diff options
| author | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
| commit | 98c7ad60ec5725d91da9f9f6d26cd9fe477398c0 (patch) | |
| tree | 104c3e3474be8e308d05e22d79715c833c6cf837 | |
| parent | 1a07ebd4d8d39c6814bbd84c1aec4ebf2bd005a2 (diff) | |
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
- int atomicio -> ssize_t (for alpha). ok deraadt@
[auth-rsa.c]
- delay MD5 computation until client sends response, free() early, cleanup.
[cipher.c]
- void* -> unsigned char*, ok niels@
[hostfile.c]
- remove unused variable 'len'. fix comments.
- remove unused variable
[log-client.c log-server.c]
- rename a cpp symbol, to avoid param.h collision
[packet.c]
- missing xfree()
- getsockname() requires initialized tolen; andy@guildsoftware.com
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
[pty.c pty.h]
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
[readconf.c]
- turn off x11-fwd for the client, too.
[rsa.c]
- PKCS#1 padding
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
[servconf.c]
- typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- sync with sshd_config
[ssh-keygen.c]
- enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
[ssh.1]
- Change invalid 'CHAT' loglevel to 'VERBOSE'
[ssh.c]
- suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- turn off x11-fwd for the client, too.
[sshconnect.c]
- missing xfree()
- retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- read error vs. "Connection closed by remote host"
[sshd.8]
- ie. -> i.e.,
- do not link to a commercial page..
- sync with sshd_config
[sshd.c]
- no need for poll.h; from bright@wintelcom.net
- log with level log() not fatal() if peer behaves badly.
- don't panic if client behaves strange. ok deraadt@
- make no-port-forwarding for RSA keys deny both -L and -R style fwding
- delay close() of pty until the pty has been chowned back to root
- oops, fix comment, too.
- missing xfree()
- move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
- create x11 cookie file
- fix pr 1113, fclose() -> pclose(), todo: remote popen()
- version 1.2.3
- Cleaned up
| -rw-r--r-- | ChangeLog | 62 | ||||
| -rw-r--r-- | atomicio.c | 8 | ||||
| -rw-r--r-- | auth-rsa.c | 27 | ||||
| -rw-r--r-- | cipher.c | 18 | ||||
| -rw-r--r-- | hostfile.c | 18 | ||||
| -rw-r--r-- | log-client.c | 6 | ||||
| -rw-r--r-- | log-server.c | 8 | ||||
| -rw-r--r-- | packet.c | 12 | ||||
| -rw-r--r-- | pty.c | 2 | ||||
| -rw-r--r-- | pty.h | 4 | ||||
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | rsa.c | 6 | ||||
| -rw-r--r-- | scp.c | 6 | ||||
| -rw-r--r-- | servconf.c | 14 | ||||
| -rw-r--r-- | ssh-keygen.c | 94 | ||||
| -rw-r--r-- | ssh.1 | 24 | ||||
| -rw-r--r-- | ssh.c | 5 | ||||
| -rw-r--r-- | ssh.h | 4 | ||||
| -rw-r--r-- | sshconnect.c | 13 | ||||
| -rw-r--r-- | sshd.8 | 37 | ||||
| -rw-r--r-- | sshd.c | 116 | ||||
| -rw-r--r-- | version.h | 2 |
22 files changed, 310 insertions, 180 deletions
@@ -1,3 +1,65 @@ +20000309 + - OpenBSD CVS updates to v1.2.3 + [ssh.h atomicio.c] + - int atomicio -> ssize_t (for alpha). ok deraadt@ + [auth-rsa.c] + - delay MD5 computation until client sends response, free() early, cleanup. + [cipher.c] + - void* -> unsigned char*, ok niels@ + [hostfile.c] + - remove unused variable 'len'. fix comments. + - remove unused variable + [log-client.c log-server.c] + - rename a cpp symbol, to avoid param.h collision + [packet.c] + - missing xfree() + - getsockname() requires initialized tolen; andy@guildsoftware.com + - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; + from Holger.Trapp@Informatik.TU-Chemnitz.DE + [pty.c pty.h] + - register cleanup for pty earlier. move code for pty-owner handling to + pty.c ok provos@, dugsong@ + [readconf.c] + - turn off x11-fwd for the client, too. + [rsa.c] + - PKCS#1 padding + [scp.c] + - allow '.' in usernames; from jedgar@fxp.org + [servconf.c] + - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de + - sync with sshd_config + [ssh-keygen.c] + - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@ + [ssh.1] + - Change invalid 'CHAT' loglevel to 'VERBOSE' + [ssh.c] + - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp + - turn off x11-fwd for the client, too. + [sshconnect.c] + - missing xfree() + - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp. + - read error vs. "Connection closed by remote host" + [sshd.8] + - ie. -> i.e., + - do not link to a commercial page.. + - sync with sshd_config + [sshd.c] + - no need for poll.h; from bright@wintelcom.net + - log with level log() not fatal() if peer behaves badly. + - don't panic if client behaves strange. ok deraadt@ + - make no-port-forwarding for RSA keys deny both -L and -R style fwding + - delay close() of pty until the pty has been chowned back to root + - oops, fix comment, too. + - missing xfree() + - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too. + (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907) + - register cleanup for pty earlier. move code for pty-owner handling to + pty.c ok provos@, dugsong@ + - create x11 cookie file + - fix pr 1113, fclose() -> pclose(), todo: remote popen() + - version 1.2.3 + - Cleaned up + 20000308 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp> @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$Id: atomicio.c,v 1.8 1999/12/14 22:06:28 damien Exp $"); +RCSID("$Id: atomicio.c,v 1.9 2000/03/09 10:27:50 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -32,14 +32,14 @@ RCSID("$Id: atomicio.c,v 1.8 1999/12/14 22:06:28 damien Exp $"); /* * ensure all of data on socket comes through. f==read || f==write */ -int +ssize_t atomicio(f, fd, s, n) - int (*f) (); + ssize_t (*f) (); int fd; void *s; size_t n; { - int res, pos = 0; + ssize_t res, pos = 0; while (n > pos) { res = (f) (fd, (char*)s + pos, n - pos); @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.12 2000/01/20 11:44:09 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -68,9 +68,9 @@ extern unsigned char session_id[16]; int auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) { - BIGNUM *challenge, *encrypted_challenge, *aux; + BIGNUM *challenge, *encrypted_challenge; RSA *pk; - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx; unsigned char buf[32], mdbuf[16], response[16]; MD5_CTX md; unsigned int i; @@ -78,11 +78,12 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) encrypted_challenge = BN_new(); challenge = BN_new(); - aux = BN_new(); /* Generate a random challenge. */ BN_rand(challenge, 256, 0, 0); + ctx = BN_CTX_new(); BN_mod(challenge, challenge, n, ctx); + BN_CTX_free(ctx); /* Create the public key data structure. */ pk = RSA_new(); @@ -99,8 +100,15 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); packet_put_bignum(encrypted_challenge); packet_send(); + BN_clear_free(encrypted_challenge); packet_write_wait(); + /* Wait for a response. */ + packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); + packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); + for (i = 0; i < 16; i++) + response[i] = packet_get_char(); + /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); if (len <= 0 || len > 32) @@ -111,18 +119,7 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) MD5_Update(&md, buf, 32); MD5_Update(&md, session_id, 16); MD5_Final(mdbuf, &md); - - /* We will no longer need these. */ - BN_clear_free(encrypted_challenge); BN_clear_free(challenge); - BN_clear_free(aux); - BN_CTX_free(ctx); - - /* Wait for a response. */ - packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); - packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - response[i] = packet_get_char(); /* Verify that the response is the original challenge. */ if (memcmp(response, mdbuf, 16) != 0) { @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.12 2000/01/22 23:32:03 damien Exp $"); +RCSID("$Id: cipher.