diff options
| author | des <des@FreeBSD.org> | 2002-06-29 11:34:13 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2002-06-29 11:34:13 +0000 |
| commit | 96f831106bfe6170a73a8112d39a8b123156c6f2 (patch) | |
| tree | 54056127450190c6b4d815bc4928111018c262c0 /crypto/openssh | |
| parent | 1fe6eac54a837a0ed5eb3f7bfdd76f7bb8a7319a (diff) | |
| parent | 1ba793a7c09e24d920de3983a3223770cb37ebff (diff) | |
| download | FreeBSD-src-96f831106bfe6170a73a8112d39a8b123156c6f2.zip FreeBSD-src-96f831106bfe6170a73a8112d39a8b123156c6f2.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r99060,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/openssh')
28 files changed, 374 insertions, 184 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 30b8ef2..67cd6ca 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,6 +1,169 @@ +20020626 + - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM + - (bal) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/06/23 21:34:07 + [channels.c] + tcode is u_int + - markus@cvs.openbsd.org 2002/06/24 13:12:23 + [ssh-agent.1] + the socket name contains ssh-agent's ppid; via mpech@ from form@ + - markus@cvs.openbsd.org 2002/06/24 14:33:27 + [channels.c channels.h clientloop.c serverloop.c] + move channel counter to u_int + - markus@cvs.openbsd.org 2002/06/24 14:55:38 + [authfile.c kex.c ssh-agent.c] + cat to (void) when output from buffer_get_X is ignored + - itojun@cvs.openbsd.org 2002/06/24 15:49:22 + [msg.c] + printf type pedant + - deraadt@cvs.openbsd.org 2002/06/24 17:57:20 + [sftp-server.c sshpty.c] + explicit (u_int) for uid and gid + - markus@cvs.openbsd.org 2002/06/25 16:22:42 + [authfd.c] + unnecessary cast + - markus@cvs.openbsd.org 2002/06/25 18:51:04 + [sshd.c] + lightweight do_setusercontext after chroot() + - (bal) Updated AIX package build. Patch by dtucker@zip.com.au + - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8 + - (bal) added back in error check for mmap(). I screwed up, Pointed + out by stevesk@ + - (tim) [README.privsep] UnixWare tip no longer needed. + - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP, + but it all damned lies. + - (stevesk) [README.privsep] more for sshd pseudo-account. + - (tim) [contrib/caldera/openssh.spec] add support for privsep + - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/06/26 08:53:12 + [bufaux.c] + limit size of BNs to 8KB; ok provos/deraadt + - markus@cvs.openbsd.org 2002/06/26 08:54:18 + [buffer.c] + limit append to 1MB and buffers to 10MB + - markus@cvs.openbsd.org 2002/06/26 08:55:02 + [channels.c] + limit # of channels to 10000 + - markus@cvs.openbsd.org 2002/06/26 08:58:26 + [session.c] + limit # of env vars to 1000; ok deraadt/djm + - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 + [monitor.c] + be careful in mm_zalloc + - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 + [session.c] + disclose less information from environment files; based on input + from djm, and dschultz@uclink.Berkeley.EDU + - markus@cvs.openbsd.org 2002/06/26 13:55:37 + [auth2-chall.c] + make sure # of response matches # of queries, fixes int overflow; + from ISS + - markus@cvs.openbsd.org 2002/06/26 13:56:27 + [version.h] + 3.4 + - (djm) Require krb5 devel for RPM build w/ KrbV + - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai + <nalin@redhat.com> + - (djm) Update spec files for release + - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS + - (djm) Release 3.4p1 + +20020625 + - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh + - (stevesk) [README.privsep] minor updates + - (djm) Create privsep directory and warn if privsep user is missing + during make install + - (bal) Started list of PrivSep issues in TODO + - (bal) if mmap() is substandard, don't allow compression on server side. + Post 'event' we will add more options. + - (tim) [contrib/caldera/openssh.spec] Sync with Caldera + - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by + dtucker@zip.com.au + - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus + for Cygwin, Cray, & SCO + +20020624 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2002/06/23 03:25:50 + [tildexpand.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 03:26:19 + [cipher.c key.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 + [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c + sshpty.c] + various KNF and %d for unsigned + - deraadt@cvs.openbsd.org 2002/06/23 09:30:14 + [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c + sftp.c] + bunch of u_int vs int stuff + - deraadt@cvs.openbsd.org 2002/06/23 09:39:55 + [ssh-keygen.c] + u_int stuff + - deraadt@cvs.openbsd.org 2002/06/23 09:46:51 + [bufaux.c servconf.c] + minor KNF. things the fingers do while you read + - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 + [ssh-agent.c sshd.c] + some minor KNF and %u + - deraadt@cvs.openbsd.org 2002/06/23 20:39:45 + [session.c] + compression_level is u_int + - deraadt@cvs.openbsd.org 2002/06/23 21:06:13 + [sshpty.