summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-06-03 07:31:44 +0000
committerkris <kris@FreeBSD.org>2000-06-03 07:31:44 +0000
commit66c0eb5d8c98eb6176669c57e89a3c3f604a6009 (patch)
treec37ff30e27d86e62bb0f2d8105e68d4cbc532264 /crypto
parent88a84bd92e99b88721d69ddd8e17c6a1f3f78fbf (diff)
downloadFreeBSD-src-66c0eb5d8c98eb6176669c57e89a3c3f604a6009.zip
FreeBSD-src-66c0eb5d8c98eb6176669c57e89a3c3f604a6009.tar.gz
Bring vendor patches onto the main branch, and resolve conflicts.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/key.c18
-rw-r--r--crypto/openssh/readconf.c10
-rw-r--r--crypto/openssh/session.c44
-rw-r--r--crypto/openssh/ssh.121
-rw-r--r--crypto/openssh/ssh.c9
5 files changed, 72 insertions, 30 deletions
diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c
index 47720b2..b91bd21 100644
--- a/crypto/openssh/key.c
+++ b/crypto/openssh/key.c
@@ -258,12 +258,14 @@ key_read(Key *ret, char **cpp)
blob = xmalloc(len);
n = uudecode(cp, blob, len);
if (n < 0) {
- error("uudecode %s failed", cp);
+ error("key_read: uudecode %s failed", cp);
return 0;
}
k = dsa_key_from_blob(blob, n);
- if (k == NULL)
- return 0;
+ if (k == NULL) {
+ error("key_read: dsa_key_from_blob %s failed", cp);
+ return 0;
+ }
xfree(blob);
if (ret->dsa != NULL)
DSA_free(ret->dsa);
@@ -271,10 +273,12 @@ key_read(Key *ret, char **cpp)
k->dsa = NULL;
key_free(k);
bits = BN_num_bits(ret->dsa->p);
- cp = strchr(cp, '=');
- if (cp == NULL)
- return 0;
- *cpp = cp + 1;
+ /* advance cp: skip whitespace and data */
+ while (*cp == ' ' || *cp == '\t')
+ cp++;
+ while (*cp != '\0' && *cp != ' ' && *cp != '\t')
+ cp++;
+ *cpp = cp;
break;
default:
fatal("key_read: bad key type: %d", ret->type);
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index cf7cd14..bad4c15 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: readconf.c,v 1.33 2000/05/29 20:20:46 markus Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -482,6 +482,8 @@ parse_int:
case oCipher:
intptr = &options->cipher;
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
value = cipher_number(cp);
if (value == -1)
fatal("%.200s line %d: Bad cipher '%s'.",
@@ -492,6 +494,8 @@ parse_int:
case oCiphers:
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
if (!ciphers_valid(cp))
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, cp ? cp : "<NONE>");
@@ -502,6 +506,8 @@ parse_int:
case oProtocol:
intptr = &options->protocol;
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
value = proto_spec(cp);
if (value == SSH_PROTO_UNKNOWN)
fatal("%.200s line %d: Bad protocol spec '%s'.",
@@ -713,7 +719,7 @@ void
fill_default_options(Options * options)
{
if (options->forward_agent == -1)
- options->forward_agent = 1;
+ options->forward_agent = 0;
if (options->forward_x11 == -1)
options->forward_x11 = 0;
if (options->gateway_ports == -1)
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 94494d1..f4c615d 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -315,8 +315,7 @@ do_authenticated(struct passwd * pw)
break;
}
debug("Received authentication agent forwarding request.");
- auth_input_request_forwarding(pw);
- success = 1;
+ success = auth_input_request_forwarding(pw);
break;
case SSH_CMSG_PORT_FORWARD_REQUEST:
@@ -723,7 +722,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
#endif /* LOGIN_CAP */
/* Do common processing for the child, such as execing the command. */
- do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
+ do_child(command, pw, s->term, s->display, s->auth_proto,
+ s->auth_data, s->tty);
/* NOTREACHED */
}
if (pid < 0)
@@ -827,7 +827,10 @@ read_environment_file(char ***env, unsigned int *envsize,
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
continue;
}
- /* Replace the equals sign by nul, and advance value to the value string. */
+ /*
+ * Replace the equals sign by nul, and advance value to
+ * the value string.
