(elm, field); \ - elm = RB_PARENT(elm, field); \ - } \ - } \ - return (elm); \ -} \ - \ -struct type * \ -name##_RB_MINMAX(struct name *head, int val) \ -{ \ - struct type *tmp = RB_ROOT(head); \ - struct type *parent = NULL; \ - while (tmp) { \ - parent = tmp; \ - if (val < 0) \ - tmp = RB_LEFT(tmp, field); \ - else \ - tmp = RB_RIGHT(tmp, field); \ - } \ - return (parent); \ -} - -#define RB_NEGINF -1 -#define RB_INF 1 - -#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y) -#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y) -#define RB_FIND(name, x, y) name##_RB_FIND(x, y) -#define RB_NEXT(name, x, y) name##_RB_NEXT(x, y) -#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF) -#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF) - -#define RB_FOREACH(x, name, head) \ - for ((x) = RB_MIN(name, head); \ - (x) != NULL; \ - (x) = name##_RB_NEXT(head, x)) - -#endif /* _SYS_TREE_H_ */ diff --git a/crypto/openssh/pty.c b/crypto/openssh/pty.c deleted file mode 100644 index 9300bd530415..000000000000 --- a/crypto/openssh/pty.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Allocating a pseudo-terminal, and making it the controlling tty. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -RCSID("$OpenBSD: pty.c,v 1.16 2000/09/07 21:13:37 markus Exp $"); - -#include <util.h> -#include "pty.h" -#include "ssh.h" - -/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ -#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) -#undef HAVE_DEV_PTMX -#endif - -#ifndef O_NOCTTY -#define O_NOCTTY 0 -#endif - -/* - * Allocates and opens a pty. Returns 0 if no pty could be allocated, or - * nonzero if a pty was successfully allocated. On success, open file - * descriptors for the pty and tty sides and the name of the tty side are - * returned (the buffer must be able to hold at least 64 characters). - */ - -int -pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) -{ -#if defined(HAVE_OPENPTY) || defined(BSD4_4) - /* openpty(3) exists in OSF/1 and some other os'es */ - char buf[64]; - int i; - - i = openpty(ptyfd, ttyfd, buf, NULL, NULL); - if (i < 0) { - error("openpty: %.100s", strerror(errno)); - return 0; - } - strlcpy(namebuf, buf, namebuflen); /* possible truncation */ - return 1; -#else /* HAVE_OPENPTY */ -#ifdef HAVE__GETPTY - /* - * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more - * pty's automagically when needed - */ - char *slave; - - slave = _getpty(ptyfd, O_RDWR, 0622, 0); - if (slave == NULL) { - error("_getpty: %.100s", strerror(errno)); - return 0; - } - strlcpy(namebuf, slave, namebuflen); - /* Open the slave side. */ - *ttyfd = open(namebuf, O_RDWR | O_NOCTTY); - if (*ttyfd < 0) { - error("%.200s: %.100s", namebuf, strerror(errno)); - close(*ptyfd); - return 0; - } - return 1; -#else /* HAVE__GETPTY */ -#ifdef HAVE_DEV_PTMX - /* - * This code is used e.g. on Solaris 2.x. (Note that Solaris 2.3 - * also has bsd-style ptys, but they simply do not work.) - */ - int ptm; - char *pts; - - ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY); - if (ptm < 0) { - error("/dev/ptmx: %.100s", strerror(errno)); - return 0; - } - if (grantpt(ptm) < 0) { - error("grantpt: %.100s", strerror(errno)); - return 0; - } - if (unlockpt(ptm) < 0) { - error("unlockpt: %.100s", strerror(errno)); - return 0; - } - pts = ptsname(ptm); - if (pts == NULL) - error("Slave pty side name could not be obtained."); - strlcpy(namebuf, pts, namebuflen); - *ptyfd = ptm; - - /* Open the slave side. */ - *ttyfd = open(namebuf, O_RDWR | O_NOCTTY); - if (*ttyfd < 0) { - error("%.100s: %.100s", namebuf, strerror(errno)); - close(*ptyfd); - return 0; - } - /* Push the appropriate streams modules, as described in Solaris pts(7). */ - if (ioctl(*ttyfd, I_PUSH, "ptem") < 0) - error("ioctl I_PUSH ptem: %.100s", strerror(errno)); - if (ioctl(*ttyfd, I_PUSH, "ldterm") < 0) - error("ioctl I_PUSH ldterm: %.100s", strerror(errno)); - if (ioctl(*ttyfd, I_PUSH, "ttcompat") < 0) - error("ioctl I_PUSH ttcompat: %.100s", strerror(errno)); - return 1; -#else /* HAVE_DEV_PTMX */ -#ifdef HAVE_DEV_PTS_AND_PTC - /* AIX-style pty code. */ - const char *name; - - *ptyfd = open("/dev/ptc", O_RDWR | O_NOCTTY); - if (*ptyfd < 0) { - error("Could not open /dev/ptc: %.100s", strerror(errno)); - return 0; - } - name = ttyname(*ptyfd); - if (!name) - fatal("Open of /dev/ptc returns device for which ttyname fails."); - strlcpy(namebuf, name, namebuflen); - *ttyfd = open(name, O_RDWR | O_NOCTTY); - if (*ttyfd < 0) { - error("Could not open pty slave side %.100s: %.100s", - name, strerror(errno)); - close(*ptyfd); - return 0; - } - return 1; -#else /* HAVE_DEV_PTS_AND_PTC */ - /* BSD-style pty code. */ - char buf[64]; - int i; - const char *ptymajors = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; - const char *ptyminors = "0123456789abcdef"; - int num_minors = strlen(ptyminors); - int num_ptys = strlen(ptymajors) * num_minors; - - for (i = 0; i < num_ptys; i++) { - snprintf(buf, sizeof buf, "/dev/pty%c%c", ptymajors[i / num_minors], - ptyminors[i % num_minors]); - *ptyfd = open(buf, O_RDWR | O_NOCTTY); - if (*ptyfd < 0) - continue; - snprintf(namebuf, namebuflen, "/dev/tty%c%c", - ptymajors[i / num_minors], ptyminors[i % num_minors]); - - /* Open the slave side. */ - *ttyfd = open(namebuf, O_RDWR | O_NOCTTY); - if (*ttyfd < 0) { - error("%.100s: %.100s", namebuf, strerror(errno)); - close(*ptyfd); - return 0; - } - return 1; - } - return 0; -#endif /* HAVE_DEV_PTS_AND_PTC */ -#endif /* HAVE_DEV_PTMX */ -#endif /* HAVE__GETPTY */ -#endif /* HAVE_OPENPTY */ -} - -/* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ - -void -pty_release(const char *ttyname) -{ - if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) - error("chown %.100s 0 0 failed: %.100s", ttyname, strerror(errno)); - if (chmod(ttyname, (mode_t) 0666) < 0) - error("chmod %.100s 0666 failed: %.100s", ttyname, strerror(errno)); -} - -/* Makes the tty the processes controlling tty and sets it to sane modes. */ - -void -pty_make_controlling_tty(int *ttyfd, const char *ttyname) -{ - int fd; - - /* First disconnect from the old controlling tty. */ -#ifdef TIOCNOTTY - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) { - (void) ioctl(fd, TIOCNOTTY, NULL); - close(fd); - } -#endif /* TIOCNOTTY */ - if (setsid() < 0) - error("setsid: %.100s", strerror(errno)); - - /* - * Verify that we are successfully disconnected from the controlling - * tty. - */ - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) { - error("Failed to disconnect from controlling tty."); - close(fd); - } - /* Make it our controlling tty. */ -#ifdef TIOCSCTTY - debug("Setting controlling tty using TIOCSCTTY."); - /* - * We ignore errors from this, because HPSUX defines TIOCSCTTY, but - * returns EINVAL with these arguments, and there is absolutely no - * documentation. - */ - ioctl(*ttyfd, TIOCSCTTY, NULL); -#endif /* TIOCSCTTY */ - fd = open(ttyname, O_RDWR); - if (fd < 0) - error("%.100s: %.100s", ttyname, strerror(errno)); - else - close(fd); - - /* Verify that we now have a controlling tty. */ - fd = open("/dev/tty", O_WRONLY); - if (fd < 0) - error("open /dev/tty failed - could not set controlling tty: %.100s", - strerror(errno)); - else { - close(fd); - } -} - -/* Changes the window size associated with the pty. */ - -void -pty_change_window_size(int ptyfd, int row, int col, - int xpixel, int ypixel) -{ - struct winsize w; - w.ws_row = row; - w.ws_col = col; - w.ws_xpixel = xpixel; - w.ws_ypixel = ypixel; - (void) ioctl(ptyfd, TIOCSWINSZ, &w); -} - -void -pty_setowner(struct passwd *pw, const char *ttyname) -{ - struct group *grp; - gid_t gid; - mode_t mode; - - /* Determine the group to make the owner of the tty. */ - grp = getgrnam("tty"); - if (grp) { - gid = grp->gr_gid; - mode = S_IRUSR | S_IWUSR | S_IWGRP; - } else { - gid = pw->pw_gid; - mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH; - } - - /* Change ownership of the tty. */ - if (chown(ttyname, pw->pw_uid, gid) < 0) - fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, strerror(errno)); - if (chmod(ttyname, mode) < 0) - fatal("chmod(%.100s, 0%o) failed: %.100s", - ttyname, mode, strerror(errno)); -} diff --git a/crypto/openssh/pty.h b/crypto/openssh/pty.h deleted file mode 100644 index 13d8e6026cc3..000000000000 --- a/crypto/openssh/pty.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * Functions for allocating a pseudo-terminal and making it the controlling - * tty. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -/* RCSID("$OpenBSD: pty.h,v 1.8 2000/09/07 20:27:52 deraadt Exp $"); */ - -#ifndef PTY_H -#define PTY_H - -/* - * Allocates and opens a pty. Returns 0 if no pty could be allocated, or - * nonzero if a pty was successfully allocated. On success, open file - * descriptors for the pty and tty sides and the name of the tty side are - * returned (the buffer must be able to hold at least 64 characters). - */ -int pty_allocate(int *ptyfd, int *ttyfd, char *ttyname, int ttynamelen); - -/* - * Releases the tty. Its ownership is returned to root, and permissions to - * 0666. - */ -void pty_release(const char *ttyname); - -/* - * Makes the tty the processes controlling tty and sets it to sane modes. - * This may need to reopen the tty to get rid of possible eavesdroppers. - */ -void pty_make_controlling_tty(int *ttyfd, const char *ttyname); - -/* Changes the window size associated with the pty. */ -void -pty_change_window_size(int ptyfd, int row, int col, - int xpixel, int ypixel); - -void pty_setowner(struct passwd *pw, const char *ttyname); - -#endif /* PTY_H */ diff --git a/crypto/openssh/readpass.h b/crypto/openssh/readpass.h deleted file mode 100644 index a45d32f2a76b..000000000000 --- a/crypto/openssh/readpass.h +++ /dev/null @@ -1,19 +0,0 @@ -/* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */ - -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#define RP_ECHO 0x0001 -#define RP_ALLOW_STDIN 0x0002 -#define RP_ALLOW_EOF 0x0004 - -char *read_passphrase(const char *, int); diff --git a/crypto/openssh/regress/copy.1 b/crypto/openssh/regress/copy.1 Binary files differdeleted file mode 100755 index 92d4d20f9fba..000000000000 --- a/crypto/openssh/regress/copy.1 +++ /dev/null diff --git a/crypto/openssh/regress/copy.2 b/crypto/openssh/regress/copy.2 Binary files differdeleted file mode 100755 index 92d4d20f9fba..000000000000 --- a/crypto/openssh/regress/copy.2 +++ /dev/null diff --git a/crypto/openssh/scard/.cvsignore b/crypto/openssh/scard/.cvsignore deleted file mode 100644 index 5349d34aeabd..000000000000 --- a/crypto/openssh/scard/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -Ssh.bin diff --git a/crypto/openssh/scard/Makefile b/crypto/openssh/scard/Makefile deleted file mode 100644 index 1cf7bbd2ca1e..000000000000 --- a/crypto/openssh/scard/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -# $OpenBSD: Makefile,v 1.2 2001/06/29 07:02:09 markus Exp $ - -.PATH: ${.CURDIR}/.. - -CARDLET= Ssh.bin -DATADIR= /usr/libdata/ssh - -all: ${CARDLET} - -clean: - rm -f ${CARDLET} - -install: ${CARDLET} - install -c -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \ - ${CARDLET} ${DESTDIR}${DATADIR} - -Ssh.bin: ${.CURDIR}/Ssh.bin.uu - uudecode ${.CURDIR}/$@.uu - -.include <bsd.prog.mk> diff --git a/crypto/openssh/scp-common.c b/crypto/openssh/scp-common.c deleted file mode 100644 index 7e5f09c74fae..000000000000 --- a/crypto/openssh/scp-common.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 1999 Theo de Raadt. All rights reserved. - * Copyright (c) 1999 Aaron Campbell. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Parts from: - * - * Copyright (c) 1983, 1990, 1992, 1993, 1995 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#include "includes.h" -RCSID("$OpenBSD: scp-common.c,v 1.1 2001/04/16 02:31:43 mouring Exp $"); - -char * -cleanhostname(host) - char *host; -{ - if (*host == '[' && host[strlen(host) - 1] == ']') { - host[strlen(host) - 1] = '\0'; - return (host + 1); - } else - return host; -} - -char * -colon(cp) - char *cp; -{ - int flag = 0; - - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - if (*cp == '[') - flag = 1; - - for (; *cp; ++cp) { - if (*cp == '@' && *(cp+1) == '[') - flag = 1; - if (*cp == ']' && *(cp+1) == ':' && flag) - return (cp+1); - if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); - } - return (0); -} diff --git a/crypto/openssh/scp-common.h b/crypto/openssh/scp-common.h deleted file mode 100644 index e0ab6ec32a7d..000000000000 --- a/crypto/openssh/scp-common.h +++ /dev/null @@ -1,64 +0,0 @@ -/* $OpenBSD: scp-common.h,v 1.1 2001/04/16 02:31:43 mouring Exp $ */ -/* - * Copyright (c) 1999 Theo de Raadt. All rights reserved. - * Copyright (c) 1999 Aaron Campbell. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Parts from: - * - * Copyright (c) 1983, 1990, 1992, 1993, 1995 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -char *cleanhostname(char *host); -char *colon(char *cp); diff --git a/crypto/openssh/scp/Makefile b/crypto/openssh/scp/Makefile deleted file mode 100644 index c8959bbf6d2d..000000000000 --- a/crypto/openssh/scp/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# $OpenBSD: Makefile,v 1.13 2001/05/03 23:09:55 mouring Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= scp -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= scp.1 - -SRCS= scp.c misc.c - -.include <bsd.prog.mk> diff --git a/crypto/openssh/sftp-glob.h b/crypto/openssh/sftp-glob.h deleted file mode 100644 index f879e8719b4b..000000000000 --- a/crypto/openssh/sftp-glob.h +++ /dev/null @@ -1,37 +0,0 @@ -/* $OpenBSD: sftp-glob.h,v 1.8 2002/09/11 22:41:50 djm Exp $ */ - -/* - * Copyright (c) 2001,2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* Remote sftp filename globbing */ - -#ifndef _SFTP_GLOB_H -#define _SFTP_GLOB_H - -#include "sftp-client.h" - -int remote_glob(struct sftp_conn *, const char *, int, - int (*)(const char *, int), glob_t *); - -#endif diff --git a/crypto/openssh/sftp-int.c b/crypto/openssh/sftp-int.c deleted file mode 100644 index c93eaabffbe3..000000000000 --- a/crypto/openssh/sftp-int.c +++ /dev/null @@ -1,1191 +0,0 @@ -/* - * Copyright (c) 2001,2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* XXX: recursive operations */ - -#include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.62 2003/08/25 08:13:09 fgsch Exp $"); - -#include "buffer.h" -#include "xmalloc.h" -#include "log.h" -#include "pathnames.h" - -#include "sftp.h" -#include "sftp-common.h" -#include "sftp-glob.h" -#include "sftp-client.h" -#include "sftp-int.h" - -/* File to read commands from */ -extern FILE *infile; - -/* Size of buffer used when copying files */ -extern size_t copy_buffer_len; - -/* Number of concurrent outstanding requests */ -extern int num_requests; - -/* This is set to 0 if the progressmeter is not desired. */ -int showprogress = 1; - -/* Seperators for interactive commands */ -#define WHITESPACE " \t\r\n" - -/* Define what type of ls view (0 - multi-column) */ -#define LONG_VIEW 1 /* Full view ala ls -l */ -#define SHORT_VIEW 2 /* Single row view ala ls -1 */ - -/* Commands for interactive mode */ -#define I_CHDIR 1 -#define I_CHGRP 2 -#define I_CHMOD 3 -#define I_CHOWN 4 -#define I_GET 5 -#define I_HELP 6 -#define I_LCHDIR 7 -#define I_LLS 8 -#define I_LMKDIR 9 -#define I_LPWD 10 -#define I_LS 11 -#define I_LUMASK 12 -#define I_MKDIR 13 -#define I_PUT 14 -#define I_PWD 15 -#define I_QUIT 16 -#define I_RENAME 17 -#define I_RM 18 -#define I_RMDIR 19 -#define I_SHELL 20 -#define I_SYMLINK 21 -#define I_VERSION 22 -#define I_PROGRESS 23 - -struct CMD { - const char *c; - const int n; -}; - -static const struct CMD cmds[] = { - { "bye", I_QUIT }, - { "cd", I_CHDIR }, - { "chdir", I_CHDIR }, - { "chgrp", I_CHGRP }, - { "chmod", I_CHMOD }, - { "chown", I_CHOWN }, - { "dir", I_LS }, - { "exit", I_QUIT }, - { "get", I_GET }, - { "mget", I_GET }, - { "help", I_HELP }, - { "lcd", I_LCHDIR }, - { "lchdir", I_LCHDIR }, - { "lls", I_LLS }, - { "lmkdir", I_LMKDIR }, - { "ln", I_SYMLINK }, - { "lpwd", I_LPWD }, - { "ls", I_LS }, - { "lumask", I_LUMASK }, - { "mkdir", I_MKDIR }, - { "progress", I_PROGRESS }, - { "put", I_PUT }, - { "mput", I_PUT }, - { "pwd", I_PWD }, - { "quit", I_QUIT }, - { "rename", I_RENAME }, - { "rm", I_RM }, - { "rmdir", I_RMDIR }, - { "symlink", I_SYMLINK }, - { "version", I_VERSION }, - { "!", I_SHELL }, - { "?", I_HELP }, - { NULL, -1} -}; - -static void -help(void) -{ - printf("Available commands:\n"); - printf("cd path Change remote directory to 'path'\n"); - printf("lcd path Change local directory to 'path'\n"); - printf("chgrp grp path Change group of file 'path' to 'grp'\n"); - printf("chmod mode path Change permissions of file 'path' to 'mode'\n"); - printf("chown own path Change owner of file 'path' to 'own'\n"); - printf("help Display this help text\n"); - printf("get remote-path [local-path] Download file\n"); - printf("lls [ls-options [path]] Display local directory listing\n"); - printf("ln oldpath newpath Symlink remote file\n"); - printf("lmkdir path Create local directory\n"); - printf("lpwd Print local working directory\n"); - printf("ls [path] Display remote directory listing\n"); - printf("lumask umask Set local umask to 'umask'\n"); - printf("mkdir path Create remote directory\n"); - printf("progress Toggle display of progress meter\n"); - printf("put local-path [remote-path] Upload file\n"); - printf("pwd Display remote working directory\n"); - printf("exit Quit sftp\n"); - printf("quit Quit sftp\n"); - printf("rename oldpath newpath Rename remote file\n"); - printf("rmdir path Remove remote directory\n"); - printf("rm path Delete remote file\n"); - printf("symlink oldpath newpath Symlink remote file\n"); - printf("version Show SFTP version\n"); - printf("!command Execute 'command' in local shell\n"); - printf("! Escape to local shell\n"); - printf("? Synonym for help\n"); -} - -static void -local_do_shell(const char *args) -{ - int status; - char *shell; - pid_t pid; - - if (!