diff options
-rw-r--r-- | ChangeLog | 39 | ||||
-rw-r--r-- | auth-rsa.c | 6 | ||||
-rw-r--r-- | auth.h | 2 | ||||
-rw-r--r-- | auth2.c | 4 | ||||
-rw-r--r-- | authfd.c | 142 | ||||
-rw-r--r-- | cipher.c | 9 | ||||
-rw-r--r-- | compat.c | 8 | ||||
-rw-r--r-- | kex.c | 14 | ||||
-rw-r--r-- | readconf.c | 152 | ||||
-rw-r--r-- | scp.1 | 3 | ||||
-rw-r--r-- | servconf.c | 137 | ||||
-rw-r--r-- | servconf.h | 5 | ||||
-rw-r--r-- | serverloop.c | 2 | ||||
-rw-r--r-- | session.c | 15 | ||||
-rw-r--r-- | ssh-agent.1 | 3 | ||||
-rw-r--r-- | ssh-keygen.1 | 3 | ||||
-rw-r--r-- | ssh-keygen.c | 6 | ||||
-rw-r--r-- | sshd.8 | 11 | ||||
-rw-r--r-- | sshd.c | 167 |
19 files changed, 389 insertions, 339 deletions
@@ -10,6 +10,45 @@ to compile on more platforms (incl NeXT). - (djm) Added bsd-inet_aton and configure support for NeXT - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com> + - (djm) OpenBSD CVS updates: + - markus@cvs.openbsd.org 2000/06/26 03:22:29 + [authfd.c] + cleanup, less cut&paste + - markus@cvs.openbsd.org 2000/06/26 15:59:19 + [servconf.c servconf.h session.c sshd.8 sshd.c] + MaxStartups: limit number of unauthenticated connections, work by + theo and me + - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 + [session.c] + use no_x11_forwarding_flag correctly; provos ok + - provos@cvs.openbsd.org 2000/07/05 15:35:57 + [sshd.c] + typo + - aaron@cvs.openbsd.org 2000/07/05 22:06:58 + [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] + Insert more missing .El directives. Our troff really should identify + these and spit out a warning. + - todd@cvs.openbsd.org 2000/07/06 21:55:04 + [auth-rsa.c auth2.c ssh-keygen.c] + clean code is good code + - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 + [serverloop.c] + sense of port forwarding flag test was backwards + - provos@cvs.openbsd.org 2000/07/08 17:17:31 + [compat.c readconf.c] + replace strtok with strsep; from David Young <dyoung@onthejob.net> + - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 + [auth.h] + KNF + - ho@cvs.openbsd.org 2000/07/08 19:27:33 + [compat.c readconf.c] + Better conditions for strsep() ending. + - ho@cvs.openbsd.org 2000/07/10 10:27:05 + [readconf.c] + Get the correct message on errors. (niels@ ok) + - ho@cvs.openbsd.org 2000/07/10 10:30:25 + [cipher.c kex.c servconf.c] + strtok() --> strsep(). (niels@ ok) 20000709 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.27 2000/07/07 03:55:03 todd Exp $"); #include "rsa.h" #include "packet.h" @@ -179,8 +179,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } if (fail) { fclose(f); - log(buf); - packet_send_debug(buf); + log("%s",buf); + packet_send_debug("%s",buf); restore_uid(); return 0; } @@ -7,7 +7,7 @@ void do_authentication2(void); struct passwd * auth_get_user(void); -int allowed_user(struct passwd * pw);; +int allowed_user(struct passwd * pw); #define AUTH_FAIL_MAX 6 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.12 2000/07/07 03:55:03 todd Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -489,8 +489,8 @@ user_dsa_key_allowed(struct passwd *pw, Key *key) } } if (fail) { - log(buf); fclose(f); + log("%s",buf); restore_uid(); return 0; } @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.21 2000/06/26 09:22:29 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -26,6 +26,9 @@ RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $"); #include <openssl/rsa.h> +/* helper */ +int ssh_agent_get_reply(AuthenticationConnection *auth); + /* Returns the number of the authentication fd, or -1 if there is none. */ int @@ -344,7 +347,7 @@ ssh_add_identity(AuthenticationConnection *auth, { Buffer buffer; unsigned char buf[8192]; - int len, l, type; + int len; /* Format a message to the agent. */ buffer_init(&buffer); @@ -368,57 +371,11 @@ ssh_add_identity(AuthenticationConnection *auth, atomicio(write, auth->fd, buffer_ptr(&buffer), buffer_len(&buffer)) != buffer_len(&buffer)) { error("Error