Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import v4.6

This commit is contained in:
christos 2007-03-10 22:35:27 +00:00
parent 24bd244ffa
commit 6ad9628ae7
47 changed files with 435 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/dist/ssh/auth-rsa.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: auth-rsa.c,v 1.1.1.15 2006/09/28 21:14:58 christos Exp $ */
/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */
/* $NetBSD: auth-rsa.c,v 1.1.1.16 2007/03/10 22:35:27 christos Exp $ */
/* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -74,10 +74,12 @@ auth_rsa_generate_challenge(Key *key)
if ((challenge = BN_new()) == NULL)
fatal("auth_rsa_generate_challenge: BN_new() failed");
/* Generate a random challenge. */
BN_rand(challenge, 256, 0, 0);
if (BN_rand(challenge, 256, 0, 0) == 0)
fatal("auth_rsa_generate_challenge: BN_rand failed");
if ((ctx = BN_CTX_new()) == NULL)
fatal("auth_rsa_generate_challenge: BN_CTX_new() failed");
BN_mod(challenge, challenge, key->rsa->n, ctx);
fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
fatal("auth_rsa_generate_challenge: BN_mod failed");
BN_CTX_free(ctx);
return challenge;

8
crypto/dist/ssh/auth-skey.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: auth-skey.c,v 1.1.1.8 2006/09/28 21:14:59 christos Exp $ */
/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */
/* $NetBSD: auth-skey.c,v 1.1.1.9 2007/03/10 22:35:28 christos Exp $ */
/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -56,8 +56,8 @@ skey_query(void *ctx, char **name, char **infotxt,
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
return -1;
*name = xstrdup("");
*infotxt = xstrdup("");
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
*prompts = xcalloc(*numprompts, sizeof(char *));
*echo_on = xcalloc(*numprompts, sizeof(u_int));

6
crypto/dist/ssh/auth2-chall.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: auth2-chall.c,v 1.1.1.14 2006/09/28 21:15:00 christos Exp $ */
/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */
/* $NetBSD: auth2-chall.c,v 1.1.1.15 2007/03/10 22:35:28 christos Exp $ */
/* $OpenBSD: auth2-chall.c,v 1.32 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@ -174,7 +174,7 @@ auth2_challenge_stop(Authctxt *authctxt)
{
/* unregister callback */
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
if (authctxt->kbdintctxt != NULL) {
if (authctxt->kbdintctxt != NULL) {
kbdint_free(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
}

8
crypto/dist/ssh/auth2.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: auth2.c,v 1.1.1.21 2006/09/28 21:14:57 christos Exp $ */
/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
/* $NetBSD: auth2.c,v 1.1.1.22 2007/03/10 22:35:29 christos Exp $ */
/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -93,10 +93,6 @@ int user_key_allowed(struct passwd *, Key *);
void
do_authentication2(Authctxt *authctxt)
{
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);

20
crypto/dist/ssh/bufbn.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: bufbn.c,v 1.1.1.1 2006/09/28 21:15:01 christos Exp $ */
/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/
/* $NetBSD: bufbn.c,v 1.1.1.2 2007/03/10 22:35:30 christos Exp $ */
/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -92,7 +92,7 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
}
/*
* Retrieves an BIGNUM from the buffer.
* Retrieves a BIGNUM from the buffer.
*/
int
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
@ -100,7 +100,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
u_int bits, bytes;
u_char buf[2], *bin;
/* Get the number for bits. */
/* Get the number of bits. */
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
error("buffer_get_bignum_ret: invalid length");
return (-1);
@ -117,7 +117,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
return (-1);
}
bin = buffer_ptr(buffer);
BN_bin2bn(bin, bytes, value);
if (BN_bin2bn(bin, bytes, value) == NULL) {
error("buffer_get_bignum_ret: BN_bin2bn failed");
return (-1);
}
if (buffer_consume_ret(buffer, bytes) == -1) {
error("buffer_get_bignum_ret: buffer_consume failed");
return (-1);
@ -133,7 +136,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
}
/*
* Stores an BIGNUM in the buffer in SSH2 format.
* Stores a BIGNUM in the buffer in SSH2 format.
*/
int
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
@ -201,7 +204,10 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
xfree(bin);
return (-1);
}
BN_bin2bn(bin, len, value);
if (BN_bin2bn(bin, len, value) == NULL) {
error("buffer_get_bignum2_ret: BN_bin2bn failed");
return (-1);
}
xfree(bin);
return (0);
}

