from ftp.openbsd.org
This commit is contained in:
parent
6ad9628ae7
commit
636ece08cc
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: atomicio.c,v 1.1.1.9 2006/09/28 21:14:57 christos Exp $ */
|
||||
/* $OpenBSD: atomicio.c,v 1.23 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/* $NetBSD: atomicio.c,v 1.1.1.10 2007/12/17 20:15:04 christos Exp $ */
|
||||
/* $OpenBSD: atomicio.c,v 1.25 2007/06/25 12:02:27 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
|
@ -31,7 +31,9 @@
|
|||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <poll.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
|
@ -44,13 +46,20 @@ atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
|
|||
char *s = _s;
|
||||
size_t pos = 0;
|
||||
ssize_t res;
|
||||
struct pollfd pfd;
|
||||
|
||||
pfd.fd = fd;
|
||||
pfd.events = f == read ? POLLIN : POLLOUT;
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
if (errno == EAGAIN) {
|
||||
(void)poll(&pfd, 1, -1);
|
||||
continue;
|
||||
}
|
||||
return 0;
|
||||
case 0:
|
||||
errno = EPIPE;
|
||||
|
@ -72,6 +81,7 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
|
|||
size_t pos = 0, rem;
|
||||
ssize_t res;
|
||||
struct iovec iov_array[IOV_MAX], *iov = iov_array;
|
||||
struct pollfd pfd;
|
||||
|
||||
if (iovcnt > IOV_MAX) {
|
||||
errno = EINVAL;
|
||||
|
@ -80,12 +90,18 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
|
|||
/* Make a copy of the iov array because we may modify it below */
|
||||
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
|
||||
|
||||
pfd.fd = fd;
|
||||
pfd.events = f == readv ? POLLIN : POLLOUT;
|
||||
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
|
||||
res = (f) (fd, iov, iovcnt);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
if (errno == EAGAIN) {
|
||||
(void)poll(&pfd, 1, -1);
|
||||
continue;
|
||||
}
|
||||
return 0;
|
||||
case 0:
|
||||
errno = EPIPE;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: auth2.c,v 1.1.1.22 2007/03/10 22:35:29 christos Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
|
||||
/* $NetBSD: auth2.c,v 1.1.1.23 2007/12/17 20:15:04 christos Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.115 2007/04/14 22:01:58 stevesk Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -241,8 +241,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
|
|||
}
|
||||
}
|
||||
|
||||
#define DELIM ","
|
||||
|
||||
static char *
|
||||
authmethods_get(void)
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: bufbn.c,v 1.1.1.2 2007/03/10 22:35:30 christos Exp $ */
|
||||
/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/
|
||||
/* $NetBSD: bufbn.c,v 1.1.1.3 2007/12/17 20:15:07 christos Exp $ */
|
||||
/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -200,12 +200,14 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
|||
return (-1);
|
||||
}
|
||||
if (len > 8 * 1024) {
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d",
|
||||
len);
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (BN_bin2bn(bin, len, value) == NULL) {
|
||||
error("buffer_get_bignum2_ret: BN_bin2bn failed");
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
xfree(bin);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: channels.c,v 1.1.1.24 2007/03/10 22:35:33 christos Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */
|
||||
/* $NetBSD: channels.c,v 1.1.1.25 2007/12/17 20:15:09 christos Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1641,7 +1641,9 @@ channel_check_window(Channel *c)
|
|||
{
|
||||
if (c->type == SSH_CHANNEL_OPEN &&
|
||||
!(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
|
||||
c->local_window < c->local_window_max/2 &&
|
||||
((c->local_window_max - c->local_window >
|
||||
c->local_maxpacket*3) ||
|
||||
c->local_window < c->local_window_max/2) &&
|
||||
c->local_consumed > 0) {
|
||||
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
||||
packet_put_int(c->remote_id);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: channels.h,v 1.1.1.20 2006/09/28 21:15:05 christos Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.88 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $NetBSD: channels.h,v 1.1.1.21 2007/12/17 20:15:09 christos Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.89 2007/06/11 09:14:00 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -122,9 +122,9 @@ struct Channel {
|
|||
|
||||
/* default window/packet sizes for tcp/x11-fwd-channel */
|
||||
#define CHAN_SES_PACKET_DEFAULT (32*1024)
|
||||
#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
|
||||
#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
|
||||
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
|
||||
#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
|
||||
#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
|
||||
#define CHAN_X11_PACKET_DEFAULT (16*1024)
|
||||
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: clientloop.c,v 1.1.1.24 2007/03/10 22:35:35 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */
|
||||
/* $NetBSD: clientloop.c,v 1.1.1.25 2007/12/17 20:15:11 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.181 2007/08/15 08:14:46 markus Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -283,19 +283,29 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
|||
generated = 1;
|
||||
}
|
||||
}
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s %s%s list %s 2>" _PATH_DEVNULL,
|
||||
xauth_path,
|
||||
generated ? "-f " : "" ,
|
||||
generated ? xauthfile : "",
|
||||
display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
f = popen(cmd, "r");
|
||||
if (f && fgets(line, sizeof(line), f) &&
|
||||
sscanf(line, "%*s %511s %511s", proto, data) == 2)
|
||||
got_data = 1;
|
||||
if (f)
|
||||
pclose(f);
|
||||
|
||||
/*
|
||||
* When in untrusted mode, we read the cookie only if it was
|
||||
* successfully generated as an untrusted one in the step
|
||||
* above.
|
||||
*/
|
||||
if (trusted || generated) {
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s %s%s list %s 2>" _PATH_DEVNULL,
|
||||
xauth_path,
|
||||
generated ? "-f " : "" ,
|
||||
generated ? xauthfile : "",
|
||||
display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
f = popen(cmd, "r");
|
||||
if (f && fgets(line, sizeof(line), f) &&
|
||||
sscanf(line, "%*s %511s %511s", proto, data) == 2)
|
||||
got_data = 1;
|
||||
if (f)
|
||||
pclose(f);
|
||||
} else
|
||||
error("Warning: untrusted X11 forwarding setup failed: "
|
||||
"xauth key data not generated");
|
||||
}
|
||||
|
||||
if (do_unlink) {
|
||||
|
@ -928,7 +938,7 @@ process_cmdline(void)
|
|||
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
|
||||
if (s == NULL)
|
||||
goto out;
|
||||
while (*s && isspace(*s))
|
||||
while (isspace(*s))
|
||||
s++;
|
||||
if (*s == '-')
|
||||
s++; /* Skip cmdline '-', if any */
|
||||
|
@ -975,9 +985,8 @@ process_cmdline(void)
|
|||
goto out;
|
||||
}
|
||||
|
||||
s++;
|
||||
while (*s && isspace(*s))
|
||||
s++;
|
||||
while (isspace(*++s))
|
||||
;
|
||||
|
||||
if (delete) {
|
||||
cancel_port = 0;
|
||||
|
@ -1767,6 +1776,44 @@ client_request_agent(const char *request_type, int rchan)
|
|||
return c;
|
||||
}
|
||||
|
||||
int
|
||||
client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
|
||||
{
|
||||
Channel *c;
|
||||
int fd;
|
||||
|
||||
if (tun_mode == SSH_TUNMODE_NO)
|
||||
return 0;
|
||||
|
||||
if (!compat20) {
|
||||
error("Tunnel forwarding is not support for protocol 1");
|
||||
return -1;
|
||||
}
|
||||
|
||||
debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
|
||||
|
||||
/* Open local tunnel device */
|
||||
if ((fd = tun_open(local_tun, tun_mode)) == -1) {
|
||||
error("Tunnel device open failed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
|
||||
c->datagram = 1;
|
||||
|
||||
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
||||
packet_put_cstring("tun@openssh.com");
|
||||
packet_put_int(c->self);
|
||||
packet_put_int(c->local_window_max);
|
||||
packet_put_int(c->local_maxpacket);
|
||||
packet_put_int(tun_mode);
|
||||
packet_put_int(remote_tun);
|
||||
packet_send();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* XXXX move to generic input handler */
|
||||
static void
|
||||
client_input_channel_open(int type, u_int32_t seq, void *ctxt)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: clientloop.h,v 1.1.1.8 2006/09/28 21:15:06 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.16 2006/03/25 22:22:42 djm Exp $ */
|
||||
/* $NetBSD: clientloop.h,v 1.1.1.9 2007/12/17 20:15:11 christos Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.17 2007/08/07 07:32:53 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -45,6 +45,7 @@ void client_x11_get_proto(const char *, const char *, u_int,
|
|||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(int, int, int, const char *, struct termios *,
|
||||
int, Buffer *, char **, dispatch_fn *);
|
||||
int client_request_tun_fwd(int, int, int);
|
||||
|
||||
/* Multiplexing protocol version */
|
||||
#define SSHMUX_VER 1
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/* $NetBSD: gss-genr.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */
|
||||
/* $NetBSD: gss-genr.c,v 1.1.1.4 2007/12/17 20:15:12 christos Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
|
||||
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -104,7 +104,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
/* The GSSAPI error */
|
||||
do {
|
||||
gss_display_status(&lmin, ctxt->major,
|
||||
GSS_C_GSS_CODE, GSS_C_NULL_OID, &ctx, &msg);
|
||||
GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
|
||||
|
||||
buffer_append(&b, msg.value, msg.length);
|
||||
buffer_put_char(&b, '\n');
|
||||
|
@ -115,7 +115,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
/* The mechanism specific error */
|
||||
do {
|
||||
gss_display_status(&lmin, ctxt->minor,
|
||||
GSS_C_MECH_CODE, GSS_C_NULL_OID, &ctx, &msg);
|
||||
GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
|
||||
|
||||
buffer_append(&b, msg.value, msg.length);
|
||||
buffer_put_char(&b, '\n');
|
||||
|
@ -223,39 +223,6 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
|
|||
return (ctx->major);
|
||||
}
|
||||
|
||||
/* Acquire credentials for a server running on the current host.
