summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2004-10-28 16:03:53 +0000
committerdes <des@FreeBSD.org>2004-10-28 16:03:53 +0000
commitb0cdf22191013178c7694637560137915289f816 (patch)
treedc2c261fdeb1a1f5f118d61796660764d36ca826 /crypto/openssh
parent8f7bf32c3425ea16db5bcd8d80ec43127389066c (diff)
parentd5d493f03ae792146848e3cba16bb9e667c73125 (diff)
downloadFreeBSD-src-b0cdf22191013178c7694637560137915289f816.zip
FreeBSD-src-b0cdf22191013178c7694637560137915289f816.tar.gz
This commit was generated by cvs2svn to compensate for changes in r137015,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/openssh')
-rw-r--r--crypto/openssh/CREDITS7
-rw-r--r--crypto/openssh/ChangeLog675
-rw-r--r--crypto/openssh/INSTALL4
-rw-r--r--crypto/openssh/Makefile.in28
-rw-r--r--crypto/openssh/OVERVIEW1
-rw-r--r--crypto/openssh/README20
-rw-r--r--crypto/openssh/README.platform10
-rw-r--r--crypto/openssh/README.privsep8
-rw-r--r--crypto/openssh/auth2-gss.c12
-rw-r--r--crypto/openssh/auth2-none.c11
-rw-r--r--crypto/openssh/auth2-pubkey.c8
-rw-r--r--crypto/openssh/buildpkg.sh.in562
-rw-r--r--crypto/openssh/clientloop.c478
-rw-r--r--crypto/openssh/clientloop.h4
-rwxr-xr-xcrypto/openssh/config.guess441
-rwxr-xr-xcrypto/openssh/config.sub135
-rw-r--r--crypto/openssh/defines.h9
-rw-r--r--crypto/openssh/dh.c30
-rw-r--r--crypto/openssh/dh.h3
-rw-r--r--crypto/openssh/dns.c8
-rw-r--r--crypto/openssh/envpass.sh44
-rw-r--r--crypto/openssh/gss-serv-krb5.c10
-rw-r--r--crypto/openssh/kex.c45
-rw-r--r--crypto/openssh/kex.h7
-rw-r--r--crypto/openssh/kexdhc.c13
-rw-r--r--crypto/openssh/kexdhs.c13
-rw-r--r--crypto/openssh/log.c6
-rw-r--r--crypto/openssh/logintest.c6
-rw-r--r--crypto/openssh/mdoc2man.awk10
-rw-r--r--crypto/openssh/misc.c36
-rw-r--r--crypto/openssh/misc.h25
-rw-r--r--crypto/openssh/moduli.c86
-rw-r--r--crypto/openssh/monitor_fdpass.c12
-rw-r--r--crypto/openssh/monitor_mm.c2
-rw-r--r--crypto/openssh/nchan.c20
-rw-r--r--crypto/openssh/openbsd-compat/Makefile.in4
-rw-r--r--crypto/openssh/openbsd-compat/bsd-arc4random.c12
-rw-r--r--crypto/openssh/openbsd-compat/bsd-closefrom.c100
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.c7
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.h2
-rw-r--r--crypto/openssh/openbsd-compat/getrrsetbyname.c4
-rw-r--r--crypto/openssh/openbsd-compat/openbsd-compat.h6
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.c88
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.h6
-rw-r--r--crypto/openssh/openbsd-compat/sys-queue.h19
-rw-r--r--crypto/openssh/openbsd-compat/xmmap.c11
-rwxr-xr-xcrypto/openssh/opensshd.init.in82
-rw-r--r--crypto/openssh/packet.c53
-rw-r--r--crypto/openssh/progressmeter.c24
-rw-r--r--crypto/openssh/readpass.c11
-rw-r--r--crypto/openssh/regress/Makefile12
-rw-r--r--crypto/openssh/regress/README.regress31
-rw-r--r--crypto/openssh/regress/dynamic-forward.sh4
-rw-r--r--crypto/openssh/regress/envpass.sh51
-rw-r--r--crypto/openssh/regress/login-timeout.sh4
-rw-r--r--crypto/openssh/regress/multiplex.sh74
-rw-r--r--crypto/openssh/regress/reexec.sh87
-rw-r--r--crypto/openssh/regress/scp-ssh-wrapper.sh54
-rw-r--r--crypto/openssh/regress/scp.sh82
-rw-r--r--crypto/openssh/regress/test-exec.sh35
-rw-r--r--crypto/openssh/regress/try-ciphers.sh4
-rw-r--r--crypto/openssh/scard-opensc.c2
-rw-r--r--crypto/openssh/scard.c4
-rw-r--r--crypto/openssh/scp.17
-rw-r--r--crypto/openssh/sftp-client.c39
-rw-r--r--crypto/openssh/sftp-server.c48
-rw-r--r--crypto/openssh/sftp.125
-rw-r--r--crypto/openssh/sftp.c188
-rw-r--r--crypto/openssh/ssh-agent.122
-rw-r--r--crypto/openssh/ssh-gss.h40
-rw-r--r--crypto/openssh/ssh-keygen.111
-rw-r--r--crypto/openssh/ssh-keygen.c32
-rw-r--r--crypto/openssh/ssh-keyscan.14
-rw-r--r--crypto/openssh/ssh-keysign.c20
-rw-r--r--crypto/openssh/ssh-rand-helper.c10
-rw-r--r--crypto/openssh/ssh1.h8
-rw-r--r--crypto/openssh/sshpty.h6
-rw-r--r--crypto/openssh/sshtty.c4
-rw-r--r--crypto/openssh/tildexpand.c4
-rw-r--r--crypto/openssh/ttymodes.h18
80 files changed, 3431 insertions, 717 deletions
diff --git a/crypto/openssh/CREDITS b/crypto/openssh/CREDITS
index a1aec3c..2a77b87 100644
--- a/crypto/openssh/CREDITS
+++ b/crypto/openssh/CREDITS
@@ -31,6 +31,7 @@ David Agraz <dagraz@jahoopa.com> - Build fixes
David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
+Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
Garrick James <garrick@james.net> - configure fixes
Gary E. Miller <gem@rellim.com> - SCO support
@@ -43,7 +44,7 @@ Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
Jani Hakala <jahakala@cc.jyu.fi> - Patches
Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
-Jim Knoble <jmknoble@jmknoble.cx> - Many patches
+Jim Knoble <jmknoble@pobox.com> - Many patches
Jonchen (email unknown) - the original author of PAM support of SSH
Juergen Keil <jk@tools.de> - scp bugfixing
KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
@@ -61,6 +62,7 @@ Martin Johansson <fatbob@acc.umu.se> - Linux fixes
Mark D. Roth <roth+openssh@feep.net> - Features, bug fixes
Mark Miller <markm@swoon.net> - Bugfixes
Matt Richards <v2matt@btv.ibm.com> - AIX patches
+Michael Steffens <michael_steffens at hp.com> - HP-UX fixes
Michael Stone <mstone@cs.loyola.edu> - Irix enhancements
Nakaji Hiroyuki <nakaji@tutrp.tut.ac.jp> - Sony News-OS patch
Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
@@ -76,6 +78,7 @@ Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - Bugfixes
Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
+Robert Dahlem <Robert.Dahlem at siemens.com> - Reliant Unix fixes
Roumen Petrov <openssh@roumenpetrov.info> - Compile & configure fixes
SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV
@@ -95,5 +98,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
-$Id: CREDITS,v 1.77 2004/01/30 04:00:50 dtucker Exp $
+$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index e259be6..2292ffb 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,10 +1,681 @@
+20040817
+ - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/08/16 08:17:01
+ [version.h]
+ 3.9
+ - (djm) Crank RPM spec version numbers
+ - (djm) Release 3.9p1
+
+20040816
+ - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
+ to convince Solaris PAM to honour password complexity rules. ok djm@
+
+20040815
+ - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
+ it does the right thing on all platforms. ok djm@
+ - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
+ openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
+ closefrom() replacement from sudo; ok dtucker@
+ - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
+ - (dtucker) [Makefile.in] Fix typo.
+
+20040814
+ - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
+ Explicitly set umask for mkstemp; ok djm@
+ - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
+ prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
+ - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
+ Plug AIX login recording into login_write so logins will be recorded for
+ all auth types.
+
+20040813
+ - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
+ redhat.com
+- (dtucker) OpenBSD CVS Sync
+ - avsm@cvs.openbsd.org 2004/08/11 21:43:05
+ [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
+ some signed/unsigned int comparison cleanups; markus@ ok
+ - avsm@cvs.openbsd.org 2004/08/11 21:44:32
+ [authfd.c scp.c ssh-keyscan.c]
+ use atomicio instead of homegrown equivalents or read/write.
+ markus@ ok
+ - djm@cvs.openbsd.org 2004/08/12 09:18:24
+ [sshlogin.c]
+ typo in error message, spotted by moritz AT jodeit.org (Id sync only)
+ - jakob@cvs.openbsd.org 2004/08/12 21:41:13
+ [ssh-keygen.1 ssh.1]
+ improve SSHFP documentation; ok deraadt@
+ - jmc@cvs.openbsd.org 2004/08/13 00:01:43
+ [ssh-keygen.1]
+ kill whitespace at eol;
+ - djm@cvs.openbsd.org 2004/08/13 02:51:48
+ [monitor_fdpass.c]
+ extra check for no message case; ok markus, deraadt, hshoexer, henning
+ - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
+ [servconf.c]
+ Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
+ ok markus@, djm@
+
+20040812
+ - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/07/28 08:56:22
+ [sshd.c]
+ call setsid() _before_ re-exec
+ - markus@cvs.openbsd.org 2004/07/28 09:40:29
+ [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
+ sshconnect1.c]
+ more s/illegal/invalid/
+ - djm@cvs.openbsd.org 2004/08/04 10:37:52
+ [dh.c]
+ return group14 when no primes found - fixes hang on empty /etc/moduli;
+ ok markus@
+ - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
+ [servconf.c]
+ Fix minor leak; "looks right" deraadt@
+ - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
+ [sshd.c]
+ Don't try to close startup_pipe if it's not open; ok djm@
+ - djm@cvs.openbsd.org 2004/08/11 11:59:22
+ [sshlogin.c]
+ check that lseek went were we told it to; ok markus@
+ (Id sync only, but similar changes are needed in loginrec.c)
+ - djm@cvs.openbsd.org 2004/08/11 12:01:16
+ [sshlogin.c]
+ make store_lastlog_message() static to appease -Wall; ok markus
+ - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
+ messages generated before the postauth privsep split.
+
+20040720
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/07/21 08:56:12
+ [auth.c]
+ s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
+ miod, ...
+ - djm@cvs.openbsd.org 2004/07/21 10:33:31
+ [auth1.c auth2.c]
+ bz#899: Don't display invalid usernames in setproctitle
+ from peak AT argo.troja.mff.cuni.cz; ok markus@
+ - djm@cvs.openbsd.org 2004/07/21 10:36:23
+ [gss-serv-krb5.c]
+ fix function declaration
+ - djm@cvs.openbsd.org 2004/07/21 11:51:29
+ [canohost.c]
+ bz#902: cache remote port so we don't fatal() in auth_log when remote
+ connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
+ ok markus@
+ - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
+ usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
+
+20040720
+ - (djm) [log.c] bz #111: Escape more control characters when sending data
+ to syslog; from peak AT argo.troja.mff.cuni.cz
+ - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
+ peak AT argo.troja.mff.cuni.cz
+ - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
+ that sshd is fixed to behave better; suggested by tim
+
+20040719
+ - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
+ ok dtucker@
+ - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
+ instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
+ - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
+ Report by rac AT tenzing.org
+
+20040717
+ - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
+ ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
+ openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
+ diff vs OpenBSD; ok mouring@, tested by tim@ too.
+ - (dtucker) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
+ [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
+ readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
+ session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
+ sshd.c ttymodes.h]
+ spaces
+ - brad@cvs.openbsd.org 2004/07/12 23:34:25
+ [ssh-keyscan.1]
+ Fix incorrect macro, .I -> .Em
+ From: Eric S. Raymond <esr at thyrsus dot com>
+ ok jmc@
+ - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
+ [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
+ Move "Last logged in at.." message generation to the monitor, right
+ before recording the new login. Fixes missing lastlog message when
+ /var/log/lastlog is not world-readable and incorrect datestamp when
+ multiple sessions are used (bz #463); much assistance & ok markus@
+
+20040711
+ - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
+ the monitor to properly clean up the PAM thread (Debian bug #252676).
+
+20040709
+ - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
+ vinschen AT redhat.com
+
+20040708
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2004/07/03 05:11:33
+ [sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
+ Use '\0' not 0 for string; ok djm@, deraadt@
+ - dtucker@cvs.openbsd.org 2004/07/03 11:02:25
+ [monitor_wrap.c]
+ Put s/key functions inside #ifdef SKEY same as monitor.c,
+ from des@freebsd via bz #330, ok markus@
+ - dtucker@cvs.openbsd.org 2004/07/08 12:47:21
+ [scp.c]
+ Prevent scp from skipping the file following a double-error.
+ bz #863, ok markus@
+
+20040702
+ - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
+ strube at physik3.gwdg.de a long time ago.
+
+20040701
+ - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
+ Ensures messages from PAM modules are displayed when privsep=no.
+ - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
+ warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
+ - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
+ to pam_authenticate for challenge-response auth too. Originally from
+ fcusack at fcusack.com, ok djm@
+ - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
+ the same version. Handle the case where someone uses --with-privsep-user=
+ and the user name does not match the group name. ok dtucker@
+
+20040630
+ - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
+ appdata_ptr to the conversation function. ok djm@
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2004/06/26 09:03:21
+ [ssh.1]
+ - remove double word
+ - rearrange .Bk to keep SYNOPSIS nice
+ - -M before -m in options description
+ - jmc@cvs.openbsd.org 2004/06/26 09:11:14
+ [ssh_config.5]
+ punctuation and grammar fixes. also, keep the options in order.
+ - jmc@cvs.openbsd.org 2004/06/26 09:14:40
+ [sshd_config.5]
+ new sentence, new line;
+ - avsm@cvs.openbsd.org 2004/06/26 20:07:16
+ [sshd.c]
+ initialise some fd variables to -1, djm@ ok
+ - djm@cvs.openbsd.org 2004/06/30 08:36:59
+ [session.c]
+ unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
+
+20040627
+ - (tim) update README files.
+ - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros.
+ - (dtucker) [regress/README.regress] Document new variables.
+ - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
+ rename handling for Linux which returns EPERM for link() on (at least some)
+ filesystems that do not support hard links. sftp-server will fall back to
+ stat+rename() in such cases.
+ - (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
+
+20040626
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/25 18:43:36
+ [sshd.c]
+ fix broken fd handling in the re-exec fallback path, particularly when
+ /dev/crypto is in use; ok deraadt@ markus@
+ - djm@cvs.openbsd.org 2004/06/25 23:21:38
+ [sftp.c]
+ bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
+
+20040625
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/24 19:30:54
+ [servconf.c servconf.h sshd.c]
+ re-exec sshd on accept(); initial work, final debugging and ok markus@
+ - djm@cvs.openbsd.org 2004/06/25 01:16:09
+ [sshd.c]
+ only perform tcp wrappers checks when the incoming connection is on a
+ socket. silences useless warnings from regress tests that use
+ proxycommand="sshd -i". prompted by david@ ok markus@
+ - djm@cvs.openbsd.org 2004/06/24 19:32:00
+ [regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
+ regress test for re-exec corner cases
+ - djm@cvs.openbsd.org 2004/06/25 01:25:12
+ [regress/test-exec.sh]
+ clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
+ - dtucker@cvs.openbsd.org 2004/06/25 05:38:48
+ [sftp-server.c]
+ Fall back to stat+rename if filesystem doesn't doesn't support hard
+ links. bz#823, ok djm@
+ - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
+ Add closefrom() for platforms that don't have it.
+ - (dtucker) [sshd.c] add line missing from reexec sync.
+
+20040623
+ - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
+ connections with empty passwords. Patch from davidwu at nbttech.com,
+ ok djm@
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2004/06/22 22:42:02
+ [regress/envpass.sh]
+ Add quoting for test -z; ok markus@
+ - dtucker@cvs.openbsd.org 2004/06/22 22:45:52
+ [regress/test-exec.sh]
+ Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
+ arbitary options to sshd_config and ssh_config during tests. ok markus@
+ - dtucker@cvs.openbsd.org 2004/06/22 22:55:56
+ [regress/dynamic-forward.sh regress/test-exec.sh]
+ Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
+ - mouring@cvs.openbsd.org 2004/06/23 00:39:38
+ [rijndael.c]
+ -Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@
+ - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
+ [ssh.c]
+ Fix counting in master/slave when passing environment variables; ok djm@
+ - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
+ -Wshadow change.
+ - (bal) [Makefile.in] Remove opensshd.init on 'make distclean'
+ - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
+ Move loginrestrictions test to port-aix.c, replace with a generic hook.
+ - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable.
+ - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
+ reference to "findssl.sh"
+
+20040622
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/20 17:36:59
+ [ssh.c]
+ filter passed env vars at slave in connection sharing case; ok markus@
+ - djm@cvs.openbsd.org 2004/06/20 18:53:39
+ [sftp.c]
+ make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
+ (like /bin/ls); idea & ok markus@
+ - djm@cvs.openbsd.org 2004/06/20 19:28:12
+ [sftp.1]
+ mention new -n flag
+ - avsm@cvs.openbsd.org 2004/06/21 17:36:31
+ [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
+ cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
+ monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
+ ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
+ sshpty.c]
+ make ssh -Wshadow clean, no functional changes
+ markus@ ok
+ - djm@cvs.openbsd.org 2004/06/21 17:53:03
+ [session.c]
+ fix fd leak for multiple subsystem connections; with markus@
+ - djm@cvs.openbsd.org 2004/06/21 22:02:58
+ [log.h]
+ mark fatal and cleanup exit as __dead; ok markus@
+ - djm@cvs.openbsd.org 2004/06/21 22:04:50
+ [sftp.c]
+ introduce sorting for ls, same options as /bin/ls; ok markus@
+ - djm@cvs.openbsd.org 2004/06/21 22:30:45
+ [sftp.c]
+ prefix ls option flags with LS_
+ - djm@cvs.openbsd.org 2004/06/21 22:41:31
+ [sftp.1]
+ document sort options
+ - djm@cvs.openbsd.org 2004/06/22 01:16:39
+ [sftp.c]
+ don't show .files by default in ls, add -a option to turn them back on;
+ ok markus
+ - markus@cvs.openbsd.org 2004/06/22 03:12:13
+ [regress/envpass.sh regress/multiplex.sh]
+ more portable env passing tests
+ - dtucker@cvs.openbsd.org 2004/06/22 05:05:45
+ [monitor.c monitor_wrap.c]
+ Change login->username, will prevent -Wshadow errors in Portable;
+ ok markus@
+ - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".
+ - (dtucker) [defines.h] Define __dead if not already defined.
+ - (bal) [auth-passwd.c auth1.c] Clean up unused variables.
+
+20040620
+ - (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
+
+20040619
+ - (dtucker) [auth-pam.c] Don't use PAM namespace for
+ pam_password_change_required either.
+ - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
+ init script to top level directory. Add opensshd.init.in.
+ Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in
+
+20040618
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/17 14:52:48
+ [clientloop.c clientloop.h ssh.c]
+ support environment passing over shared connections; ok markus@
+ - djm@cvs.openbsd.org 2004/06/17 15:10:14
+ [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
+ Add option for confirmation (ControlMaster=ask) via ssh-askpass before
+ opening shared connections; ok markus@
+ - djm@cvs.openbsd.org 2004/06/17 14:53:27
+ [regress/multiplex.sh]
+ shared connection env passing regress test
+ - (dtucker) [regress/README.regress] Add detail on how to run a single
+ test from the top-level Makefile.
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/17 23:56:57
+ [ssh.1 ssh.c]
+ sync usage() and SYNPOSIS with connection sharing changes
+ - dtucker@cvs.openbsd.org 2004/06/18 06:13:25
+ [sftp.c]
+ Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@
+ - dtucker@cvs.openbsd.org 2004/06/18 06:15:51
+ [multiplex.sh]
+ Use -S for scp/sftp to force the use of the ssh being tested.
+ ok djm@,markus@
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/06/18 10:40:19
+ [ssh.c]
+ delay signal handler setup until we have finished talking to the master.
+ allow interrupting of setup (e.g. if master is stuck); ok markus@
+ - markus@cvs.openbsd.org 2004/06/18 10:55:43
+ [ssh.1 ssh.c]
+ trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask';
+ ok djm
+ - djm@cvs.openbsd.org 2004/06/18 11:11:54
+ [channels.c clientloop.c]
+ Don't explode in clientloop when we receive a bogus channel id, but
+ also don't generate them to begin with; ok markus@
+
+20040617
+ - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
+ platforms), so test if diff understands it. Pointed out by tim@, ok djm@
+ - (dtucker) OpenBSD CVS Sync regress/
+ - dtucker@cvs.openbsd.org 2004/06/17 05:51:59
+ [regress/multiplex.sh]
+ Remove datafile between and after tests, kill sshd rather than wait;
+ ok djm@
+ - dtucker@cvs.openbsd.org 2004/06/17 06:00:05
+ [regress/multiplex.sh]
+ Use DATA and COPY for test data rather than hard-coded paths; ok djm@
+ - dtucker@cvs.openbsd.org 2004/06/17 06:19:06
+ [regress/multiplex.sh]
+ Add small description of failing test to failure message; ok djm@
+ - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
+ it.
+ - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
+ enough for slow systems, especially if they don't have a kernel RNG).
+
+20040616
+ - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
+ code changes.
+ - (dtucker) OpenBSD CVS Sync regress/
+ - djm@cvs.openbsd.org 2004/04/27 09:47:30
+ [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
+ regress test for environment passing, SendEnv & AcceptEnv options;
+ ok markus@
+ - dtucker@cvs.openbsd.org 2004/06/13 13:51:02
+ [regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
+ regress/scp.sh]
+ Add scp regression test; with & ok markus@
+ - djm@cvs.openbsd.org 2004/06/13 15:04:08
+ [regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
+ regress test for client multiplexing; ok markus@
+ - djm@cvs.openbsd.org 2004/06/13 15:16:54
+ [regress/test-exec.sh]
+ remove duplicate setting of $SCP; spotted by markus@
+ - dtucker@cvs.openbsd.org 2004/06/16 13:15:09
+ [regress/scp.sh]
+ Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@
+ - dtucker@cvs.openbsd.org 2004/06/16 13:16:40
+ [regress/multiplex.sh]
+ Silence multiplex sftp and scp tests. ok markus@
+ - (dtucker) [regress/test-exec.sh]
+ Move Portable-only StrictModes to top of list to make syncs easier.
+ - (dtucker) [regress/README.regress]
+ Add $TEST_SHELL to readme.
+
+20040615
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/05/26 08:59:57
+ [sftp.c]
+ exit -> _exit in forked child on error; from andrushock AT korovino.net
+ - markus@cvs.openbsd.org 2004/05/26 23:02:39
+ [channels.c]
+ missing freeaddrinfo; Andrey Matveev
+ - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
+ [readconf.c]
+ Kill dead code after fatal(); ok djm@
+ - dtucker@cvs.openbsd.org 2004/06/01 14:20:45
+ [auth2-chall.c]
+ Remove redundant #include; ok markus@
+ - pedro@cvs.openbsd.org 2004/06/03 12:22:20
+ [sftp-client.c sftp.c]
+ initialize pointers, ok markus@
+ - djm@cvs.openbsd.org 2004/06/13 12:53:24
+ [dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
+ [ssh-keyscan.c sshconnect2.c sshd.c]
+ implement diffie-hellman-group14-sha1 kex method (trivial extension to
+ existing diffie-hellman-group1-sha1); ok markus@
+ - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
+ [ssh.1 ssh_config.5 sshd_config.5]
+ List supported ciphers in man pages, tidy up ssh -c;
+ "looks fine" jmc@, ok markus@
+ - djm@cvs.openbsd.org 2004/06/13 15:03:02
+ [channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
+ [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
+ implement session multiplexing in the client (the server has supported
+ this since 2.0); ok markus@
+ - djm@cvs.openbsd.org 2004/06/14 01:44:39
+ [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
+ [sshd.c]
+ set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
+ - djm@cvs.openbsd.org 2004/06/15 05:45:04
+ [clientloop.c]
+ missed one unset_nonblock; spotted by Tim Rice
+ - (djm) Fix Makefile.in for connection sharing changes
+ - (djm) [ssh.c] Use separate var for address length
+
+20040603
+ - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
+ ok djm@
+
+20040601
+ - (djm) [auth-pam.c] Add copyright for local changes
+
+20040530
+ - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM
+ support for PasswordAuthentication=yes. ok djm@
+ - (dtucker) [auth-pam.c] Use an invalid password for root if
+ PermitRootLogin != yes or the login is invalid, to prevent leaking
+ information. Based on Openwall's owl-always-auth patch. ok djm@
+ - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
+ - (tim) [buildpkg.sh.in] New file. A more flexible version of
+ contrib/solaris/buildpkg.sh used for "make package".
+ - (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file.
+
+20040527
+ - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
+ contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
+ and Jim Knoble's email address , from Jim himself.
+
+20040524
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/05/19 12:17:33
+ [sftp-client.c sftp.c]
+ gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
+ waiting for a command; ok markus@
+ - dtucker@cvs.openbsd.org 2004/05/20 10:58:05
+ [clientloop.c]
+ Trivial type fix 0 -> '\0'; ok markus@
+ - markus@cvs.openbsd.org 2004/05/21 08:43:03
+ [kex.h moduli.c tildexpand.c]
+ add prototypes for -Wall; ok djm
+ - djm@cvs.openbsd.org 2004/05/21 11:33:11
+ [channels.c channels.h clientloop.c serverloop.c ssh.1]
+ bz #756: add support for the cancel-tcpip-forward request for the server
+ and the client (through the ~C commandline). reported by z3p AT
+ twistedmatrix.com; ok markus@
+ - djm@cvs.openbsd.org 2004/05/22 06:32:12
+ [clientloop.c ssh.1]
+ use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
+ - jmc@cvs.openbsd.org 2004/05/22 16:01:05
+ [ssh.1]
+ kill whitespace at eol;
+ - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
+ [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
+ sshd_config.5]
+ Add MaxAuthTries sshd config option; ok markus@
+ - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
+ is terminated if the privsep slave exits during keyboard-interactive
+ authentication. ok djm@
+ - (dtucker) [sshd.c] Fix typo in comment.
+
+20040523
+ - (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
+ sshd_config; ok dtucker@
+ - (djm) [configure.ac] Warn if the system has no known way of figuring out
+ which user is on the other end of a Unix domain socket; ok dtucker@
+ - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
+ old/broken/incomplete <sys/queue.h>.
+
+20040513
+ - (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
+ libresolv, fixes problems detecting it on some platforms
+ (eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2004/05/04 18:36:07
+ [scp.1]
+ SendEnv here too;
+ - jmc@cvs.openbsd.org 2004/05/06 11:24:23
+ [ssh_config.5]
+ typo from John Cosimano (PR 3770);
+ - deraadt@cvs.openbsd.org 2004/05/08 00:01:37
+ [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
+ tildexpand.c], removed: sshtty.h tildexpand.h
+ make two tiny header files go away; djm ok
+ - djm@cvs.openbsd.org 2004/05/08 00:21:31
+ [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
+ sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
+ kill a tiny header; ok deraadt@
+ - djm@cvs.openbsd.org 2004/05/09 00:06:47
+ [moduli.c ssh-keygen.c] removed: moduli.h
+ zap another tiny header; ok deraadt@
+ - djm@cvs.openbsd.org 2004/05/09 01:19:28
+ [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
+ sshd.c] removed: mpaux.c mpaux.h
+ kill some more tiny files; ok deraadt@
+ - djm@cvs.openbsd.org 2004/05/09 01:26:48
+ [kex.c]
+ don't overwrite what we are trying to compute
+ - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
+ [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
+ packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
+ improve some code lint did not like; djm millert ok
+ - dtucker@cvs.openbsd.org 2004/05/13 02:47:50
+ [ssh-agent.1]
+ Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
+ - (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
+ UsePAM section. Parts from djm@ and jmc@.
+ - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
+ readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR
+ is defined before using.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR
+ -> HAVE_DECL_H_ERRNO.
+
+20040502
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/04/22 11:56:57
+ [moduli.c]
+ Bugzilla #850: Sophie Germain is the correct name of the French
+ mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
+ - djm@cvs.openbsd.org 2004/04/27 09:46:37
+ [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
+ ssh_config.5 sshd_config.5]
+ bz #815: implement ability to pass specified environment variables from
+ the client to the server; ok markus@
+ - djm@cvs.openbsd.org 2004/04/28 05:17:10
+ [ssh_config.5 sshd_config.5]
+ manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
+ - jmc@cvs.openbsd.org 2004/04/28 07:02:56
+ [sshd_config.5]
+ remove unnecessary .Pp;
+ - jmc@cvs.openbsd.org 2004/04/28 07:13:42
+ [sftp.1 ssh.1]
+ add SendEnv to -o list;
+ - dtucker@cvs.openbsd.org 2004/05/02 11:54:31
+ [sshd.8]
+ Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
+ via Debian; ok djm@
+ - dtucker@cvs.openbsd.org 2004/05/02 11:57:52
+ [ssh.1]
+ ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via
+ Debian. ok djm@
+ - dtucker@cvs.openbsd.org 2004/05/02 23:02:17
+ [sftp.1]
+ ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@
+ - dtucker@cvs.openbsd.org 2004/05/02 23:17:51
+ [scp.1]
+ ConnectionTimeout -> ConnectTimeout for scp.1 too.
+
+20040423
+ - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
+ as extern int if not already declared. Fixes compile errors on old SCO
+ platforms. ok tim@
+ - (dtucker) [README.platform] List prereqs for building on Cygwin.
+
+20040421
+ - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@
+
+20040420
+ - (djm) OpenBSD CVS Sync
+ - henning@cvs.openbsd.org 2004/04/08 16:08:21
+ [sshconnect2.c]
+ swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what
+ FreeBSD and NetBSD do.
+ ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
+ - djm@cvs.openbsd.org 2004/04/18 23:10:26
+ [readconf.c readconf.h ssh-keysign.c ssh.c]
+ perform strict ownership and modes checks for ~/.ssh/config files,
+ as these can be used to execute arbitrary programs; ok markus@
+ NB. ssh will now exit when it detects a config with poor permissions
+ - djm@cvs.openbsd.org 2004/04/19 13:02:40
+ [ssh.1 ssh_config.5]
+ document strict permission checks on ~/.ssh/config; prompted by,
+ with & ok jmc@
+ - jmc@cvs.openbsd.org 2004/04/19 16:12:14
+ [ssh_config.5]
+ kill whitespace at eol;
+ - djm@cvs.openbsd.org 2004/04/19 21:51:49
+ [ssh.c]
+ fix idiot typo that i introduced in my last commit;
+ spotted by cschneid AT cschneid.com
+ - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for
+ above change
+ - (djm) [configure.ac] Check whether libroken is required when building
+ with Heimdal
+
+20040419
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2004/02/29 22:04:45
+ [regress/login-timeout.sh]
+ Use sudo when restarting daemon during test. ok markus@
+ - dtucker@cvs.openbsd.org 2004/03/08 10:17:12
+ [regress/login-timeout.sh]
+ Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only)
+ - djm@cvs.openbsd.org 2004/03/30 12:41:56
+ [sftp-client.c]
+ sync comment with reality
+ - djm@cvs.openbsd.org 2004/03/31 21:58:47
+ [canohost.c]
+ don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
+ - markus@cvs.openbsd.org 2004/04/01 12:19:57
+ [scp.c]
+ limit trust between local and remote rcp/scp process,
+ noticed by lcamtuf; ok deraadt@, djm@
+
20040418
- (dtucker) [auth-pam.c] Log username and source host for failed PAM
authentication attempts. With & ok djm@
- (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
change of user context without a password, so relax auth method
restrictions; from vinschen AT redhat.com; ok dtucker@
- - Release 3.8.1p1
20040416
- (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since
@@ -983,4 +1654,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3316.2.1 2004/04/18 12:51:12 djm Exp $
+$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $
diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL
index a1c0e4b..dae1bb1 100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@ -30,7 +30,7 @@ libraries and headers.
GNOME:
http://www.gnome.org/
-Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11
+Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
passphrase requester. This is maintained separately at:
http://www.jmknoble.net/software/x11-ssh-askpass/
@@ -200,4 +200,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
-$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $
+$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $
diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in
index 919b368..a603609 100644
--- a/crypto/openssh/Makefile.in
+++ b/crypto/openssh/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.257 2004/02/18 03:35:11 djm Exp $
+# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -67,22 +67,21 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o moduli.o mpaux.o nchan.o packet.o \
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
- atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
- rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
- kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
+ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
entropy.o scard-opensc.o gss-genr.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
- sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
+ sshpty.o sshlogin.o servconf.o serverloop.o \
auth.o auth1.o auth2.o auth-options.o session.o \
auth-chall.o auth2-chall.o groupaccess.o \
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
- monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
- kexdhs.o kexgexs.o \
+ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o
@@ -200,11 +199,14 @@ clean: regressclean
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
- rm -f *.out core
- rm -f Makefile config.h config.status ssh_prng_cmds *~
+ rm -f *.out core opensshd.init
+ rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~
rm -rf autom4te.cache
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
+ if test -d pkg ; then \
+ rm -fr pkg ; \
+ fi
veryclean: distclean
rm -f configure config.h.in *.0
@@ -375,7 +377,7 @@ tests: $(TARGETS)
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
[ -f `pwd`/regress/Makefile ] || \
ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
- TEST_SHELL="@TEST_MINUS_S_SH@"; \
+ TEST_SHELL="@TEST_SHELL@"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@@ -407,3 +409,9 @@ regressclean:
if [ -f regress/Makefile -a -r regress/Makefile ]; then \
(cd regress && $(MAKE) clean) \
fi
+
+package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
+ if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
+ sh buildpkg.sh; \
+ fi
+
diff --git a/crypto/openssh/OVERVIEW b/crypto/openssh/OVERVIEW
index df46ec2..d1a768c 100644
--- a/crypto/openssh/OVERVIEW
+++ b/crypto/openssh/OVERVIEW
@@ -40,7 +40,6 @@ these programs.
Multiple Precision Integer Library
- Uses the SSLeay BIGNUM sublibrary.
- - Some auxiliary functions for mp-int manipulation are in mpaux.c.
Random Numbers
diff --git a/crypto/openssh/README b/crypto/openssh/README
index 0620d0e..8724d8b 100644
--- a/crypto/openssh/README
+++ b/crypto/openssh/README
@@ -15,10 +15,11 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
-for OpenBSD library functions that are (regrettably) absent from other
-unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
-Irix and AIX. Support for SCO, NeXT and other Unices is underway.
+support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
+functions that are (regrettably) absent from other unices. This port
+has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
+NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.
+
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
@@ -32,13 +33,8 @@ refer to http://www.openssh.com/list.html for details on how to join.
Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
-unsubscribed users.
-
-If you are a citizen of an USA-embargoed country to which export of
-cryptographic products is restricted, then please refrain from sending
-crypto-related code or patches to the list. We cannot accept them.
-Other code contribution are accepted, but please follow the OpenBSD
-style guidelines[6].
+unsubscribed users.Code contribution are welcomed, but please follow the
+OpenBSD style guidelines[6].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
@@ -65,4 +61,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.54 2004/04/18 10:32:56 djm Exp $
+$Id: README,v 1.56 2004/08/14 00:26:30 djm Exp $
diff --git a/crypto/openssh/README.platform b/crypto/openssh/README.platform
index c4d0c74..880b83c 100644
--- a/crypto/openssh/README.platform
+++ b/crypto/openssh/README.platform
@@ -13,10 +13,18 @@ Accounts in this state must have their passwords reset manually by the
administrator. As a precaution, it is recommended that the administrative
passwords be reset before upgrading from OpenSSH <3.8.
+
+Cygwin
+------
+To build on Cygwin, OpenSSH requires the following packages:
+gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
+openssl-devel, zlib, minres, minires-devel.
+
+
Solaris
-------
Currently, sshd does not support BSM auditting. This can show up as errors
when editting cron entries via crontab. See.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
-$Id: README.platform,v 1.1 2004/02/24 05:14:41 dtucker Exp $
+$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $
diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep
index 9d48bbc..3240377 100644
--- a/crypto/openssh/README.privsep
+++ b/crypto/openssh/README.privsep
@@ -42,9 +42,9 @@ PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
configuration.
-On Compaq Tru64 Unix, only the pre-authentication part of privsep is
-supported. Post-authentication privsep is disabled automatically (so
-you won't see the additional process mentioned below).
+On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
+part of privsep is supported. Post-authentication privsep is disabled
+automatically (so you won't see the additional process mentioned below).
Note that for a normal interactive login with a shell, enabling privsep
will require 1 additional process per login session.
@@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $
+$Id: README.privsep,v 1.14 2004/06/28 03:50:36 tim Exp $
diff --git a/crypto/openssh/auth2-gss.c b/crypto/openssh/auth2-gss.c
index 9249988..3289ba1 100644
--- a/crypto/openssh/auth2-gss.c
+++ b/crypto/openssh/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -54,7 +54,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *);
static int
userauth_gssapi(Authctxt *authctxt)
{
- gss_OID_desc oid = {0, NULL};
+ gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
gss_OID_set supported;
@@ -85,9 +85,9 @@ userauth_gssapi(Authctxt *authctxt)
if (len > 2 &&
doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
- oid.elements = doid + 2;
- oid.length = len - 2;
- gss_test_oid_set_member(&ms, &oid, supported,
+ goid.elements = doid + 2;
+ goid.length = len - 2;
+ gss_test_oid_set_member(&ms, &goid, supported,
&present);
} else {
logit("Badly formed OID received");
@@ -101,7 +101,7 @@ userauth_gssapi(Authctxt *authctxt)
return (0);
}
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
xfree(doid);
return (0);
}
diff --git a/crypto/openssh/auth2-none.c b/crypto/openssh/auth2-none.c
index c342add..2bf5b5c 100644
--- a/crypto/openssh/auth2-none.c
+++ b/crypto/openssh/auth2-none.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $");
#include "auth.h"
#include "xmalloc.h"
@@ -46,7 +46,7 @@ auth2_read_banner(void)
{
struct stat st;
char *banner = NULL;
- off_t len, n;
+ size_t len, n;
int fd;
if ((fd = open(options.banner, O_RDONLY)) == -1)
@@ -55,7 +55,12 @@ auth2_read_banner(void)
close(fd);
return (NULL);
}
- len = st.st_size;
+ if (st.st_size > 1*1024*1024) {
+ close(fd);
+ return (NULL);
+ }
+
+ len = (size_t)st.st_size; /* truncate */
banner = xmalloc(len + 1);
n = atomicio(read, fd, banner, len);
close(fd);
diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c
index 3063eec..9898d4a 100644
--- a/crypto/openssh/auth2-pubkey.c
+++ b/crypto/openssh/auth2-pubkey.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@@ -205,7 +205,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
found = key_new(key->type);
while (fgets(line, sizeof(line), f)) {
- char *cp, *options = NULL;
+ char *cp, *key_options = NULL;
linenum++;
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -217,7 +217,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
/* no key? check if there are options for this key */
int quoted = 0;
debug2("user_key_allowed: check options: '%s'", cp);
- options = cp;
+ key_options = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
@@ -234,7 +234,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
}
}
if (key_equal(found, key) &&
- auth_parse_options(pw, options, file, linenum) == 1) {
+ auth_parse_options(pw, key_options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
diff --git a/crypto/openssh/buildpkg.sh.in b/crypto/openssh/buildpkg.sh.in
new file mode 100644
index 0000000..f243e90
--- /dev/null
+++ b/crypto/openssh/buildpkg.sh.in
@@ -0,0 +1,562 @@
+#!/bin/sh
+#
+# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
+#
+# The following code has been provide under Public Domain License. I really
+# don't care what you use it for. Just as long as you don't complain to me
+# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
+#
+umask 022
+#
+# Options for building the package
+# You can create a openssh-config.local with your customized options
+#
+REMOVE_FAKE_ROOT_WHEN_DONE=yes
+#
+# uncommenting TEST_DIR and using
+# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
+# and
+# PKGNAME=tOpenSSH should allow testing a package without interfering
+# with a real OpenSSH package on a system. This is not needed on systems
+# that support the -R option to pkgadd.
+#TEST_DIR=/var/tmp # leave commented out for production build
+PKGNAME=OpenSSH
+# revisions within the same version (REV=a)
+#REV=
+SYSVINIT_NAME=opensshd
+MAKE=${MAKE:="make"}
+SSHDUID=67 # Default privsep uid
+SSHDGID=67 # Default privsep gid
+# uncomment these next three as needed
+#PERMIT_ROOT_LOGIN=no
+#X11_FORWARDING=yes
+#USR_LOCAL_IS_SYMLINK=yes
+# System V init run levels
+SYSVINITSTART=S98
+SYSVINITSTOPT=K30
+# We will source these if they exist
+POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
+POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
+# We'll be one level deeper looking for these
+PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
+PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local
+PKG_PREREMOVE_LOCAL=../pkg-preremove.local
+PKG_POSTREMOVE_LOCAL=../pkg-postremove.local
+PKG_REQUEST_LOCAL=../pkg-request.local
+# end of sourced files
+#
+OPENSSHD=opensshd.init
+
+PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
+PATH_USERADD_PROG=@PATH_USERADD_PROG@
+PATH_PASSWD_PROG=@PATH_PASSWD_PROG@
+#
+# list of system directories we do NOT want to change owner/group/perms
+# when installing our package
+SYSTEM_DIR="/etc \
+/etc/init.d \
+/etc/rcS.d \
+/etc/rc0.d \
+/etc/rc1.d \
+/etc/rc2.d \
+/etc/opt \
+/opt \
+/opt/bin \
+/usr \
+/usr/bin \
+/usr/lib \
+/usr/sbin \
+/usr/share \
+/usr/share/man \
+/usr/share/man/man1 \
+/usr/share/man/man8 \
+/usr/local \
+/usr/local/bin \
+/usr/local/etc \
+/usr/local/libexec \
+/usr/local/man \
+/usr/local/man/man1 \
+/usr/local/man/man8 \
+/usr/local/sbin \
+/usr/local/share \
+/var \
+/var/opt \
+/var/run \
+/var/tmp \
+/tmp"
+
+# We may need to build as root so we make sure PATH is set up
+# only set the path if it's not set already
+[ -d /opt/bin ] && {
+ echo $PATH | grep ":/opt/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/opt/bin
+}
+[ -d /usr/local/bin ] && {
+ echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
+}
+[ -d /usr/ccs/bin ] && {
+ echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
+}
+export PATH
+#
+
+[ -f Makefile ] || {
+ echo "Please run this script from your build directory"
+ exit 1
+}
+
+# we will look for openssh-config.local to override the above options
+[ -s ./openssh-config.local ] && . ./openssh-config.local
+
+START=`pwd`
+FAKE_ROOT=$START/pkg
+
+## Fill in some details, like prefix and sysconfdir
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir
+do
+ eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+done
+
+
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+ eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+ SSH_PRIVSEP_USER=sshd
+fi
+
+## Extract common info requires for the 'info' part of the package.
+VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
+
+ARCH=`uname -m`
+DEF_MSG="\n"
+OS_VER=`uname -v`
+SCRIPT_SHELL=/sbin/sh
+UNAME_S=`uname -s`
+case ${UNAME_S} in
+ SunOS) UNAME_S=Solaris
+ ARCH=`uname -p`
+ RCS_D=yes
+ DEF_MSG="(default: n)"
+ ;;
+ SCO_SV) UNAME_S=OpenServer
+ OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
+ SCRIPT_SHELL=/bin/sh
+ RC1_D=no
+ DEF_MSG="(default: n)"
+ ;;
+esac
+
+case `basename $0` in
+ buildpkg.sh)
+## Start by faking root install
+echo "Faking root install..."
+[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
+mkdir $FAKE_ROOT
+${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
+if [ $? -gt 0 ]
+then
+ echo "Fake root install failed, stopping."
+ exit 1
+fi
+
+## Setup our run level stuff while we are at it.
+mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
+
+cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+
+[ "${PERMIT_ROOT_LOGIN}" = no ] && \
+ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+[ "${X11_FORWARDING}" = yes ] && \
+ perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+# fix PrintMotd
+perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+
+# We don't want to overwrite config files on multiple installs
+mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
+mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
+[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
+mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
+
+# local tweeks here
+[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
+
+cd $FAKE_ROOT
+
+## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
+## whining.
+for i in *; do
+ PROTO_ARGS="$PROTO_ARGS $i=/$i";
+done
+
+## Build info file
+echo "Building pkginfo file..."
+cat > pkginfo << _EOF
+PKG=$PKGNAME
+NAME="OpenSSH Portable for ${UNAME_S}"
+DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
+VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
+ARCH=$ARCH
+VERSION=$VERSION$REV
+CATEGORY="Security,application"
+BASEDIR=/
+CLASSES="none"
+PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
+_EOF
+
+## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS
+echo "Building depend file..."
+touch depend
+
+## Build space file
+echo "Building space file..."
+cat > space << _EOF
+# extra space required by start/stop links added by installf in postinstall
+$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
+$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
+_EOF
+[ "$RC1_D" = no ] || \
+echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+[ "$RCS_D" = yes ] && \
+echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+
+## Build preinstall file
+echo "Building preinstall file..."
+cat > preinstall << _EOF
+#! ${SCRIPT_SHELL}
+#
+_EOF
+
+# local preinstall changes here
+[ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL}
+
+cat >> preinstall << _EOF
+#
+[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+exit 0
+_EOF
+
+## Build postinstall file
+echo "Building postinstall file..."
+cat > postinstall << _EOF
+#! ${SCRIPT_SHELL}
+#
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
+ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
+ \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
+ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
+ \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
+ [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
+ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
+ \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
+}
+
+# make rc?.d dirs only if we are doing a test install
+[ -n "${TEST_DIR}" ] && {
+ [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
+ mkdir -p ${TEST_DIR}/etc/rc0.d
+ [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
+ mkdir -p ${TEST_DIR}/etc/rc2.d
+}
+
+if [ "\${USE_SYM_LINKS}" = yes ]
+then
+ [ "$RCS_D" = yes ] && \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+else
+ [ "$RCS_D" = yes ] && \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+fi
+
+# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
+[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys
+
+_EOF
+
+# local postinstall changes here
+[ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL}
+
+cat >> postinstall << _EOF
+installf -f ${PKGNAME}
+
+# Use chroot to handle PKG_INSTALL_ROOT
+if [ ! -z "\${PKG_INSTALL_ROOT}" ]
+then
+ chroot="chroot \${PKG_INSTALL_ROOT}"
+fi
+# If this is a test build, we will skip the groupadd/useradd/passwd commands
+if [ ! -z "${TEST_DIR}" ]
+then
+ chroot=echo
+fi
+
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
+then
+ echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+ echo "or group."
+else
+ echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+
+ # user required?
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+ then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+ SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\`
+ SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\`
+ else
+ DO_PASSWD=yes
+ fi
+ [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER
+
+ # group required?
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null
+ then
+ echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists."
+ else
+ DO_GROUP=yes
+ fi
+
+ # create group if required
+ [ "\$DO_GROUP" = yes ] && {
+ # Use gid of 67 if possible
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
+ then
+ :
+ else
+ sshdgid="-g $SSHDGID"
+ fi
+ echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP."
+ \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP
+ }
+
+ # Create user if required
+ [ "\$DO_PASSWD" = yes ] && {
+ # Use uid of 67 if possible
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
+ then
+ :
+ else
+ sshduid="-u $SSHDUID"
+ fi
+ echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+ \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
+ \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
+ }
+fi
+
+[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
+exit 0
+_EOF
+
+## Build preremove file
+echo "Building preremove file..."
+cat > preremove << _EOF
+#! ${SCRIPT_SHELL}
+#
+${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+_EOF
+
+# local preremove changes here
+[ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL}
+
+cat >> preremove << _EOF
+exit 0
+_EOF
+
+## Build postremove file
+echo "Building postremove file..."
+cat > postremove << _EOF
+#! ${SCRIPT_SHELL}
+#
+_EOF
+
+# local postremove changes here
+[ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL}
+
+cat >> postremove << _EOF
+exit 0
+_EOF
+
+## Build request file
+echo "Building request file..."
+cat > request << _EOF
+trap 'exit 3' 15
+
+_EOF
+
+[ -x /usr/bin/ckyorn ] || cat >> request << _EOF
+
+ckyorn() {
+# for some strange reason OpenServer has no ckyorn
+# We build a striped down version here
+
+DEFAULT=n
+PROMPT="Yes or No [yes,no,?,quit]"
+HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no."
+USAGE="usage: ckyorn [options]
+where options may include:
+ -d default
+ -h help
+ -p prompt
+"
+
+if [ \$# != 0 ]
+then
+ while getopts d:p:h: c
+ do
+ case \$c in
+ h) HELP_PROMPT="\$OPTARG" ;;
+ d) DEFAULT=\$OPTARG ;;
+ p) PROMPT=\$OPTARG ;;
+ \\?) echo "\$USAGE" 1>&2
+ exit 1 ;;
+ esac
+ done
+ shift \`expr \$OPTIND - 1\`
+fi
+
+while true
+do
+ echo "\${PROMPT}\\c " 1>&2
+ read key
+ [ -z "\$key" ] && key=\$DEFAULT
+ case \$key in
+ [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c"
+ exit 0 ;;
+ \\?) echo \$HELP_PROMPT 1>&2 ;;
+ q|quit) echo "q\\c" 1>&2
+ exit 3 ;;
+ esac
+done
+
+}
+
+_EOF
+
+cat >> request << _EOF
+USE_SYM_LINKS=no
+PRE_INS_STOP=no
+POST_INS_START=no
+# Use symbolic links?
+ans=\`ckyorn -d n \
+-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
+case \$ans in
+ [y,Y]*) USE_SYM_LINKS=yes ;;
+esac
+
+# determine if should restart the daemon
+if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
+then
+ ans=\`ckyorn -d n \
+-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) PRE_INS_STOP=yes
+ POST_INS_START=yes
+ ;;
+ esac
+
+else
+
+# determine if we should start sshd
+ ans=\`ckyorn -d n \
+-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) POST_INS_START=yes ;;
+ esac
+fi
+
+# make parameters available to installation service,
+# and so to any other packaging scripts
+cat >\$1 <<!
+USE_SYM_LINKS='\$USE_SYM_LINKS'
+PRE_INS_STOP='\$PRE_INS_STOP'
+POST_INS_START='\$POST_INS_START'
+!
+
+_EOF
+
+# local request changes here
+[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
+
+cat >> request << _EOF
+exit 0
+
+_EOF
+
+## Next Build our prototype
+echo "Building prototype file..."
+cat >mk-proto.awk << _EOF
+ BEGIN { print "i pkginfo"; print "i depend"; \\
+ print "i preinstall"; print "i postinstall"; \\
+ print "i preremove"; print "i postremove"; \\
+ print "i request"; print "i space"; \\
+ split("$SYSTEM_DIR",sys_files); }
+ {
+ for (dir in sys_files) { if ( \$3 != sys_files[dir] )
+ { if ( \$1 == "s" )
+ { \$5=""; \$6=""; }
+ else
+ { \$5="root"; \$6="sys"; }
+ }
+ else
+ { \$4="?"; \$5="?"; \$6="?"; break;}
+ } }
+ { print; }
+_EOF
+
+find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
+ pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
+
+# /usr/local is a symlink on some systems
+[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
+ grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
+ mv prototype.new prototype
+}
+
+## Step back a directory and now build the package.
+cd ..
+# local prototype tweeks here
+[ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS}
+
+echo "Building package.."
+pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
+ ;;
+
+ justpkg.sh)
+rm -fr ${FAKE_ROOT}/${PKGNAME}
+grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp
+mv $$tmp $FAKE_ROOT/pkginfo
+cat >> $FAKE_ROOT/pkginfo << _EOF
+PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
+_EOF
+pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
+ ;;
+
+esac
+
+[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT
+exit 0
+
diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c
index 626b29a..0b9a0fb 100644
--- a/crypto/openssh/clientloop.c
+++ b/crypto/openssh/clientloop.c
@@ -59,7 +59,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -79,9 +79,11 @@ RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $");
#include "clientloop.h"
#include "authfd.h"
#include "atomicio.h"
-#include "sshtty.h"
+#include "sshpty.h"
#include "misc.h"
-#include "readpass.h"
+#include "monitor_fdpass.h"
+#include "match.h"
+#include "msg.h"
/* import options */
extern Options options;
@@ -92,6 +94,9 @@ extern int stdin_null_flag;
/* Flag indicating that no shell has been requested */
extern int no_shell_flag;
+/* Control socket */
+extern int control_fd;
+
/*
* Name of the host we are connecting to. This is the name given on the
* command line, or the HostName specified for the user-supplied name in a
@@ -132,16 +137,27 @@ static int server_alive_timeouts = 0;
static void client_init_dispatch(void);
int session_ident = -1;
+struct confirm_ctx {
+ int want_tty;
+ int want_subsys;
+ Buffer cmd;
+ char *term;
+ struct termios tio;
+ char **env;
+};
+
/*XXX*/
extern Kex *xxx_kex;
+void ssh_process_session2_setup(int, int, int, Buffer *);
+
/* Restores stdin to blocking mode. */
static void
leave_non_blocking(void)
{
if (in_non_blocking_mode) {
- (void) fcntl(fileno(stdin), F_SETFL, 0);
+ unset_nonblock(fileno(stdin));
in_non_blocking_mode = 0;
}
}
@@ -152,7 +168,7 @@ static void
enter_non_blocking(void)
{
in_non_blocking_mode = 1;
- (void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+ set_nonblock(fileno(stdin));
}
/*
@@ -292,19 +308,13 @@ client_check_window_change(void)
/** XXX race */
received_window_change_signal = 0;
- if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
- return;
-
debug2("client_check_window_change: changed");
if (compat20) {
- channel_request_start(session_ident, "window-change", 0);
- packet_put_int(ws.ws_col);
- packet_put_int(ws.ws_row);
- packet_put_int(ws.ws_xpixel);
- packet_put_int(ws.ws_ypixel);
- packet_send();
+ channel_send_window_changes();
} else {
+ if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
+ return;
packet_start(SSH_CMSG_WINDOW_SIZE);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_col);
@@ -336,10 +346,9 @@ server_alive_check(void)
* Waits until the client can do something (some data becomes available on
* one of the file descriptors).
*/
-
static void
client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
- int *maxfdp, int *nallocp, int rekeying)
+ int *maxfdp, u_int *nallocp, int rekeying)
{
struct timeval tv, *tvp;
int ret;
@@ -382,6 +391,9 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
if (packet_have_data_to_write())
FD_SET(connection_out, *writesetp);
+ if (control_fd != -1)
+ FD_SET(control_fd, *readsetp);
+
/*
* Wait for something to happen. This will suspend the process until
* some selected descriptor can be read, written, or has some other
@@ -390,7 +402,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
if (options.server_alive_interval == 0 || !compat20)
tvp = NULL;
- else {
+ else {
tv.tv_sec = options.server_alive_interval;
tv.tv_usec = 0;
tvp = &tv;
@@ -501,12 +513,229 @@ client_process_net_input(fd_set * readset)
}
static void
+client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
+{
+ int id;
+ Channel *c;
+
+ id = packet_get_int();
+ packet_check_eom();
+
+ if ((c = channel_lookup(id)) == NULL) {
+ error("%s: no channel for id %d", __func__, id);
+ return;
+ }
+
+ if (type == SSH2_MSG_CHANNEL_SUCCESS)
+ debug2("Request suceeded on channel %d", id);
+ else if (type == SSH2_MSG_CHANNEL_FAILURE) {
+ error("Request failed on channel %d", id);
+ channel_free(c);
+ }
+}
+
+static void
+client_extra_session2_setup(int id, void *arg)
+{
+ struct confirm_ctx *cctx = arg;
+ Channel *c;
+ int i;
+
+ if (cctx == NULL)
+ fatal("%s: cctx == NULL", __func__);
+ if ((c = channel_lookup(id)) == NULL)
+ fatal("%s: no channel for id %d", __func__, id);
+
+ client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
+ cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
+ client_subsystem_reply);
+
+ c->confirm_ctx = NULL;
+ buffer_free(&cctx->cmd);
+ xfree(cctx->term);
+ if (cctx->env != NULL) {
+ for (i = 0; cctx->env[i] != NULL; i++)
+ xfree(cctx->env[i]);
+ xfree(cctx->env);
+ }
+ xfree(cctx);
+}
+
+static void
+client_process_control(fd_set * readset)
+{
+ Buffer m;
+ Channel *c;
+ int client_fd, new_fd[3], ver, i, allowed;
+ socklen_t addrlen;
+ struct sockaddr_storage addr;
+ struct confirm_ctx *cctx;
+ char *cmd;
+ u_int len, env_len;
+ uid_t euid;
+ gid_t egid;
+
+ /*
+ * Accept connection on control socket
+ */
+ if (control_fd == -1 || !FD_ISSET(control_fd, readset))
+ return;
+
+ memset(&addr, 0, sizeof(addr));
+ addrlen = sizeof(addr);
+ if ((client_fd = accept(control_fd,
+ (struct sockaddr*)&addr, &addrlen)) == -1) {
+ error("%s accept: %s", __func__, strerror(errno));
+ return;
+ }
+
+ if (getpeereid(client_fd, &euid, &egid) < 0) {
+ error("%s getpeereid failed: %s", __func__, strerror(errno));
+ close(client_fd);
+ return;
+ }
+ if ((euid != 0) && (getuid() != euid)) {
+ error("control mode uid mismatch: peer euid %u != uid %u",
+ (u_int) euid, (u_int) getuid());
+ close(client_fd);
+ return;
+ }
+
+ allowed = 1;
+ if (options.control_master == 2) {
+ char *p, prompt[1024];
+
+ allowed = 0;
+ snprintf(prompt, sizeof(prompt),
+ "Allow shared connection to %s? ", host);
+ p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+ if (p != NULL) {
+ /*
+ * Accept empty responses and responses consisting
+ * of the word "yes" as affirmative.
+ */
+ if (*p == '\0' || *p == '\n' ||
+ strcasecmp(p, "yes") == 0)
+ allowed = 1;
+ xfree(p);
+ }
+ }
+
+ unset_nonblock(client_fd);
+
+ buffer_init(&m);
+
+ buffer_put_int(&m, allowed);
+ buffer_put_int(&m, getpid());
+ if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+ error("%s: client msg_send failed", __func__);
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+ buffer_clear(&m);
+
+ if (!allowed) {
+ error("Refused control connection");
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+
+ if (ssh_msg_recv(client_fd, &m) == -1) {
+ error("%s: client msg_recv failed", __func__);
+ close(client_fd);
+ buffer_free(&m);
+ return;
+ }
+
+ if ((ver = buffer_get_char(&m)) != 0) {
+ error("%s: wrong client version %d", __func__, ver);
+ buffer_free(&m);
+ close(client_fd);
+ return;
+ }
+
+ cctx = xmalloc(sizeof(*cctx));
+ memset(cctx, 0, sizeof(*cctx));
+
+ cctx->want_tty = buffer_get_int(&m);
+ cctx->want_subsys = buffer_get_int(&m);
+ cctx->term = buffer_get_string(&m, &len);
+
+ cmd = buffer_get_string(&m, &len);
+ buffer_init(&cctx->cmd);
+ buffer_append(&cctx->cmd, cmd, strlen(cmd));
+
+ env_len = buffer_get_int(&m);
+ env_len = MIN(env_len, 4096);
+ debug3("%s: receiving %d env vars", __func__, env_len);
+ if (env_len != 0) {
+ cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
+ for (i = 0; i < env_len; i++)
+ cctx->env[i] = buffer_get_string(&m, &len);
+ cctx->env[i] = NULL;
+ }
+
+ debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
+ cctx->want_tty, cctx->want_subsys, cmd);
+
+ /* Gather fds from client */
+ new_fd[0] = mm_receive_fd(client_fd);
+ new_fd[1] = mm_receive_fd(client_fd);
+ new_fd[2] = mm_receive_fd(client_fd);
+
+ debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
+ new_fd[0], new_fd[1], new_fd[2]);
+
+ /* Try to pick up ttymodes from client before it goes raw */
+ if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
+ error("%s: tcgetattr: %s", __func__, strerror(errno));
+
+ buffer_clear(&m);
+ if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
+ error("%s: client msg_send failed", __func__);
+ close(client_fd);
+ close(new_fd[0]);
+ close(new_fd[1]);
+ close(new_fd[2]);
+ buffer_free(&m);
+ return;
+ }
+ buffer_free(&m);
+
+ /* enable nonblocking unless tty */
+ if (!isatty(new_fd[0]))
+ set_nonblock(new_fd[0]);
+ if (!isatty(new_fd[1]))
+ set_nonblock(new_fd[1]);
+ if (!isatty(new_fd[2]))
+ set_nonblock(new_fd[2]);
+
+ set_nonblock(client_fd);
+
+ c = channel_new("session", SSH_CHANNEL_OPENING,
+ new_fd[0], new_fd[1], new_fd[2],
+ CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
+ CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
+
+ /* XXX */
+ c->ctl_fd = client_fd;
+
+ debug3("%s: channel_new: %d", __func__, c->self);
+
+ channel_send_open(c->self);
+ channel_register_confirm(c->self, client_extra_session2_setup, cctx);
+}
+
+static void
process_cmdline(void)
{
void (*handler)(int);
char *s, *cmd;
u_short fwd_port, fwd_host_port;
char buf[1024], sfwd_port[6], sfwd_host_port[6];
+ int delete = 0;
int local = 0;
leave_raw_mode();
@@ -516,44 +745,77 @@ process_cmdline(void)
goto out;
while (*s && isspace(*s))
s++;
- if (*s == 0)
+ if (*s == '-')
+ s++; /* Skip cmdline '-', if any */
+ if (*s == '\0')
+ goto out;
+
+ if (*s == 'h' || *s == 'H' || *s == '?') {
+ logit("Commands:");
+ logit(" -Lport:host:hostport Request local forward");
+ logit(" -Rport:host:hostport Request remote forward");
+ logit(" -KRhostport Cancel remote forward");
goto out;
- if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) {
+ }
+
+ if (*s == 'K') {
+ delete = 1;
+ s++;
+ }
+ if (*s != 'L' && *s != 'R') {
logit("Invalid command.");
goto out;
}
- if (s[1] == 'L')
+ if (*s == 'L')
local = 1;
- if (!local && !compat20) {
+ if (local && delete) {
+ logit("Not supported.");
+ goto out;
+ }
+ if ((!local || delete) && !compat20) {
logit("Not supported for SSH protocol version 1.");
goto out;
}
- s += 2;
+
+ s++;
while (*s && isspace(*s))
s++;
- if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
- sfwd_port, buf, sfwd_host_port) != 3 &&
- sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
- sfwd_port, buf, sfwd_host_port) != 3) {
- logit("Bad forwarding specification.");
- goto out;
- }
- if ((fwd_port = a2port(sfwd_port)) == 0 ||
- (fwd_host_port = a2port(sfwd_host_port)) == 0) {
- logit("Bad forwarding port(s).");
- goto out;
- }
- if (local) {
- if (channel_setup_local_fwd_listener(fwd_port, buf,
- fwd_host_port, options.gateway_ports) < 0) {
- logit("Port forwarding failed.");
+ if (delete) {
+ if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) {
+ logit("Bad forwarding specification.");
+ goto out;
+ }
+ if ((fwd_host_port = a2port(sfwd_host_port)) == 0) {
+ logit("Bad forwarding port(s).");
+ goto out;
+ }
+ channel_request_rforward_cancel(fwd_host_port);
+ } else {
+ if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
+ sfwd_port, buf, sfwd_host_port) != 3 &&
+ sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
+ sfwd_port, buf, sfwd_host_port) != 3) {
+ logit("Bad forwarding specification.");
+ goto out;
+ }
+ if ((fwd_port = a2port(sfwd_port)) == 0 ||
+ (fwd_host_port = a2port(sfwd_host_port)) == 0) {
+ logit("Bad forwarding port(s).");
goto out;
}
- } else
- channel_request_remote_forwarding(fwd_port, buf,
- fwd_host_port);
- logit("Forwarding port.");
+ if (local) {
+ if (channel_setup_local_fwd_listener(fwd_port, buf,
+ fwd_host_port, options.gateway_ports) < 0) {
+ logit("Port forwarding failed.");
+ goto out;
+ }
+ } else
+ channel_request_remote_forwarding(fwd_port, buf,
+ fwd_host_port);
+ logit("Forwarding port.");
+ }
+
out:
signal(SIGINT, handler);
enter_raw_mode();
@@ -868,9 +1130,6 @@ simple_escape_filter(Channel *c, char *buf, int len)
static void
client_channel_closed(int id, void *arg)
{
- if (id != session_ident)
- error("client_channel_closed: id %d != session_ident %d",
- id, session_ident);
channel_cancel_cleanup(id);
session_closed = 1;
leave_raw_mode();
@@ -888,7 +1147,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
- int max_fd = 0, max_fd2 = 0, len, rekeying = 0, nalloc = 0;
+ int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
+ u_int nalloc = 0;
char buf[100];
debug("Entering interactive session.");
@@ -904,6 +1164,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
max_fd = MAX(connection_in, connection_out);
+ if (control_fd != -1)
+ max_fd = MAX(max_fd, control_fd);
if (!compat20) {
/* enable nonblocking unless tty */
@@ -1021,6 +1283,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
/* Buffer input from the connection. */
client_process_net_input(readset);
+ /* Accept control connections. */
+ client_process_control(readset);
+
if (quit_pending)
break;
@@ -1352,7 +1617,7 @@ static void
client_input_channel_req(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
- int id, reply, success = 0;
+ int exitval, id, reply, success = 0;
char *rtype;
id = packet_get_int();
@@ -1362,24 +1627,28 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
debug("client_input_channel_req: channel %d rtype %s reply %d",
id, rtype, reply);
- if (session_ident == -1) {
- error("client_input_channel_req: no channel %d", session_ident);
- } else if (id != session_ident) {
- error("client_input_channel_req: channel %d: wrong channel: %d",
- session_ident, id);
- }
- c = channel_lookup(id);
- if (c == NULL) {
+ if (id == -1) {
+ error("client_input_channel_req: request for channel -1");
+ } else if ((c = channel_lookup(id)) == NULL) {
error("client_input_channel_req: channel %d: unknown channel", id);
} else if (strcmp(rtype, "exit-status") == 0) {
- success = 1;
- exit_status = packet_get_int();
+ exitval = packet_get_int();
+ if (id == session_ident) {
+ success = 1;
+ exit_status = exitval;
+ } else if (c->ctl_fd == -1) {
+ error("client_input_channel_req: unexpected channel %d",
+ session_ident);
+ } else {
+ atomicio(vwrite, c->ctl_fd, &exitval, sizeof(exitval));
+ success = 1;
+ }
packet_check_eom();
}
if (reply) {
packet_start(success ?