23
crypto/dist/ssh/channels.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: channels.c,v 1.1.1.23 2006/09/28 21:15:04 christos Exp $ */
/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */
/* $NetBSD: channels.c,v 1.1.1.24 2007/03/10 22:35:33 christos Exp $ */
/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1048,7 +1048,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
if (have < nmethods + 2)
return 0;
/* look for method: "NO AUTHENTICATION REQUIRED" */
for (found = 0, i = 2 ; i < nmethods + 2; i++) {
for (found = 0, i = 2; i < nmethods + 2; i++) {
if (p[i] == SSH_SOCKS5_NOAUTH) {
found = 1;
break;
@ -2506,11 +2506,18 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
/* Send the forward request to the remote side. */
if (compat20) {
const char *address_to_bind;
if (listen_host == NULL)
address_to_bind = "localhost";
else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0)
address_to_bind = "";
else
if (listen_host == NULL) {
if (datafellows & SSH_BUG_RFWD_ADDR)
address_to_bind = "127.0.0.1";
else
address_to_bind = "localhost";
} else if (*listen_host == '\0' ||
strcmp(listen_host, "*") == 0) {
if (datafellows & SSH_BUG_RFWD_ADDR)
address_to_bind = "0.0.0.0";
else
address_to_bind = "";
} else
address_to_bind = listen_host;
packet_start(SSH2_MSG_GLOBAL_REQUEST);

24
crypto/dist/ssh/clientloop.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: clientloop.c,v 1.1.1.23 2006/09/28 21:15:06 christos Exp $ */
/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: clientloop.c,v 1.1.1.24 2007/03/10 22:35:35 christos Exp $ */
/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -457,8 +457,10 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
static void
server_alive_check(void)
{
if (++server_alive_timeouts > options.server_alive_count_max)
packet_disconnect("Timeout, server not responding.");
if (++server_alive_timeouts > options.server_alive_count_max) {
logit("Timeout, server not responding.");
cleanup_exit(255);
}
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring("keepalive@openssh.com");
packet_put_char(1); /* boolean: want reply */
@ -698,7 +700,7 @@ client_process_control(fd_set *readset)
{
Buffer m;
Channel *c;
int client_fd, new_fd[3], ver, allowed;
int client_fd, new_fd[3], ver, allowed, window, packetmax;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
@ -891,9 +893,15 @@ client_process_control(fd_set *readset)
set_nonblock(client_fd);
window = CHAN_SES_WINDOW_DEFAULT;
packetmax = CHAN_SES_PACKET_DEFAULT;
if (cctx->want_tty) {
window >>= 1;
packetmax >>= 1;
}
c = channel_new("session", SSH_CHANNEL_OPENING,
new_fd[0], new_fd[1], new_fd[2],
CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
new_fd[0], new_fd[1], new_fd[2], window, packetmax,
CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
/* XXX */
@ -1748,7 +1756,7 @@ client_request_agent(const char *request_type, int rchan)
error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
sock = ssh_get_authentication_socket();
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
c = channel_new("authentication agent connection",

7
crypto/dist/ssh/compat.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: compat.c,v 1.1.1.16 2006/09/28 21:15:06 christos Exp $ */
/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: compat.c,v 1.1.1.17 2007/03/10 22:35:35 christos Exp $ */
/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -132,7 +132,8 @@ compat_datafellows(const char *version)
{ "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
{ "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
{ "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
SSH_BUG_RFWD_ADDR },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },

5
crypto/dist/ssh/compat.h vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: compat.h,v 1.1.1.15 2006/09/28 21:15:06 christos Exp $ */
/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */
/* $NetBSD: compat.h,v 1.1.1.16 2007/03/10 22:35:35 christos Exp $ */
/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@ -57,6 +57,7 @@
#define SSH_BUG_PROBE 0x00400000
#define SSH_BUG_FIRSTKEX 0x00800000
#define SSH_OLD_FORWARD_ADDR 0x01000000
#define SSH_BUG_RFWD_ADDR 0x02000000
void enable_compat13(void);
void enable_compat20(void);