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -41,7 +41,7 @@ void SSH_3CBC_ENCRYPT(des_key_schedule ks1, des_key_schedule ks2, des_cblock * iv2, des_key_schedule ks3, des_cblock * iv3, - void *dest, void *src, + unsigned char *dest, unsigned char *src, unsigned int len) { des_cblock iv1; @@ -49,20 +49,20 @@ SSH_3CBC_ENCRYPT(des_key_schedule ks1, memcpy(&iv1, iv2, 8); des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT); - memcpy(&iv1, (char *)dest + len - 8, 8); + memcpy(&iv1, dest + len - 8, 8); des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT); memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */ des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT); - memcpy(iv3, (char *)dest + len - 8, 8); + memcpy(iv3, dest + len - 8, 8); } void SSH_3CBC_DECRYPT(des_key_schedule ks1, des_key_schedule ks2, des_cblock * iv2, des_key_schedule ks3, des_cblock * iv3, - void *dest, void *src, + unsigned char *dest, unsigned char *src, unsigned int len) { des_cblock iv1; @@ -70,10 +70,10 @@ SSH_3CBC_DECRYPT(des_key_schedule ks1, memcpy(&iv1, iv2, 8); des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT); - memcpy(iv3, (char *)src + len - 8, 8); + memcpy(iv3, src + len - 8, 8); des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT); - memcpy(iv2, (char *)dest + len - 8, 8); + memcpy(iv2, dest + len - 8, 8); des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT); /* memcpy(&iv1, iv2, 8); */ @@ -273,7 +273,7 @@ cipher_encrypt(CipherContext *context, unsigned char *dest, SSH_3CBC_ENCRYPT(context->u.des3.key1, context->u.des3.key2, &context->u.des3.iv2, context->u.des3.key3, &context->u.des3.iv3, - dest, (void *) src, len); + dest, (unsigned char *) src, len); break; case SSH_CIPHER_BLOWFISH: @@ -308,7 +308,7 @@ cipher_decrypt(CipherContext *context, unsigned char *dest, SSH_3CBC_DECRYPT(context->u.des3.key1, context->u.des3.key2, &context->u.des3.iv2, context->u.des3.key3, &context->u.des3.iv3, - dest, (void *) src, len); + dest, (unsigned char *) src, len); break; case SSH_CIPHER_BLOWFISH: @@ -14,13 +14,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.11 2000/01/04 00:07:59 markus Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.13 2000/02/18 10:20:20 markus Exp $"); #include "packet.h" #include "ssh.h" /* - * Reads a multiple-precision integer in hex from the buffer, and advances + * Reads a multiple-precision integer in decimal from the buffer, and advances * the pointer. The integer must already be initialized. This function is * permitted to modify the buffer. This leaves *cpp to point just beyond the * last processed (and maybe modified) character. Note that this may modify @@ -31,26 +31,23 @@ int auth_rsa_read_bignum(char **cpp, BIGNUM * value) { char *cp = *cpp; - int len, old; + int old; /* Skip any leading whitespace. */ for (; *cp == ' ' || *cp == '\t'; cp++) ; - /* Check that it begins with a hex digit. */ + /* Check that it begins with a decimal digit. */ if (*cp < '0' || *cp > '9') return 0; /* Save starting position. */ *cpp = cp; - /* Move forward until all hex digits skipped. */ + /* Move forward until all decimal digits skipped. */ for (; *cp >= '0' && *cp <= '9'; cp++) ; - /* Compute the length of the hex number. */ - len = cp - *cpp; - /* Save the old terminating character, and replace it by \0. */ old = *cp; *cp = 0; @@ -179,7 +176,7 @@ check_host_in_hostfile(const char *filename, const char *host, FILE *f; char line[8192]; int linenum = 0; - unsigned int bits, kbits, hostlen; + unsigned int kbits, hostlen; char *cp, *cp2; HostStatus end_return; @@ -198,9 +195,6 @@ check_host_in_hostfile(const char *filename, const char *host, */ end_return = HOST_NEW; - /* size of modulus 'n' */ - bits = BN_num_bits(n); - /* Go trough the file. */ while (fgets(line, sizeof(line), f)) { cp = line; diff --git a/log-client.c b/log-client.c index 668aafff..11ac45d7 100644 --- a/log-client.c +++ b/log-client.