diff options
author | des <des@FreeBSD.org> | 2005-09-03 06:59:33 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2005-09-03 06:59:33 +0000 |
commit | 1ea3628aba1278f27d571a26380b4e91155d3973 (patch) | |
tree | 4029e8da2f8ce801de14426bfef1ef6a20554c35 | |
parent | f0dcade643f0a60a2e51a1e6f7813261a68e5583 (diff) | |
parent | 755a16fa864cacbbd9fbefc822011b6741351d8d (diff) | |
download | FreeBSD-src-1ea3628aba1278f27d571a26380b4e91155d3973.zip FreeBSD-src-1ea3628aba1278f27d571a26380b4e91155d3973.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r149749,
which included commits to RCS files with non-trunk default branches.
66 files changed, 2460 insertions, 823 deletions
diff --git a/crypto/openssh/CREDITS b/crypto/openssh/CREDITS index 2a77b87..82b9f22 100644 --- a/crypto/openssh/CREDITS +++ b/crypto/openssh/CREDITS @@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song - Creators of OpenSSH +Ahsan Rashid <arms@sco.com> - UnixWare long passwords Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes Andre Lucas <andre@ae-35.com> - new login code, many fixes @@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes David Hesprich <darkgrue@gue-tech.org> - Configure fixes David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code. +Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords Ed Eden <ede370@stl.rural.usda.gov> - configure fixes Garrick James <garrick@james.net> - configure fixes Gary E. Miller <gem@rellim.com> - SCO support @@ -98,5 +100,5 @@ Apologies to anyone I have missed. Damien Miller <djm@mindrot.org> -$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $ +$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $ diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 15ce35c..9573f86 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,496 @@ +20050901 + - (djm) Update RPM spec file versions + +20050831 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/08/30 22:08:05 + [gss-serv.c sshconnect2.c] + destroy credentials if krb5_kuserok() call fails. Stops credentials being + delegated to users who are not authorised for GSSAPIAuthentication when + GSSAPIDeletegateCredentials=yes and another authentication mechanism + succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by + simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ + - markus@cvs.openbsd.org 2005/08/31 09:28:42 + [version.h] + 4.2 + - (dtucker) [README] Update release note URL to 4.2 + - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c + openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable + libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). + Feedback and OK dtucker@ + +20050830 + - (tim) [configure.ac] Back out last change. It needs to be done differently. + +20050829 + - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long + password support to 7.x for now. + +20050826 + - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c + openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h + openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c + openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) + on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing + by tim@. Feedback and OK dtucker@ + +20050823 + - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- + qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" + and "//foo" to be different. Spotted by vinschen at redhat.com. + - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements + and OK dtucker@ + - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ + +20050821 + - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for + LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ + +20050816 + - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE, + from Jacob Nevins; ok dtucker@ + +20050815 + - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT + - (tim) [configure.ac] corrections to libedit tests. Report and patches + by skeleten AT shillest.net + +20050812 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2005/07/28 17:36:22 + [packet.c] + missing packet_init_compression(); from solar + - djm@cvs.openbsd.org 2005/07/30 01:26:16 + [ssh.c] + fix -D listen_host initialisation, so it picks up gateway_ports setting + correctly + - djm@cvs.openbsd.org 2005/07/30 02:03:47 + [readconf.c] + listen_hosts initialisation here too; spotted greg AT y2005.nest.cx + - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 + [servconf.c] + Unbreak sshd ListenAddress for bare IPv6 addresses. + Report from Janusz Mucka; ok djm@ + - jaredy@cvs.openbsd.org 2005/08/08 13:22:48 + [sftp.c] + sftp prompt enhancements: + - in non-interactive mode, do not print an empty prompt at the end + before finishing + - print newline after EOF in editline mode + - call el_end() in editline mode + ok dtucker djm + +20050810 + - (dtucker) [configure.ac] Test libedit library and headers for compatibility. + Report from skeleten AT shillest.net, ok djm@ + - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] + Sync current (thread-safe) version of realpath.c from OpenBSD (which is + in turn based on FreeBSD's). ok djm@ + +20050809 + - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ + Report by skeleten AT shillest.net + +20050803 + - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines + individually and use a value less likely to collide with real values from + netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ + - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the + latter is specified in the standard. + +20050802 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 + [scp.c hostfile.c sftp-client.c] + Silence bogus -Wuninitialized warnings; ok djm@ + - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling + with gcc. ok djm@ + - (dtucker) [configure.ac] Add a --with-Werror option to configure for + adding -Werror to CFLAGS when all of the configure tests are done. ok djm@ + +20050726 + - (dtucker) [configure.ac] Update zlib warning message too, pointed out by + tim@. + - (djm) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/07/19 15:32:26 + [auth-passwd.c] + auth_usercheck(3) can return NULL, so check for that. Report from + mpech@. ok markus@ + - markus@cvs.openbsd.org 2005/07/25 11:59:40 + [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] + [sshconnect2.c sshd.c sshd_config sshd_config.5] + add a new compression method that delays compression until the user + has been authenticated successfully and set compression to 'delayed' + for sshd. + this breaks older openssh clients (< 3.5) if they insist on + compression, so you have to re-enable compression in sshd_config. + ok djm@ + +20050725 + - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. + +20050717 +- OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/07/16 01:35:24 + [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] + [sshconnect.c] + spacing + - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] + [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL + in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]") + - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line + - djm@cvs.openbsd.org 2005/07/17 06:49:04 + [channels.c channels.h session.c session.h] + Fix a number of X11 forwarding channel leaks: + 1. Refuse multiple X11 forwarding requests on the same session + 2. Clean up all listeners after a single_connection X11 forward, not just + the one that made the single connection + 3. Destroy X11 listeners when the session owning them goes away + testing and ok dtucker@ + - djm@cvs.openbsd.org 2005/07/17 07:17:55 + [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] + [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] + [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] + [sshconnect.c sshconnect2.c] + knf says that a 2nd level indent is four (not three or five) spaces + -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c] + [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too + - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls + +20050716 + - (dtucker) [auth-pam.c] Ensure that only one side of the authentication + socketpair stays open on in both the monitor and PAM process. Patch from + Joerg Sonnenberger. + +20050714 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/07/06 09:33:05 + [ssh.1] + clarify meaning of ssh -b ; with & ok jmc@ + - dtucker@cvs.openbsd.org 2005/07/08 09:26:18 + [misc.c] + Make comment match code; ok djm@ + - markus@cvs.openbsd.org 2005/07/08 09:41:33 + [channels.h] + race when efd gets closed while there is still buffered data: + change CHANNEL_EFD_OUTPUT_ACTIVE() + 1) c->efd must always be valid AND + 2a) no EOF has been seen OR + 2b) there is buffered data + report, initial fix and testing Chuck Cranor + - dtucker@cvs.openbsd.org 2005/07/08 10:20:41 + [ssh_config.5] + change BindAddress to match recent ssh -b change; prompted by markus@ + - jmc@cvs.openbsd.org 2005/07/08 12:53:10 + [ssh_config.5] + new sentence, new line; + - dtucker@cvs.openbsd.org 2005/07/14 04:00:43 + [misc.h] + use __sentinel__ attribute; ok deraadt@ djm@ markus@ + - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the + compiler doesn't understand it to prevent warnings. If any mainstream + compiler versions acquire it we can test for those versions. Based on + discussion with djm@. + +20050707 + - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for + the MIT Kerberos code path into a common function and expand mkstemp + template to be consistent with the rest of OpenSSH. From sxw at + inf.ed.ac.uk, ok djm@ + - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno + in the case where the buffer is insufficient, so always return ENOMEM. + Also pointed out by sxw at inf.ed.ac.uk. + - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove + calls to krb5_init_ets, which has not been required since krb-1.1.x and + most Kerberos versions no longer export in their public API. From sxw + at inf.ed.ac.uk, ok djm@ + +20050706 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2005/07/01 13:19:47 + [channels.c] + don't free() if getaddrinfo() fails; report mpech@ + - djm@cvs.openbsd.org 2005/07/04 00:58:43 + [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] + implement support for X11 and agent forwarding over multiplex slave + connections. Because of protocol limitations, the slave connections inherit + the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding + their own. + ok dtucker@ "put it in" deraadt@ + - jmc@cvs.openbsd.org 2005/07/04 11:29:51 + [ssh_config.5] + fix Xr and a little grammar; + - markus@cvs.openbsd.org 2005/07/04 14:04:11 + [channels.c] + don't forget to set x11_saved_display + +20050626 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/06/17 22:53:47 + [ssh.c sshconnect.c] + Fix ControlPath's %p expanding to "0" for a default port, + spotted dwmw2 AT infradead.org; ok markus@ + - djm@cvs.openbsd.org 2005/06/18 04:30:36 + [ssh.c ssh_config.5] + allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@ + - djm@cvs.openbsd.org 2005/06/25 22:47:49 + [ssh.c] + do the default port filling code a few lines earlier, so it really + does fix %p + +20050618 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/05/20 12:57:01; + [auth1.c] split protocol 1 auth methods into separate functions, makes + authloop much more readable; fixes and ok markus@ (portable ok & + polish dtucker@) + - djm@cvs.openbsd.org 2005/06/17 02:44:33 + [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@ + - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable, + tested and fixes tim@ + +20050617 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/06/16 03:38:36 + [channels.c channels.h clientloop.c clientloop.h ssh.c] + move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd + easier later; ok deraadt@ + - markus@cvs.openbsd.org 2005/06/16 08:00:00 + [canohost.c channels.c sshd.c] + don't exit if getpeername fails for forwarded ports; bugzilla #1054; + ok djm + - djm@cvs.openbsd.org 2005/06/17 02:44:33 + [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] + [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] + [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] + [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] + [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] + make this -Wsign-compare clean; ok avsm@ markus@ + NB. auth1.c changes not committed yet (conflicts with uncommitted sync) + NB2. more work may be needed to make portable Wsign-compare clean + - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h + openbsd-compat/openssl-compat.c] only include openssl compat stuff where + it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by + and ok tim@ + +20050616 + - (djm) OpenBSD CVS Sync + - jaredy@cvs.openbsd.org 2005/06/07 13:25:23 + [progressmeter.c] + catch SIGWINCH and resize progress meter accordingly; ok markus dtucker + - djm@cvs.openbsd.org 2005/06/06 11:20:36 + [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] + introduce a generic %foo expansion function. replace existing % expansion + and add expansion to ControlPath; ok markus@ + - djm@cvs.openbsd.org 2005/06/08 03:50:00 + [ssh-keygen.1 ssh-keygen.c sshd.8] + increase default rsa/dsa key length from 1024 to 2048 bits; + ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/06/08 11:25:09 + [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] + add ControlMaster=auto/autoask options to support opportunistic + multiplexing; tested avsm@ and jakob@, ok markus@ + - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 + [cipher.c] + Correctly initialize end of array sentinel; ok djm@ + (Id sync only, change already in portable) + +20050609 + - (dtucker) [cipher.c openbsd-compat/Makefile.in + openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}] + Move compatibility code for supporting older OpenSSL versions to the + compat layer. Suggested by and "no objection" djm@ + +20050607 + - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: + in today's episode we attempt to coax it from limits.h where it may be + hiding, failing that we take the DIY approach. Tested by tim@ + +20050603 + - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't + defined, and check that it helps before keeping it in CFLAGS. Some old + gcc's don't set an error code when encountering an unknown value in -std. + Found and tested by tim@. + - (dtucker) [configure.ac] Point configure's reporting address at the + openssh-unix-dev list. ok tim@ djm@ + +20050602 + - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h. + Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms + to skip builtin standard includes tests. (first AC_CHECK_HEADERS test + must be run on all platforms) Add missing ;; to case statement. OK dtucker@ + +20050601 + - (dtucker) [configure.ac] Look for _getshort and _getlong in + arpa/nameser.h. + - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] + Add strtoll to the compat library, from OpenBSD. + - (dtucker) OpenBSD CVS Sync + - avsm@cvs.openbsd.org 2005/05/26 02:08:05 + [scp.c] + If copying multiple files to a target file (which normally fails, as it + must be a target directory), kill the spawned ssh child before exiting. + This stops it trying to authenticate and spewing lots of output. + deraadt@ ok + - dtucker@cvs.openbsd.org 2005/05/26 09:08:12 + [ssh-keygen.c] + uint32_t -> u_int32_t for consistency; ok djm@ + - djm@cvs.openbsd.org 2005/05/27 08:30:37 + [ssh.c] + fix -O for cases where no ControlPath has been specified or socket at + ControlPath is not contactable; spotted by and ok avsm@ + - (tim) [config.guess config.sub] Update to '2005-05-27' version. + - (tim) [configure.ac] set TEST_SHELL for OpenServer 6 + +20050531 + - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at + vintela.com. + - (dtucker) [mdoc2man.awk] Teach it to understand .Ox. + +20050530 + - (dtucker) [README] Link to new release notes. Beter late than never... + +20050529 + - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the + argument to passwdexpired to be initialized to NULL. Suggested by tim@ + While at it, initialize the other arguments to auth functions in case they + ever acquire this behaviour. + - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. + - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message, + spotted by tim@. + +20050528 + - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have + one entry per line to make it easier to merge changes. ok djm@ + - (dtucker) [configure.ac] strsep() may be defined in string.h, so check + for its presence and include it in the strsep check. + - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for + its presence before doing AC_FUNC_GETPGRP. + - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor + version-specific variations as required. + - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as + per the autoconf man page. Configure should always define them but it + doesn't hurt to