4
crypto/dist/ssh/dh.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: dh.c,v 1.1.1.11 2006/09/28 21:15:07 christos Exp $ */
/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: dh.c,v 1.1.1.12 2007/03/10 22:35:35 christos Exp $ */
/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*

6
crypto/dist/ssh/dns.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: dns.c,v 1.1.1.3 2006/09/28 21:15:07 christos Exp $ */
/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: dns.c,v 1.1.1.4 2007/03/10 22:35:35 christos Exp $ */
/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -215,7 +215,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (fingerprints->rri_nrdatas)
*flags |= DNS_VERIFY_FOUND;
for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
/*
* Extract the key from the answer. Ignore any badly
* formatted fingerprints.

6
crypto/dist/ssh/kex.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: kex.c,v 1.1.1.18 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: kex.c,v 1.1.1.19 2007/03/10 22:35:28 christos Exp $ */
/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -542,7 +542,7 @@ dump_digest(char *msg, u_char *digest, int len)
u_int i;
fprintf(stderr, "%s\n", msg);
for (i = 0; i< len; i++) {
for (i = 0; i < len; i++) {
fprintf(stderr, "%02x", digest[i]);
if (i%32 == 31)
fprintf(stderr, "\n");

13
crypto/dist/ssh/kexdhc.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: kexdhc.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: kexdhc.c,v 1.1.1.5 2007/03/10 22:35:37 christos Exp $ */
/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -48,7 +48,8 @@ kexdh_client(Kex *kex)
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen, hashlen;
u_int klen, slen, sbloblen, hashlen;
int kout;
/* generate and send 'e', client DH public key */
switch (kex->kex_type) {
@ -110,13 +111,15 @@ kexdh_client(Kex *kex)
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);

14
crypto/dist/ssh/kexdhs.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: kexdhs.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: kexdhs.c,v 1.1.1.5 2007/03/10 22:35:37 christos Exp $ */
/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -50,8 +50,8 @@ kexdh_server(Kex *kex)
DH *dh;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, hashlen;
u_int slen;
u_int sbloblen, klen, hashlen, slen;
int kout;
/* generate server DH public key */
switch (kex->kex_type) {
@ -99,13 +99,15 @@ kexdh_server(Kex *kex)
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);

13
crypto/dist/ssh/kexgexc.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: kexgexc.c,v 1.1.1.4 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: kexgexc.c,v 1.1.1.5 2007/03/10 22:35:37 christos Exp $ */
/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -49,7 +49,8 @@ kexgex_client(Kex *kex)
BIGNUM *p = NULL, *g = NULL;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, kout, slen, sbloblen, hashlen;
u_int klen, slen, sbloblen, hashlen;
int kout;
int min, max, nbits;
DH *dh;
@ -148,13 +149,15 @@ kexgex_client(Kex *kex)
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);

14
crypto/dist/ssh/kexgexs.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: kexgexs.c,v 1.1.1.3 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: kexgexs.c,v 1.1.1.4 2007/03/10 22:35:38 christos Exp $ */
/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -53,8 +53,8 @@ kexgex_server(Kex *kex)
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, slen, hashlen;
int min = -1, max = -1, nbits = -1, type;
u_int sbloblen, klen, slen, hashlen;
int min = -1, max = -1, nbits = -1, type, kout;
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
@ -132,13 +132,15 @@ kexgex_server(Kex *kex)
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);

18
crypto/dist/ssh/key.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: key.c,v 1.1.1.20 2006/09/28 21:15:09 christos Exp $ */
/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: key.c,v 1.1.1.21 2007/03/10 22:35:38 christos Exp $ */
/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -615,16 +615,18 @@ key_from_private(const Key *k)
switch (k->type) {
case KEY_DSA:
n = key_new(k->type);
BN_copy(n->dsa->p, k->dsa->p);
BN_copy(n->dsa->q, k->dsa->q);
BN_copy(n->dsa->g, k->dsa->g);
BN_copy(n->dsa->pub_key, k->dsa->pub_key);
if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
(BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
(BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
fatal("key_from_private: BN_copy failed");
break;
case KEY_RSA:
case KEY_RSA1:
n = key_new(k->type);
BN_copy(n->rsa->n, k->rsa->n);
BN_copy(n->rsa->e, k->rsa->e);
if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
(BN_copy(n->rsa->e, k->rsa->e) == NULL))
fatal("key_from_private: BN_copy failed");
break;
default:
fatal("key_from_private: unknown type %d", k->type);

