from www.openssh.org
This commit is contained in:
parent
c1690ac516
commit
24bd244ffa
|
@ -162,8 +162,7 @@ these programs.
|
|||
- There are several other files in the distribution that contain
|
||||
various auxiliary routines:
|
||||
ssh.h the main header file for ssh (various definitions)
|
||||
getput.h byte-order independent storage of integers
|
||||
includes.h includes most system headers. Lots of #ifdefs.
|
||||
tildexpand.c expand tilde in file names
|
||||
uidswap.c uid-swapping
|
||||
xmalloc.c "safe" malloc routines
|
||||
|
||||
$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
|
||||
|
|
|
@ -23,3 +23,5 @@ features and created OpenSSH. Markus Friedl contributed the support
|
|||
for SSH protocol versions 1.5 and 2.0.
|
||||
|
||||
See http://www.openssh.com/ for more information.
|
||||
|
||||
$OpenBSD: README,v 1.7 2006/04/01 05:37:46 djm Exp $
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
/* $NetBSD: atomicio.c,v 1.1.1.8 2006/02/04 22:22:31 christos Exp $ */
|
||||
/* $NetBSD: atomicio.c,v 1.1.1.9 2006/09/28 21:14:57 christos Exp $ */
|
||||
/* $OpenBSD: atomicio.c,v 1.23 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
|
@ -25,8 +27,11 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
||||
#include <sys/param.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
|
@ -34,11 +39,7 @@ RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
|||
* ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
size_t
|
||||
atomicio(f, fd, _s, n)
|
||||
ssize_t (*f) (int, void *, size_t);
|
||||
int fd;
|
||||
void *_s;
|
||||
size_t n;
|
||||
atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
|
||||
{
|
||||
char *s = _s;
|
||||
size_t pos = 0;
|
||||
|
@ -55,8 +56,60 @@ atomicio(f, fd, _s, n)
|
|||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
pos += (u_int)res;
|
||||
pos += (size_t)res;
|
||||
}
|
||||
}
|
||||
return (pos);
|
||||
}
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==readv || f==writev
|
||||
*/
|
||||
size_t
|
||||
atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
|
||||
const struct iovec *_iov, int iovcnt)
|
||||
{
|
||||
size_t pos = 0, rem;
|
||||
ssize_t res;
|
||||
struct iovec iov_array[IOV_MAX], *iov = iov_array;
|
||||
|
||||
if (iovcnt > IOV_MAX) {
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
/* Make a copy of the iov array because we may modify it below */
|
||||
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
|
||||
|
||||
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
|
||||
res = (f) (fd, iov, iovcnt);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
return 0;
|
||||
case 0:
|
||||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
rem = (size_t)res;
|
||||
pos += rem;
|
||||
/* skip completed iov entries */
|
||||
while (iovcnt > 0 && rem >= iov[0].iov_len) {
|
||||
rem -= iov[0].iov_len;
|
||||
iov++;
|
||||
iovcnt--;
|
||||
}
|
||||
/* This shouldn't happen... */
|
||||
if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) {
|
||||
errno = EFAULT;
|
||||
return 0;
|
||||
}
|
||||
if (iovcnt == 0)
|
||||
break;
|
||||
/* update pointer in partially complete iov */
|
||||
iov[0].iov_base = ((char *)iov[0].iov_base) + rem;
|
||||
iov[0].iov_len -= rem;
|
||||
}
|
||||
}
|
||||
return pos;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
/* $NetBSD: atomicio.h,v 1.1.1.6 2006/02/04 22:22:31 christos Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
|
||||
/* $NetBSD: atomicio.h,v 1.1.1.7 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
*
|
||||
|
@ -26,9 +27,20 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _ATOMICIO_H
|
||||
#define _ATOMICIO_H
|
||||
|
||||
/*
|
||||
* Ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
|
||||
#define vwrite (ssize_t (*)(int, void *, size_t))write
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==readv || f==writev
|
||||
*/
|
||||
size_t atomiciov(ssize_t (*)(int, const struct iovec *, int),
|
||||
int, const struct iovec *, int);
|
||||
|
||||
#endif /* _ATOMICIO_H */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-bsdauth.c,v 1.1.1.6 2005/04/23 16:27:56 christos Exp $ */
|
||||
/* $NetBSD: auth-bsdauth.c,v 1.1.1.7 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -22,13 +23,19 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#ifdef BSD_AUTH
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
static void *
|
||||
|
@ -70,9 +77,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
(*prompts)[0] = xstrdup(challenge);
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-chall.c,v 1.1.1.5 2005/02/13 00:52:44 christos Exp $ */
|
||||
/* $NetBSD: auth-chall.c,v 1.1.1.6 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,12 +24,13 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
/* limited protocol v1 interface to kbd-interactive authentication */
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-krb5.c,v 1.1.1.8 2006/02/04 22:22:31 christos Exp $ */
|
||||
/* $NetBSD: auth-krb5.c,v 1.1.1.9 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Kerberos v5 authentication and ticket-passing routines.
|
||||
*
|
||||
|
@ -28,16 +29,20 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "uidswap.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
|
||||
#ifdef KRB5
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-options.c,v 1.1.1.15 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $NetBSD: auth-options.c,v 1.1.1.16 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -10,19 +11,30 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
#include "canohost.h"
|
||||
#include "buffer.h"
|
||||
#include "channels.h"
|
||||
#include "auth-options.h"
|
||||
#include "servconf.h"
|
||||
#include "misc.h"
|
||||
#include "monitor_wrap.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* Flags set authorized_keys flags */
|
||||
int no_port_forwarding_flag = 0;
|
||||
|
@ -132,7 +144,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
forced_command = NULL;
|
||||
goto bad_option;
|
||||
}
|
||||
forced_command[i] = 0;
|
||||
forced_command[i] = '\0';
|
||||
auth_debug_add("Forced command: %.900s", forced_command);
|
||||
opts++;
|
||||
goto next_option;
|
||||
|
@ -164,7 +176,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
xfree(s);
|
||||
goto bad_option;
|
||||
}
|
||||
s[i] = 0;
|
||||
s[i] = '\0';
|
||||
auth_debug_add("Adding to environment: %.900s", s);
|
||||
debug("Adding to environment: %.900s", s);
|
||||
opts++;
|
||||
|
@ -201,7 +213,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
xfree(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = 0;
|
||||
patterns[i] = '\0';
|
||||
opts++;
|
||||
if (match_host_and_ip(remote_host, remote_ip,
|
||||
patterns) != 1) {
|
||||
|
@ -246,7 +258,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
xfree(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = 0;
|
||||
patterns[i] = '\0';
|
||||
opts++;
|
||||
p = patterns;
|
||||
host = hpdelim(&p);
|
||||
|
@ -294,7 +306,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
forced_tun_device = -1;
|
||||
goto bad_option;
|
||||
}
|
||||
tun[i] = 0;
|
||||
tun[i] = '\0';
|
||||
forced_tun_device = a2tun(tun, NULL);
|
||||
xfree(tun);
|
||||
if (forced_tun_device == SSH_TUNID_ERR) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: auth-options.h,v 1.1.1.8 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */
|
||||
/* $NetBSD: auth-options.h,v 1.1.1.9 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-passwd.c,v 1.1.1.12 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $NetBSD: auth-passwd.c,v 1.1.1.13 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-passwd.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -36,13 +37,19 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-rh-rsa.c,v 1.1.1.10 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $NetBSD: auth-rh-rsa.c,v 1.1.1.11 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-rh-rsa.c,v 1.42 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -13,19 +14,24 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.38 2005/07/17 07:17:54 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "pathnames.h"
|
||||
#include "auth.h"
|
||||
#include "canohost.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-rhosts.c,v 1.1.1.11 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $NetBSD: auth-rhosts.c,v 1.1.1.12 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -14,15 +15,24 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <netgroup.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "uidswap.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
|
||||
/* import */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-rsa.c,v 1.1.1.14 2006/02/04 22:22:32 christos Exp $ */
|
||||
/* $NetBSD: auth-rsa.c,v 1.1.1.15 2006/09/28 21:14:58 christos Exp $ */
|
||||
/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -14,24 +15,33 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh1.h"
|
||||
#include "uidswap.h"
|
||||
#include "match.h"
|
||||
#include "buffer.h"
|
||||
#include "auth-options.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "auth.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "ssh.h"
|
||||
#include "misc.h"
|
||||
|
@ -138,7 +148,7 @@ auth_rsa_challenge_dialog(Key *key)
|
|||
/* Wait for a response. */
|
||||
packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
|
||||
for (i = 0; i < 16; i++)
|
||||
response[i] = packet_get_char();
|
||||
response[i] = (u_char)packet_get_char();
|
||||
packet_check_eom();
|
||||
|
||||
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth-skey.c,v 1.1.1.7 2002/10/01 13:40:02 itojun Exp $ */
|
||||
/* $NetBSD: auth-skey.c,v 1.1.1.8 2006/09/28 21:14:59 christos Exp $ */
|
||||
/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -22,14 +23,19 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
|
||||
|
||||
#ifdef SKEY
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <skey.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
|
@ -44,8 +50,7 @@ skey_query(void *ctx, char **name, char **infotxt,
|
|||
u_int* numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
char challenge[1024], *p;
|
||||
int len;
|
||||
char challenge[1024];
|
||||
struct skey skey;
|
||||
|
||||
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
|
||||
|
@ -54,15 +59,10 @@ skey_query(void *ctx, char **name, char **infotxt,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
|
||||
len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
|
||||
p = xmalloc(len);
|
||||
strlcpy(p, challenge, len);
|
||||
strlcat(p, SKEY_PROMPT, len);
|
||||
(*prompts)[0] = p;
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth.c,v 1.1.1.18 2006/02/04 22:22:33 christos Exp $ */
|
||||
/* $NetBSD: auth.c,v 1.1.1.19 2006/09/28 21:14:59 christos Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.75 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,28 +24,40 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <libgen.h>
|
||||
#include <paths.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
#include "groupaccess.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
#include "canohost.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "uidswap.h"
|
||||
#include "misc.h"
|
||||
#include "bufaux.h"
|
||||
#include "packet.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern int use_privsep;
|
||||
|
||||
/* Debugging messages */
|
||||
Buffer auth_debug;
|
||||
|
@ -163,6 +176,9 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
|
|||
void (*authlog) (const char *fmt,...) = verbose;
|
||||
char *authmsg;
|
||||
|
||||
if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
|
||||
return;
|
||||
|
||||
/* Raise logging level */
|
||||
if (authenticated == 1 ||
|
||||
!authctxt->valid ||
|
||||
|
@ -194,7 +210,6 @@ auth_root_allowed(char *method)
|
|||
switch (options.permit_root_login) {
|
||||
case PERMIT_YES:
|
||||
return 1;
|
||||
break;
|
||||
case PERMIT_NO_PASSWD:
|
||||
if (strcmp(method, "password") != 0)
|
||||
return 1;
|
||||
|
@ -221,7 +236,8 @@ auth_root_allowed(char *method)
|
|||
static char *
|
||||
expand_authorized_keys(const char *filename, struct passwd *pw)
|
||||
{
|
||||
char *file, *ret;
|
||||
char *file, ret[MAXPATHLEN];
|
||||
int i;
|
||||
|
||||
file = percent_expand(filename, "h", pw->pw_dir,
|
||||
"u", pw->pw_name, (char *)NULL);
|
||||
|
@ -233,14 +249,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
|
|||
if (*file == '/')
|
||||
return (file);
|
||||
|
||||
ret = xmalloc(MAXPATHLEN);
|
||||
if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
|
||||
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
|
||||
if (i < 0 || (size_t)i >= sizeof(ret))
|
||||
fatal("expand_authorized_keys: path too long");
|
||||
|
||||
xfree(file);
|
||||
return (ret);
|
||||
return (xstrdup(ret));
|
||||
}
|
||||
|
||||
char *
|
||||
|
@ -377,6 +390,9 @@ getpwnamallow(const char *user)
|
|||
#endif
|
||||
struct passwd *pw;
|
||||
|
||||
parse_server_match_config(&options, user,
|
||||
get_canonical_hostname(options.use_dns), get_remote_ipaddr());
|
||||
|
||||
pw = getpwnam(user);
|
||||
if (pw == NULL) {
|
||||
logit("Invalid user %.100s from %.100s",
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: auth.h,v 1.1.1.16 2006/02/04 22:22:33 christos Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.51 2005/06/06 11:20:36 djm Exp $ */
|
||||
/* $NetBSD: auth.h,v 1.1.1.17 2006/09/28 21:14:59 christos Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -29,8 +29,8 @@
|
|||
#ifndef AUTH_H
|
||||
#define AUTH_H
|
||||
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include <signal.h>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
|
@ -48,7 +48,8 @@ typedef struct Authmethod Authmethod;
|
|||
typedef struct KbdintDevice KbdintDevice;
|
||||
|
||||
struct Authctxt {
|
||||
int success;
|
||||
sig_atomic_t success;
|
||||
int authenticated; /* authenticated and alarms cancelled */
|
||||
int postponed; /* authentication needs another step */
|
||||
int valid; /* user exists and is allowed to login */
|
||||
int attempt;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth1.c,v 1.1.1.17 2006/02/04 22:22:33 christos Exp $ */
|
||||
/* $NetBSD: auth1.c,v 1.1.1.18 2006/09/28 21:14:59 christos Exp $ */
|
||||
/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -10,8 +11,12 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
|
@ -21,10 +26,15 @@ RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
|
|||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "channels.h"
|
||||
#include "session.h"
|
||||
#include "uidswap.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
|
@ -74,7 +84,7 @@ static const struct AuthMethod1
|
|||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; auth1_methods[i].name != NULL; i++)
|
||||
for (i = 0; auth1_methods[i].name != NULL; i++)
|
||||
if (auth1_methods[i].type == type)
|
||||
return (&(auth1_methods[i]));
|
||||
|
||||
|
@ -93,6 +103,7 @@ get_authname(int type)
|
|||
return (buf);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
|
@ -117,6 +128,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
|||
return (authenticated);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
|
@ -134,6 +146,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
|||
return (authenticated);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
|
@ -174,6 +187,7 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
|||
return (authenticated);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
|
@ -192,6 +206,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
|||
return (-1);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-chall.c,v 1.1.1.13 2006/02/04 22:22:33 christos Exp $ */
|
||||
/* $NetBSD: auth2-chall.c,v 1.1.1.14 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
|
@ -23,14 +24,19 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "buffer.h"
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "dispatch.h"
|
||||
#include "log.h"
|
||||
|
||||
|
@ -262,7 +268,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
|||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xmalloc(nresp * sizeof(char *));
|
||||
response = xcalloc(nresp, sizeof(char *));
|
||||
for (i = 0; i < nresp; i++)
|
||||
response[i] = packet_get_string(NULL);
|
||||
}
|
||||
|
@ -316,9 +322,10 @@ privsep_challenge_enable(void)
|
|||
{
|
||||
#ifdef BSD_AUTH
|
||||
extern KbdintDevice mm_bsdauth_device;
|
||||
#endif
|
||||
#else
|
||||
#ifdef SKEY
|
||||
extern KbdintDevice mm_skey_device;
|
||||
#endif
|
||||
#endif
|
||||
/* As long as SSHv1 has devices[0] hard coded this is fine */
|
||||
#ifdef BSD_AUTH
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: auth2-gss.c,v 1.1.1.2 2006/02/04 22:22:33 christos Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $NetBSD: auth2-gss.c,v 1.1.1.3 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -25,20 +25,20 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "dispatch.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "packet.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
#include "ssh-gss.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
|
@ -101,6 +101,8 @@ userauth_gssapi(Authctxt *authctxt)
|
|||
}
|
||||
|
||||
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
|
||||
if (ctxt != NULL)
|
||||
ssh_gssapi_delete_ctx(&ctxt);
|
||||
xfree(doid);
|
||||
return (0);
|
||||
}
|
||||
|
@ -290,5 +292,3 @@ Authmethod method_gssapi = {
|
|||
userauth_gssapi,
|
||||
&options.gss_authentication
|
||||
};
|
||||
|
||||
#endif /* GSSAPI */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-hostbased.c,v 1.1.1.2 2005/02/13 00:52:52 christos Exp $ */
|
||||
/* $NetBSD: auth2-hostbased.c,v 1.1.1.3 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,20 +24,27 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "bufaux.h"
|
||||
#include "auth.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "canohost.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "pathnames.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-kbdint.c,v 1.1.1.1 2002/06/24 05:26:12 itojun Exp $ */
|
||||
/* $NetBSD: auth2-kbdint.c,v 1.1.1.2 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,14 +24,16 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-kbdint.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-none.c,v 1.1.1.3 2005/02/13 00:52:52 christos Exp $ */
|
||||
/* $NetBSD: auth2-none.c,v 1.1.1.4 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,17 +24,27 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "auth.h"
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "atomicio.h"
|
||||
#include "compat.h"
|
||||
#include "ssh2.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-passwd.c,v 1.1.1.2 2005/02/13 00:52:52 christos Exp $ */
|
||||
/* $NetBSD: auth2-passwd.c,v 1.1.1.3 2006/09/28 21:15:00 christos Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,13 +24,21 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "buffer.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "servconf.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2-pubkey.c,v 1.1.1.3 2005/04/23 16:28:00 christos Exp $ */
|
||||
/* $NetBSD: auth2-pubkey.c,v 1.1.1.4 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,24 +24,32 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "bufaux.h"
|
||||
#include "auth.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "pathnames.h"
|
||||
#include "uidswap.h"
|
||||
#include "auth-options.h"
|
||||
#include "canohost.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "misc.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: auth2.c,v 1.1.1.20 2005/02/13 00:52:48 christos Exp $ */
|
||||
/* $NetBSD: auth2.c,v 1.1.1.21 2006/09/28 21:14:57 christos Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,23 +24,29 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "dispatch.h"
|
||||
#include "pathnames.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
|
@ -95,6 +102,7 @@ do_authentication2(Authctxt *authctxt)
|
|||
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static void
|
||||
input_service_request(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -128,6 +136,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
|
|||
xfree(service);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static void
|
||||
input_userauth_request(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: authfd.c,v 1.1.1.16 2006/02/04 22:22:35 christos Exp $ */
|
||||
/* $NetBSD: authfd.c,v 1.1.1.17 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: authfd.c,v 1.80 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,17 +36,24 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/un.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "rsa.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "key.h"
|
||||
#include "authfd.h"
|
||||
#include "cipher.h"
|
||||
|
@ -53,6 +61,7 @@ RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
|
|||
#include "compat.h"
|
||||
#include "log.h"
|
||||
#include "atomicio.h"
|
||||
#include "misc.h"
|
||||
|
||||
static int agent_present = 0;
|
||||
|
||||
|
@ -104,7 +113,7 @@ ssh_get_authentication_socket(void)
|
|||
close(sock);
|
||||
return -1;
|
||||
}
|
||||
if (connect(sock, (struct sockaddr *) &sunaddr, sizeof sunaddr) < 0) {
|
||||
if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
|
||||
close(sock);
|
||||
return -1;
|
||||
}
|
||||
|
@ -120,7 +129,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
|||
|
||||
/* Get the length of the message, and format it in the buffer. */
|
||||
len = buffer_len(request);
|
||||
PUT_32BIT(buf, len);
|
||||
put_u32(buf, len);
|
||||
|
||||
/* Send the length and then the packet to the agent. */
|
||||
if (atomicio(vwrite, auth->fd, buf, 4) != 4 ||
|
||||
|
@ -139,7 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
|||
}
|
||||
|
||||
/* Extract the length, and check it for sanity. */
|
||||
len = GET_32BIT(buf);
|
||||
len = get_u32(buf);
|
||||
if (len > 256 * 1024)
|
||||
fatal("Authentication response too long: %u", len);
|
||||
|
||||
|
@ -336,7 +345,6 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
|
|||
break;
|
||||
default:
|
||||
return NULL;
|
||||
break;
|
||||
}
|
||||
/* Decrement the number of remaining entries. */
|
||||
auth->howmany--;
|
||||
|
@ -395,7 +403,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
|
|||
* fatal error if the packet is corrupt.