check. + +20050527 + - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by + David Leach; ok dtucker@ + - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c + openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo. + Required changes from Bernhard Simon, integrated by me. ok djm@ + +20050525 + - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not + been used for a while + - (djm) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/04/05 13:45:31 + [ssh-keygen.c] + - djm@cvs.openbsd.org 2005/04/06 09:43:59 + [sshd.c] + avoid harmless logspam by not performing setsockopt() on non-socket; + ok markus@ + - dtucker@cvs.openbsd.org 2005/04/06 12:26:06 + [ssh.c] + Fix debug call for port forwards; patch from pete at seebeyond.com, + ok djm@ (ID sync only - change already in portable) + - djm@cvs.openbsd.org 2005/04/09 04:32:54 + [misc.c misc.h tildexpand.c Makefile.in] + replace tilde_expand_filename with a simpler implementation, ahead of + more whacking; ok deraadt@ + - jmc@cvs.openbsd.org 2005/04/14 12:30:30 + [ssh.1] + arg to -b is an address, not if_name; + ok markus@ + - jakob@cvs.openbsd.org 2005/04/20 10:05:45 + [dns.c] + do not try to look up SSHFP for numerical hostname. ok djm@ + - djm@cvs.openbsd.org 2005/04/21 06:17:50 + [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] + [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment + variable, so don't say that we do (bz #623); ok deraadt@ + - djm@cvs.openbsd.org 2005/04/21 11:47:19 + [ssh.c] + don't allocate a pty when -n flag (/dev/null stdin) is set, patch from + ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@ + - dtucker@cvs.openbsd.org 2005/04/23 23:43:47 + [readpass.c] + Add debug message if read_passphrase can't open /dev/tty; bz #471; + ok djm@ + - jmc@cvs.openbsd.org 2005/04/26 12:59:02 + [sftp-client.h] + spelling correction in comment from wiz@netbsd; + - jakob@cvs.openbsd.org 2005/04/26 13:08:37 + [ssh.c ssh_config.5] + fallback gracefully if client cannot connect to ControlPath. ok djm@ + - moritz@cvs.openbsd.org 2005/04/28 10:17:56 + [progressmeter.c ssh-keyscan.c] + add snprintf checks. ok djm@ markus@ + - markus@cvs.openbsd.org 2005/05/02 21:13:22 + [readpass.c] + missing {} + - djm@cvs.openbsd.org 2005/05/10 10:28:11 + [ssh.c] + print nice error message for EADDRINUSE as well (ID sync only) + - djm@cvs.openbsd.org 2005/05/10 10:30:43 + [ssh.c] + report real errors on fallback from ControlMaster=no to normal connect + - markus@cvs.openbsd.org 2005/05/16 15:30:51 + [readconf.c servconf.c] + check return value from strdelim() for NULL (AddressFamily); mpech + - djm@cvs.openbsd.org 2005/05/19 02:39:55 + [sshd_config.5] + sort config options, from grunk AT pestilenz.org; ok jmc@ + - djm@cvs.openbsd.org 2005/05/19 02:40:52 + [sshd_config] + whitespace nit, from grunk AT pestilenz.org + - djm@cvs.openbsd.org 2005/05/19 02:42:26 + [includes.h] + fix cast, from grunk AT pestilenz.org + - djm@cvs.openbsd.org 2005/05/20 10:50:55 + [ssh_config.5] + give a ProxyCommand example using nc(1), with and ok jmc@ + - jmc@cvs.openbsd.org 2005/05/20 11:23:32 + [ssh_config.5] + oops - article and spacing; + - avsm@cvs.openbsd.org 2005/05/23 22:44:01 + [moduli.c ssh-keygen.c] + - removes signed/unsigned comparisons in moduli generation + - use strtonum instead of atoi where its easier + - check some strlcpy overflow and fatal instead of truncate + - djm@cvs.openbsd.org 2005/05/23 23:32:46 + [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] + add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; + ok markus@ + - avsm@cvs.openbsd.org 2005/05/24 02:05:09 + [ssh-keygen.c] + some style nits from dmiller@, and use a fatal() instead of a printf()/exit + - avsm@cvs.openbsd.org 2005/05/24 17:32:44 + [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c] + [ssh-keyscan.c sshconnect.c] + Switch atomicio to use a simpler interface; it now returns a size_t + (containing number of bytes read/written), and indicates error by + returning 0. EOF is signalled by errno==EPIPE. + Typical use now becomes: + + if (atomicio(read, ..., len) != len) + err(1,"read"); + + ok deraadt@, cloder@, djm@ + - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on + Cygwin. + - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux: + warning: dereferencing type-punned pointer will break strict-aliasing rules + warning: passing arg 3 of `pam_get_item' from incompatible pointer type + The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@ + - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide + templates for _getshort and _getlong if missing to prevent compiler warnings + on Linux. + - (djm) [configure.ac openbsd-compat/Makefile.in] + [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c] + Add strtonum(3) from OpenBSD libc, new code needs it. + Unfortunately Linux forces us to do a bizarre dance with compiler + options to get LLONG_MIN/MAX; Spotted by and ok dtucker@ + 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 @@ -9,7 +502,7 @@ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory allocation when retrieving core Windows environment. Add CYGWIN variable to propagated variables. Patch from vinschen at redhat.com, ok djm@ - - (djm) Release 4.1p1 + - Release 4.1p1 20050524 - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure @@ -2496,4 +2989,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $ +$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $ diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index bca425d..fcbc522 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $ +# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -66,8 +66,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ - log.o match.o moduli.o mpaux.o nchan.o packet.o \ - readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \ + log.o match.o moduli.o nchan.o packet.o \ + readpass.o rsa.o ttymodes.o xmalloc.o \ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ @@ -190,7 +190,7 @@ ssh_prng_cmds.out: ssh_prng_cmds $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ fi -# fake rule to stop make trying to compile moduli.o into a binary "modulo" +# fake rule to stop make trying to compile moduli.o into a binary "moduli.o" moduli: echo diff --git a/crypto/openssh/README b/crypto/openssh/README index 93682c3..51f0ca4 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-4.0 for the release notes. +See http://www.openssh.com/txt/release-4.2 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -56,9 +56,10 @@ References - [2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html [3] http://www.gzip.org/zlib/ [4] http://www.openssl.org/ -[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris - and HP-UX 11) +[5] http://www.openpam.org + http://www.kernel.org/pub/linux/libs/pam/ + (PAM also is standard on Solaris and HP-UX 11) [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $ +$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $ diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep index ecb9d69..f565e72 100644 --- a/crypto/openssh/README.privsep +++ b/crypto/openssh/README.privsep @@ -38,8 +38,8 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX -(including Trusted Mode), Linux and Solaris. +PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, +HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled @@ -60,4 +60,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $ +$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $ diff --git a/crypto/openssh/WARNING.RNG b/crypto/openssh/WARNING.RNG index 687891a..97da74f 100644 --- a/crypto/openssh/WARNING.RNG +++ b/crypto/openssh/WARNING.RNG @@ -57,7 +57,7 @@ disproportionate time to execute. Tuning the random helper can be done by running ./ssh-random-helper in very verbose mode ("-vvv") and identifying the commands that are taking -accessive amounts of time or hanging altogher. Any problem commands can +excessive amounts of time or hanging altogher. Any problem commands can be modified or removed from ssh_prng_cmds. The default entropy collector will timeout programs which take too long @@ -92,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading prngd/egd and configure OpenSSH using --with-prngd-port=xx or --with-prngd-socket=xx (refer to INSTALL for more information). -$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $ +$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $ diff --git a/crypto/openssh/acss.c b/crypto/openssh/acss.c index 9364ba9..99efde0 100644 --- a/crypto/openssh/acss.c +++ b/crypto/openssh/acss.c @@ -1,4 +1,4 @@ -/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ +/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */ /* * Copyright (c) 2004 The OpenBSD project * @@ -24,37 +24,37 @@ /* decryption sbox */ static unsigned char sboxdec[] = { - 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, - 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, - 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, - 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, - 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, - 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, - 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, - 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, - 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, - 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, - 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, - 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, - 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, - 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, - 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, - 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, - 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, - 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, - 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, - 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, - 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, - 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, - 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, - 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, - 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, - 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, - 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, - 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, - 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, - 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, - 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, + 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, + 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, + 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, + 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, + 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, + 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, + 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, + 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, + 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, + 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, + 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, + 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, + 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, + 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, + 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, + 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, + 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, + 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, + 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, + 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, + 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, + 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, + 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, + 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, + 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, + 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, + 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, + 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, + 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, + 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, + 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff }; @@ -95,38 +95,38 @@ static unsigned char sboxenc[] = { }; static unsigned char reverse[] = { - 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, - 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, - 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, - 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, - 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, - 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, - 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, - 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, - 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, - 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, - 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, - 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, - 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, - 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, - 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, - 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, - 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, - 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, - 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, - 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, - 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, - 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, - 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, - 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, - 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, - 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, - 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, - 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, - 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, - 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, - 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, - 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff + 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, + 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, + 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, + 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, + 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, + 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, + 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, + 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, + 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, + 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, + 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, + 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, + 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, + 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, + 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, + 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, + 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, + 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, + 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, + 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, + 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, + 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, + 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, + 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, + 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, + 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, + 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, + 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, + 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, + 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, + 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, + 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff }; /* diff --git a/crypto/openssh/atomicio.c b/crypto/openssh/atomicio.c index 7637e16..12abbda 100644 --- a/crypto/openssh/atomicio.c +++ b/crypto/openssh/atomicio.c @@ -1,4 +1,5 @@ /* + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. * All rights reserved. * @@ -24,14 +25,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $"); #include "atomicio.h" /* * ensure all of data on socket comes through. f==read || f==vwrite */ -ssize_t +size_t atomicio(f, fd, _s, n) ssize_t (*f) (int, void *, size_t); int fd; @@ -39,7 +40,8 @@ atomicio(f, fd, _s, n) size_t n; { char *s = _s; - ssize_t res, pos = 0; + size_t pos = 0; + ssize_t res; while (n > pos) { res = (f) (fd, s + pos, n - pos); @@ -51,10 +53,12 @@ atomicio(f, fd, _s, n) if (errno == EINTR || errno == EAGAIN) #endif continue; + return 0; case 0: - return (res); + errno = EPIPE; + return