|
||||
* Requires that the context structure contains a valid OID
|
||||
*/
|
||||
|
||||
/* Returns a GSSAPI error code */
|
||||
OM_uint32
|
||||
ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
||||
{
|
||||
OM_uint32 status;
|
||||
char lname[MAXHOSTNAMELEN];
|
||||
gss_OID_set oidset;
|
||||
|
||||
gss_create_empty_oid_set(&status, &oidset);
|
||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||
|
||||
if (gethostname(lname, MAXHOSTNAMELEN)) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
if ((ctx->major = gss_acquire_cred(&ctx->minor,
|
||||
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
|
||||
ssh_gssapi_error(ctx);
|
||||
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
|
||||
{
|
||||
|
@ -278,16 +245,6 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
|
|||
buffer_put_cstring(b, context);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
|
||||
{
|
||||
if (*ctx)
|
||||
ssh_gssapi_delete_ctx(ctx);
|
||||
ssh_gssapi_build_ctx(ctx);
|
||||
ssh_gssapi_set_oid(*ctx, oid);
|
||||
return (ssh_gssapi_acquire_cred(*ctx));
|
||||
}
|
||||
|
||||
int
|
||||
ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: gss-serv.c,v 1.1.1.3 2006/09/28 21:15:08 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $NetBSD: gss-serv.c,v 1.1.1.4 2007/12/17 20:15:12 christos Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -26,6 +26,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
|
@ -61,6 +62,53 @@ ssh_gssapi_mech* supported_mechs[]= {
|
|||
&gssapi_null_mech,
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
* Acquire credentials for a server running on the current host.
|
||||
* Requires that the context structure contains a valid OID
|
||||
*/
|
||||
|
||||
/* Returns a GSSAPI error code */
|
||||
/* Privileged (called from ssh_gssapi_server_ctx) */
|
||||
static OM_uint32
|
||||
ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
||||
{
|
||||
OM_uint32 status;
|
||||
char lname[MAXHOSTNAMELEN];
|
||||
gss_OID_set oidset;
|
||||
|
||||
gss_create_empty_oid_set(&status, &oidset);
|
||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||
|
||||
if (gethostname(lname, MAXHOSTNAMELEN)) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
if ((ctx->major = gss_acquire_cred(&ctx->minor,
|
||||
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
|
||||
ssh_gssapi_error(ctx);
|
||||
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
/* Privileged */
|
||||
OM_uint32
|
||||
ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
|
||||
{
|
||||
if (*ctx)
|
||||
ssh_gssapi_delete_ctx(ctx);
|
||||
ssh_gssapi_build_ctx(ctx);
|
||||
ssh_gssapi_set_oid(*ctx, oid);
|
||||
return (ssh_gssapi_acquire_cred(*ctx));
|
||||
}
|
||||
|
||||
/* Unprivileged */
|
||||
void
|
||||
ssh_gssapi_supported_oids(gss_OID_set *oidset)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: kex.c,v 1.1.1.19 2007/03/10 22:35:28 christos Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */
|
||||
/* $NetBSD: kex.c,v 1.1.1.20 2007/12/17 20:15:12 christos Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.79 2007/06/05 06:52:37 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -79,7 +79,7 @@ static char **
|
|||
kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
||||
{
|
||||
Buffer b;
|
||||
int i;
|
||||
u_int i;
|
||||
char **proposal;
|
||||
|
||||
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
|
||||
|
@ -100,7 +100,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
|||
*first_kex_follows = i;
|
||||
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
|
||||
i = buffer_get_int(&b);
|
||||
debug2("kex_parse_kexinit: reserved %d ", i);
|
||||
debug2("kex_parse_kexinit: reserved %u ", i);
|
||||
buffer_free(&b);
|
||||
return proposal;
|
||||
}
|
||||
|
@ -115,6 +115,7 @@ kex_prop_free(char **proposal)
|
|||
xfree(proposal);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static void
|
||||
kex_protocol_error(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -186,6 +187,7 @@ kex_send_kexinit(Kex *kex)
|
|||
kex->flags |= KEX_INIT_SENT;
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
void
|
||||
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
|
@ -250,7 +252,8 @@ choose_enc(Enc *enc, char *client, char *server)
|
|||
{
|
||||
char *name = match_list(client, server, NULL);
|
||||
if (name == NULL)
|
||||
fatal("no matching cipher found: client %s server %s", client, server);
|
||||
fatal("no matching cipher found: client %s server %s",
|
||||
client, server);
|
||||
if ((enc->cipher = cipher_by_name(name)) == NULL)
|
||||
fatal("matching cipher is not supported: %s", name);
|
||||
enc->name = name;
|
||||
|
@ -266,8 +269,9 @@ choose_mac(Mac *mac, char *client, char *server)
|
|||
{
|
||||
char *name = match_list(client, server, NULL);
|
||||
if (name == NULL)
|
||||
fatal("no matching mac found: client %s server %s", client, server);
|
||||
if (mac_init(mac, name) < 0)
|
||||
fatal("no matching mac found: client %s server %s",
|
||||
client, server);
|
||||
if (mac_setup(mac, name) < 0)
|
||||
fatal("unsupported mac %s", name);
|
||||
/* truncate the key */
|
||||
if (datafellows & SSH_BUG_HMAC)
|
||||
|
@ -300,7 +304,7 @@ choose_kex(Kex *k, char *client, char *server)
|
|||
{
|
||||
k->name = match_list(client, server, NULL);
|
||||
if (k->name == NULL)
|
||||
fatal("no kex alg");
|
||||
fatal("Unable to negotiate a key exchange method");
|
||||
if (strcmp(k->name, KEX_DH1) == 0) {
|
||||
k->kex_type = KEX_DH_GRP1_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
|
@ -378,7 +382,8 @@ kex_choose_conf(Kex *kex)
|
|||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||
kex->newkeys[mode] = newkeys;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
ctos = (!kex->server && mode == MODE_OUT) ||
|
||||
(kex->server && mode == MODE_IN);
|
||||
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
|
||||
nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
|
||||
ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: kex.h,v 1.1.1.16 2006/09/28 21:15:09 christos Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.44 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $NetBSD: kex.h,v 1.1.1.17 2007/12/17 20:15:13 christos Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.46 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -28,6 +28,7 @@
|
|||
#define KEX_H
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#define KEX_DH1 "diffie-hellman-group1-sha1"
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
|
@ -86,10 +87,13 @@ struct Enc {
|
|||
struct Mac {
|
||||
char *name;
|
||||
int enabled;
|
||||
const EVP_MD *md;
|
||||
u_int mac_len;
|
||||
u_char *key;
|
||||
u_int key_len;
|
||||
int type;
|
||||
const EVP_MD *evp_md;
|
||||
HMAC_CTX evp_ctx;
|
||||
struct umac_ctx *umac_ctx;
|
||||
};
|
||||
struct Comp {
|
||||
int type;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: key.c,v 1.1.1.21 2007/03/10 22:35:38 christos Exp $ */
|
||||
/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
|
||||
/* $NetBSD: key.c,v 1.1.1.22 2007/12/17 20:15:15 christos Exp $ */
|
||||
/* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */
|
||||
/*
|
||||
* read_bignum():
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -168,9 +168,7 @@ key_equal(const Key *a, const Key *b)
|
|||
BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
|
||||
default:
|
||||
fatal("key_equal: bad key type %d", a->type);
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
u_char*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: log.c,v 1.1.1.11 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: log.c,v 1.39 2006/08/18 09:13:25 deraadt Exp $ */
|
||||
/* $NetBSD: log.c,v 1.1.1.12 2007/12/17 20:15:15 christos Exp $ */
|
||||
/* $OpenBSD: log.c,v 1.40 2007/05/17 07:50:31 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -43,6 +43,7 @@
|
|||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <vis.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
@ -278,6 +279,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
|||
char fmtbuf[MSGBUFSIZ];
|
||||
char *txt = NULL;
|
||||
int pri = LOG_INFO;
|
||||
int saved_errno = errno;
|
||||
|
||||
if (level > log_level)
|
||||
return;
|
||||
|
@ -331,4 +333,5 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
|||
syslog_r(pri, &sdata, "%.500s", fmtbuf);
|
||||
closelog_r(&sdata);
|
||||
}
|
||||
errno = saved_errno;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: mac.c,v 1.1.1.7 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $NetBSD: mac.c,v 1.1.1.8 2007/12/17 20:15:16 christos Exp $ */
|
||||
/* $OpenBSD: mac.c,v 1.14 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -40,63 +40,126 @@