|
||||
*/
|
||||
for (i = 0; i < 16; i++)
|
||||
response[i] = buffer_get_char(&buffer);
|
||||
response[i] = (u_char)buffer_get_char(&buffer);
|
||||
}
|
||||
buffer_free(&buffer);
|
||||
return success;
|
||||
|
@ -518,7 +526,6 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
|
|||
default:
|
||||
buffer_free(&msg);
|
||||
return 0;
|
||||
break;
|
||||
}
|
||||
if (constrained) {
|
||||
if (life != 0) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: authfd.h,v 1.1.1.11 2005/02/13 00:52:53 christos Exp $ */
|
||||
/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */
|
||||
/* $NetBSD: authfd.h,v 1.1.1.12 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -17,8 +17,6 @@
|
|||
#ifndef AUTHFD_H
|
||||
#define AUTHFD_H
|
||||
|
||||
#include "buffer.h"
|
||||
|
||||
/* Messages for the authentication agent connection. */
|
||||
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
|
||||
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: authfile.c,v 1.1.1.18 2006/02/04 22:22:36 christos Exp $ */
|
||||
/* $NetBSD: authfile.c,v 1.1.1.19 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -36,17 +37,26 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#include "cipher.h"
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "cipher.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "key.h"
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
|
@ -185,7 +195,7 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
|
|||
return 0;
|
||||
}
|
||||
fp = fdopen(fd, "w");
|
||||
if (fp == NULL ) {
|
||||
if (fp == NULL) {
|
||||
error("fdopen %s failed: %s.", filename, strerror(errno));
|
||||
close(fd);
|
||||
return 0;
|
||||
|
@ -212,12 +222,10 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
|
|||
case KEY_RSA1:
|
||||
return key_save_private_rsa1(key, filename, passphrase,
|
||||
comment);
|
||||
break;
|
||||
case KEY_DSA:
|
||||
case KEY_RSA:
|
||||
return key_save_private_pem(key, filename, passphrase,
|
||||
comment);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -508,7 +516,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
|
|||
return prv;
|
||||
}
|
||||
|
||||
static int
|
||||
int
|
||||
key_perm_ok(int fd, const char *filename)
|
||||
{
|
||||
struct stat st;
|
||||
|
@ -535,7 +543,7 @@ key_perm_ok(int fd, const char *filename)
|
|||
|
||||
Key *
|
||||
key_load_private_type(int type, const char *filename, const char *passphrase,
|
||||
char **commentp)
|
||||
char **commentp, int *perm_ok)
|
||||
{
|
||||
int fd;
|
||||
|
||||
|
@ -543,22 +551,24 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
|
|||
if (fd < 0)
|
||||
return NULL;
|
||||
if (!key_perm_ok(fd, filename)) {
|
||||
if (perm_ok != NULL)
|
||||
*perm_ok = 0;
|
||||
error("bad permissions: ignore key: %s", filename);
|
||||
close(fd);
|
||||
return NULL;
|
||||
}
|
||||
if (perm_ok != NULL)
|
||||
*perm_ok = 1;
|
||||
switch (type) {
|
||||
case KEY_RSA1:
|
||||
return key_load_private_rsa1(fd, filename, passphrase,
|
||||
commentp);
|
||||
/* closes fd */
|
||||
break;
|
||||
case KEY_DSA:
|
||||
case KEY_RSA:
|
||||
case KEY_UNSPEC:
|
||||
return key_load_private_pem(fd, type, passphrase, commentp);
|
||||
/* closes fd */
|
||||
break;
|
||||
default:
|
||||
close(fd);
|
||||
break;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: authfile.h,v 1.1.1.7 2002/06/24 05:25:43 itojun Exp $ */
|
||||
/* $OpenBSD: authfile.h,v 1.10 2002/05/23 19:24:30 markus Exp $ */
|
||||
/* $NetBSD: authfile.h,v 1.1.1.8 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -20,7 +20,8 @@ int key_save_private(Key *, const char *, const char *, const char *);
|
|||
Key *key_load_public(const char *, char **);
|
||||
Key *key_load_public_type(int, const char *, char **);
|
||||
Key *key_load_private(const char *, const char *, char **);
|
||||
Key *key_load_private_type(int, const char *, const char *, char **);
|
||||
Key *key_load_private_type(int, const char *, const char *, char **, int *);
|
||||
Key *key_load_private_pem(int, int, const char *, char **);
|
||||
int key_perm_ok(int, const char *);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: bufaux.c,v 1.1.1.13 2006/02/04 22:22:36 christos Exp $ */
|
||||
/* $NetBSD: bufaux.c,v 1.1.1.14 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: bufaux.c,v 1.44 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -37,177 +38,17 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
||||
* by (bits+7)/8 bytes of binary data, msb first.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
int bits = BN_num_bits(value);
|
||||
int bin_size = (bits + 7) / 8;
|
||||
u_char *buf = xmalloc(bin_size);
|
||||
int oi;
|
||||
char msg[2];
|
||||
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf);
|
||||
if (oi != bin_size) {
|
||||
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bin_size);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* Store the number of bits in the buffer in two bytes, msb first. */
|
||||
PUT_16BIT(msg, bits);
|
||||
buffer_append(buffer, msg, 2);
|
||||
/* Store the binary data. */
|
||||
buffer_append(buffer, (char *)buf, oi);
|
||||
|
||||
memset(buf, 0, bin_size);
|
||||
xfree(buf);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Retrieves an BIGNUM from the buffer.
|
||||
*/
|
||||
int
|
||||
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int bits, bytes;
|
||||
u_char buf[2], *bin;
|
||||
|
||||
/* Get the number for bits. */
|
||||
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
|
||||
error("buffer_get_bignum_ret: invalid length");
|
||||
return (-1);
|
||||
}
|
||||
bits = GET_16BIT(buf);
|
||||
/* Compute the number of binary bytes that follow. */
|
||||
bytes = (bits + 7) / 8;
|
||||
if (bytes > 8 * 1024) {
|
||||
error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
|
||||
return (-1);
|
||||
}
|
||||
if (buffer_len(buffer) < bytes) {
|
||||
error("buffer_get_bignum_ret: input buffer too small");
|
||||
return (-1);
|
||||
}
|
||||
bin = buffer_ptr(buffer);
|
||||
BN_bin2bn(bin, bytes, value);
|
||||
if (buffer_consume_ret(buffer, bytes) == -1) {
|
||||
error("buffer_get_bignum_ret: buffer_consume failed");
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer in SSH2 format.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
u_int bytes;
|
||||
u_char *buf;
|
||||
int oi;
|
||||
u_int hasnohigh = 0;
|
||||
|
||||
if (BN_is_zero(value)) {
|
||||
buffer_put_int(buffer, 0);
|
||||
return 0;
|
||||
}
|
||||
if (value->neg) {
|
||||
error("buffer_put_bignum2_ret: negative numbers not supported");
|
||||
return (-1);
|
||||
}
|
||||
bytes = BN_num_bytes(value) + 1; /* extra padding byte */
|
||||
if (bytes < 2) {
|
||||
error("buffer_put_bignum2_ret: BN too small");
|
||||
return (-1);
|
||||
}
|
||||
buf = xmalloc(bytes);
|
||||
buf[0] = 0x00;
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
if (oi < 0 || (u_int)oi != bytes - 1) {
|
||||
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
|
||||
"oi %d != bin_size %d", oi, bytes);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
|
||||
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
|
||||
memset(buf, 0, bytes);
|
||||
xfree(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum2: buffer error");
|
||||
}
|
||||
|
||||
int
|
||||
buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int len;
|
||||
u_char *bin;
|
||||
|
||||
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
|
||||
error("buffer_get_bignum2_ret: invalid bignum");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (len > 0 && (bin[0] & 0x80)) {
|
||||
error("buffer_get_bignum2_ret: negative numbers not supported");
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (len > 8 * 1024) {
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
BN_bin2bn(bin, len, value);
|
||||
xfree(bin);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum2: buffer error");
|
||||
}
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* Returns integers from the buffer (msb first).
|
||||
|
@ -220,7 +61,7 @@ buffer_get_short_ret(u_short *ret, Buffer *buffer)
|
|||
|
||||
if (buffer_get_ret(buffer, (char *) buf, 2) == -1)
|
||||
return (-1);
|
||||
*ret = GET_16BIT(buf);
|
||||
*ret = get_u16(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -242,7 +83,7 @@ buffer_get_int_ret(u_int *ret, Buffer *buffer)
|
|||
|
||||
if (buffer_get_ret(buffer, (char *) buf, 4) == -1)
|
||||
return (-1);
|
||||
*ret = GET_32BIT(buf);
|
||||
*ret = get_u32(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -264,7 +105,7 @@ buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer)
|
|||
|
||||
if (buffer_get_ret(buffer, (char *) buf, 8) == -1)
|
||||
return (-1);
|
||||
*ret = GET_64BIT(buf);
|
||||
*ret = get_u64(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -287,7 +128,7 @@ buffer_put_short(Buffer *buffer, u_short value)
|
|||
{
|
||||
char buf[2];
|
||||
|
||||
PUT_16BIT(buf, value);
|
||||
put_u16(buf, value);
|
||||
buffer_append(buffer, buf, 2);
|
||||
}
|
||||
|
||||
|
@ -296,7 +137,7 @@ buffer_put_int(Buffer *buffer, u_int value)
|
|||
{
|
||||
char buf[4];
|
||||
|
||||
PUT_32BIT(buf, value);
|
||||
put_u32(buf, value);
|
||||
buffer_append(buffer, buf, 4);
|
||||
}
|
||||
|
||||
|
@ -305,7 +146,7 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
|
|||
{
|
||||
char buf[8];
|
||||
|
||||
PUT_64BIT(buf, value);
|
||||
put_u64(buf, value);
|
||||
buffer_append(buffer, buf, 8);
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,214 @@
|
|||
/* $NetBSD: bufbn.c,v 1.1.1.1 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* Auxiliary functions for storing and retrieving various data types to/from
|
||||
* Buffers.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*
|
||||
*
|
||||
* SSH2 packet format added by Markus Friedl
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
||||
* by (bits+7)/8 bytes of binary data, msb first.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
int bits = BN_num_bits(value);
|
||||
int bin_size = (bits + 7) / 8;
|
||||
u_char *buf = xmalloc(bin_size);
|
||||
int oi;
|
||||
char msg[2];
|
||||
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf);
|
||||
if (oi != bin_size) {
|
||||
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bin_size);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* Store the number of bits in the buffer in two bytes, msb first. */
|
||||
put_u16(msg, bits);
|
||||
buffer_append(buffer, msg, 2);
|
||||
/* Store the binary data. */
|
||||
buffer_append(buffer, buf, oi);
|
||||
|
||||
memset(buf, 0, bin_size);
|
||||
xfree(buf);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Retrieves an BIGNUM from the buffer.
|
||||
*/
|
||||
int
|
||||
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int bits, bytes;
|
||||
u_char buf[2], *bin;
|
||||
|
||||
/* Get the number for bits. */
|
||||
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
|
||||
error("buffer_get_bignum_ret: invalid length");
|
||||
return (-1);
|
||||
}
|
||||
bits = get_u16(buf);
|
||||
/* Compute the number of binary bytes that follow. */
|
||||
bytes = (bits + 7) / 8;
|
||||
if (bytes > 8 * 1024) {
|
||||
error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
|
||||
return (-1);
|
||||
}
|
||||
if (buffer_len(buffer) < bytes) {
|
||||
error("buffer_get_bignum_ret: input buffer too small");
|
||||
return (-1);
|
||||
}
|
||||
bin = buffer_ptr(buffer);
|
||||
BN_bin2bn(bin, bytes, value);
|
||||
if (buffer_consume_ret(buffer, bytes) == -1) {
|
||||
error("buffer_get_bignum_ret: buffer_consume failed");
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer in SSH2 format.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
u_int bytes;
|
||||
u_char *buf;
|
||||
int oi;
|
||||
u_int hasnohigh = 0;
|
||||
|
||||
if (BN_is_zero(value)) {
|
||||
buffer_put_int(buffer, 0);
|
||||
return 0;
|
||||
}
|
||||
if (value->neg) {
|
||||
error("buffer_put_bignum2_ret: negative numbers not supported");
|
||||
return (-1);
|
||||
}
|
||||
bytes = BN_num_bytes(value) + 1; /* extra padding byte */
|
||||
if (bytes < 2) {
|
||||
error("buffer_put_bignum2_ret: BN too small");
|
||||
return (-1);
|
||||
}
|
||||
buf = xmalloc(bytes);
|
||||
buf[0] = 0x00;
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
if (oi < 0 || (u_int)oi != bytes - 1) {
|
||||
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
|
||||
"oi %d != bin_size %d", oi, bytes);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
|
||||
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
|
||||
memset(buf, 0, bytes);
|
||||
xfree(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum2: buffer error");
|
||||
}
|
||||
|
||||
int
|
||||
buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int len;
|
||||
u_char *bin;
|
||||
|
||||
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
|
||||
error("buffer_get_bignum2_ret: invalid bignum");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (len > 0 && (bin[0] & 0x80)) {
|
||||
error("buffer_get_bignum2_ret: negative numbers not supported");
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (len > 8 * 1024) {
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
BN_bin2bn(bin, len, value);
|
||||
xfree(bin);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum2: buffer error");
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: buffer.c,v 1.1.1.10 2006/02/04 22:22:36 christos Exp $ */
|
||||
/* $NetBSD: buffer.c,v 1.1.1.11 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: buffer.c,v 1.31 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -12,13 +13,20 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
#define BUFFER_ALLOCSZ 0x008000
|
||||
|
||||
/* Initializes the buffer structure. */
|
||||
|
||||
void
|
||||
|
@ -67,6 +75,23 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
|
|||
memcpy(p, data, len);
|
||||
}
|
||||
|
||||
static int
|
||||
buffer_compact(Buffer *buffer)
|
||||
{
|
||||
/*
|
||||
* If the buffer is quite empty, but all data is at the end, move the
|
||||
* data to the beginning.
|
||||
*/
|
||||
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
|
||||
memmove(buffer->buf, buffer->buf + buffer->offset,
|
||||
buffer->end - buffer->offset);
|
||||
buffer->end -= buffer->offset;
|
||||
buffer->offset = 0;
|
||||
return (1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Appends space to the buffer, expanding the buffer if necessary. This does
|
||||
* not actually copy the data into the buffer, but instead returns a pointer
|
||||
|
@ -94,29 +119,43 @@ restart:
|
|||
buffer->end += len;
|
||||
return p;
|
||||
}
|
||||
/*
|
||||
* If the buffer is quite empty, but all data is at the end, move the
|
||||
* data to the beginning and retry.
