summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog63
-rw-r--r--Makefile.in2
-rw-r--r--acconfig.h2
-rw-r--r--atomicio.c4
-rw-r--r--atomicio.h29
-rw-r--r--auth-chall.c3
-rw-r--r--auth-krb4.c12
-rw-r--r--auth-options.c29
-rw-r--r--auth-options.h19
-rw-r--r--auth-pam.c5
-rw-r--r--auth-passwd.c7
-rw-r--r--auth-rh-rsa.c17
-rw-r--r--auth-rhosts.c14
-rw-r--r--auth-rsa.c30
-rw-r--r--auth.c13
-rw-r--r--auth.h66
-rw-r--r--auth1.c12
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-pam.c7
-rw-r--r--auth2.c20
-rw-r--r--authfd.c12
-rw-r--r--authfile.c11
-rw-r--r--bufaux.c4
-rw-r--r--bufaux.h3
-rw-r--r--buffer.c4
-rw-r--r--canohost.c4
-rw-r--r--canohost.h36
-rw-r--r--channels.c21
-rw-r--r--cipher.c5
-rw-r--r--cli.c4
-rw-r--r--clientloop.c18
-rw-r--r--clientloop.h15
-rw-r--r--compat.c9
-rw-r--r--compress.c4
-rw-r--r--configure.in2
-rw-r--r--deattack.c4
-rw-r--r--dh.c17
-rw-r--r--dispatch.c6
-rw-r--r--entropy.c10
-rw-r--r--groupaccess.c2
-rw-r--r--hmac.c4
-rw-r--r--hostfile.c6
-rw-r--r--kex.c21
-rw-r--r--key.c10
-rw-r--r--key.h3
-rw-r--r--log-client.c4
-rw-r--r--log-server.c4
-rw-r--r--log.c4
-rw-r--r--log.h76
-rw-r--r--login.c2
-rw-r--r--login.h38
-rw-r--r--loginrec.c4
-rw-r--r--match.c4
-rw-r--r--misc.c (renamed from util.c)1
-rw-r--r--misc.h19
-rw-r--r--nchan.c9
-rw-r--r--packet.c6
-rw-r--r--pathnames.h136
-rw-r--r--pty.c4
-rw-r--r--radix.h26
-rw-r--r--readconf.c31
-rw-r--r--readpass.c3
-rw-r--r--readpass.h18
-rw-r--r--rsa.c4
-rw-r--r--scp.c12
-rw-r--r--servconf.c27
-rw-r--r--serverloop.c8
-rw-r--r--serverloop.h20
-rw-r--r--session.c31
-rw-r--r--sftp-server.c4
-rw-r--r--ssh-add.c19
-rw-r--r--ssh-agent.c101
-rw-r--r--ssh-dss.c22
-rw-r--r--ssh-keygen.16
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keyscan.c6
-rw-r--r--ssh-rsa.c13
-rw-r--r--ssh.c28
-rw-r--r--ssh.h467
-rw-r--r--ssh1.h84
-rw-r--r--sshconnect.c14
-rw-r--r--sshconnect.h28
-rw-r--r--sshconnect1.c19
-rw-r--r--sshconnect2.c14
-rw-r--r--sshd.84
-rw-r--r--sshd.c32
-rw-r--r--tildexpand.c4
-rw-r--r--tildexpand.h17
-rw-r--r--ttymodes.c5
-rw-r--r--uidswap.c4
-rw-r--r--xmalloc.c5
91 files changed, 1161 insertions, 837 deletions
diff --git a/ChangeLog b/ChangeLog
index df472f84..064d7fb5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,66 @@
+20010122
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+ [servconf.c ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+ [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+ packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+ session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+ ssh1.h sshconnect1.c sshd.c ttymodes.c]
+ move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+ - markus@cvs.openbsd.org 2001/01/19 16:48:14
+ [sshd.8]
+ fix typo; from stevesk@
+ - markus@cvs.openbsd.org 2001/01/19 16:50:58
+ [ssh-dss.c]
+ clear and free digest, make consistent with other code (use dlen); from
+ stevesk@
+ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+ [auth-options.c auth-options.h auth-rsa.c auth2.c]
+ pass the filename to auth_parse_options()
+ - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+ [readconf.c]
+ fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+ - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+ [sshconnect2.c]
+ dh_new_group() does not return NULL. ok markus@
+ - markus@cvs.openbsd.org 2001/01/20 21:33:42
+ [ssh-add.c]
+ do not loop forever if askpass does not exist; from
+ andrew@pimlott.ne.mediaone.net
+ - djm@cvs.openbsd.org 2001/01/20 23:00:56
+ [servconf.c]
+ Check for NULL return from strdelim; ok markus
+ - djm@cvs.openbsd.org 2001/01/20 23:02:07
+ [readconf.c]
+ KNF; ok markus
+ - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+ [ssh-keygen.1]
+ remove -R flag; ok markus@
+ - markus@cvs.openbsd.org 2001/01/21 19:05:40
+ [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+ auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+ bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
+ cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+ deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+ key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+ match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+ readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+ session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+ ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+ sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+ ttysmodes.c uidswap.c xmalloc.c]
+ split ssh.h and try to cleanup the #include mess. remove unnecessary
+ #includes. rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+ conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+ on 1/19.