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: log-client.c,v 1.4 2000/01/20 13:18:16 damien Exp $"); +RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -45,12 +45,12 @@ log_init(char *av0, LogLevel level, SyslogFacility ignored1, int ignored2) } } -#define SSH_MSGBUFSIZE 1024 +#define MSGBUFSIZ 1024 void do_log(LogLevel level, const char *fmt, va_list args) { - char msgbuf[SSH_MSGBUFSIZE]; + char msgbuf[MSGBUFSIZ]; if (level > log_level) return; diff --git a/log-server.c b/log-server.c index 26428810..7f732ed3 100644 --- a/log-server.c +++ b/log-server.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: log-server.c,v 1.6 2000/01/20 13:18:16 damien Exp $"); +RCSID("$Id: log-server.c,v 1.7 2000/03/09 10:27:50 damien Exp $"); #include <syslog.h> #include "packet.h" @@ -97,13 +97,13 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) log_on_stderr = on_stderr; } -#define SSH_MSGBUFSIZE 1024 +#define MSGBUFSIZ 1024 void do_log(LogLevel level, const char *fmt, va_list args) { - char msgbuf[SSH_MSGBUFSIZE]; - char fmtbuf[SSH_MSGBUFSIZE]; + char msgbuf[MSGBUFSIZ]; + char fmtbuf[MSGBUFSIZ]; char *txt = NULL; int pri = LOG_INFO; @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.11 2000/01/22 22:38:00 damien Exp $"); +RCSID("$Id: packet.c,v 1.12 2000/03/09 10:27:50 damien Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -505,7 +505,7 @@ packet_read_poll(int *payload_len_ptr) { unsigned int len, padded_len; unsigned char *ucp; - char buf[8], *cp; + char buf[8], *cp, *msg; unsigned int checksum, stored_checksum; restart: @@ -575,7 +575,9 @@ restart: /* Handle disconnect message. */ if ((unsigned char) buf[0] == SSH_MSG_DISCONNECT) { - log("Received disconnect: %.900s", packet_get_string(NULL)); + msg = packet_get_string(NULL); + log("Received disconnect: %.900s", msg); + xfree(msg); fatal_cleanup(); } @@ -585,7 +587,9 @@ restart: /* Send debug messages as debugging output. */ if ((unsigned char) buf[0] == SSH_MSG_DEBUG) { - debug("Remote: %.900s", packet_get_string(NULL)); + msg = packet_get_string(NULL); + debug("Remote: %.900s", msg); + xfree(msg); goto restart; } /* Return type. */ @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: pty.c,v 1.14 2000/03/02 12:56:13 damien Exp $"); +RCSID("$Id: pty.c,v 1.15 2000/03/09 10:27:51 damien Exp $"); #ifdef HAVE_UTIL_H # include <util.h> @@ -13,7 +13,7 @@ * tty. */ -/* RCSID("$Id: pty.h,v 1.5 2000/03/02 12:30:53 damien Exp $"); */ +/* RCSID("$Id: pty.h,v 1.6 2000/03/09 10:27:51 damien Exp $"); */ #ifndef PTY_H #define PTY_H @@ -45,4 +45,6 @@ pty_change_window_size(int ptyfd, int row, int col, void pty_setowner(struct passwd *pw, const char *ttyname); +void pty_setowner(struct passwd *pw, const char *ttyname); + #endif /* PTY_H */ @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.7 1999/12/06 00:47:29 damien Exp $"); +RCSID("$Id: readconf.c,v 1.8 2000/03/09 10:27:51 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -638,7 +638,7 @@ fill_default_options(Options * options) if (options->forward_agent == -1) options->forward_agent = 1; if (options->forward_x11 == -1) - options->forward_x11 = 1; + options->forward_x11 = 0; if (options->gateway_ports == -1) options->gateway_ports = 0; if (options->use_privileged_port == -1) @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.9 2000/03/05 06:14:38 damien Exp $"); +RCSID("$Id: rsa.c,v 1.10 2000/03/09 10:27:51 damien Exp $"); #include "rsa.h" #include "ssh.h" @@ -159,7 +159,7 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) BN_bn2bin(in, inbuf); if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) + RSA_PKCS1_PADDING)) <= 0) fatal("rsa_public_encrypt() failed"); BN_bin2bn(outbuf, len, out); @@ -184,7 +184,7 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) BN_bn2bin(in, inbuf); if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, - RSA_SSLV23_PADDING)) <= 0) + RSA_PKCS1_PADDING)) <= 0) fatal("rsa_private_decrypt() failed"); BN_bin2bn(outbuf, len, out); @@ -45,7 +45,7 @@ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.16 2000/01/14 04:45:51 damien Exp $"); +RCSID("$Id: scp.c,v 1.17 2000/03/09 10:27:51 damien Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -1008,7 +1008,7 @@ run_err(const char *fmt,...