|
||||
*/
|
||||
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
|
||||
memmove(buffer->buf, buffer->buf + buffer->offset,
|
||||
buffer->end - buffer->offset);
|
||||
buffer->end -= buffer->offset;
|
||||
buffer->offset = 0;
|
||||
goto restart;
|
||||
}
|
||||
/* Increase the size of the buffer and retry. */
|
||||
|
||||
newlen = buffer->alloc + len + 32768;
|
||||
/* Compact data back to the start of the buffer if necessary */
|
||||
if (buffer_compact(buffer))
|
||||
goto restart;
|
||||
|
||||
/* Increase the size of the buffer and retry. */
|
||||
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
|
||||
if (newlen > BUFFER_MAX_LEN)
|
||||
fatal("buffer_append_space: alloc %u not supported",
|
||||
newlen);
|
||||
buffer->buf = xrealloc(buffer->buf, newlen);
|
||||
buffer->buf = xrealloc(buffer->buf, 1, newlen);
|
||||
buffer->alloc = newlen;
|
||||
goto restart;
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether an allocation of 'len' will fit in the buffer
|
||||
* This must follow the same math as buffer_append_space
|
||||
*/
|
||||
int
|
||||
buffer_check_alloc(Buffer *buffer, u_int len)
|
||||
{
|
||||
if (buffer->offset == buffer->end) {
|
||||
buffer->offset = 0;
|
||||
buffer->end = 0;
|
||||
}
|
||||
restart:
|
||||
if (buffer->end + len < buffer->alloc)
|
||||
return (1);
|
||||
if (buffer_compact(buffer))
|
||||
goto restart;
|
||||
if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
|
||||
return (1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* Returns the number of bytes of data in the buffer. */
|
||||
|
||||
u_int
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: buffer.h,v 1.1.1.8 2006/02/04 22:22:36 christos Exp $ */
|
||||
/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
|
||||
/* $NetBSD: buffer.h,v 1.1.1.9 2006/09/28 21:15:01 christos Exp $ */
|
||||
/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -24,9 +24,6 @@ typedef struct {
|
|||
u_int end; /* Offset of last byte containing data. */
|
||||
} Buffer;
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
|
||||
void buffer_init(Buffer *);
|
||||
void buffer_clear(Buffer *);
|
||||
void buffer_free(Buffer *);
|
||||
|
@ -37,6 +34,8 @@ void *buffer_ptr(Buffer *);
|
|||
void buffer_append(Buffer *, const void *, u_int);
|
||||
void *buffer_append_space(Buffer *, u_int);
|
||||
|
||||
int buffer_check_alloc(Buffer *, u_int);
|
||||
|
||||
void buffer_get(Buffer *, void *, u_int);
|
||||
|
||||
void buffer_consume(Buffer *, u_int);
|
||||
|
@ -48,4 +47,40 @@ int buffer_get_ret(Buffer *, void *, u_int);
|
|||
int buffer_consume_ret(Buffer *, u_int);
|
||||
int buffer_consume_end_ret(Buffer *, u_int);
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
void buffer_put_bignum(Buffer *, const BIGNUM *);
|
||||
void buffer_put_bignum2(Buffer *, const BIGNUM *);
|
||||
void buffer_get_bignum(Buffer *, BIGNUM *);
|
||||
void buffer_get_bignum2(Buffer *, BIGNUM *);
|
||||
|
||||
u_short buffer_get_short(Buffer *);
|
||||
void buffer_put_short(Buffer *, u_short);
|
||||
|
||||
u_int buffer_get_int(Buffer *);
|
||||
void buffer_put_int(Buffer *, u_int);
|
||||
|
||||
u_int64_t buffer_get_int64(Buffer *);
|
||||
void buffer_put_int64(Buffer *, u_int64_t);
|
||||
|
||||
int buffer_get_char(Buffer *);
|
||||
void buffer_put_char(Buffer *, int);
|
||||
|
||||
void *buffer_get_string(Buffer *, u_int *);
|
||||
void buffer_put_string(Buffer *, const void *, u_int);
|
||||
void buffer_put_cstring(Buffer *, const char *);
|
||||
|
||||
#define buffer_skip_string(b) \
|
||||
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
|
||||
|
||||
int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
|
||||
int buffer_get_bignum_ret(Buffer *, BIGNUM *);
|
||||
int buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
|
||||
int buffer_get_bignum2_ret(Buffer *, BIGNUM *);
|
||||
int buffer_get_short_ret(u_short *, Buffer *);
|
||||
int buffer_get_int_ret(u_int *, Buffer *);
|
||||
int buffer_get_int64_ret(u_int64_t *, Buffer *);
|
||||
void *buffer_get_string_ret(Buffer *, u_int *);
|
||||
int buffer_get_char_ret(char *, Buffer *);
|
||||
|
||||
#endif /* BUFFER_H */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: canohost.c,v 1.1.1.15 2006/02/04 22:22:36 christos Exp $ */
|
||||
/* $NetBSD: canohost.c,v 1.1.1.16 2006/09/28 21:15:02 christos Exp $ */
|
||||
/* $OpenBSD: canohost.c,v 1.61 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -12,11 +13,21 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: canohost.c,v 1.48 2005/12/28 22:46:06 stevesk Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "canohost.h"
|
||||
|
||||
|
@ -83,7 +94,7 @@ get_remote_hostname(int sock, int use_dns)
|
|||
*/
|
||||
for (i = 0; name[i]; i++)
|
||||
if (isupper(name[i]))
|
||||
name[i] = tolower(name[i]);
|
||||
name[i] = (char)tolower(name[i]);
|
||||
/*
|
||||
* Map it back to an IP address and check that the given
|
||||
* address actually is an address of this host. This is
|
||||
|
@ -98,7 +109,7 @@ get_remote_hostname(int sock, int use_dns)
|
|||
hints.ai_socktype = SOCK_STREAM;
|
||||
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
|
||||
logit("reverse mapping checking getaddrinfo for %.700s "
|
||||
"failed - POSSIBLE BREAK-IN ATTEMPT!", name);
|
||||
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
/* Look for the address from the list of addresses. */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: canohost.h,v 1.1.1.4 2001/09/27 02:00:39 itojun Exp $ */
|
||||
/* $OpenBSD: canohost.h,v 1.8 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $NetBSD: canohost.h,v 1.1.1.5 2006/09/28 21:15:02 christos Exp $ */
|
||||
/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: channels.c,v 1.1.1.22 2006/02/04 22:22:38 christos Exp $ */
|
||||
/* $NetBSD: channels.c,v 1.1.1.23 2006/09/28 21:15:04 christos Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -39,23 +40,38 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/un.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <termios.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
#include "buffer.h"
|
||||
#include "channels.h"
|
||||
#include "compat.h"
|
||||
#include "canohost.h"
|
||||
#include "key.h"
|
||||
#include "authfd.h"
|
||||
#include "pathnames.h"
|
||||
#include "bufaux.h"
|
||||
|
||||
/* -- channel core */
|
||||
|
||||
|
@ -92,11 +108,18 @@ typedef struct {
|
|||
u_short listen_port; /* Remote side should listen port number. */
|
||||
} ForwardPermission;
|
||||
|
||||
/* List of all permitted host/port pairs to connect. */
|
||||
/* List of all permitted host/port pairs to connect by the user. */
|
||||
static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
|
||||
|
||||
/* Number of permitted host/port pairs in the array. */
|
||||
/* List of all permitted host/port pairs to connect by the admin. */
|
||||
static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
|
||||
|
||||
/* Number of permitted host/port pairs in the array permitted by the user. */
|
||||
static int num_permitted_opens = 0;
|
||||
|
||||
/* Number of permitted host/port pair in the array permitted by the admin. */
|
||||
static int num_adm_permitted_opens = 0;
|
||||
|
||||
/*
|
||||
* If this is true, all opens are permitted. This is the case on the server
|
||||
* on which we have to trust the client anyway, and the user could do
|
||||
|
@ -124,7 +147,7 @@ static u_int x11_saved_data_len = 0;
|
|||
* Fake X11 authentication data. This is what the server will be sending us;
|
||||
* we should replace any occurrences of this by the real data.
|
||||
*/
|
||||
static char *x11_fake_data = NULL;
|
||||
static u_char *x11_fake_data = NULL;
|
||||
static u_int x11_fake_data_len;
|
||||
|
||||
|
||||
|
@ -169,7 +192,7 @@ channel_lookup(int id)
|
|||
if ((c = channel_by_id(id)) == NULL)
|
||||
return (NULL);
|
||||
|
||||
switch(c->type) {
|
||||
switch (c->type) {
|
||||
case SSH_CHANNEL_X11_OPEN:
|
||||
case SSH_CHANNEL_LARVAL:
|
||||
case SSH_CHANNEL_CONNECTING:
|
||||
|
@ -179,7 +202,6 @@ channel_lookup(int id)
|
|||
case SSH_CHANNEL_INPUT_DRAINING:
|
||||
case SSH_CHANNEL_OUTPUT_DRAINING:
|
||||
return (c);
|
||||
break;
|
||||
}
|
||||
logit("Non-public channel %d, type %d.", id, c->type);
|
||||
return (NULL);
|
||||
|
@ -189,7 +211,6 @@ channel_lookup(int id)
|
|||
* Register filedescriptors for a channel, used when allocating a channel or
|
||||
* when the channel consumer/producer is ready, e.g. shell exec'd
|
||||
*/
|
||||
|
||||
static void
|
||||
channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
int extusage, int nonblock)
|
||||
|
@ -235,7 +256,6 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
|||
* Allocate a new channel object and set its type and socket. This will cause
|
||||
* remote_name to be freed.
|
||||
*/
|
||||
|
||||
Channel *
|
||||
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
|
||||
|
@ -247,7 +267,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
|||
/* Do initial allocation if this is the first call. */
|
||||
if (channels_alloc == 0) {
|
||||
channels_alloc = 10;
|
||||
channels = xmalloc(channels_alloc * sizeof(Channel *));
|
||||
channels = xcalloc(channels_alloc, sizeof(Channel *));
|
||||
for (i = 0; i < channels_alloc; i++)
|
||||
channels[i] = NULL;
|
||||
}
|
||||
|
@ -264,16 +284,15 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
|||
if (channels_alloc > 10000)
|
||||
fatal("channel_new: internal error: channels_alloc %d "
|
||||
"too big.", channels_alloc);
|
||||
channels = xrealloc(channels,
|
||||
(channels_alloc + 10) * sizeof(Channel *));
|
||||
channels = xrealloc(channels, channels_alloc + 10,
|
||||
sizeof(Channel *));
|
||||
channels_alloc += 10;
|
||||
debug2("channel: expanding %d", channels_alloc);
|
||||
for (i = found; i < channels_alloc; i++)
|
||||
channels[i] = NULL;
|
||||
}
|
||||
/* Initialize and return new channel. */
|
||||
c = channels[found] = xmalloc(sizeof(Channel));
|
||||
memset(c, 0, sizeof(Channel));
|
||||
c = channels[found] = xcalloc(1, sizeof(Channel));
|
||||
buffer_init(&c->input);
|
||||
buffer_init(&c->output);
|
||||
buffer_init(&c->extended);
|
||||
|
@ -337,7 +356,6 @@ channel_close_fd(int *fdp)
|
|||
}
|
||||
|
||||
/* Close all channel fd/socket. */
|
||||
|
||||
static void
|
||||
channel_close_fds(Channel *c)
|
||||
{
|
||||
|
@ -352,7 +370,6 @@ channel_close_fds(Channel *c)
|
|||
}
|
||||
|
||||
/* Free the channel and close its fd/socket. */
|
||||
|
||||
void
|
||||
channel_free(Channel *c)
|
||||
{
|
||||
|
@ -399,7 +416,6 @@ channel_free_all(void)
|
|||
* Closes the sockets/fds of all channels. This is used to close extra file
|
||||
* descriptors after a fork.
|
||||
*/
|
||||
|
||||
void
|
||||
channel_close_all(void)
|
||||
{
|
||||
|
@ -413,7 +429,6 @@ channel_close_all(void)
|
|||
/*
|
||||
* Stop listening to channels.
|
||||
*/
|
||||
|
||||
void
|
||||
channel_stop_listening(void)
|
||||
{
|
||||
|
@ -440,7 +455,6 @@ channel_stop_listening(void)
|
|||
* Returns true if no channel has too much buffered data, and false if one or
|
||||
* more channel is overfull.
|
||||
*/
|
||||
|
||||
int
|
||||
channel_not_very_much_buffered_data(void)
|
||||
{
|
||||
|
@ -470,7 +484,6 @@ channel_not_very_much_buffered_data(void)
|
|||
}
|
||||
|
||||
/* Returns true if any channel is still open. */
|
||||
|
||||
int
|
||||
channel_still_open(void)
|
||||
{
|
||||
|
@ -513,7 +526,6 @@ channel_still_open(void)
|
|||
}
|
||||
|
||||
/* Returns the id of an open channel suitable for keepaliving */
|
||||
|
||||
int
|
||||
channel_find_open(void)
|
||||
{
|
||||
|
@ -558,7 +570,6 @@ channel_find_open(void)
|
|||
* suitable for sending to the client. The message contains crlf pairs for
|
||||
* newlines.
|
||||
*/
|
||||
|
||||
char *
|
||||
channel_open_message(void)
|
||||
{
|
||||
|
@ -643,6 +654,7 @@ channel_request_start(int id, char *service, int wantconfirm)
|
|||
packet_put_cstring(service);
|
||||
packet_put_char(wantconfirm);
|
||||
}
|
||||
|
||||
void
|
||||
channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
|
||||
{
|
||||
|
@ -655,6 +667,7 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
|
|||
c->confirm = fn;
|
||||
c->confirm_ctx = ctx;
|
||||
}
|
||||
|
||||
void
|
||||
channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
|
||||
{
|
||||
|
@ -667,6 +680,7 @@ channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
|
|||
c->detach_user = fn;
|
||||
c->detach_close = do_close;
|
||||
}
|
||||
|
||||
void
|
||||
channel_cancel_cleanup(int id)
|
||||
{
|
||||
|
@ -679,6 +693,7 @@ channel_cancel_cleanup(int id)
|
|||
c->detach_user = NULL;
|
||||
c->detach_close = 0;
|
||||
}
|
||||
|
||||
void
|
||||
channel_register_filter(int id, channel_infilter_fn *ifn,
|
||||
channel_outfilter_fn *ofn)
|
||||
|
@ -718,25 +733,27 @@ channel_set_fds(int id, int rfd, int wfd, int efd,
|
|||
* 'channel_post*': perform any appropriate operations for channels which
|
||||
* have events pending.
|
||||
*/
|
||||
typedef void chan_fn(Channel *c, fd_set * readset, fd_set * writeset);
|
||||
typedef void chan_fn(Channel *c, fd_set *readset, fd_set *writeset);
|
||||
chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE];
|
||||
chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE];
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_pre_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
FD_SET(c->sock, readset);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_pre_connecting(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
debug3("channel %d: waiting for connection", c->self);
|
||||
FD_SET(c->sock, writeset);
|
||||
}
|
||||
|
||||
static void
|
||||
channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
if (buffer_len(&c->input) < packet_get_maxsize())
|
||||
FD_SET(c->sock, readset);
|
||||
|
@ -745,16 +762,14 @@ channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
|
||||
static void
|
||||
channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
|
||||
|
||||
/* check buffer limits */
|
||||
limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
|
||||
|
||||
if (c->istate == CHAN_INPUT_OPEN &&
|
||||
limit > 0 &&
|
||||
buffer_len(&c->input) < limit)
|
||||
buffer_len(&c->input) < limit &&
|
||||
buffer_check_alloc(&c->input, CHAN_RBUF))
|
||||
FD_SET(c->rfd, readset);
|
||||
if (c->ostate == CHAN_OUTPUT_OPEN ||
|
||||
c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
|
@ -784,8 +799,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
FD_SET(c->ctl_fd, readset);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_input_draining(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
if (buffer_len(&c->input) == 0) {
|
||||
packet_start(SSH_MSG_CHANNEL_CLOSE);
|
||||
|
@ -796,8 +812,9 @@ channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_output_draining(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
if (buffer_len(&c->output) == 0)
|
||||
chan_mark_dead(c);
|
||||
|
@ -873,7 +890,7 @@ x11_open_helper(Buffer *b)
|
|||
}
|
||||
|
||||
static void
|
||||
channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_x11_open_13(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
int ret = x11_open_helper(&c->output);
|
||||
|
||||
|
@ -899,7 +916,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
|
||||
static void
|
||||
channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_x11_open(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
int ret = x11_open_helper(&c->output);
|
||||
|
||||
|
@ -925,8 +942,9 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
|
||||
/* try to decode a socks4 header */
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
char *p, *host;
|
||||
u_int len, have, i, found;
|
||||
|
@ -990,7 +1008,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
s4_rsp.command = 90; /* cd: req granted */
|
||||
s4_rsp.dest_port = 0; /* ignored */
|
||||
s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */
|
||||
buffer_append(&c->output, (char *)&s4_rsp, sizeof(s4_rsp));
|
||||
buffer_append(&c->output, &s4_rsp, sizeof(s4_rsp));
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -1003,8 +1021,9 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
#define SSH_SOCKS5_CONNECT 0x01
|
||||
#define SSH_SOCKS5_SUCCESS 0x00
|
||||
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
struct {
|
||||
u_int8_t version;
|
||||
|
@ -1014,7 +1033,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
} s5_req, s5_rsp;
|
||||
u_int16_t dest_port;
|
||||
u_char *p, dest_addr[255+1];
|
||||
u_int have, i, found, nmethods, addrlen, af;
|
||||
u_int have, need, i, found, nmethods, addrlen, af;
|
||||
|
||||
debug2("channel %d: decode socks5", c->self);
|
||||
p = buffer_ptr(&c->input);
|
||||
|
@ -1030,7 +1049,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
return 0;
|
||||
/* look for method: "NO AUTHENTICATION REQUIRED" */
|
||||
for (found = 0, i = 2 ; i < nmethods + 2; i++) {
|
||||
if (p[i] == SSH_SOCKS5_NOAUTH ) {
|
||||
if (p[i] == SSH_SOCKS5_NOAUTH) {
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -1051,7 +1070,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
debug2("channel %d: socks5 post auth", c->self);
|
||||
if (have < sizeof(s5_req)+1)
|
||||
return 0; /* need more */
|
||||
memcpy((char *)&s5_req, p, sizeof(s5_req));
|
||||
memcpy(&s5_req, p, sizeof(s5_req));
|
||||
if (s5_req.version != 0x05 ||
|
||||
s5_req.command != SSH_SOCKS5_CONNECT ||
|
||||
s5_req.reserved != 0x00) {
|
||||
|
@ -1075,7 +1094,10 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
debug2("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
|
||||
return -1;
|
||||
}
|
||||
if (have < 4 + addrlen + 2)
|
||||
need = sizeof(s5_req) + addrlen + 2;
|
||||
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
|
||||
need++;
|
||||
if (have < need)
|
||||
return 0;
|
||||
buffer_consume(&c->input, sizeof(s5_req));
|
||||
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
|
||||
|
@ -1099,15 +1121,15 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
|
||||
dest_port = 0; /* ignored */
|
||||
|
||||
buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));
|
||||
buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));
|
||||
buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));
|
||||
buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
|
||||
buffer_append(&c->output, &dest_addr, sizeof(struct in_addr));
|
||||
buffer_append(&c->output, &dest_port, sizeof(dest_port));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* dynamic port forwarding */
|
||||
static void
|
||||
channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
u_char *p;
|
||||
u_int have;
|
||||
|
@ -1150,8 +1172,9 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
|
||||
/* This is our fake X11 server socket. */
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
Channel *nc;
|
||||
struct sockaddr addr;
|
||||
|
@ -1275,8 +1298,9 @@ channel_set_reuseaddr(int fd)
|
|||
/*
|
||||
* This socket is listening for connections to a forwarded TCP/IP port.
|
||||
*/
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
Channel *nc;
|
||||
struct sockaddr addr;
|
||||
|
@ -1332,8 +1356,9 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
* This is the authentication agent socket listening for connections from
|
||||
* clients.
|
||||
*/
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
Channel *nc;
|
||||
int newsock;
|
||||
|
@ -1365,8 +1390,9 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
int err = 0;
|
||||
socklen_t sz = sizeof(err);
|
||||
|
@ -1411,8 +1437,9 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
char buf[CHAN_RBUF];
|
||||
int len;
|
||||
|
@ -1451,8 +1478,10 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
struct termios tio;
|
||||
u_char *data = NULL, *buf;
|
||||
|
@ -1533,8 +1562,9 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
char buf[CHAN_RBUF];
|
||||
int len;
|
||||
|
@ -1576,8 +1606,10 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
channel_handle_ctl(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_handle_ctl(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
char buf[16];
|
||||
int len;
|
||||
|
@ -1603,6 +1635,7 @@ channel_handle_ctl(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
channel_check_window(Channel *c)
|
||||
{
|
||||
|
@ -1624,7 +1657,7 @@ channel_check_window(Channel *c)
|
|||
}
|
||||
|
||||
static void
|
||||
channel_post_open(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_open(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
if (c->delayed)
|
||||
return;
|
||||
|
@ -1637,8 +1670,9 @@ channel_post_open(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
channel_check_window(c);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
channel_post_output_drain_13(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
int len;
|
||||
|
||||
|
@ -1755,7 +1789,7 @@ channel_garbage_collect(Channel *c)
|
|||
}
|
||||
|
||||
static void
|
||||
channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
|
||||
channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
static int did_init = 0;
|
||||
u_int i;
|
||||
|
@ -1783,15 +1817,20 @@ void
|
|||
channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
|
||||
u_int *nallocp, int rekeying)
|
||||
{
|
||||
u_int n, sz;
|
||||
u_int n, sz, nfdset;
|
||||
|
||||
n = MAX(*maxfdp, channel_max_fd);
|
||||
|
||||
sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
|
||||
nfdset = howmany(n+1, NFDBITS);
|
||||
/* Explicitly test here, because xrealloc isn't always called */
|
||||
if (nfdset && SIZE_T_MAX / nfdset < sizeof(fd_mask))
|
||||
fatal("channel_prepare_select: max_fd (%d) is too large", n);
|
||||
sz = nfdset * sizeof(fd_mask);
|
||||
|
||||
/* perhaps check sz < nalloc/2 and shrink? */
|
||||
if (*readsetp == NULL || sz > *nallocp) {
|
||||
*readsetp = xrealloc(*readsetp, sz);
|
||||
*writesetp = xrealloc(*writesetp, sz);
|
||||
*readsetp = xrealloc(*readsetp, nfdset, sizeof(fd_mask));
|
||||
*writesetp = xrealloc(*writesetp, nfdset, sizeof(fd_mask));
|
||||
*nallocp = sz;
|
||||
}
|
||||
*maxfdp = n;
|
||||
|
@ -1807,14 +1846,13 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
|
|||
* events pending.