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
- packet_put_int(c->remote_id);
+ packet_put_int(id);
packet_send();
}
xfree(rtype);
@@ -1404,6 +1673,97 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
xfree(rtype);
}
+void
+client_session2_setup(int id, int want_tty, int want_subsystem,
+ const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env,
+ dispatch_fn *subsys_repl)
+{
+ int len;
+
+ debug2("%s: id %d", __func__, id);
+
+ if (want_tty) {
+ struct winsize ws;
+ struct termios tio;
+
+ /* Store window size in the packet. */
+ if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
+ memset(&ws, 0, sizeof(ws));
+
+ channel_request_start(id, "pty-req", 0);
+ packet_put_cstring(term != NULL ? term : "");
+ packet_put_int(ws.ws_col);
+ packet_put_int(ws.ws_row);
+ packet_put_int(ws.ws_xpixel);
+ packet_put_int(ws.ws_ypixel);
+ tio = get_saved_tio();
+ tty_make_modes(-1, tiop != NULL ? tiop : &tio);
+ packet_send();
+ /* XXX wait for reply */
+ }
+
+ /* Transfer any environment variables from client to server */
+ if (options.num_send_env != 0 && env != NULL) {
+ int i, j, matched;
+ char *name, *val;
+
+ debug("Sending environment.");
+ for (i = 0; env[i] != NULL; i++) {
+ /* Split */
+ name = xstrdup(env[i]);
+ if ((val = strchr(name, '=')) == NULL) {
+ free(name);
+ continue;
+ }
+ *val++ = '\0';
+
+ matched = 0;
+ for (j = 0; j < options.num_send_env; j++) {
+ if (match_pattern(name, options.send_env[j])) {
+ matched = 1;
+ break;
+ }
+ }
+ if (!matched) {
+ debug3("Ignored env %s", name);
+ free(name);
+ continue;
+ }
+
+ debug("Sending env %s = %s", name, val);
+ channel_request_start(id, "env", 0);
+ packet_put_cstring(name);
+ packet_put_cstring(val);
+ packet_send();
+ free(name);
+ }
+ }
+
+ len = buffer_len(cmd);
+ if (len > 0) {
+ if (len > 900)
+ len = 900;
+ if (want_subsystem) {
+ debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "subsystem", subsys_repl != NULL);
+ if (subsys_repl != NULL) {
+ /* register callback for reply */
+ /* XXX we assume that client_loop has already been called */
+ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, subsys_repl);
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, subsys_repl);
+ }
+ } else {
+ debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "exec", 0);
+ }
+ packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
+ packet_send();
+ } else {
+ channel_request_start(id, "shell", 0);
+ packet_send();
+ }
+}
+
static void
client_init_dispatch_20(void)
{
@@ -1470,5 +1830,7 @@ cleanup_exit(int i)
{
leave_raw_mode();
leave_non_blocking();
+ if (options.control_path != NULL && control_fd != -1)
+ unlink(options.control_path);
_exit(i);
}
diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h
index 56af06b..9992d59 100644
--- a/crypto/openssh/clientloop.h
+++ b/crypto/openssh/clientloop.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $ */
+/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,3 +38,5 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
void client_global_request_reply_fwd(int, u_int32_t, void *);
+void client_session2_setup(int, int, int, const char *, struct termios *,
+ int, Buffer *, char **, dispatch_fn *);
diff --git a/crypto/openssh/config.guess b/crypto/openssh/config.guess
index 3fe4d4f..500ee74 100755
--- a/crypto/openssh/config.guess
+++ b/crypto/openssh/config.guess
@@ -1,9 +1,9 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-timestamp='2002-07-23'
+timestamp='2003-10-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -98,30 +98,32 @@ trap 'exit 1' 1 2 15
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
-# This shell variable is my proudest work .. or something. --bje
+# Portable tmp directory creation inspired by the Autoconf team.
-set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
-(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
- || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
-dummy=$tmpdir/dummy ;
-files="$dummy.c $dummy.o $dummy.rel $dummy" ;
-trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
- if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
- rm -f $files ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ;
-unset files'
+esac ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
@@ -174,11 +176,22 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
fi
;;
*)
- os=netbsd
+ os=netbsd
;;
esac
# The OS release
- release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
@@ -227,68 +240,52 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
if test $UNAME_RELEASE = "V4.0"; then
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
fi
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- eval $set_cc_for_build
- cat <<EOF >$dummy.s
- .data
-\$Lformat:
- .byte 37,100,45,37,120,10,0 # "%d-%x\n"
-
- .text
- .globl main
- .align 4
- .ent main
-main:
- .frame \$30,16,\$26,0
- ldgp \$29,0(\$27)
- .prologue 1
- .long 0x47e03d80 # implver \$0
- lda \$2,-1
- .long 0x47e20c21 # amask \$2,\$1
- lda \$16,\$Lformat
- mov \$0,\$17
- not \$1,\$18
- jsr \$26,printf
- ldgp \$29,0(\$26)
- mov 0,\$16
- jsr \$26,exit
- .end main
-EOF
- $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
- if test "$?" = 0 ; then
- case `$dummy` in
- 0-0)
- UNAME_MACHINE="alpha"
- ;;
- 1-0)
- UNAME_MACHINE="alphaev5"
- ;;
- 1-1)
- UNAME_MACHINE="alphaev56"
- ;;
- 1-101)
- UNAME_MACHINE="alphapca56"
- ;;
- 2-303)
- UNAME_MACHINE="alphaev6"
- ;;
- 2-307)
- UNAME_MACHINE="alphaev67"
- ;;
- 2-1307)
- UNAME_MACHINE="alphaev68"
- ;;
- 3-1307)
- UNAME_MACHINE="alphaev7"
- ;;
- esac
- fi
- rm -f $dummy.s $dummy && rmdir $tmpdir
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit 0 ;;
+ Alpha*:OpenVMS:*:*)
+ echo alpha-hp-vms
+ exit 0 ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@@ -327,6 +324,9 @@ EOF
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit 0 ;;
DRS?6000:UNIX_SV:4.2*:7*)
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7 && exit 0 ;;
@@ -382,23 +382,23 @@ EOF
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
@@ -437,16 +437,18 @@ EOF
exit (-1);
}
EOF
- $CC_FOR_BUILD $dummy.c -o $dummy \
+ $CC_FOR_BUILD -o $dummy $dummy.c \
&& $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
- && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ && exit 0
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
exit 0 ;;
- Night_Hawk:*:*:PowerMAX_OS)
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit 0 ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
@@ -462,8 +464,8 @@ EOF
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@@ -476,7 +478,7 @@ EOF
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
@@ -521,8 +523,7 @@ EOF
exit(0);
}
EOF
- $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
@@ -573,58 +574,68 @@ EOF
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
+ esac ;;
+ esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
EOF
- (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy`
- if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ # avoid double evaluation of $set_cc_for_build
+ test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
ia64:HP-UX:*:*)
@@ -658,8 +669,7 @@ EOF
exit (0);
}
EOF
- $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
- rm -f $dummy.c $dummy && rmdir $tmpdir
+ $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -689,22 +699,22 @@ EOF
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit 0 ;;
+ exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit 0 ;;
+ exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit 0 ;;
+ exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit 0 ;;
+ exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
@@ -717,9 +727,6 @@ EOF
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
- CRAY*T3D:*:*:*)
- echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
@@ -727,14 +734,14 @@ EOF
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
*:UNICOS/mp:*:*)
- echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/'
+ echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit 0 ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
@@ -744,7 +751,7 @@ EOF
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
- *:FreeBSD:*:*)
+ *:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
# Determine whether the default compiler uses glibc.
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -756,8 +763,10 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- rm -f $dummy.c && rmdir $tmpdir
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
+ # GNU/FreeBSD systems have a "k" prefix to indicate we are using
+ # FreeBSD's kernel, but not the complete OS.
+ case ${LIBC} in gnu) kernel_only='k' ;; esac
+ echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
exit 0 ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
@@ -768,14 +777,17 @@ EOF
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit 0 ;;
- x86:Interix*:3*)
- echo i386-pc-interix3
+ x86:Interix*:[34]*)
+ echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+ exit 0 ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
exit 0 ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
- echo i386-pc-interix
+ echo i586-pc-interix
exit 0 ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
@@ -795,6 +807,9 @@ EOF
arm*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit 0 ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
@@ -818,8 +833,26 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- rm -f $dummy.c && rmdir $tmpdir
- test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
+ test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips64
+ #undef mips64el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mips64el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips64
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+ test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
@@ -836,7 +869,7 @@ EOF
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
+ esac
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
@@ -855,6 +888,9 @@ EOF
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit 0 ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit 0 ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
@@ -875,7 +911,7 @@ EOF
s/.*supported targets: *//
s/ .*//
p'`
- case "$ld_supported_targets" in
+ case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
@@ -912,9 +948,11 @@ EOF
LIBC=gnuaout
#endif
#endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- rm -f $dummy.c && rmdir $tmpdir
test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
;;
@@ -925,13 +963,30 @@ EOF
echo i386-sequent-sysv4
exit 0 ;;
i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
+ # Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit 0 ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit 0 ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit 0 ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit 0 ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit 0 ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@@ -966,15 +1021,12 @@ EOF
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
- i*86:*DOS:*:*)
- echo ${UNAME_MACHINE}-pc-msdosdjgpp
- exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
- exit 0 ;;
+ exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
@@ -992,9 +1044,15 @@ EOF
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit 0 ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
- 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
+ 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
@@ -1003,17 +1061,14 @@ EOF
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4 && exit 0 ;;
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
- echo i386-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
@@ -1041,9 +1096,9 @@ EOF
fi
exit 0 ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit 0 ;;
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
@@ -1065,11 +1120,11 @@ EOF
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv${UNAME_RELEASE}
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
@@ -1085,6 +1140,9 @@ EOF
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit 0 ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit 0 ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
@@ -1092,7 +1150,11 @@ EOF
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Darwin:*:*)
- echo `uname -p`-apple-darwin${UNAME_RELEASE}
+ case `uname -p` in
+ *86) UNAME_PROCESSOR=i686 ;;
+ powerpc) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit 0 ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
@@ -1105,7 +1167,7 @@ EOF
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
- NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)
+ NSR-[DGKLNPTVWY]:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
*:NonStop-UX:*:*)
@@ -1128,11 +1190,6 @@ EOF
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit 0 ;;
- i*86:OS/2:*:*)
- # If we were able to find `uname', then EMX Unix compatibility
- # is probably installed.
- echo ${UNAME_MACHINE}-pc-os2-emx
- exit 0 ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
exit 0 ;;
@@ -1151,11 +1208,8 @@ EOF
*:ITS:*:*)
echo pdp10-unknown-its
exit 0 ;;
- i*86:XTS-300:*:STOP)
- echo ${UNAME_MACHINE}-unknown-stop
- exit 0 ;;
- i*86:atheos:*:*)
- echo ${UNAME_MACHINE}-unknown-atheos
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
exit 0 ;;
esac
@@ -1179,11 +1233,11 @@ main ()
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
- "4"
+ "4"
#else
""
#endif
- ); exit (0);
+ ); exit (0);
#endif
#endif
@@ -1277,8 +1331,7 @@ main ()
}
EOF
-$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
-rm -f $dummy.c $dummy && rmdir $tmpdir
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
# Apollos put the system type in the environment.
diff --git a/crypto/openssh/config.sub b/crypto/openssh/config.sub
index 75a74f7..1f31816 100755
--- a/crypto/openssh/config.sub
+++ b/crypto/openssh/config.sub
@@ -1,9 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-timestamp='2002-07-03'
+timestamp='2003-08-18'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -118,7 +118,7 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*)
+ nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@@ -162,10 +162,10 @@ case $os in
os=-chorusos
basic_machine=$1
;;
- -chorusrdb)
- os=-chorusrdb
+ -chorusrdb)
+ os=-chorusrdb
basic_machine=$1
- ;;
+ ;;
-hiux*)
os=-hiuxwe2
;;
@@ -228,36 +228,42 @@ case $basic_machine in
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
- | ip2k \
+ | ip2k | iq2000 \
| m32r | m68000 | m68k | m88k | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
+ | mips64vr | mips64vrel \
| mips64orion | mips64orionel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
| mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
| mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | msp430 \
| ns16k | ns32k \
| openrisc | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
| strongarm \
- | tahoe | thumb | tic80 | tron \
+ | tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| we32k \
| x86 | xscale | xstormy16 | xtensa \
@@ -292,7 +298,7 @@ case $basic_machine in
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
| bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c54x-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
@@ -300,32 +306,39 @@ case $basic_machine in
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
- | ip2k-* \
+ | ip2k-* | iq2000-* \
| m32r-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
| mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipstx39 | mipstx39el \
- | none-* | np1-* | ns16k-* | ns32k-* | nv1-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | msp430-* \
+ | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
+ | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
@@ -363,6 +376,9 @@ case $basic_machine in
basic_machine=a29k-none
os=-bsd
;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
amdahl)
basic_machine=580-amdahl
os=-sysv
@@ -712,11 +728,12 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
nv1)
basic_machine=nv1-cray
+ os=-unicosmp
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
@@ -754,21 +771,27 @@ case $basic_machine in
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
- pentiumpro | p6 | 6x86 | athlon)
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
basic_machine=i686-pc
;;
- pentiumii | pentium2)
+ pentiumii | pentium2 | pentiumiii | pentium3)
basic_machine=i686-pc
;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
- pentiumii-* | pentium2-*)
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
pn)
basic_machine=pn-gould
;;
@@ -821,6 +844,16 @@ case $basic_machine in
basic_machine=a29k-amd
os=-udi
;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
sequent)
basic_machine=i386-sequent
;;
@@ -828,6 +861,9 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
sparclite-wrs | simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
@@ -890,18 +926,10 @@ case $basic_machine in
basic_machine=sv1-cray
os=-unicos
;;
- sx*-nec)
- basic_machine=sx6-nec
- os=-sysv
- ;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
- t3d)
- basic_machine=alpha-cray
- os=-unicos
- ;;
t3e)
basic_machine=alphaev5-cray
os=-unicos
@@ -914,6 +942,14 @@ case $basic_machine in
basic_machine=tic54x-unknown
os=-coff
;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
tx39)
basic_machine=mipstx39-unknown
;;
@@ -948,8 +984,8 @@ case $basic_machine in
os=-vms
;;
vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
- ;;
+ basic_machine=f301-fujitsu
+ ;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
@@ -970,10 +1006,6 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
- windows32)
- basic_machine=i386-pc
- os=-windows32-msvcrt
- ;;
xps | xps100)
basic_machine=xps100-honeywell
;;
@@ -1020,7 +1052,7 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
+ sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sh64)
@@ -1044,10 +1076,6 @@ case $basic_machine in
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
- c4x*)
- basic_machine=c4x-none
- os=-coff
- ;;
*-unknown)
# Make sure to match an already-canonicalized machine name.
;;
@@ -1074,8 +1102,8 @@ esac
if [ x"$os" != x"" ]
then
case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
+ # First match some system type aliases
+ # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
@@ -1103,18 +1131,19 @@ case $os in
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
- | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*)
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1126,8 +1155,10 @@ case $os in
;;
esac
;;
+ -nto-qnx*)
+ ;;
-nto*)
- os=-nto-qnx
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
@@ -1136,6 +1167,9 @@ case $os in
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
@@ -1221,6 +1255,12 @@ case $os in
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
-none)
;;
*)
@@ -1252,6 +1292,9 @@ case $basic_machine in
arm*-semi)
os=-aout
;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h
index 9b72afe..8c1d9c4 100644
--- a/crypto/openssh/defines.h
+++ b/crypto/openssh/defines.h
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.115 2004/04/14 07:24:30 dtucker Exp $ */
+/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */
/* Constants */
@@ -424,6 +424,10 @@ struct winsize {
# define __attribute__(x)
#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
+#ifndef __dead
+# define __dead __attribute__((noreturn))
+#endif
+
/* *-*-nto-qnx doesn't define this macro in the system headers */
#ifdef MISSING_HOWMANY
# define howmany(x,y) (((x)+((y)-1))/(y))
@@ -462,6 +466,9 @@ struct winsize {
(struct cmsghdr *)NULL)
#endif /* CMSG_FIRSTHDR */
+#ifndef offsetof
+# define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
/* Function replacement / compatibility hacks */
diff --git a/crypto/openssh/dh.c b/crypto/openssh/dh.c
index afd1e05..044d869 100644
--- a/crypto/openssh/dh.c
+++ b/crypto/openssh/dh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
+RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
#include "xmalloc.h"
@@ -115,8 +115,9 @@ choose_dh(int min, int wantbits, int max)
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
- logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
- return (dh_new_group1());
+ logit("WARNING: %s does not exist, using fixed modulus",
+ _PATH_DH_MODULI);
+ return (dh_new_group14());
}
linenum = 0;
@@ -144,7 +145,7 @@ choose_dh(int min, int wantbits, int max)
if (bestcount == 0) {
fclose(f);
logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
- return (NULL);
+ return (dh_new_group14());
}
linenum = 0;
@@ -169,7 +170,7 @@ choose_dh(int min, int wantbits, int max)
return (dh_new_group(dhg.g, dhg.p));
}
-/* diffie-hellman-group1-sha1 */
+/* diffie-hellman-groupN-sha1 */
int
dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
@@ -272,6 +273,25 @@ dh_new_group1(void)
return (dh_new_group_asc(gen, group1));
}
+DH *
+dh_new_group14(void)
+{
+ static char *gen = "2", *group14 =
+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
+ "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
+ "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
+ "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
+ "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
+ "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
+ "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF";
+
+ return (dh_new_group_asc(gen, group14));
+}
+
/*
* Estimates the group order for a Diffie-Hellman group that has an
* attack complexity approximately the same as O(2**bits). Estimate
diff --git a/crypto/openssh/dh.h b/crypto/openssh/dh.h
index a0c97b2..723dd08 100644
--- a/crypto/openssh/dh.h
+++ b/crypto/openssh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
+/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -36,6 +36,7 @@ DH *choose_dh(int, int, int);
DH *dh_new_group_asc(const char *, const char *);
DH *dh_new_group(BIGNUM *, BIGNUM *);
DH *dh_new_group1(void);
+DH *dh_new_group14(void);
void dh_gen_key(DH *, int);
int dh_pub_is_valid(DH *, BIGNUM *);
diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c
index ad634f1..140ab60 100644
--- a/crypto/openssh/dns.c
+++ b/crypto/openssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@@ -56,9 +56,9 @@ static const char *errset_text[] = {
};
static const char *
-dns_result_totext(unsigned int error)
+dns_result_totext(unsigned int res)
{
- switch (error) {
+ switch (res) {
case ERRSET_SUCCESS:
return errset_text[ERRSET_SUCCESS];
case ERRSET_NOMEMORY:
diff --git a/crypto/openssh/envpass.sh b/crypto/openssh/envpass.sh
new file mode 100644
index 0000000..67044d4
--- /dev/null
+++ b/crypto/openssh/envpass.sh
@@ -0,0 +1,44 @@
+# $OpenBSD: envpass.sh,v 1.1 2004/04/27 09:47:30 djm Exp $
+# Placed in the Public Domain.