pos; default: - pos += res; + pos += (u_int)res; } } return (pos); diff --git a/crypto/openssh/atomicio.h b/crypto/openssh/atomicio.h index 5c0f392..7eccf20 100644 --- a/crypto/openssh/atomicio.h +++ b/crypto/openssh/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */ +/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */ /* * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. @@ -28,6 +28,6 @@ /* * Ensure all of data on socket comes through. f==read || f==vwrite */ -ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); +size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); #define vwrite (ssize_t (*)(int, void *, size_t))write diff --git a/crypto/openssh/audit.c b/crypto/openssh/audit.c index 18fc410..c77d0c0 100644 --- a/crypto/openssh/audit.c +++ b/crypto/openssh/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ +/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -120,7 +120,7 @@ void audit_connection_from(const char *host, int port) { debug("audit connection from %s port %d euid %d", host, port, - (int)geteuid()); + (int)geteuid()); } /* @@ -147,7 +147,7 @@ audit_session_open(const char *ttyn) const char *t = ttyn ? ttyn : "(no tty)"; debug("audit session open euid %d user %s tty name %s", geteuid(), - audit_username(), t); + audit_username(), t); } /* @@ -163,7 +163,7 @@ audit_session_close(const char *ttyn) const char *t = ttyn ? ttyn : "(no tty)"; debug("audit session close euid %d user %s tty name %s", geteuid(), - audit_username(), t); + audit_username(), t); } /* diff --git a/crypto/openssh/auth-rhosts.c b/crypto/openssh/auth-rhosts.c index 585246e..aaba855 100644 --- a/crypto/openssh/auth-rhosts.c +++ b/crypto/openssh/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname, /* If the entry was negated, deny access. */ if (negated) { auth_debug_add("Matched negative entry in %.100s.", - filename); + filename); return 0; } /* Accept authentication. */ diff --git a/crypto/openssh/auth-shadow.c b/crypto/openssh/auth-shadow.c index f6004f6..59737b9 100644 --- a/crypto/openssh/auth-shadow.c +++ b/crypto/openssh/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include <shadow.h> @@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt) #if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) { struct pr_passwd *pr; - + pr = getprpwnam((char *)user); /* Test for Trusted Mode expiry disabled */ diff --git a/crypto/openssh/auth2-gss.c b/crypto/openssh/auth2-gss.c index 3289ba1..4d468a0 100644 --- a/crypto/openssh/auth2-gss.c +++ b/crypto/openssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt) int present; OM_uint32 ms; u_int len; - char *doid = NULL; + u_char *doid = NULL; if (!authctxt->valid || authctxt->user == NULL) return (0); @@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt) present = 0; doid = packet_get_string(&len); - if (len > 2 && - doid[0] == SSH_GSS_OIDTYPE && - doid[1] == len - 2) { + if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && + doid[1] == len - 2) { goid.elements = doid + 2; goid.length = len - 2; gss_test_oid_set_member(&ms, &goid, supported, diff --git a/crypto/openssh/cipher-acss.c b/crypto/openssh/cipher-acss.c index 3a966a7..a95fa67 100644 --- a/crypto/openssh/cipher-acss.c +++ b/crypto/openssh/cipher-acss.c @@ -17,7 +17,7 @@ #include "includes.h" #include <openssl/evp.h> -RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $"); +RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $"); #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) @@ -33,7 +33,7 @@ typedef struct { #define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 static int -acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); @@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int -acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, +acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { acss(&data(ctx)->ks,inl,in,out); diff --git a/crypto/openssh/cipher-ctr.c b/crypto/openssh/cipher-ctr.c index 43f1ede..8561773 100644 --- a/crypto/openssh/cipher-ctr.c +++ b/crypto/openssh/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $"); #include <openssl/evp.h> @@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, } if (key != NULL) AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &c->aes_ctx); + &c->aes_ctx); if (iv != NULL) memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); return (1); diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 1591215..47f3c7e 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -140,6 +140,8 @@ int session_ident = -1; struct confirm_ctx { int want_tty; int want_subsys; + int want_x_fwd; + int want_agent_fwd; Buffer cmd; char *term; struct termios tio; @@ -208,6 +210,109 @@ get_current_time(void) return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; } +#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" +void +client_x11_get_proto(const char *display, const char *xauth_path, + u_int trusted, char **_proto, char **_data) +{ + char cmd[1024]; + char line[512]; + char xdisplay[512]; + static char proto[512], data[512]; + FILE *f; + int got_data = 0, generated = 0, do_unlink = 0, i; + char *xauthdir, *xauthfile; + struct stat st; + + xauthdir = xauthfile = NULL; + *_proto = proto; + *_data = data; + proto[0] = data[0] = '\0'; + + if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { + debug("No xauth program."); + } else { + if (display == NULL) { + debug("x11_get_proto: DISPLAY not set"); + return; + } + /* + * Handle FamilyLocal case where $DISPLAY does + * not match an authorization entry. For this we + * just try "xauth list unix:displaynum.screennum". + * XXX: "localhost" match to determine FamilyLocal + * is not perfect. + */ + if (strncmp(display, "localhost:", 10) == 0) { + snprintf(xdisplay, sizeof(xdisplay), "unix:%s", + display + 10); + display = xdisplay; + } + if (trusted == 0) { + xauthdir = xmalloc(MAXPATHLEN); + xauthfile = xmalloc(MAXPATHLEN); + strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + if (mkdtemp(xauthdir) != NULL) { + do_unlink = 1; + snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", + xauthdir); + snprintf(cmd, sizeof(cmd), + "%s -f %s generate %s " SSH_X11_PROTO + " untrusted timeout 1200 2>" _PATH_DEVNULL, + xauth_path, xauthfile, display); + debug2("x11_get_proto: %s", cmd); + if (system(cmd) == 0) + generated = 1; + } + } + snprintf(cmd, sizeof(cmd), + "%s %s%s list %s . 2>" _PATH_DEVNULL, + xauth_path, + generated ? "-f " : "" , + generated ? xauthfile : "", + display); + debug2("x11_get_proto: %s", cmd); + f = popen(cmd, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %511s %511s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); + } + + if (do_unlink) { + unlink(xauthfile); + rmdir(xauthdir); + } + if (xauthdir) + xfree(xauthdir); + if (xauthfile) + xfree(xauthfile); + + /* + * If we didn't get authentication data, just make up some + * data. The forwarding code will check the validity of the + * response anyway, and substitute this data. The X11 + * server, however, will ignore this fake data and use + * whatever authentication mechanisms it was using otherwise + * for the local connection. + */ + if (!got_data) { + u_int32_t rnd = 0; + + logit("Warning: No xauth data; " + "using fake authentication data for X11 forwarding."); + strlcpy(proto, SSH_X11_PROTO, sizeof proto); + for (i = 0; i < 16; i++) { + if (i % 4 == 0) + rnd = arc4random(); + snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", + rnd & 0xff); + rnd >>= 8; + } + } +} + /* * This is called when the interactive is entered. This checks if there is * an EOF coming on stdin. We must check this explicitly, as select() does @@ -528,6 +633,7 @@ static void client_extra_session2_setup(int id, void *arg) { struct confirm_ctx *cctx = arg; + const char *display; Channel *c; int i; @@ -536,6 +642,24 @@ client_extra_session2_setup(int id, void *arg) if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); + display = getenv("DISPLAY"); + if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { + char *proto, *data; + /* Get reasonable local authentication information. */ + client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, &proto, &data); + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication spoofing."); + x11_request_forwarding_with_spoofing(id, display, proto, data); + /* XXX wait for reply */ + } + + if (cctx->want_agent_fwd && options.forward_agent) { + debug("Requesting authentication agent forwarding."); + channel_request_start(id, "auth-agent-req@openssh.com", 0); + packet_send(); + } + client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); @@ -556,12 +680,12 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, i, allowed; + int client_fd, new_fd[3], ver, allowed; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len, env_len, command, flags; + u_int i, len, env_len, command, flags; uid_t euid; gid_t egid; @@ -601,7 +725,7 @@ client_process_control(fd_set * readset) buffer_free(&m); return; } - if ((ver = buffer_get_char(&m)) != 1) { + if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -616,13 +740,15 @@ client_process_control(fd_set * readset) switch (command) { case SSHMUX_COMMAND_OPEN: - if (options.control_master == 2) + if (options.control_master == SSHCTL_MASTER_ASK || + options.control_master == SSHCTL_MASTER_AUTO_ASK) allowed = ask_permission("Allow shared connection " "to %s? ", host); /* continue below */ break; case SSHMUX_COMMAND_TERMINATE: - if (options.control_master == 2) + if (options.control_master == SSHCTL_MASTER_ASK || + options.control_master == SSHCTL_MASTER_AUTO_ASK) allowed = ask_permission("Terminate shared connection " "to %s? ", host); if (allowed) @@ -633,7 +759,7 @@ client_process_control(fd_set * readset) buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); @@ -653,7 +779,7 @@ client_process_control(fd_set * readset) buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); @@ -674,7 +800,7 @@ client_process_control(fd_set * readset) buffer_free(&m); return; } - if ((ver = buffer_get_char(&m)) != 1) { + if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -685,6 +811,8 @@ client_process_control(fd_set * readset) memset(cctx, 0, sizeof(*cctx)); cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; + cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0; + cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0; cctx->term = buffer_get_string(&m, &len); cmd = buffer_get_string(&m, &len); @@ -718,7 +846,7 @@ client_process_control(fd_set * readset) /* This roundtrip is just for synchronisation of ttymodes */ buffer_clear(&m); - if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); close(new_fd[0]); @@ -866,7 +994,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) u_char ch; char *s; - for (i = 0; i < len; i++) { + if (len <= 0) + return (0); + + for (i = 0; i < (u_int)len; i++) { /* Get one character at a time. */ ch = buf[i]; diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h index b23c111..aed2d91 100644 --- a/crypto/openssh/clientloop.h +++ b/crypto/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -37,10 +37,15 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); +void client_x11_get_proto(const char *, const char *, u_int, + char **, char **); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); +/* Multiplexing protocol version */ +#define SSHMUX_VER 1 + /* Multiplexing control protocol flags */ #define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ #define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ @@ -48,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *, #define SSHMUX_FLAG_TTY (1) /* Request tty on open */ #define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ +#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */ +#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */ diff --git a/crypto/openssh/config.guess b/crypto/openssh/config.guess index 5adbef1..6d71f75 100755 --- a/crypto/openssh/config.guess +++ b/crypto/openssh/config.guess @@ -1,9 +1,9 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. -timestamp='2003-10-03' +timestamp='2005-05-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -17,13 +17,15 @@ timestamp='2003-10-03' # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Originally written by Per Bothner <per@bothner.com>. # Please send patches to <config-patches@gnu.org>. Submit a context # diff and a properly formatted ChangeLog entry. @@ -53,7 +55,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -66,11 +68,11 @@ Try \`$me --help' for more information." while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -196,50 +198,64 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" - exit 0 ;; + exit ;; + amd64:OpenBSD:*:*) + echo x86_64-unknown-openbsd${UNAME_RELEASE} + exit ;; amiga:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - arc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; + cats:OpenBSD:*:*) + echo arm-unknown-openbsd${UNAME_RELEASE} + exit ;; hp300:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; + luna88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit ;; mac68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; macppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; mvme68k:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; mvme88k:OpenBSD:*:*) echo m88k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; mvmeppc:OpenBSD:*:*) echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - pmax:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; sgi:OpenBSD:*:*) - echo mipseb-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + echo mips64-unknown-openbsd${UNAME_RELEASE} + exit ;; sun3:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - wgrisc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerppc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; alpha:OSF1:*:*) - if test $UNAME_RELEASE = "V4.0"; then + case $UNAME_RELEASE in + *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - fi + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU @@ -277,42 +293,49 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac + # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit 0 ;; - Alpha*:OpenVMS:*:*) - echo alpha-hp-vms - exit 0 ;; + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix - exit 0 ;; + exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 - exit 0 ;; + exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 - exit 0;; + exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos - exit 0 ;; + exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos - exit 0 ;; + exit ;; *:OS/390:*:*) echo i370-ibm-openedition - exit 0 ;; + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp - exit 0;; + exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then @@ -320,32 +343,32 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in else echo pyramid-pyramid-bsd fi - exit 0 ;; + exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 - exit 0 ;; + exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 - exit 0 ;; - DRS?6000:UNIX_SV:4.2*:7*) + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7 && exit 0 ;; + sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) @@ -354,10 +377,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; + exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 @@ -369,10 +392,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo sparc-sun-sunos${UNAME_RELEASE} ;; esac - exit 0 ;; + exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -383,37 +406,40 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; + exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 - exit 0 ;; + exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} - exit 0 ;; + exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -437,32 +463,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c \ - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; + exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax - exit 0 ;; + exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix - exit 0 ;; + exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 - exit 0 ;; + exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 - exit 0 ;; + exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` @@ -478,29 +505,29 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 - exit 0 ;; + exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 - exit 0 ;; + exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd - exit 0 ;; + exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; + exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix - exit 0 ;; + exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` @@ -508,7 +535,7 @@ EOF IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build @@ -523,14 +550,18 @@ EOF exit(0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 - echo rs6000-ibm-aix3.2.5 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi - exit 0 ;; + exit ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then @@ -544,28 +575,28 @@ EOF IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:*:*) echo rs6000-ibm-aix - exit 0 ;; + exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 - exit 0 ;; + exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 + exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx - exit 0 ;; + exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 - exit 0 ;; + exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd - exit 0 ;; + exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 - exit 0 ;; + exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in @@ -629,7 +660,18 @@ EOF then # avoid double evaluation of $set_cc_for_build test -n "$CC_FOR_BUILD" || eval $set_cc_for_build - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else @@ -637,11 +679,11 @@ EOF fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -669,153 +711,166 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 - exit 0 ;; + exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd - exit 0 ;; + exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd - exit 0 ;; + exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix - exit 0 ;; + exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf - exit 0 ;; + exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf - exit 0 ;; + exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi - exit 0 ;; + exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites - exit 0 ;; + exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; *:UNICOS/mp:*:*) - echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) - # Determine whether the default compiler uses glibc. - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include <features.h> - #if __GLIBC__ >= 2 - LIBC=gnu - #else - LIBC= - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - # GNU/FreeBSD systems have a "k" prefix to indicate we are using - # FreeBSD's kernel, but not the complete OS. - case ${LIBC} in gnu) kernel_only='k' ;; esac - echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} - exit 0 ;; + exit ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin - exit 0 ;; + exit ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 - exit 0 ;; + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 - exit 0 ;; + exit ;; x86:Interix*:[34]*) echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' - exit 0 ;; + exit ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks - exit 0 ;; + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix - exit 0 ;; + exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin - exit 0 ;; + exit ;; + amd64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin - exit 0 ;; + exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; *:GNU:*:*) + # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix - exit 0 ;; + exit ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu - exit 0 ;; + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -833,7 +888,7 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build @@ -852,14 +907,14 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu - exit 0 ;; + exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu - exit 0 ;; + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -873,7 +928,7 @@ EOF objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit 0 ;; + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -881,25 +936,25 @@ EOF PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac - exit 0 ;; + exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu - exit 0 ;; + exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux - exit 0 ;; + exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu - exit 0 ;; + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -917,15 +972,15 @@ EOF ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit 0 ;; + exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit 0 ;; + exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit 0 ;; + exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build @@ -953,15 +1008,18 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 - exit 0 ;; + exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... @@ -969,24 +1027,27 @@ EOF # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx - exit 0 ;; + exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop - exit 0 ;; + exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos - exit 0 ;; + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit 0 ;; + exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then @@ -994,16 +1055,16 @@ EOF else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi - exit 0 ;; + exit ;; i*86:*:5:[678]*) - # Unixware 7.x, OpenUNIX 8, & OpenServer 6 + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` @@ -1021,73 +1082,73 @@ EOF else echo ${UNAME_MACHINE}-pc-sysv32 fi - exit 0 ;; + exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp - exit 0 ;; + exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 - exit 0 ;; + exit ;; paragon:*:*:*) echo i860-intel-osf1 - exit 0 ;; + exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi - exit 0 ;; + exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv - exit 0 ;; + exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv - exit 0 ;; + exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 - exit 0 ;; + exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; + exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` @@ -1095,68 +1156,73 @@ EOF else echo ns32k-sni-sysv fi - exit 0 ;; + exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says <Richard.M.Bartel@ccMail.Census.GOV> echo i586-unisys-sysv4 - exit 0 ;; + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes <hewes@openmarket.com>. # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 - exit 0 ;; + exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 - exit 0 ;; + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos - exit 0 ;; + exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; + exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 - exit 0 ;; + exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos - exit 0 ;; + exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos - exit 0 ;; + exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos - exit 0 ;; + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Darwin:*:*) - case `uname -p` in + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in *86) UNAME_PROCESSOR=i686 ;; - powerpc) UNAME_PROCESSOR=powerpc ;; + unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit 0 ;; + exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then @@ -1164,22 +1230,25 @@ EOF UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit 0 ;; + exit ;; *:QNX:*:4*) echo i386-pc-qnx - exit 0 ;; - NSR-[DGKLNPTVWY]:NONSTOP_KERNEL:*:*) + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} - exit 0 ;; + exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux - exit 0 ;; + exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv - exit 0 ;; + exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 @@ -1190,28 +1259,44 @@ EOF UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 - exit 0 ;; + exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 - exit 0 ;; + exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex - exit 0 ;; + exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 - exit 0 ;; + exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 - exit 0 ;; + exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 - exit 0 ;; + exit ;; *:ITS:*:*) echo pdp10-unknown-its - exit 0 ;; + exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} - exit 0 ;; + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1243,7 +1328,7 @@ main () #endif #if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); + printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) @@ -1332,11 +1417,12 @@ main () } EOF -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) @@ -1345,22 +1431,22 @@ then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd - exit 0 ;; + exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; c34*) echo c34-convex-bsd - exit 0 ;; + exit ;; c38*) echo c38-convex-bsd - exit 0 ;; + exit ;; c4*) echo c4-convex-bsd - exit 0 ;; + exit ;; esac fi @@ -1371,7 +1457,9 @@ This script, last modified $timestamp, has failed to recognize the operating system you are using. It is advised that you download the most up to date version of the config scripts from - ftp://ftp.gnu.org/pub/gnu/config/ + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess +and + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub If the version you run ($0) is already up to date, please send the following data and any information you think might be diff --git a/crypto/openssh/config.sub b/crypto/openssh/config.sub index 1f31816..519f2cd 100755 --- a/crypto/openssh/config.sub +++ b/crypto/openssh/config.sub @@ -1,9 +1,9 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. -timestamp='2003-08-18' +timestamp='2005-05-12' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -21,14 +21,15 @@ timestamp='2003-08-18' # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Please send patches to <config-patches@gnu.org>. Submit a context # diff and a properly formatted ChangeLog entry. # @@ -70,7 +71,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -83,11 +84,11 @@ Try \`$me --help' for more information." while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -99,7 +100,7 @@ while test $# -gt 0 ; do *local*) # First pass through any local machine types. echo $1 - exit 0;; + exit ;; * ) break ;; @@ -118,7 +119,8 @@ esac # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -144,7 +146,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis) + -apple | -axis | -knuth | -cray) os= basic_machine=$1 ;; @@ -230,13 +232,14 @@ case $basic_machine in | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ - | m32r | m68000 | m68k | m88k | mcore \ + | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -261,12 +264,13 @@ case $basic_machine in | pyramid \ | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b \ | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ - | x86 | xscale | xstormy16 | xtensa \ + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; @@ -297,9 +301,9 @@ case $basic_machine in | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* \ - | bs2000-* \ + | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | cydra-* \ + | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ @@ -307,9 +311,9 @@ case $basic_machine in | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ - | m32r-* \ + | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -325,8 +329,9 @@ case $basic_machine in | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ + | mmix-* \ | msp430-* \ - | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ @@ -334,15 +339,16 @@ case $basic_machine in | romp-* | rs6000-* \ | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ - | xtensa-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa-* \ | ymp-* \ | z8k-*) ;; @@ -362,6 +368,9 @@ case $basic_machine in basic_machine=a29k-amd os=-udi ;; + abacus) + basic_machine=abacus-unknown + ;; adobe68k) basic_machine=m68010-adobe os=-scout @@ -379,6 +388,9 @@ case $basic_machine in amd64) basic_machine=x86_64-pc ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; amdahl) basic_machine=580-amdahl os=-sysv @@ -438,12 +450,27 @@ case $basic_machine in basic_machine=j90-cray os=-unicos ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16c) + basic_machine=cr16c-unknown + os=-elf + ;; crds | unos) basic_machine=m68k-crds ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; da30 | da30-*) basic_machine=m68k-da30 ;; @@ -466,6 +493,10 @@ case $basic_machine in basic_machine=m88k-motorola os=-sysv3 ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx @@ -644,10 +675,6 @@ case $basic_machine in mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; - mmix*) - basic_machine=mmix-knuth - os=-mmixware - ;; monitor) basic_machine=m68k-rom68k os=-coff @@ -728,10 +755,6 @@ case $basic_machine in np1) basic_machine=np1-gould ;; - nv1) - basic_machine=nv1-cray - os=-unicosmp - ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -743,6 +766,10 @@ case $basic_machine in basic_machine=or32-unknown os=-coff ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose @@ -963,6 +990,10 @@ case $basic_machine in tower | tower-32) basic_machine=m68k-ncr ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; udi29k) basic_machine=a29k-amd os=-udi @@ -1006,6 +1037,10 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; xps | xps100) basic_machine=xps100-honeywell ;; @@ -1036,6 +1071,9 @@ case $basic_machine in romp) basic_machine=romp-ibm ;; + mmix) + basic_machine=mmix-knuth + ;; rs6000) basic_machine=rs6000-ibm ;; @@ -1058,7 +1096,7 @@ case $basic_machine in sh64) basic_machine=sh64-unknown ;; - sparc | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; cydra) @@ -1131,19 +1169,20 @@ case $os in | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1182,6 +1221,9 @@ case $os in -opened*) os=-openedition ;; + -os400*) + os=-os400 + ;; -wince*) os=-wince ;; @@ -1203,6 +1245,9 @@ case $os in -atheos*) os=-atheos ;; + -syllable*) + os=-syllable + ;; -386bsd) os=-bsd ;; @@ -1225,6 +1270,9 @@ case $os in -sinix*) os=-sysv4 ;; + -tpf*) + os=-tpf + ;; -triton*) os=-sysv3 ;; @@ -1261,6 +1309,9 @@ case $os in -kaos*) os=-kaos ;; + -zvmoe) + os=-zvmoe + ;; -none) ;; *) @@ -1341,6 +1392,9 @@ case $basic_machine in *-ibm) os=-aix ;; + *-knuth) + os=-mmixware + ;; *-wec) os=-proelf ;; @@ -1473,9 +1527,15 @@ case $basic_machine in -mvs* | -opened*) vendor=ibm ;; + -os400*) + vendor=ibm + ;; -ptx*) vendor=sequent ;; + -tpf*) + vendor=ibm + ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; @@ -1500,7 +1560,7 @@ case $basic_machine in esac echo $basic_machine$os -exit 0 +exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index 7758bc3..408b988 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ +/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */ /* Constants */ @@ -54,10 +54,24 @@ enum # ifdef PATH_MAX # define MAXPATHLEN PATH_MAX # else /* PATH_MAX */ -# define MAXPATHLEN 64 /* Should be safe */ +# define MAXPATHLEN 64 +/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */ +# ifndef BROKEN_REALPATH +# define BROKEN_REALPATH 1 +# endif /* BROKEN_REALPATH */ # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ +#ifndef PATH_MAX +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX +# endif +#endif + +#ifndef MAXSYMLINKS +# define MAXSYMLINKS 5 +#endif + #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif @@ -432,6 +446,10 @@ struct winsize { # define __dead __attribute__((noreturn)) #endif +#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__) +# define __sentinel__ +#endif + /* *-*-nto-qnx doesn't define this macro in the system headers */ #ifdef MISSING_HOWMANY # define howmany(x,y) (((x)+((y)-1))/(y)) @@ -567,6 +585,23 @@ struct winsize { # define SSH_SYSFDMAX 10000 #endif +#if defined(__Lynx__) + /* + * LynxOS defines these in param.h which we do not want to include since + * it will also pull in a bunch of kernel definitions. + */ +# define ALIGNBYTES (sizeof(int) - 1) +# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES) + /* Missing prototypes on LynxOS */ + int snprintf (char *, size_t, const char *, ...); + int mkstemp (char *); + char *crypt (const char *, const char *); + int seteuid (uid_t); + int setegid (gid_t); + char *mkdtemp (char *); + int rresvport_af (int *, sa_family_t); + int innetgr (const char *, const char *, const char *, const char *); +#endif /* * Define this to use pipes instead of socketpairs for communicating with the @@ -653,6 +688,10 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif + /* HP-UX 11.11 */ #ifdef BTMP_FILE # define _PATH_BTMP BTMP_FILE @@ -664,4 +703,12 @@ struct winsize { /** end of login recorder definitions */ +#ifdef BROKEN_GETGROUPS +# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b))) +#endif + +#if defined(HAVE_MMAP) && defined(BROKEN_MMAP) +# undef HAVE_MMAP +#endif + #endif /* _DEFINES_H */ diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c index 140ab60..4487c1a 100644 --- a/crypto/openssh/dns.c +++ b/crypto/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, return success; } +/* + * Check if hostname is numerical. + * Returns -1 if hostname is numeric, 0 otherwise + */ +static int +is_numeric_hostname(const char *hostname) +{ + struct addrinfo hints, *ai; + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_NUMERICHOST; + + if (getaddrinfo(hostname, "0", &hints, &ai) == 0) { + freeaddrinfo(ai); + return -1; + } + + return 0; +} /* * Verify the given hostname, address and host key using DNS. @@ -151,7 +171,7 @@ int verify_host_key_dns(const char *hostname, struct sockaddr *address, const Key *hostkey, int *flags) { - int counter; + u_int counter; int result; struct rrsetinfo *fingerprints = NULL; @@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (hostkey == NULL) fatal("No key to look up!"); + if (is_numeric_hostname(hostname)) { + debug("skipped DNS lookup for numerical hostname"); + return -1; + } + result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, DNS_RDATATYPE_SSHFP, 0, &fingerprints); if (result) { @@ -249,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) u_char *rdata_digest; u_int rdata_digest_len; - int i; + u_int i; int success = 0; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, diff --git a/crypto/openssh/entropy.c b/crypto/openssh/entropy.c index 0997174..410bbb9 100644 --- a/crypto/openssh/entropy.c +++ b/crypto/openssh/entropy.c @@ -45,7 +45,7 @@ * XXX: we should tell the child how many bytes we need. */ -RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $"); +RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $"); #ifndef OPENSSL_PRNG_ONLY #define RANDOM_SEED_SIZE 48 @@ -114,8 +114,8 @@ seed_rng(void) close(p[0]); if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", - strerror(errno)); + fatal("Couldn't wait for ssh-rand-helper completion: %s", + strerror(errno)); signal(SIGCHLD, old_sigchld); /* We don't mind if the child exits upon a SIGPIPE */ diff --git a/crypto/openssh/gss-genr.c b/crypto/openssh/gss-genr.c index 3f5727b..9bc31aa 100644 --- a/crypto/openssh/gss-genr.c +++ b/crypto/openssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt) } char * -ssh_gssapi_last_error(Gssctxt *ctxt, - OM_uint32 *major_status, OM_uint32 *minor_status) +ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, + OM_uint32 *minor_status) { OM_uint32 lmin; gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; diff --git a/crypto/openssh/gss-serv-krb5.c b/crypto/openssh/gss-serv-krb5.c index 91d87f7..4f02621 100644 --- a/crypto/openssh/gss-serv-krb5.c +++ b/crypto/openssh/gss-serv-krb5.c @@ -65,9 +65,6 @@ ssh_gssapi_krb5_init(void) logit("Cannot initialize krb5 context"); return 0; } -#ifdef KRB5_INIT_ETS - krb5_init_ets(krb_context); -#endif return 1; } @@ -131,34 +128,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } #else - { - int tmpfd; - char ccname[40]; - mode_t old_umask; - - snprintf(ccname, sizeof(ccname), - "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); - - old_umask = umask(0177); - tmpfd = mkstemp(ccname + strlen("FILE:")); - umask(old_umask); - if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - problem = errno; - return; - } - if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); - close(tmpfd); - problem = errno; - return; - } - close(tmpfd); - if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) { - logit("krb5_cc_resolve(): %.100s", - krb5_get_err_text(krb_context, problem)); - return; - } + if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { + logit("ssh_krb5_cc_gen(): %.100s", + krb5_get_err_text(krb_context, problem)); + return; } #endif /* #ifdef HEIMDAL */ diff --git a/crypto/openssh/gss-serv.c b/crypto/openssh/gss-serv.c index de32a3f..1171304 100644 --- a/crypto/openssh/gss-serv.c +++ b/crypto/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, static OM_uint32 ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) { - char *tok; + u_char *tok; OM_uint32 offset; OM_uint32 oidl; @@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx,tok+6,oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) debug("Setting %s to %s", gssapi_client.store.envvar, gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); } } @@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) int ssh_gssapi_userok(char *user) { + OM_uint32 lmin; + if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) - return ((*gssapi_client.mech->userok)(&gssapi_client, user)); + if ((*gssapi_client.mech->userok)(&gssapi_client, user)) + return 1; + else { + /* Destroy delegated credentials if userok fails */ + gss_release_buffer(&lmin, &gssapi_client.displayname); + gss_release_buffer(&lmin, &gssapi_client.exportedname); + gss_release_cred(&lmin, &gssapi_client.creds); + memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); + return 0; + } else debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); return (0); diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index a668346..5dce335 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); #include <openssl/crypto.h> @@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *); static void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { - int i; + u_int i; buffer_clear(b); /* @@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) static void kex_prop_free(char **proposal) { - int i; + u_int i; for (i = 0; i < PROPOSAL_MAX; i++) xfree(proposal[i]); @@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex) { u_int32_t rnd = 0; u_char *cookie; - int i; + u_int i; if (kex == NULL) { error("kex_send_kexinit: no kex, cannot rekey"); @@ -183,8 +183,7 @@ void kex_input_kexinit(int type, u_int32_t seq, void *ctxt) { char *ptr; - int dlen; - int i; + u_int i, dlen; Kex *kex = (Kex *)ctxt; debug("SSH2_MSG_KEXINIT received"); @@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server) char *name = match_list(client, server, NULL); if (name == NULL) fatal("no matching comp found: client %s server %s", client, server); - if (strcmp(name, "zlib") == 0) { - comp->type = 1; + if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; + } else if (strcmp(name, "zlib") == 0) { + comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { - comp->type = 0; + comp->type = COMP_NONE; } else { fatal("unsupported comp %s", name); } @@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - int mode; - int ctos; /* direction: if true client-to-server */ - int need; + u_int mode, ctos, need; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex) /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && - !(datafellows & SSH_BUG_FIRSTKEX)) { + !(datafellows & SSH_BUG_FIRSTKEX)) { type = packet_read(); debug2("skipping next packet (type %u)", type); } @@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex) } static u_char * -derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) +derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) { Buffer b; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; char c = id; - int have; + u_int have; int mdsz = EVP_MD_size(evp_md); - u_char *digest = xmalloc(roundup(need, mdsz)); + u_char *digest; + + if (mdsz < 0) + fatal("derive_key: mdsz < 0"); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); @@ -455,7 +458,7 @@ void kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) { u_char *keys[NKEYS]; - int i, mode, ctos; + u_int i, mode, ctos; for (i = 0; i < NKEYS; i++) keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); @@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, EVP_DigestInit(&md, evp_md); len = BN_num_bytes(host_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad host modulus (len %d)", __func__, len); BN_bn2bin(host_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); len = BN_num_bytes(server_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad server modulus (len %d)", __func__, len); BN_bn2bin(server_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); @@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, void dump_digest(char *msg, u_char *digest, int len) { - int i; + u_int i; fprintf(stderr, "%s\n", msg); for (i = 0; i< len; i++) { diff --git a/crypto/openssh/kex.h b/crypto/openssh/kex.h index d9e9d65..3024a27 100644 --- a/crypto/openssh/kex.h +++ b/crypto/openssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -35,6 +35,10 @@ #define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" +#define COMP_NONE 0 +#define COMP_ZLIB 1 +#define COMP_DELAYED 2 + enum kex_init_proposals { PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, @@ -83,9 +87,9 @@ struct Mac { char *name; int enabled; const EVP_MD *md; - int mac_len; + u_int mac_len; u_char *key; - int key_len; + u_int key_len; }; struct Comp { int type; @@ -101,7 +105,7 @@ struct Kex { u_char *session_id; u_int session_id_len; Newkeys *newkeys[MODE_MAX]; - int we_need; + u_int we_need; int server; char *name; int hostkey_type; diff --git a/crypto/openssh/loginrec.h b/crypto/openssh/loginrec.h index d1a12a8..8e33901 100644 --- a/crypto/openssh/loginrec.h +++ b/crypto/openssh/loginrec.h @@ -35,7 +35,7 @@ #include <netinet/in.h> #include <sys/socket.h> -/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -128,7 +128,7 @@ struct logininfo *login_get_lastlog(struct logininfo *li, const int uid); unsigned int login_get_lastlog_time(const int uid); /* produce various forms of the line filename */ -char *line_fullname(char *dst, const char *src, int dstsize); +char *line_fullname(char *dst, const char *src, u_int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); diff --git a/crypto/openssh/mac.c b/crypto/openssh/mac.c index 097f0b9..2bda5a1 100644 --- a/crypto/openssh/mac.c +++ b/crypto/openssh/mac.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $"); #include <openssl/hmac.h> @@ -51,12 +51,15 @@ struct { int mac_init(Mac *mac, char *name) { - int i; + int i, evp_len; + for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { if (mac != NULL) { mac->md = (*macs[i].mdfunc)(); - mac->key_len = mac->mac_len = EVP_MD_size(mac->md); + if ((evp_len = EVP_MD_size(mac->md)) <= 0) + fatal("mac %s len %d", name, evp_len); + mac->key_len = mac->mac_len = (u_int)evp_len; if (macs[i].truncatebits != 0) mac->mac_len = macs[i].truncatebits/8; } @@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) if (mac->key == NULL) fatal("mac_compute: no key"); - if ((u_int)mac->mac_len > sizeof(m)) + if (mac->mac_len > sizeof(m)) fatal("mac_compute: mac too long"); HMAC_Init(&c, mac->key, mac->key_len, mac->md); PUT_32BIT(b, seqno); diff --git a/crypto/openssh/match.c b/crypto/openssh/match.c index 3ddb627..29fb7da 100644 --- a/crypto/openssh/match.c +++ b/crypto/openssh/match.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); +RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $"); #include "match.h" #include "xmalloc.h" @@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next) ret = xstrdup(p); if (next != NULL) *next = (cp == NULL) ? - strlen(c) : cp - c; + strlen(c) : (u_int)(cp - c); xfree(c); xfree(s); return ret; diff --git a/crypto/openssh/mdoc2man.awk b/crypto/openssh/mdoc2man.awk index 4e72cdc..d6eaf46 100644 --- a/crypto/openssh/mdoc2man.awk +++ b/crypto/openssh/mdoc2man.awk @@ -140,6 +140,9 @@ function add(str) { } else if(match(words[w],"^Dt$")) { id=wtail() next + } else if(match(words[w],"^Ox$")) { + add("OpenBSD") + skip=1 } else if(match(words[w],"^Os$")) { add(".TH " id " \"" date "\" \"" wtail() "\"") } else if(match(words[w],"^Sh$")) { diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 7adbcea..2dd8ae6 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2005 Damien Miller. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -23,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); #include "misc.h" #include "log.h" @@ -376,6 +377,114 @@ addargs(arglist *args, char *fmt, ...) } /* + * Expands tildes in the file name. Returns data allocated by xmalloc. + * Warning: this calls getpw*. + */ +char * +tilde_expand_filename(const char *filename, uid_t uid) +{ + const char *path; + char user[128], ret[MAXPATHLEN]; + struct passwd *pw; + u_int len, slash; + + if (*filename != '~') + return (xstrdup(filename)); + filename++; + + path = strchr(filename, '/'); + if (path != NULL && path > filename) { /* ~user/path */ + slash = path - filename; + if (slash > sizeof(user) - 1) + fatal("tilde_expand_filename: ~username too long"); + memcpy(user, filename, slash); + user[slash] = '\0'; + if ((pw = getpwnam(user)) == NULL) + fatal("tilde_expand_filename: No such user %s", user); + } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ + fatal("tilde_expand_filename: No such uid %d", uid); + + if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + /* Make sure directory has a trailing '/' */ + len = strlen(pw->pw_dir); + if ((len == 0 || pw->pw_dir[len - 1] != '/') && + strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + /* Skip leading '/' from specified path */ + if (path != NULL) + filename = path + 1; + if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + return (xstrdup(ret)); +} + +/* + * Expand a string with a set of %[char] escapes. A number of escapes may be + * specified as (char *escape_chars, char *replacement) pairs. The list must + * be terminated by a NULL escape_char. Returns replaced string in memory + * allocated by xmalloc. + */ +char * +percent_expand(const char *string, ...) +{ +#define EXPAND_MAX_KEYS 16 + struct { + const char *key; + const char *repl; + } keys[EXPAND_MAX_KEYS]; + u_int num_keys, i, j; + char buf[4096]; + va_list ap; + + /* Gather keys */ + va_start(ap, string); + for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { + keys[num_keys].key = va_arg(ap, char *); + if (keys[num_keys].key == NULL) + break; + keys[num_keys].repl = va_arg(ap, char *); + if (keys[num_keys].repl == NULL) + fatal("percent_expand: NULL replacement"); + } + va_end(ap); + + if (num_keys >= EXPAND_MAX_KEYS) + fatal("percent_expand: too many keys"); + + /* Expand string */ + *buf = '\0'; + for (i = 0; *string != '\0'; string++) { + if (*string != '%') { + append: + buf[i++] = *string; + if (i >= sizeof(buf)) + fatal("percent_expand: string too long"); + buf[i] = '\0'; + continue; + } + string++; + if (*string == '%') + goto append; + for (j = 0; j < num_keys; j++) { + if (strchr(keys[j].key, *string) != NULL) { + i = strlcat(buf, keys[j].repl, sizeof(buf)); + if (i >= sizeof(buf)) + fatal("percent_expand: string too long"); + break; + } + } + if (j >= num_keys) + fatal("percent_expand: unknown key %%%c", *string); + } + return (xstrdup(buf)); +#undef EXPAND_MAX_KEYS +} + +/* * Read an entire line from a public key file into a static buffer, discarding * lines that exceed the buffer size. Returns 0 on success, -1 on failure. */ @@ -397,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, } return -1; } + +char * +tohex(const u_char *d, u_int l) +{ + char b[3], *r; + u_int i, hl; + + hl = l * 2 + 1; + r = xmalloc(hl); + *r = '\0'; + for (i = 0; i < l; i++) { + snprintf(b, sizeof(b), "%02x", d[i]); + strlcat(r, b, hl); + } + return (r); +} + diff --git a/crypto/openssh/misc.h b/crypto/openssh/misc.h index 8bbc87f..2d630fe 100644 --- a/crypto/openssh/misc.h +++ b/crypto/openssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -24,6 +24,9 @@ char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); long convtime(const char *); +char *tilde_expand_filename(const char *, uid_t); +char *percent_expand(const char *, ...) __attribute__((__sentinel__)); +char *tohex(const u_char *, u_int); struct passwd *pwcopy(struct passwd *); @@ -35,10 +38,6 @@ struct arglist { }; void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); -/* tildexpand.c */ - -char *tilde_expand_filename(const char *, uid_t); - /* readpass.c */ #define RP_ECHO 0x0001 diff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c index 8b05248..d53806e 100644 --- a/crypto/openssh/moduli.c +++ b/crypto/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */ +/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -112,22 +112,22 @@ #define TINY_NUMBER (1UL<<16) /* Ensure enough bit space for testing 2*q. */ -#define TEST_MAXIMUM (1UL<<16) -#define TEST_MINIMUM (QSIZE_MINIMUM + 1) -/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ -#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ +#define TEST_MAXIMUM (1UL<<16) +#define TEST_MINIMUM (QSIZE_MINIMUM + 1) +/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ +#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ /* bit operations on 32-bit words */ -#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) -#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) -#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) +#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) +#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) +#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) /* * Prime testing defines */ /* Minimum number of primality tests to perform */ -#define TRIAL_MINIMUM (4) +#define TRIAL_MINIMUM (4) /* * Sieving data (XXX - move to struct) @@ -144,7 +144,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers; static u_int32_t largebits, largememory; /* megabytes */ static BIGNUM *largebase; -int gen_candidates(FILE *, int, int, BIGNUM *); +int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); /* @@ -241,19 +241,20 @@ sieve_large(u_int32_t s) * The list is checked against small known primes (less than 2**30). */ int -gen_candidates(FILE *out, int memory, int power, BIGNUM *start) +gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) { BIGNUM *q; u_int32_t j, r, s, t; u_int32_t smallwords = TINY_NUMBER >> 6; u_int32_t tinywords = TINY_NUMBER >> 6; time_t time_start, time_stop; - int i, ret = 0; + u_int32_t i; + int ret = 0; largememory = memory; if (memory != 0 && - (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { + (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { error("Invalid memory amount (min %ld, max %ld)", LARGE_MINIMUM, LARGE_MAXIMUM); return (-1); @@ -371,8 +372,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) * fencepost errors, the last pass is skipped. */ for (smallbase = TINY_NUMBER + 3; - smallbase < (SMALL_MAXIMUM - TINY_NUMBER); - smallbase += TINY_NUMBER) { + smallbase < (SMALL_MAXIMUM - TINY_NUMBER); + smallbase += TINY_NUMBER) { for (i = 0; i < tinybits; i++) { if (BIT_TEST(TinySieve, i)) continue; /* 2*i+3 is composite */ @@ -548,7 +549,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) * due to earlier inconsistencies in interpretation, check * the proposed bit size. */ - if (BN_num_bits(p) != (in_size + 1)) { + if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) { debug2("%10u: bit size %u mismatch", count_in, in_size); continue; } diff --git a/crypto/openssh/msg.c b/crypto/openssh/msg.c index 30bc3f1..3e4c288 100644 --- a/crypto/openssh/msg.c +++ b/crypto/openssh/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $"); +RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $"); #include "buffer.h" #include "getput.h" @@ -55,15 +55,13 @@ int ssh_msg_recv(int fd, Buffer *m) { u_char buf[4]; - ssize_t res; u_int msg_len; debug3("ssh_msg_recv entering"); - res = atomicio(read, fd, buf, sizeof(buf)); - if (res != sizeof(buf)) { - if (res != 0) - error("ssh_msg_recv: read: header %ld", (long)res); + if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) { + if (errno != EPIPE) + error("ssh_msg_recv: read: header"); return (-1); } msg_len = GET_32BIT(buf); @@ -73,9 +71,8 @@ ssh_msg_recv(int fd, Buffer *m) } buffer_clear(m); buffer_append_space(m, msg_len); - res = atomicio(read, fd, buffer_ptr(m), msg_len); - if (res != msg_len) { - error("ssh_msg_recv: read: %ld != msg_len", (long)res); + if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) { + error("ssh_msg_recv: read: %s", strerror(errno)); return (-1); } return (0); diff --git a/crypto/openssh/openbsd-compat/Makefile.in b/crypto/openssh/openbsd-compat/Makefile.in index 0f34f22..6f5ee28 100644 --- a/crypto/openssh/openbsd-compat/Makefile.in +++ b/crypto/openssh/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $ +# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,11 +16,11 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -PORTS=port-irix.o port-aix.o +PORTS=port-irix.o port-aix.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index ff394ec..b5e3cc5 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $"); #ifdef HAVE_CYGWIN diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 41f92cc..6ba9bd9 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act) return (signal(sig, act)); #endif } + +#ifndef HAVE_STRDUP +char * +strdup(const char *str) +{ + size_t len; + char *cp; + + len = strlen(str) + 1; + cp = malloc(len); + if (cp != NULL) + if (strlcpy(cp, str, len) != len) { + free(cp); + return NULL; + } + return cp; +} +#endif diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index 4e869c4..2016ffe 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -144,6 +144,8 @@ _getshort(msgp) GETSHORT(u, msgp); return (u); } +#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) +u_int16_t _getshort(register const u_char *); #endif #ifndef HAVE__GETLONG @@ -156,6 +158,8 @@ _getlong(msgp) GETLONG(u, msgp); return (u); } +#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) +u_int32_t _getlong(register const u_char *); #endif int diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index 89d1454..ba68bc2 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *); int snprintf(char *, size_t, const char *, ...); #endif +#ifndef HAVE_STRTONUM +long long strtonum(const char *, long long, long long, const char **); +#endif + #ifndef HAVE_VSNPRINTF int vsnprintf(char *, size_t, const char *, va_list); #endif @@ -169,5 +173,6 @@ char *shadow_pw(struct passwd *pw); #include "bsd-cygwin_util.h" #include "port-irix.h" #include "port-aix.h" +#include "port-uw.h" #endif /* _OPENBSD_COMPAT_H */ diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c new file mode 100644 index 0000000..b690e8f --- /dev/null +++ b/crypto/openssh/openbsd-compat/openssl-compat.c @@ -0,0 +1,46 @@ +/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#define SSH_DONT_REDEF_EVP +#include "openssl-compat.h" + +#ifdef SSH_OLD_EVP +int +ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv, int enc) +{ + EVP_CipherInit(evp, type, key, iv, enc); + return 1; +} + +int +ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) +{ + EVP_Cipher(evp, dst, src, len); + return 1; +} + +int +ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) +{ + EVP_CIPHER_CTX_cleanup(evp); + return 1; +} +#endif diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h new file mode 100644 index 0000000..d9b2fa5 --- /dev/null +++ b/crypto/openssh/openbsd-compat/openssl-compat.h @@ -0,0 +1,65 @@ +/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#include <openssl/evp.h> + +#if OPENSSL_VERSION_NUMBER < 0x00906000L +# define SSH_OLD_EVP +# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#endif + +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define EVP_aes_128_cbc evp_rijndael +# define EVP_aes_192_cbc evp_rijndael +# define EVP_aes_256_cbc evp_rijndael +extern const EVP_CIPHER *evp_rijndael(void); +extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +#endif + +#if !defined(EVP_CTRL_SET_ACSS_MODE) +# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# define USE_CIPHER_ACSS 1 +extern const EVP_CIPHER *evp_acss(void); +# define EVP_acss evp_acss +# else +# define EVP_acss NULL +# endif +#endif + +/* + * insert comment here + */ +#ifdef SSH_OLD_EVP + +# ifndef SSH_DONT_REDEF_EVP + +# ifdef EVP_Cipher +# undef EVP_Cipher +# endif + +# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) +# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) +# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) +# endif + +int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, + unsigned char *, int); +int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); +int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +#endif diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c index cf5d4b9..81d8124 100644 --- a/crypto/openssh/openbsd-compat/port-aix.c +++ b/crypto/openssh/openbsd-compat/port-aix.c @@ -1,7 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. + * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = ""; # endif /* - * AIX has a "usrinfo" area where logname and other stuff is stored - + * AIX has a "usrinfo" area where logname and other stuff is stored - * a few applications actually use this and die if it's not set * * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ - - void aix_usrinfo(struct passwd *pw) { @@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw) len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); cp = xmalloc(len); - i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', + i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', pw->pw_name, '\0'); if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); @@ -153,14 +151,14 @@ aix_valid_authentications(const char *user) int sys_auth_passwd(Authctxt *ctxt, const char *password) { - char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; + char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; do { result = authenticate((char *)name, (char *)password, &reenter, &authmsg); aix_remove_embedded_newlines(authmsg); - debug3("AIX/authenticate result %d, msg %.100s", result, + debug3("AIX/authenticate result %d, authmsg %.100s", result, authmsg); } while (reenter); @@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) if (result == 0) { authsuccess = 1; - /* + /* * Record successful login. We don't have a pty yet, so just * label the line as "ssh" */ @@ -257,7 +255,7 @@ int sys_auth_record_login(const char *user, const char *host, const char *ttynm, Buffer *loginmsg) { - char *msg; + char *msg = NULL; int success = 0; aix_setauthdb(user); diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h index 9e3dce4..37b2c12 100644 --- a/crypto/openssh/openbsd-compat/port-aix.h +++ b/crypto/openssh/openbsd-compat/port-aix.h @@ -1,8 +1,9 @@ -/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,23 +48,23 @@ /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); -#if (HAVE_DECL_SETAUTHDB == 0) +#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0) int setauthdb(const char *, char *); #endif /* these may or may not be in the headers depending on the version */ -#if (HAVE_DECL_AUTHENTICATE == 0) +#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0) int authenticate(char *, char *, int *, char **); #endif -#if (HAVE_DECL_LOGINFAILED == 0) +#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0) int loginfailed(char *, char *, char *); #endif -#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0) int loginrestrictions(char *, int, char *, char **); #endif -#if (HAVE_DECL_LOGINSUCCESS == 0) +#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0) int loginsuccess(char *, char *, char *, char **); #endif -#if (HAVE_DECL_PASSWDEXPIRED == 0) +#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0) int passwdexpired(char *, char **); #endif diff --git a/crypto/openssh/openbsd-compat/port-uw.c b/crypto/openssh/openbsd-compat/port-uw.c new file mode 100644 index 0000000..d881ff0 --- /dev/null +++ b/crypto/openssh/openbsd-compat/port-uw.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2005 The SCO Group. All rights reserved. + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif +#include "packet.h" +#include "buffer.h" +#include "log.h" +#include "servconf.h" +#include "auth.h" +#include "auth-options.h" + +int nischeck(char *); + +int +sys_auth_passwd(Authctxt *authctxt, const char *password) +{ + struct passwd *pw = authctxt->pw; + char *encrypted_password; + char *salt; + int result; + + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + + /* Check for users with no password. */ + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) + return (1); + + /* Encrypt the candidate password using the proper salt. */ + salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; +#ifdef UNIXWARE_LONG_PASSWORDS + if (!nischeck(pw->pw_name)) + encrypted_password = bigcrypt(password, salt); + else +#endif /* UNIXWARE_LONG_PASSWORDS */ + encrypted_password = xcrypt(password, salt); + + /* + * Authentication is accepted if the encrypted passwords + * are identical. + */ + result = (strcmp(encrypted_password, pw_password) == 0); + + if (authctxt->valid) + free(pw_password); + return(result); +} + +#ifdef UNIXWARE_LONG_PASSWORDS +int +nischeck(char *namep) +{ + char password_file[] = "/etc/passwd"; + FILE *fd; + struct passwd *ent = NULL; + + if ((fd = fopen (password_file, "r")) == NULL) { + /* + * If the passwd file has dissapeared we are in a bad state. + * However, returning 0 will send us back through the + * authentication scheme that has checked the ia database for + * passwords earlier. + */ + return(0); + } + + /* + * fgetpwent() only reads from password file, so we know for certain + * that the user is local. + */ + while (ent = fgetpwent(fd)) { + if (strcmp (ent->pw_name, namep) == 0) { + /* Local user */ + fclose (fd); + return(0); + } + } + + fclose (fd); + return (1); +} + +#endif /* UNIXWARE_LONG_PASSWORDS */ + +/* + NOTE: ia_get_logpwd() allocates memory for arg 2 + functions that call shadow_pw() will need to free + */ + +char * +get_iaf_password(struct passwd *pw) +{ + char *pw_password = NULL; + + uinfo_t uinfo; + if (!ia_openinfo(pw->pw_name,&uinfo)) { + ia_get_logpwd(uinfo, &pw_password); + if (pw_password == NULL) + fatal("ia_get_logpwd: Unable to get the shadow passwd"); + ia_closeinfo(uinfo); + return pw_password; + } + else + fatal("ia_openinfo: Unable to open the shadow passwd file"); +} +#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ + diff --git a/crypto/openssh/openbsd-compat/port-uw.h b/crypto/openssh/openbsd-compat/port-uw.h new file mode 100644 index 0000000..3589b2e --- /dev/null +++ b/crypto/openssh/openbsd-compat/port-uw.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2005 Tim Rice. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) +char * get_iaf_password(struct passwd *pw); +#endif + diff --git a/crypto/openssh/openbsd-compat/realpath.c b/crypto/openssh/openbsd-compat/realpath.c index 7f73bd9..8430bec 100644 --- a/crypto/openssh/openbsd-compat/realpath.c +++ b/crypto/openssh/openbsd-compat/realpath.c @@ -1,11 +1,7 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ /* - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Jan-Simon Pendry. + * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -15,14 +11,14 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -36,169 +32,165 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include <sys/param.h> #include <sys/stat.h> #include <errno.h> -#include <fcntl.h> #include <stdlib.h> #include <string.h> #include <unistd.h> /* - * MAXSYMLINKS - */ -#ifndef MAXSYMLINKS -#define MAXSYMLINKS 5 -#endif - -/* - * char *realpath(const char *path, char resolved_path[MAXPATHLEN]); + * char *realpath(const char *path, char resolved[PATH_MAX]); * * Find the real name of path, by removing all ".", ".." and symlink * components. Returns (resolved) on success, or (NULL) on failure, * in which case the path which caused trouble is left in (resolved). */ char * -realpath(const char *path, char *resolved) +realpath(const char *path, char resolved[PATH_MAX]) { struct stat sb; - int fd, n, needslash, serrno; - char *p, *q, wbuf[MAXPATHLEN]; - int symlinks = 0; - - /* Save the starting point. */ -#ifndef HAVE_FCHDIR - char start[MAXPATHLEN]; - /* this is potentially racy but without fchdir we have no option */ - if (getcwd(start, sizeof(start)) == NULL) { - resolved[0] = '.'; + char *p, *q, *s; + size_t left_len, resolved_len; + unsigned symlinks; + int serrno, slen; + char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; + + serrno = errno; + symlinks = 0; + if (path[0] == '/') { + resolved[0] = '/'; resolved[1] = '\0'; - return (NULL); + if (path[1] == '\0') + return (resolved); + resolved_len = 1; + left_len = strlcpy(left, path + 1, sizeof(left)); + } else { + if (getcwd(resolved, PATH_MAX) == NULL) { + strlcpy(resolved, ".", PATH_MAX); + return (NULL); + } + resolved_len = strlen(resolved); + left_len = strlcpy(left, path, sizeof(left)); } -#endif - if ((fd = open(".", O_RDONLY)) < 0) { - resolved[0] = '.'; - resolved[1] = '\0'; + if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { + errno = ENAMETOOLONG; return (NULL); } - /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ - if (path[0] == '.' && path[1] == '\0') - path = ""; - /* - * Find the dirname and basename from the path to be resolved. - * Change directory to the dirname component. - * lstat the basename part. - * if it is a symlink, read in the value and loop. - * if it is a directory, then change to that directory. - * get the current directory name and append the basename. + * Iterate over path components in `left'. */ - if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { - serrno = ENAMETOOLONG; - goto err2; - } -loop: - q = strrchr(resolved, '/'); - if (q != NULL) { - p = q + 1; - if (q == resolved) - q = "/"; - else { - do { - --q; - } while (q > resolved && *q == '/'); - q[1] = '\0'; - q = resolved; + while (left_len != 0) { + /* + * Extract the next path component and adjust `left' + * and its length. + */ + p = strchr(left, '/'); + s = p ? p : left + left_len; + if (s - left >= sizeof(next_token)) { + errno = ENAMETOOLONG; + return (NULL); } - if (chdir(q) < 0) - goto err1; - } else - p = resolved; - - /* Deal with the last component. */ - if (*p != '\0' && lstat(p, &sb) == 0) { - if (S_ISLNK(sb.st_mode)) { - if (++symlinks > MAXSYMLINKS) { - errno = ELOOP; - goto err1; + memcpy(next_token, left, s - left); + next_token[s - left] = '\0'; + left_len -= s - left; + if (p != NULL) + memmove(left, s + 1, left_len + 1); + if (resolved[resolved_len - 1] != '/') { + if (resolved_len + 1 >= PATH_MAX) { + errno = ENAMETOOLONG; + return (NULL); } - if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) - goto err1; - resolved[n] = '\0'; - goto loop; + resolved[resolved_len++] = '/'; + resolved[resolved_len] = '\0'; } - if (S_ISDIR(sb.st_mode)) { - if (chdir(p) < 0) - goto err1; - p = ""; + if (next_token[0] == '\0') + continue; + else if (strcmp(next_token, ".") == 0) + continue; + else if (strcmp(next_token, "..") == 0) { + /* + * Strip the last path component except when we have + * single "/" + */ + if (resolved_len > 1) { + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } + continue; } - } - - /* - * Save