|
|||
#include "mac.h"
|
||||
#include "misc.h"
|
||||
|
||||
#include "umac.h"
|
||||
|
||||
#define SSH_EVP 1 /* OpenSSL EVP-based MAC */
|
||||
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
|
||||
|
||||
struct {
|
||||
char *name;
|
||||
int type;
|
||||
const EVP_MD * (*mdfunc)(void);
|
||||
int truncatebits; /* truncate digest if != 0 */
|
||||
int key_len; /* just for UMAC */
|
||||
int len; /* just for UMAC */
|
||||
} macs[] = {
|
||||
{ "hmac-sha1", EVP_sha1, 0, },
|
||||
{ "hmac-sha1-96", EVP_sha1, 96 },
|
||||
{ "hmac-md5", EVP_md5, 0 },
|
||||
{ "hmac-md5-96", EVP_md5, 96 },
|
||||
{ "hmac-ripemd160", EVP_ripemd160, 0 },
|
||||
{ "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 },
|
||||
{ NULL, NULL, 0 }
|
||||
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
|
||||
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },
|
||||
{ "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 },
|
||||
{ "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 },
|
||||
{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
|
||||
{ "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
|
||||
{ "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 },
|
||||
{ NULL, 0, NULL, 0, -1, -1 }
|
||||
};
|
||||
|
||||
int
|
||||
mac_init(Mac *mac, char *name)
|
||||
static void
|
||||
mac_setup_by_id(Mac *mac, int which)
|
||||
{
|
||||
int i, evp_len;
|
||||
int evp_len;
|
||||
mac->type = macs[which].type;
|
||||
if (mac->type == SSH_EVP) {
|
||||
mac->evp_md = (*macs[which].mdfunc)();
|
||||
if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
|
||||
fatal("mac %s len %d", mac->name, evp_len);
|
||||
mac->key_len = mac->mac_len = (u_int)evp_len;
|
||||
} else {
|
||||
mac->mac_len = macs[which].len / 8;
|
||||
mac->key_len = macs[which].key_len / 8;
|
||||
mac->umac_ctx = NULL;
|
||||
}
|
||||
if (macs[which].truncatebits != 0)
|
||||
mac->mac_len = macs[which].truncatebits / 8;
|
||||
}
|
||||
|
||||
int
|
||||
mac_setup(Mac *mac, char *name)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
if (mac != NULL) {
|
||||
mac->md = (*macs[i].mdfunc)();
|
||||
if ((evp_len = EVP_MD_size(mac->md)) <= 0)
|
||||
fatal("mac %s len %d", name, evp_len);
|
||||
mac->key_len = mac->mac_len = (u_int)evp_len;
|
||||
if (macs[i].truncatebits != 0)
|
||||
mac->mac_len = macs[i].truncatebits/8;
|
||||
}
|
||||
debug2("mac_init: found %s", name);
|
||||
if (mac != NULL)
|
||||
mac_setup_by_id(mac, i);
|
||||
debug2("mac_setup: found %s", name);
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
debug2("mac_init: unknown %s", name);
|
||||
debug2("mac_setup: unknown %s", name);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
int
|
||||
mac_init(Mac *mac)
|
||||
{
|
||||
if (mac->key == NULL)
|
||||
fatal("mac_init: no key");
|
||||
switch (mac->type) {
|
||||
case SSH_EVP:
|
||||
if (mac->evp_md == NULL)
|
||||
return -1;
|
||||
HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md);
|
||||
return 0;
|
||||
case SSH_UMAC:
|
||||
mac->umac_ctx = umac_new(mac->key);
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
u_char *
|
||||
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
{
|
||||
HMAC_CTX c;
|
||||
static u_char m[EVP_MAX_MD_SIZE];
|
||||
u_char b[4];
|
||||
u_char b[4], nonce[8];
|
||||
|
||||
if (mac->key == NULL)
|
||||
fatal("mac_compute: no key");
|
||||
if (mac->mac_len > sizeof(m))
|
||||
fatal("mac_compute: mac too long");
|
||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||
put_u32(b, seqno);
|
||||
HMAC_Update(&c, b, sizeof(b));
|
||||
HMAC_Update(&c, data, datalen);
|
||||
HMAC_Final(&c, m, NULL);
|
||||
HMAC_cleanup(&c);
|
||||
fatal("mac_compute: mac too long %u %lu",
|
||||
mac->mac_len, sizeof(m));
|
||||
|
||||
switch (mac->type) {
|
||||
case SSH_EVP:
|
||||
put_u32(b, seqno);
|
||||
/* reset HMAC context */
|
||||
HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
|
||||
HMAC_Update(&mac->evp_ctx, b, sizeof(b));
|
||||
HMAC_Update(&mac->evp_ctx, data, datalen);
|
||||
HMAC_Final(&mac->evp_ctx, m, NULL);
|
||||
break;
|
||||
case SSH_UMAC:
|
||||
put_u64(nonce, seqno);
|
||||
umac_update(mac->umac_ctx, data, datalen);
|
||||
umac_final(mac->umac_ctx, m, nonce);
|
||||
break;
|
||||
default:
|
||||
fatal("mac_compute: unknown MAC type");
|
||||
}
|
||||
return (m);
|
||||
}
|
||||
|
||||
void
|
||||
mac_clear(Mac *mac)
|
||||
{
|
||||
if (mac->type == SSH_UMAC) {
|
||||
if (mac->umac_ctx != NULL)
|
||||
umac_delete(mac->umac_ctx);
|
||||
} else if (mac->evp_md != NULL)
|
||||
HMAC_cleanup(&mac->evp_ctx);
|
||||
mac->evp_md = NULL;
|
||||
mac->umac_ctx = NULL;
|
||||
}
|
||||
|
||||
/* XXX copied from ciphers_valid */
|
||||
#define MAC_SEP ","
|
||||
int
|
||||
|
@ -109,7 +172,7 @@ mac_valid(const char *names)
|
|||
maclist = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
|
||||
(p = strsep(&cp, MAC_SEP))) {
|
||||
if (mac_init(NULL, p) < 0) {
|
||||
if (mac_setup(NULL, p) < 0) {
|
||||
debug("bad mac %s [%s]", p, names);
|
||||
xfree(maclist);
|
||||
return (0);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: mac.h,v 1.1.1.4 2006/09/28 21:15:10 christos Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
|
||||
/* $NetBSD: mac.h,v 1.1.1.5 2007/12/17 20:15:16 christos Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -25,5 +25,7 @@
|
|||
*/
|
||||
|
||||
int mac_valid(const char *);
|
||||
int mac_init(Mac *, char *);
|
||||
int mac_setup(Mac *, char *);
|
||||
int mac_init(Mac *);
|
||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||
void mac_clear(Mac *);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor.c,v 1.1.1.11 2007/03/10 22:35:40 christos Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */
|
||||
/* $NetBSD: monitor.c,v 1.1.1.12 2007/12/17 20:15:17 christos Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.91 2007/05/17 20:52:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -340,6 +340,7 @@ monitor_child_postauth(struct monitor *pmonitor)
|
|||
monitor_set_child_handler(pmonitor->m_pid);
|
||||
signal(SIGHUP, &monitor_child_handler);
|
||||
signal(SIGTERM, &monitor_child_handler);
|
||||
signal(SIGINT, &monitor_child_handler);
|
||||
|
||||
if (compat20) {
|
||||
mon_dispatch = mon_dispatch_postauth20;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: monitor_wrap.c,v 1.1.1.9 2007/03/10 22:35:41 christos Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
|
||||
/* $NetBSD: monitor_wrap.c,v 1.1.1.10 2007/12/17 20:15:18 christos Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.57 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -465,8 +465,8 @@ mm_newkeys_from_blob(u_char *blob, int blen)
|
|||
|
||||
/* Mac structure */
|
||||
mac->name = buffer_get_string(&b, NULL);
|
||||
if (mac->name == NULL || mac_init(mac, mac->name) == -1)
|
||||
fatal("%s: can not init mac %s", __func__, mac->name);
|
||||
if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
|
||||
fatal("%s: can not setup mac %s", __func__, mac->name);
|
||||
mac->enabled = buffer_get_int(&b);
|
||||
mac->key = buffer_get_string(&b, &len);
|
||||
if (len > mac->key_len)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: myproposal.h,v 1.1.1.11 2006/09/28 21:15:13 christos Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.21 2006/03/25 22:22:43 djm Exp $ */
|
||||
/* $NetBSD: myproposal.h,v 1.1.1.12 2007/12/17 20:15:18 christos Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.22 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -36,7 +36,7 @@
|
|||
"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
|
||||
"aes128-ctr,aes192-ctr,aes256-ctr"
|
||||
#define KEX_DEFAULT_MAC \
|
||||
"hmac-md5,hmac-sha1,hmac-ripemd160," \
|
||||
"hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
|
||||
"hmac-ripemd160@openssh.com," \
|
||||
"hmac-sha1-96,hmac-md5-96"
|
||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: packet.c,v 1.1.1.21 2007/03/10 22:35:42 christos Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.145 2006/09/19 21:14:08 markus Exp $ */
|
||||
/* $NetBSD: packet.c,v 1.1.1.22 2007/12/17 20:15:19 christos Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.148 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -621,7 +621,7 @@ set_newkeys(int mode)
|
|||
enc = &newkeys[mode]->enc;
|
||||
mac = &newkeys[mode]->mac;
|
||||
comp = &newkeys[mode]->comp;
|
||||
memset(mac->key, 0, mac->key_len);
|
||||
mac_clear(mac);
|
||||
xfree(enc->name);
|
||||
xfree(enc->iv);
|
||||
xfree(enc->key);
|
||||
|
@ -636,14 +636,15 @@ set_newkeys(int mode)
|
|||
enc = &newkeys[mode]->enc;
|
||||
mac = &newkeys[mode]->mac;
|
||||