+
+tid="environment passing"
+
+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
+
+trace "pass env, don't accept"
+verbose "test $tid: pass env, don't accept"
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
+ '[ -z "$_TEST_ENV" ]'
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "don't pass env, accept"
+verbose "test $tid: don't pass env, accept"
+${SSH} -F $OBJ/ssh_proxy otherhost \
+ '[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]'
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "pass single env, accept single env"
+verbose "test $tid: pass single env, accept single env"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
+ '[ "x$_XXX_TEST" = "xblah" ]'
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
+
+trace "pass multiple env, accept multiple env"
+verbose "test $tid: pass multiple env, accept multiple env"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
+ -F $OBJ/ssh_proxy otherhost \
+ '[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]'
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
+
diff --git a/crypto/openssh/gss-serv-krb5.c b/crypto/openssh/gss-serv-krb5.c
index 4e3598e..91d87f7 100644
--- a/crypto/openssh/gss-serv-krb5.c
+++ b/crypto/openssh/gss-serv-krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */
+/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -53,7 +53,7 @@ static krb5_context krb_context = NULL;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
static int
-ssh_gssapi_krb5_init()
+ssh_gssapi_krb5_init(void)
{
krb5_error_code problem;
@@ -134,11 +134,15 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
{
int tmpfd;
char ccname[40];
+ mode_t old_umask;
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
- if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+ old_umask = umask(0177);
+ tmpfd = mkstemp(ccname + strlen("FILE:"));
+ umask(old_umask);
+ if (tmpfd == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
return;
diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c
index 5a952c9..a668346 100644
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
#include <openssl/crypto.h>
@@ -148,7 +148,7 @@ kex_finish(Kex *kex)
void
kex_send_kexinit(Kex *kex)
{
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
u_char *cookie;
int i;
@@ -168,9 +168,9 @@ kex_send_kexinit(Kex *kex)
cookie = buffer_ptr(&kex->my);
for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cookie[i] = rand;
- rand >>= 8;
+ rnd = arc4random();
+ cookie[i] = rnd;
+ rnd >>= 8;
}
packet_start(SSH2_MSG_KEXINIT);
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
@@ -293,6 +293,8 @@ choose_kex(Kex *k, char *client, char *server)
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
+ } else if (strcmp(k->name, KEX_DH14) == 0) {
+ k->kex_type = KEX_DH_GRP14_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
} else
@@ -479,6 +481,39 @@ kex_get_newkeys(int mode)
return ret;
}
+void
+derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
+ u_int8_t cookie[8], u_int8_t id[16])
+{
+ const EVP_MD *evp_md = EVP_md5();
+ EVP_MD_CTX md;
+ u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
+ int len;
+
+ EVP_DigestInit(&md, evp_md);
+
+ len = BN_num_bytes(host_modulus);
+ if (len < (512 / 8) || len > sizeof(nbuf))
+ fatal("%s: bad host modulus (len %d)", __func__, len);
+ BN_bn2bin(host_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ len = BN_num_bytes(server_modulus);
+ if (len < (512 / 8) || len > sizeof(nbuf))
+ fatal("%s: bad server modulus (len %d)", __func__, len);
+ BN_bn2bin(server_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ EVP_DigestUpdate(&md, cookie, 8);
+
+ EVP_DigestFinal(&md, obuf, NULL);
+ memcpy(id, obuf, 16);
+
+ memset(nbuf, 0, sizeof(nbuf));
+ memset(obuf, 0, sizeof(obuf));
+ memset(&md, 0, sizeof(md));
+}
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void
dump_digest(char *msg, u_char *digest, int len)
diff --git a/crypto/openssh/kex.h b/crypto/openssh/kex.h
index 52d442e..d9e9d65 100644
--- a/crypto/openssh/kex.h
+++ b/crypto/openssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -32,6 +32,7 @@
#include "key.h"
#define KEX_DH1 "diffie-hellman-group1-sha1"
+#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
enum kex_init_proposals {
@@ -56,6 +57,7 @@ enum kex_modes {
enum kex_exchange {
KEX_DH_GRP1_SHA1,
+ KEX_DH_GRP14_SHA1,
KEX_DH_GEX_SHA1,
KEX_MAX
};
@@ -137,6 +139,9 @@ u_char *
kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
+void
+derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);
#endif
diff --git a/crypto/openssh/kexdhc.c b/crypto/openssh/kexdhc.c
index fe6dc53..f48bd46 100644
--- a/crypto/openssh/kexdhc.c
+++ b/crypto/openssh/kexdhc.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@@ -44,7 +44,16 @@ kexdh_client(Kex *kex)
u_int klen, kout, slen, sbloblen;
/* generate and send 'e', client DH public key */
- dh = dh_new_group1();
+ switch (kex->kex_type) {
+ case KEX_DH_GRP1_SHA1:
+ dh = dh_new_group1();
+ break;
+ case KEX_DH_GRP14_SHA1:
+ dh = dh_new_group14();
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
dh_gen_key(dh, kex->we_need * 8);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);
diff --git a/crypto/openssh/kexdhs.c b/crypto/openssh/kexdhs.c
index f04bce8..225e655 100644
--- a/crypto/openssh/kexdhs.c
+++ b/crypto/openssh/kexdhs.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@@ -45,7 +45,16 @@ kexdh_server(Kex *kex)
u_int slen;
/* generate server DH public key */
- dh = dh_new_group1();
+ switch (kex->kex_type) {
+ case KEX_DH_GRP1_SHA1:
+ dh = dh_new_group1();
+ break;
+ case KEX_DH_GRP14_SHA1:
+ dh = dh_new_group14();
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c
index 0c4d512..5d8625d 100644
--- a/crypto/openssh/log.c
+++ b/crypto/openssh/log.c
@@ -51,6 +51,9 @@ static char *argv0;
extern char *__progname;
+#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL)
+#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL)
+
/* textual representation of log-facilities/levels */
static struct {
@@ -316,7 +319,8 @@ do_log(LogLevel level, const char *fmt, va_list args)
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
- strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_SAFE|VIS_OCTAL);
+ strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
+ log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
if (log_on_stderr) {
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
diff --git a/crypto/openssh/logintest.c b/crypto/openssh/logintest.c
index 3f3997d..95cce5a 100644
--- a/crypto/openssh/logintest.c
+++ b/crypto/openssh/logintest.c
@@ -43,13 +43,9 @@
#include "loginrec.h"
-RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $");
+RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $");
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
#define PAUSE_BEFORE_LOGOUT 3
diff --git a/crypto/openssh/mdoc2man.awk b/crypto/openssh/mdoc2man.awk
index 9135af0..4e72cdc 100644
--- a/crypto/openssh/mdoc2man.awk
+++ b/crypto/openssh/mdoc2man.awk
@@ -32,6 +32,7 @@ BEGIN {
extopt=0
literal=0
prenl=0
+ breakw=0
line=""
}
@@ -298,6 +299,13 @@ function add(str) {
w=nwords
} else if(match(words[w],"^El$")) {
optlist=oldoptlist
+ } else if(match(words[w],"^Bk$")) {
+ if(match(words[w+1],"-words")) {
+ w++
+ breakw=1
+ }
+ } else if(match(words[w],"^Ek$")) {
+ breakw=0
} else if(match(words[w],"^It$")&&optlist) {
if(optlist==1)
add(".IP \\(bu")
@@ -306,7 +314,7 @@ function add(str) {
else if(optlist==3) {
add(".TP")
prenl++
- if(match(words[w+1],"^Pa|Ev$")) {
+ if(match(words[w+1],"^Pa$|^Ev$")) {
add(".B")
w++
}
diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c
index 1f32035..8cb411c 100644
--- a/crypto/openssh/misc.c
+++ b/crypto/openssh/misc.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.23 2003/10/28 09:08:06 markus Exp $");
+RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");
#include "misc.h"
#include "log.h"
@@ -46,7 +46,7 @@ chop(char *s)
}
/* set/unset filedescriptor to non-blocking */
-void
+int
set_nonblock(int fd)
{
int val;
@@ -54,20 +54,23 @@ set_nonblock(int fd)
val = fcntl(fd, F_GETFL, 0);
if (val < 0) {
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
- return;
+ return (-1);
}
if (val & O_NONBLOCK) {
- debug2("fd %d is O_NONBLOCK", fd);
- return;
+ debug3("fd %d is O_NONBLOCK", fd);
+ return (0);
}
debug2("fd %d setting O_NONBLOCK", fd);
val |= O_NONBLOCK;
- if (fcntl(fd, F_SETFL, val) == -1)
- debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
- fd, strerror(errno));
+ if (fcntl(fd, F_SETFL, val) == -1) {
+ debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
+ strerror(errno));
+ return (-1);
+ }
+ return (0);
}
-void
+int
unset_nonblock(int fd)
{
int val;
@@ -75,17 +78,20 @@ unset_nonblock(int fd)
val = fcntl(fd, F_GETFL, 0);
if (val < 0) {
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
- return;
+ return (-1);
}
if (!(val & O_NONBLOCK)) {
- debug2("fd %d is not O_NONBLOCK", fd);
- return;
+ debug3("fd %d is not O_NONBLOCK", fd);
+ return (0);
}
debug("fd %d clearing O_NONBLOCK", fd);
val &= ~O_NONBLOCK;
- if (fcntl(fd, F_SETFL, val) == -1)
- debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
+ if (fcntl(fd, F_SETFL, val) == -1) {
+ debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
fd, strerror(errno));
+ return (-1);
+ }
+ return (0);
}
/* disable nagle on socket */
@@ -308,7 +314,7 @@ addargs(arglist *args, char *fmt, ...)
{
va_list ap;
char buf[1024];
- int nalloc;
+ u_int nalloc;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
diff --git a/crypto/openssh/misc.h b/crypto/openssh/misc.h
index 6d2869b..ec47a61 100644
--- a/crypto/openssh/misc.h
+++ b/crypto/openssh/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.12 2002/03/19 10:49:35 markus Exp $ */
+/* $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,10 +12,12 @@
* called by a name other than "ssh" or "Secure Shell".
*/
+/* misc.c */
+
char *chop(char *);
char *strdelim(char **);
-void set_nonblock(int);
-void unset_nonblock(int);
+int set_nonblock(int);
+int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
char *cleanhostname(char *);
@@ -27,7 +29,20 @@ struct passwd *pwcopy(struct passwd *);
typedef struct arglist arglist;
struct arglist {
char **list;
- int num;
- int nalloc;
+ u_int num;
+ u_int nalloc;
};
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
+
+/* tildexpand.c */
+
+char *tilde_expand_filename(const char *, uid_t);
+
+/* readpass.c */
+
+#define RP_ECHO 0x0001
+#define RP_ALLOW_STDIN 0x0002
+#define RP_ALLOW_EOF 0x0004
+#define RP_USE_ASKPASS 0x0008
+
+char *read_passphrase(const char *, int);
diff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c
index a09073a..581b035 100644
--- a/crypto/openssh/moduli.c
+++ b/crypto/openssh/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -38,7 +38,6 @@
*/
#include "includes.h"
-#include "moduli.h"
#include "xmalloc.h"
#include "log.h"
@@ -49,55 +48,68 @@
*/
/* need line long enough for largest moduli plus headers */
-#define QLINESIZE (100+8192)
+#define QLINESIZE (100+8192)
/* Type: decimal.
* Specifies the internal structure of the prime modulus.
*/
-#define QTYPE_UNKNOWN (0)
-#define QTYPE_UNSTRUCTURED (1)
-#define QTYPE_SAFE (2)
-#define QTYPE_SCHNOOR (3)
-#define QTYPE_SOPHIE_GERMAINE (4)
-#define QTYPE_STRONG (5)
+#define QTYPE_UNKNOWN (0)
+#define QTYPE_UNSTRUCTURED (1)
+#define QTYPE_SAFE (2)
+#define QTYPE_SCHNOOR (3)
+#define QTYPE_SOPHIE_GERMAIN (4)
+#define QTYPE_STRONG (5)
/* Tests: decimal (bit field).
* Specifies the methods used in checking for primality.
* Usually, more than one test is used.
*/
-#define QTEST_UNTESTED (0x00)
-#define QTEST_COMPOSITE (0x01)
-#define QTEST_SIEVE (0x02)
-#define QTEST_MILLER_RABIN (0x04)
-#define QTEST_JACOBI (0x08)
-#define QTEST_ELLIPTIC (0x10)
+#define QTEST_UNTESTED (0x00)
+#define QTEST_COMPOSITE (0x01)
+#define QTEST_SIEVE (0x02)
+#define QTEST_MILLER_RABIN (0x04)
+#define QTEST_JACOBI (0x08)
+#define QTEST_ELLIPTIC (0x10)
/*
* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
* WARNING: internally, usually 1 to N.
*/
-#define QSIZE_MINIMUM (511)
+#define QSIZE_MINIMUM (511)
/*
* Prime sieving defines
*/
/* Constant: assuming 8 bit bytes and 32 bit words */
-#define SHIFT_BIT (3)
-#define SHIFT_BYTE (2)
-#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
-#define SHIFT_MEGABYTE (20)
-#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
+#define SHIFT_BIT (3)
+#define SHIFT_BYTE (2)
+#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
+#define SHIFT_MEGABYTE (20)
+#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
+
+/*
+ * Using virtual memory can cause thrashing. This should be the largest
+ * number that is supported without a large amount of disk activity --
+ * that would increase the run time from hours to days or weeks!
+ */
+#define LARGE_MINIMUM (8UL) /* megabytes */
+
+/*
+ * Do not increase this number beyond the unsigned integer bit size.
+ * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
+ */
+#define LARGE_MAXIMUM (127UL) /* megabytes */
/*
* Constant: when used with 32-bit integers, the largest sieve prime
* has to be less than 2**32.
*/
-#define SMALL_MAXIMUM (0xffffffffUL)
+#define SMALL_MAXIMUM (0xffffffffUL)
/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */
-#define TINY_NUMBER (1UL<<16)
+#define TINY_NUMBER (1UL<<16)
/* Ensure enough bit space for testing 2*q. */
#define TEST_MAXIMUM (1UL<<16)
@@ -114,6 +126,9 @@
* Prime testing defines
*/
+/* Minimum number of primality tests to perform */
+#define TRIAL_MINIMUM (4)
+
/*
* Sieving data (XXX - move to struct)
*/
@@ -129,6 +144,8 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase;
+int gen_candidates(FILE *, int, int, BIGNUM *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
/*
* print moduli out in consistent form,
@@ -219,7 +236,7 @@ sieve_large(u_int32_t s)
}
/*
- * list candidates for Sophie-Germaine primes (where q = (p-1)/2)
+ * list candidates for Sophie-Germain primes (where q = (p-1)/2)
* to standard output.
* The list is checked against small known primes (less than 2**30).
*/
@@ -235,6 +252,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
largememory = memory;
+ if (memory != 0 &&
+ (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
+ error("Invalid memory amount (min %ld, max %ld)",
+ LARGE_MINIMUM, LARGE_MAXIMUM);
+ return (-1);
+ }
+
/*
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
@@ -403,7 +427,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
debug2("test q = largebase+%u", 2 * j);
BN_set_word(q, 2 * j);
BN_add(q, q, largebase);
- if (qfileout(out, QTYPE_SOPHIE_GERMAINE, QTEST_SIEVE,
+ if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
largetries, (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
break;
@@ -430,8 +454,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
* The result is a list of so-call "safe" primes
*/
int
-prime_test(FILE *in, FILE *out, u_int32_t trials,
- u_int32_t generator_wanted)
+prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
{
BIGNUM *q, *p, *a;
BN_CTX *ctx;
@@ -441,6 +464,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
time_t time_start, time_stop;
int res;
+ if (trials < TRIAL_MINIMUM) {
+ error("Minimum primality trials is %d", TRIAL_MINIMUM);
+ return (-1);
+ }
+
time(&time_start);
p = BN_new();
@@ -490,8 +518,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
/* modulus (hex) */
switch (in_type) {
- case QTYPE_SOPHIE_GERMAINE:
- debug2("%10u: (%u) Sophie-Germaine", count_in, in_type);
+ case QTYPE_SOPHIE_GERMAIN:
+ debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
a = q;
BN_hex2bn(&a, cp);
/* p = 2*q + 1 */
diff --git a/crypto/openssh/monitor_fdpass.c b/crypto/openssh/monitor_fdpass.c
index 22b7882..dd1a139 100644
--- a/crypto/openssh/monitor_fdpass.c
+++ b/crypto/openssh/monitor_fdpass.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $");
+RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $");
#include <sys/uio.h>
@@ -32,7 +32,7 @@ RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $");
#include "monitor_fdpass.h"
void
-mm_send_fd(int socket, int fd)
+mm_send_fd(int sock, int fd)
{
#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
struct msghdr msg;
@@ -63,7 +63,7 @@ mm_send_fd(int socket, int fd)
msg.msg_iov = &vec;
msg.msg_iovlen = 1;
- if ((n = sendmsg(socket, &msg, 0)) == -1)
+ if ((n = sendmsg(sock, &msg, 0)) == -1)
fatal("%s: sendmsg(%d): %s", __func__, fd,
strerror(errno));
if (n != 1)
@@ -76,7 +76,7 @@ mm_send_fd(int socket, int fd)
}
int
-mm_receive_fd(int socket)
+mm_receive_fd(int sock)
{
#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
struct msghdr msg;
@@ -102,7 +102,7 @@ mm_receive_fd(int socket)
msg.msg_controllen = sizeof(tmp);
#endif
- if ((n = recvmsg(socket, &msg, 0)) == -1)
+ if ((n = recvmsg(sock, &msg, 0)) == -1)
fatal("%s: recvmsg: %s", __func__, strerror(errno));
if (n != 1)
fatal("%s: recvmsg: expected received 1 got %ld",
@@ -113,6 +113,8 @@ mm_receive_fd(int socket)
fatal("%s: no fd", __func__);
#else
cmsg = CMSG_FIRSTHDR(&msg);
+ if (cmsg == NULL)
+ fatal("%s: no message header", __func__);
#ifndef BROKEN_CMSG_TYPE
if (cmsg->cmsg_type != SCM_RIGHTS)
fatal("%s: expected type %d got %d", __func__,
diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c
index e57c87c..ff523a5 100644
--- a/crypto/openssh/monitor_mm.c
+++ b/crypto/openssh/monitor_mm.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $");
+RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $");
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
diff --git a/crypto/openssh/nchan.c b/crypto/openssh/nchan.c
index 3138cdd..aee3f37 100644
--- a/crypto/openssh/nchan.c
+++ b/crypto/openssh/nchan.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
#include "ssh1.h"
#include "ssh2.h"
@@ -42,15 +42,15 @@ RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $");
* tear down of channels:
*
* 1.3: strict request-ack-protocol:
- * CLOSE ->
- * <- CLOSE_CONFIRM
+ * CLOSE ->
+ * <- CLOSE_CONFIRM
*
* 1.5: uses variations of:
- * IEOF ->
- * <- OCLOSE
- * <- IEOF
- * OCLOSE ->
- * i.e. both sides have to close the channel
+ * IEOF ->
+ * <- OCLOSE
+ * <- IEOF
+ * OCLOSE ->
+ * i.e. both sides have to close the channel
*
* 2.0: the EOF messages are optional
*
@@ -395,7 +395,7 @@ chan_mark_dead(Channel *c)
}
int
-chan_is_dead(Channel *c, int send)
+chan_is_dead(Channel *c, int do_send)
{
if (c->type == SSH_CHANNEL_ZOMBIE) {
debug2("channel %d: zombie", c->self);
@@ -416,7 +416,7 @@ chan_is_dead(Channel *c, int send)
return 0;
}
if (!(c->flags & CHAN_CLOSE_SENT)) {
- if (send) {
+ if (do_send) {
chan_send_close2(c);
} else {
/* channel would be dead if we sent a close */
diff --git a/crypto/openssh/openbsd-compat/Makefile.in b/crypto/openssh/openbsd-compat/Makefile.in
index 5de20ab..0f34f22 100644
--- a/crypto/openssh/openbsd-compat/Makefile.in
+++ b/crypto/openssh/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.30 2004/01/21 06:07:23 djm Exp $
+# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
-COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o
diff --git a/crypto/openssh/openbsd-compat/bsd-arc4random.c b/crypto/openssh/openbsd-compat/bsd-arc4random.c
index 22003ff..5284e1a 100644
--- a/crypto/openssh/openbsd-compat/bsd-arc4random.c
+++ b/crypto/openssh/openbsd-compat/bsd-arc4random.c
@@ -17,7 +17,7 @@
#include "includes.h"
#include "log.h"
-RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $");
#ifndef HAVE_ARC4RANDOM
@@ -56,13 +56,21 @@ unsigned int arc4random(void)
void arc4random_stir(void)
{
unsigned char rand_buf[SEED_SIZE];
+ int i;
memset(&rc4, 0, sizeof(rc4));
if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
- RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
+
+ /*
+ * Discard early keystream, as per recommendations in:
+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ */
+ for(i = 0; i <= 256; i += sizeof(rand_buf))
+ RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
+
memset(rand_buf, 0, sizeof(rand_buf));
rc4_ready = REKEY_BYTES;
diff --git a/crypto/openssh/openbsd-compat/bsd-closefrom.c b/crypto/openssh/openbsd-compat/bsd-closefrom.c
new file mode 100644
index 0000000..61a9fa3
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/bsd-closefrom.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_CLOSEFROM
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <stddef.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+
+#ifndef OPEN_MAX
+# define OPEN_MAX 256
+#endif
+
+RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $");
+
+#ifndef lint
+static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
+#endif /* lint */
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ */
+void
+closefrom(int lowfd)
+{
+ long fd, maxfd;
+#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+ char fdpath[PATH_MAX], *endp;
+ struct dirent *dent;
+ DIR *dirp;
+ int len;
+
+ /* Check for a /proc/$$/fd directory. */
+ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
+ if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
+ while ((dent = readdir(dirp)) != NULL) {
+ fd = strtol(dent->d_name, &endp, 10);
+ if (dent->d_name != endp && *endp == '\0' &&
+ fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+ (void) close((int) fd);
+ }
+ (void) closedir(dirp);
+ } else
+#endif
+ {
+ /*
+ * Fall back on sysconf() or getdtablesize(). We avoid checking
+ * resource limits since it is possible to open a file descriptor
+ * and then drop the rlimit such that it is below the open fd.