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 21:06:41 + [channels.c channels.h session.c session.h] + display, screen, row, col, xpixel, ypixel are u_int; markus ok + - deraadt@cvs.openbsd.org 2002/06/23 21:10:02 + [packet.c] + packet_get_int() returns unsigned for reason & seqnr + - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, + xpixel are u_int. + + +20020623 + - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX. + - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset. + - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2002/06/22 02:00:29 + [ssh.h] + correct comment + - stevesk@cvs.openbsd.org 2002/06/22 02:40:23 + [ssh.1] + section 5 not 4 for ssh_config + - naddy@cvs.openbsd.org 2002/06/22 11:51:39 + [ssh.1] + typo + - stevesk@cvs.openbsd.org 2002/06/22 16:32:54 + [sshd.8] + add /var/empty in FILES section + - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 + [sshd.c] + check /var/empty owner mode; ok provos@ + - stevesk@cvs.openbsd.org 2002/06/22 16:41:57 + [scp.1] + typo + - stevesk@cvs.openbsd.org 2002/06/22 16:45:29 + [ssh-agent.1 sshd.8 sshd_config.5] + use process ID vs. pid/PID/process identifier + - stevesk@cvs.openbsd.org 2002/06/22 20:05:27 + [sshd.c] + don't call setsid() if debugging or run from inetd; no "Operation not + permitted" errors now; ok millert@ markus@ + - stevesk@cvs.openbsd.org 2002/06/22 23:09:51 + [monitor.c] + save auth method before monitor_reset_key_state(); bugzilla bug #284; + ok provos@ + 20020622 - (djm) Update README.privsep; spotted by fries@ - (djm) Release 3.3p1 + - (bal) getopt now can be staticly compiled on those platforms missing + optreset. Patch by binder@arago.de 20020621 - (djm) Sync: @@ -1004,4 +1167,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $ +$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $ diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index a7f73e6..07da06b 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -105,11 +105,6 @@ name). There are a few other options to the configure script: ---with-rsh=PATH allows you to specify the path to your rsh program. -Normally ./configure will search the current $PATH for 'rsh'. You -may need to specify this option if rsh is not in your path or has a -different name. - --with-pam enables PAM support. --enable-gnome-askpass will build the GNOME passphrase dialog. You @@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $ +$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $ diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index 4b3e278..e7faa15 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $ +# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ +SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -197,9 +198,13 @@ distprep: catman-do $(AUTORECONF) (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files +check-user: + id $(SSH_PRIVSEP_USER) || \ + echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist" + scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) @@ -212,6 +217,8 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) + chmod 0700 $(DESTDIR)$(PRIVSEP_PATH) $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add @@ -234,7 +241,7 @@ install-files: scard-install $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep index 6c798f3..ced943f 100644 --- a/crypto/openssh/README.privsep +++ b/crypto/openssh/README.privsep @@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping, compression must be disabled in order for privilege separation to function. -When privsep is enabled, the pre-authentication sshd process will +When privsep is enabled, during the pre-authentication phase sshd will chroot(2) to "/var/empty" and change its privileges to the "sshd" user -and its primary group. You should do something like the following to -prepare the privsep preauth environment: +and its primary group. sshd is a pseudo-account that should not be +used by other daemons, and must be locked and should contain a +"nologin" or invalid shell. + +You should do something like the following to prepare the privsep +preauth environment: # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd - # useradd -g sshd sshd - -If you are on UnixWare 7 or OpenUNIX 8 do this additional step. - # ln /usr/lib/.ns.so /usr/lib/ns.so.1 + # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd /var/empty should not contain any files. @@ -34,8 +35,8 @@ privsep user and chroot directory: --with-privsep-path=xxx Path for privilege separation chroot --with-privsep-user=user Specify non-privileged user for privilege separation -Privsep requires operating system support for file descriptor passing -and mmap(MAP_ANON). +Privsep requires operating system support for file descriptor passing. +Compression will be disabled on systems without a working mmap MAP_ANON. PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system @@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $ +$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $ diff --git a/crypto/openssh/TODO b/crypto/openssh/TODO index d094942..4331a13 100644 --- a/crypto/openssh/TODO +++ b/crypto/openssh/TODO @@ -87,4 +87,20 @@ Packaging: - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) -$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $ + +PrivSep Issues: +- mmap() issues. + + /dev/zero solution (Solaris) + + No/broken MAP_ANON (Irix) + + broken /dev/zero parse (Linux) +- PAM + + See above PAM notes +- AIX + + usrinfo() does not set TTY, but only required for legicy systems. Works + with PrivSep. +- OSF + + SIA is broken +- Cygwin + + Privsep for Pre-auth only (no fd passing) + +$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c index 40572e5..ad04b26 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len) { void *p; + if (len > 0x100000) + fatal("buffer_append_space: len %u not supported", len); + /* If the buffer is empty, start using it from the beginning. */ if (buffer->offset == buffer->end) { buffer->offset = 0; @@ -96,6 +99,9 @@ restart: } /* Increase the size of the buffer and retry. */ buffer->alloc += len + 32768; + if (buffer->alloc > 0xa00000) + fatal("buffer_append_space: alloc %u not supported", + buffer->alloc); buffer->buf = xrealloc(buffer->buf, buffer->alloc); goto restart; /* NOTREACHED */ diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 75d24ac..cd2eab7 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - u_int len; int rchan; - int rmaxpack; - int rwindow; + u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); rchan = packet_get_int(); diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index 1f52c54..b87dbc5 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */ +/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */ /* Constants */ @@ -316,14 +316,6 @@ struct winsize { # define _PATH_MAILDIR MAILDIR #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */ -#ifndef _PATH_RSH -# ifdef RSH_PATH -# define _PATH_RSH RSH_PATH -# else /* RSH_PATH */ -# define _PATH_RSH "/usr/bin/rsh" -# endif /* RSH_PATH */ -#endif /* _PATH_RSH */ - #ifndef _PATH_NOLOGIN # define _PATH_NOLOGIN "/etc/nologin" #endif @@ -417,7 +409,18 @@ struct winsize { #endif #ifndef HAVE_GETOPT_OPTRESET -#define getopt(ac, av, o) BSDgetopt(ac, av, o) +# undef getopt +# undef opterr +# undef optind +# undef optopt +# undef optreset +# undef optarg +# define getopt(ac, av, o) BSDgetopt(ac, av, o) +# define opterr BSDopterr +# define optind BSDoptind +# define optopt BSDoptopt +# define optreset BSDoptreset +# define optarg BSDoptarg #endif /* In older versions of libpam, pam_strerror takes a single argument */ diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index d079ab0..bdbf388 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); #include <openssl/crypto.h> @@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) packet_get_char(); for (i = 0; i < PROPOSAL_MAX; i++) xfree(packet_get_string(NULL)); - packet_get_char(); - packet_get_int(); + (void) packet_get_char(); + (void) packet_get_int(); packet_check_eom(); kex_kexinit_finish(kex); diff --git a/crypto/openssh/monitor_fdpass.h b/crypto/openssh/monitor_fdpass.h index cb12c41..31d080e 100644 --- a/crypto/openssh/monitor_fdpass.h +++ b/crypto/openssh/monitor_fdpass.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c index 0076c42..c363036 100644 --- a/crypto/openssh/monitor_mm.c +++ b/crypto/openssh/monitor_mm.c @@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size) */ mm->mmalloc = mmalloc; -#if defined(HAVE_MMAP) && defined(MAP_ANON) +#ifdef HAVE_MMAP_ANON_SHARED address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); if (address == MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif @@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm) mm_freelist(mm->mmalloc, &mm->rb_free); mm_freelist(mm->mmalloc, &mm->rb_allocated); -#ifdef HAVE_MMAP +#ifdef HAVE_MMAP_ANON_SHARED if (munmap(mm->address, mm->size) == -1) fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif if (mm->mmalloc == NULL) diff --git a/crypto/openssh/monitor_mm.h b/crypto/openssh/monitor_mm.h index c0af432..c0a66d5 100644 --- a/crypto/openssh/monitor_mm.h +++ b/crypto/openssh/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> diff --git a/crypto/openssh/msg.c b/crypto/openssh/msg.c index 103aed2..7275c84 100644 --- a/crypto/openssh/msg.c +++ b/crypto/openssh/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $"); #include "buffer.h" #include "getput.h" @@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m) u_char buf[5]; u_int mlen = buffer_len(m); - debug3("msg_send: type %d", type); + debug3("msg_send: type %u", (unsigned int)type & 0xff); PUT_32BIT(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ @@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m) if (res != sizeof(buf)) { if (res == 0) return -1; - fatal("msg_recv: read: header %d", res); + fatal("msg_recv: read: header %ld", (long)res); } msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) diff --git a/crypto/openssh/openbsd-compat/getopt.c b/crypto/openssh/openbsd-compat/getopt.c index 9e13504..f4fbc9b 100644 --- a/crypto/openssh/openbsd-compat/getopt.c +++ b/crypto/openssh/openbsd-compat/getopt.c @@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; #include <stdlib.h> #include <string.h> -int opterr = 1, /* if error message should be printed */ - optind = 1, /* index into parent argv vector */ - optopt, /* character checked for validity */ - optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ +int BSDopterr = 1, /* if error message should be printed */ + BSDoptind = 1, /* index into parent argv vector */ + BSDoptopt, /* character checked for validity */ + BSDoptreset; /* reset getopt */ +char *BSDoptarg; /* argument associated with option */ #define BADCH (int)'?' #define BADARG (int)':' @@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr) static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc || *(place = nargv[optind]) != '-') { + if (BSDoptreset || !