6
crypto/dist/ssh/misc.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: misc.c,v 1.1.1.13 2006/09/28 21:15:10 christos Exp $ */
/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: misc.c,v 1.1.1.14 2007/03/10 22:35:39 christos Exp $ */
/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -604,6 +604,8 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
u_long *lineno)
{
while (fgets(buf, bufsz, f) != NULL) {
if (buf[0] == '\0')
continue;
(*lineno)++;
if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
return 0;

60
crypto/dist/ssh/moduli.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: moduli.c,v 1.1.1.4 2006/09/28 21:15:11 christos Exp $ */
/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: moduli.c,v 1.1.1.5 2007/03/10 22:35:39 christos Exp $ */
/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -326,20 +326,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
/* validation check: count the number of primes tried */
largetries = 0;
q = BN_new();
if ((q = BN_new()) == NULL)
fatal("BN_new failed");
/*
* Generate random starting point for subprime search, or use
* specified parameter.
*/
largebase = BN_new();
if (start == NULL)
BN_rand(largebase, power, 1, 1);
else
BN_copy(largebase, start);
if ((largebase = BN_new()) == NULL)
fatal("BN_new failed");
if (start == NULL) {
if (BN_rand(largebase, power, 1, 1) == 0)
fatal("BN_rand failed");
} else {
if (BN_copy(largebase, start) == NULL)
fatal("BN_copy: failed");
}
/* ensure odd */
BN_set_bit(largebase, 0);
if (BN_set_bit(largebase, 0) == 0)
fatal("BN_set_bit: failed");
time(&time_start);
@ -423,8 +429,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
continue; /* Definitely composite, skip */
debug2("test q = largebase+%u", 2 * j);
BN_set_word(q, 2 * j);
BN_add(q, q, largebase);
if (BN_set_word(q, 2 * j) == 0)
fatal("BN_set_word failed");
if (BN_add(q, q, largebase) == 0)
fatal("BN_add failed");
if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
largetries, (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
@ -469,20 +477,21 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
time(&time_start);
p = BN_new();
q = BN_new();
ctx = BN_CTX_new();
if ((p = BN_new()) == NULL)
fatal("BN_new failed");
if ((q = BN_new()) == NULL)
fatal("BN_new failed");
if ((ctx = BN_CTX_new()) == NULL)
fatal("BN_CTX_new failed");
debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
ctime(&time_start), trials, generator_wanted);
res = 0;
lp = xmalloc(QLINESIZE + 1);
while (fgets(lp, QLINESIZE, in) != NULL) {
int ll = strlen(lp);
while (fgets(lp, QLINESIZE + 1, in) != NULL) {
count_in++;
if (ll < 14 || *lp == '!' || *lp == '#') {
if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
debug2("%10u: comment or short line", count_in);
continue;
}
@ -519,10 +528,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
case QTYPE_SOPHIE_GERMAIN:
debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
a = q;
BN_hex2bn(&a, cp);
if (BN_hex2bn(&a, cp) == 0)
fatal("BN_hex2bn failed");
/* p = 2*q + 1 */
BN_lshift(p, q, 1);
BN_add_word(p, 1);
if (BN_lshift(p, q, 1) == 0)
fatal("BN_lshift failed");
if (BN_add_word(p, 1) == 0)
fatal("BN_add_word failed");
in_size += 1;
generator_known = 0;
break;
@ -533,9 +545,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
case QTYPE_UNKNOWN:
debug2("%10u: (%u)", count_in, in_type);
a = p;
BN_hex2bn(&a, cp);
if (BN_hex2bn(&a, cp) == 0)
fatal("BN_hex2bn failed");
/* q = (p-1) / 2 */
BN_rshift(q, p, 1);
if (BN_rshift(q, p, 1) == 0)
fatal("BN_rshift failed");
break;
default:
debug2("Unknown prime type");