+ */
+#ifdef HAVE_SYSCONF
+ maxfd = sysconf(_SC_OPEN_MAX);
+#else
+ maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+ if (maxfd < 0)
+ maxfd = OPEN_MAX;
+
+ for (fd = lowfd; fd < maxfd; fd++)
+ (void) close((int) fd);
+ }
+}
+
+#endif /* HAVE_CLOSEFROM */
+
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c
index 7b06786..1b276b4 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.c
+++ b/crypto/openssh/openbsd-compat/bsd-misc.c
@@ -1,3 +1,4 @@
+
/*
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
*
@@ -17,7 +18,11 @@
#include "includes.h"
#include "xmalloc.h"
-RCSID("$Id: bsd-misc.c,v 1.21 2004/02/17 05:49:55 djm Exp $");
+RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $");
+
+#ifndef HAVE___PROGNAME
+char *__progname;
+#endif
/*
* NB. duplicate __progname in case it is an alias for argv[0]
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h
index 009739b..33a1d70 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.h
+++ b/crypto/openssh/openbsd-compat/bsd-misc.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.15 2004/03/08 11:59:03 dtucker Exp $ */
+/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */
/*
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c
index 66d1814..660427c 100644
--- a/crypto/openssh/openbsd-compat/getrrsetbyname.c
+++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c
@@ -53,6 +53,10 @@
#define ANSWER_BUFFER_SIZE 1024*64
+#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
+extern int h_errno;
+#endif
+
struct dns_query {
char *name;
u_int16_t type;
diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h
index 6be1bcd..89d1454 100644
--- a/crypto/openssh/openbsd-compat/openbsd-compat.h
+++ b/crypto/openssh/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.25 2004/01/21 06:07:23 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -48,6 +48,10 @@ char *basename(const char *path);
int bindresvport_sa(int sd, struct sockaddr *sa);
#endif
+#ifndef HAVE_CLOSEFROM
+void closefrom(int);
+#endif
+
#ifndef HAVE_GETCWD
char *getcwd(char *pt, size_t size);
#endif
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index 2895f0d..78f4fae 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -101,7 +101,7 @@ aix_remove_embedded_newlines(char *p)
int
sys_auth_passwd(Authctxt *ctxt, const char *password)
{
- char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
+ char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
int authsuccess = 0, expired, reenter, result;
do {
@@ -115,30 +115,21 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
if (result == 0) {
authsuccess = 1;
- host = (char *)get_canonical_hostname(options.use_dns);
-
/*
* Record successful login. We don't have a pty yet, so just
* label the line as "ssh"
*/
aix_setauthdb(name);
- if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
- if (msg != NULL) {
- debug("%s: msg %s", __func__, msg);
- buffer_append(&loginmsg, msg, strlen(msg));
- xfree(msg);
- }
- }
/*
* Check if the user's password is expired.
*/
- expired = passwdexpired(name, &msg);
- if (msg && *msg) {
- buffer_append(&loginmsg, msg, strlen(msg));
- aix_remove_embedded_newlines(msg);
- }
- debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
+ expired = passwdexpired(name, &msg);
+ if (msg && *msg) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ aix_remove_embedded_newlines(msg);
+ }
+ debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
switch (expired) {
case 0: /* password not expired */
@@ -163,7 +154,70 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
return authsuccess;
}
-
+
+/*
+ * Check if specified account is permitted to log in.
+ * Returns 1 if login is allowed, 0 if not allowed.
+ */
+int
+sys_auth_allowed_user(struct passwd *pw)
+{
+ char *msg = NULL;
+ int result, permitted = 0;
+ struct stat st;
+
+ /*
+ * Don't perform checks for root account (PermitRootLogin controls
+ * logins via * ssh) or if running as non-root user (since
+ * loginrestrictions will always fail due to insufficient privilege).
+ */
+ if (pw->pw_uid == 0 || geteuid() != 0) {
+ debug3("%s: not checking", __func__);
+ return 1;
+ }
+
+ result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg);
+ if (result == 0)
+ permitted = 1;
+ /*
+ * If restricted because /etc/nologin exists, the login will be denied
+ * in session.c after the nologin message is sent, so allow for now
+ * and do not append the returned message.
+ */
+ if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)
+ permitted = 1;
+ else if (msg != NULL)
+ buffer_append(&loginmsg, msg, strlen(msg));
+ if (msg == NULL)
+ msg = xstrdup("(none)");
+ aix_remove_embedded_newlines(msg);
+ debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg);
+
+ if (!permitted)
+ logit("Login restricted for %s: %.100s", pw->pw_name, msg);
+ xfree(msg);
+ return permitted;
+}
+
+int
+sys_auth_record_login(const char *user, const char *host, const char *ttynm)
+{
+ char *msg;
+ int success = 0;
+
+ aix_setauthdb(user);
+ if (loginsuccess((char *)user, host, ttynm, &msg) == 0) {
+ success = 1;
+ if (msg != NULL) {
+ debug("AIX/loginsuccess: msg %s", __func__, msg);
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+ }
+ }
+ aix_restoreauthdb();
+ return (success);
+}
+
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function
diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h
index 3118af9..29e9751 100644
--- a/crypto/openssh/openbsd-compat/port-aix.h
+++ b/crypto/openssh/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.19 2004/02/10 04:27:35 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */
/*
*
@@ -63,6 +63,10 @@ void aix_usrinfo(struct passwd *);
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_SYS_AUTH_PASSWD 1
+# define CUSTOM_SYS_AUTH_ALLOWED_USER 1
+int sys_auth_allowed_user(struct passwd *);
+# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
+int sys_auth_record_login(const char *, const char *, const char *);
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *, const char *);
#endif
diff --git a/crypto/openssh/openbsd-compat/sys-queue.h b/crypto/openssh/openbsd-compat/sys-queue.h
index 8ff19e4..c49a946 100644
--- a/crypto/openssh/openbsd-compat/sys-queue.h
+++ b/crypto/openssh/openbsd-compat/sys-queue.h
@@ -1,6 +1,6 @@
/* OPENBSD ORIGINAL: sys/sys/queue.h */
-/* $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $ */
+/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
@@ -38,12 +38,13 @@
#define _FAKE_QUEUE_H_
/*
- * Ignore all <sys/queue.h> since older platforms have broken/incomplete
- * <sys/queue.h> that are too hard to work around.
+ * Require for OS/X and other platforms that have old/broken/incomplete
+ * <sys/queue.h>.
*/
#undef SLIST_HEAD
#undef SLIST_HEAD_INITIALIZER
#undef SLIST_ENTRY
+#undef SLIST_FOREACH_PREVPTR
#undef SLIST_FIRST
#undef SLIST_END
#undef SLIST_EMPTY
@@ -54,6 +55,7 @@
#undef SLIST_INSERT_HEAD
#undef SLIST_REMOVE_HEAD
#undef SLIST_REMOVE
+#undef SLIST_REMOVE_NEXT
#undef LIST_HEAD
#undef LIST_HEAD_INITIALIZER
#undef LIST_ENTRY
@@ -194,6 +196,11 @@ struct { \
(var) != SLIST_END(head); \
(var) = SLIST_NEXT(var, field))
+#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \
+ for ((varp) = &SLIST_FIRST((head)); \
+ ((var) = *(varp)) != SLIST_END(head); \
+ (varp) = &SLIST_NEXT((var), field))
+
/*
* Singly-linked List functions.
*/
@@ -211,6 +218,10 @@ struct { \
(head)->slh_first = (elm); \
} while (0)
+#define SLIST_REMOVE_NEXT(head, elm, field) do { \
+ (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \
+} while (0)
+
#define SLIST_REMOVE_HEAD(head, field) do { \
(head)->slh_first = (head)->slh_first->field.sle_next; \
} while (0)
@@ -400,7 +411,7 @@ struct { \
(var) != TAILQ_END(head); \
(var) = TAILQ_NEXT(var, field))
-#define TAILQ_FOREACH_REVERSE(var, head, field, headname) \
+#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
for((var) = TAILQ_LAST(head, headname); \
(var) != TAILQ_END(head); \
(var) = TAILQ_PREV(var, headname, field))
diff --git a/crypto/openssh/openbsd-compat/xmmap.c b/crypto/openssh/openbsd-compat/xmmap.c
index 9dc4340..c8d59de 100644
--- a/crypto/openssh/openbsd-compat/xmmap.c
+++ b/crypto/openssh/openbsd-compat/xmmap.c
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: xmmap.c,v 1.3 2003/06/02 02:25:27 tim Exp $ */
+/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */
#include "includes.h"
@@ -40,25 +40,28 @@ void *xmmap(size_t size)
#ifdef HAVE_MMAP
# ifdef MAP_ANON
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
- -1, 0);
+ -1, (off_t)0);
# else
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
- open("/dev/zero", O_RDWR), 0);
+ open("/dev/zero", O_RDWR), (off_t)0);
# endif
#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
if (address == MAP_FAILED) {
char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
int tmpfd;
+ mode_t old_umask;
+ old_umask = umask(0177);
tmpfd = mkstemp(tmpname);
+ umask(old_umask);
if (tmpfd == -1)
fatal("mkstemp(\"%s\"): %s",
MM_SWAP_TEMPLATE, strerror(errno));
unlink(tmpname);
ftruncate(tmpfd, size);
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
- tmpfd, 0);
+ tmpfd, (off_t)0);
close(tmpfd);
}
diff --git a/crypto/openssh/opensshd.init.in b/crypto/openssh/opensshd.init.in
new file mode 100755
index 0000000..ffa7cda
--- /dev/null
+++ b/crypto/openssh/opensshd.init.in
@@ -0,0 +1,82 @@
+#!/sbin/sh
+# Donated code that was put under PD license.
+#
+# Stripped PRNGd out of it for the time being.
+
+umask 022
+
+CAT=@CAT@
+KILL=@KILL@
+
+prefix=@prefix@
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+
+SSHD=$prefix/sbin/sshd
+PIDFILE=$piddir/sshd.pid
+SSH_KEYGEN=$prefix/bin/ssh-keygen
+HOST_KEY_RSA1=$sysconfdir/ssh_host_key
+HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
+HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
+
+
+checkkeys() {
+ if [ ! -f $HOST_KEY_RSA1 ]; then
+ ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+ fi
+ if [ ! -f $HOST_KEY_DSA ]; then
+ ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
+ fi
+ if [ ! -f $HOST_KEY_RSA ]; then
+ ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
+ fi
+}
+
+stop_service() {
+ if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
+ PID=`${CAT} ${PIDFILE}`
+ fi
+ if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
+ ${KILL} ${PID}
+ else
+ echo "Unable to read PID file"
+ fi
+}
+
+start_service() {
+ # XXX We really should check if the service is already going, but
+ # XXX we will opt out at this time. - Bal
+
+ # Check to see if we have keys that need to be made
+ checkkeys
+
+ # Start SSHD
+ echo "starting $SSHD... \c" ; $SSHD
+
+ sshd_rc=$?
+ if [ $sshd_rc -ne 0 ]; then
+ echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
+ exit $sshd_rc
+ fi
+ echo done.
+}
+
+case $1 in
+
+'start')
+ start_service
+ ;;
+
+'stop')
+ stop_service
+ ;;
+
+'restart')
+ stop_service
+ start_service
+ ;;
+
+*)
+ echo "$0: usage: $0 {start|stop|restart}"
+ ;;
+esac
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index daae9ff..82a5694 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.112 2003/09/23 20:17:11 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $");
#include "openbsd-compat/sys-queue.h"
@@ -154,8 +154,10 @@ packet_set_connection(int fd_in, int fd_out)
fatal("packet_set_connection: cannot load cipher 'none'");
connection_in = fd_in;
connection_out = fd_out;
- cipher_init(&send_context, none, "", 0, NULL, 0, CIPHER_ENCRYPT);
- cipher_init(&receive_context, none, "", 0, NULL, 0, CIPHER_DECRYPT);
+ cipher_init(&send_context, none, (const u_char *)"",
+ 0, NULL, 0, CIPHER_ENCRYPT);
+ cipher_init(&receive_context, none, (const u_char *)"",
+ 0, NULL, 0, CIPHER_DECRYPT);
newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
if (!initialized) {
initialized = 1;
@@ -317,13 +319,10 @@ void
packet_set_nonblocking(void)
{
/* Set the socket into non-blocking mode. */
- if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0)
- error("fcntl O_NONBLOCK: %.100s", strerror(errno));
+ set_nonblock(connection_in);
- if (connection_out != connection_in) {
- if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0)
- error("fcntl O_NONBLOCK: %.100s", strerror(errno));
- }
+ if (connection_out != connection_in)
+ set_nonblock(connection_out);
}
/* Returns the socket used for reading. */
@@ -508,7 +507,7 @@ packet_send1(void)
u_char buf[8], *cp;
int i, padding, len;
u_int checksum;
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
/*
* If using packet compression, compress the payload of the outgoing
@@ -534,9 +533,9 @@ packet_send1(void)
cp = buffer_ptr(&outgoing_packet);
for (i = 0; i < padding; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cp[7 - i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ cp[7 - i] = rnd & 0xff;
+ rnd >>= 8;
}
}
buffer_consume(&outgoing_packet, 8 - padding);
@@ -581,18 +580,18 @@ set_newkeys(int mode)
Comp *comp;
CipherContext *cc;
u_int64_t *max_blocks;
- int encrypt;
+ int crypt_type;
debug2("set_newkeys: mode %d", mode);
if (mode == MODE_OUT) {
cc = &send_context;
- encrypt = CIPHER_ENCRYPT;
+ crypt_type = CIPHER_ENCRYPT;
p_send.packets = p_send.blocks = 0;
max_blocks = &max_blocks_out;
} else {
cc = &receive_context;
- encrypt = CIPHER_DECRYPT;
+ crypt_type = CIPHER_DECRYPT;
p_read.packets = p_read.blocks = 0;
max_blocks = &max_blocks_in;
}
@@ -621,7 +620,7 @@ set_newkeys(int mode)
mac->enabled = 1;
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
- enc->iv, enc->block_size, encrypt);
+ enc->iv, enc->block_size, crypt_type);
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
@@ -655,7 +654,7 @@ packet_send2_wrapped(void)
u_char padlen, pad;
u_int packet_length = 0;
u_int i, len;
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
Enc *enc = NULL;
Mac *mac = NULL;
Comp *comp = NULL;
@@ -714,9 +713,9 @@ packet_send2_wrapped(void)
/* random padding */
for (i = 0; i < padlen; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cp[i] = rand & 0xff;
- rand >>= 8;
+ rnd = arc4random();
+ cp[i] = rnd & 0xff;
+ rnd >>= 8;
}
} else {
/* clear padding */
@@ -1449,7 +1448,7 @@ packet_is_interactive(void)
return interactive_mode;
}
-u_int
+int
packet_set_maxsize(u_int s)
{
static int called = 0;
@@ -1490,20 +1489,20 @@ packet_add_padding(u_char pad)
void
packet_send_ignore(int nbytes)
{
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
int i;
packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
packet_put_int(nbytes);
for (i = 0; i < nbytes; i++) {
if (i % 4 == 0)
- rand = arc4random();
- packet_put_char(rand & 0xff);
- rand >>= 8;
+ rnd = arc4random();
+ packet_put_char(rnd & 0xff);
+ rnd >>= 8;
}
}
-#define MAX_PACKETS (1<<31)
+#define MAX_PACKETS (1U<<31)
int
packet_need_rekeying(void)
{
diff --git a/crypto/openssh/progressmeter.c b/crypto/openssh/progressmeter.c
index f426685..93f5a3e 100644
--- a/crypto/openssh/progressmeter.c
+++ b/crypto/openssh/progressmeter.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: progressmeter.c,v 1.19 2004/02/05 15:33:33 markus Exp $");
+RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
#include "progressmeter.h"
#include "atomicio.h"
@@ -48,15 +48,15 @@ void refresh_progress_meter(void);
/* signal handler for updating the progress meter */
static void update_progress_meter(int);
-static time_t start; /* start progress */
-static time_t last_update; /* last progress update */
-static char *file; /* name of the file being transferred */
-static off_t end_pos; /* ending position of transfer */
-static off_t cur_pos; /* transfer position as of last refresh */
+static time_t start; /* start progress */
+static time_t last_update; /* last progress update */
+static char *file; /* name of the file being transferred */
+static off_t end_pos; /* ending position of transfer */
+static off_t cur_pos; /* transfer position as of last refresh */
static volatile off_t *counter; /* progress counter */
-static long stalled; /* how long we have been stalled */
-static int bytes_per_second; /* current speed in bytes per second */
-static int win_size; /* terminal window size */
+static long stalled; /* how long we have been stalled */
+static int bytes_per_second; /* current speed in bytes per second */
+static int win_size; /* terminal window size */
/* units for format_size */
static const char unit[] = " KMGT";
@@ -167,7 +167,7 @@ refresh_progress_meter(void)
/* bandwidth usage */
format_rate(buf + strlen(buf), win_size - strlen(buf),
- bytes_per_second);
+ (off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);
/* ETA */
@@ -224,7 +224,7 @@ update_progress_meter(int ignore)
}
void
-start_progress_meter(char *f, off_t filesize, off_t *stat)
+start_progress_meter(char *f, off_t filesize, off_t *ctr)
{
struct winsize winsize;
@@ -232,7 +232,7 @@ start_progress_meter(char *f, off_t filesize, off_t *stat)
file = f;
end_pos = filesize;
cur_pos = 0;
- counter = stat;
+ counter = ctr;
stalled = 0;
bytes_per_second = 0;
diff --git a/crypto/openssh/readpass.c b/crypto/openssh/readpass.c
index 95ec5d8..eb4f6fd 100644
--- a/crypto/openssh/readpass.c
+++ b/crypto/openssh/readpass.c
@@ -23,10 +23,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");
#include "xmalloc.h"
-#include "readpass.h"
+#include "misc.h"
#include "pathnames.h"
#include "log.h"
#include "ssh.h"
@@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags)
int rppflags, use_askpass = 0, ttyfd;
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
- if (flags & RP_ALLOW_STDIN) {
+ if (flags & RP_USE_ASKPASS)
+ use_askpass = 1;
+ else if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
use_askpass = 1;
} else {
@@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags)
use_askpass = 1;
}
+ if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
+ return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
+
if (use_askpass && getenv("DISPLAY")) {
if (getenv(SSH_ASKPASS_ENV))
askpass = getenv(SSH_ASKPASS_ENV);
diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile
index cf65b36..9e98e58 100644
--- a/crypto/openssh/regress/Makefile
+++ b/crypto/openssh/regress/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $
+# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
tests: $(REGRESS_TARGETS)
@@ -13,6 +13,7 @@ LTESTS= connect \
proto-version \
proto-mismatch \
exit-status \
+ envpass \
transfer \
banner \
rekey \
@@ -28,13 +29,16 @@ LTESTS= connect \
agent-ptrace \
keyscan \
keygen-change \
+ scp \
sftp \
sftp-cmds \
sftp-badcmds \
sftp-batch \
reconfigure \
dynamic-forward \
- forwarding
+ forwarding \
+ multiplex \
+ reexec
USER!= id -un
CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
@@ -42,7 +46,9 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
ssh_config ssh_proxy sshd_config sshd_proxy \
rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
- ls.copy banner.in banner.out empty.in remote_pid
+ ls.copy banner.in banner.out empty.in \
+ scp-ssh-wrapper.exe \
+ remote_pid
#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
diff --git a/crypto/openssh/regress/README.regress b/crypto/openssh/regress/README.regress
index 6ff032b..0c07c9c 100644
--- a/crypto/openssh/regress/README.regress
+++ b/crypto/openssh/regress/README.regress
@@ -27,15 +27,26 @@ TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
OBJ: used by test scripts to access build dir.
+TEST_SHELL: shell used for running the test scripts.
+TEST_SSH_PORT: TCP port to be used for the listening tests.
+TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config
+ before running each test.
+TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
+ before running each test.
Individual tests.
