aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2002-06-29 11:34:13 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2002-06-29 11:34:13 +0000
commitee21a45f81a0d84007f4e9b4175b9eb4727a96ee (patch)
tree8238d8d0755b8c75c2f77d82c8f96d4360c7ee11
parent83d2307d00b1f24dddf918c6651fb440d6863bf9 (diff)
downloadsrc-ee21a45f81a0d84007f4e9b4175b9eb4727a96ee.tar.gz
src-ee21a45f81a0d84007f4e9b4175b9eb4727a96ee.zip
Notes
-rw-r--r--crypto/openssh/ChangeLog165
-rw-r--r--crypto/openssh/INSTALL7
-rw-r--r--crypto/openssh/Makefile.in13
-rw-r--r--crypto/openssh/README.privsep21
-rw-r--r--crypto/openssh/TODO18
-rw-r--r--crypto/openssh/acconfig.h11
-rw-r--r--crypto/openssh/auth2-chall.c18
-rw-r--r--crypto/openssh/auth2-pam.c11
-rw-r--r--crypto/openssh/authfd.c4
-rw-r--r--crypto/openssh/authfile.c6
-rw-r--r--crypto/openssh/bufaux.c25
-rw-r--r--crypto/openssh/buffer.c8
-rw-r--r--crypto/openssh/channels.c31
-rw-r--r--crypto/openssh/channels.h18
-rw-r--r--crypto/openssh/cipher.c14
-rw-r--r--crypto/openssh/clientloop.c6
-rw-r--r--crypto/openssh/configure.ac53
-rw-r--r--crypto/openssh/defines.h23
-rw-r--r--crypto/openssh/kex.c6
-rw-r--r--crypto/openssh/key.c10
-rw-r--r--crypto/openssh/monitor.c15
-rw-r--r--crypto/openssh/monitor_fdpass.h2
-rw-r--r--crypto/openssh/monitor_mm.c8
-rw-r--r--crypto/openssh/monitor_mm.h2
-rw-r--r--crypto/openssh/msg.c6
-rw-r--r--crypto/openssh/openbsd-compat/getopt.c48
-rw-r--r--crypto/openssh/packet.c15
-rw-r--r--crypto/openssh/scard.c4
-rw-r--r--crypto/openssh/scp.14
-rw-r--r--crypto/openssh/servconf.c23
-rw-r--r--crypto/openssh/serverloop.c6
-rw-r--r--crypto/openssh/session.c41
-rw-r--r--crypto/openssh/session.h8
-rw-r--r--crypto/openssh/sftp-client.c65
-rw-r--r--crypto/openssh/sftp-client.h8
-rw-r--r--crypto/openssh/sftp-common.c4
-rw-r--r--crypto/openssh/sftp-int.c4
-rw-r--r--crypto/openssh/sftp-server.c54
-rw-r--r--crypto/openssh/sftp.c5
-rw-r--r--crypto/openssh/ssh-agent.18
-rw-r--r--crypto/openssh/ssh-agent.c82
-rw-r--r--crypto/openssh/ssh-dss.c14
-rw-r--r--crypto/openssh/ssh-keygen.c11
-rw-r--r--crypto/openssh/ssh-rsa.c24
-rw-r--r--crypto/openssh/ssh.16
-rw-r--r--crypto/openssh/ssh.h6
-rw-r--r--crypto/openssh/sshconnect.c5
-rw-r--r--crypto/openssh/sshconnect2.c13
-rw-r--r--crypto/openssh/sshd.811
-rw-r--r--crypto/openssh/sshd.c48
-rw-r--r--crypto/openssh/sshd_config.514
-rw-r--r--crypto/openssh/sshlogin.c9
-rw-r--r--crypto/openssh/sshpty.c16
-rw-r--r--crypto/openssh/tildexpand.c5
-rw-r--r--crypto/openssh/version.h4
55 files changed, 685 insertions, 381 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index 30b8ef2cc359..67cd6caba29e 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,6 +1,169 @@
+20020626
+ - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/23 21:34:07
+ [channels.c]
+ tcode is u_int
+ - markus@cvs.openbsd.org 2002/06/24 13:12:23
+ [ssh-agent.1]
+ the socket name contains ssh-agent's ppid; via mpech@ from form@
+ - markus@cvs.openbsd.org 2002/06/24 14:33:27
+ [channels.c channels.h clientloop.c serverloop.c]
+ move channel counter to u_int
+ - markus@cvs.openbsd.org 2002/06/24 14:55:38
+ [authfile.c kex.c ssh-agent.c]
+ cat to (void) when output from buffer_get_X is ignored
+ - itojun@cvs.openbsd.org 2002/06/24 15:49:22
+ [msg.c]
+ printf type pedant
+ - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
+ [sftp-server.c sshpty.c]
+ explicit (u_int) for uid and gid
+ - markus@cvs.openbsd.org 2002/06/25 16:22:42
+ [authfd.c]
+ unnecessary cast
+ - markus@cvs.openbsd.org 2002/06/25 18:51:04
+ [sshd.c]
+ lightweight do_setusercontext after chroot()
+ - (bal) Updated AIX package build. Patch by dtucker@zip.com.au
+ - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
+ - (bal) added back in error check for mmap(). I screwed up, Pointed
+ out by stevesk@
+ - (tim) [README.privsep] UnixWare tip no longer needed.
+ - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
+ but it all damned lies.
+ - (stevesk) [README.privsep] more for sshd pseudo-account.
+ - (tim) [contrib/caldera/openssh.spec] add support for privsep
+ - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/26 08:53:12
+ [bufaux.c]
+ limit size of BNs to 8KB; ok provos/deraadt
+ - markus@cvs.openbsd.org 2002/06/26 08:54:18
+ [buffer.c]
+ limit append to 1MB and buffers to 10MB
+ - markus@cvs.openbsd.org 2002/06/26 08:55:02
+ [channels.c]
+ limit # of channels to 10000
+ - markus@cvs.openbsd.org 2002/06/26 08:58:26
+ [session.c]
+ limit # of env vars to 1000; ok deraadt/djm
+ - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
+ [monitor.c]
+ be careful in mm_zalloc
+ - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
+ [session.c]
+ disclose less information from environment files; based on input
+ from djm, and dschultz@uclink.Berkeley.EDU
+ - markus@cvs.openbsd.org 2002/06/26 13:55:37
+ [auth2-chall.c]
+ make sure # of response matches # of queries, fixes int overflow;
+ from ISS
+ - markus@cvs.openbsd.org 2002/06/26 13:56:27
+ [version.h]
+ 3.4
+ - (djm) Require krb5 devel for RPM build w/ KrbV
+ - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
+ <nalin@redhat.com>
+ - (djm) Update spec files for release
+ - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
+ - (djm) Release 3.4p1
+
+20020625
+ - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
+ - (stevesk) [README.privsep] minor updates
+ - (djm) Create privsep directory and warn if privsep user is missing
+ during make install
+ - (bal) Started list of PrivSep issues in TODO
+ - (bal) if mmap() is substandard, don't allow compression on server side.
+ Post 'event' we will add more options.
+ - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
+ - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
+ dtucker@zip.com.au
+ - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
+ for Cygwin, Cray, & SCO
+
+20020624
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
+ [tildexpand.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
+ [cipher.c key.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
+ [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
+ sshpty.c]
+ various KNF and %d for unsigned
+ - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
+ [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
+ sftp.c]
+ bunch of u_int vs int stuff
+ - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
+ [ssh-keygen.c]
+ u_int stuff
+ - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
+ [bufaux.c servconf.c]
+ minor KNF. things the fingers do while you read
+ - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
+ [ssh-agent.c sshd.c]
+ some minor KNF and %u
+ - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
+ [session.c]
+ compression_level is u_int
+ - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
+ [sshpty.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
+ [channels.c channels.h session.c session.h]
+ display, screen, row, col, xpixel, ypixel are u_int; markus ok
+ - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
+ [packet.c]
+ packet_get_int() returns unsigned for reason & seqnr
+ - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
+ xpixel are u_int.
+
+
+20020623
+ - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
+ - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
+ - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
+ - OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
+ [ssh.h]
+ correct comment
+ - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
+ [ssh.1]
+ section 5 not 4 for ssh_config
+ - naddy@cvs.openbsd.org 2002/06/22 11:51:39
+ [ssh.1]
+ typo
+ - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
+ [sshd.8]
+ add /var/empty in FILES section
+ - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+ [sshd.c]
+ check /var/empty owner mode; ok provos@
+ - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
+ [scp.1]
+ typo
+ - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
+ [ssh-agent.1 sshd.8 sshd_config.5]
+ use process ID vs. pid/PID/process identifier
+ - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
+ [sshd.c]
+ don't call setsid() if debugging or run from inetd; no "Operation not
+ permitted" errors now; ok millert@ markus@
+ - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
+ [monitor.c]
+ save auth method before monitor_reset_key_state(); bugzilla bug #284;
+ ok provos@
+
20020622
- (djm) Update README.privsep; spotted by fries@
- (djm) Release 3.3p1
+ - (bal) getopt now can be staticly compiled on those platforms missing
+ optreset. Patch by binder@arago.de
20020621
- (djm) Sync:
@@ -1004,4 +1167,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $
+$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $
diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL
index a7f73e6489f3..07da06b5615d 100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@ -105,11 +105,6 @@ name).
There are a few other options to the configure script:
---with-rsh=PATH allows you to specify the path to your rsh program.
-Normally ./configure will search the current $PATH for 'rsh'. You
-may need to specify this option if rsh is not in your path or has a
-different name.
-
--with-pam enables PAM support.
