diff options
-rw-r--r-- | ChangeLog | 67 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | auth2.c | 48 | ||||
-rw-r--r-- | bsd-base64.c | 315 | ||||
-rw-r--r-- | bsd-base64.h | 19 | ||||
-rw-r--r-- | channels.c | 33 | ||||
-rw-r--r-- | channels.h | 6 | ||||
-rw-r--r-- | clientloop.c | 6 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | dsa.c | 4 | ||||
-rw-r--r-- | includes.h | 1 | ||||
-rw-r--r-- | key.c | 25 | ||||
-rw-r--r-- | key.h | 1 | ||||
-rw-r--r-- | nchan.c | 23 | ||||
-rw-r--r-- | packet.c | 13 | ||||
-rw-r--r-- | radix.c | 7 | ||||
-rw-r--r-- | readconf.c | 18 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | scp.c | 20 | ||||
-rw-r--r-- | servconf.c | 33 | ||||
-rw-r--r-- | servconf.h | 6 | ||||
-rw-r--r-- | serverloop.c | 2 | ||||
-rw-r--r-- | session.c | 43 | ||||
-rw-r--r-- | ssh-add.1 | 6 | ||||
-rw-r--r-- | ssh-agent.1 | 4 | ||||
-rw-r--r-- | ssh-keygen.1 | 63 | ||||
-rw-r--r-- | ssh-keygen.c | 8 | ||||
-rw-r--r-- | ssh.1 | 160 | ||||
-rw-r--r-- | ssh.h | 7 | ||||
-rw-r--r-- | sshconnect.c | 34 | ||||
-rw-r--r-- | sshconnect1.c | 6 | ||||
-rw-r--r-- | sshconnect2.c | 8 | ||||
-rw-r--r-- | sshd.8 | 104 | ||||
-rw-r--r-- | sshd.c | 9 | ||||
-rw-r--r-- | uuencode.c | 110 | ||||
-rw-r--r-- | uuencode.h | 4 |
36 files changed, 961 insertions, 261 deletions
@@ -1,3 +1,70 @@ +20000507 + - Remove references to SSLeay. + - Big OpenBSD CVS update + - markus@cvs.openbsd.org + [clientloop.c] + - typo + [session.c] + - update proctitle on pty alloc/dealloc, e.g. w/ windows client + [session.c] + - update proctitle for proto 1, too + [channels.h nchan.c serverloop.c session.c sshd.c] + - use c-style comments + - deraadt@cvs.openbsd.org + [scp.c] + - more atomicio + - markus@cvs.openbsd.org + [channels.c] + - set O_NONBLOCK + [ssh.1] + - update AUTHOR + [readconf.c ssh-keygen.c ssh.h] + - default DSA key file ~/.ssh/id_dsa + [clientloop.c] + - typo, rm verbose debug + - deraadt@cvs.openbsd.org + [ssh-keygen.1] + - document DSA use of ssh-keygen + [sshd.8] + - a start at describing what i understand of the DSA side + [ssh-keygen.1] + - document -X and -x + [ssh-keygen.c] + - simplify usage + - markus@cvs.openbsd.org + [sshd.8] + - there is no rhosts_dsa + [ssh-keygen.1] + - document -y, update -X,-x + [nchan.c] + - fix close for non-open ssh1 channels + [servconf.c servconf.h ssh.h sshd.8 sshd.c ] + - s/DsaKey/HostDSAKey/, document option + [sshconnect2.c] + - respect number_of_password_prompts + [channels.c channels.h servconf.c servconf.h session.c sshd.8] + - GatewayPorts for sshd, ok deraadt@ + [ssh-add.1 ssh-agent.1 ssh.1] + - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2 + [ssh.1] + - more info on proto 2 + [sshd.8] + - sync AUTHOR w/ ssh.1 + [key.c key.h sshconnect.c] + - print key type when talking about host keys + [packet.c] + - clear padding in ssh2 + [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h] + - replace broken uuencode w/ libc b64_ntop + [auth2.c] + - log failure before sending the reply + [key.c radix.c uuencode.c] + - remote trailing comments before calling __b64_pton + [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1] + [sshconnect2.c sshd.8] + - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8 + - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch]) + 20000502 - OpenBSD CVS update [channels.c] diff --git a/Makefile.in b/Makefile.in index 646201c0..de2fbd26 100644 --- a/Makefile.in +++ b/Makefile.in @@ -33,7 +33,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) -LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o +LIBOBJS= atomicio.o authfd.o authfile.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.5 2000/05/01 23:13:39 djm Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -188,9 +188,29 @@ input_userauth_request(int type, int plen) authenticated = 0; #endif /* USE_PAM */ - /* XXX todo: check if multiple auth methods are needed */ + /* Raise logging level */ + if (authenticated == 1 || + attempt == AUTH_FAIL_LOG || + strcmp(method, "password") == 0) + authlog = log; + + /* Log before sending the reply */ if (authenticated == 1) { authmsg = "Accepted"; + } else if (authenticated == 0) { + authmsg = "Failed"; + } else { + authmsg = "Postponed"; + } + authlog("%s %s for %.200s from %.200s port %d ssh2", + authmsg, + method, + pw && pw->pw_uid == 0 ? "ROOT" : user, + get_remote_ipaddr(), + get_remote_port()); + + /* XXX todo: check if multiple auth methods are needed */ + if (authenticated == 1) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); packet_start(SSH2_MSG_USERAUTH_SUCCESS); @@ -199,27 +219,12 @@ input_userauth_request(int type, int plen) /* now we can break out */ userauth_success = 1; } else if (authenticated == 0) { - authmsg = "Failed"; packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring("publickey,password"); /* XXX dynamic */ packet_put_char(0); /* XXX partial success, unused */ packet_send(); packet_write_wait(); - } else { - authmsg = "Postponed"; } - /* Raise logging level */ - if (authenticated == 1|| - attempt == AUTH_FAIL_LOG || - strcmp(method, "password") == 0) - authlog = log; - - authlog("%s %s for %.200s from %.200s port %d ssh2", - authmsg, - method, - pw && pw->pw_uid == 0 ? "ROOT" : user, - get_remote_ipaddr(), - get_remote_port()); xfree(service); xfree(user); @@ -269,7 +274,7 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) int have_sig; int authenticated = 0; - if (options.rsa_authentication == 0) { + if (options.dsa_authentication == 0) { debug("pubkey auth disabled"); return 0; } @@ -306,6 +311,13 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen) debug("test key..."); /* test whether pkalg/pkblob are acceptable */ /* XXX fake reply and always send PK_OK ? */ + /* + * XXX this allows testing whether a user is allowed + * to login: if you happen to have a valid pubkey this + * message is sent. the message is NEVER sent at all + * if a user is not allowed to login. is this an + * issue? -markus + */ if (user_dsa_key_allowed(pw, key)) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); diff --git a/bsd-base64.c b/bsd-base64.c new file mode 100644 index 00000000..57a95736 --- /dev/null +++ b/bsd-base64.c @@ -0,0 +1,315 @@ +/* $OpenBSD: base64.c,v 1.3 1997/11/08 20:46:55 deraadt Exp $ */ + +/* + * Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +#include "config.h" + +#ifndef HAVE_B64_NTOP + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <ctype.h> +#include <resolv.h> +#include <stdio.h> + +#include <stdlib.h> +#include <string.h> + +#define Assert(Cond) if (!(Cond)) abort() + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) +{ + size_t datalength = 0; + u_char input[3]; + u_char output[4]; + int i; + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + Assert(output[0] < 64); + Assert(output[1] < 64); + Assert(output[2] < 64); + Assert(output[3] < 64); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + Assert(output[0] < 64); + Assert(output[1] < 64); + Assert(output[2] < 64); + + if (datalength + 4 > targsize) + return (-1); + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) + target[datalength++] = Pad64; + else + target[datalength++] = Base64[output[2]]; + target[datalength++] = Pad64; + } + if (datalength >= targsize) + return (-1); + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (datalength); +} + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +b64_pton(char const *src, u_char *target, size_t targsize) +{ + int tarindex, state, ch; + char *pos; + + state = 0; + tarindex = 0; + + while ((ch = *src++) != '\0') { + if (isspace(ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if (tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if (tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for (; ch != '\0'; ch = *src++) + if (!isspace(ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} + +#endif /* HAVE_B64_NTOP */ diff --git a/bsd-base64.h b/bsd-base64.h new file mode 100644 index 00000000..c5dace7c --- /dev/null +++ b/bsd-base64.h @@ -0,0 +1,19 @@ +#ifndef _BSD_BASE64_H +#define _BSD_BASE64_H + +#include "config.h" + +#ifndef HAVE___B64_NTOP +# ifdef HAVE_B64_NTOP +# define __b64_ntop b64_ntop +# define __b64_pton b64_pton +# else /* !HAVE_B64_NTOP */ + +int b64_ntop(u_char const *src, size_t srclength, char *target, + size_t targsize); +int b64_pton(char const *src, u_char *target, size_t targsize); + +# endif /* HAVE_B64_NTOP */ +#endif /* HAVE___B64_NTOP */ + +#endif /* _BSD_BINRESVPORT_H */ @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.28 2000/05/01 23:23:45 damien Exp $"); +RCSID("$Id: channels.c,v 1.29 2000/05/07 02:03:15 damien Exp $"); #include "ssh.h" #include "packet.h" @@ -147,8 +147,25 @@ channel_lookup(int id) return c; } +void +set_nonblock(int fd) +{ + int val; + val = fcntl(fd, F_GETFL, 0); + if (val < 0) { + error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + return; + } + if (val & O_NONBLOCK) + return; + debug("fd %d setting O_NONBLOCK", fd); + val |= O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) + error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno)); +} + /* - * register filedescriptors for a channel, used when allocating a channel or + * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd */ @@ -163,11 +180,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) if (efd > channel_max_fd_value) channel_max_fd_value = efd; /* XXX set close-on-exec -markus */ + c->rfd = rfd; c->wfd = wfd; c->sock = (rfd == wfd) ? rfd : -1; c->efd = efd; c->extended_usage = extusage; + if (rfd != -1) + set_nonblock(rfd); + if (wfd != -1) + set_nonblock(wfd); + if (efd != -1) + set_nonblock(efd); } /* @@ -1532,7 +1556,7 @@ channel_request_remote_forwarding(u_short listen_port, const char *host_to_conne */ void -channel_input_port_forward_request(int is_root) +channel_input_port_forward_request(int is_root, int gateway_ports) { u_short port, host_port; char *hostname; @@ -1551,9 +1575,8 @@ channel_input_port_forward_request(int is_root) port); /* * Initiate forwarding, - * bind port to localhost only (gateway ports == 0). */ - channel_request_local_forwarding(port, hostname, host_port, 0); + channel_request_local_forwarding(port, hostname, host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); @@ -1,4 +1,4 @@ -/* RCSID("$Id: channels.h,v 1.8 2000/04/30 00:00:54 damien Exp $"); */ +/* RCSID("$Id: channels.h,v 1.9 2000/05/07 02:03:15 damien Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -56,7 +56,7 @@ typedef struct Channel { char *ctype; /* type */ - // callback + /* callback */ channel_callback_fn *cb_fn; void *cb_arg; int cb_event; @@ -175,7 +175,7 @@ void channel_permit_all_opens(void); * listening for the port, and sends back a success reply (or disconnect * message if there was an error). This never returns if there was an error. */ -void channel_input_port_forward_request(int is_root); +void channel_input_port_forward_request(int is_root, int gateway_ports); /* * Creates a port for X11 connections, and starts listening for it. Returns diff --git a/clientloop.c b/clientloop.c index 0ee9fc32..382cfe1f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.13 2000/04/30 00:00:54 damien Exp $"); +RCSID("$Id: clientloop.c,v 1.14 2000/05/07 02:03:16 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -971,7 +971,7 @@ client_input_channel_open(int type, int plen) rwindow = packet_get_int(); rmaxpack = packet_get_int(); - log("server_input_open: ctype %s rchan %d win %d max %d", + debug("client_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "x11") == 0) { @@ -1077,7 +1077,7 @@ client_input_channel_req(int id, void *arg) rtype = packet_get_string(&len); reply = packet_get_char(); - debug("session_input_channel_req: rtype %s reply %d", rtype, reply); + debug("client_input_channel_req: rtype %s reply %d", rtype, reply); c = channel_lookup(id); if (c == NULL) diff --git a/configure.in b/configure.in index be2a63df..1b099c6b 100644 --- a/configure.in +++ b/configure.in @@ -132,7 +132,7 @@ fi AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h util.h utmp.h utmpx.h) # Checks for library functions. -AC_CHECK_FUNCS(arc4random bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt mkdtemp openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf vhangup _getpty) +AC_CHECK_FUNCS(arc4random b64_ntop bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt mkdtemp openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf vhangup _getpty __b64_ntop) AC_CHECK_FUNC(login, [AC_DEFINE(HAVE_LOGIN)], @@ -196,7 +196,7 @@ saved_CFLAGS="$CFLAGS" if test "x$prefix" != "xNONE" ; then tryssldir="$tryssldir $prefix" fi -AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) +AC_MSG_CHECKING([for OpenSSL directory]) for ssldir in "" $tryssldir /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do if test ! -z "$ssldir" ; then LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.5 2000/04/26 20:56:29 markus Exp $"); +RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -63,7 +63,7 @@ dsa_key_from_blob( Key *key; #ifdef DEBUG_DSS - dump_base64(blob, blen); + dump_base64(stderr, blob, blen); #endif /* fetch & parse DSA/DSS pubkey */ key = key_new(KEY_DSA); @@ -99,6 +99,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include "bsd-snprintf.h" #include "bsd-daemon.h" #include "bsd-login.h" +#include "bsd-base64.h" /* rfc2553 socket API replacements */ #include "fake-getaddrinfo.h" @@ -255,6 +255,10 @@ key_read(Key *ret, char **cpp) len = 2*strlen(cp); blob = xmalloc(len); n = uudecode(cp, blob, len); + if (n < 0) { + error("uudecode %s failed", cp); + return 0; + } k = dsa_key_from_blob(blob, n); if (k == NULL) return 0; @@ -297,11 +301,26 @@ key_write(Key *key, FILE *f) unsigned char *blob, *uu; dsa_make_key_blob(key, &blob, &len); uu = xmalloc(2*len); - n = uuencode(blob, len, uu); - fprintf(f, "%s %s", SSH_DSS, uu); + n = uuencode(blob, len, uu, 2*len); + if (n > 0) { + fprintf(f, "%s %s", SSH_DSS, uu); + success = 1; + } xfree(blob); xfree(uu); - success = 1; } return success; } +char * +key_type(Key *k) +{ + switch (k->type) { + case KEY_RSA: + return "RSA"; + break; + case KEY_DSA: + return "DSA"; + break; + } + return "unknown"; +} @@ -17,6 +17,7 @@ Key *key_new(int type); void key_free(Key *k); int key_equal(Key *a, Key *b); char *key_fingerprint(Key *k); +char *key_type(Key *k); int key_wr |