-You can invoke test-exec.sh directly if you set up the path to find the
-binaries under test and the test scripts themselves, for example:
+You can run an individual test from the top-level Makefile, eg:
+$ make tests LTESTS=agent-timeout
+
+If you need to manipulate the environment more you can invoke test-exec.sh
+directly if you set up the path to find the binaries under test and the
+test scripts themselves, for example:
$ cd regress
-$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh
+$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
+ agent-timeout.sh
ok agent timeout test
@@ -82,16 +93,12 @@ Failed tests can be difficult to diagnose. Suggestions:
Known Issues.
-- If you build with tcpwrappers and try to run the regression tests,
- your hosts.allow must permit connections from localhost and from
- "unknown". This is because some tests are performed via the loopback
- interface, while others are done with "sshd -i" as a ProxyCommand. In
- the latter case, when sshd calls getpeername() on the socket it will
- fail (because it's not a tcp socket) and will be identified as
- "unknown", which is then checked against tcpwrappers.
-
- If your build requires ssh-rand-helper regress tests will fail
unless ssh-rand-helper is in pre-installed (the path to
ssh-rand-helper is hard coded).
-$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $
+- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
+ test to fail. The old behaviour can be restored by setting (and
+ exporting) _POSIX2_VERSION=199209 before running the tests.
+
+$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $
diff --git a/crypto/openssh/regress/dynamic-forward.sh b/crypto/openssh/regress/dynamic-forward.sh
index 3a6e5c1..392fc19 100644
--- a/crypto/openssh/regress/dynamic-forward.sh
+++ b/crypto/openssh/regress/dynamic-forward.sh
@@ -3,8 +3,8 @@
tid="dynamic forwarding"
-PORT=4242
-FWDPORT=4243
+FWDPORT=`expr $PORT + 1`
+
DATA=/bin/ls${EXEEXT}
if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
diff --git a/crypto/openssh/regress/envpass.sh b/crypto/openssh/regress/envpass.sh
new file mode 100644
index 0000000..5a7e178
--- /dev/null
+++ b/crypto/openssh/regress/envpass.sh
@@ -0,0 +1,51 @@
+# $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="environment passing"
+
+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
+
+trace "pass env, don't accept"
+verbose "test $tid: pass env, don't accept"
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
+ sh << 'EOF'
+ test -z "$_TEST_ENV"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "don't pass env, accept"
+verbose "test $tid: don't pass env, accept"
+${SSH} -F $OBJ/ssh_proxy otherhost \
+ sh << 'EOF'
+ test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "pass single env, accept single env"
+verbose "test $tid: pass single env, accept single env"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
+ sh << 'EOF'
+ test X"$_XXX_TEST" = X"blah"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
+
+trace "pass multiple env, accept multiple env"
+verbose "test $tid: pass multiple env, accept multiple env"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
+ -F $OBJ/ssh_proxy otherhost \
+ sh << 'EOF'
+ test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh
index dfc6e6b..ce6edad 100644
--- a/crypto/openssh/regress/login-timeout.sh
+++ b/crypto/openssh/regress/login-timeout.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $
+# $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
# Placed in the Public Domain.
tid="connect after login grace timeout"
@@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then
fail "ssh connect after login grace timeout failed with privsep"
fi
-kill `cat $PIDFILE`
+$SUDO kill `cat $PIDFILE`
trace "test login grace without privsep"
echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh
new file mode 100644
index 0000000..dbf2025
--- /dev/null
+++ b/crypto/openssh/regress/multiplex.sh
@@ -0,0 +1,74 @@
+# $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
+# Placed in the Public Domain.
+
+CTL=$OBJ/ctl-sock
+
+tid="connection multiplexing"
+
+DATA=/bin/ls${EXEEXT}
+COPY=$OBJ/ls.copy
+
+start_sshd
+
+trace "start master, fork to background"
+${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
+
+verbose "test $tid: envpass"
+trace "env passing over multiplexed connection"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
+ test X"$_XXX_TEST" = X"blah"
+EOF
+if [ $? -ne 0 ]; then
+ fail "environment not found"
+fi
+
+verbose "test $tid: transfer"
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S$CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY} || fail "ssh -Sctl: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S $CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY} || fail "ssh -S ctl: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "sftp transfer over multiplexed connection and check result"
+echo "get ${DATA} ${COPY}" | \
+ ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
+test -f ${COPY} || fail "sftp: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "scp transfer over multiplexed connection and check result"
+${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
+test -f ${COPY} || fail "scp: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+
+for s in 0 1 4 5 44; do
+ trace "exit status $s over multiplexed connection"
+ verbose "test $tid: status $s"
+ ${SSH} -S $CTL otherhost exit $s
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code mismatch for protocol $p: $r != $s"
+ fi
+
+ # same with early close of stdout/err
+ trace "exit status $s with early close over multiplexed connection"
+ ${SSH} -S $CTL -n otherhost \
+ exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+ fi
+done
+
+# kill master, remove control socket. ssh -MS will exit when sleep exits
+$SUDO kill `cat $PIDFILE`
+rm -f $CTL
diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh
new file mode 100644
index 0000000..39fffef
--- /dev/null
+++ b/crypto/openssh/regress/reexec.sh
@@ -0,0 +1,87 @@
+# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
+# Placed in the Public Domain.
+
+tid="reexec tests"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+SSHD_ORIG=$SSHD
+SSHD_COPY=$OBJ/sshd.copy
+
+# Start a sshd and then delete it
+start_sshd_copy_zap ()
+{
+ cp $SSHD_ORIG $SSHD_COPY
+ SSHD=$SSHD_COPY
+ start_sshd
+ rm -f $SSHD_COPY
+ SSHD=$SSHD_ORIG
+}
+
+verbose "test config passing"
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+
+start_sshd
+
+echo "InvalidXXX=no" >> $OBJ/sshd_config
+
+rm -f ${COPY}
+for p in 1 2; do
+ verbose "$tid: proto $p"
+ ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+ cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+
+verbose "test reexec fallback"
+
+start_sshd_copy_zap
+
+rm -f ${COPY}
+for p in 1 2; do
+ verbose "$tid: proto $p"
+ ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+ cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+verbose "test reexec fallback without privsep"
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
+
+start_sshd_copy_zap
+
+rm -f ${COPY}
+for p in 1 2; do
+ verbose "$tid: proto $p"
+ ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+ cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+
diff --git a/crypto/openssh/regress/scp-ssh-wrapper.sh b/crypto/openssh/regress/scp-ssh-wrapper.sh
new file mode 100644
index 0000000..8e43147
--- /dev/null
+++ b/crypto/openssh/regress/scp-ssh-wrapper.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
+# Placed in the Public Domain.
+
+printname () {
+ NAME=$1
+ save_IFS=$IFS
+ IFS=/
+ set -- `echo "$NAME"`
+ IFS="$save_IFS"
+ while [ $# -ge 1 ] ; do
+ if [ "x$1" != "x" ]; then
+ echo "D0755 0 $1"
+ fi
+ shift;
+ done
+}
+
+# discard first 5 args
+shift; shift; shift; shift; shift
+
+BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
+
+case "$SCPTESTMODE" in
+badserver_0)
+ echo "D0755 0 /${DIR}/rootpathdir"
+ echo "C755 2 rootpathfile"
+ echo "X"
+ ;;
+badserver_1)
+ echo "D0755 0 $BAD"
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_2)
+ echo "D0755 0 $BAD"
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_3)
+ printname $BAD
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_4)
+ printname $BAD
+ echo "D0755 0 .."
+ echo "C755 2 file"
+ echo "X"
+ ;;
+*)
+ exec $1
+ ;;
+esac
diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh
new file mode 100644
index 0000000..703cc08
--- /dev/null
+++ b/crypto/openssh/regress/scp.sh
@@ -0,0 +1,82 @@
+# $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="scp"
+
+#set -x
+
+# Figure out if diff understands "-N"
+if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
+ DIFFOPT="-rN"
+else
+ DIFFOPT="-r"
+fi
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+COPY2=${OBJ}/copy2
+DIR=${COPY}.dd
+DIR2=${COPY}.dd2
+
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
+chmod 755 ${OBJ}/scp-ssh-wrapper.exe
+scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
+
+scpclean() {
+ rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+ mkdir ${DIR} ${DIR2}
+}
+
+verbose "$tid: simple copy local file to remote file"
+scpclean
+$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local file"
+scpclean
+$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy local file to remote dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: recursive local dir to remote dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+verbose "$tid: recursive remote dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+for i in 0 1 2 3 4; do
+ verbose "$tid: disallow bad server #$i"
+ SCPTESTMODE=badserver_$i
+ export DIR SCPTESTMODE
+ scpclean
+ $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
+ [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
+ [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+
+ scpclean
+ $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+ [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+done
+
+scpclean
+rm -f ${OBJ}/scp-ssh-wrapper.exe
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
index 986d992..70250ac 100644
--- a/crypto/openssh/regress/test-exec.sh
+++ b/crypto/openssh/regress/test-exec.sh
@@ -1,9 +1,14 @@
-# $OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $
+# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
# Placed in the Public Domain.
-PORT=4242
#SUDO=sudo
+if [ ! -z "$TEST_SSH_PORT" ]; then
+ PORT="$TEST_SSH_PORT"
+else
+ PORT=4242
+fi
+
if [ -x /usr/ucb/whoami ]; then
USER=`/usr/ucb/whoami`
elif whoami >/dev/null 2>&1; then
@@ -47,6 +52,7 @@ SSHKEYGEN=ssh-keygen
SSHKEYSCAN=ssh-keyscan
SFTP=sftp
SFTPSERVER=/usr/libexec/openssh/sftp-server
+SCP=scp
if [ "x$TEST_SSH_SSH" != "x" ]; then
SSH="${TEST_SSH_SSH}"
@@ -72,10 +78,16 @@ fi
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
SFTPSERVER="${TEST_SSH_SFTPSERVER}"
fi
+if [ "x$TEST_SSH_SCP" != "x" ]; then
+ SCP="${TEST_SSH_SCP}"
+fi
+
+# Path to sshd must be absolute for rexec
+SSHD=`which sshd`
# these should be used in tests
-export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
-#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
+export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
+#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
# helper
echon()
@@ -156,15 +168,23 @@ trap fatal 3 2
# create server config
cat << EOF > $OBJ/sshd_config
+ StrictModes no
Port $PORT
ListenAddress 127.0.0.1
#ListenAddress ::1
PidFile $PIDFILE
AuthorizedKeysFile $OBJ/authorized_keys_%u
LogLevel QUIET
- StrictModes no
+ AcceptEnv _XXX_TEST_*
+ AcceptEnv _XXX_TEST
+ Subsystem sftp $SFTPSERVER
EOF
+if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
+ trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
+ echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
+fi
+
# server config for proxy connects
cp $OBJ/sshd_config $OBJ/sshd_proxy
@@ -190,6 +210,11 @@ Host *
StrictHostKeyChecking yes
EOF
+if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
+ trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
+ echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
+fi
+
rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
trace "generate keys"
diff --git a/crypto/openssh/regress/try-ciphers.sh b/crypto/openssh/regress/try-ciphers.sh
index 15827e2..c6e1b91 100644
--- a/crypto/openssh/regress/try-ciphers.sh
+++ b/crypto/openssh/regress/try-ciphers.sh
@@ -29,8 +29,10 @@ for c in $ciphers; do
fi
done
-if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
+if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
then
+ :
+else
echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
c=acss@openssh.org
diff --git a/crypto/openssh/scard-opensc.c b/crypto/openssh/scard-opensc.c
index a9b7ebc..dd2c28d 100644
--- a/crypto/openssh/scard-opensc.c
+++ b/crypto/openssh/scard-opensc.c
@@ -35,7 +35,7 @@
#include "key.h"
#include "log.h"
#include "xmalloc.h"
-#include "readpass.h"
+#include "misc.h"
#include "scard.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
diff --git a/crypto/openssh/scard.c b/crypto/openssh/scard.c
index 906287b..b3d2505 100644
--- a/crypto/openssh/scard.c
+++ b/crypto/openssh/scard.c
@@ -24,7 +24,7 @@
#include "includes.h"
#if defined(SMARTCARD) && defined(USE_SECTOK)
-RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.29 2004/05/08 00:21:31 djm Exp $");
#include <openssl/evp.h>
#include <sectok.h>
@@ -32,7 +32,7 @@ RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $");
#include "key.h"
#include "log.h"
#include "xmalloc.h"
-#include "readpass.h"
+#include "misc.h"
#include "scard.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L
diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1
index 5a32211..f346b2a 100644
--- a/crypto/openssh/scp.1
+++ b/crypto/openssh/scp.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@@ -127,7 +127,9 @@ For full details of the options listed below, and their possible values, see
.It Compression
.It CompressionLevel
.It ConnectionAttempts
-.It ConnectionTimeout
+.It ConnectTimeout
+.It ControlMaster
+.It ControlPath
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@@ -150,6 +152,7 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RhostsRSAAuthentication
.It RSAAuthentication
+.It SendEnv
.It ServerAliveInterval
.It ServerAliveCountMax
.It SmartcardDevice
diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c
index 781d982..0ffacbc 100644
--- a/crypto/openssh/sftp-client.c
+++ b/crypto/openssh/sftp-client.c
@@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
#include "openbsd-compat/sys-queue.h"
@@ -36,6 +36,7 @@ RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $");
#include "sftp-common.h"
#include "sftp-client.h"
+extern volatile sig_atomic_t interrupted;
extern int showprogress;
/* Minimum amount of data to read at at time */
@@ -330,7 +331,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
(*dir)[0] = NULL;
}
- for (;;) {
+ for (; !interrupted;) {
int count;
id = expected_id = conn->msg_id++;
@@ -407,6 +408,13 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
do_close(conn, handle, handle_len);
xfree(handle);
+ /* Don't return partial matches on interrupt */
+ if (interrupted && dir != NULL && *dir != NULL) {
+ free_sftp_dirents(*dir);
+ *dir = xmalloc(sizeof(**dir));
+ **dir = NULL;
+ }
+
return(0);
}
@@ -643,7 +651,7 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
buffer_init(&msg);
- /* Send rename request */
+ /* Send symlink request */
id = conn->msg_id++;
buffer_put_char(&msg, SSH2_FXP_SYMLINK);
buffer_put_int(&msg, id);
@@ -812,6 +820,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
char *data;
u_int len;
+ /*
+ * Simulate EOF on interrupt: stop sending new requests and
+ * allow outstanding requests to drain gracefully
+ */
+ if (interrupted) {
+ if (num_req == 0) /* If we haven't started yet... */
+ break;
+ max_req = 0;
+ }
+
/* Send some more requests */
while (num_req < max_req) {
debug3("Request range %llu -> %llu (%d/%d)",
@@ -899,8 +917,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
(unsigned long long)offset,
num_req);
max_req = 1;
- }
- else if (max_req < conn->num_requests + 1) {
+ } else if (max_req <= conn->num_requests) {
++max_req;
}
}
@@ -975,7 +992,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
TAILQ_ENTRY(outstanding_ack) tq;
};
TAILQ_HEAD(ackhead, outstanding_ack) acks;
- struct outstanding_ack *ack;
+ struct outstanding_ack *ack = NULL;
TAILQ_INIT(&acks);
@@ -1036,10 +1053,14 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
int len;
/*
- * Can't use atomicio here because it returns 0 on EOF, thus losing
- * the last block of the file
+ * Can't use atomicio here because it returns 0 on EOF,
+ * thus losing the last block of the file.
+ * Simulate an EOF on interrupt, allowing ACKs from the
+ * server to drain.
*/
- do
+ if (interrupted)
+ len = 0;
+ else do
len = read(local_fd, data, conn->transfer_buflen);
while ((len == -1) && (errno == EINTR || errno == EAGAIN));
diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c
index 1d13e97..e822800 100644
--- a/crypto/openssh/sftp-server.c
+++ b/crypto/openssh/sftp-server.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.45 2004/02/19 21:15:04 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
#include "buffer.h"
#include "bufaux.h"
@@ -31,11 +31,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.45 2004/02/19 21:15:04 markus Exp $");
#define get_string(lenp) buffer_get_string(&iqueue, lenp);
#define TRACE debug
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
/* input and output queue */
Buffer iqueue;
@@ -260,7 +256,7 @@ send_msg(Buffer *m)
}
static void
-send_status(u_int32_t id, u_int32_t error)
+send_status(u_int32_t id, u_int32_t status)
{
Buffer msg;
const char *status_messages[] = {
@@ -276,14 +272,14 @@ send_status(u_int32_t id, u_int32_t error)
"Unknown error" /* Others */
};
- TRACE("sent status id %u error %u", id, error);
+ TRACE("sent status id %u error %u", id, status);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_STATUS);
buffer_put_int(&msg, id);
- buffer_put_int(&msg, error);
+ buffer_put_int(&msg, status);
if (version >= 3) {
buffer_put_cstring(&msg,
- status_messages[MIN(error,SSH2_FX_MAX)]);
+ status_messages[MIN(status,SSH2_FX_MAX)]);
buffer_put_cstring(&msg, "");
}
send_msg(&msg);
@@ -839,9 +835,29 @@ process_rename(void)
status = errno_to_portable(errno);
else if (S_ISREG(sb.st_mode)) {
/* Race-free rename of regular files */
- if (link(oldpath, newpath) == -1)
- status = errno_to_portable(errno);
- else if (unlink(oldpath) == -1) {
+ if (link(oldpath, newpath) == -1) {
+ if (errno == EOPNOTSUPP
+#ifdef LINK_OPNOTSUPP_ERRNO
+ || errno == LINK_OPNOTSUPP_ERRNO
+#endif
+ ) {
+ struct stat st;
+
+ /*
+ * fs doesn't support links, so fall back to
+ * stat+rename. This is racy.
+ */
+ if (stat(newpath, &st) == -1) {
+ if (rename(oldpath, newpath) == -1)
+ status =
+ errno_to_portable(errno);
+ else
+ status = SSH2_FX_OK;
+ }
+ } else {
+ status = errno_to_portable(errno);
+ }
+ } else if (unlink(oldpath) == -1) {
status = errno_to_portable(errno);
/* clean spare link */
unlink(newpath);
@@ -863,20 +879,20 @@ process_readlink(void)
{
u_int32_t id;
int len;
- char link[MAXPATHLEN];
+ char buf[MAXPATHLEN];
char *path;
id = get_int();
path = get_string(NULL);
TRACE("readlink id %u path %s", id, path);
- if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
+ if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
send_status(id, errno_to_portable(errno));
else {
Stat s;
- link[len] = '\0';
+ buf[len] = '\0';
attrib_clear(&s.attrib);
- s.name = s.long_name = link;
+ s.name = s.long_name = buf;
send_names(id, 1, &s);
}
xfree(path);
diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1
index b2cab0c..3b035b1 100644
--- a/crypto/openssh/sftp.1
+++ b/crypto/openssh/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: sftp.1,v 1.57 2004/06/21 22:41:31 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -153,7 +153,9 @@ For full details of the options listed below, and their possible values, see
.It Compression
.It CompressionLevel
.It ConnectionAttempts
-.It ConnectionTimeout
+.It ConnectTimeout
+.It ControlMaster
+.It ControlPath
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@@ -176,6 +178,7 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RhostsRSAAuthentication
.It RSAAuthentication
+.It SendEnv
.It ServerAliveInterval
.It ServerAliveCountMax
.It SmartcardDevice
@@ -300,6 +303,24 @@ If the
.Fl l
flag is specified, then display additional details including permissions
and ownership information.
+The
+.Fl n
+flag will produce a long listing with user and group information presented
+numerically.
+.Pp
+By default,
+.Ic ls
+listings are sorted in lexicographical order.
+This may be changed by specifying the
+.Fl S
+(sort by file size),
+.Fl t
+(sort by last modification time), or
+.Fl f
+(don't sort at all) flags.
+Additionally, the sort order may be reversed using the
+.Fl r
+flag.