*place) { /* update scanning pointer */ + BSDoptreset = 0; + if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { place = EMSG; return (-1); } if (place[1] && *++place == '-') { /* found "--" */ - ++optind; + ++BSDoptind; place = EMSG; return (-1); } } /* option letter okay? */ - if ((optopt = (int)*place++) == (int)':' || - !(oli = strchr(ostr, optopt))) { + if ((BSDoptopt = (int)*place++) == (int)':' || + !(oli = strchr(ostr, BSDoptopt))) { /* * if the user didn't specify '-' as an option, * assume it means -1. */ - if (optopt == (int)'-') + if (BSDoptopt == (int)'-') return (-1); if (!*place) - ++optind; - if (opterr && *ostr != ':') + ++BSDoptind; + if (BSDopterr && *ostr != ':') (void)fprintf(stderr, - "%s: illegal option -- %c\n", __progname, optopt); + "%s: illegal option -- %c\n", __progname, BSDoptopt); return (BADCH); } if (*++oli != ':') { /* don't need argument */ - optarg = NULL; + BSDoptarg = NULL; if (!*place) - ++optind; + ++BSDoptind; } else { /* need an argument */ if (*place) /* no white space */ - optarg = place; - else if (nargc <= ++optind) { /* no arg */ + BSDoptarg = place; + else if (nargc <= ++BSDoptind) { /* no arg */ place = EMSG; if (*ostr == ':') return (BADARG); - if (opterr) + if (BSDopterr) (void)fprintf(stderr, "%s: option requires an argument -- %c\n", - __progname, optopt); + __progname, BSDoptopt); return (BADCH); } else /* white space */ - optarg = nargv[optind]; + BSDoptarg = nargv[BSDoptind]; place = EMSG; - ++optind; + ++BSDoptind; } - return (optopt); /* dump back option letter */ + return (BSDoptopt); /* dump back option letter */ } #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 8651127..a5b2ab6 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p) int packet_read_poll_seqnr(u_int32_t *seqnr_p) { - int reason, seqnr; + u_int reason, seqnr; u_char type; char *msg; @@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) case SSH2_MSG_DISCONNECT: reason = packet_get_int(); msg = packet_get_string(NULL); - log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(), - reason, msg); + log("Received disconnect from %s: %u: %.400s", + get_remote_ipaddr(), reason, msg); xfree(msg); fatal_cleanup(); break; case SSH2_MSG_UNIMPLEMENTED: seqnr = packet_get_int(); - debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr); + debug("Received SSH2_MSG_UNIMPLEMENTED for %u", + seqnr); break; default: return type; @@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) break; case SSH_MSG_DISCONNECT: msg = packet_get_string(NULL); - log("Received disconnect from %s: %.400s", get_remote_ipaddr(), - msg); + log("Received disconnect from %s: %.400s", + get_remote_ipaddr(), msg); fatal_cleanup(); xfree(msg); break; diff --git a/crypto/openssh/scard.c b/crypto/openssh/scard.c index db0cc4a..9791938 100644 --- a/crypto/openssh/scard.c +++ b/crypto/openssh/scard.c @@ -24,7 +24,7 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $"); +RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $"); #include <openssl/evp.h> #include <sectok.h> @@ -191,7 +191,7 @@ sc_read_pubkey(Key * k) status = 0; p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); - debug("fingerprint %d %s", key_size(k), p); + debug("fingerprint %u %s", key_size(k), p); xfree(p); err: diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index c0caff4..396ab64 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -152,5 +152,5 @@ California. .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr ssh_config 5 +.Xr ssh_config 5 , .Xr sshd 8 diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index 779ef2f..10b7992 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $"); #include "openbsd-compat/fake-queue.h" @@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m) msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) - fatal("Received message too long %d", msg_len); + fatal("Received message too long %u", msg_len); while (msg_len) { len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); @@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s, buffer_put_int(&msg, id); buffer_put_string(&msg, s, len); send_msg(fd, &msg); - debug3("Sent message fd %d T:%d I:%d", fd, code, id); + debug3("Sent message fd %d T:%u I:%u", fd, code, id); buffer_free(&msg); } @@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s, buffer_put_string(&msg, s, len); encode_attrib(&msg, a); send_msg(fd, &msg); - debug3("Sent message