*args) - args = NULL; - - if ((shell = getenv("SHELL")) == NULL) - shell = _PATH_BSHELL; - - if ((pid = fork()) == -1) - fatal("Couldn't fork: %s", strerror(errno)); - - if (pid == 0) { - /* XXX: child has pipe fds to ssh subproc open - issue? */ - if (args) { - debug3("Executing %s -c \"%s\"", shell, args); - execl(shell, shell, "-c", args, (char *)NULL); - } else { - debug3("Executing %s", shell); - execl(shell, shell, (char *)NULL); - } - fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell, - strerror(errno)); - _exit(1); - } - while (waitpid(pid, &status, 0) == -1) - if (errno != EINTR) - fatal("Couldn't wait for child: %s", strerror(errno)); - if (!WIFEXITED(status)) - error("Shell exited abormally"); - else if (WEXITSTATUS(status)) - error("Shell exited with status %d", WEXITSTATUS(status)); -} - -static void -local_do_ls(const char *args) -{ - if (!args || !*args) - local_do_shell(_PATH_LS); - else { - int len = strlen(_PATH_LS " ") + strlen(args) + 1; - char *buf = xmalloc(len); - - /* XXX: quoting - rip quoting code from ftp? */ - snprintf(buf, len, _PATH_LS " %s", args); - local_do_shell(buf); - xfree(buf); - } -} - -/* Strip one path (usually the pwd) from the start of another */ -static char * -path_strip(char *path, char *strip) -{ - size_t len; - - if (strip == NULL) - return (xstrdup(path)); - - len = strlen(strip); - if (strip != NULL && strncmp(path, strip, len) == 0) { - if (strip[len - 1] != '/' && path[len] == '/') - len++; - return (xstrdup(path + len)); - } - - return (xstrdup(path)); -} - -static char * -path_append(char *p1, char *p2) -{ - char *ret; - int len = strlen(p1) + strlen(p2) + 2; - - ret = xmalloc(len); - strlcpy(ret, p1, len); - if (p1[strlen(p1) - 1] != '/') - strlcat(ret, "/", len); - strlcat(ret, p2, len); - - return(ret); -} - -static char * -make_absolute(char *p, char *pwd) -{ - char *abs; - - /* Derelativise */ - if (p && p[0] != '/') { - abs = path_append(pwd, p); - xfree(p); - return(abs); - } else - return(p); -} - -static int -infer_path(const char *p, char **ifp) -{ - char *cp; - - cp = strrchr(p, '/'); - if (cp == NULL) { - *ifp = xstrdup(p); - return(0); - } - - if (!cp[1]) { - error("Invalid path"); - return(-1); - } - - *ifp = xstrdup(cp + 1); - return(0); -} - -static int -parse_getput_flags(const char **cpp, int *pflag) -{ - const char *cp = *cpp; - - /* Check for flags */ - if (cp[0] == '-' && cp[1] && strchr(WHITESPACE, cp[2])) { - switch (cp[1]) { - case 'p': - case 'P': - *pflag = 1; - break; - default: - error("Invalid flag -%c", cp[1]); - return(-1); - } - cp += 2; - *cpp = cp + strspn(cp, WHITESPACE); - } - - return(0); -} - -static int -parse_ls_flags(const char **cpp, int *lflag) -{ - const char *cp = *cpp; - - /* Check for flags */ - if (cp++[0] == '-') { - for(; strchr(WHITESPACE, *cp) == NULL; cp++) { - switch (*cp) { - case 'l': - *lflag = LONG_VIEW; - break; - case '1': - *lflag = SHORT_VIEW; - break; - default: - error("Invalid flag -%c", *cp); - return(-1); - } - } - *cpp = cp + strspn(cp, WHITESPACE); - } - - return(0); -} - -static int -get_pathname(const char **cpp, char **path) -{ - const char *cp = *cpp, *end; - char quot; - int i, j; - - cp += strspn(cp, WHITESPACE); - if (!*cp) { - *cpp = cp; - *path = NULL; - return (0); - } - - *path = xmalloc(strlen(cp) + 1); - - /* Check for quoted filenames */ - if (*cp == '\"' || *cp == '\'') { - quot = *cp++; - - /* Search for terminating quote, unescape some chars */ - for (i = j = 0; i <= strlen(cp); i++) { - if (cp[i] == quot) { /* Found quote */ - (*path)[j] = '\0'; - i++; - break; - } - if (cp[i] == '\0') { /* End of string */ - error("Unterminated quote"); - goto fail; - } - if (cp[i] == '\\') { /* Escaped characters */ - i++; - if (cp[i] != '\'' && cp[i] != '\"' && - cp[i] != '\\') { - error("Bad escaped character '\%c'", - cp[i]); - goto fail; - } - } - (*path)[j++] = cp[i]; - } - - if (j == 0) { - error("Empty quotes"); - goto fail; - } - *cpp = cp + i + strspn(cp + i, WHITESPACE); - } else { - /* Read to end of filename */ - end = strpbrk(cp, WHITESPACE); - if (end == NULL) - end = strchr(cp, '\0'); - *cpp = end + strspn(end, WHITESPACE); - - memcpy(*path, cp, end - cp); - (*path)[end - cp] = '\0'; - } - return (0); - - fail: - xfree(*path); - *path = NULL; - return (-1); -} - -static int -is_dir(char *path) -{ - struct stat sb; - - /* XXX: report errors? */ - if (stat(path, &sb) == -1) - return(0); - - return(sb.st_mode & S_IFDIR); -} - -static int -is_reg(char *path) -{ - struct stat sb; - - if (stat(path, &sb) == -1) - fatal("stat %s: %s", path, strerror(errno)); - - return(S_ISREG(sb.st_mode)); -} - -static int -remote_is_dir(struct sftp_conn *conn, char *path) -{ - Attrib *a; - - /* XXX: report errors? */ - if ((a = do_stat(conn, path, 1)) == NULL) - return(0); - if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) - return(0); - return(a->perm & S_IFDIR); -} - -static int -process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) -{ - char *abs_src = NULL; - char *abs_dst = NULL; - char *tmp; - glob_t g; - int err = 0; - int i; - - abs_src = xstrdup(src); - abs_src = make_absolute(abs_src, pwd); - - memset(&g, 0, sizeof(g)); - debug3("Looking up %s", abs_src); - if (remote_glob(conn, abs_src, 0, NULL, &g)) { - error("File \"%s\" not found.", abs_src); - err = -1; - goto out; - } - - /* If multiple matches, dst must be a directory or unspecified */ - if (g.gl_matchc > 1 && dst && !is_dir(dst)) { - error("Multiple files match, but \"%s\" is not a directory", - dst); - err = -1; - goto out; - } - - for (i = 0; g.gl_pathv[i]; i++) { - if (infer_path(g.gl_pathv[i], &tmp)) { - err = -1; - goto out; - } - - if (g.gl_matchc == 1 && dst) { - /* If directory specified, append filename */ - if (is_dir(dst)) { - if (infer_path(g.gl_pathv[0], &tmp)) { - err = 1; - goto out; - } - abs_dst = path_append(dst, tmp); - xfree(tmp); - } else - abs_dst = xstrdup(dst); - } else if (dst) { - abs_dst = path_append(dst, tmp); - xfree(tmp); - } else - abs_dst = tmp; - - printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); - if (do_download(conn, g.gl_pathv[i], abs_dst, pflag) == -1) - err = -1; - xfree(abs_dst); - abs_dst = NULL; - } - -out: - xfree(abs_src); - if (abs_dst) - xfree(abs_dst); - globfree(&g); - return(err); -} - -static int -process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) -{ - char *tmp_dst = NULL; - char *abs_dst = NULL; - char *tmp; - glob_t g; - int err = 0; - int i; - - if (dst) { - tmp_dst = xstrdup(dst); - tmp_dst = make_absolute(tmp_dst, pwd); - } - - memset(&g, 0, sizeof(g)); - debug3("Looking up %s", src); - if (glob(src, 0, NULL, &g)) { - error("File \"%s\" not found.", src); - err = -1; - goto out; - } - - /* If multiple matches, dst may be directory or unspecified */ - if (g.gl_matchc > 1 && tmp_dst && !remote_is_dir(conn, tmp_dst)) { - error("Multiple files match, but \"%s\" is not a directory", - tmp_dst); - err = -1; - goto out; - } - - for (i = 0; g.gl_pathv[i]; i++) { - if (!is_reg(g.gl_pathv[i])) { - error("skipping non-regular file %s", - g.gl_pathv[i]); - continue; - } - if (infer_path(g.gl_pathv[i], &tmp)) { - err = -1; - goto out; - } - - if (g.gl_matchc == 1 && tmp_dst) { - /* If directory specified, append filename */ - if (remote_is_dir(conn, tmp_dst)) { - if (infer_path(g.gl_pathv[0], &tmp)) { - err = 1; - goto out; - } - abs_dst = path_append(tmp_dst, tmp); - xfree(tmp); - } else - abs_dst = xstrdup(tmp_dst); - - } else if (tmp_dst) { - abs_dst = path_append(tmp_dst, tmp); - xfree(tmp); - } else - abs_dst = make_absolute(tmp, pwd); - - printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); - if (do_upload(conn, g.gl_pathv[i], abs_dst, pflag) == -1) - err = -1; - } - -out: - if (abs_dst) - xfree(abs_dst); - if (tmp_dst) - xfree(tmp_dst); - globfree(&g); - return(err); -} - -static int -sdirent_comp(const void *aa, const void *bb) -{ - SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; - SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; - - return (strcmp(a->filename, b->filename)); -} - -/* sftp ls.1 replacement for directories */ -static int -do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) -{ - int n, c = 1, colspace = 0, columns = 1; - SFTP_DIRENT **d; - - if ((n = do_readdir(conn, path, &d)) != 0) - return (n); - - if (!(lflag & SHORT_VIEW)) { - int m = 0, width = 80; - struct winsize ws; - - /* Count entries for sort and find longest filename */ - for (n = 0; d[n] != NULL; n++) - m = MAX(m, strlen(d[n]->filename)); - - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) - width = ws.ws_col; - - columns = width / (m + 2); - columns = MAX(columns, 1); - colspace = width / columns; - } - - qsort(d, n, sizeof(*d), sdirent_comp); - - for (n = 0; d[n] != NULL; n++) { - char *tmp, *fname; - - tmp = path_append(path, d[n]->filename); - fname = path_strip(tmp, strip_path); - xfree(tmp); - - if (lflag & LONG_VIEW) { - char *lname; - struct stat sb; - - memset(&sb, 0, sizeof(sb)); - attrib_to_stat(&d[n]->a, &sb); - lname = ls_file(fname, &sb, 1); - printf("%s\n", lname); - xfree(lname); - } else { - printf("%-*s", colspace, fname); - if (c >= columns) { - printf("\n"); - c = 1; - } else - c++; - } - - xfree(fname); - } - - if (!(lflag & LONG_VIEW) && (c != 1)) - printf("\n"); - - free_sftp_dirents(d); - return (0); -} - -/* sftp ls.1 replacement which handles path globs */ -static int -do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, - int lflag) -{ - glob_t g; - int i, c = 1, colspace = 0, columns = 1; - Attrib *a; - - memset(&g, 0, sizeof(g)); - - if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, - NULL, &g)) { - error("Can't ls: \"%s\" not found", path); - return (-1); - } - - /* - * If the glob returns a single match, which is the same as the - * input glob, and it is a directory, then just list its contents - */ - if (g.gl_pathc == 1 && - strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { - if ((a = do_lstat(conn, path, 1)) == NULL) { - globfree(&g); - return (-1); - } - if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && - S_ISDIR(a->perm)) { - globfree(&g); - return (do_ls_dir(conn, path, strip_path, lflag)); - } - } - - if (!(lflag & SHORT_VIEW)) { - int m = 0, width = 80; - struct winsize ws; - - /* Count entries for sort and find longest filename */ - for (i = 0; g.gl_pathv[i]; i++) - m = MAX(m, strlen(g.gl_pathv[i])); - - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) - width = ws.ws_col; - - columns = width / (m + 2); - columns = MAX(columns, 1); - colspace = width / columns; - } - - for (i = 0; g.gl_pathv[i]; i++) { - char *fname; - - fname = path_strip(g.gl_pathv[i], strip_path); - - if (lflag & LONG_VIEW) { - char *lname; - struct stat sb; - - /* - * XXX: this is slow - 1 roundtrip per path - * A solution to this is to fork glob() and - * build a sftp specific version which keeps the - * attribs (which currently get thrown away) - * that the server returns as well as the filenames. - */ - memset(&sb, 0, sizeof(sb)); - a = do_lstat(conn, g.gl_pathv[i], 1); - if (a != NULL) - attrib_to_stat(a, &sb); - lname = ls_file(fname, &sb, 1); - printf("%s\n", lname); - xfree(lname); - } else { - printf("%-*s", colspace, fname); - if (c >= columns) { - printf("\n"); - c = 1; - } else - c++; - } - xfree(fname); - } - - if (!(lflag & LONG_VIEW) && (c != 1)) - printf("\n"); - - if (g.gl_pathc) - globfree(&g); - - return (0); -} - -static int -parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, - unsigned long *n_arg, char **path1, char **path2) -{ - const char *cmd, *cp = *cpp; - char *cp2; - int base = 0; - long l; - int i, cmdnum; - - /* Skip leading whitespace */ - cp = cp + strspn(cp, WHITESPACE); - - /* Ignore blank lines and lines which begin with comment '#' char */ - if (*cp == '\0' || *cp == '#') - return (0); - - /* Check for leading '-' (disable error processing) */ - *iflag = 0; - if (*cp == '-') { - *iflag = 1; - cp++; - } - - /* Figure out which command we have */ - for (i = 0; cmds[i].c; i++) { - int cmdlen = strlen(cmds[i].c); - - /* Check for command followed by whitespace */ - if (!strncasecmp(cp, cmds[i].c, cmdlen) && - strchr(WHITESPACE, cp[cmdlen])) { - cp += cmdlen; - cp = cp + strspn(cp, WHITESPACE); - break; - } - } - cmdnum = cmds[i].n; - cmd = cmds[i].c; - - /* Special case */ - if (*cp == '!') { - cp++; - cmdnum = I_SHELL; - } else if (cmdnum == -1) { - error("Invalid command."); - return (-1); - } - - /* Get arguments and parse flags */ - *lflag = *pflag = *n_arg = 0; - *path1 = *path2 = NULL; - switch (cmdnum) { - case I_GET: - case I_PUT: - if (parse_getput_flags(&cp, pflag)) - return(-1); - /* Get first pathname (mandatory) */ - if (get_pathname(&cp, path1)) - return(-1); - if (*path1 == NULL) { - error("You must specify at least one path after a " - "%s command.", cmd); - return(-1); - } - /* Try to get second pathname (optional) */ - if (get_pathname(&cp, path2)) - return(-1); - break; - case I_RENAME: - case I_SYMLINK: - if (get_pathname(&cp, path1)) - return(-1); - if (get_pathname(&cp, path2)) - return(-1); - if (!*path1 || !*path2) { - error("You must specify two paths after a %s " - "command.", cmd); - return(-1); - } - break; - case I_RM: - case I_MKDIR: - case I_RMDIR: - case I_CHDIR: - case I_LCHDIR: - case I_LMKDIR: - /* Get pathname (mandatory) */ - if (get_pathname(&cp, path1)) - return(-1); - if (*path1 == NULL) { - error("You must specify a path after a %s command.", - cmd); - return(-1); - } - break; - case I_LS: - if (parse_ls_flags(&cp, lflag)) - return(-1); - /* Path is optional */ - if (get_pathname(&cp, path1)) - return(-1); - break; - case I_LLS: - case I_SHELL: - /* Uses the rest of the line */ - break; - case I_LUMASK: - base = 8; - case I_CHMOD: - base = 8; - case I_CHOWN: - case I_CHGRP: - /* Get numeric arg (mandatory) */ - l = strtol(cp, &cp2, base); - if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) && - errno == ERANGE) || l < 0) { - error("You must supply a numeric argument " - "to the %s command.", cmd); - return(-1); - } - cp = cp2; - *n_arg = l; - if (cmdnum == I_LUMASK && strchr(WHITESPACE, *cp)) - break; - if (cmdnum == I_LUMASK || !strchr(WHITESPACE, *cp)) { - error("You must supply a numeric argument " - "to the %s command.", cmd); - return(-1); - } - cp += strspn(cp, WHITESPACE); - - /* Get pathname (mandatory) */ - if (get_pathname(&cp, path1)) - return(-1); - if (*path1 == NULL) { - error("You must specify a path after a %s command.", - cmd); - return(-1); - } - break; - case I_QUIT: - case I_PWD: - case I_LPWD: - case I_HELP: - case I_VERSION: - case I_PROGRESS: - break; - default: - fatal("Command not implemented"); - } - - *cpp = cp; - return(cmdnum); -} - -static int -parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, - int err_abort) -{ - char *path1, *path2, *tmp; - int pflag, lflag, iflag, cmdnum, i; - unsigned long n_arg; - Attrib a, *aa; - char path_buf[MAXPATHLEN]; - int err = 0; - glob_t g; - - path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg, - &path1, &path2); - - if (iflag != 0) - err_abort = 0; - - memset(&g, 0, sizeof(g)); - - /* Perform command */ - switch (cmdnum) { - case 0: - /* Blank line */ - break; - case -1: - /* Unrecognized command */ - err = -1; - break; - case I_GET: - err = process_get(conn, path1, path2, *pwd, pflag); - break; - case I_PUT: - err = process_put(conn, path1, path2, *pwd, pflag); - break; - case I_RENAME: - path1 = make_absolute(path1, *pwd); - path2 = make_absolute(path2, *pwd); - err = do_rename(conn, path1, path2); - break; - case I_SYMLINK: - path2 = make_absolute(path2, *pwd); - err = do_symlink(conn, path1, path2); - break; - case I_RM: - path1 = make_absolute(path1, *pwd); - remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); - for (i = 0; g.gl_pathv[i]; i++) { - printf("Removing %s\n", g.gl_pathv[i]); - err = do_rm(conn, g.gl_pathv[i]); - if (err != 0 && err_abort) - break; - } - break; - case I_MKDIR: - path1 = make_absolute(path1, *pwd); - attrib_clear(&a); - a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; - a.perm = 0777; - err = do_mkdir(conn, path1, &a); - break; - case I_RMDIR: - path1 = make_absolute(path1, *pwd); - err = do_rmdir(conn, path1); - break; - case I_CHDIR: - path1 = make_absolute(path1, *pwd); - if ((tmp = do_realpath(conn, path1)) == NULL) { - err = 1; - break; - } - if ((aa = do_stat(conn, tmp, 0)) == NULL) { - xfree(tmp); - err = 1; - break; - } - if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { - error("Can't change directory: Can't check target"); - xfree(tmp); - err = 1; - break; - } - if (!S_ISDIR(aa->perm)) { - error("Can't change directory: \"%s\" is not " - "a directory", tmp); - xfree(tmp); - err = 1; - break; - } - xfree(*pwd); - *pwd = tmp; - break; - case I_LS: - if (!path1) { - do_globbed_ls(conn, *pwd, *pwd, lflag); - break; - } - - /* Strip pwd off beginning of non-absolute paths */ - tmp = NULL; - if (*path1 != '/') - tmp = *pwd; - - path1 = make_absolute(path1, *pwd); - err = do_globbed_ls(conn, path1, tmp, lflag); - break; - case I_LCHDIR: - if (chdir(path1) == -1) { - error("Couldn't change local directory to " - "\"%s\": %s", path1, strerror(errno)); - err = 1; - } - break; - case I_LMKDIR: - if (mkdir(path1, 0777) == -1) { - error("Couldn't create local directory " - "\"%s\": %s", path1, strerror(errno)); - err = 1; - } - break; - case I_LLS: - local_do_ls(cmd); - break; - case I_SHELL: - local_do_shell(cmd); - break; - case I_LUMASK: - umask(n_arg); - printf("Local umask: %03lo\n", n_arg); - break; - case I_CHMOD: - path1 = make_absolute(path1, *pwd); - attrib_clear(&a); - a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; - a.perm = n_arg; - remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); - for (i = 0; g.gl_pathv[i]; i++) { - printf("Changing mode on %s\n", g.gl_pathv[i]); - err = do_setstat(conn, g.gl_pathv[i], &a); - if (err != 0 && err_abort) - break; - } - break; - case I_CHOWN: - case I_CHGRP: - path1 = make_absolute(path1, *pwd); - remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); - for (i = 0; g.gl_pathv[i]; i++) { - if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { - if (err != 0 && err_abort) - break; - else - continue; - } - if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { - error("Can't get current ownership of " - "remote file \"%s\"", g.gl_pathv[i]); - if (err != 0 && err_abort) - break; - else - continue; - } - aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; - if (cmdnum == I_CHOWN) { - printf("Changing owner on %s\n", g.gl_pathv[i]); - aa->uid = n_arg; - } else { - printf("Changing group on %s\n", g.gl_pathv[i]); - aa->gid = n_arg; - } - err = do_setstat(conn, g.gl_pathv[i], aa); - if (err != 0 && err_abort) - break; - } - break; - case I_PWD: - printf("Remote working directory: %s\n", *pwd); - break; - case I_LPWD: - if (!getcwd(path_buf, sizeof(path_buf))) { - error("Couldn't get local cwd: %s", strerror(errno)); - err = -1; - break; - } - printf("Local working directory: %s\n", path_buf); - break; - case I_QUIT: - /* Processed below */ - break; - case I_HELP: - help(); - break; - case I_VERSION: - printf("SFTP protocol version %u\n", sftp_proto_version(conn)); - break; - case I_PROGRESS: - showprogress = !showprogress; - if (showprogress) - printf("Progress meter enabled\n"); - else - printf("Progress meter disabled\n"); - break; - default: - fatal("%d is not implemented", cmdnum); - } - - if (g.gl_pathc) - globfree(&g); - if (path1) - xfree(path1); - if (path2) - xfree(path2); - - /* If an unignored error occurs in batch mode we should abort. */ - if (err_abort && err != 0) - return (-1); - else if (cmdnum == I_QUIT) - return (1); - - return (0); -} - -int -interactive_loop(int fd_in, int fd_out, char *file1, char *file2) -{ - char *pwd; - char *dir = NULL; - char cmd[2048]; - struct sftp_conn *conn; - int err; - - conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); - if (conn == NULL) - fatal("Couldn't initialise connection to server"); - - pwd = do_realpath(conn, "."); - if (pwd == NULL) - fatal("Need cwd"); - - if (file1 != NULL) { - dir = xstrdup(file1); - dir = make_absolute(dir, pwd); - - if (remote_is_dir(conn, dir) && file2 == NULL) { - printf("Changing to: %s\n", dir); - snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); - if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) - return (-1); - } else { - if (file2 == NULL) - snprintf(cmd, sizeof cmd, "get %s", dir); - else - snprintf(cmd, sizeof cmd, "get %s %s", dir, - file2); - - err = parse_dispatch_command(conn, cmd, &pwd, 1); - xfree(dir); - xfree(pwd); - return (err); - } - xfree(dir); - } - -#if HAVE_SETVBUF - setvbuf(stdout, NULL, _IOLBF, 0); - setvbuf(infile, NULL, _IOLBF, 0); -#else - setlinebuf(stdout); - setlinebuf(infile); -#endif - - err = 0; - for (;;) { - char *cp; - - printf("sftp> "); - - /* XXX: use libedit */ - if (fgets(cmd, sizeof(cmd), infile) == NULL) { - printf("\n"); - break; - } else if (infile != stdin) /* Bluff typing */ - printf("%s", cmd); - - cp = strrchr(cmd, '\n'); - if (cp) - *cp = '\0'; - - err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin); - if (err != 0) - break; - } - xfree(pwd); - - /* err == 1 signifies normal "quit" exit */ - return (err >= 0 ? 0 : -1); -} - diff --git a/crypto/openssh/sftp-int.h b/crypto/openssh/sftp-int.h deleted file mode 100644 index 8a04a03f6156..000000000000 --- a/crypto/openssh/sftp-int.h +++ /dev/null @@ -1,27 +0,0 @@ -/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */ - -/* - * Copyright (c) 2001,2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -int interactive_loop(int, int, char *, char *); diff --git a/crypto/openssh/sftp-server/Makefile b/crypto/openssh/sftp-server/Makefile deleted file mode 100644 index e0682391297b..000000000000 --- a/crypto/openssh/sftp-server/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.5 2001/03/03 23:59:36 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= sftp-server -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/libexec -MAN= sftp-server.8 - -SRCS= sftp-server.c sftp-common.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -DPADD+= ${LIBCRYPTO} diff --git a/crypto/openssh/sftp/Makefile b/crypto/openssh/sftp/Makefile deleted file mode 100644 index 3f5d866a5e9e..000000000000 --- a/crypto/openssh/sftp/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# $OpenBSD: Makefile,v 1.5 2001/05/03 23:09:57 mouring Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= sftp -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= sftp.1 - -SRCS= sftp.c sftp-client.c sftp-int.c sftp-common.c sftp-glob.c misc.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -DPADD+= ${LIBCRYPTO} - diff --git a/crypto/openssh/ssh-add/Makefile b/crypto/openssh/ssh-add/Makefile deleted file mode 100644 index 2f7bf42b53c2..000000000000 --- a/crypto/openssh/ssh-add/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.20 2001/03/04 00:51:25 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh-add -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= ssh-add.1 - -SRCS= ssh-add.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -DPADD+= ${LIBCRYPTO} diff --git a/crypto/openssh/ssh-agent/Makefile b/crypto/openssh/ssh-agent/Makefile deleted file mode 100644 index c252dbdad65e..000000000000 --- a/crypto/openssh/ssh-agent/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.21 2001/06/27 19:29:16 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh-agent -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= ssh-agent.1 - -SRCS= ssh-agent.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -DPADD+= ${LIBCRYPTO} diff --git a/crypto/openssh/ssh-keygen/Makefile b/crypto/openssh/ssh-keygen/Makefile deleted file mode 100644 index d175813bc0cb..000000000000 --- a/crypto/openssh/ssh-keygen/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.21 2001/06/27 19:29:16 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh-keygen -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= ssh-keygen.1 - -SRCS= ssh-keygen.