.It Ic lumask Ar umask
Set local umask to
.Ar umask .
diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c
index a47ccf5..f01c919 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -16,7 +16,7 @@
#include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.45 2004/03/03 09:31:20 djm Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $");
#include "buffer.h"
#include "xmalloc.h"
@@ -46,21 +46,32 @@ static pid_t sshpid = -1;
/* This is set to 0 if the progressmeter is not desired. */
int showprogress = 1;
+/* SIGINT received during command processing */
+volatile sig_atomic_t interrupted = 0;
+
+/* I wish qsort() took a separate ctx for the comparison function...*/
+int sort_flag;
+
int remote_glob(struct sftp_conn *, const char *, int,
int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
/* Separators for interactive commands */
#define WHITESPACE " \t\r\n"
-/* Define what type of ls view (0 - multi-column) */
-#define LONG_VIEW 1 /* Full view ala ls -l */
-#define SHORT_VIEW 2 /* Single row view ala ls -1 */
+/* ls flags */
+#define LS_LONG_VIEW 0x01 /* Full view ala ls -l */
+#define LS_SHORT_VIEW 0x02 /* Single row view ala ls -1 */
+#define LS_NUMERIC_VIEW 0x04 /* Long view with numeric uid/gid */
+#define LS_NAME_SORT 0x08 /* Sort by name (default) */
+#define LS_TIME_SORT 0x10 /* Sort by mtime */
+#define LS_SIZE_SORT 0x20 /* Sort by file size */
+#define LS_REVERSE_SORT 0x40 /* Reverse sort order */
+#define LS_SHOW_ALL 0x80 /* Don't skip filenames starting with '.' */
+
+#define VIEW_FLAGS (LS_LONG_VIEW|LS_SHORT_VIEW|LS_NUMERIC_VIEW)
+#define SORT_FLAGS (LS_NAME_SORT|LS_TIME_SORT|LS_SIZE_SORT)
/* Commands for interactive mode */
#define I_CHDIR 1
@@ -131,6 +142,24 @@ static const struct CMD cmds[] = {
int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
static void
+killchild(int signo)
+{
+ if (sshpid > 1)
+ kill(sshpid, SIGTERM);
+
+ _exit(1);
+}
+
+static void
+cmd_interrupt(int signo)
+{
+ const char msg[] = "\rInterrupt \n";
+
+ write(STDERR_FILENO, msg, sizeof(msg) - 1);
+ interrupted = 1;
+}
+
+static void
help(void)
{
printf("Available commands:\n");
@@ -254,13 +283,13 @@ path_append(char *p1, char *p2)
static char *
make_absolute(char *p, char *pwd)
{
- char *abs;
+ char *abs_str;
/* Derelativise */
if (p && p[0] != '/') {
- abs = path_append(pwd, p);
+ abs_str = path_append(pwd, p);
xfree(p);
- return(abs);
+ return(abs_str);
} else
return(p);
}
@@ -313,15 +342,41 @@ parse_ls_flags(const char **cpp, int *lflag)
{
const char *cp = *cpp;
+ /* Defaults */
+ *lflag = LS_NAME_SORT;
+
/* Check for flags */
if (cp++[0] == '-') {
for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
switch (*cp) {
case 'l':
- *lflag = LONG_VIEW;
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_LONG_VIEW;
break;
case '1':
- *lflag = SHORT_VIEW;
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_SHORT_VIEW;
+ break;
+ case 'n':
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_NUMERIC_VIEW|LS_LONG_VIEW;
+ break;
+ case 'S':
+ *lflag &= ~SORT_FLAGS;
+ *lflag |= LS_SIZE_SORT;
+ break;
+ case 't':
+ *lflag &= ~SORT_FLAGS;
+ *lflag |= LS_TIME_SORT;
+ break;
+ case 'r':
+ *lflag |= LS_REVERSE_SORT;
+ break;
+ case 'f':
+ *lflag &= ~SORT_FLAGS;
+ break;
+ case 'a':
+ *lflag |= LS_SHOW_ALL;
break;
default:
error("Invalid flag -%c", *cp);
@@ -369,7 +424,7 @@ get_pathname(const char **cpp, char **path)
i++;
if (cp[i] != '\'' && cp[i] != '\"' &&
cp[i] != '\\') {
- error("Bad escaped character '\%c'",
+ error("Bad escaped character '\\%c'",
cp[i]);
goto fail;
}
@@ -465,7 +520,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
goto out;
}
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (infer_path(g.gl_pathv[i], &tmp)) {
err = -1;
goto out;
@@ -534,7 +589,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
goto out;
}
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (!is_reg(g.gl_pathv[i])) {
error("skipping non-regular file %s",
g.gl_pathv[i]);
@@ -582,8 +637,17 @@ sdirent_comp(const void *aa, const void *bb)
{
SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
+ int rmul = sort_flag & LS_REVERSE_SORT ? -1 : 1;
+
+#define NCMP(a,b) (a == b ? 0 : (a < b ? 1 : -1))
+ if (sort_flag & LS_NAME_SORT)
+ return (rmul * strcmp(a->filename, b->filename));
+ else if (sort_flag & LS_TIME_SORT)
+ return (rmul * NCMP(a->a.mtime, b->a.mtime));
+ else if (sort_flag & LS_SIZE_SORT)
+ return (rmul * NCMP(a->a.size, b->a.size));
- return (strcmp(a->filename, b->filename));
+ fatal("Unknown ls sort type");
}
/* sftp ls.1 replacement for directories */
@@ -596,14 +660,16 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
if ((n = do_readdir(conn, path, &d)) != 0)
return (n);
- if (!(lflag & SHORT_VIEW)) {
+ if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
struct winsize ws;
char *tmp;
/* Count entries for sort and find longest filename */
- for (n = 0; d[n] != NULL; n++)
- m = MAX(m, strlen(d[n]->filename));
+ for (n = 0; d[n] != NULL; n++) {
+ if (d[n]->filename[0] != '.' || (lflag & LS_SHOW_ALL))
+ m = MAX(m, strlen(d[n]->filename));
+ }
/* Add any subpath that also needs to be counted */
tmp = path_strip(path, strip_path);
@@ -619,24 +685,33 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
colspace = MIN(colspace, width);
}
- qsort(d, n, sizeof(*d), sdirent_comp);
+ if (lflag & SORT_FLAGS) {
+ sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT);
+ qsort(d, n, sizeof(*d), sdirent_comp);
+ }
- for (n = 0; d[n] != NULL; n++) {
+ for (n = 0; d[n] != NULL && !interrupted; n++) {
char *tmp, *fname;
+ if (d[n]->filename[0] == '.' && !(lflag & LS_SHOW_ALL))
+ continue;
+
tmp = path_append(path, d[n]->filename);
fname = path_strip(tmp, strip_path);
xfree(tmp);
- if (lflag & LONG_VIEW) {
- char *lname;
- struct stat sb;
+ if (lflag & LS_LONG_VIEW) {
+ if (lflag & LS_NUMERIC_VIEW) {
+ char *lname;
+ struct stat sb;
- memset(&sb, 0, sizeof(sb));
- attrib_to_stat(&d[n]->a, &sb);
- lname = ls_file(fname, &sb, 1);
- printf("%s\n", lname);
- xfree(lname);
+ memset(&sb, 0, sizeof(sb));
+ attrib_to_stat(&d[n]->a, &sb);
+ lname = ls_file(fname, &sb, 1);
+ printf("%s\n", lname);
+ xfree(lname);
+ } else
+ printf("%s\n", d[n]->longname);
} else {
printf("%-*s", colspace, fname);
if (c >= columns) {
@@ -649,7 +724,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
xfree(fname);
}
- if (!(lflag & LONG_VIEW) && (c != 1))
+ if (!(lflag & LS_LONG_VIEW) && (c != 1))
printf("\n");
free_sftp_dirents(d);
@@ -673,6 +748,9 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
return (-1);
}
+ if (interrupted)
+ goto out;
+
/*
* If the glob returns a single match, which is the same as the
* input glob, and it is a directory, then just list its contents
@@ -690,7 +768,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
}
}
- if (!(lflag & SHORT_VIEW)) {
+ if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
struct winsize ws;
@@ -706,12 +784,12 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
colspace = width / columns;
}
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
char *fname;
fname = path_strip(g.gl_pathv[i], strip_path);
- if (lflag & LONG_VIEW) {
+ if (lflag & LS_LONG_VIEW) {
char *lname;
struct stat sb;
@@ -740,9 +818,10 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
xfree(fname);
}
- if (!(lflag & LONG_VIEW) && (c != 1))
+ if (!(lflag & LS_LONG_VIEW) && (c != 1))
printf("\n");
+ out:
if (g.gl_pathc)
globfree(&g);
@@ -952,7 +1031,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
case I_RM:
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Removing %s\n", g.gl_pathv[i]);
err = do_rm(conn, g.gl_pathv[i]);
if (err != 0 && err_abort)
@@ -1041,7 +1120,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
a.perm = n_arg;
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Changing mode on %s\n", g.gl_pathv[i]);
err = do_setstat(conn, g.gl_pathv[i], &a);
if (err != 0 && err_abort)
@@ -1052,7 +1131,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
case I_CHGRP:
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
- for (i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
if (err != 0 && err_abort)
break;
@@ -1180,6 +1259,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
for (;;) {
char *cp;
+ signal(SIGINT, SIG_IGN);
+
printf("sftp> ");
/* XXX: use libedit */
@@ -1195,6 +1276,10 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
if (cp)
*cp = '\0';
+ /* Handle user interrupts gracefully during commands */
+ interrupted = 0;
+ signal(SIGINT, cmd_interrupt);
+
err = parse_dispatch_command(conn, cmd, &pwd, batchmode);
if (err != 0)
break;
@@ -1206,15 +1291,6 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
}
static void
-killchild(int signo)
-{
- if (sshpid > 1)
- kill(sshpid, signo);
-
- _exit(1);
-}
-
-static void
connect_to_server(char *path, char **args, int *in, int *out)
{
int c_in, c_out;
@@ -1243,15 +1319,23 @@ connect_to_server(char *path, char **args, int *in, int *out)
if ((dup2(c_in, STDIN_FILENO) == -1) ||
(dup2(c_out, STDOUT_FILENO) == -1)) {
fprintf(stderr, "dup2: %s\n", strerror(errno));
- exit(1);
+ _exit(1);
}
close(*in);
close(*out);
close(c_in);
close(c_out);
- execv(path, args);
+
+ /*
+ * The underlying ssh is in the same process group, so we must
+ * ignore SIGINT if we want to gracefully abort commands,
+ * otherwise the signal will make it to the ssh process and
+ * kill it too
+ */
+ signal(SIGINT, SIG_IGN);
+ execvp(path, args);
fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
- exit(1);
+ _exit(1);
}
signal(SIGTERM, killchild);
@@ -1280,7 +1364,7 @@ int
main(int argc, char **argv)
{
int in, out, ch, err;
- char *host, *userhost, *cp, *file2;
+ char *host, *userhost, *cp, *file2 = NULL;
int debug_level = 0, sshver = 2;
char *file1 = NULL, *sftp_server = NULL;
char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL;
@@ -1331,7 +1415,7 @@ main(int argc, char **argv)
fatal("Batch file already specified.");
/* Allow "-" as stdin */
- if (strcmp(optarg, "-") != 0 &&
+ if (strcmp(optarg, "-") != 0 &&
(infile = fopen(optarg, "r")) == NULL)
fatal("%s (%s).", strerror(errno), optarg);
showprogress = 0;
diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1
index aab15cc..226804e 100644
--- a/crypto/openssh/ssh-agent.1
+++ b/crypto/openssh/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.39 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -134,13 +134,25 @@ remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent set up:
-Either the agent starts a new subcommand into which some environment
-variables are exported, or the agent prints the needed shell commands
-(either
+The first is that the agent starts a new subcommand into which some environment
+variables are exported, eg
+.Cm ssh-agent xterm & .
+The second is that the agent prints the needed shell commands (either
.Xr sh 1
or
.Xr csh 1
-syntax can be generated) which can be evalled in the calling shell.
+syntax can be generated) which can be evalled in the calling shell, eg
+.Cm eval `ssh-agent -s`
+for Bourne-type shells such as
+.Xr sh 1
+or
+.Xr ksh 1
+and
+.Cm eval `ssh-agent -c`
+for
+.Xr csh 1
+and derivatives.
+.Pp
Later
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
diff --git a/crypto/openssh/ssh-gss.h b/crypto/openssh/ssh-gss.h
index 4f032aa..52fb49a 100644
--- a/crypto/openssh/ssh-gss.h
+++ b/crypto/openssh/ssh-gss.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-gss.h,v 1.4 2003/11/17 11:06:07 markus Exp $ */
+/* $OpenBSD: ssh-gss.h,v 1.5 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
@@ -100,31 +100,31 @@ typedef struct {
extern ssh_gssapi_mech *supported_mechs[];
-int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len);
-void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
-void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
-void ssh_gssapi_supported_oids(gss_OID_set *oidset);
-ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *ctxt);
-
-OM_uint32 ssh_gssapi_import_name(Gssctxt *ctx, const char *host);
-OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *ctx);
-OM_uint32 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds,
- gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
-OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,
- gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
-OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *);
-void ssh_gssapi_error(Gssctxt *ctx);
-char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
-void ssh_gssapi_build_ctx(Gssctxt **ctx);
-void ssh_gssapi_delete_ctx(Gssctxt **ctx);
+int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
+void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
+void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
+void ssh_gssapi_supported_oids(gss_OID_set *);
+ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
+
+OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
+OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *);
+OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
+ gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
+OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
+ gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
+OM_uint32 ssh_gssapi_getclient(Gssctxt *, ssh_gssapi_client *);
+void ssh_gssapi_error(Gssctxt *);
+char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
+void ssh_gssapi_build_ctx(Gssctxt **);
+void ssh_gssapi_delete_ctx(Gssctxt **);
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
-OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid);
+OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
/* In the server */
int ssh_gssapi_userok(char *name);
OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
-void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
+void ssh_gssapi_do_child(char ***, u_int *);
void ssh_gssapi_cleanup_creds(void);
void ssh_gssapi_storecreds(void);
diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1
index 6dd6154..c0f24dc 100644
--- a/crypto/openssh/ssh-keygen.1
+++ b/crypto/openssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -192,7 +192,9 @@ to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
.It Fl g
-Use generic DNS resource record format.
+Use generic DNS format when printing fingerprint resource records using the
+.Fl r
+command.
.It Fl f Ar filename
Specifies the filename of the key file.
.It Fl i
@@ -276,8 +278,9 @@ Multiple
options increase the verbosity.
The maximum is 3.
.It Fl r Ar hostname
-Print DNS resource record with the specified
-.Ar hostname .
+Print the SSHFP fingerprint resource record named
+.Ar hostname
+for the specified public key file.
.El
.Sh MODULI GENERATION
.Nm
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index 1156a01..d39e7d88 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -26,8 +26,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
#include "bufaux.h"
#include "pathnames.h"
#include "log.h"
-#include "readpass.h"
-#include "moduli.h"
+#include "misc.h"
#ifdef SMARTCARD
#include "scard.h"
@@ -77,14 +76,14 @@ int print_generic = 0;
char *key_type_name = NULL;
/* argv0 */
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
char hostname[MAXHOSTNAMELEN];
+/* moduli.c */
+int gen_candidates(FILE *, int, int, BIGNUM *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
+
static void
ask_filename(struct passwd *pw, const char *prompt)
{
@@ -189,8 +188,8 @@ do_convert_to_ssh2(struct passwd *pw)
static void
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
{
- u_int bits = buffer_get_int(b);
- u_int bytes = (bits + 7) / 8;
+ u_int bignum_bits = buffer_get_int(b);
+ u_int bytes = (bignum_bits + 7) / 8;
if (buffer_len(b) < bytes)
fatal("buffer_get_bignum_bits: input buffer too small: "
@@ -627,7 +626,7 @@ do_change_passphrase(struct passwd *pw)
* Print the SSHFP RR.
*/
static void
-do_print_resource_record(struct passwd *pw, char *hostname)
+do_print_resource_record(struct passwd *pw, char *hname)
{
Key *public;
char *comment = NULL;
@@ -641,7 +640,7 @@ do_print_resource_record(struct passwd *pw, char *hostname)
}
public = key_load_public(identity_file, &comment);
if (public != NULL) {
- export_dns_rr(hostname, public, stdout, print_generic);
+ export_dns_rr(hname, public, stdout, print_generic);
key_free(public);
xfree(comment);
exit(0);
@@ -896,7 +895,7 @@ main(int ac, char **av)
if (log_level == SYSLOG_LEVEL_INFO)
log_level = SYSLOG_LEVEL_DEBUG1;
else {
- if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
+ if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
log_level < SYSLOG_LEVEL_DEBUG3)
log_level++;
}
@@ -911,18 +910,9 @@ main(int ac, char **av)
break;
case 'a':
trials = atoi(optarg);
- if (trials < TRIAL_MINIMUM) {
- fatal("Minimum primality trials is %d",
- TRIAL_MINIMUM);
- }
break;
case 'M':
memory = atoi(optarg);
- if (memory != 0 &&
- (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
- fatal("Invalid memory amount (min %ld, max %ld)",
- LARGE_MINIMUM, LARGE_MAXIMUM);
- }
break;
case 'G':
do_gen_candidates = 1;
diff --git a/crypto/openssh/ssh-keyscan.1 b/crypto/openssh/ssh-keyscan.1
index 572751f..9efcf52 100644
--- a/crypto/openssh/ssh-keyscan.1
+++ b/crypto/openssh/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@@ -97,7 +97,7 @@ to use IPv6 addresses only.
If a ssh_known_hosts file is constructed using
.Nm
without verifying the keys, users will be vulnerable to
-.I man in the middle
+.Em man in the middle
attacks.
On the other hand, if the security model allows such a risk,
.Nm
diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c
index 9e9ebe2..5176557 100644
--- a/crypto/openssh/ssh-keysign.c
+++ b/crypto/openssh/ssh-keysign.c
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
@@ -41,15 +41,12 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
#include "canohost.h"
#include "pathnames.h"
#include "readconf.h"
+#include "uidswap.h"
/* XXX readconf.c needs these */
uid_t original_real_uid;
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
static int
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
@@ -154,8 +151,11 @@ main(int argc, char **argv)
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- seteuid(getuid());
- setuid(getuid());
+ if ((pw = getpwuid(getuid())) == NULL)
+ fatal("getpwuid failed");
+ pw = pwcopy(pw);
+
+ permanently_set_uid(pw);
init_rng();
seed_rng();
@@ -168,7 +168,7 @@ main(int argc, char **argv)
/* verify that ssh-keysign is enabled by the admin */
original_real_uid = getuid(); /* XXX readconf.c needs this */
initialize_options(&options);
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
fill_default_options(&options);
if (options.enable_ssh_keysign != 1)
fatal("ssh-keysign not enabled in %s",
@@ -177,10 +177,6 @@ main(int argc, char **argv)
if (key_fd[0] == -1 && key_fd[1] == -1)
fatal("could not open any host key");
- if ((pw = getpwuid(getuid())) == NULL)
- fatal("getpwuid failed");
- pw = pwcopy(pw);
-
SSLeay_add_all_algorithms();
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
diff --git a/crypto/openssh/ssh-rand-helper.c b/crypto/openssh/ssh-rand-helper.c
index 8a320a7..86af389 100644
--- a/crypto/openssh/ssh-rand-helper.c
+++ b/crypto/openssh/ssh-rand-helper.c
@@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
-RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@@ -63,15 +63,7 @@ RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $");
# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
#endif
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else
-char *__progname;
-#endif
-
-#ifndef offsetof
-# define offsetof(type, member) ((size_t) &((type *)0)->member)
-#endif
#define WHITESPACE " \t\n"
diff --git a/crypto/openssh/ssh1.h b/crypto/openssh/ssh1.h
index 98d1dc9..cc7fbc8 100644
--- a/crypto/openssh/ssh1.h
+++ b/crypto/openssh/ssh1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh1.h,v 1.3 2001/05/30 12:55:13 markus Exp $ */
+/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -29,8 +29,8 @@
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
-#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
-#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
+#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
+#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
#define SSH_CMSG_EXEC_SHELL 12 /* */
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
#define SSH_SMSG_SUCCESS 14 /* */
@@ -45,7 +45,7 @@
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
-/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
+/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
diff --git a/crypto/openssh/sshpty.h b/crypto/openssh/sshpty.h
index df65e28..c0678de 100644
--- a/crypto/openssh/sshpty.h
+++ b/crypto/openssh/sshpty.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.h,v 1.4 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: sshpty.h,v 1.5 2004/05/08 00:01:37 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -17,6 +17,10 @@
#ifndef SSHPTY_H
#define SSHPTY_H
+struct termios get_saved_tio(void);
+void leave_raw_mode(void);
+void enter_raw_mode(void);
+
int pty_allocate(int *, int *, char *, int);
void pty_release(const char *);
void pty_make_controlling_tty(int *, const char *);
diff --git a/crypto/openssh/sshtty.c b/crypto/openssh/sshtty.c
index 4fb2d3d..0b17c3e 100644
--- a/crypto/openssh/sshtty.c
+++ b/crypto/openssh/sshtty.c
@@ -35,9 +35,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp $");
+RCSID("$OpenBSD: sshtty.c,v 1.6 2004/05/08 00:01:37 deraadt Exp $");
-#include "sshtty.h"
+#include "sshpty.h"
#include "log.h"
static struct termios _saved_tio;
diff --git a/crypto/openssh/tildexpand.c b/crypto/openssh/tildexpand.c
index cbe9811..cedb653 100644
--- a/crypto/openssh/tildexpand.c
+++ b/crypto/openssh/tildexpand.c
@@ -11,11 +11,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $");
#include "xmalloc.h"
#include "log.h"
-#include "tildexpand.h"
+#include "misc.h"
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
diff --git a/crypto/openssh/ttymodes.h b/crypto/openssh/ttymodes.h
index 7de4b83..481282c 100644
--- a/crypto/openssh/ttymodes.h
+++ b/crypto/openssh/ttymodes.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ttymodes.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -113,17 +113,17 @@ TTYCHAR(VDISCARD, 18)
/* name, field, op */
TTYMODE(IGNPAR, c_iflag, 30)
TTYMODE(PARMRK, c_iflag, 31)
-TTYMODE(INPCK, c_iflag, 32)
+TTYMODE(INPCK, c_iflag, 32)
TTYMODE(ISTRIP, c_iflag, 33)
-TTYMODE(INLCR, c_iflag, 34)
-TTYMODE(IGNCR, c_iflag, 35)
-TTYMODE(ICRNL, c_iflag, 36)
+TTYMODE(INLCR, c_iflag, 34)
+TTYMODE(IGNCR, c_iflag, 35)
+TTYMODE(ICRNL, c_iflag, 36)
#if defined(IUCLC)
-TTYMODE(IUCLC, c_iflag, 37)
+TTYMODE(IUCLC, c_iflag, 37)
#endif
-TTYMODE(IXON, c_iflag, 38)
-TTYMODE(IXANY, c_iflag, 39)
-TTYMODE(IXOFF, c_iflag, 40)
+TTYMODE(IXON, c_iflag, 38)
+TTYMODE(IXANY, c_iflag, 39)
+TTYMODE(IXOFF, c_iflag, 40)
#ifdef IMAXBEL
TTYMODE(IMAXBEL,c_iflag, 41)
#endif /* IMAXBEL */
OpenPOWER on IntegriCloud