the last component name and get the full pathname of - * the current directory. - */ - if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { - errno = ENAMETOOLONG; - goto err1; - } - if (getcwd(resolved, MAXPATHLEN) == NULL) - goto err1; - - /* - * Join the two strings together, ensuring that the right thing - * happens if the last component is empty, or the dirname is root. - */ - if (resolved[0] == '/' && resolved[1] == '\0') - needslash = 0; - else - needslash = 1; - if (*wbuf) { - if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { + /* + * Append the next path component and lstat() it. If + * lstat() fails we still can return successfully if + * there are no more path components left. + */ + resolved_len = strlcat(resolved, next_token, PATH_MAX); + if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - goto err1; + return (NULL); } - if (needslash) { - if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; + if (lstat(resolved, &sb) != 0) { + if (errno == ENOENT && p == NULL) { + errno = serrno; + return (resolved); } + return (NULL); } - if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { - errno = ENAMETOOLONG; - goto err1; - } - } + if (S_ISLNK(sb.st_mode)) { + if (symlinks++ > MAXSYMLINKS) { + errno = ELOOP; + return (NULL); + } + slen = readlink(resolved, symlink, sizeof(symlink) - 1); + if (slen < 0) + return (NULL); + symlink[slen] = '\0'; + if (symlink[0] == '/') { + resolved[1] = 0; + resolved_len = 1; + } else if (resolved_len > 1) { + /* Strip the last path component. */ + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } - /* Go back to where we came from. */ -#ifdef HAVE_FCHDIR - if (fchdir(fd) < 0) { -#else - if (chdir(start) < 0) { -#endif - serrno = errno; - goto err2; + /* + * If there are any path components left, then + * append them to symlink. The result is placed + * in `left'. + */ + if (p != NULL) { + if (symlink[slen - 1] != '/') { + if (slen + 1 >= sizeof(symlink)) { + errno = ENAMETOOLONG; + return (NULL); + } + symlink[slen] = '/'; + symlink[slen + 1] = 0; + } + left_len = strlcat(symlink, left, sizeof(left)); + if (left_len >= sizeof(left)) { + errno = ENAMETOOLONG; + return (NULL); + } + } + left_len = strlcpy(left, symlink, sizeof(left)); + } } - /* It's okay if the close fails, what's an fd more or less? */ - (void)close(fd); + /* + * Remove trailing slash except when the resolved pathname + * is a single "/". + */ + if (resolved_len > 1 && resolved[resolved_len - 1] == '/') + resolved[resolved_len - 1] = '\0'; return (resolved); - -err1: serrno = errno; -#ifdef HAVE_FCHDIR - (void)fchdir(fd); -#else - chdir(start); -#endif -err2: (void)close(fd); - errno = serrno; - return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ diff --git a/crypto/openssh/openbsd-compat/strtoll.c b/crypto/openssh/openbsd-compat/strtoll.c new file mode 100644 index 0000000..60c276f --- /dev/null +++ b/crypto/openssh/openbsd-compat/strtoll.c @@ -0,0 +1,151 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ + +/*- + * Copyright (c) 1992 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#ifndef HAVE_STRTOLL + +#if defined(LIBC_SCCS) && !defined(lint) +static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include <sys/types.h> + +#include <ctype.h> +#include <errno.h> +#include <limits.h> +#include <stdlib.h> + +/* + * Convert a string to a long long. + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +long long +strtoll(const char *nptr, char **endptr, int base) +{ + const char *s; + long long acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * Skip white space and pick up leading +/- sign if any. + * If base is 0, allow 0x for hex and 0 for octal, else + * assume decimal; if base is already 16, allow 0x. + */ + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && + c == '0' && (*s == 'x' || *s == 'X')) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + /* + * Compute the cutoff value between legal numbers and illegal + * numbers. That is the largest legal value, divided by the + * base. An input number that is greater than this value, if + * followed by a legal input character, is too big. One that + * is equal to this value may be valid or not; the limit + * between valid and invalid numbers is then based on the last + * digit. For instance, if the range for long longs is + * [-9223372036854775808..9223372036854775807] and the input base + * is 10, cutoff will be set to 922337203685477580 and cutlim to + * either 7 (neg==0) or 8 (neg==1), meaning that if we have + * accumulated a value > 922337203685477580, or equal but the + * next digit is > 7 (or 8), the number is too big, and we will + * return a range error. + * + * Set any if any `digits' consumed; make it negative to indicate + * overflow. + */ + cutoff = neg ? LLONG_MIN : LLONG_MAX; + cutlim = cutoff % base; + cutoff /= base; + if (neg) { + if (cutlim > 0) { + cutlim -= base; + cutoff += 1; + } + cutlim = -cutlim; + } + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (neg) { + if (acc < cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = LLONG_MIN; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc -= c; + } + } else { + if (acc > cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = LLONG_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc += c; + } + } + } + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +#endif /* HAVE_STRTOLL */ diff --git a/crypto/openssh/openbsd-compat/strtonum.c b/crypto/openssh/openbsd-compat/strtonum.c new file mode 100644 index 0000000..b681ed8 --- /dev/null +++ b/crypto/openssh/openbsd-compat/strtonum.c @@ -0,0 +1,69 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ + +/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#ifndef HAVE_STRTONUM +#include <limits.h> + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + char *ep; + int error = 0; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) + error = INVALID; + else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} + +#endif /* HAVE_STRTONUM */ diff --git a/crypto/openssh/openbsd-compat/xcrypt.c b/crypto/openssh/openbsd-compat/xcrypt.c index c3cea3c..9afa0b9 100644 --- a/crypto/openssh/openbsd-compat/xcrypt.c +++ b/crypto/openssh/openbsd-compat/xcrypt.c @@ -93,6 +93,11 @@ shadow_pw(struct passwd *pw) if (spw != NULL) pw_password = spw->sp_pwdp; # endif + +#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) + return(get_iaf_password(pw)); +#endif + # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 7c150fd..70e0110 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -116,6 +116,12 @@ static int initialized = 0; /* Set to true if the connection is interactive. */ static int interactive_mode = 0; +/* Set to true if we are the server side. */ +static int server_side = 0; + +/* Set to true if we are authenticated. */ +static int after_authentication = 0; + /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; static struct packet_state { @@ -624,7 +630,9 @@ set_newkeys(int mode) /* Deleting the keys does not gain extra security */ /* memset(enc->iv, 0, enc->block_size); memset(enc->key, 0, enc->key_len); */ - if (comp->type != 0 && comp->enabled == 0) { + if ((comp->type == COMP_ZLIB || + (comp->type == COMP_DELAYED && after_authentication)) && + comp->enabled == 0) { packet_init_compression(); if (mode == MODE_OUT) buffer_compress_init_send(6); @@ -645,6 +653,35 @@ set_newkeys(int mode) } /* + * Delayed compression for SSH2 is enabled after authentication: + * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, + * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. + */ +static void +packet_enable_delayed_compress(void) +{ + Comp *comp = NULL; + int mode; + + /* + * Remember that we are past the authentication step, so rekeying + * with COMP_DELAYED will turn on compression immediately. + */ + after_authentication = 1; + for (mode = 0; mode < MODE_MAX; mode++) { + comp = &newkeys[mode]->comp; + if (comp && !comp->enabled && comp->type == COMP_DELAYED) { + packet_init_compression(); + if (mode == MODE_OUT) + buffer_compress_init_send(6); + else + buffer_compress_init_recv(); + comp->enabled = 1; + } + } +} + +/* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ static void @@ -757,6 +794,8 @@ packet_send2_wrapped(void) if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_OUT); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) + packet_enable_delayed_compress(); } static void @@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p) static u_int packet_length = 0; u_int padlen, need; u_char *macbuf, *cp, type; - int maclen, block_size; + u_int maclen, block_size; Enc *enc = NULL; Mac *mac = NULL; Comp *comp = NULL; @@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p) packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) + packet_enable_delayed_compress(); #ifdef PACKET_DEBUG fprintf(stderr, "read/plain[%d]:\r\n", type); buffer_dump(&incoming_packet); @@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value) } void * -packet_get_raw(int *length_ptr) +packet_get_raw(u_int *length_ptr) { - int bytes = buffer_len(&incoming_packet); + u_int bytes = buffer_len(&incoming_packet); if (length_ptr != NULL) *length_ptr = bytes; @@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes) { rekey_limit = bytes; } + +void +packet_set_server(void) +{ + server_side = 1; +} + +void +packet_set_authenticated(void) +{ + after_authentication = 1; +} diff --git a/crypto/openssh/progressmeter.c b/crypto/openssh/progressmeter.c index 93f5a3e..3cda090 100644 --- a/crypto/openssh/progressmeter.c +++ b/crypto/openssh/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -42,6 +42,10 @@ static int can_output(void); static void format_size(char *, int, off_t); static void format_rate(char *, int, off_t); +/* window resizing */ +static void sig_winch(int); +static void setscreensize(void); + /* updates the progressmeter to reflect the current state of the transfer */ void refresh_progress_meter(void); @@ -57,6 +61,7 @@ static volatile off_t *counter; /* progress counter */ static long stalled; /* how long we have been stalled */ static int bytes_per_second; /* current speed in bytes per second */ static int win_size; /* terminal window size */ +static volatile sig_atomic_t win_resized; /* for window resizing */ /* units for format_size */ static const char unit[] = " KMGT"; @@ -147,6 +152,8 @@ refresh_progress_meter(void) len = snprintf(buf, file_len + 1, "\r%s", file); if (len < 0) len = 0; + if (len >= file_len + 1) + len = file_len; for (i = len; i < file_len; i++ ) buf[i] = ' '; buf[file_len] = '\0'; @@ -215,6 +222,10 @@ update_progress_meter(int ignore) save_errno = errno; + if (win_resized) { + setscreensize(); + win_resized = 0; + } if (can_output()) refresh_progress_meter(); @@ -226,8 +237,6 @@ update_progress_meter(int ignore) void start_progress_meter(char *f, off_t filesize, off_t *ctr) { - struct winsize winsize; - start = last_update = time(NULL); file = f; end_pos = filesize; @@ -236,20 +245,12 @@ start_progress_meter(char *f, off_t filesize, off_t *ctr) stalled = 0; bytes_per_second = 0; - if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 && - winsize.ws_col != 0) { - if (winsize.ws_col > MAX_WINSIZE) - win_size = MAX_WINSIZE; - else - win_size = winsize.ws_col; - } else - win_size = DEFAULT_WINSIZE; - win_size += 1; /* trailing \0 */ - + setscreensize(); if (can_output()) refresh_progress_meter(); signal(SIGALRM, update_progress_meter); + signal(SIGWINCH, sig_winch); alarm(UPDATE_INTERVAL); } @@ -267,3 +268,25 @@ stop_progress_meter(void) atomicio(vwrite, STDOUT_FILENO, "\n", 1); } + +static void +sig_winch(int sig) +{ + win_resized = 1; +} + +static void +setscreensize(void) +{ + struct winsize winsize; + + if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 && + winsize.ws_col != 0) { + if (winsize.ws_col > MAX_WINSIZE) + win_size = MAX_WINSIZE; + else + win_size = winsize.ws_col; + } else + win_size = DEFAULT_WINSIZE; + win_size += 1; /* trailing \0 */ +} diff --git a/crypto/openssh/readpass.c b/crypto/openssh/readpass.c index c2bacdc..7914799 100644 --- a/crypto/openssh/readpass.c +++ b/crypto/openssh/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $"); #include "xmalloc.h" #include "misc.h" @@ -106,15 +106,20 @@ read_passphrase(const char *prompt, int flags) if (flags & RP_USE_ASKPASS) use_askpass = 1; else if (flags & RP_ALLOW_STDIN) { - if (!isatty(STDIN_FILENO)) + if (!isatty(STDIN_FILENO)) { + debug("read_passphrase: stdin is not a tty"); use_askpass = 1; + } } else { rppflags |= RPP_REQUIRE_TTY; ttyfd = open(_PATH_TTY, O_RDWR); if (ttyfd >= 0) close(ttyfd); - else + else { + debug("read_passphrase: can't open %s: %s", _PATH_TTY, + strerror(errno)); use_askpass = 1; + } } if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh index d69b8c5..4f824a3 100644 --- a/crypto/openssh/regress/reexec.sh +++ b/crypto/openssh/regress/reexec.sh @@ -3,10 +3,10 @@ tid="reexec tests" -DATA=/bin/ls +DATA=/bin/ls${EXEEXT} COPY=${OBJ}/copy -SSHD_ORIG=$SSHD -SSHD_COPY=$OBJ/sshd +SSHD_ORIG=$SSHD${EXEEXT} +SSHD_COPY=$OBJ/sshd${EXEEXT} # Start a sshd and then delete it start_sshd_copy () diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh index bd0c025..4b3a70e 100644 --- a/crypto/openssh/regress/test-exec.sh +++ b/crypto/openssh/regress/test-exec.sh @@ -96,9 +96,10 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then fi # Path to sshd must be absolute for rexec -if [ ! -x /$SSHD ]; then - SSHD=`which sshd` -fi +case "$SSHD" in +/*) ;; +*) SSHD=`which sshd` ;; +esac if [ "x$TEST_SSH_LOGFILE" = "x" ]; then TEST_SSH_LOGFILE=/dev/null diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index 92df427..afbd1e6 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $"); #include "openbsd-compat/sys-queue.h" @@ -64,10 +64,10 @@ send_msg(int fd, Buffer *m) /* Send length first */ PUT_32BIT(mlen, buffer_len(m)); - if (atomicio(vwrite, fd, mlen, sizeof(mlen)) <= 0) + if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); - if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) <= 0) + if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m)) fatal("Couldn't send packet: %s", strerror(errno)); buffer_clear(m); @@ -76,26 +76,27 @@ send_msg(int fd, Buffer *m) static void get_msg(int fd, Buffer *m) { - ssize_t len; u_int msg_len; buffer_append_space(m, 4); - len = atomicio(read, fd, buffer_ptr(m), 4); - if (len == 0) - fatal("Connection closed"); - else if (len == -1) - fatal("Couldn't read packet: %s", strerror(errno)); + if (atomicio(read, fd, buffer_ptr(m), 4) != 4) { + if (errno == EPIPE) + fatal("Connection closed"); + else + fatal("Couldn't read packet: %s", strerror(errno)); + } msg_len = buffer_get_int(m); if (msg_len > MAX_MSG_LENGTH) fatal("Received message too long %u", msg_len); buffer_append_space(m, msg_len); - len = atomicio(read, fd, buffer_ptr(m), msg_len); - if (len == 0) - fatal("Connection closed"); - else if (len == -1) - fatal("Read packet: %s", strerror(errno)); + if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) { + if (errno == EPIPE) + fatal("Connection closed"); + else + fatal("Read packet: %s", strerror(errno)); + } } static void @@ -310,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, SFTP_DIRENT ***dir) { Buffer msg; - u_int type, id, handle_len, i, expected_id, ents = 0; + u_int count, type, id, handle_len, i, expected_id, ents = 0; char *handle; id = conn->msg_id++; @@ -334,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, } for (; !interrupted;) { - int count; - id = expected_id = conn->msg_id++; debug3("Sending SSH2_FXP_READDIR I:%u", id); @@ -743,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, Attrib junk, *a; Buffer msg; char *handle; - int local_fd, status, num_req, max_req, write_error; + int local_fd, status = 0, write_error; int read_error, write_errno; u_int64_t offset, size; - u_int handle_len, mode, type, id, buflen; + u_int handle_len, mode, type, id, buflen, num_req, max_req; off_t progress_counter; struct request { u_int id; @@ -1127,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, goto done; } debug3("In write loop, ack for %u %u bytes at %llu", - ack->id, ack->len, (unsigned long long)ack->offset); + ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; xfree(ack); } diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index 991e05d..c8a41f3 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> @@ -30,7 +30,7 @@ struct SFTP_DIRENT { }; /* - * Initialiase a SSH filexfer connection. Returns NULL on error or + * Initialise a SSH filexfer connection. Returns NULL on error or * a pointer to a initialized sftp_conn struct on success. */ struct sftp_conn *do_init(int, int, u_int, u_int); diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index e822800..6870e77 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); #include "buffer.h" #include "bufaux.h" @@ -130,7 +130,7 @@ Handle handles[100]; static void handle_init(void) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) handles[i].use = HANDLE_UNUSED; @@ -139,7 +139,7 @@ handle_init(void) static int handle_new(int use, const char *name, int fd, DIR *dirp) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { if (handles[i].use == HANDLE_UNUSED) { @@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp) static int handle_is_ok(int i, int type) { - return i >= 0 && i < sizeof(handles)/sizeof(Handle) && + return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) && handles[i].use == type; } @@ -477,10 +477,10 @@ process_write(void) } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret == -1) { + if (ret < 0) { error("process_write: write failed"); status = errno_to_portable(errno); - } else if (ret == len) { + } else if ((size_t)ret == len) { status = SSH2_FX_OK; } else { logit("nothing at all written"); diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 16a6cf0..f98ed7d 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); #ifdef USE_LIBEDIT #include <histedit.h> @@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path) { const char *cp = *cpp, *end; char quot; - int i, j; + u_int i, j; cp += strspn(cp, WHITESPACE); if (!