From 1ba793a7c09e24d920de3983a3223770cb37ebff Mon Sep 17 00:00:00 2001 From: des Date: Sat, 29 Jun 2002 11:34:13 +0000 Subject: Vendor import of OpenSSH 3.4p1. --- crypto/openssh/ChangeLog | 165 ++++++++++++++++++++++++++++++++- crypto/openssh/INSTALL | 7 +- crypto/openssh/Makefile.in | 13 ++- crypto/openssh/README.privsep | 21 +++-- crypto/openssh/TODO | 18 +++- crypto/openssh/acconfig.h | 11 ++- crypto/openssh/auth2-chall.c | 18 ++-- crypto/openssh/auth2-pam.c | 11 ++- crypto/openssh/authfd.c | 4 +- crypto/openssh/authfile.c | 6 +- crypto/openssh/bufaux.c | 25 ++++- crypto/openssh/buffer.c | 8 +- crypto/openssh/channels.c | 31 ++++--- crypto/openssh/channels.h | 18 ++-- crypto/openssh/cipher.c | 14 ++- crypto/openssh/clientloop.c | 6 +- crypto/openssh/configure.ac | 53 +++++++---- crypto/openssh/defines.h | 23 +++-- crypto/openssh/kex.c | 6 +- crypto/openssh/key.c | 10 +- crypto/openssh/monitor.c | 15 +-- crypto/openssh/monitor_fdpass.h | 2 +- crypto/openssh/monitor_mm.c | 8 +- crypto/openssh/monitor_mm.h | 2 +- crypto/openssh/msg.c | 6 +- crypto/openssh/openbsd-compat/getopt.c | 48 +++++----- crypto/openssh/packet.c | 15 +-- crypto/openssh/scard.c | 4 +- crypto/openssh/scp.1 | 4 +- crypto/openssh/servconf.c | 23 ++--- crypto/openssh/serverloop.c | 6 +- crypto/openssh/session.c | 41 +++++--- crypto/openssh/session.h | 8 +- crypto/openssh/sftp-client.c | 65 ++++++------- crypto/openssh/sftp-client.h | 8 +- crypto/openssh/sftp-common.c | 4 +- crypto/openssh/sftp-int.c | 4 +- crypto/openssh/sftp-server.c | 54 +++++------ crypto/openssh/sftp.c | 5 +- crypto/openssh/ssh-agent.1 | 8 +- crypto/openssh/ssh-agent.c | 82 ++++++++-------- crypto/openssh/ssh-dss.c | 14 +-- crypto/openssh/ssh-keygen.c | 11 ++- crypto/openssh/ssh-rsa.c | 24 +++-- crypto/openssh/ssh.1 | 6 +- crypto/openssh/ssh.h | 6 +- crypto/openssh/sshconnect.c | 5 +- crypto/openssh/sshconnect2.c | 13 ++- crypto/openssh/sshd.8 | 11 ++- crypto/openssh/sshd.c | 48 +++++++--- crypto/openssh/sshd_config.5 | 14 +-- crypto/openssh/sshlogin.c | 9 +- crypto/openssh/sshpty.c | 16 ++-- crypto/openssh/tildexpand.c | 5 +- crypto/openssh/version.h | 4 +- 55 files changed, 685 insertions(+), 381 deletions(-) (limited to 'crypto/openssh') diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 30b8ef2..67cd6ca 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,6 +1,169 @@ +20020626 + - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM + - (bal) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/06/23 21:34:07 + [channels.c] + tcode is u_int + - markus@cvs.openbsd.org 2002/06/24 13:12:23 + [ssh-agent.1] + the socket name contains ssh-agent's ppid; via mpech@ from form@ + - markus@cvs.openbsd.org 2002/06/24 14:33:27 + [channels.c channels.h clientloop.c serverloop.c] + move channel counter to u_int + - markus@cvs.openbsd.org 2002/06/24 14:55:38 + [authfile.c kex.c ssh-agent.c] + cat to (void) when output from buffer_get_X is ignored + - itojun@cvs.openbsd.org 2002/06/24 15:49:22 + [msg.c] + printf type pedant + - deraadt@cvs.openbsd.org 2002/06/24 17:57:20 + [sftp-server.c sshpty.c] + explicit (u_int) for uid and gid + - markus@cvs.openbsd.org 2002/06/25 16:22:42 + [authfd.c] + unnecessary cast + - markus@cvs.openbsd.org 2002/06/25 18:51:04 + [sshd.c] + lightweight do_setusercontext after chroot() + - (bal) Updated AIX package build. Patch by dtucker@zip.com.au + - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8 + - (bal) added back in error check for mmap(). I screwed up, Pointed + out by stevesk@ + - (tim) [README.privsep] UnixWare tip no longer needed. + - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP, + but it all damned lies. + - (stevesk) [README.privsep] more for sshd pseudo-account. + - (tim) [contrib/caldera/openssh.spec] add support for privsep + - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/06/26 08:53:12 + [bufaux.c] + limit size of BNs to 8KB; ok provos/deraadt + - markus@cvs.openbsd.org 2002/06/26 08:54:18 + [buffer.c] + limit append to 1MB and buffers to 10MB + - markus@cvs.openbsd.org 2002/06/26 08:55:02 + [channels.c] + limit # of channels to 10000 + - markus@cvs.openbsd.org 2002/06/26 08:58:26 + [session.c] + limit # of env vars to 1000; ok deraadt/djm + - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 + [monitor.c] + be careful in mm_zalloc + - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 + [session.c] + disclose less information from environment files; based on input + from djm, and dschultz@uclink.Berkeley.EDU + - markus@cvs.openbsd.org 2002/06/26 13:55:37 + [auth2-chall.c] + make sure # of response matches # of queries, fixes int overflow; + from ISS + - markus@cvs.openbsd.org 2002/06/26 13:56:27 + [version.h] + 3.4 + - (djm) Require krb5 devel for RPM build w/ KrbV + - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai + + - (djm) Update spec files for release + - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS + - (djm) Release 3.4p1 + +20020625 + - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh + - (stevesk) [README.privsep] minor updates + - (djm) Create privsep directory and warn if privsep user is missing + during make install + - (bal) Started list of PrivSep issues in TODO + - (bal) if mmap() is substandard, don't allow compression on server side. + Post 'event' we will add more options. + - (tim) [contrib/caldera/openssh.spec] Sync with Caldera + - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by + dtucker@zip.com.au + - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus + for Cygwin, Cray, & SCO + +20020624 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2002/06/23 03:25:50 + [tildexpand.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 03:26:19 + [cipher.c key.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 + [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c + sshpty.c] + various KNF and %d for unsigned + - deraadt@cvs.openbsd.org 2002/06/23 09:30:14 + [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c + sftp.c] + bunch of u_int vs int stuff + - deraadt@cvs.openbsd.org 2002/06/23 09:39:55 + [ssh-keygen.c] + u_int stuff + - deraadt@cvs.openbsd.org 2002/06/23 09:46:51 + [bufaux.c servconf.c] + minor KNF. things the fingers do while you read + - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 + [ssh-agent.c sshd.c] + some minor KNF and %u + - deraadt@cvs.openbsd.org 2002/06/23 20:39:45 + [session.c] + compression_level is u_int + - deraadt@cvs.openbsd.org 2002/06/23 21:06:13 + [sshpty.c] + KNF + - deraadt@cvs.openbsd.org 2002/06/23 21:06:41 + [channels.c channels.h session.c session.h] + display, screen, row, col, xpixel, ypixel are u_int; markus ok + - deraadt@cvs.openbsd.org 2002/06/23 21:10:02 + [packet.c] + packet_get_int() returns unsigned for reason & seqnr + - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col, + xpixel are u_int. + + +20020623 + - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX. + - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset. + - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au + - OpenBSD CVS Sync + - stevesk@cvs.openbsd.org 2002/06/22 02:00:29 + [ssh.h] + correct comment + - stevesk@cvs.openbsd.org 2002/06/22 02:40:23 + [ssh.1] + section 5 not 4 for ssh_config + - naddy@cvs.openbsd.org 2002/06/22 11:51:39 + [ssh.1] + typo + - stevesk@cvs.openbsd.org 2002/06/22 16:32:54 + [sshd.8] + add /var/empty in FILES section + - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 + [sshd.c] + check /var/empty owner mode; ok provos@ + - stevesk@cvs.openbsd.org 2002/06/22 16:41:57 + [scp.1] + typo + - stevesk@cvs.openbsd.org 2002/06/22 16:45:29 + [ssh-agent.1 sshd.8 sshd_config.5] + use process ID vs. pid/PID/process identifier + - stevesk@cvs.openbsd.org 2002/06/22 20:05:27 + [sshd.c] + don't call setsid() if debugging or run from inetd; no "Operation not + permitted" errors now; ok millert@ markus@ + - stevesk@cvs.openbsd.org 2002/06/22 23:09:51 + [monitor.c] + save auth method before monitor_reset_key_state(); bugzilla bug #284; + ok provos@ + 20020622 - (djm) Update README.privsep; spotted by fries@ - (djm) Release 3.3p1 + - (bal) getopt now can be staticly compiled on those platforms missing + optreset. Patch by binder@arago.de 20020621 - (djm) Sync: @@ -1004,4 +1167,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $ +$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $ diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index a7f73e6..07da06b 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -105,11 +105,6 @@ name). There are a few other options to the configure script: ---with-rsh=PATH allows you to specify the path to your rsh program. -Normally ./configure will search the current $PATH for 'rsh'. You -may need to specify this option if rsh is not in your path or has a -different name. - --with-pam enables PAM support. --enable-gnome-askpass will build the GNOME passphrase dialog. You @@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $ +$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $ diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index 4b3e278..e7faa15 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $ +# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ +SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -197,9 +198,13 @@ distprep: catman-do $(AUTORECONF) (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files +check-user: + id $(SSH_PRIVSEP_USER) || \ + echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist" + scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) @@ -212,6 +217,8 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) + chmod 0700 $(DESTDIR)$(PRIVSEP_PATH) $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add @@ -234,7 +241,7 @@ install-files: scard-install $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep index 6c798f3..ced943f 100644 --- a/crypto/openssh/README.privsep +++ b/crypto/openssh/README.privsep @@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping, compression must be disabled in order for privilege separation to function. -When privsep is enabled, the pre-authentication sshd process will +When privsep is enabled, during the pre-authentication phase sshd