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -DPADD+= ${LIBCRYPTO} diff --git a/crypto/openssh/ssh-keyscan/Makefile b/crypto/openssh/ssh-keyscan/Makefile deleted file mode 100644 index 2ea5c23934c4..000000000000 --- a/crypto/openssh/ssh-keyscan/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.4 2001/08/05 23:18:20 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh-keyscan -BINOWN= root - -BINMODE?=555 - -BINDIR= /usr/bin -MAN= ssh-keyscan.1 - -SRCS= ssh-keyscan.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -lz -DPADD+= ${LIBCRYPTO} ${LIBZ} diff --git a/crypto/openssh/ssh-keysign/Makefile b/crypto/openssh/ssh-keysign/Makefile deleted file mode 100644 index 1a13d9ed358d..000000000000 --- a/crypto/openssh/ssh-keysign/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: Makefile,v 1.3 2002/05/31 10:30:33 markus Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh-keysign -BINOWN= root - -BINMODE?=4555 - -BINDIR= /usr/libexec -MAN= ssh-keysign.8 - -SRCS= ssh-keysign.c - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -lz -DPADD+= ${LIBCRYPTO} ${LIBZ} diff --git a/crypto/openssh/ssh/Makefile b/crypto/openssh/ssh/Makefile deleted file mode 100644 index 80511de5f4e7..000000000000 --- a/crypto/openssh/ssh/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# $OpenBSD: Makefile,v 1.42 2002/06/20 19:56:07 stevesk Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= ssh -BINOWN= root - -#BINMODE?=4555 - -BINDIR= /usr/bin -MAN= ssh.1 ssh_config.5 -LINKS= ${BINDIR}/ssh ${BINDIR}/slogin -MLINKS= ssh.1 slogin.1 - -SRCS= ssh.c readconf.c clientloop.c sshtty.c \ - sshconnect.c sshconnect1.c sshconnect2.c - -.include <bsd.own.mk> # for AFS - -.if (${KERBEROS5:L} == "yes") -CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV -LDADD+= -lkrb5 -lasn1 -lcom_err -DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCOM_ERR} -.endif # KERBEROS5 - -.if (${KERBEROS:L} == "yes") -CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV -LDADD+= -lkrb -DPADD+= ${LIBKRB} -.if (${AFS:L} == "yes") -CFLAGS+= -DAFS -LDADD+= -lkafs -DPADD+= ${LIBKAFS} -.endif # AFS -.endif # KERBEROS - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -lz -ldes -DPADD+= ${LIBCRYPTO} ${LIBZ} ${LIBDES} diff --git a/crypto/openssh/sshd/Makefile b/crypto/openssh/sshd/Makefile deleted file mode 100644 index 14ef3e0717bb..000000000000 --- a/crypto/openssh/sshd/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# $OpenBSD: Makefile,v 1.51 2002/06/20 19:56:07 stevesk Exp $ - -.PATH: ${.CURDIR}/.. - -PROG= sshd -BINOWN= root -BINMODE=555 -BINDIR= /usr/sbin -MAN= sshd.8 sshd_config.5 -CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH - -SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ - sshpty.c sshlogin.c servconf.c serverloop.c uidswap.c \ - auth.c auth1.c auth2.c auth-options.c session.c \ - auth-chall.c auth2-chall.c groupaccess.c \ - auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c \ - auth2-none.c auth2-passwd.c auth2-pubkey.c \ - auth2-hostbased.c auth2-kbdint.c - -.include <bsd.own.mk> # for KERBEROS and AFS - -.if (${KERBEROS5:L} == "yes") -CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV -SRCS+= auth-krb5.c -LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err -DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR} -.endif # KERBEROS5 - -.if (${KERBEROS:L} == "yes") -.if (${AFS:L} == "yes") -CFLAGS+= -DAFS -LDADD+= -lkafs -DPADD+= ${LIBKAFS} -.endif # AFS -CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV -SRCS+= auth-krb4.c -LDADD+= -lkrb -DPADD+= ${LIBKRB} -.endif # KERBEROS - -.include <bsd.prog.mk> - -LDADD+= -lcrypto -lutil -lz -ldes -DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBDES} - -.if (${TCP_WRAPPERS:L} == "yes") -CFLAGS+= -DLIBWRAP -LDADD+= -lwrap -DPADD+= ${LIBWRAP} -.endif - -#.if (${SKEY:L} == "yes") -#CFLAGS+= -DSKEY -#LDADD+= -lskey -#DPADD+= ${SKEY} -#.endif diff --git a/crypto/openssh/sshtty.h b/crypto/openssh/sshtty.h deleted file mode 100644 index 723b27846370..000000000000 --- a/crypto/openssh/sshtty.h +++ /dev/null @@ -1,47 +0,0 @@ -/* $OpenBSD: sshtty.h,v 1.3 2003/09/19 17:43:35 markus Exp $ */ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * Copyright (c) 2001 Kevin Steves. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef SSHTTY_H -#define SSHTTY_H - -#include <termios.h> - -struct termios get_saved_tio(void); -void leave_raw_mode(void); -void enter_raw_mode(void); - -#endif diff --git a/crypto/openssh/tildexpand.h b/crypto/openssh/tildexpand.h deleted file mode 100644 index f5e7e40bcc0d..000000000000 --- a/crypto/openssh/tildexpand.h +++ /dev/null @@ -1,15 +0,0 @@ -/* $OpenBSD: tildexpand.h,v 1.4 2001/06/26 17:27:25 markus Exp $ */ - -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -char *tilde_expand_filename(const char *, uid_t); diff --git a/crypto/openssh/util.c b/crypto/openssh/util.c deleted file mode 100644 index 1a591a6f0f51..000000000000 --- a/crypto/openssh/util.c +++ /dev/null @@ -1,96 +0,0 @@ -/* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); - -#include "ssh.h" - -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - -void -set_nonblock(int fd) -{ - int val; - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; - } - if (val & O_NONBLOCK) { - debug("fd %d IS O_NONBLOCK", fd); - return; - } - debug("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - if (errno != ENODEV) - error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", - fd, strerror(errno)); -} - -/* Characters considered whitespace in strsep calls. */ -#define WHITESPACE " \t\r\n" - -char * -strdelim(char **s) -{ - char *old; - int wspace = 0; - - if (*s == NULL) - return NULL; - - old = *s; - - *s = strpbrk(*s, WHITESPACE "="); - if (*s == NULL) - return (old); - - /* Allow only one '=' to be skipped */ - if (*s[0] == '=') - wspace = 1; - *s[0] = '\0'; - - *s += strspn(*s + 1, WHITESPACE) + 1; - if (*s[0] == '=' && !wspace) - *s += strspn(*s + 1, WHITESPACE) + 1; - - return (old); -} |