*cp) { @@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb) static int do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - int n, c = 1, colspace = 0, columns = 1; + int n; + u_int c = 1, colspace = 0, columns = 1; SFTP_DIRENT **d; if ((n = do_readdir(conn, path, &d)) != 0) return (n); if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; char *tmp; @@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { glob_t g; - int i, c = 1, colspace = 0, columns = 1; + u_int i, c = 1, colspace = 0, columns = 1; Attrib *a = NULL; memset(&g, 0, sizeof(g)); @@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; /* Count entries for sort and find longest filename */ @@ -1236,7 +1237,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) char *dir = NULL; char cmd[2048]; struct sftp_conn *conn; - int err; + int err, interactive; EditLine *el = NULL; #ifdef USE_LIBEDIT History *hl = NULL; @@ -1294,14 +1295,15 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) xfree(dir); } -#if HAVE_SETVBUF +#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF) setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); #else - setlinebuf(stdout); - setlinebuf(infile); + setlinebuf(stdout); + setlinebuf(infile); #endif + interactive = !batchmode && isatty(STDIN_FILENO); err = 0; for (;;) { char *cp; @@ -1309,20 +1311,28 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) signal(SIGINT, SIG_IGN); if (el == NULL) { - printf("sftp> "); + if (interactive) + printf("sftp> "); if (fgets(cmd, sizeof(cmd), infile) == NULL) { - printf("\n"); + if (interactive) + printf("\n"); break; } - if (batchmode) /* Echo command */ - printf("%s", cmd); + if (!interactive) { /* Echo command */ + printf("sftp> %s", cmd); + if (strlen(cmd) > 0 && + cmd[strlen(cmd) - 1] != '\n') + printf("\n"); + } } else { #ifdef USE_LIBEDIT const char *line; int count = 0; - if ((line = el_gets(el, &count)) == NULL || count <= 0) - break; + if ((line = el_gets(el, &count)) == NULL || count <= 0) { + printf("\n"); + break; + } history(hl, &hev, H_ENTER, line); if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) { fprintf(stderr, "Error: input line too long\n"); @@ -1345,6 +1355,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) } xfree(pwd); +#ifdef USE_LIBEDIT + if (el != NULL) + el_end(el); +#endif /* USE_LIBEDIT */ + /* err == 1 signifies normal "quit" exit */ return (err >= 0 ? 0 : -1); } @@ -1475,7 +1490,7 @@ main(int argc, char **argv) /* Allow "-" as stdin */ if (strcmp(optarg, "-") != 0 && - (infile = fopen(optarg, "r")) == NULL) + (infile = fopen(optarg, "r")) == NULL) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; batchmode = 1; @@ -1561,8 +1576,8 @@ main(int argc, char **argv) err = interactive_loop(in, out, file1, file2); #if !defined(USE_PIPES) - shutdown(in, SHUT_RDWR); - shutdown(out, SHUT_RDWR); + shutdown(in, SHUT_RDWR); + shutdown(out, SHUT_RDWR); #endif close(in); diff --git a/crypto/openssh/ssh-add.1 b/crypto/openssh/ssh-add.1 index 1f3df5b..327fcdd 100644 --- a/crypto/openssh/ssh-add.1 +++ b/crypto/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -57,10 +57,10 @@ adds RSA or DSA identities to the authentication agent, .Xr ssh-agent 1 . When run without arguments, it adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa +.Pa ~/.ssh/id_rsa , +.Pa ~/.ssh/id_dsa and -.Pa $HOME/.ssh/identity . +.Pa ~/.ssh/identity . Alternative file names can be given on the command line. If any file requires a passphrase, .Nm @@ -142,11 +142,11 @@ agent. .El .Sh FILES .Bl -tag -width Ds -.It Pa $HOME/.ssh/identity +.It Pa ~/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. -.It Pa $HOME/.ssh/id_dsa +.It Pa ~/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. -.It Pa $HOME/.ssh/id_rsa +.It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .El .Pp diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index 226804e..741cf4b 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -111,10 +111,10 @@ Keys are added using When executed without arguments, .Xr ssh-add 1 adds the files -.Pa $HOME/.ssh/id_rsa , -.Pa $HOME/.ssh/id_dsa +.Pa ~/.ssh/id_rsa , +.Pa ~/.ssh/id_dsa and -.Pa $HOME/.ssh/identity . +.Pa ~/.ssh/identity . If the identity has a passphrase, .Xr ssh-add 1 asks for the passphrase (using a small X11 application if running @@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command line terminates. .Sh FILES .Bl -tag -width Ds -.It Pa $HOME/.ssh/identity +.It Pa ~/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. -.It Pa $HOME/.ssh/id_dsa +.It Pa ~/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. -.It Pa $HOME/.ssh/id_rsa +.It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> Unix-domain sockets used to contain the connection to the diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index c14eed1..5454d00 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -129,10 +129,10 @@ section for details. Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in -.Pa $HOME/.ssh/identity , -.Pa $HOME/.ssh/id_dsa +.Pa ~/.ssh/identity , +.Pa ~/.ssh/id_dsa or -.Pa $HOME/.ssh/id_rsa . +.Pa ~/.ssh/id_rsa . Additionally, the system administrator may use this to generate host keys, as seen in .Pa /etc/rc . @@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits Specifies the number of bits in the key to create. Minimum is 512 bits. -Generally, 1024 bits is considered sufficient. -The default is 1024 bits. +Generally, 2048 bits is considered sufficient. +The default is 2048 bits. .It Fl C Ar comment Provides a new comment. .It Fl c @@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and that both ends of a connection share common moduli. .Sh FILES .Bl -tag -width Ds -.It Pa $HOME/.ssh/identity +.It Pa ~/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to @@ -392,14 +392,14 @@ This file is not automatically accessed by but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. -.It Pa $HOME/.ssh/identity.pub +.It Pa ~/.ssh/identity.pub Contains the protocol version 1 RSA public key for authentication. The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys +.Pa ~/.ssh/authorized_keys on all machines where the user wishes to log in using RSA authentication. There is no need to keep the contents of this file secret. -.It Pa $HOME/.ssh/id_dsa +.It Pa ~/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to @@ -410,14 +410,14 @@ This file is not automatically accessed by but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. -.It Pa $HOME/.ssh/id_dsa.pub +.It Pa ~/.ssh/id_dsa.pub Contains the protocol version 2 DSA public key for authentication. The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys +.Pa ~/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. -.It Pa $HOME/.ssh/id_rsa +.It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to @@ -428,10 +428,10 @@ This file is not automatically accessed by but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. -.It Pa $HOME/.ssh/id_rsa.pub +.It Pa ~/.ssh/id_rsa.pub Contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys +.Pa ~/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 9288550..b178519 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); #include "dns.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -int bits = 1024; +u_int32_t bits = 2048; /* * Flag indicating that we just want to change the passphrase. This can be @@ -90,7 +90,7 @@ extern char *__progname; char hostname[MAXHOSTNAMELEN]; /* moduli.c */ -int gen_candidates(FILE *, int, int, BIGNUM *); +int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); static void @@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name) fprintf(stderr, "WARNING: %s contains unhashed " "entries\n", old); fprintf(stderr, "Delete this file to ensure privacy " - "of hostnames\n"); + "of hostnames\n"); } } @@ -959,31 +959,38 @@ usage(void) { fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); + fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); + fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); fprintf(stderr, " -b bits Number of bits in the key to create.\n"); + fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -c Change comment in private and public key files.\n"); +#ifdef SMARTCARD + fprintf(stderr, " -D reader Download public key from smartcard.\n"); +#endif /* SMARTCARD */ fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); + fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); fprintf(stderr, " -f filename Filename of the key file.\n"); + fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); fprintf(stderr, " -g Use generic DNS resource record format.\n"); + fprintf(stderr, " -H Hash names in known_hosts file.\n"); fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); - fprintf(stderr, " -p Change passphrase of private key file.\n"); - fprintf(stderr, " -q Quiet.\n"); - fprintf(stderr, " -y Read private key file and print public key.\n"); - fprintf(stderr, " -t type Specify type of key to create.\n"); - fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); - fprintf(stderr, " -H Hash names in known_hosts file\n"); - fprintf(stderr, " -F hostname Find hostname in known hosts file\n"); - fprintf(stderr, " -C comment Provide new comment.\n"); + fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); + fprintf(stderr, " -p Change passphrase of private key file.\n"); + fprintf(stderr, " -q Quiet.\n"); + fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); fprintf(stderr, " -r hostname Print DNS resource record.\n"); + fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); + fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); + fprintf(stderr, " -t type Specify type of key to create.\n"); #ifdef SMARTCARD - fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); #endif /* SMARTCARD */ - - fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n"); - fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n"); + fprintf(stderr, " -v Verbose.\n"); + fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); + fprintf(stderr, " -y Read private key file and print public key.\n"); exit(1); } @@ -1000,12 +1007,13 @@ main(int ac, char **av) Key *private, *public; struct passwd *pw; struct stat st; - int opt, type, fd, download = 0, memory = 0; - int generator_wanted = 0, trials = 100; + int opt, type, fd, download = 0; + u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int log_level = SYSLOG_LEVEL_INFO; BIGNUM *start = NULL; FILE *f; + const char *errstr; extern int optind; extern char *optarg; @@ -1033,11 +1041,10 @@ main(int ac, char **av) "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = atoi(optarg); - if (bits < 512 || bits > 32768) { - printf("Bits has bad value.\n"); - exit(1); - } + bits = strtonum(optarg, 512, 32768, &errstr); + if (errstr) + fatal("Bits has bad value %s (%s)", + optarg, errstr); break; case 'F': find_host = 1; @@ -1063,7 +1070,9 @@ main(int ac, char **av) change_comment = 1; break; case 'f': - strlcpy(identity_file, optarg, sizeof(identity_file)); + if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= + sizeof(identity_file)) + fatal("Identity filename too long"); have_identity = 1; break; case 'g': @@ -1118,23 +1127,34 @@ main(int ac, char **av) rr_hostname = optarg; break; case 'W': - generator_wanted = atoi(optarg); - if (generator_wanted < 1) - fatal("Desired generator has bad value."); + generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) + fatal("Desired generator has bad value: %s (%s)", + optarg, errstr); break; case 'a': - trials = atoi(optarg); + trials = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) + fatal("Invalid number of trials: %s (%s)", + optarg, errstr); break; case 'M': - memory = atoi(optarg); + memory = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) { + fatal("Memory limit is %s: %s", errstr, optarg); + } break; case 'G': do_gen_candidates = 1; - strlcpy(out_file, optarg, sizeof(out_file)); + if (strlcpy(out_file, optarg, sizeof(out_file)) >= + sizeof(out_file)) + fatal("Output filename too long"); break; case 'T': do_screen_candidates = 1; - strlcpy(out_file, optarg, sizeof(out_file)); + if (strlcpy(out_file, optarg, sizeof(out_file)) >= + sizeof(out_file)) + fatal("Output filename too long"); break; case 'S': /* XXX - also compare length against bits */ diff --git a/crypto/openssh/ssh-rand-helper.c b/crypto/openssh/ssh-rand-helper.c index d7d8d0f..87e52cf 100644 --- a/crypto/openssh/ssh-rand-helper.c +++ b/crypto/openssh/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -123,7 +123,7 @@ get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path) { int fd, addr_len, rval, errors; - char msg[2]; + u_char msg[2]; struct sockaddr_storage addr; struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; @@ -135,8 +135,8 @@ get_random_bytes_prngd(unsigned char *buf, int len, if (socket_path != NULL && strlen(socket_path) >= sizeof(addr_un->sun_path)) fatal("Random pool path is too long"); - if (len > 255) - fatal("Too many bytes to read from PRNGD"); + if (len <= 0 || len > 255) + fatal("Too many bytes (%d) to read from PRNGD", len); memset(&addr, '\0', sizeof(addr)); @@ -190,7 +190,7 @@ reopen: goto done; } - if (atomicio(read, fd, buf, len) != len) { + if (atomicio(read, fd, buf, len) != (size_t)len) { if (errno == EPIPE && errors < 10) { close(fd); errors++; @@ -398,8 +398,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) debug3("Time elapsed: %d msec", msec_elapsed); if (waitpid(pid, &status, 0) == -1) { - error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); + error("Couldn't wait for child '%s' completion: %s", + src->cmdstring, strerror(errno)); return 0.0; } @@ -600,7 +600,7 @@ prng_write_seedfile(void) save_errno = errno; unlink(tmpseed); fatal("problem renaming PRNG seedfile from %.100s " - "to %.100s (%.100s)", tmpseed, filename, + "to %.100s (%.100s)", tmpseed, filename, strerror(save_errno)); } } diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c index 6e3be0a..eb422d0 100644 --- a/crypto/openssh/ssh-rsa.c +++ b/crypto/openssh/ssh-rsa.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, ERR_error_string(ERR_get_error(), NULL)); goto done; } - if (len != hlen + oidlen) { + if (len < 0 || (u_int)len != hlen + oidlen) { error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); goto done; } diff --git a/crypto/openssh/ttymodes.c b/crypto/openssh/ttymodes.c index c32e213..cf4c7d5 100644 --- a/crypto/openssh/ttymodes.c +++ b/crypto/openssh/ttymodes.c @@ -241,6 +241,32 @@ baud_to_speed(int baud) } /* + * Encode a special character into SSH line format. + */ +static u_int +special_char_encode(cc_t c) +{ +#ifdef _POSIX_VDISABLE + if (c == _POSIX_VDISABLE) + return 255; +#endif /* _POSIX_VDISABLE */ + return c; +} + +/* + * Decode a special character from SSH line format. + */ +static cc_t +special_char_decode(u_int c) +{ +#ifdef _POSIX_VDISABLE + if (c == 255) + return _POSIX_VDISABLE; +#endif /* _POSIX_VDISABLE */ + return c; +} + +/* * Encodes terminal modes for the terminal referenced by fd * or tiop in a portable manner, and appends the modes to a packet * being constructed. @@ -287,7 +313,7 @@ tty_make_modes(int fd, struct termios *tiop) #define TTYCHAR(NAME, OP) \ debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \ buffer_put_char(&buf, OP); \ - put_arg(&buf, tio.c_cc[NAME]); + put_arg(&buf, special_char_encode(tio.c_cc[NAME])); #define TTYMODE(NAME, FIELD, OP) \ debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \ @@ -375,7 +401,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr) #define TTYCHAR(NAME, OP) \ case OP: \ n_bytes += arg_size; \ - tio.c_cc[NAME] = get_arg(); \ + tio.c_cc[NAME] = special_char_decode(get_arg()); \ debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \ break; #define TTYMODE(NAME, FIELD, OP) \ |