comp = &newkeys[mode]->comp;
|
||||
if (mac->md != NULL)
|
||||
if (mac_init(mac) == 0)
|
||||
mac->enabled = 1;
|
||||
DBG(debug("cipher_init_context: %d", mode));
|
||||
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
|
||||
enc->iv, enc->block_size, crypt_type);
|
||||
/* Deleting the keys does not gain extra security */
|
||||
/* memset(enc->iv, 0, enc->block_size);
|
||||
memset(enc->key, 0, enc->key_len); */
|
||||
memset(enc->key, 0, enc->key_len);
|
||||
memset(mac->key, 0, mac->key_len); */
|
||||
if ((comp->type == COMP_ZLIB ||
|
||||
(comp->type == COMP_DELAYED && after_authentication)) &&
|
||||
comp->enabled == 0) {
|
||||
|
@ -1227,7 +1228,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
|||
logit("Received disconnect from %s: %.400s",
|
||||
get_remote_ipaddr(), msg);
|
||||
cleanup_exit(255);
|
||||
xfree(msg);
|
||||
break;
|
||||
default:
|
||||
if (type)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: readconf.c,v 1.1.1.20 2007/03/10 22:35:43 christos Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
|
||||
/* $NetBSD: readconf.c,v 1.1.1.21 2007/12/17 20:15:20 christos Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.162 2007/03/20 03:56:12 tedu Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1220,7 +1220,7 @@ parse_forward(Forward *fwd, const char *fwdspec)
|
|||
cp = p = xstrdup(fwdspec);
|
||||
|
||||
/* skip leading spaces */
|
||||
while (*cp && isspace(*cp))
|
||||
while (isspace(*cp))
|
||||
cp++;
|
||||
|
||||
for (i = 0; i < 4; ++i)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: scp.1,v 1.1.1.12 2006/09/28 21:15:16 christos Exp $
|
||||
.\" $NetBSD: scp.1,v 1.1.1.13 2007/12/17 20:15:21 christos Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" scp.1
|
||||
|
@ -10,9 +10,9 @@
|
|||
.\"
|
||||
.\" Created: Sun May 7 00:14:37 1995 ylo
|
||||
.\"
|
||||
.\" $OpenBSD: scp.1,v 1.40 2006/07/18 07:56:28 jmc Exp $
|
||||
.\" $OpenBSD: scp.1,v 1.42 2007/08/06 19:16:06 sobrado Exp $
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dd $Mdocdate: August 6 2007 $
|
||||
.Dt SCP 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -35,7 +35,7 @@
|
|||
.Ar host1 No :
|
||||
.Oc Ns Ar file1
|
||||
.Sm on
|
||||
.Op Ar ...
|
||||
.Ar ...
|
||||
.Sm off
|
||||
.Oo
|
||||
.Op Ar user No @
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: scp.c,v 1.1.1.21 2007/03/10 22:35:44 christos Exp $ */
|
||||
/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */
|
||||
/* $NetBSD: scp.c,v 1.1.1.22 2007/12/17 20:15:21 christos Exp $ */
|
||||
/* $OpenBSD: scp.c,v 1.160 2007/08/06 19:16:06 sobrado Exp $ */
|
||||
/*
|
||||
* scp - secure remote copy. This is basically patched BSD rcp which
|
||||
* uses ssh to do the data transfer (instead of using rcmd).
|
||||
|
@ -91,6 +91,7 @@
|
|||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <vis.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
|
@ -570,7 +571,7 @@ source(int argc, char **argv)
|
|||
off_t i, amt, statbytes;
|
||||
size_t result;
|
||||
int fd = -1, haderr, indx;
|
||||
char *last, *name, buf[2048];
|
||||
char *last, *name, buf[2048], encname[MAXPATHLEN];
|
||||
int len;
|
||||
|
||||
for (indx = 0; indx < argc; ++indx) {
|
||||
|
@ -579,17 +580,17 @@ source(int argc, char **argv)
|
|||
len = strlen(name);
|
||||
while (len > 1 && name[len-1] == '/')
|
||||
name[--len] = '\0';
|
||||
if (strchr(name, '\n') != NULL) {
|
||||
run_err("%s: skipping, filename contains a newline",
|
||||
name);
|
||||
goto next;
|
||||
}
|
||||
if ((fd = open(name, O_RDONLY, 0)) < 0)
|
||||
if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0)
|
||||
goto syserr;
|
||||
if (strchr(name, '\n') != NULL) {
|
||||
strnvis(encname, name, sizeof(encname), VIS_NL);
|
||||
name = encname;
|
||||
}
|
||||
if (fstat(fd, &stb) < 0) {
|
||||
syserr: run_err("%s: %s", name, strerror(errno));
|
||||
goto next;
|
||||
}
|
||||
unset_nonblock(fd);
|
||||
switch (stb.st_mode & S_IFMT) {
|
||||
case S_IFREG:
|
||||
break;
|
||||
|
@ -1009,7 +1010,8 @@ bad: run_err("%s: %s", np, strerror(errno));
|
|||
wrerr = YES;
|
||||
wrerrno = errno;
|
||||
}
|
||||
if (wrerr == NO && ftruncate(ofd, size) != 0) {
|
||||
if (wrerr == NO && (!exists || S_ISREG(stb.st_mode)) &&
|
||||
ftruncate(ofd, size) != 0) {
|
||||
run_err("%s: truncate: %s", np, strerror(errno));
|
||||
wrerr = DISPLAYED;
|
||||
}
|
||||
|
@ -1096,7 +1098,7 @@ usage(void)
|
|||
(void) fprintf(stderr,
|
||||
"usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
|
||||
" [-l limit] [-o ssh_option] [-P port] [-S program]\n"
|
||||
" [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
|
||||
" [[user@]host1:]file1 ... [[user@]host2:]file2\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: servconf.c,v 1.1.1.22 2007/03/10 22:35:45 christos Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
|
||||
/* $NetBSD: servconf.c,v 1.1.1.23 2007/12/17 20:15:22 christos Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.172 2007/04/23 10:15:39 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -556,7 +556,6 @@ match_cfg_line(char **condition, int line, const char *user, const char *host,
|
|||
debug("connection from %.100s matched 'Host "
|
||||
"%.100s' at line %d", host, arg, line);
|
||||
} else if (strcasecmp(attrib, "address") == 0) {
|
||||
debug("address '%s' arg '%s'", address, arg);
|
||||
if (!address) {
|
||||
result = 0;
|
||||
continue;
|
||||
|
@ -1345,8 +1344,4 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
|
|||
if (bad_options > 0)
|
||||
fatal("%s: terminating, %d bad configuration options",
|
||||
filename, bad_options);
|
||||
|
||||
/* challenge-response is implemented via keyboard interactive */
|
||||
if (options->challenge_response_authentication == 1)
|
||||
options->kbd_interactive_authentication = 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: sftp-server.8,v 1.1.1.9 2006/09/28 21:15:21 christos Exp $
|
||||
.\" $OpenBSD: sftp-server.8,v 1.11 2006/07/06 10:47:57 djm Exp $
|
||||
.\" $NetBSD: sftp-server.8,v 1.1.1.10 2007/12/17 20:15:24 christos Exp $
|
||||
.\" $OpenBSD: sftp-server.8,v 1.12 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
.\"
|
||||
|
@ -23,7 +23,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd August 30, 2000
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SFTP-SERVER 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: sftp-server.c,v 1.1.1.18 2007/03/10 22:35:47 christos Exp $ */
|
||||
/* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */
|
||||
/* $NetBSD: sftp-server.c,v 1.1.1.19 2007/12/17 20:15:25 christos Exp $ */
|
||||
/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -315,7 +315,8 @@ handle_log_close(int handle, char *emsg)
|
|||
logit("%s%sclose \"%s\" bytes read %llu written %llu",
|
||||
emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
|
||||
handle_to_name(handle),
|
||||
handle_bytes_read(handle), handle_bytes_write(handle));
|
||||
(unsigned long long)handle_bytes_read(handle),
|
||||
(unsigned long long)handle_bytes_write(handle));
|
||||
} else {
|
||||
logit("%s%sclosedir \"%s\"",
|
||||
emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
|
||||
|
@ -698,7 +699,8 @@ process_setstat(void)
|
|||
a = get_attrib();
|
||||
debug("request %u: setstat name \"%s\"", id, name);
|
||||
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
|
||||
logit("set \"%s\" size %llu", name, a->size);
|
||||
logit("set \"%s\" size %llu",
|
||||
name, (unsigned long long)a->size);
|
||||
ret = truncate(name, a->size);
|
||||
if (ret == -1)
|
||||
status = errno_to_portable(errno);
|
||||
|
@ -750,7 +752,8 @@ process_fsetstat(void)
|
|||
char *name = handle_to_name(handle);
|
||||
|
||||
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
|
||||
logit("set \"%s\" size %llu", name, a->size);
|
||||
logit("set \"%s\" size %llu",
|
||||
name, (unsigned long long)a->size);
|
||||
ret = ftruncate(fd, a->size);
|
||||
if (ret == -1)
|
||||
status = errno_to_portable(errno);
|
||||
|
@ -1191,7 +1194,7 @@ main(int argc, char **argv)
|
|||
int in, out, max, ch, skipargs = 0, log_stderr = 0;
|
||||
ssize_t len, olen, set_size;
|
||||
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
|
||||
char *cp;
|
||||
char *cp, buf[4*4096];
|
||||
|
||||
extern char *optarg;
|
||||
extern char *__progname;
|
||||
|
@ -1269,7 +1272,15 @@ main(int argc, char **argv)
|
|||
memset(rset, 0, set_size);
|
||||
memset(wset, 0, set_size);
|
||||
|
||||
FD_SET(in, rset);
|
||||
/*
|
||||
* Ensure that we can read a full buffer and handle
|
||||
* the worst-case length packet it can generate,
|
||||
* otherwise apply backpressure by stopping reads.
|
||||
*/
|
||||
if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
|
||||
buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
|
||||
FD_SET(in, rset);
|
||||
|
||||
olen = buffer_len(&oqueue);
|
||||
if (olen > 0)
|
||||
FD_SET(out, wset);
|
||||
|
@ -1283,7 +1294,6 @@ main(int argc, char **argv)
|
|||
|
||||
/* copy stdin to iqueue */
|
||||
if (FD_ISSET(in, rset)) {
|
||||
char buf[4*4096];
|
||||
len = read(in, buf, sizeof buf);
|
||||
if (len == 0) {
|
||||
debug("read eof");
|
||||
|
@ -1305,7 +1315,13 @@ main(int argc, char **argv)
|
|||
buffer_consume(&oqueue, len);
|
||||
}
|
||||
}
|
||||
/* process requests from client */
|
||||
process();
|
||||
|
||||
/*
|
||||
* Process requests from client if we can fit the results
|
||||
* into the output buffer, otherwise stop processing input
|
||||
* and let the output queue drain.
|
||||
*/
|
||||
if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
|
||||
process();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: sftp.1,v 1.1.1.17 2006/02/04 22:23:09 christos Exp $
|
||||
.\" $OpenBSD: sftp.1,v 1.63 2006/01/20 00:14:55 dtucker Exp $
|
||||
.\" $NetBSD: sftp.1,v 1.1.1.18 2007/12/17 20:15:25 christos Exp $
|
||||
.\" $OpenBSD: sftp.1,v 1.64 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
|
||||
.\"
|
||||
|
@ -23,7 +23,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd February 4, 2001
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SFTP 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: ssh-add.1,v 1.1.1.14 2006/02/04 22:23:10 christos Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $
|
||||
.\" $NetBSD: ssh-add.1,v 1.1.1.15 2007/12/17 20:15:26 christos Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.46 2007/06/12 13:41:03 jmc Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
|
@ -38,7 +38,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dd $Mdocdate: June 12 2007 $
|
||||
.Dt SSH-ADD 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -90,7 +90,18 @@ program, rather than text entered into the requester.
|
|||
.It Fl D
|
||||
Deletes all identities from the agent.
|
||||
.It Fl d
|
||||
Instead of adding the identity, removes the identity from the agent.
|
||||
Instead of adding identities, removes identities from the agent.
|
||||
If
|
||||
.Nm
|
||||
has been run without arguments, the keys for the default identities will
|
||||
be removed.
|
||||
Otherwise, the argument list will be interpreted as a list of paths to
|
||||
public key files and matching keys will be removed from the agent.
|
||||
If no public key is found at a given path,
|
||||
.Nm
|
||||
will append
|
||||
.Pa .pub
|
||||
and retry.
|
||||
.It Fl e Ar reader
|
||||
Remove key in smartcard
|
||||
.Ar reader .
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: ssh-agent.1,v 1.1.1.16 2006/09/28 21:15:23 christos Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.44 2006/07/18 08:03:09 jmc Exp $
|
||||
.\" $NetBSD: ssh-agent.1,v 1.1.1.17 2007/12/17 20:15:26 christos Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.45 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,7 +35,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SSH-AGENT 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: ssh-agent.c,v 1.1.1.21 2007/03/10 22:35:49 christos Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
|
||||
/* $NetBSD: ssh-agent.c,v 1.1.1.22 2007/12/17 20:15:27 christos Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.155 2007/03/19 12:16:42 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -108,6 +108,7 @@ int max_fd = 0;
|
|||
|
||||
/* pid of shell == parent of agent */
|
||||
pid_t parent_pid = -1;
|
||||
u_int parent_alive_interval = 0;
|
||||
|
||||
/* pathname and directory for AUTH_SOCKET */
|
||||
char socket_name[MAXPATHLEN];
|
||||
|
@ -409,10 +410,11 @@ process_remove_all_identities(SocketEntry *e, int version)
|
|||
buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
|
||||
}
|
||||
|
||||
static void
|
||||
/* removes expired keys and returns number of seconds until the next expiry */
|
||||
static u_int
|
||||
reaper(void)
|
||||
{
|
||||
u_int now = time(NULL);
|
||||
u_int deadline = 0, now = time(NULL);
|
||||
Identity *id, *nxt;
|
||||
int version;
|
||||
Idtab *tab;
|
||||
|
@ -421,14 +423,22 @@ reaper(void)
|
|||
tab = idtab_lookup(version);
|
||||
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
|
||||
nxt = TAILQ_NEXT(id, next);
|
||||
if (id->death != 0 && now >= id->death) {
|
||||
if (id->death == 0)
|
||||
continue;
|
||||
if (now >= id->death) {
|
||||
debug("expiring key '%s'", id->comment);
|
||||
TAILQ_REMOVE(&tab->idlist, id, next);
|
||||
free_identity(id);
|
||||
tab->nentries--;
|
||||
}
|
||||
} else
|
||||
deadline = (deadline == 0) ? id->death :
|
||||
MIN(deadline, id->death);
|
||||
}
|
||||
}
|
||||
if (deadline == 0 || deadline <= now)
|
||||
return 0;
|
||||
else
|
||||
return (deadline - now);
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -814,10 +824,12 @@ new_socket(sock_type type, int fd)
|
|||
}
|
||||
|
||||
static int
|
||||
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp)
|
||||
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
|
||||
struct timeval **tvpp)
|
||||
{
|
||||
u_int i, sz;
|
||||
u_int i, sz, deadline;
|
||||
int n = 0;
|
||||
static struct timeval tv;
|
||||
|
||||
for (i = 0; i < sockets_alloc; i++) {
|
||||
switch (sockets[i].type) {
|
||||
|
@ -861,6 +873,17 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp)
|
|||
break;
|
||||
}
|
||||
}
|
||||
deadline = reaper();
|
||||
if (parent_alive_interval != 0)
|
||||
deadline = (deadline == 0) ? parent_alive_interval :
|
||||
MIN(deadline, parent_alive_interval);
|
||||
if (deadline == 0) {
|
||||
*tvpp = NULL;
|
||||
} else {
|
||||
tv.tv_sec = deadline;
|
||||
tv.tv_usec = 0;
|
||||
*tvpp = &tv;
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
|
@ -968,19 +991,14 @@ cleanup_handler(int sig)
|
|||
_exit(2);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static void
|
||||
check_parent_exists(int sig)
|
||||
check_parent_exists(void)
|
||||
{
|
||||
int save_errno = errno;
|
||||
|
||||
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
|
||||
/* printf("Parent has died - Authentication agent exiting.\n"); */
|
||||
cleanup_handler(sig); /* safe */
|
||||
cleanup_socket();
|
||||
_exit(2);
|
||||
}
|
||||
signal(SIGALRM, check_parent_exists);
|
||||
alarm(10);
|
||||
errno = save_errno;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1012,7 +1030,7 @@ main(int ac, char **av)
|
|||
extern char *optarg;
|
||||
pid_t pid;
|
||||
char pidstrbuf[1 + 3 * sizeof pid];
|
||||
struct timeval tv;
|
||||
struct timeval *tvp = NULL;
|
||||
|
||||
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
||||
sanitise_stdfd();
|
||||
|
@ -1199,10 +1217,8 @@ main(int ac, char **av)
|
|||
|
||||
skip:
|
||||
new_socket(AUTH_SOCKET, sock);
|
||||
if (ac > 0) {
|
||||
signal(SIGALRM, check_parent_exists);
|
||||
alarm(10);
|
||||
}
|
||||
if (ac > 0)
|
||||
parent_alive_interval = 10;
|
||||
idtab_init();
|
||||
if (!d_flag)
|
||||
signal(SIGINT, SIG_IGN);
|
||||
|
@ -1212,12 +1228,12 @@ skip:
|
|||
nalloc = 0;
|
||||
|
||||
while (1) {
|
||||
tv.tv_sec = 10;
|
||||
tv.tv_usec = 0;
|
||||
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
|
||||
result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
|
||||
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
|
||||
result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
|
||||
saved_errno = errno;
|
||||
reaper(); /* remove expired keys */
|
||||
if (parent_alive_interval != 0)
|
||||
check_parent_exists();
|
||||
(void) reaper(); /* remove expired keys */
|
||||
if (result < 0) {
|
||||
if (saved_errno == EINTR)
|
||||
continue;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: ssh-gss.h,v 1.1.1.2 2006/09/28 21:15:24 christos Exp $ */
|
||||
/* $OpenBSD: ssh-gss.h,v 1.9 2006/08/18 14:40:34 djm Exp $ */
|
||||
/* $NetBSD: ssh-gss.h,v 1.1.1.3 2007/12/17 20:15:27 christos Exp $ */
|
||||
/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
*
|
||||
|
@ -86,7 +86,6 @@ void ssh_gssapi_supported_oids(gss_OID_set *);
|
|||