--enable-gnome-askpass will build the GNOME passphrase dialog. You
@@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
-$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $
+$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $
diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in
index 4b3e278658b8..e7faa1591297 100644
--- a/crypto/openssh/Makefile.in
+++ b/crypto/openssh/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $
+# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
+SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@@ -197,9 +198,13 @@ distprep: catman-do
$(AUTORECONF)
(cd scard && $(MAKE) -f Makefile.in distprep)
-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
+check-user:
+ id $(SSH_PRIVSEP_USER) || \
+ echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
+
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
@@ -212,6 +217,8 @@ install-files: scard-install
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)
+ chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@@ -234,7 +241,7 @@ install-files: scard-install
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
- if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+ if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep
index 6c798f3a4e4b..ced943f262fe 100644
--- a/crypto/openssh/README.privsep
+++ b/crypto/openssh/README.privsep
@@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
compression must be disabled in order for privilege separation to
function.
-When privsep is enabled, the pre-authentication sshd process will
+When privsep is enabled, during the pre-authentication phase sshd will
chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group. You should do something like the following to
-prepare the privsep preauth environment:
+and its primary group. sshd is a pseudo-account that should not be
+used by other daemons, and must be locked and should contain a
+"nologin" or invalid shell.
+
+You should do something like the following to prepare the privsep
+preauth environment:
# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
- # useradd -g sshd sshd
-
-If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
- # ln /usr/lib/.ns.so /usr/lib/ns.so.1
+ # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
/var/empty should not contain any files.
@@ -34,8 +35,8 @@ privsep user and chroot directory:
--with-privsep-path=xxx Path for privilege separation chroot
--with-privsep-user=user Specify non-privileged user for privilege separation
-Privsep requires operating system support for file descriptor passing
-and mmap(MAP_ANON).
+Privsep requires operating system support for file descriptor passing.
+Compression will be disabled on systems without a working mmap MAP_ANON.
PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
@@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $
+$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $
diff --git a/crypto/openssh/TODO b/crypto/openssh/TODO
index d094942ea622..4331a1364be0 100644
--- a/crypto/openssh/TODO
+++ b/crypto/openssh/TODO
@@ -87,4 +87,20 @@ Packaging:
- HP-UX: Provide DEPOT package scripts.
(gilbert.r.loomis@saic.com)
-$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
+
+PrivSep Issues:
+- mmap() issues.
+ + /dev/zero solution (Solaris)
+ + No/broken MAP_ANON (Irix)
+ + broken /dev/zero parse (Linux)
+- PAM
+ + See above PAM notes
+- AIX
+ + usrinfo() does not set TTY, but only required for legicy systems. Works
+ with PrivSep.
+- OSF
+ + SIA is broken
+- Cygwin
+ + Privsep for Pre-auth only (no fd passing)
+
+$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $
diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h
index 713b094d6a0f..3e51d6112173 100644
--- a/crypto/openssh/acconfig.h
+++ b/crypto/openssh/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
+/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */
#ifndef _CONFIG_H
#define _CONFIG_H
@@ -228,9 +228,6 @@
/* Define if xauth is found in your path */
#undef XAUTH_PATH
-/* Define if rsh is found in your path */
-#undef RSH_PATH
-
/* Define if you want to allow MD5 passwords */
#undef HAVE_MD5_PASSWORDS
@@ -358,6 +355,12 @@
/* Path that unprivileged child will chroot() to in privep mode */
#undef PRIVSEP_PATH
+/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
+#undef HAVE_MMAP_ANON_SHARED
+
+/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
+#undef BROKEN_FD_PASSING
+
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c
index f35bfb2f8ee7..e1440f47d7cb 100644
--- a/crypto/openssh/auth2-chall.c
+++ b/crypto/openssh/auth2-chall.c
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
#include "ssh2.h"
#include "auth.h"
@@ -63,6 +63,7 @@ struct KbdintAuthctxt
char *devices;
void *ctxt;
KbdintDevice *device;
+ u_int nreq;
};
static KbdintAuthctxt *
@@ -90,6 +91,7 @@ kbdint_alloc(const char *devs)
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
kbdintctxt->ctxt = NULL;
kbdintctxt->device = NULL;
+ kbdintctxt->nreq = 0;
return kbdintctxt;
}
@@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt)
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
int i;
- u_int numprompts, *echo_on;
+ u_int *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
- &name, &instr, &numprompts, &prompts, &echo_on))
+ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(name);
packet_put_cstring(instr);
packet_put_cstring(""); /* language not used */
- packet_put_int(numprompts);
- for (i = 0; i < numprompts; i++) {
+ packet_put_int(kbdintctxt->nreq);
+ for (i = 0; i < kbdintctxt->nreq; i++) {
packet_put_cstring(prompts[i]);
packet_put_char(echo_on[i]);
}
packet_send();
packet_write_wait();
- for (i = 0; i < numprompts; i++)
+ for (i = 0; i < kbdintctxt->nreq; i++)
xfree(prompts[i]);
xfree(prompts);
xfree(echo_on);
@@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
+ if (nresp != kbdintctxt->nreq)
+ fatal("input_userauth_info_response: wrong number of replies");
+ if (nresp > 100)
+ fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char*));
for (i = 0; i < nresp; i++)
diff --git a/crypto/openssh/auth2-pam.c b/crypto/openssh/auth2-pam.c
index dd29ebd483e2..99aedeaebbeb 100644
--- a/crypto/openssh/auth2-pam.c
+++ b/crypto/openssh/auth2-pam.c
@@ -1,5 +1,5 @@
#include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
+RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
@@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
+
+ if (nresp != context_pam2.num_expected)
+ fatal("%s: Received incorrect number of responses "
+ "(expected %u, received %u)", __func__, nresp,
+ context_pam2.num_expected);
+
+ if (nresp > 100)
+ fatal("%s: too many replies", __func__);
+
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];
diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c
index a452a792ee66..4c4552d527f0 100644
--- a/crypto/openssh/authfd.c
+++ b/crypto/openssh/authfd.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
#include <openssl/evp.h>
@@ -144,7 +144,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
error("Error reading response from authentication socket.");
return 0;
}
- buffer_append(reply, (char *) buf, l);
+ buffer_append(reply, buf, l);
len -= l;
}
return 1;
diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c
index 6d936de56e39..1fa5d811ae31 100644
--- a/crypto/openssh/authfile.c
+++ b/crypto/openssh/authfile.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -270,7 +270,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
(void) buffer_get_int(&buffer); /* reserved */
/* Read the public key from the buffer. */
- buffer_get_int(&buffer);
+ (void) buffer_get_int(&buffer);
pub = key_new(KEY_RSA1);
buffer_get_bignum(&buffer, pub->rsa->n);
buffer_get_bignum(&buffer, pub->rsa->e);
@@ -357,7 +357,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
(void) buffer_get_int(&buffer); /* Reserved data. */
/* Read the public key from the buffer. */
- buffer_get_int(&buffer);
+ (void) buffer_get_int(&buffer);
prv = key_new_private(KEY_RSA1);
buffer_get_bignum(&buffer, prv->rsa->n);
diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c
index 79f8bbd49667..d3dc674ce404 100644
--- a/crypto/openssh/bufaux.c
+++ b/crypto/openssh/bufaux.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
bits = GET_16BIT(buf);
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
+ if (bytes > 8 * 1024)
+ fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
bin = buffer_ptr(buffer);
@@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
u_char *buf = xmalloc(bytes);
int oi;
int hasnohigh = 0;
+
buf[0] = '\0';
/* Get the value of in binary */
oi = BN_bn2bin(value, buf+1);
@@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
xfree(buf);
}
+/* XXX does not handle negative BNs */
void
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
- /**XXX should be two's-complement */
- int len;
- u_char *bin = buffer_get_string(buffer, (u_int *)&len);
+ u_int len;
+ u_char *bin = buffer_get_string(buffer, &len);
+
+ if (len > 8 * 1024)
+ fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
BN_bin2bn(bin, len, value);
xfree(bin);
}
@@ -145,6 +151,7 @@ u_short
buffer_get_short(Buffer *buffer)
{
u_char buf[2];
+
buffer_get(buffer, (char *) buf, 2);
return GET_16BIT(buf);
}
@@ -153,6 +160,7 @@ u_int
buffer_get_int(Buffer *buffer)
{
u_char buf[4];
+
buffer_get(buffer, (char *) buf, 4);
return GET_32BIT(buf);
}
@@ -162,6 +170,7 @@ u_int64_t
buffer_get_int64(Buffer *buffer)
{
u_char buf[8];
+
buffer_get(buffer, (char *) buf, 8);
return GET_64BIT(buf);
}
@@ -174,6 +183,7 @@ void
buffer_put_short(Buffer *buffer, u_short value)
{
char buf[2];
+
PUT_16BIT(buf, value);
buffer_append(buffer, buf, 2);
}
@@ -182,6 +192,7 @@ void
buffer_put_int(Buffer *buffer, u_int value)
{
char buf[4];
+
PUT_32BIT(buf, value);
buffer_append(buffer, buf, 4);
}
@@ -191,6 +202,7 @@ void
buffer_put_int64(Buffer *buffer, u_int64_t value)
{
char buf[8];
+
PUT_64BIT(buf, value);
buffer_append(buffer, buf, 8);
}
@@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
void *
buffer_get_string(Buffer *buffer, u_int *length_ptr)
{
- u_int len;
u_char *value;
+ u_int len;
+
/* Get the length. */
len = buffer_get_int(buffer);
if (len > 256 * 1024)
@@ -249,6 +262,7 @@ int
buffer_get_char(Buffer *buffer)
{
char ch;
+
buffer_get(buffer, &ch, 1);
return (u_char) ch;
}
@@ -260,5 +274,6 @@ void
buffer_put_char(Buffer *buffer, int value)
{
char ch = value;
+
buffer_append(buffer, &ch, 1);
}
diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c
index 40572e5ac30e..ad04b267e0d8 100644
--- a/crypto/openssh/buffer.c
+++ b/crypto/openssh/buffer.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len)
{
void *p;
+ if (len > 0x100000)
+ fatal("buffer_append_space: len %u not supported", len);
+
/* If the buffer is empty, start using it from the beginning. */
if (buffer->offset == buffer->end) {
buffer->offset = 0;
@@ -96,6 +99,9 @@ restart:
}
/* Increase the size of the buffer and retry. */
buffer->alloc += len + 32768;
+ if (buffer->alloc > 0xa00000)
+ fatal("buffer_append_space: alloc %u not supported",
+ buffer->alloc);
buffer->buf = xrealloc(buffer->buf, buffer->alloc);
goto restart;
/* NOTREACHED */
diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c
index d34411e18787..29eaee7c4d60 100644
--- a/crypto/openssh/channels.c
+++ b/crypto/openssh/channels.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -205,7 +205,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
Channel *
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
- int window, int maxpack, int extusage, char *remote_name, int nonblock)
+ u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
{
int i, found;
Channel *c;
@@ -229,6 +229,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
/* There are no free slots. Take last+1 slot and expand the array. */
found = channels_alloc;
channels_alloc += 10;
+ if (channels_alloc > 10000)
+ fatal("channel_new: internal error: channels_alloc %d "
+ "too big.", channels_alloc);
debug2("channel: expanding %d", channels_alloc);
channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
for (i = found; i < channels_alloc; i++)
@@ -1568,8 +1571,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
void
channel_output_poll(void)
{
- int len, i;
Channel *c;
+ int i;
+ u_int len;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
@@ -1647,7 +1651,7 @@ channel_output_poll(void)
c->remote_window > 0 &&
(len = buffer_len(&c->extended)) > 0 &&
c->extended_usage == CHAN_EXTENDED_READ) {
- debug2("channel %d: rwin %d elen %d euse %d",
+ debug2("channel %d: rwin %u elen %u euse %d",
c->self, c->remote_window, buffer_len(&c->extended),
c->extended_usage);
if (len > c->remote_window)
@@ -1717,9 +1721,8 @@ void
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
{
int id;
- int tcode;
char *data;
- u_int data_len;
+ u_int data_len, tcode;
Channel *c;
/* Get the channel number and verify it. */
@@ -1874,7 +1877,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
c->confirm(c->self, NULL);
debug2("callback done");
}
- debug("channel %d: open confirm rwindow %d rmax %d", c->self,
+ debug("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
}
packet_check_eom();
@@ -1931,7 +1934,8 @@ void
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
- int id, adjust;
+ int id;
+ u_int adjust;
if (!compat20)
return;
@@ -1947,7 +1951,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
}
adjust = packet_get_int();
packet_check_eom();
- debug2("channel %d: rcvd adjust %d", id, adjust);
+ debug2("channel %d: rcvd adjust %u", id, adjust);
c->remote_window += adjust;
}
@@ -2328,12 +2332,12 @@ channel_connect_to(const char *host, u_short port)
/*
* Creates an internet domain socket for listening for X11 connections.