fd %d T:%d I:%d", fd, code, id); + debug3("Sent message fd %d T:%u I:%u", fd, code, id); buffer_free(&msg); } static u_int -get_status(int fd, int expected_id) +get_status(int fd, u_int expected_id) { Buffer msg; u_int type, id, status; @@ -145,15 +145,15 @@ get_status(int fd, int expected_id) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type != SSH2_FXP_STATUS) - fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d", + fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u", SSH2_FXP_STATUS, type); status = buffer_get_int(&msg); buffer_free(&msg); - debug3("SSH2_FXP_STATUS %d", status); + debug3("SSH2_FXP_STATUS %u", status); return(status); } @@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); error("Couldn't get handle: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_HANDLE) - fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d", + fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u", SSH2_FXP_HANDLE, type); handle = buffer_get_string(&msg, len); @@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet) type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received stat reply T:%d I:%d", type, id); + debug3("Received stat reply T:%u I:%u", type, id); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); @@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet) error("Couldn't stat remote file: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_ATTRS) { - fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d", + fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u", SSH2_FXP_ATTRS, type); } a = decode_attrib(&msg); @@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet) struct sftp_conn * do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) { - int type, version; + u_int type; + int version; Buffer msg; struct sftp_conn *ret; @@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) /* Expecting a VERSION reply */ if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { - error("Invalid packet back from SSH2_FXP_INIT (type %d)", + error("Invalid packet back from SSH2_FXP_INIT (type %u)", type); buffer_free(&msg); return(NULL); @@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len) buffer_put_int(&msg, id); buffer_put_string(&msg, handle, handle_len); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_CLOSE I:%d", id); + debug3("Sent message SSH2_FXP_CLOSE I:%u", id); status = get_status(conn->fd_in, id); if (status != SSH2_FX_OK) @@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, id = expected_id = conn->msg_id++; - debug3("Sending SSH2_FXP_READDIR I:%d", id); + debug3("Sending SSH2_FXP_READDIR I:%u", id); buffer_clear(&msg); buffer_put_char(&msg, SSH2_FXP_READDIR); @@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received reply T:%d I:%d", type, id); + debug3("Received reply T:%u I:%u", type, id); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); @@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, return(status); } } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { u_int status = buffer_get_int(&msg); @@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path) error("Couldn't canonicalise: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { u_int status = buffer_get_int(&msg); @@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path) error("Couldn't readlink: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, attrib_clear(&junk); /* Send empty attributes */ encode_attrib(&msg, &junk); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); handle = get_handle(conn->fd_in, id, &handle_len); if (handle == NULL) { @@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, get_msg(conn->fd_in, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received reply T:%d I:%d R:%d", type, id, max_req); + debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ for(req = TAILQ_FIRST(&requests); @@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, (unsigned long long)req->offset + len - 1); if (len > req->len) fatal("Received more data than asked for " - "%d > %d", len, req->len); + "%u > %u", len, req->len); if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || atomicio(write, local_fd, data, len) != len) && !write_error) { @@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, } break; default: - fatal("Expected SSH2_FXP_DATA(%d) packet, got %d", + fatal("Expected SSH2_FXP_DATA(%u) packet, got %u", SSH2_FXP_DATA, type); } } @@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); encode_attrib(&msg, &a); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); buffer_clear(&msg); @@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_int64(&msg, offset); buffer_put_string(&msg, data, len); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u", + debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); } else if (TAILQ_FIRST(&acks) == NULL) break; @@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, ack = TAILQ_NEXT(ack, tq)) ; if (ack == NULL) - fatal("Can't find request for ID %d", r_id); + fatal("Can't find request for ID %u", r_id); TAILQ_REMOVE(&acks, ack, tq); if (status != SSH2_FX_OK) { @@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, close(local_fd); goto done; } - debug3("In write loop, ack for %u %d bytes at %llu", + debug3("In write loop, ack for %u %u bytes at %llu", ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; free(ack); diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index ceda879..b061711 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */ /* * Copyright (c) 2001,2002 Damien Miller. All rights reserved. @@ -41,11 +41,9 @@ struct SFTP_DIRENT { * Initialiase a SSH filexfer connection. Returns -1 on error or * protocol version on success. */ -struct sftp_conn * -do_init(int, int, u_int, u_int); +struct sftp_conn *do_init(int, int, u_int, u_int); -u_int -sftp_proto_version(struct sftp_conn *); +u_int sftp_proto_version(struct sftp_conn *); /* Close file referred to by 'handle' */ int do_close(struct sftp_conn *, char *, u_int); diff --git a/crypto/openssh/sftp-common.c b/crypto/openssh/sftp-common.c index 4fb4496..6bed0ab 100644 --- a/crypto/openssh/sftp-common.c +++ b/crypto/openssh/sftp-common.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -70,6 +70,7 @@ Attrib * decode_attrib(Buffer *b) { static Attrib a; + attrib_clear(&a); a.flags = buffer_get_int(b); if (a.flags & SSH2_FILEXFER_ATTR_SIZE) @@ -88,6 +89,7 @@ decode_attrib(Buffer *b) if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) { char *type, *data; int i, count; + count = buffer_get_int(b); for (i = 0; i < count; i++) { type = buffer_get_string(b, NULL); diff --git a/crypto/openssh/sftp-int.c b/crypto/openssh/sftp-int.c index 5b1d384..b13e5da 100644 --- a/crypto/openssh/sftp-int.c +++ b/crypto/openssh/sftp-int.c @@ -26,7 +26,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) help(); break; case I_VERSION: - printf("SFTP protocol version %d\n", sftp_proto_version(conn)); + printf("SFTP protocol version %u\n", sftp_proto_version(conn)); break; default: fatal("%d is not implemented", cmdnum); diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index 9db28e7..a5c3255 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error) "Unknown error" /* Others */ }; - TRACE("sent status id %d error %d", id, error); + TRACE("sent status id %u error %u", id, error); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_STATUS); buffer_put_int(&msg, id); @@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen) static void send_data(u_int32_t id, char *data, int dlen) { - TRACE("sent data id %d len %d", id, dlen); + TRACE("sent data id %u len %d", id, dlen); send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); } @@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle) int hlen; handle_to_string(handle, &string, &hlen); - TRACE("sent handle id %d handle %d", id, handle); + TRACE("sent handle id %u handle %d", id, handle); send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); xfree(string); } @@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats) buffer_put_char(&msg, SSH2_FXP_NAME); buffer_put_int(&msg, id); buffer_put_int(&msg, count); - TRACE("sent names id %d count %d", id, count); + TRACE("sent names id %u count %d", id, count); for (i = 0; i < count; i++) { buffer_put_cstring(&msg, stats[i].name); buffer_put_cstring(&msg, stats[i].long_name); @@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a) { Buffer msg; - TRACE("sent attrib id %d have 0x%x", id, a->flags); + TRACE("sent attrib id %u have 0x%x", id, a->flags); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_ATTRS); buffer_put_int(&msg, id); @@ -391,7 +391,7 @@ process_open(void) a = get_attrib(); flags = flags_from_portable(pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; - TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode); + TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); @@ -417,7 +417,7 @@ process_close(void) id = get_int(); handle = get_handle(); - TRACE("close id %d handle %d", id, handle); + TRACE("close id %u handle %d", id, handle); ret = handle_close(handle); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -436,7 +436,7 @@ process_read(void) off = get_int64(); len = get_int(); - TRACE("read id %d handle %d off %llu len %d", id, handle, + TRACE("read id %u handle %d off %llu len %d", id, handle, (u_int64_t)off, len); if (len > sizeof buf) { len = sizeof buf; @@ -477,7 +477,7 @@ process_write(void) off = get_int64(); data = get_string(&len); - TRACE("write id %d handle %d off %llu len %d", id, handle, + TRACE("write id %u handle %d off %llu len %d", id, handle, (u_int64_t)off, len); fd = handle_to_fd(handle); if (fd >= 0) { @@ -512,7 +512,7 @@ process_do_stat(int do_lstat) id = get_int(); name = get_string(NULL); - TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name); + TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name); ret = do_lstat ? lstat(name, &st) : stat(name, &st); if (ret < 0) { status = errno_to_portable(errno); @@ -548,7 +548,7 @@ process_fstat(void) id = get_int(); handle = get_handle(); - TRACE("fstat id %d handle %d", id, handle); + TRACE("fstat id %u handle %d", id, handle); fd = handle_to_fd(handle); if (fd >= 