diff options
-rw-r--r-- | crypto/openssh/auth2.c | 38 | ||||
-rw-r--r-- | crypto/openssh/channels.c | 16 | ||||
-rw-r--r-- | crypto/openssh/channels.h | 8 | ||||
-rw-r--r-- | crypto/openssh/kex.c | 4 | ||||
-rw-r--r-- | crypto/openssh/loginrec.c | 5 | ||||
-rw-r--r-- | crypto/openssh/readconf.c | 11 | ||||
-rw-r--r-- | crypto/openssh/readconf.h | 1 | ||||
-rw-r--r-- | crypto/openssh/servconf.c | 4 | ||||
-rw-r--r-- | crypto/openssh/sftp.1 | 2 | ||||
-rw-r--r-- | crypto/openssh/ssh.c | 1 | ||||
-rw-r--r-- | crypto/openssh/sshd.c | 6 | ||||
-rw-r--r-- | crypto/openssh/sshd_config.5 | 2 | ||||
-rw-r--r-- | crypto/openssh/version.h | 6 |
13 files changed, 50 insertions, 54 deletions
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 2dc9122..55238cd 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -223,8 +223,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) login_cap_t *lc; const char *from_host, *from_ip; - from_host = get_canonical_hostname(options.use_dns); - from_ip = get_remote_ipaddr(); + from_host = get_canonical_hostname(options.use_dns); + from_ip = get_remote_ipaddr(); #endif if (authctxt == NULL) @@ -272,23 +272,23 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } #ifdef HAVE_LOGIN_CAP - if (authctxt->pw != NULL) { - lc = login_getpwclass(authctxt->pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, authctxt->pw); - if (!auth_hostok(lc, from_host, from_ip)) { - logit("Denied connection for %.200s from %.200s [%.200s].", - authctxt->pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } - if (!auth_timeok(lc, time(NULL))) { - logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", - authctxt->pw->pw_name, from_host); - packet_disconnect("Logins not available right now."); - } - login_close(lc); - lc = NULL; - } + if (authctxt->pw != NULL) { + lc = login_getpwclass(authctxt->pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, authctxt->pw); + if (!auth_hostok(lc, from_host, from_ip)) { + logit("Denied connection for %.200s from %.200s [%.200s].", + authctxt->pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } + if (!auth_timeok(lc, time(NULL))) { + logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", + authctxt->pw->pw_name, from_host); + packet_disconnect("Logins not available right now."); + } + login_close(lc); + lc = NULL; + } #endif /* HAVE_LOGIN_CAP */ /* reset state */ diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 4cff8f2..2242579 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -824,7 +824,7 @@ channel_tcpwinsz(void) u_int maxlen; /* If we are not on a socket return 128KB. */ - if (!packet_connection_is_on_socket()) + if (!packet_connection_is_on_socket()) return (128 * 1024); tcpwinsz = 0; @@ -854,7 +854,7 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(), 2 * c->tcpwinsz); - + if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit && @@ -2687,10 +2687,10 @@ channel_set_af(int af) IPv4or6 = af; } -void +void channel_set_hpn(int disabled, u_int buf_size) { - hpn_disabled = disabled; + hpn_disabled = disabled; buffer_size = buf_size; debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, buffer_size); @@ -2856,10 +2856,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr, c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); - else - c = channel_new("port listener", type, sock, sock, -1, - buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + else + c = channel_new("port listener", type, sock, sock, -1, + buffer_size, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_port = listen_port; diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 6ee993a..c469720 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -126,7 +126,7 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; - u_int tcpwinsz; + u_int tcpwinsz; int dynamic_window; int extended_usage; int single_connection; @@ -165,13 +165,10 @@ struct Channel { /* default window/packet sizes for tcp/x11-fwd-channel */ #define CHAN_SES_PACKET_DEFAULT (32*1024) #define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) - #define CHAN_TCP_PACKET_DEFAULT (32*1024) #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) - #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) - #define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024) /* possible input states */ @@ -302,6 +299,7 @@ void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); /* hpn handler */ -void channel_set_hpn(int, u_int); + +void channel_set_hpn(int, u_int); #endif diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index ca3c420..0e8d5c7 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -457,13 +457,13 @@ kex_choose_conf(Kex *kex) #ifdef NONE_CIPHER_ENABLED debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); if (strcmp(newkeys->enc.name, "none") == 0) { - debug("Requesting NONE. Authflag is %d", auth_flag); + debug("Requesting NONE. Authflag is %d", auth_flag); if (auth_flag == 1) debug("None requested post authentication."); else fatal("Pre-authentication none cipher requests " "are not allowed."); - } + } #endif debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index 0d0e807..32941c9 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -146,7 +146,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/stat.h> @@ -516,10 +515,6 @@ getlast_entry(struct logininfo *li) return (utmpx_get_entry(li)); #endif -#if 1 - return (utmpx_get_entry(li)); -#endif - #if defined(DISABLE_LASTLOG) /* On some systems we shouldn't even try to obtain last login * time, e.g. AIX */ diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index c6c3354..35fa2d4 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -264,6 +264,7 @@ static struct { { "noneswitch", oNoneSwitch }, #endif { "versionaddendum", oVersionAddendum }, + { NULL, oBadOption } }; @@ -1092,9 +1093,9 @@ parse_int: case oNoneEnabled: intptr = &options->none_enabled; goto parse_flag; - + /* - * We check to see if the command comes from the command line or not. + * We check to see if the command comes from the command line or not. * If it does then enable it otherwise fail. NONE must never be a * default configuration. */ @@ -1110,7 +1111,7 @@ parse_int: "from the command line", filename); error("Continuing..."); return 0; - } + } #endif case oVersionAddendum: @@ -1458,7 +1459,7 @@ fill_default_options(Options * options) /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ if (options->hpn_disabled == -1) - options->hpn_disabled = 0; + options->hpn_disabled = 0; if (options->hpn_buffer_size > -1) { u_int maxlen; @@ -1478,7 +1479,7 @@ fill_default_options(Options * options) } if (options->tcp_rcv_buf == 0) options->tcp_rcv_buf = 1; - if (options->tcp_rcv_buf > -1) + if (options->tcp_rcv_buf > -1) options->tcp_rcv_buf *= 1024; if (options->tcp_rcv_buf_poll == -1) options->tcp_rcv_buf_poll = 1; diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index af89bb4..afa5beb 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -133,6 +133,7 @@ typedef struct { int visual_host_key; int use_roaming; + int request_tty; int hpn_disabled; /* Switch to disable HPN buffer management. */ diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 1d88bbf..0b7395b 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -166,7 +166,7 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_RSA_KEY_FILE; + _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; #ifdef OPENSSL_HAS_ECC @@ -286,7 +286,7 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; - if (options->hpn_disabled == -1) + if (options->hpn_disabled == -1) options->hpn_disabled = 0; if (options->hpn_buffer_size == -1) { /* diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index 389c8e8..e703bbf 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -246,7 +246,7 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed but will increase memory usage. -The default is 256 outstanding requests providing for 8MB +The default is 256 outstanding requests providing for 8MB of outstanding data with a 32KB buffer. .It Fl r Recursively copy entire directories when uploading and downloading. diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 7fdae3a..21fe19b 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1461,6 +1461,7 @@ ssh_session2_open(void) c->dynamic_window = 1; debug("Enabled Dynamic Window Scaling\n"); } + debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 070ef0c..7851a6c 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1916,11 +1916,11 @@ main(int ac, char **av) #ifdef __FreeBSD__ /* * Initialize the resolver. This may not happen automatically - * before privsep chroot(). + * before privsep chroot(). */ if ((_res.options & RES_INIT) == 0) { - debug("res_init()"); - res_init(); + debug("res_init()"); + res_init(); } #ifdef GSSAPI /* diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 894ad3a..19c615e 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -499,7 +499,7 @@ or .Pp .Pa /etc/hosts.equiv and -.Pa /etc/ssh/shosts.equiv +.Pa /etc/ssh/shosts.equiv are still used. The default is .Dq yes . diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 3afcb71..3eb10fc 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -2,11 +2,11 @@ /* $FreeBSD$ */ #ifndef SSH_VERSION -#define SSH_VERSION_BASE "OpenSSH_5.9p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20111001" +#define SSH_VERSION_BASE "OpenSSH_5.9p1" +#define SSH_VERSION_ADDENDUM "FreeBSD-20111001" #define SSH_VERSION_HPN "_hpn13v11" #define SSH_VERSION SSH_VERSION_BASE SSH_VERSION_HPN " " SSH_VERSION_ADDENDUM -#define SSH_RELEASE (ssh_version_get()) +#define SSH_RELEASE (ssh_version_get()) const char *ssh_version_get(void); void ssh_version_set_addendum(const char *); |