- * Returns a suitable display number for the DISPLAY variable, or -1 if
- * an error occurs.
+ * Returns 0 and a suitable display number for the DISPLAY variable
+ * stored in display_numberp , or -1 if an error occurs.
*/
int
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
- int single_connection)
+ int single_connection, u_int *display_numberp)
{
Channel *nc = NULL;
int display_number, sock;
@@ -2431,7 +2435,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
/* Return the display number for the DISPLAY environment variable. */
- return display_number;
+ *display_numberp = display_number;
+ return (0);
}
static int
diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h
index 9ceff3e73199..dd54114d6c01 100644
--- a/crypto/openssh/channels.h
+++ b/crypto/openssh/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -90,12 +90,12 @@ struct Channel {
int host_port; /* remote port to connect for forwards */
char *remote_name; /* remote hostname */
- int remote_window;
- int remote_maxpacket;
- int local_window;
- int local_window_max;
- int local_consumed;
- int local_maxpacket;
+ u_int remote_window;
+ u_int remote_maxpacket;
+ u_int local_window;
+ u_int local_window_max;
+ u_int local_consumed;
+ u_int local_maxpacket;
int extended_usage;
int single_connection;
@@ -151,7 +151,7 @@ struct Channel {
/* channel management */
Channel *channel_lookup(int);
-Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
+Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
void channel_set_fds(int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
@@ -205,7 +205,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int);
/* x11 forwarding */
int x11_connect_display(void);
-int x11_create_display_inet(int, int, int);
+int x11_create_display_inet(int, int, int, u_int *);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
void deny_input_open(int, u_int32_t, void *);
diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c
index b18c701fb031..6db340d7a991 100644
--- a/crypto/openssh/cipher.c
+++ b/crypto/openssh/cipher.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
#include "xmalloc.h"
#include "log.h"
@@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c)
{
return (c->block_size);
}
+
u_int
cipher_keylen(Cipher *c)
{
return (c->key_len);
}
+
u_int
cipher_get_number(Cipher *c)
{
@@ -314,6 +316,7 @@ struct ssh1_3des_ctx
{
EVP_CIPHER_CTX k1, k2, k3;
};
+
static int
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
@@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
#endif
return (1);
}
+
static int
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
{
@@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
#endif
return (1);
}
+
static int
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
{
@@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
+
static const EVP_CIPHER *
evp_ssh1_3des(void)
{
@@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
*dst++ = c[3];
}
}
+
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
+
static int
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
{
@@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
swap_bytes(out, out, len);
return (ret);
}
+
static const EVP_CIPHER *
evp_ssh1_bf(void)
{
@@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
return (1);
}
+
static int
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
u_int len)
@@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
}
return (1);
}
+
static int
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
{
@@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
+
static const EVP_CIPHER *
evp_rijndael(void)
{
diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c
index 75d24ace2b41..cd2eab77a9c0 100644
--- a/crypto/openssh/clientloop.c
+++ b/crypto/openssh/clientloop.c
@@ -59,7 +59,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- u_int len;
int rchan;
- int rmaxpack;
- int rwindow;
+ u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac
index 9daf3b007e44..ad5d5cde971a 100644
--- a/crypto/openssh/configure.ac
+++ b/crypto/openssh/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
+# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@@ -76,6 +76,7 @@ case "$host" in
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-cygwin*)
LIBS="$LIBS /usr/lib/textmode.o"
@@ -85,6 +86,7 @@ case "$host" in
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
+ AC_DEFINE(BROKEN_FD_PASSING)
AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
@@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
- rsh_path="/usr/bin/rcmd"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
@@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
- rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(BROKEN_FD_PASSING)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
@@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(BROKEN_FD_PASSING)
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
LIBS="$LIBS -lgen -lrsc"
;;
@@ -575,6 +577,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+if test $ac_cv_func_mmap = yes ; then
+AC_MSG_CHECKING([for mmap anon shared])
+AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+ exit(1);
+exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_MMAP_ANON_SHARED)
+ ],
+ [ AC_MSG_RESULT(no) ]
+)
+fi
+
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_LIB(gen, dirname,[
@@ -907,16 +933,17 @@ AC_ARG_WITH(entropy-timeout,
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
-ssh_privsep_user=sshd
+SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
- ssh_privsep_user=$withval
+ SSH_PRIVSEP_USER=$withval
fi
]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
# that programs that we select for use by installed programs
@@ -1789,17 +1816,6 @@ AC_ARG_WITH(afs,
LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
-AC_ARG_WITH(rsh,
- [ --with-rsh=PATH Specify path to remote shell program ],
- [
- if test "x$withval" != "$no" ; then
- rsh_path=$withval
- fi
- ],
- [
- AC_PATH_PROG(rsh_path, rsh)
- ]
-)
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
@@ -1835,9 +1851,6 @@ else
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
-if test ! -z "$rsh_path" ; then
- AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
-fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h
index 1f52c545cae3..b87dbc51e325 100644
--- a/crypto/openssh/defines.h
+++ b/crypto/openssh/defines.h
@@ -1,7 +1,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */
+/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */
/* Constants */
@@ -316,14 +316,6 @@ struct winsize {
# define _PATH_MAILDIR MAILDIR
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
-#ifndef _PATH_RSH
-# ifdef RSH_PATH
-# define _PATH_RSH RSH_PATH
-# else /* RSH_PATH */
-# define _PATH_RSH "/usr/bin/rsh"
-# endif /* RSH_PATH */
-#endif /* _PATH_RSH */
-
#ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
#endif
@@ -417,7 +409,18 @@ struct winsize {
#endif
#ifndef HAVE_GETOPT_OPTRESET
-#define getopt(ac, av, o) BSDgetopt(ac, av, o)
+# undef getopt
+# undef opterr
+# undef optind
+# undef optopt
+# undef optreset
+# undef optarg
+# define getopt(ac, av, o) BSDgetopt(ac, av, o)
+# define opterr BSDopterr
+# define optind BSDoptind
+# define optopt BSDoptopt
+# define optreset BSDoptreset
+# define optarg BSDoptarg
#endif
/* In older versions of libpam, pam_strerror takes a single argument */
diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c
index d079ab0e388a..bdbf3882c82b 100644
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
+RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
#include <openssl/crypto.h>
@@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
- packet_get_char();
- packet_get_int();
+ (void) packet_get_char();
+ (void) packet_get_int();
packet_check_eom();
kex_kexinit_finish(kex);
diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c
index 2d850c8e5712..fb1f8410a190 100644
--- a/crypto/openssh/key.c
+++ b/crypto/openssh/key.c
@@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
#include <openssl/evp.h>
@@ -89,6 +89,7 @@ key_new(int type)
}
return k;
}
+
Key *
key_new_private(int type)
{
@@ -120,6 +121,7 @@ key_new_private(int type)
}
return k;
}
+
void
key_free(Key *k)
{
@@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value)
*cpp = cp;
return 1;
}
+
static int
write_bignum(FILE *f, BIGNUM *num)
{
@@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp)
}
return success;