0) { ret = fstat(fd, &st); @@ -582,13 +582,12 @@ process_setstat(void) Attrib *a; u_int32_t id; char *name; - int ret; - int status = SSH2_FX_OK; + int status = SSH2_FX_OK, ret; id = get_int(); name = get_string(NULL); a = get_attrib(); - TRACE("setstat id %d name %s", id, name); + TRACE("setstat id %u name %s", id, name); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { ret = truncate(name, a->size); if (ret == -1) @@ -625,7 +624,7 @@ process_fsetstat(void) id = get_int(); handle = get_handle(); a = get_attrib(); - TRACE("fsetstat id %d handle %d", id, handle); + TRACE("fsetstat id %u handle %d", id, handle); fd = handle_to_fd(handle); name = handle_to_name(handle); if (fd < 0 || name == NULL) { @@ -677,7 +676,7 @@ process_opendir(void) id = get_int(); path = get_string(NULL); - TRACE("opendir id %d path %s", id, path); + TRACE("opendir id %u path %s", id, path); dirp = opendir(path); if (dirp == NULL) { status = errno_to_portable(errno); @@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st) if ((pw = getpwuid(st->st_uid)) != NULL) { user = pw->pw_name; } else { - snprintf(ubuf, sizeof ubuf, "%d", st->st_uid); + snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); user = ubuf; } if ((gr = getgrgid(st->st_gid)) != NULL) { group = gr->gr_name; } else { - snprintf(gbuf, sizeof gbuf, "%d", st->st_gid); + snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); group = gbuf; } if (ltime != NULL) { @@ -749,7 +748,7 @@ process_readdir(void) id = get_int(); handle = get_handle(); - TRACE("readdir id %d handle %d", id, handle); + TRACE("readdir id %u handle %d", id, handle); dirp = handle_to_dir(handle); path = handle_to_name(handle); if (dirp == NULL || path == NULL) { @@ -759,6 +758,7 @@ process_readdir(void) char pathname[1024]; Stat *stats; int nstats = 10, count = 0, i; + stats = xmalloc(nstats * sizeof(Stat)); while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { @@ -802,7 +802,7 @@ process_remove(void) id = get_int(); name = get_string(NULL); - TRACE("remove id %d name %s", id, name); + TRACE("remove id %u name %s", id, name); ret = unlink(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -822,7 +822,7 @@ process_mkdir(void) a = get_attrib(); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm & 0777 : 0777; - TRACE("mkdir id %d name %s mode 0%o", id, name, mode); + TRACE("mkdir id %u name %s mode 0%o", id, name, mode); ret = mkdir(name, mode); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -838,7 +838,7 @@ process_rmdir(void) id = get_int(); name = get_string(NULL); - TRACE("rmdir id %d name %s", id, name); + TRACE("rmdir id %u name %s", id, name); ret = rmdir(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -858,7 +858,7 @@ process_realpath(void) xfree(path); path = xstrdup("."); } - TRACE("realpath id %d path %s", id, path); + TRACE("realpath id %u path %s", id, path); if (realpath(path, resolvedname) == NULL) { send_status(id, errno_to_portable(errno)); } else { @@ -881,7 +881,7 @@ process_rename(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("rename id %d old %s new %s", id, oldpath, newpath); + TRACE("rename id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ if (stat(newpath, &st) == -1) { ret = rename(oldpath, newpath); @@ -902,7 +902,7 @@ process_readlink(void) id = get_int(); path = get_string(NULL); - TRACE("readlink id %d path %s", id, path); + TRACE("readlink id %u path %s", id, path); if ((len = readlink(path, link, sizeof(link) - 1)) == -1) send_status(id, errno_to_portable(errno)); else { @@ -927,7 +927,7 @@ process_symlink(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("symlink id %d old %s new %s", id, oldpath, newpath); + TRACE("symlink id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ if (stat(newpath, &st) == -1) { ret = symlink(oldpath, newpath); diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index f941d18..fac2564 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $"); /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -53,8 +53,10 @@ static void connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) { int c_in, c_out; + #ifdef USE_PIPES int pin[2], pout[2]; + if ((pipe(pin) == -1) || (pipe(pout) == -1)) fatal("pipe: %s", strerror(errno)); *in = pin[0]; @@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) c_out = pin[1]; #else /* USE_PIPES */ int inout[2]; + if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) fatal("socketpair: %s", strerror(errno)); *in = *out = inout[0]; diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index e5ea1e3..0227436 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -69,7 +69,7 @@ The options are as follows: Bind the agent to the unix-domain socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXX/agent.<pid> . +.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> . .It Fl c Generate C-shell commands on .Dv stdout . @@ -151,7 +151,7 @@ user. .Pp The .Ev SSH_AGENT_PID -environment variable holds the agent's PID. +environment variable holds the agent's process ID. .Pp The agent exits automatically when the command given on the command line terminates. @@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user. Contains the protocol version 2 DSA authentication identity of the user. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXX/agent.<pid> +.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/crypto/openssh/ssh-dss.c b/crypto/openssh/ssh-dss.c index 02403f5..dbf8465 100644 --- a/crypto/openssh/ssh-dss.c +++ b/crypto/openssh/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $"); #define SIGBLOB_LEN (2*INTBLOB_LEN) int -ssh_dss_sign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { DSA_SIG *sig; @@ -71,7 +69,7 @@ ssh_dss_sign( rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - error("bad sig size %d %d", rlen, slen); + error("bad sig size %u %u", rlen, slen); DSA_SIG_free(sig); return -1; } @@ -104,9 +102,7 @@ ssh_dss_sign( return 0; } int -ssh_dss_verify( - Key *key, - u_char *signature, u_int signaturelen, +ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, u_char *data, u_int datalen) { DSA_SIG *sig; @@ -151,7 +147,7 @@ ssh_dss_verify( } if (len != SIGBLOB_LEN) { - fatal("bad sigbloblen %d != SIGBLOB_LEN", len); + fatal("bad sigbloblen %u != SIGBLOB_LEN", len); } /* parse signature */ diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index df8c90a..4273c11 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw) } fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); fprintf(stdout, - "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", + "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n", key_size(k), key_type(k), pw->pw_name, hostname); dump_base64(stdout, blob, len); @@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw) public = key_load_public(identity_file, &comment); if (public != NULL) { fp = key_fingerprint(public, fptype, rep); - printf("%d %s %s\n", key_size(public), fp, comment); + printf("%u %s %s\n", key_size(public), fp, comment); key_free(public); xfree(comment); xfree(fp); @@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw) if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { int quoted = 0; comment = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + for (; *cp && (quoted || (*cp != ' ' && + *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ else if (*cp == '"') @@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw) } comment = *cp ? cp : comment; fp = key_fingerprint(public, fptype, rep); - printf("%d %s %s\n", key_size(public), fp, + printf("%u %s %s\n", key_size(public), fp, comment ? comment : "no comment"); xfree(fp); key_free(public); diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c index 3e66294..782279b 100644 --- a/crypto/openssh/ssh-rsa.c +++ b/crypto/openssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $"); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int -ssh_rsa_sign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { const EVP_MD *evp_md; @@ -72,17 +70,18 @@ ssh_rsa_sign( if (ok != 1) { int ecode = ERR_get_error(); - error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL)); + error("ssh_rsa_sign: RSA_sign failed: %s", + ERR_error_string(ecode, NULL)); xfree(sig); return -1; } if (len < slen) { int diff = slen - len; - debug("slen %d > len %d", slen, len); + debug("slen %u > len %u", slen, len); memmove(sig + diff, sig, len); memset(sig, 0, diff); } else if (len > slen) { - error("ssh_rsa_sign: slen %d slen2 %d", slen, len); + error("ssh_rsa_sign: slen %u slen2 %u", slen, len); xfree(sig); return -1; } @@ -105,9 +104,7 @@ ssh_rsa_sign( } int -ssh_rsa_verify( - Key *key, - u_char *signature, u_int signaturelen, +ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, u_char *data, u_int datalen) { Buffer b; @@ -148,12 +145,12 @@ ssh_rsa_verify( /* RSA_verify expects a signature of RSA_size */ modlen = RSA_size(key->rsa); if (len > modlen) { - error("ssh_rsa_verify: len %d > modlen %d", len, modlen); + error("ssh_rsa_verify: len %u > modlen %u", len, modlen); xfree(sigblob); return -1; } else if (len < modlen) { int diff = modlen - len; - debug("ssh_rsa_verify: add padding: modlen %d > len %d", + debug("ssh_rsa_verify: add padding: modlen %u > len %u", modlen, len); sigblob = xrealloc(sigblob, modlen); memmove(sigblob + diff, sigblob, len); @@ -176,7 +173,8 @@ ssh_rsa_verify( xfree(sigblob); if (ret == 0) { int ecode = ERR_get_error(); - error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL)); + error("ssh_rsa_verify: RSA_verify failed: %s", + ERR_error_string(ecode, NULL)); } debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); return ret; diff --git a/crypto/openssh/tildexpand.c b/crypto/openssh/tildexpand.c index e89a7ad..cbe9811 100644 --- a/crypto/openssh/tildexpand.c +++ b/crypto/openssh/tildexpand.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $"); +RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid) if (len > MAXPATHLEN) fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1); expanded = xmalloc(len); - snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1); + snprintf(expanded, len, "%s%s%s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1); return expanded; } |