|
||||
*/
|
||||
void
|
||||
channel_after_select(fd_set * readset, fd_set * writeset)
|
||||
channel_after_select(fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
channel_handler(channel_post, readset, writeset);
|
||||
}
|
||||
|
||||
|
||||
/* If there is data to send to the connection, enqueue some of it now. */
|
||||
|
||||
void
|
||||
channel_output_poll(void)
|
||||
{
|
||||
|
@ -1935,6 +1973,7 @@ channel_output_poll(void)
|
|||
|
||||
/* -- protocol input */
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_data(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -1994,6 +2033,7 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
|
|||
xfree(data);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2040,6 +2080,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
|||
xfree(data);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_ieof(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2063,6 +2104,7 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt)
|
|||
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_close(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2101,6 +2143,7 @@ channel_input_close(int type, u_int32_t seq, void *ctxt)
|
|||
}
|
||||
|
||||
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_oclose(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2113,6 +2156,7 @@ channel_input_oclose(int type, u_int32_t seq, void *ctxt)
|
|||
chan_rcvd_oclose(c);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2129,6 +2173,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt)
|
|||
channel_free(c);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2176,6 +2221,7 @@ reason2txt(int reason)
|
|||
return "unknown reason";
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2207,6 +2253,7 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
|
|||
channel_free(c);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2231,6 +2278,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
|||
c->remote_window += adjust;
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
channel_input_port_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2445,7 +2493,7 @@ channel_setup_remote_fwd_listener(const char *listen_address,
|
|||
* the secure channel to host:port from local side.
|
||||
*/
|
||||
|
||||
void
|
||||
int
|
||||
channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
|
||||
const char *host_to_connect, u_short port_to_connect)
|
||||
{
|
||||
|
@ -2489,7 +2537,6 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
|
|||
success = 1;
|
||||
break;
|
||||
case SSH_SMSG_FAILURE:
|
||||
logit("Warning: Server denied remote port forwarding.");
|
||||
break;
|
||||
default:
|
||||
/* Unknown packet */
|
||||
|
@ -2503,6 +2550,7 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
|
|||
permitted_opens[num_permitted_opens].listen_port = listen_port;
|
||||
num_permitted_opens++;
|
||||
}
|
||||
return (success ? 0 : -1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2542,13 +2590,13 @@ channel_request_rforward_cancel(const char *host, u_short port)
|
|||
/*
|
||||
* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates
|
||||
* listening for the port, and sends back a success reply (or disconnect
|
||||
* message if there was an error). This never returns if there was an error.
|
||||
* message if there was an error).
|
||||
*/
|
||||
|
||||
void
|
||||
int
|
||||
channel_input_port_forward_request(int is_root, int gateway_ports)
|
||||
{
|
||||
u_short port, host_port;
|
||||
int success = 0;
|
||||
char *hostname;
|
||||
|
||||
/* Get arguments from the packet. */
|
||||
|
@ -2568,11 +2616,13 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
|
|||
packet_disconnect("Dynamic forwarding denied.");
|
||||
|
||||
/* Initiate forwarding */
|
||||
channel_setup_local_fwd_listener(NULL, port, hostname,
|
||||
success = channel_setup_local_fwd_listener(NULL, port, hostname,
|
||||
host_port, gateway_ports);
|
||||
|
||||
/* Free the argument string. */
|
||||
xfree(hostname);
|
||||
|
||||
return (success ? 0 : -1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2591,7 +2641,7 @@ void
|
|||
channel_add_permitted_opens(char *host, int port)
|
||||
{
|
||||
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
||||
fatal("channel_request_remote_forwarding: too many forwards");
|
||||
fatal("channel_add_permitted_opens: too many forwards");
|
||||
debug("allow port forwarding to host %s port %d", host, port);
|
||||
|
||||
permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
|
||||
|
@ -2601,6 +2651,19 @@ channel_add_permitted_opens(char *host, int port)
|
|||
all_opens_permitted = 0;
|
||||
}
|
||||
|
||||
int
|
||||
channel_add_adm_permitted_opens(char *host, int port)
|
||||
{
|
||||
if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
||||
fatal("channel_add_adm_permitted_opens: too many forwards");
|
||||
debug("config allows port forwarding to host %s port %d", host, port);
|
||||
|
||||
permitted_adm_opens[num_adm_permitted_opens].host_to_connect
|
||||
= xstrdup(host);
|
||||
permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
|
||||
return ++num_adm_permitted_opens;
|
||||
}
|
||||
|
||||
void
|
||||
channel_clear_permitted_opens(void)
|
||||
{
|
||||
|
@ -2610,9 +2673,18 @@ channel_clear_permitted_opens(void)
|
|||
if (permitted_opens[i].host_to_connect != NULL)
|
||||
xfree(permitted_opens[i].host_to_connect);
|
||||
num_permitted_opens = 0;
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
channel_clear_adm_permitted_opens(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_adm_permitted_opens; i++)
|
||||
if (permitted_adm_opens[i].host_to_connect != NULL)
|
||||
xfree(permitted_adm_opens[i].host_to_connect);
|
||||
num_adm_permitted_opens = 0;
|
||||
}
|
||||
|
||||
/* return socket to remote host, port */
|
||||
static int
|
||||
|
@ -2690,7 +2762,7 @@ channel_connect_by_listen_address(u_short listen_port)
|
|||
int
|
||||
channel_connect_to(const char *host, u_short port)
|
||||
{
|
||||
int i, permit;
|
||||
int i, permit, permit_adm = 1;
|
||||
|
||||
permit = all_opens_permitted;
|
||||
if (!permit) {
|
||||
|
@ -2699,9 +2771,19 @@ channel_connect_to(const char *host, u_short port)
|
|||
permitted_opens[i].port_to_connect == port &&
|
||||
strcmp(permitted_opens[i].host_to_connect, host) == 0)
|
||||
permit = 1;
|
||||
|
||||
}
|
||||
if (!permit) {
|
||||
|
||||
if (num_adm_permitted_opens > 0) {
|
||||
permit_adm = 0;
|
||||
for (i = 0; i < num_adm_permitted_opens; i++)
|
||||
if (permitted_adm_opens[i].host_to_connect != NULL &&
|
||||
permitted_adm_opens[i].port_to_connect == port &&
|
||||
strcmp(permitted_adm_opens[i].host_to_connect, host)
|
||||
== 0)
|
||||
permit_adm = 1;
|
||||
}
|
||||
|
||||
if (!permit || !permit_adm) {
|
||||
logit("Received request to connect to host %.100s port %d, "
|
||||
"but the request was denied.", host, port);
|
||||
return -1;
|
||||
|
@ -2722,10 +2804,10 @@ channel_send_window_changes(void)
|
|||
if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
|
||||
continue;
|
||||
channel_request_start(i, "window-change", 0);
|
||||
packet_put_int(ws.ws_col);
|
||||
packet_put_int(ws.ws_row);
|
||||
packet_put_int(ws.ws_xpixel);
|
||||
packet_put_int(ws.ws_ypixel);
|
||||
packet_put_int((u_int)ws.ws_col);
|
||||
packet_put_int((u_int)ws.ws_row);
|
||||
packet_put_int((u_int)ws.ws_xpixel);
|
||||
packet_put_int((u_int)ws.ws_ypixel);
|
||||
packet_send();
|
||||
}
|
||||
}
|
||||
|
@ -2811,7 +2893,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
|||
}
|
||||
|
||||
/* Allocate a channel for each socket. */
|
||||
*chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
|
||||
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
|
||||
for (n = 0; n < num_socks; n++) {
|
||||
sock = socks[n];
|
||||
nc = channel_new("x11 listener",
|
||||
|
@ -2840,7 +2922,7 @@ connect_local_xsocket(u_int dnr)
|
|||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr);
|
||||
if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0)
|
||||
if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
|
||||
return sock;
|
||||
close(sock);
|
||||
error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
|
||||
|
@ -2850,12 +2932,12 @@ connect_local_xsocket(u_int dnr)
|
|||
int
|
||||
x11_connect_display(void)
|
||||
{
|
||||
int display_number, sock = 0;
|
||||
u_int display_number;
|
||||
const char *display;
|
||||
char buf[1024], *cp;
|
||||
struct addrinfo hints, *ai, *aitop;
|
||||
char strport[NI_MAXSERV];
|
||||
int gaierr;
|
||||
int gaierr, sock = 0;
|
||||
|
||||
/* Try to open a socket for the local X server. */
|
||||
display = getenv("DISPLAY");
|
||||
|
@ -2875,7 +2957,7 @@ x11_connect_display(void)
|
|||
if (strncmp(display, "unix:", 5) == 0 ||
|
||||
display[0] == ':') {
|
||||
/* Connect to the unix domain socket. */
|
||||
if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
|
||||
if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
|
||||
error("Could not parse display number from DISPLAY: %.100s",
|
||||
display);
|
||||
return -1;
|
||||
|
@ -2900,7 +2982,7 @@ x11_connect_display(void)
|
|||
}
|
||||
*cp = 0;
|
||||
/* buf now contains the host name. But first we parse the display number. */
|
||||
if (sscanf(cp + 1, "%d", &display_number) != 1) {
|
||||
if (sscanf(cp + 1, "%u", &display_number) != 1) {
|
||||
error("Could not parse display number from DISPLAY: %.100s",
|
||||
display);
|
||||
return -1;
|
||||
|
@ -2910,7 +2992,7 @@ x11_connect_display(void)
|
|||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = IPv4or6;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
snprintf(strport, sizeof strport, "%d", 6000 + display_number);
|
||||
snprintf(strport, sizeof strport, "%u", 6000 + display_number);
|
||||
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
|
||||
error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));
|
||||
return -1;
|
||||
|
@ -2924,7 +3006,7 @@ x11_connect_display(void)
|
|||
}
|
||||
/* Connect it to the display. */
|
||||
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||
debug2("connect %.100s port %d: %.100s", buf,
|
||||
debug2("connect %.100s port %u: %.100s", buf,
|
||||
6000 + display_number, strerror(errno));
|
||||
close(sock);
|
||||
continue;
|
||||
|
@ -2934,7 +3016,7 @@ x11_connect_display(void)
|
|||
}
|
||||
freeaddrinfo(aitop);
|
||||
if (!ai) {
|
||||
error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
|
||||
error("connect %.100s port %u: %.100s", buf, 6000 + display_number,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
@ -2948,6 +3030,7 @@ x11_connect_display(void)
|
|||
* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
|
||||
*/
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
x11_input_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -2991,6 +3074,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
|
|||
}
|
||||
|
||||
/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
|
||||
/* ARGSUSED */
|
||||
void
|
||||
deny_input_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -3037,13 +3121,11 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
|
|||
return;
|
||||
}
|
||||
|
||||
cp = disp;
|
||||
if (disp)
|
||||
cp = strchr(disp, ':');
|
||||
cp = strchr(disp, ':');
|
||||
if (cp)
|
||||
cp = strchr(cp, '.');
|
||||
if (cp)
|
||||
screen_number = atoi(cp + 1);
|
||||
screen_number = (u_int)strtonum(cp + 1, 0, 400, NULL);
|
||||
else
|
||||
screen_number = 0;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: channels.h,v 1.1.1.19 2006/02/04 22:22:38 christos Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.83 2005/12/30 15:56:37 reyk Exp $ */
|
||||
/* $NetBSD: channels.h,v 1.1.1.20 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.88 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -39,8 +39,6 @@
|
|||
#ifndef CHANNEL_H
|
||||
#define CHANNEL_H
|
||||
|
||||
#include "buffer.h"
|
||||
|
||||
/* Definitions for channel types. */
|
||||
#define SSH_CHANNEL_X11_LISTENER 1 /* Listening for inet X11 conn. */
|
||||
#define SSH_CHANNEL_PORT_LISTENER 2 /* Listening on a port. */
|
||||
|
@ -207,11 +205,13 @@ int channel_find_open(void);
|
|||
void channel_set_af(int af);
|
||||
void channel_permit_all_opens(void);
|
||||
void channel_add_permitted_opens(char *, int);
|
||||
int channel_add_adm_permitted_opens(char *, int);
|
||||
void channel_clear_permitted_opens(void);
|
||||
void channel_input_port_forward_request(int, int);
|
||||
void channel_clear_adm_permitted_opens(void);
|
||||
int channel_input_port_forward_request(int, int);
|
||||
int channel_connect_to(const char *, u_short);
|
||||
int channel_connect_by_listen_address(u_short);
|
||||
void channel_request_remote_forwarding(const char *, u_short,
|
||||
int channel_request_remote_forwarding(const char *, u_short,
|
||||
const char *, u_short);
|
||||
int channel_setup_local_fwd_listener(const char *, u_short,
|
||||
const char *, u_short, int);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: cipher-3des1.c,v 1.1.1.1 2005/02/13 00:52:56 christos Exp $ */
|
||||
/* $NetBSD: cipher-3des1.c,v 1.1.1.2 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cipher-3des1.c,v 1.6 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,10 +24,12 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: cipher-bf1.c,v 1.1.1.1 2005/02/13 00:52:56 christos Exp $ */
|
||||
/* $NetBSD: cipher-bf1.c,v 1.1.1.2 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cipher-bf1.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,10 +24,12 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: cipher-ctr.c,v 1.1.1.3 2006/02/04 22:22:38 christos Exp $ */
|
||||
/* $NetBSD: cipher-ctr.c,v 1.1.1.4 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
|
@ -14,14 +15,16 @@
|
|||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/aes.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
const EVP_CIPHER *evp_aes_128_ctr(void);
|
||||
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: cipher.c,v 1.1.1.14 2006/02/04 22:22:39 christos Exp $ */
|
||||
/* $NetBSD: cipher.c,v 1.1.1.15 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,15 +36,17 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "cipher.h"
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
||||
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
||||
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: cipher.h,v 1.1.1.9 2005/02/13 00:52:57 christos Exp $ */
|
||||
/* $OpenBSD: cipher.h,v 1.35 2004/07/28 09:40:29 markus Exp $ */
|
||||
/* $NetBSD: cipher.h,v 1.1.1.10 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: cleanup.c,v 1.1.1.1 2005/02/13 00:52:57 christos Exp $ */
|
||||
/* $NetBSD: cleanup.c,v 1.1.1.2 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
|
@ -14,8 +15,11 @@
|
|||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: clientloop.c,v 1.1.1.22 2006/02/04 22:22:42 christos Exp $ */
|
||||
/* $NetBSD: clientloop.c,v 1.1.1.23 2006/09/28 21:15:06 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -59,21 +60,36 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <paths.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <termios.h>
|
||||
#include <pwd.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "compat.h"
|
||||
#include "channels.h"
|
||||
#include "dispatch.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "readconf.h"
|
||||
|
@ -119,7 +135,7 @@ static volatile sig_atomic_t received_signal = 0;
|
|||
static int in_non_blocking_mode = 0;
|
||||
|
||||
/* Common data for the client loop code. */
|
||||
static int quit_pending; /* Set to non-zero to quit the client loop. */
|
||||
static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
|
||||
static int escape_char; /* Escape character. */
|
||||
static int escape_pending; /* Last character was the escape character */
|
||||
static int last_was_cr; /* Last character was a newline. */
|
||||
|
@ -179,7 +195,7 @@ enter_non_blocking(void)
|
|||
* Signal handler for the window change signal (SIGWINCH). This just sets a
|
||||
* flag indicating that the window has changed.
|
||||
*/
|
||||
|
||||
/*ARGSUSED */
|
||||
static void
|
||||
window_change_handler(int sig)
|
||||
{
|
||||
|
@ -191,7 +207,7 @@ window_change_handler(int sig)
|
|||
* Signal handler for signals that cause the program to terminate. These
|
||||
* signals must be trapped to restore terminal modes.