+ */
*value = '\0';
value++;
child_set_env(env, envsize, cp, value);
@@ -1059,7 +1062,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
- snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
+ snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+ pw->pw_dir);
read_environment_file(&env, &envsize, buf);
}
if (debug_flag) {
@@ -1183,16 +1187,29 @@ do_child(const char *command, struct passwd * pw, const char *term,
else {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
- if (debug_flag)
- fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
- XAUTH_PATH, display, auth_proto, auth_data);
-
+ char *screen = strchr(display, ':');
+ if (debug_flag) {
+ fprintf(stderr,
+ "Running %.100s add %.100s %.100s %.100s\n",
+ XAUTH_PATH, display, auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(stderr,
+ "Adding %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
+ }
f = popen(XAUTH_PATH " -q -", "w");
if (f) {
- fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
+ fprintf(f, "add %s %s %s\n", display,
+ auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(f, "add %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
+ fprintf(stderr, "Could not run %s -q -\n",
+ XAUTH_PATH);
}
}
#endif /* XAUTH_PATH */
@@ -1222,7 +1239,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
struct stat mailstat;
mailbox = getenv("MAIL");
if (mailbox != NULL) {
- if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
+ if (stat(mailbox, &mailstat) != 0 ||
+ mailstat.st_size == 0)
#ifdef __FreeBSD__
;
#else /* !__FreeBSD__ */
diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1
index 22af8e1..c5e0aaf 100644
--- a/crypto/openssh/ssh.1
+++ b/crypto/openssh/ssh.1
@@ -9,9 +9,8 @@
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $
-.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $
-.\" $FreeBSD$
+.\" $Id: ssh.1,v 1.54 2000/05/29 20:20:46 markus Exp $
+/\" $FreeBSD$
.\"
.Dd September 25, 1999
.Dt SSH 1
@@ -26,7 +25,7 @@
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqtvxCPX246
+.Op Fl afgknqtvxACNPTX246
.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
@@ -335,7 +334,9 @@ host key is not known or has changed.
.Bl -tag -width Ds
.It Fl a
Disables forwarding of the authentication agent connection.
-This may also be specified on a per-host basis in the configuration file.
+.It Fl A
+Enables forwarding of the authentication agent connection.
+This can also be specified on a per-host basis in a configuration file.
.It Fl c Ar blowfish|3des
Selects the cipher to use for encrypting the session.
.Ar 3des
@@ -419,6 +420,10 @@ program will be put in the background.
needs to ask for a password or passphrase; see also the
.Fl f
option.)
+.It Fl N
+Do not execute a remote command.
+This is usefull if you just want to forward ports
+(protocol version 2 only).
.It Fl o Ar option
Can be used to give options in the format used in the config file.
This is useful for specifying options for which there is no separate
@@ -445,6 +450,8 @@ Force pseudo-tty allocation.
This can be used to execute arbitrary
screen-based programs on a remote machine, which can be very useful,
e.g., when implementing menu services.
+.It Fl T
+Disable pseudo-tty allocation (protocol version 2 only).
.It Fl v
Verbose mode.
Causes
@@ -457,9 +464,9 @@ The verbose mode is also used to display
challenges, if the user entered "s/key" as password.
.It Fl x
Disables X11 forwarding.
-This can also be specified on a per-host basis in a configuration file.
.It Fl X
Enables X11 forwarding.
+This can also be specified on a per-host basis in a configuration file.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP/IP connections).
@@ -668,6 +675,8 @@ The argument must be
.Dq yes
or
.Dq no .
+The default is
+.Dq no .
.It Cm ForwardX11
Specifies whether X11 connections will be automatically redirected
over the secure channel and
diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 39b551f..c1d0bbc 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -110,10 +110,12 @@ usage()
fprintf(stderr, "Options:\n");
fprintf(stderr, " -l user Log in using this user name.\n");
fprintf(stderr, " -n Redirect input from /dev/null.\n");
+ fprintf(stderr, " -A Enable authentication agent forwarding.\n");
fprintf(stderr, " -a Disable authentication agent forwarding.\n");
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
+ fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
@@ -312,6 +314,9 @@ main(int ac, char **av)
case 'a':
options.forward_agent = 0;
break;
+ case 'A':
+ options.forward_agent = 1;
+ break;
#ifdef AFS
case 'k':
options.krb4_tgt_passing = 0;
@@ -429,7 +434,7 @@ main(int ac, char **av)
if (!host)
usage();
- OpenSSL_add_all_algorithms();
+ SSLeay_add_all_algorithms();
/* Initialize the command to execute on remote host. */
buffer_init(&command);
OpenPOWER on IntegriCloud