}
+
int
key_write(Key *key, FILE *f)
{
@@ -516,6 +520,7 @@ key_write(Key *key, FILE *f)
}
return success;
}
+
char *
key_type(Key *k)
{
@@ -532,6 +537,7 @@ key_type(Key *k)
}
return "unknown";
}
+
char *
key_ssh_name(Key *k)
{
@@ -545,6 +551,7 @@ key_ssh_name(Key *k)
}
return "ssh-unknown";
}
+
u_int
key_size(Key *k)
{
@@ -807,7 +814,6 @@ key_verify(
}
/* Converts a private to a public key */
-
Key *
key_demote(Key *k)
{
diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c
index 39b6248d44ff..89b712f2d77f 100644
--- a/crypto/openssh/monitor.c
+++ b/crypto/openssh/monitor.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
#include <openssl/dh.h>
@@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = {
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
-#ifdef USE_PAM
- {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
-#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
@@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m)
xfree(signature);
xfree(data);
+ auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
+
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, verified);
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
- auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
-
return (verified);
}
@@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor)
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
+ int len = size * ncount;
void *address;
- address = mm_malloc(mm, size * ncount);
+ if (len <= 0)
+ fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
+
+ address = mm_malloc(mm, len);
return (address);
}
diff --git a/crypto/openssh/monitor_fdpass.h b/crypto/openssh/monitor_fdpass.h
index cb12c41e2820..31d080e21ed6 100644
--- a/crypto/openssh/monitor_fdpass.h
+++ b/crypto/openssh/monitor_fdpass.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
+/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c
index 0076c4210d79..c363036e6720 100644
--- a/crypto/openssh/monitor_mm.c
+++ b/crypto/openssh/monitor_mm.c
@@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size)
*/
mm->mmalloc = mmalloc;
-#if defined(HAVE_MMAP) && defined(MAP_ANON)
+#ifdef HAVE_MMAP_ANON_SHARED
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
-1, 0);
if (address == MAP_FAILED)
fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
#else
- fatal("%s: UsePrivilegeSeparation=yes not supported",
+ fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
__func__);
#endif
@@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm)
mm_freelist(mm->mmalloc, &mm->rb_free);
mm_freelist(mm->mmalloc, &mm->rb_allocated);
-#ifdef HAVE_MMAP
+#ifdef HAVE_MMAP_ANON_SHARED
if (munmap(mm->address, mm->size) == -1)
fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
strerror(errno));
#else
- fatal("%s: UsePrivilegeSeparation=yes not supported",
+ fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
__func__);
#endif
if (mm->mmalloc == NULL)
diff --git a/crypto/openssh/monitor_mm.h b/crypto/openssh/monitor_mm.h
index c0af432d0ef3..c0a66d5e7c94 100644
--- a/crypto/openssh/monitor_mm.h
+++ b/crypto/openssh/monitor_mm.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
+/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
diff --git a/crypto/openssh/msg.c b/crypto/openssh/msg.c
index 103aed2cde2c..7275c847dabb 100644
--- a/crypto/openssh/msg.c
+++ b/crypto/openssh/msg.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
#include "buffer.h"
#include "getput.h"
@@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m)
u_char buf[5];
u_int mlen = buffer_len(m);
- debug3("msg_send: type %d", type);
+ debug3("msg_send: type %u", (unsigned int)type & 0xff);
PUT_32BIT(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
@@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m)
if (res != sizeof(buf)) {
if (res == 0)
return -1;
- fatal("msg_recv: read: header %d", res);
+ fatal("msg_recv: read: header %ld", (long)res);
}
msg_len = GET_32BIT(buf);
if (msg_len > 256 * 1024)
diff --git a/crypto/openssh/openbsd-compat/getopt.c b/crypto/openssh/openbsd-compat/getopt.c
index 9e13504a0e4c..f4fbc9bac3ec 100644
--- a/crypto/openssh/openbsd-compat/getopt.c
+++ b/crypto/openssh/openbsd-compat/getopt.c
@@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
#include <stdlib.h>
#include <string.h>
-int opterr = 1, /* if error message should be printed */
- optind = 1, /* index into parent argv vector */
- optopt, /* character checked for validity */
- optreset; /* reset getopt */
-char *optarg; /* argument associated with option */
+int BSDopterr = 1, /* if error message should be printed */
+ BSDoptind = 1, /* index into parent argv vector */
+ BSDoptopt, /* character checked for validity */
+ BSDoptreset; /* reset getopt */
+char *BSDoptarg; /* argument associated with option */
#define BADCH (int)'?'
#define BADARG (int)':'
@@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr)
static char *place = EMSG; /* option letter processing */
char *oli; /* option letter list index */
- if (optreset || !*place) { /* update scanning pointer */
- optreset = 0;
- if (optind >= nargc || *(place = nargv[optind]) != '-') {
+ if (BSDoptreset || !*place) { /* update scanning pointer */
+ BSDoptreset = 0;
+ if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
place = EMSG;
return (-1);
}
if (place[1] && *++place == '-') { /* found "--" */
- ++optind;
+ ++BSDoptind;
place = EMSG;
return (-1);
}
} /* option letter okay? */
- if ((optopt = (int)*place++) == (int)':' ||
- !(oli = strchr(ostr, optopt))) {
+ if ((BSDoptopt = (int)*place++) == (int)':' ||
+ !(oli = strchr(ostr, BSDoptopt))) {
/*
* if the user didn't specify '-' as an option,
* assume it means -1.
*/
- if (optopt == (int)'-')
+ if (BSDoptopt == (int)'-')
return (-1);
if (!*place)
- ++optind;
- if (opterr && *ostr != ':')
+ ++BSDoptind;
+ if (BSDopterr && *ostr != ':')
(void)fprintf(stderr,
- "%s: illegal option -- %c\n", __progname, optopt);
+ "%s: illegal option -- %c\n", __progname, BSDoptopt);
return (BADCH);
}
if (*++oli != ':') { /* don't need argument */
- optarg = NULL;
+ BSDoptarg = NULL;
if (!*place)
- ++optind;
+ ++BSDoptind;
}
else { /* need an argument */
if (*place) /* no white space */
- optarg = place;
- else if (nargc <= ++optind) { /* no arg */
+ BSDoptarg = place;
+ else if (nargc <= ++BSDoptind) { /* no arg */
place = EMSG;
if (*ostr == ':')
return (BADARG);
- if (opterr)
+ if (BSDopterr)
(void)fprintf(stderr,
"%s: option requires an argument -- %c\n",
- __progname, optopt);
+ __progname, BSDoptopt);
return (BADCH);
}
else /* white space */
- optarg = nargv[optind];
+ BSDoptarg = nargv[BSDoptind];
place = EMSG;
- ++optind;
+ ++BSDoptind;
}
- return (optopt); /* dump back option letter */
+ return (BSDoptopt); /* dump back option letter */
}
#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index 86511276f963..a5b2ab61a9c6 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
int
packet_read_poll_seqnr(u_int32_t *seqnr_p)
{
- int reason, seqnr;
+ u_int reason, seqnr;
u_char type;
char *msg;
@@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
- reason, msg);
+ log("Received disconnect from %s: %u: %.400s",
+ get_remote_ipaddr(), reason, msg);
xfree(msg);
fatal_cleanup();
break;
case SSH2_MSG_UNIMPLEMENTED:
seqnr = packet_get_int();
- debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
+ debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
+ seqnr);
break;
default:
return type;
@@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
- msg);
+ log("Received disconnect from %s: %.400s",
+ get_remote_ipaddr(), msg);
fatal_cleanup();
xfree(msg);
break;
diff --git a/crypto/openssh/scard.c b/crypto/openssh/scard.c
index db0cc4a80ca2..9791938c0b5a 100644
--- a/crypto/openssh/scard.c
+++ b/crypto/openssh/scard.c
@@ -24,7 +24,7 @@
#include "includes.h"
#if defined(SMARTCARD) && defined(USE_SECTOK)
-RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
+RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/evp.h>
#include <sectok.h>
@@ -191,7 +191,7 @@ sc_read_pubkey(Key * k)
status = 0;
p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
- debug("fingerprint %d %s", key_size(k), p);
+ debug("fingerprint %u %s", key_size(k), p);
xfree(p);
err:
diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1
index c0caff4cc8c1..396ab64beae5 100644
--- a/crypto/openssh/scp.1
+++ b/crypto/openssh/scp.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@@ -152,5 +152,5 @@ California.