|
||||
*/
|
||||
|
||||
/*ARGSUSED */
|
||||
static void
|
||||
signal_handler(int sig)
|
||||
{
|
||||
|
@ -423,10 +439,10 @@ client_check_window_change(void)
|
|||
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
|
||||
return;
|
||||
packet_start(SSH_CMSG_WINDOW_SIZE);
|
||||
packet_put_int(ws.ws_row);
|
||||
packet_put_int(ws.ws_col);
|
||||
packet_put_int(ws.ws_xpixel);
|
||||
packet_put_int(ws.ws_ypixel);
|
||||
packet_put_int((u_int)ws.ws_row);
|
||||
packet_put_int((u_int)ws.ws_col);
|
||||
packet_put_int((u_int)ws.ws_xpixel);
|
||||
packet_put_int((u_int)ws.ws_ypixel);
|
||||
packet_send();
|
||||
}
|
||||
}
|
||||
|
@ -570,7 +586,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
|
|||
}
|
||||
|
||||
static void
|
||||
client_process_net_input(fd_set * readset)
|
||||
client_process_net_input(fd_set *readset)
|
||||
{
|
||||
int len;
|
||||
char buf[8192];
|
||||
|
@ -678,7 +694,7 @@ client_extra_session2_setup(int id, void *arg)
|
|||
}
|
||||
|
||||
static void
|
||||
client_process_control(fd_set * readset)
|
||||
client_process_control(fd_set *readset)
|
||||
{
|
||||
Buffer m;
|
||||
Channel *c;
|
||||
|
@ -809,8 +825,7 @@ client_process_control(fd_set * readset)
|
|||
return;
|
||||
}
|
||||
|
||||
cctx = xmalloc(sizeof(*cctx));
|
||||
memset(cctx, 0, sizeof(*cctx));
|
||||
cctx = xcalloc(1, sizeof(*cctx));
|
||||
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
|
||||
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
|
||||
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
|
||||
|
@ -825,7 +840,7 @@ client_process_control(fd_set * readset)
|
|||
env_len = MIN(env_len, 4096);
|
||||
debug3("%s: receiving %d env vars", __func__, env_len);
|
||||
if (env_len != 0) {
|
||||
cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
|
||||
cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
|
||||
for (i = 0; i < env_len; i++)
|
||||
cctx->env[i] = buffer_get_string(&m, &len);
|
||||
cctx->env[i] = NULL;
|
||||
|
@ -833,6 +848,7 @@ client_process_control(fd_set * readset)
|
|||
|
||||
debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
|
||||
cctx->want_tty, cctx->want_subsys, cmd);
|
||||
xfree(cmd);
|
||||
|
||||
/* Gather fds from client */
|
||||
new_fd[0] = mm_receive_fd(client_fd);
|
||||
|
@ -913,12 +929,16 @@ process_cmdline(void)
|
|||
|
||||
if (*s == 'h' || *s == 'H' || *s == '?') {
|
||||
logit("Commands:");
|
||||
logit(" -Lport:host:hostport Request local forward");
|
||||
logit(" -Rport:host:hostport Request remote forward");
|
||||
logit(" -KRhostport Cancel remote forward");
|
||||
logit(" -L[bind_address:]port:host:hostport "
|
||||
"Request local forward");
|
||||
logit(" -R[bind_address:]port:host:hostport "
|
||||
"Request remote forward");
|
||||
logit(" -KR[bind_address:]port "
|
||||
"Cancel remote forward");
|
||||
if (!options.permit_local_command)
|
||||
goto out;
|
||||
logit(" !args Execute local command");
|
||||
logit(" !args "
|
||||
"Execute local command");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -979,9 +999,12 @@ process_cmdline(void)
|
|||
goto out;
|
||||
}
|
||||
} else {
|
||||
channel_request_remote_forwarding(fwd.listen_host,
|
||||
if (channel_request_remote_forwarding(fwd.listen_host,
|
||||
fwd.listen_port, fwd.connect_host,
|
||||
fwd.connect_port);
|
||||
fwd.connect_port) < 0) {
|
||||
logit("Port forwarding failed.");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
logit("Forwarding port.");
|
||||
|
@ -1173,7 +1196,7 @@ Supported escape sequences:\r\n\
|
|||
}
|
||||
|
||||
static void
|
||||
client_process_input(fd_set * readset)
|
||||
client_process_input(fd_set *readset)
|
||||
{
|
||||
int len;
|
||||
char buf[8192];
|
||||
|
@ -1226,7 +1249,7 @@ client_process_input(fd_set * readset)
|
|||
}
|
||||
|
||||
static void
|
||||
client_process_output(fd_set * writeset)
|
||||
client_process_output(fd_set *writeset)
|
||||
{
|
||||
int len;
|
||||
char buf[100];
|
||||
|
@ -1870,10 +1893,10 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
|
|||
|
||||
channel_request_start(id, "pty-req", 0);
|
||||
packet_put_cstring(term != NULL ? term : "");
|
||||
packet_put_int(ws.ws_col);
|
||||
packet_put_int(ws.ws_row);
|
||||
packet_put_int(ws.ws_xpixel);
|
||||
packet_put_int(ws.ws_ypixel);
|
||||
packet_put_int((u_int)ws.ws_col);
|
||||
packet_put_int((u_int)ws.ws_row);
|
||||
packet_put_int((u_int)ws.ws_xpixel);
|
||||
packet_put_int((u_int)ws.ws_ypixel);
|
||||
tio = get_saved_tio();
|
||||
tty_make_modes(-1, tiop != NULL ? tiop : &tio);
|
||||
packet_send();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: clientloop.h,v 1.1.1.7 2006/02/04 22:22:42 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
|
||||
/* $NetBSD: clientloop.h,v 1.1.1.8 2006/09/28 21:15:06 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.16 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -36,6 +36,8 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <termios.h>
|
||||
|
||||
/* Client side main loop for the interactive session. */
|
||||
int client_loop(int, int, int);
|
||||
void client_x11_get_proto(const char *, const char *, u_int,
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: compat.c,v 1.1.1.15 2005/04/23 16:28:05 christos Exp $ */
|
||||
/* $NetBSD: compat.c,v 1.1.1.16 2006/09/28 21:15:06 christos Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,12 +24,15 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
#include "compat.h"
|
||||
#include "log.h"
|
||||
#include "match.h"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: compat.h,v 1.1.1.14 2005/04/23 16:28:05 christos Exp $ */
|
||||
/* $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */
|
||||
/* $NetBSD: compat.h,v 1.1.1.15 2006/09/28 21:15:06 christos Exp $ */
|
||||
/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: compress.c,v 1.1.1.9 2005/02/13 00:52:58 christos Exp $ */
|
||||
/* $NetBSD: compress.c,v 1.1.1.10 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: compress.c,v 1.25 2006/08/06 01:13:32 stevesk Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -12,12 +13,13 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compress.c,v 1.21 2004/01/13 19:45:15 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <zlib.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "zlib.h"
|
||||
#include "compress.h"
|
||||
|
||||
z_stream incoming_stream;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: compress.h,v 1.1.1.6 2002/03/08 01:20:43 itojun Exp $ */
|
||||
/* $OpenBSD: compress.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */
|
||||
/* $NetBSD: compress.h,v 1.1.1.7 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: crc32.c,v 1.1.1.5 2003/04/03 05:57:20 itojun Exp $ */
|
||||
/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
|
||||
/* $NetBSD: crc32.c,v 1.1.1.6 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
|
@ -101,7 +101,7 @@ ssh_crc32(const u_char *buf, u_int32_t size)
|
|||
u_int32_t i, crc;
|
||||
|
||||
crc = 0;
|
||||
for (i = 0; i < size; i++)
|
||||
for (i = 0; i < size; i++)
|
||||
crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
|
||||
return crc;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: crc32.h,v 1.1.1.8 2003/04/03 05:57:20 itojun Exp $ */
|
||||
/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
|
||||
/* $NetBSD: crc32.h,v 1.1.1.9 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: deattack.c,v 1.1.1.10 2005/02/13 00:52:58 christos Exp $ */
|
||||
/* $NetBSD: deattack.c,v 1.1.1.11 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
|
||||
/*
|
||||
* Cryptographic attack detector for ssh - source code
|
||||
*
|
||||
|
@ -18,15 +19,35 @@
|
|||
* <http://www.core-sdi.com>
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "deattack.h"
|
||||
#include "log.h"
|
||||
#include "crc32.h"
|
||||
#include "getput.h"
|
||||
#include "xmalloc.h"
|
||||
#include "deattack.h"
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* CRC attack detection has a worst-case behaviour that is O(N^3) over
|
||||
* the number of identical blocks in a packet. This behaviour can be
|
||||
* exploited to create a limited denial of service attack.
|
||||
*
|
||||
* However, because we are dealing with encrypted data, identical
|
||||
* blocks should only occur every 2^35 maximally-sized packets or so.
|
||||
* Consequently, we can detect this DoS by looking for identical blocks
|
||||
* in a packet.
|
||||
*
|
||||
* The parameter below determines how many identical blocks we will
|
||||
* accept in a single packet, trading off between attack detection and
|
||||
* likelihood of terminating a legitimate connection. A value of 32
|
||||
* corresponds to an average of 2^40 messages before an attack is
|
||||
* misdetected
|
||||
*/
|
||||
#define MAX_IDENTICAL 32
|
||||
|
||||
/* SSH Constants */
|
||||
#define SSH_MAXBLOCKS (32 * 1024)
|
||||
|
@ -44,7 +65,7 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
|
|||
|
||||
|
||||
/* Hash function (Input keys are cipher results) */
|
||||
#define HASH(x) GET_32BIT(x)
|
||||
#define HASH(x) get_u32(x)
|
||||
|
||||
#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
|
||||
|
||||
|
@ -52,22 +73,17 @@ static void
|
|||
crc_update(u_int32_t *a, u_int32_t b)
|
||||
{
|
||||
b ^= *a;
|
||||
*a = ssh_crc32((u_char *) &b, sizeof(b));
|
||||
*a = ssh_crc32((u_char *)&b, sizeof(b));
|
||||
}
|
||||
|
||||
/* detect if a block is used in a particular pattern */
|
||||
static int
|
||||
check_crc(u_char *S, u_char *buf, u_int32_t len,
|
||||
u_char *IV)
|
||||
check_crc(u_char *S, u_char *buf, u_int32_t len)
|
||||
{
|
||||
u_int32_t crc;
|
||||
u_char *c;
|
||||
|
||||
crc = 0;
|
||||
if (IV && !CMP(S, IV)) {
|
||||
crc_update(&crc, 1);
|
||||
crc_update(&crc, 0);
|
||||
}
|
||||
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
|
||||
if (!CMP(S, c)) {
|
||||
crc_update(&crc, 1);
|
||||
|
@ -83,12 +99,12 @@ check_crc(u_char *S, u_char *buf, u_int32_t len,
|
|||
|
||||
/* Detect a crc32 compensation attack on a packet */
|
||||
int
|
||||
detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
||||
detect_attack(u_char *buf, u_int32_t len)
|
||||
{
|
||||
static u_int16_t *h = (u_int16_t *) NULL;
|
||||
static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
|
||||
u_int32_t i, j;
|
||||
u_int32_t l;
|
||||
u_int32_t l, same;
|
||||
u_char *c;
|
||||
u_char *d;
|
||||
|
||||
|
@ -101,26 +117,20 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
|||
|
||||
if (h == NULL) {
|
||||
debug("Installing crc compensation attack detector.");
|
||||
h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
|
||||
h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
|
||||
n = l;
|
||||
} else {
|
||||
if (l > n) {
|
||||
h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
|
||||
h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
|
||||
n = l;
|
||||
}
|
||||
}
|
||||
|
||||
if (len <= HASH_MINBLOCKS) {
|
||||
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
|
||||
if (IV && (!CMP(c, IV))) {
|
||||
if ((check_crc(c, buf, len, IV)))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
}
|
||||
for (d = buf; d < c; d += SSH_BLOCKSIZE) {
|
||||
if (!CMP(c, d)) {
|
||||
if ((check_crc(c, buf, len, IV)))
|
||||
if ((check_crc(c, buf, len)))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
|
@ -131,21 +141,13 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
|||
}
|
||||
memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
|
||||
|
||||
if (IV)
|
||||
h[HASH(IV) & (n - 1)] = HASH_IV;
|
||||
|
||||
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
|
||||
for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
|
||||
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
|
||||
i = (i + 1) & (n - 1)) {
|
||||
if (h[i] == HASH_IV) {
|
||||
if (!CMP(c, IV)) {
|
||||
if (check_crc(c, buf, len, IV))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
}
|
||||
} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
|
||||
if (check_crc(c, buf, len, IV))
|
||||
if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
|
||||
if (++same > MAX_IDENTICAL)
|
||||
return (DEATTACK_DOS_DETECTED);
|
||||
if (check_crc(c, buf, len))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: deattack.h,v 1.1.1.5 2001/09/27 02:00:42 itojun Exp $ */
|
||||
/* $OpenBSD: deattack.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $NetBSD: deattack.h,v 1.1.1.6 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Cryptographic attack detector for ssh - Header file
|
||||
|
@ -26,6 +26,7 @@
|
|||
/* Return codes */
|
||||
#define DEATTACK_OK 0
|
||||
#define DEATTACK_DETECTED 1
|
||||
#define DEATTACK_DOS_DETECTED 2
|
||||
|
||||
int detect_attack(u_char *, u_int32_t, u_char[8]);
|
||||
int detect_attack(u_char *, u_int32_t);
|
||||
#endif
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: dh.c,v 1.1.1.10 2005/02/13 00:52:58 christos Exp $ */
|
||||
/* $NetBSD: dh.c,v 1.1.1.11 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
|
@ -23,18 +24,15 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "dh.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
|
@ -45,9 +43,11 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
|||
{
|
||||
char *cp, *arg;
|
||||
char *strsize, *gen, *prime;
|
||||
const char *errstr = NULL;
|
||||
|
||||
cp = line;
|
||||
arg = strdelim(&cp);
|
||||
if ((arg = strdelim(&cp)) == NULL)
|
||||
return 0;
|
||||
/* Ignore leading whitespace */
|
||||
if (*arg == '\0')
|
||||
arg = strdelim(&cp);
|
||||
|
@ -68,7 +68,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
|||
goto fail;
|
||||
strsize = strsep(&cp, " "); /* size */
|
||||
if (cp == NULL || *strsize == '\0' ||
|
||||
(dhg->size = atoi(strsize)) == 0)
|
||||
(dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
|
||||
errstr)
|
||||
goto fail;
|
||||
/* The whole group is one bit larger */
|
||||
dhg->size++;
|
||||
|
@ -179,19 +180,36 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
|||
int i;
|
||||
int n = BN_num_bits(dh_pub);
|
||||
int bits_set = 0;
|
||||
BIGNUM *tmp;
|
||||
|
||||
if (dh_pub->neg) {
|
||||
logit("invalid public DH value: negativ");
|
||||
return 0;
|
||||
}
|
||||
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
|
||||
logit("invalid public DH value: <= 1");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((tmp = BN_new()) == NULL)
|
||||
return (-1);
|
||||
if (!BN_sub(tmp, dh->p, BN_value_one()) ||
|
||||
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
|
||||
BN_clear_free(tmp);
|
||||
logit("invalid public DH value: >= p-1");
|
||||
return 0;
|
||||
}
|
||||
BN_clear_free(tmp);
|
||||
|
||||
for (i = 0; i <= n; i++)
|
||||
if (BN_is_bit_set(dh_pub, i))
|
||||
bits_set++;
|
||||
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
|
||||
|
||||
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
|
||||
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
|
||||
if (bits_set > 1)
|
||||
return 1;
|
||||
|
||||
logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: dh.h,v 1.1.1.5 2005/02/13 00:52:59 christos Exp $ */
|
||||
/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
|
||||
/* $NetBSD: dh.h,v 1.1.1.6 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: dispatch.c,v 1.1.1.7 2005/02/13 00:52:59 christos Exp $ */
|
||||
/* $NetBSD: dispatch.c,v 1.1.1.8 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dispatch.c,v 1.21 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -22,8 +23,11 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dispatch.c,v 1.16 2003/04/08 20:21:28 itojun Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -77,7 +81,7 @@ dispatch_set(int type, dispatch_fn *fn)
|
|||
dispatch[type] = fn;
|
||||
}
|
||||
void
|
||||
dispatch_run(int mode, int *done, void *ctxt)
|
||||
dispatch_run(int mode, volatile sig_atomic_t *done, void *ctxt)
|
||||
{
|
||||
for (;;) {
|
||||
int type;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: dispatch.h,v 1.1.1.5 2002/03/08 01:20:44 itojun Exp $ */
|
||||
/* $OpenBSD: dispatch.h,v 1.9 2002/01/11 13:39:36 markus Exp $ */
|
||||
/* $NetBSD: dispatch.h,v 1.1.1.6 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dispatch.h,v 1.11 2006/04/20 09:27:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -34,6 +34,6 @@ typedef void dispatch_fn(int, u_int32_t, void *);
|
|||
void dispatch_init(dispatch_fn *);
|
||||
void dispatch_set(int, dispatch_fn *);
|
||||
void dispatch_range(u_int, u_int, dispatch_fn *);
|
||||
void dispatch_run(int, int *, void *);
|
||||
void dispatch_run(int, volatile sig_atomic_t *, void *);
|
||||
void dispatch_protocol_error(int, u_int32_t, void *);
|
||||
void dispatch_protocol_ignore(int, u_int32_t, void *);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: dns.c,v 1.1.1.2 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
|
||||
/* $NetBSD: dns.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
|
@ -26,10 +26,12 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
|
@ -123,7 +125,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
|||
*digest = (u_char *) xmalloc(*digest_len);
|
||||
memcpy(*digest, rdata + 2, *digest_len);
|
||||
} else {
|
||||
*digest = xstrdup("");
|
||||
*digest = (u_char *)xstrdup("");
|
||||
}
|
||||
|
||||
success = 1;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: dns.h,v 1.1.1.2 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */
|
||||
/* $NetBSD: dns.h,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: dns.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
|
@ -26,8 +26,6 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifndef DNS_H
|
||||
#define DNS_H
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: fatal.c,v 1.1.1.2 2005/02/13 00:52:59 christos Exp $ */
|
||||
/* $NetBSD: fatal.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,8 +24,9 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
|
@ -34,6 +36,7 @@ void
|
|||
fatal(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
va_end(args);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: groupaccess.c,v 1.1.1.5 2005/02/13 00:52:59 christos Exp $ */
|
||||
/* $NetBSD: groupaccess.c,v 1.1.1.6 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
*
|
||||
|
@ -23,11 +24,15 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <grp.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "groupaccess.h"
|
||||
#include "xmalloc.h"
|
||||
#include "groupaccess.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: groupaccess.h,v 1.1.1.3 2001/09/27 02:00:43 itojun Exp $ */
|
||||
/* $OpenBSD: groupaccess.h,v 1.4 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $NetBSD: groupaccess.h,v 1.1.1.4 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: groupaccess.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
|
@ -28,8 +28,6 @@
|
|||
#ifndef GROUPACCESS_H
|
||||
#define GROUPACCESS_H
|
||||
|
||||
#include <grp.h>
|
||||
|
||||
int ga_init(const char *, gid_t);
|
||||
int ga_match(char * const *, int);
|
||||
void ga_free(void);
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/* $NetBSD: gss-genr.c,v 1.1.1.2 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $NetBSD: gss-genr.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -25,12 +25,15 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "bufaux.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
|
@ -73,7 +76,11 @@ ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
|
|||
void
|
||||
ssh_gssapi_error(Gssctxt *ctxt)
|
||||
{
|
||||
debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
|
||||
char *s;
|
||||
|
||||
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
|
||||
debug("%s", s);
|
||||
xfree(s);
|
||||
}
|
||||
|
||||
char *
|
||||
|
@ -132,9 +139,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
void
|
||||
ssh_gssapi_build_ctx(Gssctxt **ctx)
|
||||
{
|
||||
*ctx = xmalloc(sizeof (Gssctxt));
|
||||
(*ctx)->major = 0;
|
||||
(*ctx)->minor = 0;
|
||||
*ctx = xcalloc(1, sizeof (Gssctxt));
|
||||
(*ctx)->context = GSS_C_NO_CONTEXT;
|
||||
(*ctx)->name = GSS_C_NO_NAME;
|
||||
(*ctx)->oid = GSS_C_NO_OID;
|
||||
|
@ -204,10 +209,11 @@ OM_uint32
|
|||
ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
|
||||
{
|
||||
gss_buffer_desc gssbuf;
|
||||
char *val;
|
||||
|
||||
gssbuf.length = sizeof("host@") + strlen(host);
|
||||
gssbuf.value = xmalloc(gssbuf.length);
|
||||
snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
|
||||
xasprintf(&val, "host@%s", host);
|
||||
gssbuf.value = val;
|
||||
gssbuf.length = strlen(gssbuf.value);
|
||||
|
||||
if ((ctx->major = gss_import_name(&ctx->minor,
|
||||
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
|
||||
|
@ -232,11 +238,15 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
|||
gss_create_empty_oid_set(&status, &oidset);
|
||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||
|
||||
if (gethostname(lname, MAXHOSTNAMELEN))
|
||||
if (gethostname(lname, MAXHOSTNAMELEN)) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
if ((ctx->major = gss_acquire_cred(&ctx->minor,
|
||||
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
|
||||
|
@ -278,4 +288,34 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
|
|||
return (ssh_gssapi_acquire_cred(*ctx));
|
||||
}
|
||||
|
||||
int
|
||||
ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
|
||||
{
|
||||
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
|
||||
OM_uint32 major, minor;
|
||||
gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
|
||||
|
||||
/* RFC 4462 says we MUST NOT do SPNEGO */
|
||||
if (oid->length == spnego_oid.length &&
|
||||
(memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))
|
||||
return 0; /* false */
|
||||
|
||||
ssh_gssapi_build_ctx(ctx);
|
||||
ssh_gssapi_set_oid(*ctx, oid);
|
||||
major = ssh_gssapi_import_name(*ctx, host);
|
||||
if (!GSS_ERROR(major)) {
|
||||
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
|
||||
NULL);
|
||||
gss_release_buffer(&minor, &token);
|
||||
if ((*ctx)->context != GSS_C_NO_CONTEXT)
|
||||
gss_delete_sec_context(&minor, &(*ctx)->context,
|
||||
GSS_C_NO_BUFFER);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(major))
|
||||
ssh_gssapi_delete_ctx(ctx);
|
||||
|
||||
return (!GSS_ERROR(major));
|
||||
}
|
||||
|
||||
#endif /* GSSAPI */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: gss-serv-krb5.c,v 1.1.1.2 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */
|
||||
/* $NetBSD: gss-serv-krb5.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -25,16 +25,18 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#ifdef KRB5
|
||||
|
||||
#include "auth.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
|
||||
#include "buffer.h"
|
||||
#include "ssh-gss.h"
|
||||
|
||||
#include <krb5.h>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: gss-serv.c,v 1.1.1.2 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $NetBSD: gss-serv.c,v 1.1.1.3 2006/09/28 21:15:08 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -25,18 +25,21 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#include "bufaux.h"
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "channels.h"
|
||||
#include "session.h"
|
||||
#include "servconf.h"
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "misc.h"
|
||||
|
||||
#include "ssh-gss.h"
|
||||
|
||||
|
@ -79,6 +82,8 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
|
|||
&supported_mechs[i]->oid, oidset);
|
||||
i++;
|
||||
}
|
||||
|
||||
gss_release_oid_set(&min_status, &supported);
|
||||
}
|
||||
|
||||
|
||||
|
@ -152,7 +157,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
|||
* second without.