writing to authentication socket."); -error_cleanup: buffer_free(&buffer); return 0; } - /* Wait for response from the agent. First read the length of the - response packet. */ - len = 4; - while (len > 0) { - l = read(auth->fd, buf + 4 - len, len); - if (l <= 0) { - error("Error reading response length from authentication socket."); - goto error_cleanup; - } - len -= l; - } - - /* Extract the length, and check it for sanity. */ - len = GET_32BIT(buf); - if (len > 256 * 1024) - fatal("Add identity response too long: %d", len); - - /* Read the rest of the response in tothe buffer. */ - buffer_clear(&buffer); - while (len > 0) { - l = len; - if (l > sizeof(buf)) - l = sizeof(buf); - l = read(auth->fd, buf, l); - if (l <= 0) { - error("Error reading response from authentication socket."); - goto error_cleanup; - } - buffer_append(&buffer, (char *) buf, l); - len -= l; - } - - /* Get the type of the packet. */ - type = buffer_get_char(&buffer); - switch (type) { - case SSH_AGENT_FAILURE: - buffer_free(&buffer); - return 0; - case SSH_AGENT_SUCCESS: - buffer_free(&buffer); - return 1; - default: - fatal("Bad response to add identity from authentication agent: %d", - type); - } - /* NOTREACHED */ - return 0; + buffer_free(&buffer); + return ssh_agent_get_reply(auth); } /* @@ -430,8 +387,8 @@ int ssh_remove_identity(AuthenticationConnection *auth, RSA *key) { Buffer buffer; - unsigned char buf[8192]; - int len, l, type; + unsigned char buf[5]; + int len; /* Format a message to the agent. */ buffer_init(&buffer); @@ -449,59 +406,11 @@ ssh_remove_identity(AuthenticationConnection *auth, RSA *key) atomicio(write, auth->fd, buffer_ptr(&buffer), buffer_len(&buffer)) != buffer_len(&buffer)) { error("Error writing to authentication socket."); -error_cleanup: buffer_free(&buffer); return 0; } - /* - * Wait for response from the agent. First read the length of the - * response packet. - */ - len = 4; - while (len > 0) { - l = read(auth->fd, buf + 4 - len, len); - if (l <= 0) { - error("Error reading response length from authentication socket."); - goto error_cleanup; - } - len -= l; - } - - /* Extract the length, and check it for sanity. */ - len = GET_32BIT(buf); - if (len > 256 * 1024) - fatal("Remove identity response too long: %d", len); - - /* Read the rest of the response in tothe buffer. */ - buffer_clear(&buffer); - while (len > 0) { - l = len; - if (l > sizeof(buf)) - l = sizeof(buf); - l = read(auth->fd, buf, l); - if (l <= 0) { - error("Error reading response from authentication socket."); - goto error_cleanup; - } - buffer_append(&buffer, (char *) buf, l); - len -= l; - } - - /* Get the type of the packet. */ - type = buffer_get_char(&buffer); - switch (type) { - case SSH_AGENT_FAILURE: - buffer_free(&buffer); - return 0; - case SSH_AGENT_SUCCESS: - buffer_free(&buffer); - return 1; - default: - fatal("Bad response to remove identity from authentication agent: %d", - type); - } - /* NOTREACHED */ - return 0; + buffer_free(&buffer); + return ssh_agent_get_reply(auth); } /* @@ -512,9 +421,7 @@ error_cleanup: int ssh_remove_all_identities(AuthenticationConnection *auth) { - Buffer buffer; - unsigned char buf[8192]; - int len, l, type; + unsigned char buf[5]; /* Get the length of the message, and format it in the buffer. */ PUT_32BIT(buf, 1); @@ -525,6 +432,20 @@ ssh_remove_all_identities(AuthenticationConnection *auth) error("Error writing to authentication socket."); return 0; } + return ssh_agent_get_reply(auth); +} + +/* + * Read for reply from agent. returns 1 for success, 0 on error + */ + +int +ssh_agent_get_reply(AuthenticationConnection *auth) +{ + Buffer buffer; + unsigned char buf[8192]; + int len, l, type; + /* * Wait for response from the agent. First read the length of the * response packet. @@ -534,6 +455,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth) l = read(auth->fd, buf + 4 - len, len); if (l <= 0) { error("Error reading response length from authentication socket."); + buffer_free(&buffer); return 0; } len -= l; @@ -542,9 +464,9 @@ ssh_remove_all_identities(AuthenticationConnection *auth) /* Extract the length, and check it for sanity. */ len = GET_32BIT(buf); if (len > 256 * 1024) - fatal("Remove identity response too long: %d", len); + fatal("Response from agent too long: %d", len); - /* Read the rest of the response into the buffer. */ + /* Read the rest of the response in to the buffer. */ buffer_init(&buffer); while (len > 0) { l = len; @@ -562,16 +484,14 @@ ssh_remove_all_identities(AuthenticationConnection *auth) /* Get the type of the packet. */ type = buffer_get_char(&buffer); + buffer_free(&buffer); switch (type) { case SSH_AGENT_FAILURE: - buffer_free(&buffer); return 0; case SSH_AGENT_SUCCESS: - buffer_free(&buffer); return 1; default: - fatal("Bad response to remove identity from authentication agent: %d", - type); + fatal("Bad response from authentication agent: %d", type); } /* NOTREACHED */ return 0; @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.29 2000/07/10 16:30:25 ho Exp $"); #include "ssh.h" #include "cipher.h" @@ -174,14 +174,15 @@ cipher_name(int cipher) int ciphers_valid(const char *names) { - char *ciphers; + char *ciphers, *cp; char *p; int i; if (names == NULL || strcmp(names, "") == 0) return 0; - ciphers = xstrdup(names); - for ((p = strtok(ciphers, CIPHER_SEP)); p; (p = strtok(NULL, CIPHER_SEP))) { + ciphers = cp = xstrdup(names); + for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; + (p = strsep(&cp, CIPHER_SEP))) { i = cipher_number(p); if (i == -1 || !(cipher_mask2() & (1 << i))) { xfree(ciphers); @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.19 2000/07/09 01:27:32 ho Exp $"); #include "ssh.h" #include "packet.h" @@ -81,13 +81,13 @@ compat_datafellows(const char *version) int proto_spec(const char *spec) { - char *s, *p; + char *s, *p, *q; int ret = SSH_PROTO_UNKNOWN; if (spec == NULL) return ret; - s = xstrdup(spec); - for ((p = strtok(s, SEP)); p; (p = strtok(NULL, SEP))) { + q = s = xstrdup(spec); + for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { switch(atoi(p)) { case 1: if (ret == SSH_PROTO_UNKNOWN) @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.8 2000/06/20 01:39:41 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.9 2000/07/10 16:30:25 ho Exp $"); #include "ssh.h" #include "ssh2.h" @@ -287,13 +287,14 @@ char * get_match(char *client, char *server) { char *sproposals[MAX_PROP]; - char *c, *s, *p, *ret; + char *c, *s, *p, *ret, *cp, *sp; int i, j, nproposals; - c = xstrdup(client); - s = xstrdup(server); + c = cp = xstrdup(client); + s = sp = xstrdup(server); - for ((p = strtok(s, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) { + for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; + (p = strsep(&sp, SEP)), i++) { if (i < MAX_PROP) sproposals[i] = p; else @@ -301,7 +302,8 @@ get_match(char *client, char *server) } nproposals = i; - for ((p = strtok(c, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) { + for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; + (p = strsep(&cp, SEP)), i++) { for (j = 0; j < nproposals; j++) { if (strcmp(p, sproposals[j]) == 0) { ret = xstrdup(p); @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.37 2000/06/20 01:39:43 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.40 2000/07/10 16:27:05 ho Exp $"); #include "ssh.h" #include "cipher.h" @@ -164,7 +164,7 @@ static struct { { NULL, 0 } }; -/* Characters considered whitespace in strtok calls. */ +/* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n=" @@ -237,18 +237,18 @@ process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *cp, *string, **charptr, *cp2; + char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; int opcode, *intptr, value; u_short fwd_port, fwd_host_port; /* Skip leading whitespace. */ - cp = line + strspn(line, WHITESPACE); - if (!*cp || *cp == '\n' || *cp == '#') + s = line + strspn(line, WHITESPACE); + if (!*s || *s == '\n' || *s == '#') return 0; /* Get the keyword. (Each line is supposed to begin with a keyword). */ - cp = strtok(cp, WHITESPACE); - opcode = parse_token(cp, filename, linenum); + keyword = strsep(&s, WHITESPACE); + opcode = parse_token(keyword, filename, linenum); switch (opcode) { case oBadOption: @@ -258,13 +258,13 @@ process_config_line(Options *options, const char *host, case oForwardAgent: intptr = &options->forward_agent; parse_flag: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); value = 0; /* To avoid compiler warning... */ - if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0) + if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) value = 1; - else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0) + else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) value = 0; else fatal("%.200s line %d: Bad yes/no argument.", filename, linenum); @@ -344,16 +344,16 @@ parse_flag: case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); value = 0; /* To avoid compiler warning... */ - if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0) + if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) value = 1; - else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0) + else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) value = 0; - else if (strcmp(cp, "ask") == 0) + else if (strcmp(arg, "ask") == 0) value = 2; else fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum); @@ -379,8 +379,8 @@ parse_flag: case oIdentityFile: case oIdentityFile2: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep) { intptr = (opcode == oIdentityFile) ? @@ -392,7 +392,7 @@ parse_flag: charptr = (opcode == oIdentityFile) ? &options->identity_files[*intptr] : &options->identity_files2[*intptr]; - *charptr = xstrdup(cp); + *charptr = xstrdup(arg); *intptr = *intptr + 1; } break; @@ -404,11 +404,11 @@ parse_flag: case oUser: charptr = &options->user; parse_string: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep && *charptr == NULL) - *charptr = xstrdup(cp); + *charptr = xstrdup(arg); break; case oGlobalKnownHostsFile: @@ -434,10 +434,10 @@ parse_string: case oProxyCommand: charptr = &options->proxy_command; string = xstrdup(""); - while ((cp = strtok(NULL, WHITESPACE)) != NULL) { - string = xrealloc(string, strlen(string) + strlen(cp) + 2); + while ((arg = strsep(&s, WHITESPACE)) != NULL && *arg != '\0') { + string = xrealloc(string, strlen(string) + strlen(arg) + 2); strcat(string, " "); - strcat(string, cp); + strcat(string, arg); } if (*activep && *charptr == NULL) *charptr = string; @@ -448,15 +448,15 @@ parse_string: case oPort: intptr = &options->port; parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (cp[0] < '0' || cp[0] > '9') + if (arg[0] < '0' || arg[0] > '9') fatal("%.200s line %d: Bad number.", filename, linenum); /* Octal, decimal, or hex format? */ - value = strtol(cp, &cp2, 0); - if (cp == cp2) + value = strtol(arg, &endofnumber, 0); + if (arg == endofnumber) fatal("%.200s line %d: Bad number.", filename, linenum); if (*activep && *intptr == -1) *intptr = value; @@ -468,65 +468,65 @@ parse_int: case oCipher: intptr = &options->cipher; - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - value = cipher_number(cp); + value = cipher_number(arg); if (value == -1) fatal("%.200s line %d: Bad cipher '%s'.", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && *intptr == -1) *intptr = value; break; case oCiphers: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!ciphers_valid(cp)) + if (!ciphers_valid(arg)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->ciphers == NULL) - options->ciphers = xstrdup(cp); + options->ciphers = xstrdup(arg); break; case oProtocol: intptr = &options->protocol; - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - value = proto_spec(cp); + value = proto_spec(arg); if (value == SSH_PROTO_UNKNOWN) fatal("%.200s line %d: Bad protocol spec '%s'.", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && *intptr == SSH_PROTO_UNKNOWN) *intptr = value; break; case oLogLevel: intptr = (int *) &options->log_level; - cp = strtok(NULL, WHITESPACE); - value = log_level_number(cp); + arg = strsep(&s, WHITESPACE); + value = log_level_number(arg); if (value == (LogLevel) - 1) fatal("%.200s line %d: unsupported log level '%s'\n", - filename, linenum, cp ? cp : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && (LogLevel) * intptr == -1) *intptr = (LogLevel) value; break; case oRemoteForward: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (cp[0] < '0' || cp[0] > '9') + if (arg[0] < '0' || arg[0] > '9') fatal("%.200s line %d: Badly formatted port number.", filename, linenum); - fwd_port = atoi(cp); - cp = strtok(NULL, WHITESPACE); - if (!cp) + fwd_port = atoi(arg); + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing second argument.", filename, linenum); - if (sscanf(cp, "%255[^:]:%hu", buf, &fwd_host_port) != 2) + if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) fatal("%.200s line %d: Badly formatted host:port.", filename, linenum); if (*activep) @@ -534,18 +534,18 @@ parse_int: break; case oLocalForward: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (cp[0] < '0' || cp[0] > '9') + if (arg[0] < '0' || arg[0] > '9') fatal("%.200s line %d: Badly formatted port number.", filename, linenum); - fwd_port = atoi(cp); - cp = strtok(NULL, WHITESPACE); - if (!cp) + fwd_port = atoi(arg); + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing second argument.", filename, linenum); - if (sscanf(cp, "%255[^:]:%hu", buf, &fwd_host_port) != 2) + if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) fatal("%.200s line %d: Badly formatted host:port.", filename, linenum); if (*activep) @@ -554,26 +554,26 @@ parse_int: case oHost: *activep = 0; - while ((cp = strtok(NULL, WHITESPACE)) != NULL) - if (match_pattern(host, cp)) { - debug("Applying options for %.100s", cp); + while ((arg = strsep(&s, WHITESPACE)) != NULL && *arg != '\0') + if (match_pattern(host, arg)) { + debug("Applying options for %.100s", arg); *activep = 1; break; } - /* Avoid garbage check below, as strtok already returned NULL. */ + /* Avoid garbage check below, as strsep is done. */ return 0; case oEscapeChar: intptr = &options->escape_char; - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&s, WHITESPACE); + if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (cp[0] == '^' && cp[2] == 0 && - (unsigned char) cp[1] >= 64 && (unsigned char) cp[1] < 128) - value = (unsigned char) cp[1] & 31; - else if (strlen(cp) == 1) - value = (unsigned char) cp[0]; - else if (strcmp(cp, "none") == 0) + if (arg[0] == '^' && arg[2] == 0 && + (unsigned char) arg[1] >= 64 && (unsigned char) arg[1] < 128) + value = (unsigned char) arg[1] & 31; + else if (strlen(arg) == 1) + value = (unsigned char) arg[0]; + else if (strcmp(arg, "none") == 0) value = -2; else { fatal("%.200s line %d: Bad escape character.", @@ -590,9 +590,11 @@ parse_int: } /* Check that there is no garbage at end of line. */ - if (strtok(NULL, WHITESPACE) != NULL) - fatal("%.200s line %d: garbage at end of line.", - filename, linenum); + if ((arg = strsep(&s, WHITESPACE)) != NULL && *arg != '\0') + { + fatal("%.200s line %d: garbage at end of line; \"%.200s\".", + filename, linenum, arg); + } return 0; } @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $Id: scp.1,v 1.7 2000/04/13 02:26:37 damien Exp $ +.