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
-.Xr ssh_config 5
+.Xr ssh_config 5 ,
.Xr sshd 8
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index fb6332c31b69..f311ae48ddea 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
#if defined(KRB4)
#include <krb.h>
@@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
if (use_privsep == -1)
use_privsep = 1;
-#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
+#if !defined(HAVE_MMAP_ANON_SHARED)
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
"separation and compression");
@@ -423,7 +423,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
- snprintf(strport, sizeof strport, "%d", port);
+ snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
fatal("bad addr or host: %s (%s)",
addr ? addr : "<NULL>",
@@ -439,9 +439,8 @@ process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum)
{
char *cp, **charptr, *arg, *p;
- int *intptr, value;
+ int *intptr, value, i, n;
ServerOpCodes opcode;
- int i, n;
cp = line;
arg = strdelim(&cp);
@@ -765,7 +764,8 @@ parse_flag:
if (options->num_allow_users >= MAX_ALLOW_USERS)
fatal("%s line %d: too many allow users.",
filename, linenum);
- options->allow_users[options->num_allow_users++] = xstrdup(arg);
+ options->allow_users[options->num_allow_users++] =
+ xstrdup(arg);
}
break;
@@ -774,7 +774,8 @@ parse_flag:
if (options->num_deny_users >= MAX_DENY_USERS)
fatal( "%s line %d: too many deny users.",
filename, linenum);
- options->deny_users[options->num_deny_users++] = xstrdup(arg);
+ options->deny_users[options->num_deny_users++] =
+ xstrdup(arg);
}
break;
@@ -783,7 +784,8 @@ parse_flag:
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
fatal("%s line %d: too many allow groups.",
filename, linenum);
- options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
+ options->allow_groups[options->num_allow_groups++] =
+ xstrdup(arg);
}
break;
@@ -921,10 +923,9 @@ parse_flag:
void
read_server_config(ServerOptions *options, const char *filename)
{
- FILE *f;
+ int linenum, bad_options = 0;
char line[1024];
- int linenum;
- int bad_options = 0;
+ FILE *f;
f = fopen(filename, "r");
if (!f) {
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index 1a148fcbea3b..1349213554dd 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
@@ -902,10 +902,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- u_int len;
int rchan;
- int rmaxpack;
- int rwindow;
+ u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 6169f3307370..747a00afae1b 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt)
Session *s;
char *command;
int success, type, screen_flag;
- int compression_level = 0, enable_compression_after_reply = 0;
- u_int proto_len, data_len, dlen;
+ int enable_compression_after_reply = 0;
+ u_int proto_len, data_len, dlen, compression_level = 0;
s = session_new();
s->authctxt = authctxt;
@@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
} else {
/* New variable. Expand if necessary. */
if (i >= (*envsizep) - 1) {
+ if (*envsizep >= 1000)
+ fatal("child_set_env: too many env vars,"
+ " skipping: %.100s", name);
(*envsizep) += 50;
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
}
@@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
FILE *f;
char buf[4096];
char *cp, *value;
+ u_int lineno = 0;
f = fopen(filename, "r");
if (!f)
return;
while (fgets(buf, sizeof(buf), f)) {
+ if (++lineno > 1000)
+ fatal("Too many lines in environment file %s", filename);
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '#' || *cp == '\n')
@@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
*strchr(cp, '\n') = '\0';
value = strchr(cp, '=');
if (value == NULL) {
- fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+ fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+ filename);
continue;
}
/*
@@ -1152,6 +1159,8 @@ do_nologin(struct passwd *pw)
void
do_setusercontext(struct passwd *pw)
{
+ char tty='\0';
+
#ifdef HAVE_CYGWIN
if (is_winnt) {
#else /* HAVE_CYGWIN */
@@ -1161,6 +1170,9 @@ do_setusercontext(struct passwd *pw)
setpcred(pw->pw_name);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
+#ifdef __bsdi__
+ setpgid(0, 0);
+#endif
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
perror("unable to set user context");
@@ -1196,6 +1208,10 @@ do_setusercontext(struct passwd *pw)
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+# ifdef _AIX
+ /* XXX: Disable tty setting. Enabled if required later */
+ aix_usrinfo(pw, &tty, -1);
+# endif /* _AIX */
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@@ -1258,9 +1274,6 @@ do_child(Session *s, const char *command)
do_motd();
#else /* HAVE_OSF_SIA */
do_nologin(pw);
-# ifdef _AIX
- aix_usrinfo(pw, s->tty, s->ttyfd);
-# endif /* _AIX */
do_setusercontext(pw);
#endif /* HAVE_OSF_SIA */
}
@@ -1970,9 +1983,9 @@ session_setup_x11fwd(Session *s)
debug("X11 display already set.");
return 0;
}
- s->display_number = x11_create_display_inet(options.x11_display_offset,
- options.x11_use_localhost, s->single_connection);
- if (s->display_number == -1) {
+ if (x11_create_display_inet(options.x11_display_offset,
+ options.x11_use_localhost, s->single_connection,
+ &s->display_number) == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
@@ -1986,9 +1999,9 @@ session_setup_x11fwd(Session *s)
* different than the DISPLAY string for localhost displays.
*/
if (options.x11_use_localhost) {
- snprintf(display, sizeof display, "localhost:%d.%d",
+ snprintf(display, sizeof display, "localhost:%u.%u",
s->display_number, s->screen);
- snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
+ snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display = xstrdup(auth_display);
@@ -2004,10 +2017,10 @@ session_setup_x11fwd(Session *s)
return 0;
}
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
- snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+ snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
s->display_number, s->screen);
#else
- snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
+ snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
s->display_number, s->screen);
#endif
s->display = xstrdup(display);
diff --git a/crypto/openssh/session.h b/crypto/openssh/session.h
index 2a7e4b224fd4..3bce97891fdf 100644
--- a/crypto/openssh/session.h
+++ b/crypto/openssh/session.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */
+/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -37,15 +37,15 @@ struct Session {
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
- int row, col, xpixel, ypixel;
+ u_int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* last login */
char hostname[MAXHOSTNAMELEN];
time_t last_login_time;
/* X11 */
- int display_number;
+ u_int display_number;
char *display;
- int screen;
+ u_int screen;
char *auth_display;
char *auth_proto;
char *auth_data;
diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c
index 779ef2fe8950..10b7992d0939 100644
--- a/crypto/openssh/sftp-client.c
+++ b/crypto/openssh/sftp-client.c
@@ -28,7 +28,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $");
#include "openbsd-compat/fake-queue.h"
@@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m)
msg_len = GET_32BIT(buf);
if (msg_len > 256 * 1024)
- fatal("Received message too long %d", msg_len);
+ fatal("Received message too long %u", msg_len);
while (msg_len) {
len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
@@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
buffer_put_int(&msg, id);
buffer_put_string(&msg, s, len);
send_msg(fd, &msg);
- debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+ debug3("Sent message fd %d T:%u I:%u", fd, code, id);
buffer_free(&msg);
}
@@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
buffer_put_string(&msg, s, len);
encode_attrib(&msg, a);
send_msg(fd, &msg);
- debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+ debug3("Sent message fd %d T:%u I:%u", fd, code, id);
buffer_free(&msg);
}
static u_int
-get_status(int fd, int expected_id)
+get_status(int fd, u_int expected_id)
{
Buffer msg;
u_int type, id, status;
@@ -145,15 +145,15 @@ get_status(int fd, int expected_id)
id = buffer_get_int(&msg);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type != SSH2_FXP_STATUS)
- fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
SSH2_FXP_STATUS, type);
status = buffer_get_int(&msg);
buffer_free(&msg);
- debug3("SSH2_FXP_STATUS %d", status);
+ debug3("SSH2_FXP_STATUS %u", status);
return(status);
}
@@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len)
id = buffer_get_int(&msg);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
error("Couldn't get handle: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_HANDLE)
- fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
SSH2_FXP_HANDLE, type);
handle = buffer_get_string(&msg, len);
@@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
- debug3("Received stat reply T:%d I:%d", type, id);
+ debug3("Received stat reply T:%u I:%u", type, id);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
@@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
error("Couldn't stat remote file: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_ATTRS) {
- fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
SSH2_FXP_ATTRS, type);
}
a = decode_attrib(&msg);
@@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
struct sftp_conn *
do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
{
- int type, version;
+ u_int type;
+ int version;
Buffer msg;
struct sftp_conn *ret;
@@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
/* Expecting a VERSION reply */
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
- error("Invalid packet back from SSH2_FXP_INIT (type %d)",
+ error("Invalid packet back from SSH2_FXP_INIT (type %u)",
type);
buffer_free(&msg);
return(NULL);
@@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
buffer_put_int(&msg, id);
buffer_put_string(&msg, handle, handle_len);
send_msg(conn->fd_out, &msg);
- debug3("Sent message SSH2_FXP_CLOSE I:%d", id);
+ debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
status = get_status(conn->fd_in, id);
if (status != SSH2_FX_OK)
@@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
id = expected_id = conn->msg_id++;
- debug3("Sending SSH2_FXP_READDIR I:%d", id);
+ debug3("Sending SSH2_FXP_READDIR I:%u", id);
buffer_clear(&msg);
buffer_put_char(&msg, SSH2_FXP_READDIR);
@@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
- debug3("Received reply T:%d I:%d", type, id);
+ debug3("Received reply T:%u I:%u", type, id);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
@@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
return(status);
}
} else if (type != SSH2_FXP_NAME)
- fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path)
id = buffer_get_int(&msg);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
u_int status = buffer_get_int(&msg);
@@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path)
error("Couldn't canonicalise: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_NAME)
- fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path)
id = buffer_get_int(&msg);
if (id != expected_id)
- fatal("ID mismatch (%d != %d)", id, expected_id);
+ fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
u_int status = buffer_get_int(&msg);
@@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path)
error("Couldn't readlink: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_NAME)
- fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
attrib_clear(&junk); /* Send empty attributes */
encode_attrib(&msg, &junk);
send_msg(conn->fd_out, &msg);
- debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+ debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
handle = get_handle(conn->fd_in, id, &handle_len);
if (handle == NULL) {
@@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
get_msg(conn->fd_in, &msg);
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
- debug3("Received reply T:%d I:%d R:%d", type, id, max_req);
+ debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
/* Find the request in our queue */
for(req = TAILQ_FIRST(&requests);
@@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
(unsigned long long)req->offset + len - 1);
if (len > req->len)
fatal("Received more data than asked for "
- "%d > %d", len, req->len);
+ "%u > %u", len, req->len);
if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
atomicio(write, local_fd, data, len) != len) &&
!write_error) {
@@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
}
break;
default:
- fatal("Expected SSH2_FXP_DATA(%d) packet, got %d",
+ fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
SSH2_FXP_DATA, type);
}
}
@@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
encode_attrib(&msg, &a);
send_msg(conn->fd_out, &msg);
- debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+ debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
buffer_clear(&msg);
@@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
buffer_put_int64(&msg, offset);
buffer_put_string(&msg, data, len);
send_msg(conn->fd_out, &msg);
- debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u",
+ debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
id, (unsigned long long)offset, len);
} else if (TAILQ_FIRST(&acks) == NULL)
break;
@@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
ack = TAILQ_NEXT(ack, tq))
;
if (ack == NULL)
- fatal("Can't find request for ID %d", r_id);
+ fatal("Can't find request for ID %u", r_id);
TAILQ_REMOVE(&acks, ack, tq);
if (status != SSH2_FX_OK) {
@@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
close(local_fd);
goto done;
}
- debug3("In write loop, ack for %u %d bytes at %llu",
+ debug3("In write loop, ack for %u %u bytes at %llu",
ack->id, ack->len, (unsigned long long)ack->offset);
++ackid;
free(ack);
diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h
index ceda879b9283..b0617116816b 100644
--- a/crypto/openssh/sftp-client.h
+++ b/crypto/openssh/sftp-client.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */
/*
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
@@ -41,11 +41,9 @@ struct SFTP_DIRENT {
* Initialiase a SSH filexfer connection. Returns -1 on error or
* protocol version on success.
*/
-struct sftp_conn *
-do_init(int, int, u_int, u_int);
+struct sftp_conn *do_init(int, int, u_int, u_int);
-u_int
-sftp_proto_version(struct sftp_conn *);
+u_int sftp_proto_version(struct sftp_conn *);
/* Close file referred to by 'handle' */
int do_close(struct sftp_conn *, char *, u_int);
diff --git a/crypto/openssh/sftp-common.c b/crypto/openssh/sftp-common.c
index 4fb4496555ce..6bed0ab8a06d 100644
--- a/crypto/openssh/sftp-common.c
+++ b/crypto/openssh/sftp-common.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
@@ -70,6 +70,7 @@ Attrib *
decode_attrib(Buffer *b)
{
static Attrib a;
+
attrib_clear(&a);
a.flags = buffer_get_int(b);
if (a.flags & SSH2_FILEXFER_ATTR_SIZE)
@@ -88,6 +89,7 @@ decode_attrib(Buffer *b)
if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) {
char *type, *data;
int i, count;
+
count = buffer_get_int(b);
for (i = 0; i < count; i++) {
type = buffer_get_string(b, NULL);
diff --git a/crypto/openssh/sftp-int.c b/crypto/openssh/sftp-int.c
index 5b1d3848e828..b13e5da5d5b3 100644
--- a/crypto/openssh/sftp-int.c
+++ b/crypto/openssh/sftp-int.c
@@ -26,7 +26,7 @@
/* XXX: recursive operations */
#include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $");
#include "buffer.h"
#include "xmalloc.h"
@@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
help();
break;
case I_VERSION:
- printf("SFTP protocol version %d\n", sftp_proto_version(conn));
+ printf("SFTP protocol version %u\n", sftp_proto_version(conn));
break;
default:
fatal("%d is not implemented", cmdnum);
diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c
index 9db28e7d3c8b..a5c325561efb 100644
--- a/crypto/openssh/sftp-server.c
+++ b/crypto/openssh/sftp-server.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
@@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error)
"Unknown error" /* Others */
};
- TRACE("sent status id %d error %d", id, error);
+ TRACE("sent status id %u error %u", id, error);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_STATUS);
buffer_put_int(&msg, id);
@@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
static void
send_data(u_int32_t id, char *data, int dlen)
{
- TRACE("sent data id %d len %d", id, dlen);
+ TRACE("sent data id %u len %d", id, dlen);
send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
}
@@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle)
int hlen;
handle_to_string(handle, &string, &hlen);
- TRACE("sent handle id %d handle %d", id, handle);
+ TRACE("sent handle id %u handle %d", id, handle);
send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
xfree(string);
}
@@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats)
buffer_put_char(&msg, SSH2_FXP_NAME);
buffer_put_int(&msg, id);
buffer_put_int(&msg, count);
- TRACE("sent names id %d count %d", id, count);
+ TRACE("sent names id %u count %d", id, count);
for (i = 0; i < count; i++) {
buffer_put_cstring(&msg, stats[i].name);
buffer_put_cstring(&msg, stats[i].long_name);
@@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a)
{
Buffer msg;
- TRACE("sent attrib id %d have 0x%x", id, a->flags);
+ TRACE("sent attrib id %u have 0x%x", id, a->flags);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_ATTRS);
buffer_put_int(&msg, id);
@@ -391,7 +391,7 @@ process_open(void)
a = get_attrib();
flags = flags_from_portable(pflags);
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
- TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
+ TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
fd = open(name, flags, mode);
if (fd < 0) {
status = errno_to_portable(errno);
@@ -417,7 +417,7 @@ process_close(void)
id = get_int();
handle = get_handle();
- TRACE("close id %d handle %d", id, handle);
+ TRACE("close id %u handle %d", id, handle);
ret = handle_close(handle);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@@ -436,7 +436,7 @@ process_read(void)
off = get_int64();
len = get_int();
- TRACE("read id %d handle %d off %llu len %d", id, handle,
+ TRACE("read id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
if (len > sizeof buf) {
len = sizeof buf;
@@ -477,7 +477,7 @@ process_write(void)
off = get_int64();
data = get_string(&len);
- TRACE("write id %d handle %d off %llu len %d", id, handle,
+ TRACE("write id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
fd = handle_to_fd(handle);
if (fd >= 0) {
@@ -512,7 +512,7 @@ process_do_stat(int do_lstat)
id = get_int();
name = get_string(NULL);
- TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name);
+ TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
ret = do_lstat ? lstat(name, &st) : stat(name, &st);
if (ret < 0) {
status = errno_to_portable(errno);
@@ -548,7 +548,7 @@ process_fstat(void)
id = get_int();
handle = get_handle();
- TRACE("fstat id %d handle %d", id, handle);
+ TRACE("fstat id %u handle %d", id, handle);
fd = handle_to_fd(handle);
if (fd >= 0) {
ret = fstat(fd, &st);
@@ -582,13 +582,12 @@ process_setstat(void)
Attrib *a;
u_int32_t id;
char *name;
- int ret;
- int status = SSH2_FX_OK;
+ int status = SSH2_FX_OK, ret;
id = get_int();
name = get_string(NULL);
a = get_attrib();
- TRACE("setstat id %d name %s", id, name);
+ TRACE("setstat id %u name %s", id, name);
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
ret = truncate(name, a->size);
if (ret == -1)
@@ -625,7 +624,7 @@ process_fsetstat(void)
id = get_int();
handle = get_handle();
a = get_attrib();
- TRACE("fsetstat id %d handle %d", id, handle);
+ TRACE("fsetstat id %u handle %d", id, handle);
fd = handle_to_fd(handle);
name = handle_to_name(handle);
if (fd < 0 || name == NULL) {
@@ -677,7 +676,7 @@ process_opendir(void)
id = get_int();
path = get_string(NULL);
- TRACE("opendir id %d path %s", id, path);
+ TRACE("opendir id %u path %s", id, path);
dirp = opendir(path);
if (dirp == NULL) {
status = errno_to_portable(errno);
@@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st)
if ((pw = getpwuid(st->st_uid)) != NULL) {
user = pw->pw_name;
} else {
- snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+ snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
user = ubuf;
}
if ((gr = getgrgid(st->st_gid)) != NULL) {
group = gr->gr_name;
} else {
- snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+ snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
group = gbuf;
}
if (ltime != NULL) {
@@ -749,7 +748,7 @@ process_readdir(void)
id = get_int();
handle = get_handle();
- TRACE("readdir id %d handle %d", id, handle);
+ TRACE("readdir id %u handle %d", id, handle);
dirp = handle_to_dir(handle);
path = handle_to_name(handle);
if (dirp == NULL || path == NULL) {
@@ -759,6 +758,7 @@ process_readdir(void)
char pathname[1024];
Stat *stats;
int nstats = 10, count = 0, i;
+
stats = xmalloc(nstats * sizeof(Stat));
while ((dp = readdir(dirp)) != NULL) {
if (count >= nstats) {
@@ -802,7 +802,7 @@ process_remove(void)
id = get_int();
name = get_string(NULL);
- TRACE("remove id %d name %s", id, name);
+ TRACE("remove id %u name %s", id, name);
ret = unlink(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@@ -822,7 +822,7 @@ process_mkdir(void)
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
a->perm & 0777 : 0777;
- TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
+ TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
ret = mkdir(name, mode);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@@ -838,7 +838,7 @@ process_rmdir(void)
id = get_int();
name = get_string(NULL);
- TRACE("rmdir id %d name %s", id, name);
+ TRACE("rmdir id %u name %s", id, name);
ret = rmdir(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@@ -858,7 +858,7 @@ process_realpath(void)
xfree(path);
path = xstrdup(".");
}
- TRACE("realpath id %d path %s", id, path);
+ TRACE("realpath id %u path %s", id, path);
if (realpath(path, resolvedname) == NULL) {
send_status(id, errno_to_portable(errno));
} else {
@@ -881,7 +881,7 @@ process_rename(void)
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
- TRACE("rename id %d old %s new %s", id, oldpath, newpath);
+ TRACE("rename id %u old %s new %s", id, oldpath, newpath);
/* fail if 'newpath' exists */
if (stat(newpath, &st) == -1) {
ret = rename(oldpath, newpath);
@@ -902,7 +902,7 @@ process_readlink(void)
id = get_int();
path = get_string(NULL);
- TRACE("readlink id %d path %s", id, path);
+ TRACE("readlink id %u path %s", id, path);
if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
send_status(id, errno_to_portable(errno));
else {
@@ -927,7 +927,7 @@ process_symlink(void)
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
- TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
+ TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
/* fail if 'newpath' exists */
if (stat(newpath, &st) == -1) {
ret = symlink(oldpath, newpath);
diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c
index f941d18faae5..fac2564ded5d 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -24,7 +24,7 @@
#include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $");
/* XXX: short-form remote directory listings (like 'ls -C') */
@@ -53,8 +53,10 @@ static void
connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
{
int c_in, c_out;
+
#ifdef USE_PIPES
int pin[2], pout[2];
+
if ((pipe(pin) == -1) || (pipe(pout) == -1))
fatal("pipe: %s", strerror(errno));
*in = pin[0];
@@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
c_out = pin[1];
#else /* USE_PIPES */
int inout[2];
+
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
fatal("socketpair: %s", strerror(errno));
*in = *out = inout[0];
diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1
index e5ea1e325580..0227436c1719 100644
--- a/crypto/openssh/ssh-agent.1
+++ b/crypto/openssh/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -69,7 +69,7 @@ The options are as follows:
Bind the agent to the unix-domain socket
.Ar bind_address .