|
||||
*/
|
||||
|
||||
oidl = GET_16BIT(tok+2); /* length including next two bytes */
|
||||
oidl = get_u16(tok+2); /* length including next two bytes */
|
||||
oidl = oidl-2; /* turn it into the _real_ length of the variable OID */
|
||||
|
||||
/*
|
||||
|
@ -169,14 +174,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
|||
if (ename->length < offset+4)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
name->length = GET_32BIT(tok+offset);
|
||||
name->length = get_u32(tok+offset);
|
||||
offset += 4;
|
||||
|
||||
if (ename->length < offset+name->length)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
name->value = xmalloc(name->length+1);
|
||||
memcpy(name->value, tok+offset,name->length);
|
||||
memcpy(name->value, tok+offset, name->length);
|
||||
((char *)name->value)[name->length] = 0;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
|
@ -235,7 +240,8 @@ ssh_gssapi_cleanup_creds(void)
|
|||
{
|
||||
if (gssapi_client.store.filename != NULL) {
|
||||
/* Unlink probably isn't sufficient */
|
||||
debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
|
||||
debug("removing gssapi cred file\"%s\"",
|
||||
gssapi_client.store.filename);
|
||||
unlink(gssapi_client.store.filename);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: hostfile.c,v 1.1.1.12 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: hostfile.c,v 1.1.1.13 2006/09/28 21:15:08 christos Exp $ */
|
||||
/* $OpenBSD: hostfile.c,v 1.45 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -36,19 +37,23 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: hostfile.c,v 1.36 2005/11/22 03:36:03 dtucker Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <resolv.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include <resolv.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
static int
|
||||
extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
|
||||
|
@ -255,8 +260,10 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
|
|||
|
||||
if (key == NULL) {
|
||||
/* we found a key of the requested type */
|
||||
if (found->type == keytype)
|
||||
if (found->type == keytype) {
|
||||
fclose(f);
|
||||
return HOST_FOUND;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: hostfile.h,v 1.1.1.11 2005/04/23 16:28:07 christos Exp $ */
|
||||
/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */
|
||||
/* $NetBSD: hostfile.h,v 1.1.1.12 2006/09/28 21:15:08 christos Exp $ */
|
||||
/* $OpenBSD: hostfile.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kex.c,v 1.1.1.17 2006/02/04 22:22:44 christos Exp $ */
|
||||
/* $NetBSD: kex.c,v 1.1.1.18 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,20 +24,23 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "packet.h"
|
||||
#include "compat.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "key.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "mac.h"
|
||||
#include "match.h"
|
||||
|
@ -45,6 +49,8 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
|
|||
|
||||
#define KEX_COOKIE_LEN 16
|
||||
|
||||
extern const EVP_MD *evp_ssh_sha256(void);
|
||||
|
||||
/* prototype */
|
||||
static void kex_kexinit_finish(Kex *);
|
||||
static void kex_choose_conf(Kex *);
|
||||
|
@ -76,7 +82,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
|||
int i;
|
||||
char **proposal;
|
||||
|
||||
proposal = xmalloc(PROPOSAL_MAX * sizeof(char *));
|
||||
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_append(&b, buffer_ptr(raw), buffer_len(raw));
|
||||
|
@ -211,8 +217,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
|
|||
{
|
||||
Kex *kex;
|
||||
|
||||
kex = xmalloc(sizeof(*kex));
|
||||
memset(kex, 0, sizeof(*kex));
|
||||
kex = xcalloc(1, sizeof(*kex));
|
||||
buffer_init(&kex->peer);
|
||||
buffer_init(&kex->my);
|
||||
kex_prop2buf(&kex->my, proposal);
|
||||
|
@ -255,6 +260,7 @@ choose_enc(Enc *enc, char *client, char *server)
|
|||
enc->key_len = cipher_keylen(enc->cipher);
|
||||
enc->block_size = cipher_blocksize(enc->cipher);
|
||||
}
|
||||
|
||||
static void
|
||||
choose_mac(Mac *mac, char *client, char *server)
|
||||
{
|
||||
|
@ -270,6 +276,7 @@ choose_mac(Mac *mac, char *client, char *server)
|
|||
mac->key = NULL;
|
||||
mac->enabled = 0;
|
||||
}
|
||||
|
||||
static void
|
||||
choose_comp(Comp *comp, char *client, char *server)
|
||||
{
|
||||
|
@ -287,6 +294,7 @@ choose_comp(Comp *comp, char *client, char *server)
|
|||
}
|
||||
comp->name = name;
|
||||
}
|
||||
|
||||
static void
|
||||
choose_kex(Kex *k, char *client, char *server)
|
||||
{
|
||||
|
@ -302,6 +310,9 @@ choose_kex(Kex *k, char *client, char *server)
|
|||
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA256;
|
||||
k->evp_md = evp_ssh_sha256();
|
||||
} else
|
||||
fatal("bad kex alg %s", k->name);
|
||||
}
|
||||
|
@ -365,8 +376,7 @@ kex_choose_conf(Kex *kex)
|
|||
|
||||
/* Algorithm Negotiation */
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
newkeys = xmalloc(sizeof(*newkeys));
|
||||
memset(newkeys, 0, sizeof(*newkeys));
|
||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||
kex->newkeys[mode] = newkeys;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
|
||||
|
@ -421,7 +431,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
|
|||
|
||||
if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
|
||||
fatal("bad kex md size %d", mdsz);
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
|
@ -474,7 +484,8 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
|
|||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
current_keys[mode] = kex->newkeys[mode];
|
||||
kex->newkeys[mode] = NULL;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
ctos = (!kex->server && mode == MODE_OUT) ||
|
||||
(kex->server && mode == MODE_IN);
|
||||
current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
|
||||
current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
|
||||
current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: kex.h,v 1.1.1.15 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */
|
||||
/* $NetBSD: kex.h,v 1.1.1.16 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.44 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -28,13 +28,11 @@
|
|||
#define KEX_H
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include "buffer.h"
|
||||
#include "cipher.h"
|
||||
#include "key.h"
|
||||
|
||||
#define KEX_DH1 "diffie-hellman-group1-sha1"
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
|
||||
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
|
@ -64,6 +62,7 @@ enum kex_exchange {
|
|||
KEX_DH_GRP1_SHA1,
|
||||
KEX_DH_GRP14_SHA1,
|
||||
KEX_DH_GEX_SHA1,
|
||||
KEX_DH_GEX_SHA256,
|
||||
KEX_MAX
|
||||
};
|
||||
|
||||
|
@ -113,7 +112,7 @@ struct Kex {
|
|||
int kex_type;
|
||||
Buffer my;
|
||||
Buffer peer;
|
||||
int done;
|
||||
sig_atomic_t done;
|
||||
int flags;
|
||||
const EVP_MD *evp_md;
|
||||
char *client_version_string;
|
||||
|
@ -143,7 +142,7 @@ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
|||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
void
|
||||
kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
|
||||
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||
BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexdh.c,v 1.1.1.7 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexdh.c,v 1.1.1.8 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,14 +24,16 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <signal.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "ssh2.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexdhc.c,v 1.1.1.3 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexdhc.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,11 +24,16 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
|
@ -83,7 +89,7 @@ kexdh_client(Kex *kex)
|
|||
if (kex->verify_host_key(server_host_key) == -1)
|
||||
fatal("server_host_key verification failed");
|
||||
|
||||
/* DH paramter f, server public DH key */
|
||||
/* DH parameter f, server public DH key */
|
||||
if ((dh_server_pub = BN_new()) == NULL)
|
||||
fatal("dh_server_pub == NULL");
|
||||
packet_get_bignum2(dh_server_pub);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexdhs.c,v 1.1.1.3 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexdhs.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,16 +24,23 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
#include "dh.h"
|
||||
#include "ssh2.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexgex.c,v 1.1.1.8 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexgex.c,v 1.1.1.9 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -24,13 +25,14 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexgexc.c,v 1.1.1.3 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexgexc.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -24,11 +25,16 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
|
@ -121,7 +127,7 @@ kexgex_client(Kex *kex)
|
|||
if (kex->verify_host_key(server_host_key) == -1)
|
||||
fatal("server_host_key verification failed");
|
||||
|
||||
/* DH paramter f, server public DH key */
|
||||
/* DH parameter f, server public DH key */
|
||||
if ((dh_server_pub = BN_new()) == NULL)
|
||||
fatal("dh_server_pub == NULL");
|
||||
packet_get_bignum2(dh_server_pub);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: kexgexs.c,v 1.1.1.2 2006/02/04 22:22:45 christos Exp $ */
|
||||
/* $NetBSD: kexgexs.c,v 1.1.1.3 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -24,17 +25,25 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
#include "dh.h"
|
||||
#include "ssh2.h"
|
||||
#include "compat.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: key.c,v 1.1.1.19 2006/02/04 22:22:46 christos Exp $ */
|
||||
/* $NetBSD: key.c,v 1.1.1.20 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* read_bignum():
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -32,17 +33,19 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "rsa.h"
|
||||
#include "uuencode.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "log.h"
|
||||
|
||||
Key *
|
||||
|
@ -51,9 +54,8 @@ key_new(int type)
|
|||
Key *k;
|
||||
RSA *rsa;
|
||||
DSA *dsa;
|
||||
k = xmalloc(sizeof(*k));
|
||||
k = xcalloc(1, sizeof(*k));
|
||||
k->type = type;
|
||||
k->flags = 0;
|
||||
k->dsa = NULL;
|
||||
k->rsa = NULL;
|
||||
switch (k->type) {
|
||||
|
@ -124,6 +126,8 @@ key_new_private(int type)
|
|||
void
|
||||
key_free(Key *k)
|
||||
{
|
||||
if (k == NULL)
|
||||
fatal("key_free: key is NULL");
|
||||
switch (k->type) {
|
||||
case KEY_RSA1:
|
||||
case KEY_RSA:
|
||||
|
@ -156,14 +160,12 @@ key_equal(const Key *a, const Key *b)
|
|||
return a->rsa != NULL && b->rsa != NULL &&
|
||||
BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
|
||||
BN_cmp(a->rsa->n, b->rsa->n) == 0;
|
||||
break;
|
||||
case KEY_DSA:
|
||||
return a->dsa != NULL && b->dsa != NULL &&
|
||||
BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
|
||||
BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
|
||||
BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
|
||||
BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
|
||||
break;
|
||||
default:
|
||||
fatal("key_equal: bad key type %d", a->type);
|
||||
break;
|
||||
|
@ -210,7 +212,6 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
|
|||
break;
|
||||
case KEY_UNSPEC:
|
||||
return retval;
|
||||
break;
|
||||
default:
|
||||
fatal("key_fingerprint_raw: bad key type %d", k->type);
|
||||
break;
|
||||
|
@ -234,8 +235,7 @@ key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
|
|||
char *retval;
|
||||
u_int i;
|
||||
|
||||
retval = xmalloc(dgst_raw_len * 3 + 1);
|
||||
retval[0] = '\0';
|
||||
retval = xcalloc(1, dgst_raw_len * 3 + 1);
|
||||
for (i = 0; i < dgst_raw_len; i++) {
|
||||
char hex[4];
|
||||
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
|
||||
|
@ -257,7 +257,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
|
|||
char *retval;
|
||||
|
||||
rounds = (dgst_raw_len / 2) + 1;
|
||||
retval = xmalloc(sizeof(char) * (rounds*6));
|
||||
retval = xcalloc((rounds * 6), sizeof(char));
|
||||
retval[j++] = 'x';
|
||||
for (i = 0; i < rounds; i++) {
|
||||
u_int idx0, idx1, idx2, idx3, idx4;
|
||||
|
@ -531,13 +531,10 @@ key_type(const Key *k)
|
|||
switch (k->type) {
|
||||
case KEY_RSA1:
|
||||
return "RSA1";
|
||||
break;
|
||||
case KEY_RSA:
|
||||
return "RSA";
|
||||
break;
|
||||
case KEY_DSA:
|
||||
return "DSA";
|
||||
break;
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
@ -548,10 +545,8 @@ key_ssh_name(const Key *k)
|
|||
switch (k->type) {
|
||||
case KEY_RSA:
|
||||
return "ssh-rsa";
|
||||
break;
|
||||
case KEY_DSA:
|
||||
return "ssh-dss";
|
||||
break;
|
||||
}
|
||||
return "ssh-unknown";
|
||||
}
|
||||
|
@ -563,10 +558,8 @@ key_size(const Key *k)
|
|||
case KEY_RSA1:
|
||||
case KEY_RSA:
|
||||
return BN_num_bits(k->rsa->n);
|
||||
break;
|
||||
case KEY_DSA:
|
||||
return BN_num_bits(k->dsa->p);
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -575,6 +568,7 @@ static RSA *
|
|||
rsa_generate_private_key(u_int bits)
|
||||
{
|
||||
RSA *private;
|
||||
|
||||
private = RSA_generate_key(bits, 35, NULL, NULL);
|
||||
if (private == NULL)
|
||||
fatal("rsa_generate_private_key: key generation failed.");
|
||||
|
@ -585,6 +579,7 @@ static DSA*
|
|||
dsa_generate_private_key(u_int bits)
|
||||
{
|
||||
DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
|
||||
|
||||
if (private == NULL)
|
||||
fatal("dsa_generate_private_key: DSA_generate_parameters failed");
|
||||
if (!DSA_generate_key(private))
|
||||
|
@ -794,14 +789,11 @@ key_sign(
|
|||
switch (key->type) {
|
||||
case KEY_DSA:
|
||||
return ssh_dss_sign(key, sigp, lenp, data, datalen);
|
||||
break;
|
||||
case KEY_RSA:
|
||||
return ssh_rsa_sign(key, sigp, lenp, data, datalen);
|
||||
break;
|
||||
default:
|
||||
error("key_sign: invalid key type %d", key->type);
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -821,14 +813,11 @@ key_verify(
|
|||
switch (key->type) {
|
||||
case KEY_DSA:
|
||||
return ssh_dss_verify(key, signature, signaturelen, data, datalen);
|
||||
break;
|
||||
case KEY_RSA:
|
||||
return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
|
||||
break;
|
||||
default:
|
||||
error("key_verify: invalid key type %d", key->type);
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -838,7 +827,7 @@ key_demote(const Key *k)
|
|||
{
|
||||
Key *pk;
|
||||
|
||||
pk = xmalloc(sizeof(*pk));
|
||||
pk = xcalloc(1, sizeof(*pk));
|
||||
pk->type = k->type;
|
||||
pk->flags = k->flags;
|
||||
pk->dsa = NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: key.h,v 1.1.1.11 2005/02/13 00:53:01 christos Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */
|
||||
/* $NetBSD: key.h,v 1.1.1.12 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: log.c,v 1.1.1.10 2005/02/13 00:53:01 christos Exp $ */
|
||||
/* $NetBSD: log.c,v 1.1.1.11 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: log.c,v 1.39 2006/08/18 09:13:25 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -34,15 +35,19 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $");
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#include <vis.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||
static int log_on_stderr = 1;
|
||||
static int log_facility = LOG_AUTH;
|
||||
|
@ -123,6 +128,18 @@ error(const char *fmt,...)