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
|
||||
|
||||
OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
|
||||
OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *);
|
||||
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
|
||||
gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
|
||||
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
|
||||
|
@ -97,11 +96,11 @@ char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
|
|||
void ssh_gssapi_build_ctx(Gssctxt **);
|
||||
void ssh_gssapi_delete_ctx(Gssctxt **);
|
||||
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
||||
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
|
||||
int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
|
||||
|
||||
/* In the server */
|
||||
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||
int ssh_gssapi_userok(char *name);
|
||||
OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
||||
void ssh_gssapi_do_child(char ***, u_int *);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: ssh-keygen.1,v 1.1.1.18 2007/03/10 22:35:50 christos Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.74 2007/01/12 20:20:41 jmc Exp $
|
||||
.\" $NetBSD: ssh-keygen.1,v 1.1.1.19 2007/12/17 20:15:27 christos Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.75 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
|
@ -38,7 +38,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SSH-KEYGEN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: ssh-keyscan.1,v 1.1.1.13 2007/03/10 22:35:51 christos Exp $
|
||||
.\" $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $
|
||||
.\" $NetBSD: ssh-keyscan.1,v 1.1.1.14 2007/12/17 20:15:29 christos Exp $
|
||||
.\" $OpenBSD: ssh-keyscan.1,v 1.23 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||
.\"
|
||||
|
@ -7,7 +7,7 @@
|
|||
.\" permitted provided that due credit is given to the author and the
|
||||
.\" OpenBSD project by leaving this copyright notice intact.
|
||||
.\"
|
||||
.Dd January 1, 1996
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SSH-KEYSCAN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\" $NetBSD: ssh-keysign.8,v 1.1.1.5 2006/09/28 21:15:26 christos Exp $
|
||||
.\" $OpenBSD: ssh-keysign.8,v 1.8 2006/02/24 20:22:16 jmc Exp $
|
||||
.\" $NetBSD: ssh-keysign.8,v 1.1.1.6 2007/12/17 20:15:30 christos Exp $
|
||||
.\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
.\"
|
||||
|
@ -23,7 +23,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd May 24, 2002
|
||||
.Dd $Mdocdate: May 31 2007 $
|
||||
.Dt SSH-KEYSIGN 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: ssh.1,v 1.1.1.22 2007/03/10 22:35:52 christos Exp $
|
||||
.\" $NetBSD: ssh.1,v 1.1.1.23 2007/12/17 20:15:31 christos Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -35,8 +35,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.\" $OpenBSD: ssh.1,v 1.270 2007/06/12 13:43:55 jmc Exp $
|
||||
.Dd $Mdocdate: June 12 2007 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -44,7 +44,7 @@
|
|||
.Nd OpenSSH SSH client (remote login program)
|
||||
.Sh SYNOPSIS
|
||||
.Nm ssh
|
||||
.Op Fl 1246AaCfgkMNnqsTtVvXxY
|
||||
.Op Fl 1246AaCfgKkMNnqsTtVvXxY
|
||||
.Op Fl b Ar bind_address
|
||||
.Op Fl c Ar cipher_spec
|
||||
.Oo Fl D\ \&
|
||||
|
@ -316,6 +316,9 @@ It is possible to have multiple
|
|||
.Fl i
|
||||
options (and multiple identities specified in
|
||||
configuration files).
|
||||
.It Fl K
|
||||
Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
|
||||
credentials to the server.
|
||||
.It Fl k
|
||||
Disables forwarding (delegation) of GSSAPI credentials to the server.
|
||||
.It Fl L Xo
|
||||
|
@ -675,7 +678,7 @@ Both protocols support similar authentication methods,
|
|||
but protocol 2 is preferred since
|
||||
it provides additional mechanisms for confidentiality
|
||||
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
|
||||
and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
|
||||
and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
|
||||
Protocol 1 lacks a strong mechanism for ensuring the
|
||||
integrity of the connection.
|
||||
.Pp
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: ssh.c,v 1.1.1.23 2007/03/10 22:35:53 christos Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
|
||||
/* $NetBSD: ssh.c,v 1.1.1.24 2007/12/17 20:15:32 christos Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.301 2007/08/07 07:32:53 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -178,7 +178,7 @@ static void
|
|||
usage(void)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
|
||||
"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
|
||||
" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
|
||||
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
|
||||
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
|
||||
|
@ -260,7 +260,7 @@ main(int ac, char **av)
|
|||
|
||||
again:
|
||||
while ((opt = getopt(ac, av,
|
||||
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
|
||||
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
|
||||
switch (opt) {
|
||||
case '1':
|
||||
options.protocol = SSH_PROTO_1;
|
||||
|
@ -314,6 +314,10 @@ main(int ac, char **av)
|
|||
case 'k':
|
||||
options.gss_deleg_creds = 0;
|
||||
break;
|
||||
case 'K':
|
||||
options.gss_authentication = 1;
|
||||
options.gss_deleg_creds = 1;
|
||||
break;
|
||||
case 'i':
|
||||
if (stat(optarg, &st) < 0) {
|
||||
fprintf(stderr, "Warning: Identity file %s "
|
||||
|
@ -835,6 +839,17 @@ ssh_init_forwarding(void)
|
|||
"forwarding.");
|
||||
}
|
||||
}
|
||||
|
||||
/* Initiate tunnel forwarding. */
|
||||
if (options.tun_open != SSH_TUNMODE_NO) {
|
||||
if (client_request_tun_fwd(options.tun_open,
|
||||
options.tun_local, options.tun_remote) == -1) {
|
||||
if (options.exit_on_forward_failure)
|
||||
fatal("Could not request tunnel forwarding.");
|
||||
else
|
||||
error("Could not request tunnel forwarding.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1096,28 +1111,6 @@ ssh_session2_setup(int id, void *arg)
|
|||
packet_send();
|
||||
}
|
||||
|
||||
if (options.tun_open != SSH_TUNMODE_NO) {
|
||||
Channel *c;
|
||||
int fd;
|
||||
|
||||
debug("Requesting tun.");
|
||||
if ((fd = tun_open(options.tun_local,
|
||||
options.tun_open)) >= 0) {
|
||||
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
||||
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
||||
0, "tun", 1);
|
||||
c->datagram = 1;
|
||||
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
||||
packet_put_cstring("tun@openssh.com");
|
||||
packet_put_int(c->self);
|
||||
packet_put_int(c->local_window_max);
|
||||
packet_put_int(c->local_maxpacket);
|
||||
packet_put_int(options.tun_open);
|
||||
packet_put_int(options.tun_remote);
|
||||
packet_send();
|
||||
}
|
||||
}
|
||||
|
||||
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
|
||||
NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
|
||||
|
||||
|
@ -1177,7 +1170,6 @@ ssh_session2(void)
|
|||
|
||||
/* XXX should be pre-session */
|
||||
ssh_init_forwarding();
|
||||
ssh_control_listener();
|
||||
|
||||
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
|
||||
id = ssh_session2_open();
|
||||
|
@ -1187,6 +1179,9 @@ ssh_session2(void)
|
|||
options.permit_local_command)
|
||||
ssh_local_cmd(options.local_command);
|
||||
|
||||
/* Start listening for multiplex clients */
|
||||
ssh_control_listener();
|
||||
|
||||
/* If requested, let ssh continue in the background. */
|
||||
if (fork_after_authentication_flag)
|
||||
if (daemon(1, 1) < 0)
|
||||
|
@ -1283,7 +1278,7 @@ static void
|
|||
control_client(const char *path)
|
||||
{
|
||||
struct sockaddr_un addr;
|
||||
int i, r, fd, sock, exitval, num_env;
|
||||
int i, r, fd, sock, exitval[2], num_env;
|
||||
Buffer m;
|
||||
char *term;
|
||||
extern char **environ;
|
||||
|
@ -1432,29 +1427,44 @@ control_client(const char *path)
|
|||
if (tty_flag)
|
||||
enter_raw_mode();
|
||||
|
||||
/* Stick around until the controlee closes the client_fd */
|
||||
exitval = 0;
|
||||
for (;!control_client_terminate;) {
|
||||
r = read(sock, &exitval, sizeof(exitval));
|
||||
/*
|
||||
* Stick around until the controlee closes the client_fd.