The default is
-.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
+.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
.It Fl c
Generate C-shell commands on
.Dv stdout .
@@ -151,7 +151,7 @@ user.
.Pp
The
.Ev SSH_AGENT_PID
-environment variable holds the agent's PID.
+environment variable holds the agent's process ID.
.Pp
The agent exits automatically when the command given on the command
line terminates.
@@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
-.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
+.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.
diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c
index c3a907798fab..ac16bae40aa5 100644
--- a/crypto/openssh/ssh-agent.c
+++ b/crypto/openssh/ssh-agent.c
@@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@@ -110,6 +110,7 @@ static void
idtab_init(void)
{
int i;
+
for (i = 0; i <=2; i++) {
TAILQ_INIT(&idtable[i].idlist);
idtable[i].nentries = 0;
@@ -152,8 +153,8 @@ static void
process_request_identities(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
- Buffer msg;
Identity *id;
+ Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, (version == 1) ?
@@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version)
static void
process_authentication_challenge1(SocketEntry *e)
{
- Identity *id;
- Key *key;
+ u_char buf[32], mdbuf[16], session_id[16];
+ u_int response_type;
BIGNUM *challenge;
+ Identity *id;
int i, len;
Buffer msg;
MD5_CTX md;
- u_char buf[32], mdbuf[16], session_id[16];
- u_int response_type;
+ Key *key;
buffer_init(&msg);
key = key_new(KEY_RSA1);
if ((challenge = BN_new()) == NULL)
fatal("process_authentication_challenge1: BN_new failed");
- buffer_get_int(&e->request); /* ignored */
+ (void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, key->rsa->e);
buffer_get_bignum(&e->request, key->rsa->n);
buffer_get_bignum(&e->request, challenge);
@@ -251,13 +252,12 @@ send:
static void
process_sign_request2(SocketEntry *e)
{
- extern int datafellows;
- Key *key;
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
- int flags;
+ extern int datafellows;
+ int ok = -1, flags;
Buffer msg;
- int ok = -1;
+ Key *key;
datafellows = 0;
@@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e)
static void
process_remove_identity(SocketEntry *e, int version)
{
+ u_int blen, bits;
+ int success = 0;
Key *key = NULL;
u_char *blob;
- u_int blen;
- u_int bits;
- int success = 0;
switch (version) {
case 1:
@@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version)
buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key))
- log("Warning: identity keysize mismatch: actual %d, announced %d",
+ log("Warning: identity keysize mismatch: actual %u, announced %u",
key_size(key), bits);
break;
case 2:
@@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version)
static void
reaper(void)
{
- Idtab *tab;
+ u_int now = time(NULL);
Identity *id, *nxt;
int version;
- u_int now = time(NULL);
+ Idtab *tab;
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
@@ -391,16 +390,15 @@ reaper(void)
static void
process_add_identity(SocketEntry *e, int version)
{
- Key *k = NULL;
- char *type_name;
- char *comment;
- int type, success = 0, death = 0;
Idtab *tab = idtab_lookup(version);
+ int type, success = 0, death = 0;
+ char *type_name, *comment;
+ Key *k = NULL;
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
- buffer_get_int(&e->request); /* ignored */
+ (void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, k->rsa->n);
buffer_get_bignum(&e->request, k->rsa->e);
buffer_get_bignum(&e->request, k->rsa->d);
@@ -481,8 +479,8 @@ send:
static void
process_lock_agent(SocketEntry *e, int lock)
{
- char *passwd;
int success = 0;
+ char *passwd;
passwd = buffer_get_string(&e->request, NULL);
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
@@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type)
static void
process_add_smartcard_key (SocketEntry *e)
{
- Identity *id;
- Idtab *tab;
- Key **keys, *k;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
+ Key **keys, *k;
+ Identity *id;
+ Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@@ -566,11 +564,11 @@ send:
static void
process_remove_smartcard_key(SocketEntry *e)
{
- Identity *id;
- Idtab *tab;
- Key **keys, *k = NULL;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
+ Key **keys, *k = NULL;
+ Identity *id;
+ Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@@ -608,8 +606,7 @@ send:
static void
process_message(SocketEntry *e)
{
- u_int msg_len;
- u_int type;
+ u_int msg_len, type;
u_char *cp;
/* kill dead keys */
@@ -622,6 +619,7 @@ process_message(SocketEntry *e)
if (msg_len > 256 * 1024) {
shutdown(e->fd, SHUT_RDWR);
close(e->fd);
+ e->fd = -1;
e->type = AUTH_UNUSED;
buffer_free(&e->input);
buffer_free(&e->output);
@@ -717,6 +715,7 @@ static void
new_socket(sock_type type, int fd)
{
u_int i, old_alloc;
+
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %s", strerror(errno));
@@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
static void
after_select(fd_set *readset, fd_set *writeset)
{
- u_int i;
- int len, sock;
+ struct sockaddr_un sunaddr;
socklen_t slen;
char buf[1024];
- struct sockaddr_un sunaddr;
+ int len, sock;
+ u_int i;
for (i = 0; i < sockets_alloc; i++)
switch (sockets[i].type) {
@@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
+ sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
+ sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@@ -928,6 +929,8 @@ int
main(int ac, char **av)
{
int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
+ char *shell, *format, *pidstr, *agentsocket = NULL;
+ fd_set *readsetp = NULL, *writesetp = NULL;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
struct rlimit rlim;
@@ -935,11 +938,10 @@ main(int ac, char **av)
#ifdef HAVE_CYGWIN
int prev_mask;
#endif
- pid_t pid;
- char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
- char *agentsocket = NULL;
extern int optind;
- fd_set *readsetp = NULL, *writesetp = NULL;
+ extern char *optarg;
+ pid_t pid;
+ char pidstrbuf[1 + 3 * sizeof pid];
SSLeay_add_all_algorithms();
@@ -947,11 +949,7 @@ main(int ac, char **av)
init_rng();
seed_rng();
-#ifdef __GNU_LIBRARY__
- while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
-#else /* __GNU_LIBRARY__ */
while ((ch = getopt(ac, av, "cdksa:")) != -1) {
-#endif /* __GNU_LIBRARY__ */
switch (ch) {
case 'c':
if (s_flag)
diff --git a/crypto/openssh/ssh-dss.c b/crypto/openssh/ssh-dss.c
index 02403f550afc..dbf8465bae54 100644
--- a/crypto/openssh/ssh-dss.c
+++ b/crypto/openssh/ssh-dss.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
@@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
#define SIGBLOB_LEN (2*INTBLOB_LEN)
int
-ssh_dss_sign(
- Key *key,
- u_char **sigp, u_int *lenp,
+ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
DSA_SIG *sig;
@@ -71,7 +69,7 @@ ssh_dss_sign(
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
- error("bad sig size %d %d", rlen, slen);
+ error("bad sig size %u %u", rlen, slen);
DSA_SIG_free(sig);
return -1;
}
@@ -104,9 +102,7 @@ ssh_dss_sign(
return 0;
}
int
-ssh_dss_verify(
- Key *key,
- u_char *signature, u_int signaturelen,
+ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
DSA_SIG *sig;
@@ -151,7 +147,7 @@ ssh_dss_verify(
}
if (len != SIGBLOB_LEN) {
- fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
+ fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
}
/* parse signature */
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index df8c90afb756..4273c11321c8 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
}
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
fprintf(stdout,
- "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
+ "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
key_size(k), key_type(k),
pw->pw_name, hostname);
dump_base64(stdout, blob, len);
@@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw)
public = key_load_public(identity_file, &comment);
if (public != NULL) {
fp = key_fingerprint(public, fptype, rep);
- printf("%d %s %s\n", key_size(public), fp, comment);
+ printf("%u %s %s\n", key_size(public), fp, comment);
key_free(public);
xfree(comment);
xfree(fp);
@@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw)
if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
int quoted = 0;
comment = cp;
- for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+ for (; *cp && (quoted || (*cp != ' ' &&
+ *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
else if (*cp == '"')
@@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw)
}
comment = *cp ? cp : comment;
fp = key_fingerprint(public, fptype, rep);
- printf("%d %s %s\n", key_size(public), fp,
+ printf("%u %s %s\n", key_size(public), fp,
comment ? comment : "no comment");
xfree(fp);
key_free(public);
diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c
index 3e66294e9f8c..782279bad23b 100644
--- a/crypto/openssh/ssh-rsa.c
+++ b/crypto/openssh/ssh-rsa.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
-ssh_rsa_sign(
- Key *key,
- u_char **sigp, u_int *lenp,
+ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
const EVP_MD *evp_md;
@@ -72,17 +70,18 @@ ssh_rsa_sign(
if (ok != 1) {
int ecode = ERR_get_error();
- error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
+ error("ssh_rsa_sign: RSA_sign failed: %s",
+ ERR_error_string(ecode, NULL));
xfree(sig);
return -1;
}
if (len < slen) {
int diff = slen - len;
- debug("slen %d > len %d", slen, len);
+ debug("slen %u > len %u", slen, len);
memmove(sig + diff, sig, len);
memset(sig, 0, diff);
} else if (len > slen) {
- error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
+ error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
xfree(sig);
return -1;
}
@@ -105,9 +104,7 @@ ssh_rsa_sign(
}
int
-ssh_rsa_verify(
- Key *key,
- u_char *signature, u_int signaturelen,
+ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
Buffer b;
@@ -148,12 +145,12 @@ ssh_rsa_verify(
/* RSA_verify expects a signature of RSA_size */
modlen = RSA_size(key->rsa);
if (len > modlen) {
- error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
+ error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
xfree(sigblob);
return -1;
} else if (len < modlen) {
int diff = modlen - len;
- debug("ssh_rsa_verify: add padding: modlen %d > len %d",
+ debug("ssh_rsa_verify: add padding: modlen %u > len %u",
modlen, len);
sigblob = xrealloc(sigblob, modlen);
memmove(sigblob + diff, sigblob, len);
@@ -176,7 +173,8 @@ ssh_rsa_verify(
xfree(sigblob);
if (ret == 0) {
int ecode = ERR_get_error();
- error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
+ error("ssh_rsa_verify: RSA_verify failed: %s",
+ ERR_error_string(ecode, NULL));
}
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
return ret;
diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1
index 8ada41f29723..1f3efca78541 100644
--- a/crypto/openssh/ssh.1
+++ b/crypto/openssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0.