will chroot(2) to "/var/empty" and change its privileges to the "sshd" user -and its primary group. You should do something like the following to -prepare the privsep preauth environment: +and its primary group. sshd is a pseudo-account that should not be +used by other daemons, and must be locked and should contain a +"nologin" or invalid shell. + +You should do something like the following to prepare the privsep +preauth environment: # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd - # useradd -g sshd sshd - -If you are on UnixWare 7 or OpenUNIX 8 do this additional step. - # ln /usr/lib/.ns.so /usr/lib/ns.so.1 + # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd /var/empty should not contain any files. @@ -34,8 +35,8 @@ privsep user and chroot directory: --with-privsep-path=xxx Path for privilege separation chroot --with-privsep-user=user Specify non-privileged user for privilege separation -Privsep requires operating system support for file descriptor passing -and mmap(MAP_ANON). +Privsep requires operating system support for file descriptor passing. +Compression will be disabled on systems without a working mmap MAP_ANON. PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system @@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $ +$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $ diff --git a/crypto/openssh/TODO b/crypto/openssh/TODO index d094942..4331a13 100644 --- a/crypto/openssh/TODO +++ b/crypto/openssh/TODO @@ -87,4 +87,20 @@ Packaging: - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) -$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $ + +PrivSep Issues: +- mmap() issues. + + /dev/zero solution (Solaris) + + No/broken MAP_ANON (Irix) + + broken /dev/zero parse (Linux) +- PAM + + See above PAM notes +- AIX + + usrinfo() does not set TTY, but only required for legicy systems. Works + with PrivSep. +- OSF + + SIA is broken +- Cygwin + + Privsep for Pre-auth only (no fd passing) + +$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h index 713b094..3e51d61 100644 --- a/crypto/openssh/acconfig.h +++ b/crypto/openssh/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */ +/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -228,9 +228,6 @@ /* Define if xauth is found in your path */ #undef XAUTH_PATH -/* Define if rsh is found in your path */ -#undef RSH_PATH - /* Define if you want to allow MD5 passwords */ #undef HAVE_MD5_PASSWORDS @@ -358,6 +355,12 @@ /* Path that unprivileged child will chroot() to in privep mode */ #undef PRIVSEP_PATH +/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ +#undef HAVE_MMAP_ANON_SHARED + +/* Define if sendmsg()/recvmsg() has problems passing file descriptors */ +#undef BROKEN_FD_PASSING + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c index f35bfb2..e1440f4 100644 --- a/crypto/openssh/auth2-chall.c +++ b/crypto/openssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); #include "ssh2.h" #include "auth.h" @@ -63,6 +63,7 @@ struct KbdintAuthctxt char *devices; void *ctxt; KbdintDevice *device; + u_int nreq; }; static KbdintAuthctxt * @@ -90,6 +91,7 @@ kbdint_alloc(const char *devs) debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); kbdintctxt->ctxt = NULL; kbdintctxt->device = NULL; + kbdintctxt->nreq = 0; return kbdintctxt; } @@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt) KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; int i; - u_int numprompts, *echo_on; + u_int *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, - &name, &instr, &numprompts, &prompts, &echo_on)) + &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) return 0; packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); packet_put_cstring(name); packet_put_cstring(instr); packet_put_cstring(""); /* language not used */ - packet_put_int(numprompts); - for (i = 0; i < numprompts; i++) { + packet_put_int(kbdintctxt->nreq); + for (i = 0; i < kbdintctxt->nreq; i++) { packet_put_cstring(prompts[i]); packet_put_char(echo_on[i]); } packet_send(); packet_write_wait(); - for (i = 0; i < numprompts; i++) + for (i = 0; i < kbdintctxt->nreq; i++) xfree(prompts[i]); xfree(prompts); xfree(echo_on); @@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp != kbdintctxt->nreq) + fatal("input_userauth_info_response: wrong number of replies"); + if (nresp > 100) + fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) diff --git a/crypto/openssh/auth2-pam.c b/crypto/openssh/auth2-pam.c index dd29ebd..99aedea 100644 --- a/crypto/openssh/auth2-pam.c +++ b/crypto/openssh/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $"); +RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); #ifdef USE_PAM #include @@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp); + + if (nresp != context_pam2.num_expected) + fatal("%s: Received incorrect number of responses " + "(expected %u, received %u)", __func__, nresp, + context_pam2.num_expected); + + if (nresp > 100) + fatal("%s: too many replies", __func__); + for (i = 0; i < nresp; i++) { int j = context_pam2.prompts[i]; diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index a452a79..4c4552d5 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); #include @@ -144,7 +144,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply error("Error reading response from authentication socket."); return 0; } - buffer_append(reply, (char *) buf, l); + buffer_append(reply, buf, l); len -= l; } return 1; diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 6d936de..1fa5d81 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); #include #include @@ -270,7 +270,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) (void) buffer_get_int(&buffer); /* reserved */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); pub = key_new(KEY_RSA1); buffer_get_bignum(&buffer, pub->rsa->n); buffer_get_bignum(&buffer, pub->rsa->e); @@ -357,7 +357,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, (void) buffer_get_int(&buffer); /* Reserved data. */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); prv = key_new_private(KEY_RSA1); buffer_get_bignum(&buffer, prv->rsa->n); diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c index 79f8bbd..d3dc674 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); #include #include "bufaux.h" @@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) + fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); bin = buffer_ptr(buffer); @@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) u_char *buf = xmalloc(bytes); int oi; int hasnohigh = 0; + buf[0] = '\0'; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); @@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) xfree(buf); } +/* XXX does not handle negative BNs */ void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { - /**XXX should be two's-complement */ - int len; - u_char *bin = buffer_get_string(buffer, (u_int *)&len); + u_int len; + u_char *bin = buffer_get_string(buffer, &len); + + if (len > 8 * 1024) + fatal("buffer_get_bignum2: cannot handle BN of size %d", len); BN_bin2bn(bin, len, value); xfree(bin); } @@ -145,6 +151,7 @@ u_short buffer_get_short(Buffer *buffer) { u_char buf[2]; + buffer_get(buffer, (char *) buf, 2); return GET_16BIT(buf); } @@ -153,6 +160,7 @@ u_int buffer_get_int(Buffer *buffer) { u_char buf[4]; + buffer_get(buffer, (char *) buf, 4); return GET_32BIT(buf); } @@ -162,6 +170,7 @@ u_int64_t buffer_get_int64(Buffer *buffer) { u_char buf[8]; + buffer_get(buffer, (char *) buf, 8); return GET_64BIT(buf); } @@ -174,6 +183,7 @@ void buffer_put_short(Buffer *buffer, u_short value) { char buf[2]; + PUT_16BIT(buf, value); buffer_append(buffer, buf, 2); } @@ -182,6 +192,7 @@ void buffer_put_int(Buffer *buffer, u_int value) { char buf[4]; + PUT_32BIT(buf, value); buffer_append(buffer, buf, 4); } @@ -191,6 +202,7 @@ void buffer_put_int64(Buffer *buffer, u_int64_t value) { char buf[8]; + PUT_64BIT(buf, value); buffer_append(buffer, buf, 8); } @@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) void * buffer_get_string(Buffer *buffer, u_int *length_ptr) { - u_int len; u_char *value; + u_int len; + /* Get the length. */ len = buffer_get_int(buffer); if (len > 256 * 1024) @@ -249,6 +262,7 @@ int buffer_get_char(Buffer *buffer) { char ch; + buffer_get(buffer, &ch, 1); return (u_char) ch; } @@ -260,5 +274,6 @@ void buffer_put_char(Buffer *buffer, int value) { char ch = value; + buffer_append(buffer, &ch, 1); } diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c index 40572e5..ad04b26 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len) { void *p; + if (len > 0x100000) + fatal("buffer_append_space: len %u not supported", len); + /* If the buffer is empty, start using it from the beginning. */ if (buffer->offset == buffer->end) { buffer->offset = 0; @@ -96,6 +99,9 @@ restart: } /* Increase the size of the buffer and retry. */ buffer->alloc += len + 32768; + if (buffer->alloc > 0xa00000) + fatal("buffer_append_space: alloc %u not supported", + buffer->alloc); buffer->buf = xrealloc(buffer->buf, buffer->alloc); goto restart; /* NOTREACHED */ diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index d34411e..29eaee7 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -205,7 +205,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extusage, char *remote_name, int nonblock) + u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { int i, found; Channel *c; @@ -229,6 +229,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; channels_alloc += 10; + if (channels_alloc > 10000) + fatal("channel_new: internal error: channels_alloc %d " + "too big.", channels_alloc); debug2("channel: expanding %d", channels_alloc); channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) @@ -1568,8 +1571,9 @@ channel_after_select(fd_set * readset, fd_set * writeset) void channel_output_poll(void) { - int len, i; Channel *c; + int i; + u_int len; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -1647,7 +1651,7 @@ channel_output_poll(void) c->remote_window > 0 && (len = buffer_len(&c->extended)) > 0 && c->extended_usage == CHAN_EXTENDED_READ) { - debug2("channel %d: rwin %d elen %d euse %d", + debug2("channel %d: rwin %u elen %u euse %d", c->self, c->remote_window, buffer_len(&c->extended), c->extended_usage); if (len > c->remote_window) @@ -1717,9 +1721,8 @@ void channel_input_extended_data(int type, u_int32_t seq, void *ctxt) { int id; - int tcode; char *data; - u_int data_len; + u_int data_len, tcode; Channel *c; /* Get the channel number and verify it. */ @@ -1874,7 +1877,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->confirm(c->self, NULL); debug2("callback done"); } - debug("channel %d: open confirm rwindow %d rmax %d", c->self, + debug("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); } packet_check_eom(); @@ -1931,7 +1934,8 @@ void channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { Channel *c; - int id, adjust; + int id; + u_int adjust; if (!compat20) return; @@ -1947,7 +1951,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) } adjust = packet_get_int(); packet_check_eom(); - debug2("channel %d: rcvd adjust %d", id, adjust); + debug2("channel %d: rcvd adjust %u", id, adjust); c->remote_window += adjust; } @@ -2328,12 +2332,12 @@ channel_connect_to(const char *host, u_short port) /* * Creates an internet domain socket for listening for X11 connections. - * Returns a suitable display number for the DISPLAY variable, or -1 if - * an error occurs. + * Returns 0 and a suitable display number for the DISPLAY variable + * stored in display_numberp , or -1 if an error occurs. */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection) + int single_connection, u_int *display_numberp) { Channel *nc = NULL; int display_number, sock; @@ -2431,7 +2435,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Return the display number for the DISPLAY environment variable. */ - return display_number; + *display_numberp = display_number; + return (0); } static int diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 9ceff3e..dd54114 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */ /* * Author: Tatu Ylonen @@ -90,12 +90,12 @@ struct Channel { int host_port; /* remote port to connect for forwards */ char *remote_name; /* remote hostname */ - int remote_window; - int remote_maxpacket; - int local_window; - int local_window_max; - int local_consumed; - int local_maxpacket; + u_int remote_window; + u_int remote_maxpacket; + u_int local_window; + u_int local_window_max; + u_int local_consumed; + u_int local_maxpacket; int extended_usage; int single_connection; @@ -151,7 +151,7 @@ struct Channel { /* channel management */ Channel *channel_lookup(int); -Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int); +Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); void channel_set_fds(int, int, int, int, int, int, u_int); void channel_free(Channel *); void channel_free_all(void); @@ -205,7 +205,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int); /* x11 forwarding */ int x11_connect_display(void); -int x11_create_display_inet(int, int, int); +int x11_create_display_inet(int, int, int, u_int *); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *); void deny_input_open(int, u_int32_t, void *); diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index b18c701..6db340d 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c) { return (c->block_size); } + u_int cipher_keylen(Cipher *c) { return (c->key_len); } + u_int cipher_get_number(Cipher *c) { @@ -314,6 +316,7 @@ struct ssh1_3des_ctx { EVP_CIPHER_CTX k1, k2, k3; }; + static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) @@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, #endif return (1); } + static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) { @@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) #endif return (1); } + static int ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) { @@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_ssh1_3des(void) { @@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n) *dst++ = c[3]; } } + static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; + static int bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) { @@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) swap_bytes(out, out, len); return (ret); } + static const EVP_CIPHER * evp_ssh1_bf(void) { @@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE); return (1); } + static int ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) @@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, } return (1); } + static int ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) { @@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_rijndael(void) { diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 75d24ac..cd2eab7 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - u_int len; int rchan; - int rmaxpack; - int rwindow; + u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); rchan = packet_get_int(); diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index 9daf3b0..ad5d5cd 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $ +# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -76,6 +76,7 @@ case "$host" in AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(LOGIN_NEEDS_UTMPX) ;; *-*-cygwin*) LIBS="$LIBS /usr/lib/textmode.o" @@ -85,6 +86,7 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) + AC_DEFINE(BROKEN_FD_PASSING) AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) @@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -los -lprot -lx -ltinfo -lm" - rsh_path="/usr/bin/rcmd" RANLIB=true no_dev_ptmx=1 AC_DEFINE(BROKEN_SYS_TERMIO_H) @@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4) LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" no_dev_ptmx=1 - rsh_path="/usr/bin/rcmd" AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(BROKEN_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; @@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) + AC_DEFINE(BROKEN_FD_PASSING) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" LIBS="$LIBS -lgen -lrsc" ;; @@ -575,6 +577,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +if test $ac_cv_func_mmap = yes ; then +AC_MSG_CHECKING([for mmap anon shared]) +AC_TRY_RUN( + [ +#include +#include +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +#define MAP_ANON MAP_ANONYMOUS +#endif +main() { char *p; +p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); +if (p == (char *)-1) + exit(1); +exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_MMAP_ANON_SHARED) + ], + [ AC_MSG_RESULT(no) ] +) +fi + dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -907,16 +933,17 @@ AC_ARG_WITH(entropy-timeout, ) AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) -ssh_privsep_user=sshd +SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then - ssh_privsep_user=$withval + SSH_PRIVSEP_USER=$withval fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure # that programs that we select for use by installed programs @@ -1789,17 +1816,6 @@ AC_ARG_WITH(afs, LIBS="$LIBS $KLIBS $K5LIBS" # Looking for programs, paths and files -AC_ARG_WITH(rsh, - [ --with-rsh=PATH Specify path to remote shell program ], - [ - if test "x$withval" != "$no" ; then - rsh_path=$withval - fi - ], - [ - AC_PATH_PROG(rsh_path, rsh) - ] -) PRIVSEP_PATH=/var/empty AC_ARG_WITH(privsep-path, @@ -1835,9 +1851,6 @@ else XAUTH_PATH=$xauth_path AC_SUBST(XAUTH_PATH) fi -if test ! -z "$rsh_path" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") -fi # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index 1f52c54..b87dbc5 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */ +/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */ /* Constants */ @@ -316,14 +316,6 @@ struct winsize { # define _PATH_MAILDIR MAILDIR #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */ -#ifndef _PATH_RSH -# ifdef RSH_PATH -# define _PATH_RSH RSH_PATH -# else /* RSH_PATH */ -# define _PATH_RSH "/usr/bin/rsh" -# endif /* RSH_PATH */ -#endif /* _PATH_RSH */ - #ifndef _PATH_NOLOGIN # define _PATH_NOLOGIN "/etc/nologin" #endif @@ -417,7 +409,18 @@ struct winsize { #endif #ifndef HAVE_GETOPT_OPTRESET -#define getopt(ac, av, o) BSDgetopt(ac, av, o) +# undef getopt +# undef opterr +# undef optind +# undef optopt +# undef optreset +# undef optarg +# define getopt(ac, av, o) BSDgetopt(ac, av, o) +# define opterr BSDopterr +# define optind BSDoptind +# define optopt BSDoptopt +# define optreset BSDoptreset +# define optarg BSDoptarg #endif /* In older versions of libpam, pam_strerror takes a single argument */ diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index d079ab0..bdbf388 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); #include @@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) packet_get_char(); for (i = 0; i < PROPOSAL_MAX; i++) xfree(packet_get_string(NULL)); - packet_get_char(); - packet_get_int(); + (void) packet_get_char(); + (void) packet_get_int(); packet_check_eom(); kex_kexinit_finish(kex); diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 2d850c8..fb1f841 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); #include @@ -89,6 +89,7 @@ key_new(int type) } return k; } + Key * key_new_private(int type) { @@ -120,6 +121,7 @@ key_new_private(int type) } return k; } + void key_free(Key *k) { @@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value) *cpp = cp; return 1; } + static int write_bignum(FILE *f, BIGNUM *num) { @@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp) } return success; } + int key_write(Key *key, FILE *f) { @@ -516,6 +520,7 @@ key_write(Key *key, FILE *f) } return success; } + char * key_type(Key *k) { @@ -532,6 +537,7 @@ key_type(Key *k) } return "unknown"; } + char * key_ssh_name(Key *k) { @@ -545,6 +551,7 @@ key_ssh_name(Key *k) } return "ssh-unknown"; } + u_int key_size(Key *k) { @@ -807,7 +814,6 @@ key_verify( } /* Converts a private to a public key */ - Key * key_demote(Key *k) { diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 39b6248..89b712f 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); #include @@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, -#ifdef USE_PAM - {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, -#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m) xfree(signature); xfree(data); + auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; + monitor_reset_key_state(); buffer_clear(m); buffer_put_int(m, verified); mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); - auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; - return (verified); } @@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { + int len = size * ncount; void *address; - address = mm_malloc(mm, size * ncount); + if (len <= 0) + fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); + + address = mm_malloc(mm, len); return (address); } diff --git a/crypto/openssh/monitor_fdpass.h b/crypto/openssh/monitor_fdpass.h index cb12c41..31d080e 100644 --- a/crypto/openssh/monitor_fdpass.h +++ b/crypto/openssh/monitor_fdpass.