13
crypto/dist/ssh/monitor.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: monitor.c,v 1.1.1.10 2006/09/28 21:15:12 christos Exp $ */
/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
/* $NetBSD: monitor.c,v 1.1.1.11 2007/03/10 22:35:40 christos Exp $ */
/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -293,7 +293,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
/* The first few requests do not require asynchronous access */
while (!authenticated) {
auth_method = "unknown";
authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@ -571,6 +571,9 @@ mm_answer_pwnamallow(int sock, Buffer *m)
buffer_put_cstring(m, pwent->pw_class);
buffer_put_cstring(m, pwent->pw_dir);
buffer_put_cstring(m, pwent->pw_shell);
buffer_put_string(m, &options, sizeof(options));
if (options.banner != NULL)
buffer_put_cstring(m, options.banner);
out:
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
@ -1009,7 +1012,7 @@ mm_answer_keyverify(int sock, Buffer *m)
verified = key_verify(key, signature, signaturelen, data, datalen);
debug3("%s: key %p signature %s",
__func__, key, verified ? "verified" : "unverified");
__func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
xfree(blob);
@ -1024,7 +1027,7 @@ mm_answer_keyverify(int sock, Buffer *m)
buffer_put_int(m, verified);
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
return (verified);
return (verified == 1);
}
static void

23
crypto/dist/ssh/monitor_wrap.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: monitor_wrap.c,v 1.1.1.8 2006/09/28 21:15:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
/* $NetBSD: monitor_wrap.c,v 1.1.1.9 2007/03/10 22:35:41 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -64,6 +64,7 @@
#include "channels.h"
#include "session.h"
#include "servconf.h"
/* Imports */
extern int compat20;
@ -73,6 +74,7 @@ extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
extern Buffer loginmsg;
extern ServerOptions options;
int
mm_is_monitor(void)
@ -197,7 +199,8 @@ mm_getpwnamallow(const char *username)
{
Buffer m;
struct passwd *pw;
u_int pwlen;
u_int len;
ServerOptions *newopts;
debug3("%s entering", __func__);
@ -213,8 +216,8 @@ mm_getpwnamallow(const char *username)
buffer_free(&m);
return (NULL);
}
pw = buffer_get_string(&m, &pwlen);
if (pwlen != sizeof(struct passwd))
pw = buffer_get_string(&m, &len);
if (len != sizeof(struct passwd))
fatal("%s: struct passwd size mismatch", __func__);
pw->pw_name = buffer_get_string(&m, NULL);
pw->pw_passwd = buffer_get_string(&m, NULL);
@ -222,6 +225,16 @@ mm_getpwnamallow(const char *username)
pw->pw_class = buffer_get_string(&m, NULL);
pw->pw_dir = buffer_get_string(&m, NULL);
pw->pw_shell = buffer_get_string(&m, NULL);
/* copy options block as a Match directive may have changed some */
newopts = buffer_get_string(&m, &len);
if (len != sizeof(*newopts))
fatal("%s: option block size mismatch", __func__);
if (newopts->banner != NULL)
newopts->banner = buffer_get_string(&m, NULL);
copy_set_server_options(&options, newopts, 1);
xfree(newopts);
buffer_free(&m);
return (pw);

7
crypto/dist/ssh/packet.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: packet.c,v 1.1.1.20 2006/09/28 21:15:14 christos Exp $ */
/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */
/* $NetBSD: packet.c,v 1.1.1.21 2007/03/10 22:35:42 christos Exp $ */
/* $OpenBSD: packet.c,v 1.145 2006/09/19 21:14:08 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -683,6 +683,9 @@ packet_enable_delayed_compress(void)
*/
after_authentication = 1;
for (mode = 0; mode < MODE_MAX; mode++) {
/* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
if (newkeys[mode] == NULL)
continue;
comp = &newkeys[mode]->comp;
if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
packet_init_compression();

10
crypto/dist/ssh/readconf.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: readconf.c,v 1.1.1.19 2006/09/28 21:15:16 christos Exp $ */
/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: readconf.c,v 1.1.1.20 2007/03/10 22:35:43 christos Exp $ */
/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -360,7 +360,7 @@ parse_time:
if ((value = convtime(arg)) == -1)
fatal("%s line %d: invalid time value.",
filename, linenum);
if (*intptr == -1)
if (*activep && *intptr == -1)
*intptr = value;
break;
@ -541,7 +541,7 @@ parse_yesnoask:
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
charptr = &options->identity_files[*intptr];
charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
}
@ -688,7 +688,7 @@ parse_int:
break;
case oLogLevel:
intptr = (int *)(void *)&options->log_level;
intptr = (int *) &options->log_level;
arg = strdelim(&s);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)