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.16 2000/01/14 04:45:51 damien Exp $ + * $Id: scp.c,v 1.17 2000/03/09 10:27:51 damien Exp $ */ char * @@ -1067,7 +1067,7 @@ okname(cp0) } while (*++cp); return (1); -bad: fprintf(stderr, "%s: invalid user name", cp0); +bad: fprintf(stderr, "%s: invalid user name\n", cp0); return (0); } @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.8 2000/01/14 04:45:51 damien Exp $"); +RCSID("$Id: servconf.c,v 1.9 2000/03/09 10:27:51 damien Exp $"); #include "ssh.h" #include "servconf.h" @@ -87,7 +87,7 @@ fill_default_server_options(ServerOptions *options) if (options->permit_root_login == -1) options->permit_root_login = 1; /* yes */ if (options->ignore_rhosts == -1) - options->ignore_rhosts = 0; + options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) options->ignore_user_known_hosts = 0; if (options->check_mail == -1) @@ -95,9 +95,9 @@ fill_default_server_options(ServerOptions *options) if (options->print_motd == -1) options->print_motd = 1; if (options->x11_forwarding == -1) - options->x11_forwarding = 1; + options->x11_forwarding = 0; if (options->x11_display_offset == -1) - options->x11_display_offset = 1; + options->x11_display_offset = 10; if (options->strict_modes == -1) options->strict_modes = 1; if (options->keepalives == -1) @@ -109,7 +109,7 @@ fill_default_server_options(ServerOptions *options) if (options->rhosts_authentication == -1) options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 1; + options->rhosts_rsa_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; #ifdef KRB4 @@ -133,7 +133,7 @@ fill_default_server_options(ServerOptions *options) options->skey_authentication = 1; #endif if (options->permit_empty_passwd == -1) - options->permit_empty_passwd = 1; + options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0; } @@ -402,7 +402,7 @@ parse_flag: case sIgnoreUserKnownHosts: intptr = &options->ignore_user_known_hosts; - goto parse_int; + goto parse_flag; case sRhostsAuthentication: intptr = &options->rhosts_authentication; diff --git a/ssh-keygen.c b/ssh-keygen.c index 2b674676..bf7f0ced 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.10 1999/11/25 00:54:59 damien Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.11 2000/03/09 10:27:51 damien Exp $"); #include "rsa.h" #include "ssh.h" @@ -80,8 +80,11 @@ ask_filename(struct passwd *pw, const char *prompt) void do_fingerprint(struct passwd *pw) { - char *comment; + FILE *f; + BIGNUM *e, *n; RSA *public_key; + char *comment = NULL, *cp, *ep, line[16*1024]; + int i, skip = 0, num = 1, invalid = 1; struct stat st; if (!have_identity) @@ -90,38 +93,71 @@ do_fingerprint(struct passwd *pw) perror(identity_file); exit(1); } + public_key = RSA_new(); - if (!load_public_key(identity_file, public_key, &comment)) { - char *cp, line[1024]; - BIGNUM *e, *n; - int dummy, invalid = 0; - FILE *f = fopen(identity_file, "r"); + if (load_public_key(identity_file, public_key, &comment)) { + printf("%d %s %s\n", BN_num_bits(public_key->n), + fingerprint(public_key->e, public_key->n), + comment); + RSA_free(public_key); + exit(0); + } + RSA_free(public_key); + + f = fopen(identity_file, "r"); + if (f != NULL) { n = BN_new(); e = BN_new(); - if (f && fgets(line, sizeof(line), f)) { - cp = line; - line[strlen(line) - 1] = '\0'; - if (auth_rsa_read_key(&cp, &dummy, e, n)) { - public_key->e = e; - public_key->n = n; - comment = xstrdup(cp ? cp : "no comment"); - } else { - invalid = 1; + while (fgets(line, sizeof(line), f)) { + i = strlen(line) - 1; + if (line[i] != '\n') { + error("line %d too long: %.40s...", num, line); + skip = 1; + continue; + } + num++; + if (skip) { + skip = 0; + continue; + } + line[i] = '\0'; + + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; + if (!*cp || *cp == '\n' || *cp == '#') + continue ; + i = strtol(cp, &ep, 10); + if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { + int quoted = 0; + comment = cp; + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') + cp++; /* Skip both */ + else if (*cp == '"') + quoted = !quoted; + } + if (!