+
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
diff --git a/Makefile.in b/Makefile.in
index 57449dcd..25ff41bd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
diff --git a/acconfig.h b/acconfig.h
index 936a7ca5..f0242eec 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -268,7 +268,7 @@
#undef USER_PATH
/* Specify location of ssh.pid */
-#undef PIDDIR
+#undef _PATH_SSH_PIDDIR
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
#undef IPV4_DEFAULT
diff --git a/atomicio.c b/atomicio.c
index 29ff16c4..7985fb80 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,10 +24,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==write
diff --git a/atomicio.h b/atomicio.h
new file mode 100644
index 00000000..15fc025c
--- /dev/null
+++ b/atomicio.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 1995,1999 Theo de Raadt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==write
+ */
+ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
diff --git a/auth-chall.c b/auth-chall.c
index e99ddb39..b8b0c5d1 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -23,9 +23,8 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "auth.h"
#ifdef SKEY
diff --git a/auth-krb4.c b/auth-krb4.c
index 80e8f429..d68806f9 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,14 +23,18 @@
*/
#include "includes.h"
+RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
+
+#ifdef KRB4
+#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
#include "servconf.h"
+#include "auth.h"
+#include "radix.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
-
-#ifdef KRB4
char *ticket = NULL;
extern ServerOptions options;
diff --git a/auth-options.c b/auth-options.c
index ef61d8df..5457d9b1 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,12 +10,14 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
+#include "canohost.h"
+#include "auth-options.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@@ -48,9 +50,12 @@ auth_clear_options(void)
}
}
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
int
-auth_parse_options(struct passwd *pw, char *options, u_long linenum)
+auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
{
const char *cp;
if (!options)
@@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
forced_command[i] = 0;
@@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
s[i] = 0;
@@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
patterns[i] = 0;
@@ -219,9 +224,9 @@ next_option:
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
/* deny access */
return 0;
}
diff --git a/auth-options.h b/auth-options.h
index 76d420d2..8ee26949 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -11,10 +11,17 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
+/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
#ifndef AUTH_OPTIONS_H
#define AUTH_OPTIONS_H
+
+/* Linked list of custom environment strings */
+struct envstring {
+ struct envstring *next;
+ char *s;
+};
+
/* Flags that may be set in authorized_keys options. */
extern int no_port_forwarding_flag;
extern int no_agent_forwarding_flag;
@@ -23,8 +30,14 @@ extern int no_pty_flag;
extern char *forced_command;
extern struct envstring *custom_environment;
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
-int auth_parse_options(struct passwd *pw, char *options, u_long linenum);
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
+int
+auth_parse_options(struct passwd *pw, char *options, char *file,
+ u_long linenum);
+
/* reset options flags */
void auth_clear_options(void);
diff --git a/auth-pam.c b/auth-pam.c
index befb84c0..3d550b4d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -27,9 +27,12 @@
#ifdef USE_PAM
#include "ssh.h"
#include "xmalloc.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
+#include "readpass.h"
-RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"
diff --git a/auth-passwd.c b/auth-passwd.c
index 8295ea17..541aca60 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,15 +36,14 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
#include "packet.h"
-#include "ssh.h"
-#include "servconf.h"
#include "xmalloc.h"
-
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#ifdef WITH_AIXAUTHENTICATE
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 48c075e6..87d51549 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,18 +13,19 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "log.h"
#include "servconf.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
+#include "pathnames.h"
+#include "auth.h"
+#include "tildexpand.h"
+#include "canohost.h"
/*
* Tries to authenticate the user using the .rhosts file and the host using
@@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
found = key_new(KEY_RSA1);
/* Check if we know the host and its host key. */
- host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
+ host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_key, found, NULL);
/* Check user host file unless ignored. */
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+ char *user_hostfile = tilde_exp