20
crypto/dist/ssh/rsa.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: rsa.c,v 1.1.1.7 2006/09/28 21:15:16 christos Exp $ */
/* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: rsa.c,v 1.1.1.8 2007/03/10 22:35:43 christos Exp $ */
/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -89,7 +89,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
RSA_PKCS1_PADDING)) <= 0)
fatal("rsa_public_encrypt() failed");
BN_bin2bn(outbuf, len, out);
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_public_encrypt: BN_bin2bn failed");
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
@ -114,7 +115,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
RSA_PKCS1_PADDING)) <= 0) {
error("rsa_private_decrypt() failed");
} else {
BN_bin2bn(outbuf, len, out);
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_private_decrypt: BN_bin2bn failed");
}
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
@ -135,11 +137,11 @@ rsa_generate_additional_parameters(RSA *rsa)
if ((ctx = BN_CTX_new()) == NULL)
fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
BN_sub(aux, rsa->q, BN_value_one());
BN_mod(rsa->dmq1, rsa->d, aux, ctx);
BN_sub(aux, rsa->p, BN_value_one());
BN_mod(rsa->dmp1, rsa->d, aux, ctx);
if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
(BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
(BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
(BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
fatal("rsa_generate_additional_parameters: BN_sub/mod failed");
BN_clear_free(aux);
BN_CTX_free(ctx);

14
crypto/dist/ssh/scard.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: scard.c,v 1.1.1.7 2006/09/28 21:15:16 christos Exp $ */
/* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: scard.c,v 1.1.1.8 2007/03/10 22:35:44 christos Exp $ */
/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -390,15 +390,17 @@ sc_get_keys(const char *id, const char *pin)
keys = xcalloc((nkeys+1), sizeof(Key *));
n = key_new(KEY_RSA1);
BN_copy(n->rsa->n, k->rsa->n);
BN_copy(n->rsa->e, k->rsa->e);
if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
(BN_copy(n->rsa->e, k->rsa->e) == NULL))
fatal("sc_get_keys: BN_copy failed");
RSA_set_method(n->rsa, sc_get_rsa());
n->flags |= KEY_FLAG_EXT;
keys[0] = n;
n = key_new(KEY_RSA);
BN_copy(n->rsa->n, k->rsa->n);
BN_copy(n->rsa->e, k->rsa->e);
if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
(BN_copy(n->rsa->e, k->rsa->e) == NULL))
fatal("sc_get_keys: BN_copy failed");
RSA_set_method(n->rsa, sc_get_rsa());
n->flags |= KEY_FLAG_EXT;
keys[1] = n;

6
crypto/dist/ssh/scp.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: scp.c,v 1.1.1.20 2006/09/28 21:15:17 christos Exp $ */
/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: scp.c,v 1.1.1.21 2007/03/10 22:35:44 christos Exp $ */
/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -368,7 +368,7 @@ main(int argc, char **argv)
if ((pwd = getpwuid(userid = getuid())) == NULL)
fatal("unknown user %u", (u_int) userid);
if (!isatty(STDERR_FILENO))
if (!isatty(STDOUT_FILENO))
showprogress = 0;
remin = STDIN_FILENO;