\" $Id: scp.1,v 1.8 2000/07/11 07:31:38 djm Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -106,6 +106,7 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.El .Sh AUTHORS Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi> .Sh HISTORY @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.45 2000/06/20 01:39:44 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.47 2000/07/10 16:30:25 ho Exp $"); #include "ssh.h" #include "servconf.h" @@ -76,6 +76,7 @@ initialize_server_options(ServerOptions *options) options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; + options->max_startups = -1; } void @@ -159,6 +160,8 @@ fill_default_server_options(ServerOptions *options) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) options->gateway_ports = 0; + if (options->max_startups == -1) + options->max_startups = 10; } #define WHITESPACE " \t\r\n=" @@ -183,7 +186,7 @@ typedef enum { sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, - sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem + sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups } ServerOpCodes; /* Textual representation of the tokens. */ @@ -239,6 +242,7 @@ static struct { { "protocol", sProtocol }, { "gatewayports", sGatewayPorts }, { "subsystem", sSubsystem }, + { "maxstartups", sMaxStartups }, { NULL, 0 } }; @@ -300,7 +304,7 @@ read_server_config(ServerOptions *options, const char *filename) { FILE *f; char line[1024]; - char *cp, **charptr; + char *cp, **charptr, *arg; int linenum, *intptr, value; int bad_options = 0; ServerOpCodes opcode; @@ -317,8 +321,8 @@ read_server_config(ServerOptions *options, const char *filename) cp = line + strspn(line, WHITESPACE); if (!*cp || *cp == '#') continue; - cp = strtok(cp, WHITESPACE); - opcode = parse_token(cp, filename, linenum); + arg = strsep(&cp, WHITESPACE); + opcode = parse_token(arg, filename, linenum); switch (opcode) { case sBadOption: bad_options++; @@ -333,23 +337,23 @@ read_server_config(ServerOptions *options, const char *filename) if (options->num_ports >= MAX_PORTS) fatal("%s line %d: too many ports.\n", filename, linenum); - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&cp, WHITESPACE); + if (!arg || *arg == '\0') fatal("%s line %d: missing port number.\n", filename, linenum); - options->ports[options->num_ports++] = atoi(cp); + options->ports[options->num_ports++] = atoi(arg); break; case sServerKeyBits: intptr = &options->server_key_bits; parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) { + arg = strsep(&cp, WHITESPACE); + if (!arg || *arg == '\0') { fprintf(stderr, "%s line %d: missing integer value.\n", filename, linenum); exit(1); } - value = atoi(cp); + value = atoi(arg); if (*intptr == -1) *intptr = value; break; @@ -363,11 +367,11 @@ parse_int: goto parse_int; case sListenAddress: - cp = strtok(NULL, WHITESPACE); - if (!cp) + arg = strsep(&cp, WHITESPACE); + if (!arg || *arg == '\0') fatal("%s line %d: missing inet addr.\n", filename, linenum); - add_listen_addr(options, cp); + add_listen_addr(options, arg); break; case sHostKeyFile: @@ -375,14 +379,14 @@ parse_int: charptr = (opcode == sHostKeyFile ) ? &options->host_key_file : &options->host_dsa_key_file; parse_filename: - cp = strtok(NULL, WHITESPACE); - if (!cp) { + arg = strsep(&cp, WHITESPACE); + if (!arg || *arg == '\0') { fprintf(stderr, "%s line %d: missing file name.\n", filename, linenum); exit(1); } if (*charptr == NULL) - *charptr = tilde_expand_filename(cp, getuid()); + *charptr = tilde_expand_filename(arg, getuid()); break; case sPidFile: @@ -392,26 +396,26 @@ parse_filename: case sRandomSeedFile: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n", filename, linenum); - cp = strtok(NULL, WHITESPACE); + arg = strsep(&cp, WHITESPACE); break; case sPermitRootLogin: intptr = &options->permit_root_login; - cp = strtok(NULL, WHITESPACE); - if (!cp) { + arg = strsep(&cp, WHITESPACE); + if (!arg || *arg == '\0') { fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n", filename, linenum); exit(1); } - if (strcmp(cp, "without-password") == 0) + if (strcmp(arg, "without-password") == 0) value = 2; |