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c index 0076c42..c363036 100644 --- a/crypto/openssh/monitor_mm.c +++ b/crypto/openssh/monitor_mm.c @@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size) */ mm->mmalloc = mmalloc; -#if defined(HAVE_MMAP) && defined(MAP_ANON) +#ifdef HAVE_MMAP_ANON_SHARED address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); if (address == MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif @@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm) mm_freelist(mm->mmalloc, &mm->rb_free); mm_freelist(mm->mmalloc, &mm->rb_allocated); -#ifdef HAVE_MMAP +#ifdef HAVE_MMAP_ANON_SHARED if (munmap(mm->address, mm->size) == -1) fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif if (mm->mmalloc == NULL) diff --git a/crypto/openssh/monitor_mm.h b/crypto/openssh/monitor_mm.h index c0af432..c0a66d5 100644 --- a/crypto/openssh/monitor_mm.h +++ b/crypto/openssh/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/crypto/openssh/msg.c b/crypto/openssh/msg.c index 103aed2..7275c84 100644 --- a/crypto/openssh/msg.c +++ b/crypto/openssh/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $"); #include "buffer.h" #include "getput.h" @@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m) u_char buf[5]; u_int mlen = buffer_len(m); - debug3("msg_send: type %d", type); + debug3("msg_send: type %u", (unsigned int)type & 0xff); PUT_32BIT(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ @@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m) if (res != sizeof(buf)) { if (res == 0) return -1; - fatal("msg_recv: read: header %d", res); + fatal("msg_recv: read: header %ld", (long)res); } msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) diff --git a/crypto/openssh/openbsd-compat/getopt.c b/crypto/openssh/openbsd-compat/getopt.c index 9e13504..f4fbc9b 100644 --- a/crypto/openssh/openbsd-compat/getopt.c +++ b/crypto/openssh/openbsd-compat/getopt.c @@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; #include #include -int opterr = 1, /* if error message should be printed */ - optind = 1, /* index into parent argv vector */ - optopt, /* character checked for validity */ - optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ +int BSDopterr = 1, /* if error message should be printed */ + BSDoptind = 1, /* index into parent argv vector */ + BSDoptopt, /* character checked for validity */ + BSDoptreset; /* reset getopt */ +char *BSDoptarg; /* argument associated with option */ #define BADCH (int)'?' #define BADARG (int)':' @@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr) static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc || *(place = nargv[optind]) != '-') { + if (BSDoptreset || !*place) { /* update scanning pointer */ + BSDoptreset = 0; + if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { place = EMSG; return (-1); } if (place[1] && *++place == '-') { /* found "--" */ - ++optind; + ++BSDoptind; place = EMSG; return (-1); } } /* option letter okay? */ - if ((optopt = (int)*place++) == (int)':' || - !(oli = strchr(ostr, optopt))) { + if ((BSDoptopt = (int)*place++) == (int)':' || + !(oli = strchr(ostr, BSDoptopt))) { /* * if the user didn't specify '-' as an option, * assume it means -1. */ - if (optopt == (int)'-') + if (BSDoptopt == (int)'-') return (-1); if (!*place) - ++optind; - if (opterr && *ostr != ':') + ++BSDoptind; + if (BSDopterr && *ostr != ':') (void)fprintf(stderr, - "%s: illegal option -- %c\n", __progname, optopt); + "%s: illegal option -- %c\n", __progname, BSDoptopt); return (BADCH); } if (*++oli != ':') { /* don't need argument */ - optarg = NULL; + BSDoptarg = NULL; if (!*place) - ++optind; + ++BSDoptind; } else { /* need an argument */ if (*place) /* no white space */ - optarg = place; - else if (nargc <= ++optind) { /* no arg */ + BSDoptarg = place; + else if (nargc <= ++BSDoptind) { /* no arg */ place = EMSG; if (*ostr == ':') return (BADARG); - if (opterr) + if (BSDopterr) (void)fprintf(stderr, "%s: option requires an argument -- %c\n", - __progname, optopt); + __progname, BSDoptopt); return (BADCH); } else /* white space */ - optarg = nargv[optind]; + BSDoptarg = nargv[BSDoptind]; place = EMSG; - ++optind; + ++BSDoptind; } - return (optopt); /* dump back option letter */ + return (BSDoptopt); /* dump back option letter */ } #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 8651127..a5b2ab6 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p) int packet_read_poll_seqnr(u_int32_t *seqnr_p) { - int reason, seqnr; + u_int reason, seqnr; u_char type; char *msg; @@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) case SSH2_MSG_DISCONNECT: reason = packet_get_int(); msg = packet_get_string(NULL); - log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(), - reason, msg); + log("Received disconnect from %s: %u: %.400s", + get_remote_ipaddr(), reason, msg); xfree(msg); fatal_cleanup(); break; case SSH2_MSG_UNIMPLEMENTED: seqnr = packet_get_int(); - debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr); + debug("Received SSH2_MSG_UNIMPLEMENTED for %u", + seqnr); break; default: return type; @@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) break; case SSH_MSG_DISCONNECT: msg = packet_get_string(NULL); - log("Received disconnect from %s: %.400s", get_remote_ipaddr(), - msg); + log("Received disconnect from %s: %.400s", + get_remote_ipaddr(), msg); fatal_cleanup(); xfree(msg); break; diff --git a/crypto/openssh/scard.c b/crypto/openssh/scard.c index db0cc4a..9791938 100644 --- a/crypto/openssh/scard.c +++ b/crypto/openssh/scard.c @@ -24,7 +24,7 @@ #include "includes.h" #if defined(SMARTCARD) && defined(USE_SECTOK) -RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $"); +RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $"); #include #include @@ -191,7 +191,7 @@ sc_read_pubkey(Key * k) status = 0; p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); - debug("fingerprint %d %s", key_size(k), p); + debug("fingerprint %u %s", key_size(k), p); xfree(p); err: diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index c0caff4..396ab64 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $ +.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -152,5 +152,5 @@ California. .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr ssh_config 5 +.Xr ssh_config 5 , .Xr sshd 8 diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index fb6332c..f311ae4 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); #if defined(KRB4) #include @@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP) || !defined(MAP_ANON) +#if !defined(HAVE_MMAP_ANON_SHARED) if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " "separation and compression"); @@ -423,7 +423,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; - snprintf(strport, sizeof strport, "%d", port); + snprintf(strport, sizeof strport, "%u", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", addr ? addr : "", @@ -439,9 +439,8 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value; + int *intptr, value, i, n; ServerOpCodes opcode; - int i, n; cp = line; arg = strdelim(&cp); @@ -765,7 +764,8 @@ parse_flag: if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); - options->allow_users[options->num_allow_users++] = xstrdup(arg); + options->allow_users[options->num_allow_users++] = + xstrdup(arg); } break; @@ -774,7 +774,8 @@ parse_flag: if (options->num_deny_users >= MAX_DENY_USERS) fatal( "%s line %d: too many deny users.", filename, linenum); - options->deny_users[options->num_deny_users++] = xstrdup(arg); + options->deny_users[options->num_deny_users++] = + xstrdup(arg); } break; @@ -783,7 +784,8 @@ parse_flag: if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); - options->allow_groups[options->num_allow_groups++] = xstrdup(arg); + options->allow_groups[options->num_allow_groups++] = + xstrdup(arg); } break; @@ -921,10 +923,9 @@ parse_flag: void read_server_config(ServerOptions *options, const char *filename) { - FILE *f; + int linenum, bad_options = 0; char line[1024]; - int linenum; - int bad_options = 0; + FILE *f; f = fopen(filename, "r"); if (!f) { diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 1a148fc..1349213 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -902,10 +902,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - u_int len; int rchan; - int rmaxpack; - int rwindow; + u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); rchan = packet_get_int(); diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 6169f33..747a00a 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt) Session *s; char *command; int success, type, screen_flag; - int compression_level = 0, enable_compression_after_reply = 0; - u_int proto_len, data_len, dlen; + int enable_compression_after_reply = 0; + u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); s->authctxt = authctxt; @@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, } else { /* New variable. Expand if necessary. */ if (i >= (*envsizep) - 1) { + if (*envsizep >= 1000) + fatal("child_set_env: too many env vars," + " skipping: %.100s", name); (*envsizep) += 50; env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); } @@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize, FILE *f; char buf[4096]; char *cp, *value; + u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; while (fgets(buf, sizeof(buf), f)) { + if (++lineno > 1000) + fatal("Too many lines in environment file %s", filename); for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') @@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize, *strchr(cp, '\n') = '\0'; value = strchr(cp, '='); if (value == NULL) { - fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); + fprintf(stderr, "Bad line %u in %.100s\n", lineno, + filename); continue; } /* @@ -1152,6 +1159,8 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { + char tty='\0'; + #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ @@ -1161,6 +1170,9 @@ do_setusercontext(struct passwd *pw) setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP +#ifdef __bsdi__ + setpgid(0, 0); +#endif if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { perror("unable to set user context"); @@ -1196,6 +1208,10 @@ do_setusercontext(struct passwd *pw) # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) irix_setusercontext(pw); # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ +# ifdef _AIX + /* XXX: Disable tty setting. Enabled if required later */ + aix_usrinfo(pw, &tty, -1); +# endif /* _AIX */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -1258,9 +1274,6 @@ do_child(Session *s, const char *command) do_motd(); #else /* HAVE_OSF_SIA */ do_nologin(pw); -# ifdef _AIX - aix_usrinfo(pw, s->tty, s->ttyfd); -# endif /* _AIX */ do_setusercontext(pw); #endif /* HAVE_OSF_SIA */ } @@ -1970,9 +1983,9 @@ session_setup_x11fwd(Session *s) debug("X11 display already set."); return 0; } - s->display_number = x11_create_display_inet(options.x11_display_offset, - options.x11_use_localhost, s->single_connection); - if (s->display_number == -1) { + if (x11_create_display_inet(options.x11_display_offset, + options.x11_use_localhost, s->single_connection, + &s->display_number) == -1) { debug("x11_create_display_inet failed."); return 0; } @@ -1986,9 +1999,9 @@ session_setup_x11fwd(Session *s) * different than the DISPLAY string for localhost displays. */ if (options.x11_use_localhost) { - snprintf(display, sizeof display, "localhost:%d.%d", + snprintf(display, sizeof display, "localhost:%u.%u", s->display_number, s->screen); - snprintf(auth_display, sizeof auth_display, "unix:%d.%d", + snprintf(auth_display, sizeof auth_display, "unix:%u.%u", s->display_number, s->screen); s->display = xstrdup(display); s->auth_display = xstrdup(auth_display); @@ -2004,10 +2017,10 @@ session_setup_x11fwd(Session *s) return 0; } memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); - snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr), + snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), s->display_number, s->screen); #else - snprintf(display, sizeof display, "%.400s:%d.%d", hostname, + snprintf(display, sizeof display, "%.400s:%u.%u", hostname, s->display_number, s->screen); #endif s->display = xstrdup(display); diff --git a/crypto/openssh/session.h b/crypto/openssh/session.h index 2a7e4b2..3bce978 100644 --- a/crypto/openssh/session.h +++ b/crypto/openssh/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */ +/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -37,15 +37,15 @@ struct Session { /* tty */ char *term; int ptyfd, ttyfd, ptymaster; - int row, col, xpixel, ypixel; + u_int row, col, xpixel, ypixel; char tty[TTYSZ]; /* last login */ char hostname[MAXHOSTNAMELEN]; time_t last_login_time; /* X11 */ - int display_number; + u_int display_number; char *display; - int screen; + u_int screen; char *auth_display; char *auth_proto; char *auth_data; diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index 779ef2f..10b7992 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $"); #include "openbsd-compat/fake-queue.h" @@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m) msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) - fatal("Received message too long %d", msg_len); + fatal("Received message too long %u", msg_len); while (msg_len) { len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); @@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s, buffer_put_int(&msg, id); buffer_put_string(&msg, s, len); send_msg(fd, &msg); - debug3("Sent message fd %d T:%d I:%d", fd, code, id); + debug3("Sent message fd %d T:%u I:%u", fd, code, id); buffer_free(&msg); } @@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s, buffer_put_string(&msg, s, len); encode_attrib(&msg, a); send_msg(fd, &msg); - debug3("Sent message fd %d T:%d I:%d", fd, code, id); + debug3("Sent message fd %d T:%u I:%u", fd, code, id); buffer_free(&msg); } static u_int -get_status(int fd, int expected_id) +get_status(int fd, u_int expected_id) { Buffer msg; u_int type, id, status; @@ -145,15 +145,15 @@ get_status(int fd, int expected_id) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type != SSH2_FXP_STATUS) - fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d", + fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u", SSH2_FXP_STATUS, type); status = buffer_get_int(&msg); buffer_free(&msg); - debug3("SSH2_FXP_STATUS %d", status); + debug3("SSH2_FXP_STATUS %u", status); return(status); } @@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); error("Couldn't get handle: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_HANDLE) - fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d", + fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u", SSH2_FXP_HANDLE, type); handle = buffer_get_string(&msg, len); @@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet) type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received stat reply T:%d I:%d", type, id); + debug3("Received stat reply T:%u I:%u", type, id); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); @@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet) error("Couldn't stat remote file: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_ATTRS) { - fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d", + fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u", SSH2_FXP_ATTRS, type); } a = decode_attrib(&msg); @@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet) struct sftp_conn * do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) { - int type, version; + u_int type; + int version; Buffer msg; struct sftp_conn *ret; @@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) /* Expecting a VERSION reply */ if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { - error("Invalid packet back from SSH2_FXP_INIT (type %d)", + error("Invalid packet back from SSH2_FXP_INIT (type %u)", type); buffer_free(&msg); return(NULL); @@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len) buffer_put_int(&msg, id); buffer_put_string(&msg, handle, handle_len); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_CLOSE I:%d", id); + debug3("Sent message SSH2_FXP_CLOSE I:%u", id); status = get_status(conn->fd_in, id); if (status != SSH2_FX_OK) @@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, id = expected_id = conn->msg_id++; - debug3("Sending SSH2_FXP_READDIR I:%d", id); + debug3("Sending SSH2_FXP_READDIR I:%u", id); buffer_clear(&msg); buffer_put_char(&msg, SSH2_FXP_READDIR); @@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received reply T:%d I:%d", type, id); + debug3("Received reply T:%u I:%u", type, id); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { int status = buffer_get_int(&msg); @@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, return(status); } } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { u_int status = buffer_get_int(&msg); @@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path) error("Couldn't canonicalise: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path) id = buffer_get_int(&msg); if (id != expected_id) - fatal("ID mismatch (%d != %d)", id, expected_id); + fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { u_int status = buffer_get_int(&msg); @@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path) error("Couldn't readlink: %s", fx2txt(status)); return(NULL); } else if (type != SSH2_FXP_NAME) - fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", SSH2_FXP_NAME, type); count = buffer_get_int(&msg); @@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, attrib_clear(&junk); /* Send empty attributes */ encode_attrib(&msg, &junk); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); handle = get_handle(conn->fd_in, id, &handle_len); if (handle == NULL) { @@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, get_msg(conn->fd_in, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); - debug3("Received reply T:%d I:%d R:%d", type, id, max_req); + debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ for(req = TAILQ_FIRST(&requests); @@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, (unsigned long long)req->offset + len - 1); if (len > req->len) fatal("Received more data than asked for " - "%d > %d", len, req->len); + "%u > %u", len, req->len); if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || atomicio(write, local_fd, data, len) != len) && !write_error) { @@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, } break; default: - fatal("Expected SSH2_FXP_DATA(%d) packet, got %d", + fatal("Expected SSH2_FXP_DATA(%u) packet, got %u", SSH2_FXP_DATA, type); } } @@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); encode_attrib(&msg, &a); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); buffer_clear(&msg); @@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_int64(&msg, offset); buffer_put_string(&msg, data, len); send_msg(conn->fd_out, &msg); - debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u", + debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); } else if (TAILQ_FIRST(&acks) == NULL) break; @@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, ack = TAILQ_NEXT(ack, tq)) ; if (ack == NULL) - fatal("Can't find request for ID %d", r_id); + fatal("Can't find request for ID %u", r_id); TAILQ_REMOVE(&acks, ack, tq); if (status != SSH2_FX_OK) { @@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, close(local_fd); goto done; } - debug3("In write loop, ack for %u %d bytes at %llu", + debug3("In write loop, ack for %u %u bytes at %llu", ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; free(ack); diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index ceda879..b061711 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */ /* * Copyright (c) 2001,2002 Damien Miller. All rights reserved. @@ -41,11 +41,9 @@ struct SFTP_DIRENT { * Initialiase a SSH filexfer connection. Returns -1 on error or * protocol version on success. */ -struct sftp_conn * -do_init(int, int, u_int, u_int); +struct sftp_conn *do_init(int, int, u_int, u_int); -u_int -sftp_proto_version(struct sftp_conn *); +u_int sftp_proto_version(struct sftp_conn *); /* Close file referred to by 'handle' */ int do_close(struct sftp_conn *, char *, u_int); diff --git a/crypto/openssh/sftp-common.c b/crypto/openssh/sftp-common.c index 4fb4496..6bed0ab 100644 --- a/crypto/openssh/sftp-common.c +++ b/crypto/openssh/sftp-common.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -70,6 +70,7 @@ Attrib * decode_attrib(Buffer *b) { static Attrib a; + attrib_clear(&a); a.flags = buffer_get_int(b); if (a.flags & SSH2_FILEXFER_ATTR_SIZE) @@ -88,6 +89,7 @@ decode_attrib(Buffer *b) if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) { char *type, *data; int i, count; + count = buffer_get_int(b); for (i = 0; i < count; i++) { type = buffer_get_string(b, NULL); diff --git a/crypto/openssh/sftp-int.c b/crypto/openssh/sftp-int.c index 5b1d384..b13e5da 100644 --- a/crypto/openssh/sftp-int.c +++ b/crypto/openssh/sftp-int.c @@ -26,7 +26,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) help(); break; case I_VERSION: - printf("SFTP protocol version %d\n", sftp_proto_version(conn)); + printf("SFTP protocol version %u\n", sftp_proto_version(conn)); break; default: fatal("%d is not implemented", cmdnum); diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index 9db28e7..a5c3255 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error) "Unknown error" /* Others */ }; - TRACE("sent status id %d error %d", id, error); + TRACE("sent status id %u error %u", id, error); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_STATUS); buffer_put_int(&msg, id); @@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen) static void send_data(u_int32_t id, char *data, int dlen) { - TRACE("sent data id %d len %d", id, dlen); + TRACE("sent data id %u len %d", id, dlen); send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); } @@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle) int hlen; handle_to_string(handle, &string, &hlen); - TRACE("sent handle id %d handle %d", id, handle); + TRACE("sent handle id %u handle %d", id, handle); send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); xfree(string); } @@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats) buffer_put_char(&msg, SSH2_FXP_NAME); buffer_put_int(&msg, id); buffer_put_int(&msg, count); - TRACE("sent names id %d count %d", id, count); + TRACE("sent names id %u count %d", id, count); for (i = 0; i < count; i++) { buffer_put_cstring(&msg, stats[i].name); buffer_put_cstring(&msg, stats[i].long_name); @@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a) { Buffer msg; - TRACE("sent attrib id %d have 0x%x", id, a->flags); + TRACE("sent attrib id %u have 0x%x", id, a->flags); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_ATTRS); buffer_put_int(&msg, id); @@ -391,7 +391,7 @@ process_open(void) a = get_attrib(); flags = flags_from_portable(pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; - TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode); + TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); @@ -417,7 +417,7 @@ process_close(void) id = get_int(); handle = get_handle(); - TRACE("close id %d handle %d", id, handle); + TRACE("close id %u handle %d", id, handle); ret = handle_close(handle); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -436,7 +436,7 @@ process_read(void) off = get_int64(); len = get_int(); - TRACE("read id %d handle %d off %llu len %d", id, handle, + TRACE("read id %u handle %d off %llu len %d", id, handle, (u_int64_t)off, len); if (len > sizeof buf) { len = sizeof buf; @@ -477,7 +477,7 @@ process_write(void) off = get_int64(); data = get_string(&len); - TRACE("write id %d handle %d off %llu len %d", id, handle, + TRACE("write id %u handle %d off %llu len %d", id, handle, (u_int64_t)off, len); fd = handle_to_fd(handle); if (fd >= 0) { @@ -512,7 +512,7 @@ process_do_stat(int do_lstat) id = get_int(); name = get_string(NULL); - TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name); + TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name); ret = do_lstat ? lstat(name, &st) : stat(name, &st); if (ret < 0) { status = errno_to_portable(errno); @@ -548,7 +548,7 @@ process_fstat(void) id = get_int(); handle = get_handle(); - TRACE("fstat id %d handle %d", id, handle); + TRACE("fstat id %u handle %d", id, handle); fd = handle_to_fd(handle); if (fd >= 0) { ret = fstat(fd, &st); @@ -582,13 +582,12 @@ process_setstat(void) Attrib *a; u_int32_t id; char *name; - int ret; - int status = SSH2_FX_OK; + int status = SSH2_FX_OK, ret; id = get_int(); name = get_string(NULL); a = get_attrib(); - TRACE("setstat id %d name %s", id, name); + TRACE("setstat id %u name %s", id, name); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { ret = truncate(name, a->size); if (ret == -1) @@ -625,7 +624,7 @@ process_fsetstat(void) id = get_int(); handle = get_handle(); a = get_attrib(); - TRACE("fsetstat id %d handle %d", id, handle); + TRACE("fsetstat id %u handle %d", id, handle); fd = handle_to_fd(handle); name = handle_to_name(handle); if (fd < 0 || name == NULL) { @@ -677,7 +676,7 @@ process_opendir(void) id = get_int(); path = get_string(NULL); - TRACE("opendir id %d path %s", id, path); + TRACE("opendir id %u path %s", id, path); dirp = opendir(path); if (dirp == NULL) { status = errno_to_portable(errno); @@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st) if ((pw = getpwuid(st->st_uid)) != NULL) { user = pw->pw_name; } else { - snprintf(ubuf, sizeof ubuf, "%d", st->st_uid); + snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); user = ubuf; } if ((gr = getgrgid(st->st_gid)) != NULL) { group = gr->gr_name; } else { - snprintf(gbuf, sizeof gbuf, "%d", st->st_gid); + snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); group = gbuf; } if (ltime != NULL) { @@ -749,7 +748,7 @@ process_readdir(void) id = get_int(); handle = get_handle(); - TRACE("readdir id %d handle %d", id, handle); + TRACE("readdir id %u handle %d", id, handle); dirp = handle_to_dir(handle); path = handle_to_name(handle); if (dirp == NULL || path == NULL) { @@ -759,6 +758,7 @@ process_readdir(void) char pathname[1024]; Stat *stats; int nstats = 10, count = 0, i; + stats = xmalloc(nstats * sizeof(Stat)); while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { @@ -802,7 +802,7 @@ process_remove(void) id = get_int(); name = get_string(NULL); - TRACE("remove id %d name %s", id, name); + TRACE("remove id %u name %s", id, name); ret = unlink(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -822,7 +822,7 @@ process_mkdir(void) a = get_attrib(); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm & 0777 : 0777; - TRACE("mkdir id %d name %s mode 0%o", id, name, mode); + TRACE("mkdir id %u name %s mode 0%o", id, name, mode); ret = mkdir(name, mode); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -838,7 +838,7 @@ process_rmdir(void) id = get_int(); name = get_string(NULL); - TRACE("rmdir id %d name %s", id, name); + TRACE("rmdir id %u name %s", id, name); ret = rmdir(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); @@ -858,7 +858,7 @@ process_realpath(void) xfree(path); path = xstrdup("."); } - TRACE("realpath id %d path %s", id, path); + TRACE("realpath id %u path %s", id, path); if (realpath(path, resolvedname) == NULL) { send_status(id, errno_to_portable(errno)); } else { @@ -881,7 +881,7 @@ process_rename(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("rename id %d old %s new %s", id, oldpath, newpath); + TRACE("rename id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ if (stat(newpath, &st) == -1) { ret = rename(oldpath, newpath); @@ -902,7 +902,7 @@ process_readlink(void) id = get_int(); path = get_string(NULL); - TRACE("readlink id %d path %s", id, path); + TRACE("readlink id %u path %s", id, path); if ((len = readlink(path, link, sizeof(link) - 1)) == -1) send_status(id, errno_to_portable(errno)); else { @@ -927,7 +927,7 @@ process_symlink(void) id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); - TRACE("symlink id %d old %s new %s", id, oldpath, newpath); + TRACE("symlink id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ if (stat(newpath, &st) == -1) { ret = symlink(oldpath, newpath); diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index f941d18..fac2564 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $"); /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -53,8 +53,10 @@ static void connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) { int c_in, c_out; + #ifdef USE_PIPES int pin[2], pout[2]; + if ((pipe(pin) == -1) || (pipe(pout) == -1)) fatal("pipe: %s", strerror(errno)); *in = pin[0]; @@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) c_out = pin[1]; #else /* USE_PIPES */ int inout[2]; + if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) fatal("socketpair: %s", strerror(errno)); *in = *out = inout[0]; diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index e5ea1e3..0227436 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,7 +69,7 @@ The options are as follows: Bind the agent to the unix-domain socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXX/agent. . +.Pa /tmp/ssh-XXXXXXXX/agent. . .It Fl c Generate C-shell commands on .Dv stdout . @@ -151,7 +151,7 @@ user. .Pp The .Ev SSH_AGENT_PID -environment variable holds the agent's PID. +environment variable holds the agent's process ID. .Pp The agent exits automatically when the command given on the command line terminates. @@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user. Contains the protocol version 2 DSA authentication identity of the user. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXX/agent. +.It Pa /tmp/ssh-XXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index c3a9077..ac16bae 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); #include #include @@ -110,6 +110,7 @@ static void idtab_init(void) { int i; + for (i = 0; i <=2; i++) { TAILQ_INIT(&idtable[i].idlist); idtable[i].nentries = 0; @@ -152,8 +153,8 @@ static void process_request_identities(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - Buffer msg; Identity *id; + Buffer msg; buffer_init(&msg); buffer_put_char(&msg, (version == 1) ? @@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version) static void process_authentication_challenge1(SocketEntry *e) { - Identity *id; - Key *key; + u_char buf[32], mdbuf[16], session_id[16]; + u_int response_type; BIGNUM *challenge; + Identity *id; int i, len; Buffer msg; MD5_CTX md; - u_char buf[32], mdbuf[16], session_id[16]; - u_int response_type; + Key *key; buffer_init(&msg); key = key_new(KEY_RSA1); if ((challenge = BN_new()) == NULL) fatal("process_authentication_challenge1: BN_new failed"); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, key->rsa->e); buffer_get_bignum(&e->request, key->rsa->n); buffer_get_bignum(&e->request, challenge); @@ -251,13 +252,12 @@ send: static void process_sign_request2(SocketEntry *e) { - extern int datafellows; - Key *key; u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int flags; + extern int datafellows; + int ok = -1, flags; Buffer msg; - int ok = -1; + Key *key; datafellows = 0; @@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e) static void process_remove_identity(SocketEntry *e, int version) { + u_int blen, bits; + int success = 0; Key *key = NULL; u_char *blob; - u_int blen; - u_int bits; - int success = 0; switch (version) { case 1: @@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version) buffer_get_bignum(&e->request, key->rsa->n); if (bits != key_size(key)) - log("Warning: identity keysize mismatch: actual %d, announced %d", + log("Warning: identity keysize mismatch: actual %u, announced %u", key_size(key), bits); break; case 2: @@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version) static void reaper(void) { - Idtab *tab; + u_int now = time(NULL); Identity *id, *nxt; int version; - u_int now = time(NULL); + Idtab *tab; for (version = 1; version < 3; version++) { tab = idtab_lookup(version); @@ -391,16 +390,15 @@ reaper(void) static void process_add_identity(SocketEntry *e, int version) { - Key *k = NULL; - char *type_name; - char *comment; - int type, success = 0, death = 0; Idtab *tab = idtab_lookup(version); + int type, success = 0, death = 0; + char *type_name, *comment; + Key *k = NULL; switch (version) { case 1: k = key_new_private(KEY_RSA1); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, k->rsa->n); buffer_get_bignum(&e->request, k->rsa->e); buffer_get_bignum(&e->request, k->rsa->d); @@ -481,8 +479,8 @@ send: static void process_lock_agent(SocketEntry *e, int lock) { - char *passwd; int success = 0; + char *passwd; passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { @@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type) static void process_add_smartcard_key (SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -566,11 +564,11 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k = NULL; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k = NULL; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -608,8 +606,7 @@ send: static void process_message(SocketEntry *e) { - u_int msg_len; - u_int type; + u_int msg_len, type; u_char *cp; /* kill dead keys */ @@ -622,6 +619,7 @@ process_message(SocketEntry *e) if (msg_len > 256 * 1024) { shutdown(e->fd, SHUT_RDWR); close(e->fd); + e->fd = -1; e->type = AUTH_UNUSED; buffer_free(&e->input); buffer_free(&e->output); @@ -717,6 +715,7 @@ static void new_socket(sock_type type, int fd) { u_int i, old_alloc; + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp) static void after_select(fd_set *readset, fd_set *writeset) { - u_int i; - int len, sock; + struct sockaddr_un sunaddr; socklen_t slen; char buf[1024]; - struct sockaddr_un sunaddr; + int len, sock; + u_int i; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -928,6 +929,8 @@ int main(int ac, char **av) { int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + char *shell, *format, *pidstr, *agentsocket = NULL; + fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; #ifdef HAVE_SETRLIMIT struct rlimit rlim; @@ -935,11 +938,10 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN int prev_mask; #endif - pid_t pid; - char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; - char *agentsocket = NULL; extern int optind; - fd_set *readsetp = NULL, *writesetp = NULL; + extern char *optarg; + pid_t pid; + char pidstrbuf[1 + 3 * sizeof pid]; SSLeay_add_all_algorithms(); @@ -947,11 +949,7 @@ main(int ac, char **av) init_rng(); seed_rng(); -#ifdef __GNU_LIBRARY__ - while ((ch = getopt(ac, av, "+cdksa:")) != -1) { -#else /* __GNU_LIBRARY__ */ while ((ch = getopt(ac, av, "cdksa:")) != -1) { -#endif /* __GNU_LIBRARY__ */ switch (ch) { case 'c': if (s_flag) diff --git a/crypto/openssh/ssh-dss.c b/crypto/openssh/ssh-dss.c index 02403f5..dbf8465 100644 --- a/crypto/openssh/ssh-dss.c +++ b/crypto/openssh/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $"); #include #include @@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $"); #define SIGBLOB_LEN (2*INTBLOB_LEN) int -ssh_dss_sign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { DSA_SIG *sig; @@ -71,7 +69,7 @@ ssh_dss_sign( rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - error("bad sig size %d %d", rlen, slen); + error("bad sig size %u %u", rlen, slen); DSA_SIG_free(sig); return -1; } @@ -104,9 +102,7 @@ ssh_dss_sign( return 0; } int -ssh_dss_verify( - Key *key, - u_char *signature, u_int signaturelen, +ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, u_char *data, u_int datalen) { DSA_SIG *sig; @@ -151,7 +147,7 @@ ssh_dss_verify( } if (len != SIGBLOB_LEN) { - fatal("bad sigbloblen %d != SIGBLOB_LEN", len); + fatal("bad sigbloblen %u != SIGBLOB_LEN", len); } /* parse signature */ diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index df8c90a..4273c11 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); #include #include @@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw) } fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); fprintf(stdout, - "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n", + "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n", key_size(k), key_type(k), pw->pw_name, hostname); dump_base64(stdout, blob, len); @@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw) public = key_load_public(identity_file, &comment); if (public != NULL) { fp = key_fingerprint(public, fptype, rep); - printf("%d %s %s\n", key_size(public), fp, comment); + printf("%u %s %s\n", key_size(public), fp, comment); key_free(public); xfree(comment); xfree(fp); @@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw) if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { int quoted = 0; comment = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + for (; *cp && (quoted || (*cp != ' ' && + *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ else if (*cp == '"') @@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw) } comment = *cp ? cp : comment; fp = key_fingerprint(public, fptype, rep); - printf("%d %s %s\n", key_size(public), fp, + printf("%u %s %s\n", key_size(public), fp, comment ? comment : "no comment"); xfree(fp); key_free(public); diff --git a/crypto/openssh/ssh-rsa.c b/crypto/openssh/ssh-rsa.c index 3e66294..782279b 100644 --- a/crypto/openssh/ssh-rsa.c +++ b/crypto/openssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $"); #include #include @@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $"); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int -ssh_rsa_sign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { const EVP_MD *evp_md; @@ -72,17 +70,18 @@ ssh_rsa_sign( if (ok != 1) { int ecode = ERR_get_error(); - error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL)); + error("ssh_rsa_sign: RSA_sign failed: %s", + ERR_error_string(ecode, NULL)); xfree(sig); return -1; } if (len < slen) { int diff = slen - len; - debug("slen %d > len %d", slen, len); + debug("slen %u > len %u", slen, len); memmove(sig + diff, sig, len); memset(sig, 0, diff); } else if (len > slen) { - error("ssh_rsa_sign: slen %d slen2 %d", slen, len); + error("ssh_rsa_sign: slen %u slen2 %u", slen, len); xfree(sig); return -1; } @@ -105,9 +104,7 @@ ssh_rsa_sign( } int -ssh_rsa_verify( - Key *key, - u_char *signature, u_int signaturelen, +ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, u_char *data, u_int datalen) { Buffer b; @@ -148,12 +145,12 @@ ssh_rsa_verify( /* RSA_verify expects a signature of RSA_size */ modlen = RSA_size(key->rsa); if (len > modlen) { - error("ssh_rsa_verify: len %d > modlen %d", len, modlen); + error("ssh_rsa_verify: len %u > modlen %u", len, modlen); xfree(sigblob); return -1; } else if (len < modlen) { int diff = modlen - len; - debug("ssh_rsa_verify: add padding: modlen %d > len %d", + debug("ssh_rsa_verify: add padding: modlen %u > len %u", modlen, len); sigblob = xrealloc(sigblob, modlen); memmove(sigblob + diff, sigblob, len); @@ -176,7 +173,8 @@ ssh_rsa_verify( xfree(sigblob); if (ret == 0) { int ecode = ERR_get_error(); - error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL)); + error("ssh_rsa_verify: RSA_verify failed: %s", + ERR_error_string(ecode, NULL)); } debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); return ret; diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 8ada41f..1f3efca 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , -.Xr ssh_config 4 , -.Xr ssh-keysign 8, +.Xr ssh_config 5 , +.Xr ssh-keysign 8 , .Xr sshd 8 .Rs .