|
||||
* Before it does, it is expected to write this process' exit
|
||||
* value (one int). This process must read the value and wait for
|
||||
* the closure of the client_fd; if this one closes early, the
|
||||
* multiplex master will terminate early too (possibly losing data).
|
||||
*/
|
||||
exitval[0] = 0;
|
||||
for (i = 0; !control_client_terminate && i < (int)sizeof(exitval);) {
|
||||
r = read(sock, (char *)exitval + i, sizeof(exitval) - i);
|
||||
if (r == 0) {
|
||||
debug2("Received EOF from master");
|
||||
break;
|
||||
}
|
||||
if (r > 0)
|
||||
debug2("Received exit status from master %d", exitval);
|
||||
if (r == -1 && errno != EINTR)
|
||||
if (r == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
fatal("%s: read %s", __func__, strerror(errno));
|
||||
}
|
||||
i += r;
|
||||
}
|
||||
|
||||
if (control_client_terminate)
|
||||
debug2("Exiting on signal %d", control_client_terminate);
|
||||
|
||||
close(sock);
|
||||
|
||||
leave_raw_mode();
|
||||
if (i > (int)sizeof(int))
|
||||
fatal("%s: master returned too much data (%d > %lu)",
|
||||
__func__, i, sizeof(int));
|
||||
if (control_client_terminate) {
|
||||
debug2("Exiting on signal %d", control_client_terminate);
|
||||
exitval[0] = 255;
|
||||
} else if (i < (int)sizeof(int)) {
|
||||
debug2("Control master terminated unexpectedly");
|
||||
exitval[0] = 255;
|
||||
} else
|
||||
debug2("Received exit status from master %d", exitval[0]);
|
||||
|
||||
if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
|
||||
fprintf(stderr, "Connection to master closed.\r\n");
|
||||
fprintf(stderr, "Shared connection to %s closed.\r\n", host);
|
||||
|
||||
exit(exitval);
|
||||
exit(exitval[0]);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# $NetBSD: ssh_config,v 1.1.1.11 2006/09/28 21:15:29 christos Exp $
|
||||
# $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $
|
||||
# $NetBSD: ssh_config,v 1.1.1.12 2007/12/17 20:15:32 christos Exp $
|
||||
# $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $
|
||||
|
||||
# This is the ssh client system-wide configuration file. See
|
||||
# ssh_config(5) for more information. This file provides defaults for
|
||||
|
@ -39,6 +39,7 @@
|
|||
# Protocol 2,1
|
||||
# Cipher 3des
|
||||
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
|
||||
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
|
||||
# EscapeChar ~
|
||||
# Tunnel no
|
||||
# TunnelDevice any:any
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: ssh_config.5,v 1.1.1.8 2007/03/10 22:35:54 christos Exp $
|
||||
.\" $NetBSD: ssh_config.5,v 1.1.1.9 2007/12/17 20:15:32 christos Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -35,8 +35,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.\" $OpenBSD: ssh_config.5,v 1.102 2007/08/15 12:13:41 stevesk Exp $
|
||||
.Dd $Mdocdate: August 15 2007 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -388,7 +388,7 @@ data).
|
|||
Specifies whether
|
||||
.Xr ssh 1
|
||||
should terminate the connection if it cannot set up all requested
|
||||
dynamic, local, and remote port forwardings.
|
||||
dynamic, tunnel, local, and remote port forwardings.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
|
@ -642,7 +642,10 @@ The MAC algorithm is used in protocol version 2
|
|||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is:
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.Bd -literal -offset indent
|
||||
hmac-md5,hmac-sha1,umac-64@openssh.com,
|
||||
hmac-ripemd160,hmac-sha1-96,hmac-md5-96
|
||||
.Ed
|
||||
.It Cm NoHostAuthenticationForLocalhost
|
||||
This option can be used if the home directory is shared across machines.
|
||||
In this case localhost will refer to a different machine on each of
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: sshconnect2.c,v 1.1.1.22 2006/09/28 21:15:31 christos Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.162 2006/08/30 00:06:51 dtucker Exp $ */
|
||||
/* $NetBSD: sshconnect2.c,v 1.1.1.23 2007/12/17 20:15:34 christos Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.164 2007/05/17 23:53:41 jolan Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -31,6 +31,7 @@
|
|||
#include <sys/stat.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
@ -1304,7 +1305,7 @@ userauth_hostbased(Authctxt *authctxt)
|
|||
Sensitive *sensitive = authctxt->sensitive;
|
||||
Buffer b;
|
||||
u_char *signature, *blob;
|
||||
char *chost, *pkalg, *p;
|
||||
char *chost, *pkalg, *p, myname[NI_MAXHOST];
|
||||
const char *service;
|
||||
u_int blen, slen;
|
||||
int ok, i, len, found = 0;
|
||||
|
@ -1328,7 +1329,16 @@ userauth_hostbased(Authctxt *authctxt)
|
|||
return 0;
|
||||
}
|
||||
/* figure out a name for the client host */
|
||||
p = get_local_name(packet_get_connection_in());
|
||||
p = NULL;
|
||||
if (packet_connection_is_on_socket())
|
||||
p = get_local_name(packet_get_connection_in());
|
||||
if (p == NULL) {
|
||||
if (gethostname(myname, sizeof(myname)) == -1) {
|
||||
verbose("userauth_hostbased: gethostname: %s",
|
||||
strerror(errno));
|
||||
} else
|
||||
p = xstrdup(myname);
|
||||
}
|
||||
if (p == NULL) {
|
||||
error("userauth_hostbased: cannot get local ipaddr/name");
|
||||
key_free(private);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: sshd.8,v 1.1.1.23 2006/09/28 21:15:32 christos Exp $
|
||||
.\" $NetBSD: sshd.8,v 1.1.1.24 2007/12/17 20:15:35 christos Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -35,8 +35,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
|
||||
.Dd September 25, 1999
|
||||
.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
|
||||
.Dd $Mdocdate: June 7 2007 $
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -59,8 +59,11 @@
|
|||
.Nm
|
||||
(OpenSSH Daemon) is the daemon program for
|
||||
.Xr ssh 1 .
|
||||
Together these programs replace rlogin and rsh, and
|
||||
provide secure encrypted communications between two untrusted hosts
|
||||
Together these programs replace
|
||||
.Xr rlogin 1
|
||||
and
|
||||
.Xr rsh 1 ,
|
||||
and provide secure encrypted communications between two untrusted hosts
|
||||
over an insecure network.
|
||||
.Pp
|
||||
.Nm
|
||||
|
@ -118,7 +121,7 @@ Maximum is 3.
|
|||
When this option is specified,
|
||||
.Nm
|
||||
will send the output to the standard error instead of the system log.
|
||||
.It Fl f Ar configuration_file
|
||||
.It Fl f Ar config_file
|
||||
Specifies the name of the configuration file.
|
||||
The default is
|
||||
.Pa /etc/ssh/sshd_config .
|
||||
|
@ -274,7 +277,7 @@ The client selects the encryption algorithm
|
|||
to use from those offered by the server.
|
||||
Additionally, session integrity is provided
|
||||
through a cryptographic message authentication code
|
||||
(hmac-sha1 or hmac-md5).
|
||||
(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160).
|
||||
.Pp
|
||||
Finally, the server and the client enter an authentication dialog.
|
||||
The client tries to authenticate itself using
|
||||
|
@ -733,15 +736,6 @@ This file is used in exactly the same way as
|
|||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_known_hosts
|
||||
Systemwide list of known host keys.
|
||||
This file should be prepared by the
|
||||
system administrator to contain the public host keys of all machines in the
|
||||
organization.
|
||||
The format of this file is described above.
|
||||
This file should be writable only by root/the owner and
|
||||
should be world-readable.