|
|||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
sigdie(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
va_end(args);
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
|
||||
/* Log this message (information that usually should go to the log). */
|
||||
|
||||
void
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: log.h,v 1.1.1.7 2005/02/13 00:53:01 christos Exp $ */
|
||||
/* $OpenBSD: log.h,v 1.11 2004/06/21 22:02:58 djm Exp $ */
|
||||
/* $NetBSD: log.h,v 1.1.1.8 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: log.h,v 1.15 2006/08/18 09:13:25 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -51,6 +51,7 @@ LogLevel log_level_number(char *);
|
|||
|
||||
void fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2)));
|
||||
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: mac.c,v 1.1.1.6 2006/02/04 22:22:46 christos Exp $ */
|
||||
/* $NetBSD: mac.c,v 1.1.1.7 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,17 +24,21 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "log.h"
|
||||
#include "cipher.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "kex.h"
|
||||
#include "mac.h"
|
||||
#include "misc.h"
|
||||
|
||||
struct {
|
||||
char *name;
|
||||
|
@ -84,7 +89,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
|||
if (mac->mac_len > sizeof(m))
|
||||
fatal("mac_compute: mac too long");
|
||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||
PUT_32BIT(b, seqno);
|
||||
put_u32(b, seqno);
|
||||
HMAC_Update(&c, b, sizeof(b));
|
||||
HMAC_Update(&c, data, datalen);
|
||||
HMAC_Final(&c, m, NULL);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: mac.h,v 1.1.1.3 2001/09/27 02:00:44 itojun Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */
|
||||
/* $NetBSD: mac.h,v 1.1.1.4 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: match.c,v 1.1.1.9 2006/02/04 22:22:47 christos Exp $ */
|
||||
/* $NetBSD: match.c,v 1.1.1.10 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: match.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,11 +36,13 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "match.h"
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
|
||||
/*
|
||||
* Returns true if the given string matches the pattern (which may contain ?
|
||||
|
@ -137,7 +140,7 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
|
|||
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
||||
subi++, i++)
|
||||
sub[subi] = dolower && isupper(pattern[i]) ?
|
||||
tolower(pattern[i]) : pattern[i];
|
||||
(char)tolower(pattern[i]) : pattern[i];
|
||||
/* If subpattern too long, return failure (no match). */
|
||||
if (subi >= sizeof(sub) - 1)
|
||||
return 0;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: match.h,v 1.1.1.8 2002/03/08 01:20:47 itojun Exp $ */
|
||||
/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */
|
||||
/* $NetBSD: match.h,v 1.1.1.9 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: match.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
/* $NetBSD: md-sha256.c,v 1.1.1.1 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2005 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* EVP wrapper for SHA256 */
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <sha2.h>
|
||||
#include <string.h>
|
||||
|
||||
const EVP_MD *evp_ssh_sha256(void);
|
||||
|
||||
static int
|
||||
ssh_sha256_init(EVP_MD_CTX *ctxt)
|
||||
{
|
||||
SHA256_Init(ctxt->md_data);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
|
||||
{
|
||||
SHA256_Update(ctxt->md_data, data, len);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
|
||||
{
|
||||
SHA256_Final(digest, ctxt->md_data);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
|
||||
{
|
||||
memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
|
||||
return (1);
|
||||
}
|
||||
|
||||
const EVP_MD *
|
||||
evp_ssh_sha256(void)
|
||||
{
|
||||
static EVP_MD ssh_sha256;
|
||||
|
||||
memset(&ssh_sha256, 0, sizeof(ssh_sha256));
|
||||
ssh_sha256.type = NID_undef;
|
||||
ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
|
||||
ssh_sha256.init = ssh_sha256_init;
|
||||
ssh_sha256.update = ssh_sha256_update;
|
||||
ssh_sha256.final = ssh_sha256_final;
|
||||
ssh_sha256.cleanup = ssh_sha256_cleanup;
|
||||
ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
|
||||
ssh_sha256.ctx_size = sizeof(SHA256_CTX);
|
||||
|
||||
return (&ssh_sha256);
|
||||
}
|
|
@ -1,7 +1,8 @@
|
|||
/* $NetBSD: misc.c,v 1.1.1.12 2006/02/04 22:22:47 christos Exp $ */
|
||||
/* $NetBSD: misc.c,v 1.1.1.13 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -24,14 +25,29 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <paths.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
|
||||
/* remove newline at end of string */
|
||||
char *
|
||||
|
@ -122,6 +138,7 @@ set_nodelay(int fd)
|
|||
|
||||
/* Characters considered whitespace in strsep calls. */
|
||||
#define WHITESPACE " \t\r\n"
|
||||
#define QUOTE "\""
|
||||
|
||||
/* return next token in configuration line */
|
||||
char *
|
||||
|
@ -135,15 +152,27 @@ strdelim(char **s)
|
|||
|
||||
old = *s;
|
||||
|
||||
*s = strpbrk(*s, WHITESPACE "=");
|
||||
*s = strpbrk(*s, WHITESPACE QUOTE "=");
|
||||
if (*s == NULL)
|
||||
return (old);
|
||||
|
||||
if (*s[0] == '\"') {
|
||||
memmove(*s, *s + 1, strlen(*s)); /* move nul too */
|
||||
/* Find matching quote */
|
||||
if ((*s = strpbrk(*s, QUOTE)) == NULL) {
|
||||
return (NULL); /* no matching quote */
|
||||
} else {
|
||||
*s[0] = '\0';
|
||||
return (old);
|
||||
}
|
||||
}
|
||||
|
||||
/* Allow only one '=' to be skipped */
|
||||
if (*s[0] == '=')
|
||||
wspace = 1;
|
||||
*s[0] = '\0';
|
||||
|
||||
/* Skip any extra whitespace after first token */
|
||||
*s += strspn(*s + 1, WHITESPACE) + 1;
|
||||
if (*s[0] == '=' && !wspace)
|
||||
*s += strspn(*s + 1, WHITESPACE) + 1;
|
||||
|
@ -154,9 +183,8 @@ strdelim(char **s)
|
|||
struct passwd *
|
||||
pwcopy(struct passwd *pw)
|
||||
{
|
||||
struct passwd *copy = xmalloc(sizeof(*copy));
|
||||
struct passwd *copy = xcalloc(1, sizeof(*copy));
|
||||
|
||||
memset(copy, 0, sizeof(*copy));
|
||||
copy->pw_name = xstrdup(pw->pw_name);
|
||||
copy->pw_passwd = xstrdup(pw->pw_passwd);
|
||||
copy->pw_gecos = xstrdup(pw->pw_gecos);
|
||||
|
@ -273,6 +301,7 @@ convtime(const char *s)
|
|||
switch (*endp++) {
|
||||
case '\0':
|
||||
endp--;
|
||||
break;
|
||||
case 's':
|
||||
case 'S':
|
||||
break;
|
||||
|
@ -304,6 +333,23 @@ convtime(const char *s)
|
|||
return total;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns a standardized host+port identifier string.
|
||||
* Caller must free returned string.
|
||||
*/
|
||||
char *
|
||||
put_host_port(const char *host, u_short port)
|
||||
{
|
||||
char *hoststr;
|
||||
|
||||
if (port == 0 || port == SSH_DEFAULT_PORT)
|
||||
return(xstrdup(host));
|
||||
if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
|
||||
fatal("put_host_port: asprintf: %s", strerror(errno));
|
||||
debug3("put_host_port: %s", hoststr);
|
||||
return hoststr;
|
||||
}
|
||||
|
||||
/*
|
||||
* Search for next delimiter between hostnames/addresses and ports.
|
||||
* Argument may be modified (for termination).
|
||||
|
@ -401,7 +447,7 @@ addargs(arglist *args, char *fmt, ...)
|
|||
} else if (args->num+2 >= nalloc)
|
||||
nalloc *= 2;
|
||||
|
||||
args->list = xrealloc(args->list, nalloc * sizeof(char *));
|
||||
args->list = xrealloc(args->list, nalloc, sizeof(char *));
|
||||
args->nalloc = nalloc;
|
||||
args->list[args->num++] = cp;
|
||||
args->list[args->num] = NULL;
|
||||
|
@ -659,18 +705,100 @@ sanitise_stdfd(void)
|
|||
}
|
||||
|
||||
char *
|
||||
tohex(const u_char *d, u_int l)
|
||||
tohex(const void *vp, size_t l)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
char b[3], *r;
|
||||
u_int i, hl;
|
||||
size_t i, hl;
|
||||
|
||||
if (l > 65536)
|
||||
return xstrdup("tohex: length > 65536");
|
||||
|
||||
hl = l * 2 + 1;
|
||||
r = xmalloc(hl);
|
||||
*r = '\0';
|
||||
r = xcalloc(1, hl);
|
||||
for (i = 0; i < l; i++) {
|
||||
snprintf(b, sizeof(b), "%02x", d[i]);
|
||||
snprintf(b, sizeof(b), "%02x", p[i]);
|
||||
strlcat(r, b, hl);
|
||||
}
|
||||
return (r);
|
||||
}
|
||||
|
||||
u_int64_t
|
||||
get_u64(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int64_t v;
|
||||
|
||||
v = (u_int64_t)p[0] << 56;
|
||||
v |= (u_int64_t)p[1] << 48;
|
||||
v |= (u_int64_t)p[2] << 40;
|
||||
v |= (u_int64_t)p[3] << 32;
|
||||
v |= (u_int64_t)p[4] << 24;
|
||||
v |= (u_int64_t)p[5] << 16;
|
||||
v |= (u_int64_t)p[6] << 8;
|
||||
v |= (u_int64_t)p[7];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
u_int32_t
|
||||
get_u32(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int32_t v;
|
||||
|
||||
v = (u_int32_t)p[0] << 24;
|
||||
v |= (u_int32_t)p[1] << 16;
|
||||
v |= (u_int32_t)p[2] << 8;
|
||||
v |= (u_int32_t)p[3];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
u_int16_t
|
||||
get_u16(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int16_t v;
|
||||
|
||||
v = (u_int16_t)p[0] << 8;
|
||||
v |= (u_int16_t)p[1];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
void
|
||||
put_u64(void *vp, u_int64_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 56) & 0xff;
|
||||
p[1] = (u_char)(v >> 48) & 0xff;
|
||||
p[2] = (u_char)(v >> 40) & 0xff;
|
||||
p[3] = (u_char)(v >> 32) & 0xff;
|
||||
p[4] = (u_char)(v >> 24) & 0xff;
|
||||
p[5] = (u_char)(v >> 16) & 0xff;
|
||||
p[6] = (u_char)(v >> 8) & 0xff;
|
||||
p[7] = (u_char)v & 0xff;
|
||||
}
|
||||
|
||||
void
|
||||
put_u32(void *vp, u_int32_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 24) & 0xff;
|
||||
p[1] = (u_char)(v >> 16) & 0xff;
|
||||
p[2] = (u_char)(v >> 8) & 0xff;
|
||||
p[3] = (u_char)v & 0xff;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
put_u16(void *vp, u_int16_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 8) & 0xff;
|
||||
p[1] = (u_char)v & 0xff;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: misc.h,v 1.1.1.11 2006/02/04 22:22:47 christos Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */
|
||||
/* $NetBSD: misc.h,v 1.1.1.12 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -13,6 +13,9 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#ifndef _MISC_H
|
||||
#define _MISC_H
|
||||
|
||||
/* misc.c */
|
||||
|
||||
char *chop(char *);
|
||||
|
@ -22,13 +25,14 @@ int unset_nonblock(int);
|
|||
void set_nodelay(int);
|
||||
int a2port(const char *);
|
||||
int a2tun(const char *, int *);
|
||||
char *put_host_port(const char *, u_short);
|
||||
char *hpdelim(char **);
|
||||
char *cleanhostname(char *);
|
||||
char *colon(char *);
|
||||
long convtime(const char *);
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *tohex(const u_char *, u_int);
|
||||
char *tohex(const void *, size_t);
|
||||
void sanitise_stdfd(void);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
|
@ -45,17 +49,6 @@ void replacearg(arglist *, u_int, char *, ...)
|
|||
__attribute__((format(printf, 3, 4)));
|
||||
void freeargs(arglist *);
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
#define RP_ALLOW_STDIN 0x0002
|
||||
#define RP_ALLOW_EOF 0x0004
|
||||
#define RP_USE_ASKPASS 0x0008
|
||||
|
||||
char *read_passphrase(const char *, int);
|
||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
|
||||
|
||||
int tun_open(int, int);
|
||||
|
||||
/* Common definitions for ssh tunnel device forwarding */
|
||||
|
@ -68,3 +61,31 @@ int tun_open(int, int);
|
|||
#define SSH_TUNID_ANY 0x7fffffff
|
||||
#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1)
|
||||
#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2)
|
||||
|
||||
/* Functions to extract or store big-endian words of various sizes */
|
||||
u_int64_t get_u64(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 8)));
|
||||
u_int32_t get_u32(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 4)));
|
||||
u_int16_t get_u16(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 2)));
|
||||
void put_u64(void *, u_int64_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 8)));
|
||||
void put_u32(void *, u_int32_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 4)));
|
||||
void put_u16(void *, u_int16_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 2)));
|
||||
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
#define RP_ALLOW_STDIN 0x0002
|
||||
#define RP_ALLOW_EOF 0x0004
|
||||
#define RP_USE_ASKPASS 0x0008
|
||||
|
||||
char *read_passphrase(const char *, int);
|
||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
|
||||
|
||||
#endif /* _MISC_H */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: moduli.c,v 1.1.1.3 2006/02/04 22:22:48 christos Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
|
||||
/* $NetBSD: moduli.c,v 1.1.1.4 2006/09/28 21:15:11 christos Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
|
@ -38,12 +38,19 @@
|
|||
* Second step: test primes' safety (processor intensive)
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
/*
|
||||
* File output defines
|
||||
*/
|
||||
|
@ -302,21 +309,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
|||
largewords = (largememory << SHIFT_MEGAWORD);
|
||||
}
|
||||
|
||||
TinySieve = calloc(tinywords, sizeof(u_int32_t));
|
||||
if (TinySieve == NULL) {
|
||||
error("Insufficient memory for tiny sieve: need %u bytes",
|
||||
tinywords << SHIFT_BYTE);
|
||||
exit(1);
|
||||
}
|
||||
TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
|
||||
tinybits = tinywords << SHIFT_WORD;
|
||||
|
||||
SmallSieve = calloc(smallwords, sizeof(u_int32_t));
|
||||
if (SmallSieve == NULL) {
|
||||
error("Insufficient memory for small sieve: need %u bytes",
|
||||
smallwords << SHIFT_BYTE);
|
||||
xfree(TinySieve);
|
||||
exit(1);
|
||||
}
|
||||
SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
|
||||
smallbits = smallwords << SHIFT_WORD;
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: monitor.c,v 1.1.1.9 2006/02/04 22:22:54 christos Exp $ */
|
||||
/* $NetBSD: monitor.c,v 1.1.1.10 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -25,20 +26,36 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/tree.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <paths.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef SKEY
|
||||
#include <skey.h>
|
||||
#endif
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "key.h"
|
||||
#include "buffer.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "dh.h"
|
||||
#include "zlib.h"
|
||||
#include <zlib.h>
|
||||
#include "packet.h"
|
||||
#include "auth-options.h"
|
||||
#include "sshpty.h"
|
||||
|
@ -50,17 +67,16 @@ RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $");
|
|||
#include "servconf.h"
|
||||
#include "monitor.h"
|
||||
#include "monitor_mm.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "monitor_fdpass.h"
|
||||
#include "xmalloc.h"
|
||||
#include "misc.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "compat.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
static Gssctxt *gsscontext = NULL;
|
||||
#endif
|
||||
|
||||
|
@ -152,6 +168,7 @@ struct mon_table {
|
|||
#define MON_ISAUTH 0x0004 /* Required for Authentication */
|
||||
#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */
|
||||
#define MON_ONCE 0x0010 /* Disable after calling */
|
||||
#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */
|
||||
|
||||
#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE)
|
||||
|
||||
|
@ -166,7 +183,7 @@ struct mon_table mon_dispatch_proto20[] = {
|
|||
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
|
||||
#ifdef BSD_AUTH
|
||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
|
||||
#endif
|
||||
#ifdef SKEY
|
||||
{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
|
||||
|
@ -197,13 +214,13 @@ struct mon_table mon_dispatch_proto15[] = {
|
|||
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
|
||||
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
|
||||
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
|
||||
{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed},
|
||||
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
|
||||
{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
|
||||
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
|
||||
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
|
||||
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
|
||||
#ifdef BSD_AUTH
|
||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
|
||||
#endif
|
||||
#ifdef SKEY
|
||||
{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
|
||||
|
@ -275,6 +292,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
|||
|
||||
/* The first few requests do not require asynchronous access */
|
||||
while (!authenticated) {
|
||||
auth_method = "unknown";
|
||||
authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
|
||||
if (authenticated) {
|
||||
if (!(ent->flags & MON_AUTHDECIDE))
|
||||
|
@ -285,7 +303,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
|||
authenticated = 0;
|
||||
}
|
||||
|
||||
if (ent->flags & MON_AUTHDECIDE) {
|
||||
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
|
||||
auth_log(authctxt, authenticated, auth_method,
|
||||
compat20 ? " ssh2" : "");
|
||||
if (!authenticated)
|
||||
|
@ -295,6 +313,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
|||
|
||||
if (!authctxt->valid)
|
||||
fatal("%s: authenticated invalid user", __func__);
|
||||
if (strcmp(auth_method, "unknown") == 0)
|
||||
fatal("%s: authentication method name unknown", __func__);
|
||||
|
||||
debug("%s: %s has been authenticated by privileged process",
|
||||
__func__, authctxt->user);
|
||||
|
@ -474,7 +494,11 @@ mm_answer_sign(int sock, Buffer *m)
|
|||
keyid = buffer_get_int(m);
|
||||
p = buffer_get_string(m, &datlen);
|
||||
|
||||
if (datlen != 20)
|
||||
/*
|
||||
* Supported KEX types will only return SHA1 (20 byte) or
|
||||
* SHA256 (32 byte) hashes
|
||||
*/
|
||||
if (datlen != 20 && datlen != 32)
|
||||
fatal("%s: data length incorrect: %u", __func__, datlen);
|
||||
|
||||
/* save session id, it will be passed on the first call */
|
||||
|
@ -777,17 +801,20 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
|||
case MM_USERKEY:
|
||||
allowed = options.pubkey_authentication &&
|
||||
user_key_allowed(authctxt->pw, key);
|
||||
auth_method = "publickey";
|
||||
break;
|
||||
case MM_HOSTKEY:
|
||||
allowed = options.hostbased_authentication &&
|
||||
hostbased_key_allowed(authctxt->pw,
|
||||
cuser, chost, key);