%A T. Ylonen diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index e23bb1d..07eee78 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */ +/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -65,8 +65,8 @@ #endif /* - * Name of the environment variable containing the pathname of the - * authentication socket. + * Name of the environment variable containing the process ID of the + * authentication agent. */ #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 9b4c388..b89321f 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $"); #include @@ -266,7 +266,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", port); + snprintf(strport, sizeof strport, "%u", port); if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("%s: %.100s: %s", __progname, host, gai_strerror(gaierr)); @@ -489,7 +489,6 @@ confirm(const char *prompt) * check whether the supplied host key is valid, return -1 if the key * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ - static int check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 7f28ab5..215f76c 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); #include "ssh.h" #include "ssh2.h" @@ -299,12 +299,14 @@ userauth(Authctxt *authctxt, char *authlist) } } } + void input_userauth_error(int type, u_int32_t seq, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " "type %d", type); } + void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { @@ -316,6 +318,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) xfree(msg); xfree(lang); } + void input_userauth_success(int type, u_int32_t seq, void *ctxt) { @@ -327,6 +330,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) clear_auth_state(authctxt); authctxt->success = 1; /* break out */ } + void input_userauth_failure(int type, u_int32_t seq, void *ctxt) { @@ -375,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", + debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); do { @@ -894,9 +898,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) } static int -ssh_keysign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_keysign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { Buffer b; @@ -1098,6 +1100,7 @@ authmethod_lookup(const char *name) static Authmethod *current = NULL; static char *supported = NULL; static char *preferred = NULL; + /* * Given the authentication method list sent by the server, return the * next method we should try. If the server initially sends a nil list, diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 22f8143..37a7b58 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -578,11 +578,18 @@ These files are created using .Xr ssh-keygen 1 . .It Pa /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +.It Pa /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. .It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running -concurrently for different ports, this contains the pid of the one +concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index feea3ce..851fad4 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); #include #include @@ -219,6 +219,7 @@ static void close_listen_socks(void) { int i; + for (i = 0; i < num_listen_socks; i++) close(listen_socks[i]); num_listen_socks = -1; @@ -228,6 +229,7 @@ static void close_startup_pipes(void) { int i; + if (startup_pipes) for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1) @@ -260,7 +262,8 @@ sighup_restart(void) close_listen_socks(); close_startup_pipes(); execv(saved_argv[0], saved_argv); - log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); + log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], + strerror(errno)); exit(1); } @@ -280,8 +283,8 @@ sigterm_handler(int sig) static void main_sigchld_handler(int sig) { - pid_t pid; int save_errno = errno; + pid_t pid; int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || @@ -341,6 +344,7 @@ static void key_regeneration_alarm(int sig) { int save_errno = errno; + signal(SIGALRM, SIG_DFL); errno = save_errno; key_do_regen = 1; @@ -372,7 +376,8 @@ sshd_exchange_identification(int sock_in, int sock_out) if (client_version_string == NULL) { /* Send our protocol version identification. */ - if (atomicio(write, sock_out, server_version_string, strlen(server_version_string)) + if (atomicio(write, sock_out, server_version_string, + strlen(server_version_string)) != strlen(server_version_string)) { log("Could not write ident string to %s", get_remote_ipaddr()); fatal_cleanup(); @@ -475,7 +480,6 @@ sshd_exchange_identification(int sock_in, int sock_out) } } - /* Destroy the host and server keys. They will no longer be needed. */ void destroy_sensitive_data(void) @@ -526,8 +530,9 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; - int i; + gid_t gidset[2]; struct passwd *pw; + int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -555,7 +560,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt* @@ -609,7 +624,11 @@ privsep_postauth(Authctxt *authctxt) /* XXX - Remote port forwarding */ x_authctxt = authctxt; +#ifdef BROKEN_FD_PASSING + if (1) { +#else if (authctxt->pw->pw_uid == 0 || options.use_login) { +#endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; @@ -683,6 +702,7 @@ Key * get_hostkey_by_type(int type) { int i; + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key != NULL && key->type == type) @@ -703,6 +723,7 @@ int get_hostkey_index(Key *key) { int i; + for (i = 0; i < options.num_host_key_files; i++) { if (key == sensitive_data.host_keys[i]) return (i); @@ -991,11 +1012,13 @@ main(int ac, char **av) * hate software patents. I dont know if this can go? Niels */ if (options.server_key_bits > - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED && - options.server_key_bits < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - + SSH_KEY_BITS_RESERVED && options.server_key_bits < + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { options.server_key_bits = - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED; + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED; debug("Forcing server key to %d bits to make it differ from host key.", options.server_key_bits); } @@ -1012,6 +1035,9 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) + fatal("Bad owner or mode for %s", + _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */ @@ -1351,7 +1377,7 @@ main(int ac, char **av) */ #if 0 /* XXX: this breaks Solaris */ - if (setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1aecd48..aa7b7c7 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -305,10 +305,6 @@ To disable keepalives, the value should be set to .It Cm KerberosAuthentication Specifies whether Kerberos authentication is allowed. This can be in the form of a Kerberos ticket, or if -.It Cm PAMAuthenticationViaKbdInt -Specifies whether PAM challenge response authentication is allowed. This -allows the use of most PAM challenge response authentication modules, but -it will allow password authentication regardless of whether .Cm PasswordAuthentication is yes, the password provided by the user will be validated through the Kerberos KDC. @@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches .Dq full (60). +.It Cm PAMAuthenticationViaKbdInt +Specifies whether PAM challenge response authentication is allowed. This +allows the use of most PAM challenge response authentication modules, but +it will allow password authentication regardless of whether +.Cm PasswordAuthentication +is enabled. .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is @@ -464,7 +466,7 @@ If this option is set to .Dq no root is not allowed to login. .It Cm PidFile -Specifies the file that contains the process identifier of the +Specifies the file that contains the process ID of the .Nm sshd daemon. The default is diff --git a/crypto/openssh/sshlogin.c b/crypto/openssh/sshlogin.c index 78c51ab..e76f945 100644 --- a/crypto/openssh/sshlogin.c +++ b/crypto/openssh/sshlogin.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $"); #include "loginrec.h" @@ -48,10 +48,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); * information is not available. This must be called before record_login. * The host the user logged in from will be returned in buf. */ - u_long get_last_login_time(uid_t uid, const char *logname, - char *buf, u_int bufsize) + char *buf, u_int bufsize) { struct logininfo li; @@ -64,10 +63,9 @@ get_last_login_time(uid_t uid, const char *logname, * Records that the user has logged in. I these parts of operating systems * were more standardized. */ - void record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, - const char *host, struct sockaddr * addr) + const char *host, struct sockaddr * addr) { struct logininfo *li; @@ -92,7 +90,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user, #endif /* Records that the user has logged out. */ - void record_logout(pid_t pid, const char *ttyname, const char *user) { diff --git a/crypto/openssh/sshpty.c b/crypto/openssh/sshpty.c index a7e7e27..64ac4e5 100644 --- a/crypto/openssh/sshpty.c +++ b/crypto/openssh/sshpty.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $"); #ifdef HAVE_UTIL_H # include @@ -343,9 +343,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); - else { + else close(fd); - } #endif /* _CRAY */ } @@ -356,6 +355,7 @@ pty_change_window_size(int ptyfd, int row, int col, int xpixel, int ypixel) { struct winsize w; + w.ws_row = row; w.ws_col = col; w.ws_xpixel = xpixel; @@ -393,13 +393,13 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && - (st.st_uid == pw->pw_uid || st.st_uid == 0)) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + (st.st_uid == pw->pw_uid || st.st_uid == 0)) + error("chown(%.100s, %u, %u) failed: %.100s", + ttyname, (u_int)pw->pw_uid, (u_int)gid, strerror(errno)); else - fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + fatal("chown(%.100s, %u, %u) failed: %.100s", + ttyname, (u_int)pw->pw_uid, (u_int)gid, strerror(errno)); } } diff --git a/crypto/openssh/tildexpand.c b/crypto/openssh/tildexpand.c index e89a7ad..cbe9811 100644 --- a/crypto/openssh/tildexpand.c +++ b/crypto/openssh/tildexpand.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $"); +RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid) if (len > MAXPATHLEN) fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1); expanded = xmalloc(len); - snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1); + snprintf(expanded, len, "%s%s%s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1); return expanded; } diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index fcd853d..1e9b431 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,4 +1,4 @@ -/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */ +/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */ -#define SSH_VERSION "OpenSSH_3.3" +#define SSH_VERSION "OpenSSH_3.4p1" -- cgit v1.1