*cp) + continue; + *cp++ = '\0'; + } + ep = cp; + if (auth_rsa_read_key(&cp, &i, e, n)) { + invalid = 0; + comment = *cp ? cp : comment; + printf("%d %s %s\n", BN_num_bits(n), + fingerprint(e, n), + comment ? comment : "no comment"); } - } else { - invalid = 1; - } - if (invalid) { - printf("%s is not a valid key file.\n", identity_file); - BN_free(e); - BN_free(n); - exit(1); } + BN_free(e); + BN_free(n); + fclose(f); + } + if (invalid) { + printf("%s is not a valid key file.\n", identity_file); + exit(1); } - printf("%d %s %s\n", BN_num_bits(public_key->n), - fingerprint(public_key->e, public_key->n), - comment); - RSA_free(public_key); exit(0); } @@ -314,7 +350,7 @@ void usage(void) { printf("ssh-keygen version %s\n", SSH_VERSION); - printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname); + printf("Usage: %s [-b bits] [-p] [-c] [-l] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname); exit(1); } @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.17 2000/03/03 11:48:49 damien Exp $ +.\" $Id: ssh.1,v 1.18 2000/03/09 10:27:52 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -557,6 +557,8 @@ set. The argument must be .Dq yes or .Dq no . +The default is +.Dq no . .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. @@ -813,7 +815,7 @@ and adds lines of the format .Dq VARNAME=value to the environment. .Sh FILES -.Bl -tag -width $HOME/.ssh/known_hosts +.Bl -tag -width Ds .It Pa $HOME/.ssh/known_hosts Records host keys for all hosts the user has logged into (that are not in @@ -958,17 +960,12 @@ above. A version of this library which includes support for the RSA algorithm is required for proper operation. .Sh AUTHOR -Tatu Ylonen <ylo@cs.hut.fi> -.Pp -Issues can be found from the SSH WWW home page: -.Pp -.Dl http://www.cs.hut.fi/ssh -.Pp OpenSSH -is a derivative of the original (free) ssh 1.2.12 release, but with bugs -removed and newer features re-added. Rapidly after the 1.2.12 release, -newer versions bore successively more restrictive licenses. This version -of OpenSSH +is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, +but with bugs removed and newer features re-added. Rapidly after the +1.2.12 release, newer versions of the original ssh bore successively +more restrictive licenses, and thus demand for a free version was born. +This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see @@ -977,7 +974,8 @@ directly removed from the source code; any licensed or patented components are chosen from external libraries. .It -has been updated to support ssh protocol 1.5. +has been updated to support ssh protocol 1.5, making it compatible with +all other ssh protocol 1 clients and servers. .It contains added support for .Xr kerberos 8 @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.20 2000/03/02 12:09:21 damien Exp $"); +RCSID("$Id: ssh.c,v 1.21 2000/03/09 10:27:52 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -103,6 +103,7 @@ usage() fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ fprintf(stderr, " -x Disable X11 connection forwarding.\n"); + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); @@ -497,7 +498,7 @@ main(int ac, char **av) struct addrinfo *ai = NULL; int errgai; memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; + hints.ai_family = IPv4or6; hints.ai_flags = AI_CANONNAME; hints.ai_socktype = SOCK_STREAM; errgai = getaddrinfo(host, NULL, &hints, &ai); @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: ssh.h,v 1.26 2000/02/07 02:20:26 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.27 2000/03/09 10:27:52 damien Exp $"); */ #ifndef SSH_H #define SSH_H @@ -712,7 +712,7 @@ struct envstring { /* * Ensure all of data on socket comes through. f==read || f==write */ -int atomicio(int (*f)(), int fd, void *s, size_t n); +ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); #ifdef KRB4 #include <krb.h> diff --git a/sshconnect.c b/sshconnect.c index 5e2a3449..c4c9aee1 100644 --- a/sshconnect.c +++ b/sshconnect.c |