|
||||
auth_method = "hostbased";
|
||||
break;
|
||||
case MM_RSAHOSTKEY:
|
||||
key->type = KEY_RSA1; /* XXX */
|
||||
allowed = options.rhosts_rsa_authentication &&
|
||||
auth_rhosts_rsa_key_allowed(authctxt->pw,
|
||||
cuser, chost, key);
|
||||
auth_method = "rsa";
|
||||
break;
|
||||
default:
|
||||
fatal("%s: unknown key type %d", __func__, type);
|
||||
|
@ -807,6 +834,12 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
|||
key_blobtype = type;
|
||||
hostbased_cuser = cuser;
|
||||
hostbased_chost = chost;
|
||||
} else {
|
||||
/* Log failed attempt */
|
||||
auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
|
||||
xfree(blob);
|
||||
xfree(cuser);
|
||||
xfree(chost);
|
||||
}
|
||||
|
||||
debug3("%s: key %p is %s",
|
||||
|
@ -1008,7 +1041,7 @@ mm_record_login(Session *s, struct passwd *pw)
|
|||
fromlen = sizeof(from);
|
||||
if (packet_connection_is_on_socket()) {
|
||||
if (getpeername(packet_get_connection_in(),
|
||||
(struct sockaddr *) & from, &fromlen) < 0) {
|
||||
(struct sockaddr *)&from, &fromlen) < 0) {
|
||||
debug("getpeername: %.100s", strerror(errno));
|
||||
cleanup_exit(255);
|
||||
}
|
||||
|
@ -1024,7 +1057,7 @@ mm_session_close(Session *s)
|
|||
{
|
||||
debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
|
||||
if (s->ttyfd != -1) {
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||
session_pty_cleanup2(s);
|
||||
}
|
||||
s->used = 0;
|
||||
|
@ -1084,7 +1117,7 @@ mm_answer_pty(int sock, Buffer *m)
|
|||
/* no need to dup() because nobody closes ptyfd */
|
||||
s->ptymaster = s->ptyfd;
|
||||
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
|
||||
|
||||
return (0);
|
||||
|
||||
|
@ -1171,6 +1204,7 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m)
|
|||
|
||||
debug3("%s entering", __func__);
|
||||
|
||||
auth_method = "rsa";
|
||||
if (options.rsa_authentication && authctxt->valid) {
|
||||
if ((client_n = BN_new()) == NULL)
|
||||
fatal("%s: BN_new", __func__);
|
||||
|
@ -1365,8 +1399,7 @@ mm_get_kex(Buffer *m)
|
|||
void *blob;
|
||||
u_int bloblen;
|
||||
|
||||
kex = xmalloc(sizeof(*kex));
|
||||
memset(kex, 0, sizeof(*kex));
|
||||
kex = xcalloc(1, sizeof(*kex));
|
||||
kex->session_id = buffer_get_string(m, &kex->session_id_len);
|
||||
if ((session_id2 == NULL) ||
|
||||
(kex->session_id_len != session_id2_len) ||
|
||||
|
@ -1376,6 +1409,7 @@ mm_get_kex(Buffer *m)
|
|||
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
||||
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
|
||||
kex->server = 1;
|
||||
kex->hostkey_type = buffer_get_int(m);
|
||||
kex->kex_type = buffer_get_int(m);
|
||||
|
@ -1530,9 +1564,8 @@ monitor_init(void)
|
|||
struct monitor *mon;
|
||||
int pair[2];
|
||||
|
||||
mon = xmalloc(sizeof(*mon));
|
||||
mon = xcalloc(1, sizeof(*mon));
|
||||
|
||||
mon->m_pid = 0;
|
||||
monitor_socketpair(pair);
|
||||
|
||||
mon->m_recvfd = pair[0];
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor.h,v 1.1.1.5 2005/02/13 00:53:03 christos Exp $ */
|
||||
/* $OpenBSD: monitor.h,v 1.13 2003/11/17 11:06:07 markus Exp $ */
|
||||
/* $NetBSD: monitor.h,v 1.1.1.6 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: monitor_fdpass.c,v 1.1.1.4 2005/02/13 00:53:04 christos Exp $ */
|
||||
/* $NetBSD: monitor_fdpass.c,v 1.1.1.5 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
|
@ -24,11 +25,14 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "monitor_fdpass.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor_fdpass.h,v 1.1.1.1 2002/04/22 07:38:02 itojun Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $NetBSD: monitor_fdpass.h,v 1.1.1.2 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: monitor_mm.c,v 1.1.1.4 2005/02/13 00:53:04 christos Exp $ */
|
||||
/* $NetBSD: monitor_mm.c,v 1.1.1.5 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor_mm.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
|
@ -24,13 +25,17 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/mman.h>
|
||||
#include <sys/tree.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
#include "monitor_mm.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor_mm.h,v 1.1.1.1 2002/04/22 07:38:03 itojun Exp $ */
|
||||
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $NetBSD: monitor_mm.h,v 1.1.1.2 2006/09/28 21:15:12 christos Exp $ */
|
||||
/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
@ -28,7 +28,6 @@
|
|||
|
||||
#ifndef _MM_H_
|
||||
#define _MM_H_
|
||||
#include <sys/tree.h>
|
||||
|
||||
struct mm_share {
|
||||
RB_ENTRY(mm_share) next;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: monitor_wrap.c,v 1.1.1.7 2006/02/04 22:22:55 christos Exp $ */
|
||||
/* $NetBSD: monitor_wrap.c,v 1.1.1.8 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -25,37 +26,44 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "dh.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "packet.h"
|
||||
#include "mac.h"
|
||||
#include "log.h"
|
||||
#include "zlib.h"
|
||||
#include <zlib.h>
|
||||
#include "monitor.h"
|
||||
#include "monitor_wrap.h"
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
#include "monitor_fdpass.h"
|
||||
#include "getput.h"
|
||||
|
||||
#include "auth.h"
|
||||
#include "channels.h"
|
||||
#include "session.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "atomicio.h"
|
||||
#include "monitor_fdpass.h"
|
||||
#include "misc.h"
|
||||
|
||||
#include "channels.h"
|
||||
#include "session.h"
|
||||
|
||||
/* Imports */
|
||||
extern int compat20;
|
||||
|
@ -84,7 +92,7 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
|
|||
|
||||
debug3("%s entering: type %d", __func__, type);
|
||||
|
||||
PUT_32BIT(buf, mlen + 1);
|
||||
put_u32(buf, mlen + 1);
|
||||
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
|
@ -105,7 +113,7 @@ mm_request_receive(int sock, Buffer *m)
|
|||
cleanup_exit(255);
|
||||
fatal("%s: read: %s", __func__, strerror(errno));
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
msg_len = get_u32(buf);
|
||||
if (msg_len > 256 * 1024)
|
||||
fatal("%s: read: bad msg_len %d", __func__, msg_len);
|
||||
buffer_clear(m);
|
||||
|
@ -628,7 +636,7 @@ mm_send_keystate(struct monitor *monitor)
|
|||
}
|
||||
|
||||
int
|
||||
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
|
||||
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
||||
{
|
||||
Buffer m;
|
||||
char *p, *msg;
|
||||
|
@ -722,8 +730,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
|
|||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
}
|
||||
|
||||
|
@ -790,9 +798,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
|
|||
u_int *numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Buffer m;
|
||||
int len;
|
||||
u_int success;
|
||||
char *p, *challenge;
|
||||
char *challenge;
|
||||
|
||||
debug3("%s: entering", __func__);
|
||||
|
||||
|
@ -816,11 +823,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
|
|||
|
||||
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
|
||||
|
||||
len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
|
||||
p = xmalloc(len);
|
||||
strlcpy(p, challenge, len);
|
||||
strlcat(p, SKEY_PROMPT, len);
|
||||
(*prompts)[0] = p;
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
xfree(challenge);
|
||||
|
||||
return (0);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor_wrap.h,v 1.1.1.4 2005/02/13 00:53:04 christos Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.h,v 1.14 2004/06/21 17:36:31 avsm Exp $ */
|
||||
/* $NetBSD: monitor_wrap.h,v 1.1.1.5 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.h,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
@ -28,8 +28,6 @@
|
|||
|
||||
#ifndef _MM_WRAP_H_
|
||||
#define _MM_WRAP_H_
|
||||
#include "key.h"
|
||||
#include "buffer.h"
|
||||
|
||||
extern int use_privsep;
|
||||
#define PRIVSEP(x) (use_privsep ? mm_##x : x)
|
||||
|
@ -38,7 +36,6 @@ enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY}
|
|||
|
||||
struct monitor;
|
||||
struct mm_master;
|
||||
struct passwd;
|
||||
struct Authctxt;
|
||||
|
||||
int mm_is_monitor(void);
|
||||
|
@ -58,7 +55,6 @@ int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
|
|||
BIGNUM *mm_auth_rsa_generate_challenge(Key *);
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
|
||||
gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
|
||||
|
@ -68,7 +64,7 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
|||
|
||||
struct Session;
|
||||
void mm_terminate(void);
|
||||
int mm_pty_allocate(int *, int *, char *, int);
|
||||
int mm_pty_allocate(int *, int *, char *, size_t);
|
||||
void mm_session_pty_cleanup2(struct Session *);
|
||||
|
||||
/* SSHv1 interfaces */
|
||||
|
@ -97,4 +93,4 @@ void *mm_zalloc(struct mm_master *, u_int, u_int);
|
|||
void mm_zfree(struct mm_master *, void *);
|
||||
void mm_init_compression(struct mm_master *);
|
||||
|
||||
#endif /* _MM_H_ */
|
||||
#endif /* _MM_WRAP_H_ */
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: msg.c,v 1.1.1.6 2006/02/04 22:22:55 christos Exp $ */
|
||||
/* $NetBSD: msg.c,v 1.1.1.7 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: msg.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -22,14 +23,21 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "getput.h"
|
||||
#include "log.h"
|
||||
#include "atomicio.h"
|
||||
#include "msg.h"
|
||||
#include "misc.h"
|
||||
|
||||
int
|
||||
ssh_msg_send(int fd, u_char type, Buffer *m)
|
||||
|
@ -39,7 +47,7 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
|
|||
|
||||
debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
|
||||
|
||||
PUT_32BIT(buf, mlen + 1);
|
||||
put_u32(buf, mlen + 1);
|
||||
buf[4] = type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
error("ssh_msg_send: write");
|
||||
|
@ -65,7 +73,7 @@ ssh_msg_recv(int fd, Buffer *m)
|
|||
error("ssh_msg_recv: read: header");
|
||||
return (-1);
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
msg_len = get_u32(buf);
|
||||
if (msg_len > 256 * 1024) {
|
||||
error("ssh_msg_recv: read: bad msg_len %u", msg_len);
|
||||
return (-1);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: msg.h,v 1.1.1.3 2005/02/13 00:53:04 christos Exp $ */
|
||||
/* $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $ */
|
||||
/* $NetBSD: msg.h,v 1.1.1.4 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: myproposal.h,v 1.1.1.10 2006/02/04 22:22:55 christos Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */
|
||||
/* $NetBSD: myproposal.h,v 1.1.1.11 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.21 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -24,7 +24,9 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \
|
||||
#define KEX_DEFAULT_KEX \
|
||||
"diffie-hellman-group-exchange-sha256," \
|
||||
"diffie-hellman-group-exchange-sha1," \
|
||||
"diffie-hellman-group14-sha1," \
|
||||
"diffie-hellman-group1-sha1"
|
||||
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: nchan.c,v 1.1.1.13 2005/02/13 00:53:04 christos Exp $ */
|
||||
/* $NetBSD: nchan.c,v 1.1.1.14 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -23,8 +24,12 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* $NetBSD: packet.c,v 1.1.1.19 2006/02/04 22:22:56 christos Exp $ */
|
||||
/* $NetBSD: packet.c,v 1.1.1.20 2006/09/28 21:15:14 christos Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -37,27 +38,36 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "packet.h"
|
||||
#include "bufaux.h"
|
||||
#include "crc32.h"
|
||||
#include "getput.h"
|
||||
|
||||
#include "compress.h"
|
||||
#include "deattack.h"
|
||||
#include "channels.h"
|
||||
|
||||
#include "compat.h"
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
#include "cipher.h"
|
||||
#include "key.h"
|
||||
#include "kex.h"
|
||||
#include "mac.h"
|
||||
#include "log.h"
|
||||
|
@ -259,6 +269,7 @@ packet_get_keyiv_len(int mode)
|
|||
|
||||
return (cipher_get_keyiv_len(cc));
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_iv(int mode, u_char *dat)
|
||||
{
|
||||
|
@ -271,6 +282,7 @@ packet_set_iv(int mode, u_char *dat)
|
|||
|
||||
cipher_set_keyiv(cc, dat);
|
||||
}
|
||||
|
||||
int
|
||||
packet_get_ssh1_cipher(void)
|
||||
{
|
||||
|
@ -467,31 +479,37 @@ packet_put_char(int value)
|
|||
|
||||
buffer_append(&outgoing_packet, &ch, 1);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_int(u_int value)
|
||||
{
|
||||
buffer_put_int(&outgoing_packet, value);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_string(const void *buf, u_int len)
|
||||
{
|
||||
buffer_put_string(&outgoing_packet, buf, len);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_cstring(const char *str)
|
||||
{
|
||||
buffer_put_cstring(&outgoing_packet, str);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_raw(const void *buf, u_int len)
|
||||
{
|
||||
buffer_append(&outgoing_packet, buf, len);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_bignum(BIGNUM * value)
|
||||
{
|
||||
buffer_put_bignum(&outgoing_packet, value);
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_bignum2(BIGNUM * value)
|
||||
{
|
||||
|
@ -545,7 +563,7 @@ packet_send1(void)
|
|||
/* Add check bytes. */
|
||||
checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
|
||||
buffer_len(&outgoing_packet));
|
||||
PUT_32BIT(buf, checksum);
|
||||
put_u32(buf, checksum);
|
||||
buffer_append(&outgoing_packet, buf, 4);
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
|
@ -554,7 +572,7 @@ packet_send1(void)
|
|||
#endif
|
||||
|
||||
/* Append to output. */
|
||||
PUT_32BIT(buf, len);
|
||||
put_u32(buf, len);
|
||||
buffer_append(&output, buf, 4);
|
||||
cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
|
||||
cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
|
||||
|
@ -650,7 +668,7 @@ set_newkeys(int mode)
|
|||
|
||||
/*
|
||||
* Delayed compression for SSH2 is enabled after authentication:
|
||||
* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
|
||||
* This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
|
||||
* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
|
||||
*/
|
||||
static void
|
||||
|
@ -757,7 +775,7 @@ packet_send2_wrapped(void)
|
|||
/* packet_length includes payload, padding and padding length field */
|
||||
packet_length = buffer_len(&outgoing_packet) - 4;
|
||||
cp = buffer_ptr(&outgoing_packet);
|
||||
PUT_32BIT(cp, packet_length);
|
||||
put_u32(cp, packet_length);
|
||||
cp[4] = padlen;
|
||||
DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
|
||||
|
||||
|
@ -774,7 +792,7 @@ packet_send2_wrapped(void)
|
|||
buffer_len(&outgoing_packet));
|
||||
/* append unencrypted MAC */
|
||||
if (mac && mac->enabled)
|
||||
buffer_append(&output, (char *)macbuf, mac->mac_len);
|
||||
buffer_append(&output, macbuf, mac->mac_len);
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "encrypted: ");
|
||||
buffer_dump(&output);
|
||||
|
@ -864,7 +882,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
|
|||
char buf[8192];
|
||||
DBG(debug("packet_read()"));
|
||||
|
||||
setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *
|
||||
setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
|
||||
/* Since we are blocking, ensure that all written packets have been sent. */
|
||||
|
@ -955,7 +973,7 @@ packet_read_poll1(void)
|
|||
return SSH_MSG_NONE;
|
||||
/* Get length of incoming packet. */
|
||||
cp = buffer_ptr(&input);
|
||||
len = GET_32BIT(cp);
|
||||
len = get_u32(cp);
|
||||
if (len < 1 + 2 + 2 || len > 256 * 1024)
|
||||
packet_disconnect("Bad packet length %u.", len);
|
||||
padded_len = (len + 8) & ~7;
|
||||
|
@ -974,9 +992,16 @@ packet_read_poll1(void)
|
|||
* (C)1998 CORE-SDI, Buenos Aires Argentina
|
||||
* Ariel Futoransky(futo@core-sdi.com)
|
||||
*/
|
||||
if (!receive_context.plaintext &&
|
||||
detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
|
||||
packet_disconnect("crc32 compensation attack: network attack detected");
|
||||
if (!receive_context.plaintext) {
|
||||
switch (detect_attack(buffer_ptr(&input), padded_len)) {
|
||||
case DEATTACK_DETECTED:
|
||||
packet_disconnect("crc32 compensation attack: "
|
||||
"network attack detected");
|
||||
case DEATTACK_DOS_DETECTED:
|
||||
packet_disconnect("deattack denial of "
|
||||
"service detected");
|
||||
}
|
||||
}
|
||||
|
||||
/* Decrypt data to incoming_packet. */
|
||||
buffer_clear(&incoming_packet);
|
||||
|
@ -1003,7 +1028,7 @@ packet_read_poll1(void)
|
|||
len, buffer_len(&incoming_packet));
|
||||
|
||||
cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
|
||||
stored_checksum = GET_32BIT(cp);
|
||||
stored_checksum = get_u32(cp);
|
||||
if (checksum != stored_checksum)
|
||||
packet_disconnect("Corrupted check bytes on input.");
|
||||
buffer_consume_end(&incoming_packet, 4);
|
||||
|
@ -1052,7 +1077,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
|||
cipher_crypt(&receive_context, cp, buffer_ptr(&input),
|
||||
block_size);
|
||||
cp = buffer_ptr(&incoming_packet);
|
||||
packet_length = GET_32BIT(cp);
|
||||
packet_length = get_u32(cp);
|
||||
if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
|
||||
#ifdef PACKET_DEBUG
|
||||
buffer_dump(&incoming_packet);
|
||||
|
@ -1183,7 +1208,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
|||
break;
|
||||
default:
|
||||
return type;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
type = packet_read_poll1();
|
||||
|
@ -1206,7 +1230,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
|||
if (type)
|
||||
DBG(debug("received packet type %d", type));
|
||||
return type;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1408,7 +1431,7 @@ packet_write_wait(void)
|
|||
{
|
||||
fd_set *setp;
|
||||
|
||||
setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *
|
||||
setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
packet_write_poll();
|
||||
while (packet_have_data_to_write()) {
|
||||
|
@ -1473,8 +1496,7 @@ packet_set_interactive(int interactive)
|
|||
/* Only set socket options if using a socket. */
|
||||
if (!packet_connection_is_on_socket())
|
||||
return;
|
||||
if (interactive)
|
||||
set_nodelay(connection_in);
|
||||
set_nodelay(connection_in);
|
||||
packet_set_tos(interactive);
|
||||
}
|
||||
|
||||
|
@ -1535,7 +1557,7 @@ packet_send_ignore(int nbytes)
|
|||
for (i = 0; i < nbytes; i++) {
|
||||
if (i % 4 == 0)
|
||||
rnd = arc4random();
|
||||
packet_put_char(rnd & 0xff);
|
||||
packet_put_char((u_char)rnd & 0xff);
|
||||
rnd >>= 8;
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue