diff options
-rw-r--r-- | ChangeLog | 63 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | acconfig.h | 2 | ||||
-rw-r--r-- | atomicio.c | 4 | ||||
-rw-r--r-- | atomicio.h | 29 | ||||
-rw-r--r-- | auth-chall.c | 3 | ||||
-rw-r--r-- | auth-krb4.c | 12 | ||||
-rw-r--r-- | auth-options.c | 29 | ||||
-rw-r--r-- | auth-options.h | 19 | ||||
-rw-r--r-- | auth-pam.c | 5 | ||||
-rw-r--r-- | auth-passwd.c | 7 | ||||
-rw-r--r-- | auth-rh-rsa.c | 17 | ||||
-rw-r--r-- | auth-rhosts.c | 14 | ||||
-rw-r--r-- | auth-rsa.c | 30 | ||||
-rw-r--r-- | auth.c | 13 | ||||
-rw-r--r-- | auth.h | 66 | ||||
-rw-r--r-- | auth1.c | 12 | ||||
-rw-r--r-- | auth2-chall.c | 4 | ||||
-rw-r--r-- | auth2-pam.c | 7 | ||||
-rw-r--r-- | auth2.c | 20 | ||||
-rw-r--r-- | authfd.c | 12 | ||||
-rw-r--r-- | authfile.c | 11 | ||||
-rw-r--r-- | bufaux.c | 4 | ||||
-rw-r--r-- | bufaux.h | 3 | ||||
-rw-r--r-- | buffer.c | 4 | ||||
-rw-r--r-- | canohost.c | 4 | ||||
-rw-r--r-- | canohost.h | 36 | ||||
-rw-r--r-- | channels.c | 21 | ||||
-rw-r--r-- | cipher.c | 5 | ||||
-rw-r--r-- | cli.c | 4 | ||||
-rw-r--r-- | clientloop.c | 18 | ||||
-rw-r--r-- | clientloop.h | 15 | ||||
-rw-r--r-- | compat.c | 9 | ||||
-rw-r--r-- | compress.c | 4 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | deattack.c | 4 | ||||
-rw-r--r-- | dh.c | 17 | ||||
-rw-r--r-- | dispatch.c | 6 | ||||
-rw-r--r-- | entropy.c | 10 | ||||
-rw-r--r-- | groupaccess.c | 2 | ||||
-rw-r--r-- | hmac.c | 4 | ||||
-rw-r--r-- | hostfile.c | 6 | ||||
-rw-r--r-- | kex.c | 21 | ||||
-rw-r--r-- | key.c | 10 | ||||
-rw-r--r-- | key.h | 3 | ||||
-rw-r--r-- | log-client.c | 4 | ||||
-rw-r--r-- | log-server.c | 4 | ||||
-rw-r--r-- | log.c | 4 | ||||
-rw-r--r-- | log.h | 76 | ||||
-rw-r--r-- | login.c | 2 | ||||
-rw-r--r-- | login.h | 38 | ||||
-rw-r--r-- | loginrec.c | 4 | ||||
-rw-r--r-- | match.c | 4 | ||||
-rw-r--r-- | misc.c (renamed from util.c) | 1 | ||||
-rw-r--r-- | misc.h | 19 | ||||
-rw-r--r-- | nchan.c | 9 | ||||
-rw-r--r-- | packet.c | 6 | ||||
-rw-r--r-- | pathnames.h | 136 | ||||
-rw-r--r-- | pty.c | 4 | ||||
-rw-r--r-- | radix.h | 26 | ||||
-rw-r--r-- | readconf.c | 31 | ||||
-rw-r--r-- | readpass.c | 3 | ||||
-rw-r--r-- | readpass.h | 18 | ||||
-rw-r--r-- | rsa.c | 4 | ||||
-rw-r--r-- | scp.c | 12 | ||||
-rw-r--r-- | servconf.c | 27 | ||||
-rw-r--r-- | serverloop.c | 8 | ||||
-rw-r--r-- | serverloop.h | 20 | ||||
-rw-r--r-- | session.c | 31 | ||||
-rw-r--r-- | sftp-server.c | 4 | ||||
-rw-r--r-- | ssh-add.c | 19 | ||||
-rw-r--r-- | ssh-agent.c | 101 | ||||
-rw-r--r-- | ssh-dss.c | 22 | ||||
-rw-r--r-- | ssh-keygen.1 | 6 | ||||
-rw-r--r-- | ssh-keygen.c | 18 | ||||
-rw-r--r-- | ssh-keyscan.c | 6 | ||||
-rw-r--r-- | ssh-rsa.c | 13 | ||||
-rw-r--r-- | ssh.c | 28 | ||||
-rw-r--r-- | ssh.h | 467 | ||||
-rw-r--r-- | ssh1.h | 84 | ||||
-rw-r--r-- | sshconnect.c | 14 | ||||
-rw-r--r-- | sshconnect.h | 28 | ||||
-rw-r--r-- | sshconnect1.c | 19 | ||||
-rw-r--r-- | sshconnect2.c | 14 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd.c | 32 | ||||
-rw-r--r-- | tildexpand.c | 4 | ||||
-rw-r--r-- | tildexpand.h | 17 | ||||
-rw-r--r-- | ttymodes.c | 5 | ||||
-rw-r--r-- | uidswap.c | 4 | ||||
-rw-r--r-- | xmalloc.c | 5 |
91 files changed, 1161 insertions, 837 deletions
@@ -1,3 +1,66 @@ +20010122 + - (bal) OpenBSD Resync + - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus + [servconf.c ssh.h sshd.c] + only auth-chall.c needs #ifdef SKEY + - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus + [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c + auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c + packet.c pathname.h readconf.c scp.c servconf.c serverloop.c + session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h + ssh1.h sshconnect1.c sshd.c ttymodes.c] + move ssh1 definitions to ssh1.h, pathnames to pathnames.h + - markus@cvs.openbsd.org 2001/01/19 16:48:14 + [sshd.8] + fix typo; from stevesk@ + - markus@cvs.openbsd.org 2001/01/19 16:50:58 + [ssh-dss.c] + clear and free digest, make consistent with other code (use dlen); from + stevesk@ + - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus + [auth-options.c auth-options.h auth-rsa.c auth2.c] + pass the filename to auth_parse_options() + - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 + [readconf.c] + fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com + - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 + [sshconnect2.c] + dh_new_group() does not return NULL. ok markus@ + - markus@cvs.openbsd.org 2001/01/20 21:33:42 + [ssh-add.c] + do not loop forever if askpass does not exist; from + andrew@pimlott.ne.mediaone.net + - djm@cvs.openbsd.org 2001/01/20 23:00:56 + [servconf.c] + Check for NULL return from strdelim; ok markus + - djm@cvs.openbsd.org 2001/01/20 23:02:07 + [readconf.c] + KNF; ok markus + - jakob@cvs.openbsd.org 2001/01/21 9:00:33 + [ssh-keygen.1] + remove -R flag; ok markus@ + - markus@cvs.openbsd.org 2001/01/21 19:05:40 + [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c + auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c + auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c + bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c + cipher.c cli.c clientloop.c clientloop.h compat.c compress.c + deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c + key.c key.h log-client.c log-server.c log.c log.h login.c login.h + match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c + readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h + session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c + ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h + sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h + ttysmodes.c uidswap.c xmalloc.c] + split ssh.h and try to cleanup the #include mess. remove unnecessary + #includes. rename util.[ch] -> misc.[ch] + - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree + - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve + conflict when compiling for non-kerb install + - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes + on 1/19. + 20010120 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 diff --git a/Makefile.in b/Makefile.in index 57449dcd..25ff41bd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o +LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o @@ -268,7 +268,7 @@ #undef USER_PATH /* Specify location of ssh.pid */ -#undef PIDDIR +#undef _PATH_SSH_PIDDIR /* Use IPv4 for connection by default, IPv6 can still if explicity asked */ #undef IPV4_DEFAULT @@ -24,10 +24,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" +#include "atomicio.h" /* * ensure all of data on socket comes through. f==read || f==write diff --git a/atomicio.h b/atomicio.h new file mode 100644 index 00000000..15fc025c --- /dev/null +++ b/atomicio.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 1995,1999 Theo de Raadt + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Ensure all of data on socket comes through. f==read || f==write + */ +ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); diff --git a/auth-chall.c b/auth-chall.c index e99ddb39..b8b0c5d1 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -23,9 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $"); +RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $"); -#include "ssh.h" #include "auth.h" #ifdef SKEY diff --git a/auth-krb4.c b/auth-krb4.c index 80e8f429..d68806f9 100644 --- a/auth-krb4.c +++ b/auth-krb4.c @@ -23,14 +23,18 @@ */ #include "includes.h" +RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $"); + +#ifdef KRB4 +#include "ssh.h" +#include "ssh1.h" #include "packet.h" #include "xmalloc.h" -#include "ssh.h" +#include "log.h" #include "servconf.h" +#include "auth.h" +#include "radix.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $"); - -#ifdef KRB4 char *ticket = NULL; extern ServerOptions options; diff --git a/auth-options.c b/auth-options.c index ef61d8df..5457d9b1 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,12 +10,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $"); -#include "ssh.h" #include "packet.h" #include "xmalloc.h" #include "match.h" +#include "log.h" +#include "canohost.h" +#include "auth-options.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -48,9 +50,12 @@ auth_clear_options(void) } } -/* return 1 if access is granted, 0 if not. side effect: sets key option flags */ +/* + * return 1 if access is granted, 0 if not. + * side effect: sets key option flags + */ int -auth_parse_options(struct passwd *pw, char *options, u_long linenum) +auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) { const char *cp; if (!options) @@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); continue; } forced_command[i] = 0; @@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); continue; } s[i] = 0; @@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + file, linenum); continue; } patterns[i] = 0; @@ -219,9 +224,9 @@ next_option: bad_option: log("Bad options in %.100s file, line %lu: %.50s", - SSH_USER_PERMITTED_KEYS, linenum, options); + file, linenum, options); packet_send_debug("Bad options in %.100s file, line %lu: %.50s", - SSH_USER_PERMITTED_KEYS, linenum, options); + file, linenum, options); /* deny access */ return 0; } diff --git a/auth-options.h b/auth-options.h index 76d420d2..8ee26949 100644 --- a/auth-options.h +++ b/auth-options.h @@ -11,10 +11,17 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */ +/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */ #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H + +/* Linked list of custom environment strings */ +struct envstring { + struct envstring *next; + char *s; +}; + /* Flags that may be set in authorized_keys options. */ extern int no_port_forwarding_flag; extern int no_agent_forwarding_flag; @@ -23,8 +30,14 @@ extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; -/* return 1 if access is granted, 0 if not. side effect: sets key option flags */ -int auth_parse_options(struct passwd *pw, char *options, u_long linenum); +/* + * return 1 if access is granted, 0 if not. + * side effect: sets key option flags + */ +int +auth_parse_options(struct passwd *pw, char *options, char *file, + u_long linenum); + /* reset options flags */ void auth_clear_options(void); @@ -27,9 +27,12 @@ #ifdef USE_PAM #include "ssh.h" #include "xmalloc.h" +#include "log.h" #include "servconf.h" +#include "canohost.h" +#include "readpass.h" -RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" diff --git a/auth-passwd.c b/auth-passwd.c index 8295ea17..541aca60 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -36,15 +36,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $"); #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) #include "packet.h" -#include "ssh.h" -#include "servconf.h" #include "xmalloc.h" - +#include "log.h" +#include "servconf.h" #include "auth.h" #ifdef WITH_AIXAUTHENTICATE diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 48c075e6..87d51549 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -13,18 +13,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $"); #include "packet.h" -#include "ssh.h" #include "xmalloc.h" |