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_host_key
|
||||
.It /etc/ssh/ssh_host_dsa_key
|
||||
.It /etc/ssh/ssh_host_rsa_key
|
||||
|
@ -765,6 +759,15 @@ the user so their contents can be copied to known hosts files.
|
|||
These files are created using
|
||||
.Xr ssh-keygen 1 .
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_known_hosts
|
||||
Systemwide list of known host keys.
|
||||
This file should be prepared by the
|
||||
system administrator to contain the public host keys of all machines in the
|
||||
organization.
|
||||
The format of this file is described above.
|
||||
This file should be writable only by root/the owner and
|
||||
should be world-readable.
|
||||
.Pp
|
||||
.It /etc/ssh/sshd_config
|
||||
Contains configuration data for
|
||||
.Nm sshd .
|
||||
|
@ -801,6 +804,7 @@ The content of this file is not sensitive; it can be world-readable.
|
|||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr ssh-keyscan 1 ,
|
||||
.Xr chroot 2 ,
|
||||
.Xr hosts_access 5 ,
|
||||
.Xr login.conf 5 ,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* $NetBSD: sshd.c,v 1.1.1.25 2007/03/10 22:35:57 christos Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */
|
||||
/* $NetBSD: sshd.c,v 1.1.1.26 2007/12/17 20:15:36 christos Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.351 2007/05/22 10:18:52 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -52,7 +52,6 @@
|
|||
#include <sys/time.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <fcntl.h>
|
||||
#include <netdb.h>
|
||||
#include <paths.h>
|
||||
|
@ -1360,6 +1359,10 @@ main(int ac, char **av)
|
|||
/* Fill in default values for those options not explicitly set. */
|
||||
fill_default_server_options(&options);
|
||||
|
||||
/* challenge-response is implemented via keyboard interactive */
|
||||
if (options.challenge_response_authentication)
|
||||
options.kbd_interactive_authentication = 1;
|
||||
|
||||
/* set default channel AF */
|
||||
channel_set_af(options.address_family);
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# $NetBSD: sshd_config,v 1.1.1.15 2006/09/28 21:15:33 christos Exp $
|
||||
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
|
||||
# $NetBSD: sshd_config,v 1.1.1.16 2007/12/17 20:15:36 christos Exp $
|
||||
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
@ -10,11 +10,15 @@
|
|||
# default value.
|
||||
|
||||
#Port 22
|
||||
#Protocol 2,1
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
# Disable legacy (protocol version 1) support in the server for new
|
||||
# installations. In future the default will change to require explicit
|
||||
# activation of protocol 1
|
||||
Protocol 2
|
||||
|
||||
# HostKey for protocol version 1
|
||||
#HostKey /etc/ssh/ssh_host_key
|
||||
# HostKeys for protocol version 2
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: sshd_config.5,v 1.1.1.8 2007/03/10 22:35:57 christos Exp $
|
||||
.\" $NetBSD: sshd_config.5,v 1.1.1.9 2007/12/17 20:15:36 christos Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -35,8 +35,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $
|
||||
.Dd $Mdocdate: June 8 2007 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -490,7 +490,10 @@ The MAC algorithm is used in protocol version 2
|
|||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is:
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.Bd -literal -offset indent
|
||||
hmac-md5,hmac-sha1,umac-64@openssh.com,
|
||||
hmac-ripemd160,hmac-sha1-96,hmac-md5-96
|
||||
.Ed
|
||||
.It Cm Match
|
||||
Introduces a conditional block.
|
||||
If all of the criteria on the
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,124 @@
|
|||
/* $NetBSD: umac.h,v 1.1.1.1 2007/12/17 20:15:38 christos Exp $ */
|
||||
/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/* -----------------------------------------------------------------------
|
||||
*
|
||||
* umac.h -- C Implementation UMAC Message Authentication
|
||||
*
|
||||
* Version 0.93a of rfc4418.txt -- 2006 July 14
|
||||
*
|
||||
* For a full description of UMAC message authentication see the UMAC
|
||||
* world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac
|
||||
* Please report bugs and suggestions to the UMAC webpage.
|
||||
*
|
||||
* Copyright (c) 1999-2004 Ted Krovetz
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and
|
||||
* its documentation for any purpose and with or without fee, is hereby
|
||||
* granted provided that the above copyright notice appears in all copies
|
||||
* and in supporting documentation, and that the name of the copyright
|
||||
* holder not be used in advertising or publicity pertaining to
|
||||
* distribution of the software without specific, written prior permission.
|
||||
*
|
||||
* Comments should be directed to Ted Krovetz (tdk@acm.org)
|
||||
*
|
||||
* ---------------------------------------------------------------------- */
|
||||
|
||||
/* ////////////////////// IMPORTANT NOTES /////////////////////////////////
|
||||
*
|
||||
* 1) This version does not work properly on messages larger than 16MB
|
||||
*
|
||||
* 2) If you set the switch to use SSE2, then all data must be 16-byte
|
||||
* aligned
|
||||
*
|
||||
* 3) When calling the function umac(), it is assumed that msg is in
|
||||
* a writable buffer of length divisible by 32 bytes. The message itself
|
||||
* does not have to fill the entire buffer, but bytes beyond msg may be
|
||||
* zeroed.
|
||||
*
|
||||
* 4) Two free AES implementations are supported by this implementation of
|
||||
* UMAC. Paulo Barreto's version is in the public domain and can be found
|
||||
* at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for
|
||||
* "Barreto"). The only two files needed are rijndael-alg-fst.c and
|
||||
* rijndael-alg-fst.h.
|
||||
* Brian Gladman's version is distributed with GNU Public lisence
|
||||
* and can be found at http://fp.gladman.plus.com/AES/index.htm. It
|
||||
* includes a fast IA-32 assembly version.
|
||||
*
|
||||
/////////////////////////////////////////////////////////////////////// */
|
||||
#ifndef HEADER_UMAC_H
|
||||
#define HEADER_UMAC_H
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
struct umac_ctx *umac_new(u_char key[]);
|
||||
/* Dynamically allocate a umac_ctx struct, initialize variables,
|
||||
* generate subkeys from key.
|
||||
*/
|
||||
|
||||
#if 0
|
||||
int umac_reset(struct umac_ctx *ctx);
|
||||
/* Reset a umac_ctx to begin authenicating a new message */
|
||||
#endif
|
||||
|
||||
int umac_update(struct umac_ctx *ctx, u_char *input, long len);
|
||||
/* Incorporate len bytes pointed to by input into context ctx */
|
||||
|
||||
int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]);
|
||||
/* Incorporate any pending data and the ctr value, and return tag.
|
||||
* This function returns error code if ctr < 0.
|
||||
*/
|
||||
|
||||
int umac_delete(struct umac_ctx *ctx);
|
||||
/* Deallocate the context structure */
|
||||
|
||||
#if 0
|
||||
int umac(struct umac_ctx *ctx, u_char *input,
|
||||
long len, u_char tag[],
|
||||
u_char nonce[8]);
|
||||
/* All-in-one implementation of the functions Reset, Update and Final */
|
||||
#endif
|
||||
|
||||
/* uhash.h */
|
||||
|
||||
|
||||
#if 0
|
||||
typedef struct uhash_ctx *uhash_ctx_t;
|
||||
/* The uhash_ctx structure is defined by the implementation of the */
|
||||
/* UHASH functions. */
|
||||
|
||||
uhash_ctx_t uhash_alloc(u_char key[16]);
|
||||
/* Dynamically allocate a uhash_ctx struct and generate subkeys using */
|
||||
/* the kdf and kdf_key passed in. If kdf_key_len is 0 then RC6 is */
|
||||
/* used to generate key with a fixed key. If kdf_key_len > 0 but kdf */
|
||||
/* is NULL then the first 16 bytes pointed at by kdf_key is used as a */
|
||||
/* key for an RC6 based KDF. */
|
||||
|
||||
int uhash_free(uhash_ctx_t ctx);
|
||||
|
||||
int uhash_set_params(uhash_ctx_t ctx,
|
||||
void *params);
|
||||
|
||||
int uhash_reset(uhash_ctx_t ctx);
|
||||
|
||||
int uhash_update(uhash_ctx_t ctx,
|
||||
u_char *input,
|
||||
long len);
|
||||
|
||||
int uhash_final(uhash_ctx_t ctx,
|
||||
u_char ouput[]);
|
||||
|
||||
int uhash(uhash_ctx_t ctx,
|
||||
u_char *input,
|
||||
long len,
|
||||
u_char output[]);
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HEADER_UMAC_H */
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: version.h,v 1.1.1.25 2007/03/10 22:35:58 christos Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */
|
||||
/* $NetBSD: version.h,v 1.1.1.26 2007/12/17 20:15:38 christos Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.50 2007/08/15 08:16:49 markus Exp $ */
|
||||
|
||||
#define SSH_VERSION "OpenSSH_4.6"
|
||||
#define SSH_VERSION "OpenSSH_4.7"
|
||||
|
|
Loading…
Reference in New Issue