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr telnet 1 ,
-.Xr ssh_config 4 ,
-.Xr ssh-keysign 8,
+.Xr ssh_config 5 ,
+.Xr ssh-keysign 8 ,
.Xr sshd 8
.Rs
.%A T. Ylonen
diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h
index e23bb1d5c26c..07eee78b6eac 100644
--- a/crypto/openssh/ssh.h
+++ b/crypto/openssh/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */
+/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -65,8 +65,8 @@
#endif
/*
- * Name of the environment variable containing the pathname of the
- * authentication socket.
+ * Name of the environment variable containing the process ID of the
+ * authentication agent.
*/
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 9b4c38835a67..b89321fb8392 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/bn.h>
@@ -266,7 +266,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%d", port);
+ snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("%s: %.100s: %s", __progname, host,
gai_strerror(gaierr));
@@ -489,7 +489,6 @@ confirm(const char *prompt)
* check whether the supplied host key is valid, return -1 if the key
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
*/
-
static int
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
int readonly, const char *user_hostfile, const char *system_hostfile)
diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c
index 7f28ab51e79d..215f76ca2e36 100644
--- a/crypto/openssh/sshconnect2.c
+++ b/crypto/openssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -299,12 +299,14 @@ userauth(Authctxt *authctxt, char *authlist)
}
}
}
+
void
input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
"type %d", type);
}
+
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
@@ -316,6 +318,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
xfree(msg);
xfree(lang);
}
+
void
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
@@ -327,6 +330,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
clear_auth_state(authctxt);
authctxt->success = 1; /* break out */
}
+
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
@@ -375,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
- debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
+ debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
@@ -894,9 +898,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
}
static int
-ssh_keysign(
- Key *key,
- u_char **sigp, u_int *lenp,
+ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
Buffer b;
@@ -1098,6 +1100,7 @@ authmethod_lookup(const char *name)
static Authmethod *current = NULL;
static char *supported = NULL;
static char *preferred = NULL;
+
/*
* Given the authentication method list sent by the server, return the
* next method we should try. If the server initially sends a nil list,
diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8
index 22f81432a37b..37a7b58f6f35 100644
--- a/crypto/openssh/sshd.8
+++ b/crypto/openssh/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -578,11 +578,18 @@ These files are created using
.Xr ssh-keygen 1 .
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
+.It Pa /var/empty
+.Xr chroot 2
+directory used by
+.Nm
+during privilege separation in the pre-authentication phase.
+The directory should not contain any files and must be owned by root
+and not group or world-writable.
.It Pa /var/run/sshd.pid
Contains the process ID of the
.Nm
listening for connections (if there are several daemons running
-concurrently for different ports, this contains the pid of the one
+concurrently for different ports, this contains the process ID of the one
started last).
The content of this file is not sensitive; it can be world-readable.
.It Pa $HOME/.ssh/authorized_keys
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index feea3ce2c5ca..851fad4be04c 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -219,6 +219,7 @@ static void
close_listen_socks(void)
{
int i;
+
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
@@ -228,6 +229,7 @@ static void
close_startup_pipes(void)
{
int i;
+
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
@@ -260,7 +262,8 @@ sighup_restart(void)
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
- log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
+ log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+ strerror(errno));
exit(1);
}
@@ -280,8 +283,8 @@ sigterm_handler(int sig)
static void
main_sigchld_handler(int sig)
{
- pid_t pid;
int save_errno = errno;
+ pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
@@ -341,6 +344,7 @@ static void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
+
signal(SIGALRM, SIG_DFL);
errno = save_errno;
key_do_regen = 1;
@@ -372,7 +376,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
if (client_version_string == NULL) {
/* Send our protocol version identification. */
- if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
+ if (atomicio(write, sock_out, server_version_string,
+ strlen(server_version_string))
!= strlen(server_version_string)) {
log("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
@@ -475,7 +480,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
}
-
/* Destroy the host and server keys. They will no longer be needed. */
void
destroy_sensitive_data(void)
@@ -526,8 +530,9 @@ static void
privsep_preauth_child(void)
{
u_int32_t rand[256];
- int i;
+ gid_t gidset[2];
struct passwd *pw;
+ int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@@ -555,7 +560,17 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+ permanently_set_uid(pw);
+#endif
}
static Authctxt*
@@ -609,7 +624,11 @@ privsep_postauth(Authctxt *authctxt)
/* XXX - Remote port forwarding */
x_authctxt = authctxt;
+#ifdef BROKEN_FD_PASSING
+ if (1) {
+#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
+#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
@@ -683,6 +702,7 @@ Key *
get_hostkey_by_type(int type)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
@@ -703,6 +723,7 @@ int
get_hostkey_index(Key *key)
{
int i;
+
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
@@ -991,11 +1012,13 @@ main(int ac, char **av)
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
- options.server_key_bits <
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
+ SSH_KEY_BITS_RESERVED && options.server_key_bits <
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
+ BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+ SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
@@ -1012,6 +1035,9 @@ main(int ac, char **av)
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
+ if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+ fatal("Bad owner or mode for %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
@@ -1351,7 +1377,7 @@ main(int ac, char **av)
*/
#if 0
/* XXX: this breaks Solaris */
- if (setsid() < 0)
+ if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index 1aecd485b713..aa7b7c7d4eae 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -305,10 +305,6 @@ To disable keepalives, the value should be set to
.It Cm KerberosAuthentication
Specifies whether Kerberos authentication is allowed.
This can be in the form of a Kerberos ticket, or if
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
.Cm PasswordAuthentication
is yes, the password provided by the user will be validated through
the Kerberos KDC.
@@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts
are refused if the number of unauthenticated connections reaches
.Dq full
(60).
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but
+it will allow password authentication regardless of whether
+.Cm PasswordAuthentication
+is enabled.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@@ -464,7 +466,7 @@ If this option is set to
.Dq no
root is not allowed to login.
.It Cm PidFile
-Specifies the file that contains the process identifier of the
+Specifies the file that contains the process ID of the
.Nm sshd
daemon.
The default is
diff --git a/crypto/openssh/sshlogin.c b/crypto/openssh/sshlogin.c
index 78c51abd6793..e76f94534daa 100644
--- a/crypto/openssh/sshlogin.c
+++ b/crypto/openssh/sshlogin.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
#include "loginrec.h"
@@ -48,10 +48,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
* information is not available. This must be called before record_login.
* The host the user logged in from will be returned in buf.
*/
-
u_long
get_last_login_time(uid_t uid, const char *logname,
- char *buf, u_int bufsize)
+ char *buf, u_int bufsize)
{
struct logininfo li;
@@ -64,10 +63,9 @@ get_last_login_time(uid_t uid, const char *logname,
* Records that the user has logged in. I these parts of operating systems
* were more standardized.
*/
-
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
- const char *host, struct sockaddr * addr)
+ const char *host, struct sockaddr * addr)
{
struct logininfo *li;
@@ -92,7 +90,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
#endif
/* Records that the user has logged out. */
-
void
record_logout(pid_t pid, const char *ttyname, const char *user)
{
diff --git a/crypto/openssh/sshpty.c b/crypto/openssh/sshpty.c
index a7e7e27693bb..64ac4e5994fa 100644
--- a/crypto/openssh/sshpty.c
+++ b/crypto/openssh/sshpty.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
@@ -343,9 +343,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
- else {
+ else
close(fd);
- }
#endif /* _CRAY */
}
@@ -356,6 +355,7 @@ pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel)
{
struct winsize w;
+
w.ws_row = row;
w.ws_col = col;
w.ws_xpixel = xpixel;
@@ -393,13 +393,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
- (st.st_uid == pw->pw_uid || st.st_uid == 0))
- error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ (st.st_uid == pw->pw_uid || st.st_uid == 0))
+ error("chown(%.100s, %u, %u) failed: %.100s",
+ ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
else
- fatal("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ fatal("chown(%.100s, %u, %u) failed: %.100s",
+ ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
}
}
diff --git a/crypto/openssh/tildexpand.c b/crypto/openssh/tildexpand.c
index e89a7ade8acd..cbe981146730 100644
--- a/crypto/openssh/tildexpand.c
+++ b/crypto/openssh/tildexpand.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
#include "xmalloc.h"
#include "log.h"
@@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
if (len > MAXPATHLEN)
fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
expanded = xmalloc(len);
- snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
+ snprintf(expanded, len, "%s%s%s", pw->pw_dir,
+ strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
return expanded;
}
diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
index fcd853d09578..1e9b43128bb2 100644
--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
+/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
-#define SSH_VERSION "OpenSSH_3.3"
+#define SSH_VERSION "OpenSSH_3.4p1"