102
crypto/dist/ssh/servconf.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: servconf.c,v 1.1.1.21 2006/09/28 21:15:18 christos Exp $ */
/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */
/* $NetBSD: servconf.c,v 1.1.1.22 2007/03/10 22:35:45 christos Exp $ */
/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -293,19 +293,19 @@ static struct {
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
{ "loglevel", sLogLevel, SSHCFG_GLOBAL },
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL },
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
#ifdef KRB5
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL },
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
{ "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
{ "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
#else
{ "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL },
{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
@ -313,14 +313,14 @@ static struct {
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
@ -353,7 +353,7 @@ static struct {
{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
{ "banner", sBanner, SSHCFG_GLOBAL },
{ "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@ -926,7 +926,7 @@ parse_flag:
else
fatal("%s line %d: Bad yes/no/clientspecified "
"argument: %s", filename, linenum, arg);
if (*intptr == -1)
if (*activep && *intptr == -1)
*intptr = value;
break;
@ -1178,13 +1178,16 @@ parse_flag:
if (!arg || *arg == '\0')
fatal("%s line %d: missing PermitOpen specification",
filename, linenum);
n = options->num_permitted_opens; /* modified later */
if (strcmp(arg, "any") == 0) {
if (*activep) {
if (*activep && n == -1) {
channel_clear_adm_permitted_opens();
options->num_permitted_opens = 0;
}
break;
}
if (*activep && n == -1)
channel_clear_adm_permitted_opens();
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
p = hpdelim(&arg);
if (p == NULL)
@ -1194,11 +1197,9 @@ parse_flag:
if (arg == NULL || (port = a2port(arg)) == 0)
fatal("%s line %d: bad port number in "
"PermitOpen", filename, linenum);
if (*activep && options->num_permitted_opens == -1) {
channel_clear_adm_permitted_opens();
if (*activep && n == -1)
options->num_permitted_opens =
channel_add_adm_permitted_opens(p, port);
}
}
break;
@ -1274,30 +1275,55 @@ parse_server_match_config(ServerOptions *options, const char *user,
initialize_server_options(&mo);
parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
copy_set_server_options(options, &mo);
copy_set_server_options(options, &mo, 0);
}
/* Copy any (supported) values that are set */
/* Helper macros */
#define M_CP_INTOPT(n) do {\
if (src->n != -1) \
dst->n = src->n; \
} while (0)
#define M_CP_STROPT(n) do {\
if (src->n != NULL) { \
if (dst->n != NULL) \
xfree(dst->n); \
dst->n = src->n; \
} \
} while(0)
/*
* Copy any supported values that are set.
*
* If the preauth flag is set, we do not bother copying the the string or
* array values that are not used pre-authentication, because any that we
* do use must be explictly sent in mm_getpwnamallow().
*/
void
copy_set_server_options(ServerOptions *dst, ServerOptions *src)
copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
if (src->allow_tcp_forwarding != -1)
dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
if (src->gateway_ports != -1)
dst->gateway_ports = src->gateway_ports;
if (src->adm_forced_command != NULL) {
if (dst->adm_forced_command != NULL)
xfree(dst->adm_forced_command);
dst->adm_forced_command = src->adm_forced_command;
}
if (src->x11_display_offset != -1)
dst->x11_display_offset = src->x11_display_offset;
if (src->x11_forwarding != -1)
dst->x11_forwarding = src->x11_forwarding;
if (src->x11_use_localhost != -1)
dst->x11_use_localhost = src->x11_use_localhost;
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
M_CP_INTOPT(pubkey_authentication);
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(gateway_ports);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
M_CP_STROPT(banner);
if (preauth)
return;
M_CP_STROPT(adm_forced_command);
}
#undef M_CP_INTOPT
#undef M_CP_STROPT
void
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
const char *user, const char *host, const char *address)
@ -1319,4 +1345,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
/* challenge-response is implemented via keyboard interactive */
if (options->challenge_response_authentication == 1)
options->kbd_interactive_authentication = 1;
}

6
crypto/dist/ssh/servconf.h vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: servconf.h,v 1.1.1.16 2006/09/28 21:15:18 christos Exp $ */
/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */
/* $NetBSD: servconf.h,v 1.1.1.17 2007/03/10 22:35:45 christos Exp $ */
/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -151,6 +151,6 @@ void parse_server_config(ServerOptions *, const char *, Buffer *,
const char *, const char *, const char *);
void parse_server_match_config(ServerOptions *, const char *, const char *,
const char *);
void copy_set_server_options(ServerOptions *, ServerOptions *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
#endif /* SERVCONF_H */

10
crypto/dist/ssh/serverloop.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: serverloop.c,v 1.1.1.23 2006/09/28 21:15:19 christos Exp $ */
/* $OpenBSD: serverloop.c,v 1.144 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: serverloop.c,v 1.1.1.24 2007/03/10 22:35:45 christos Exp $ */
/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -243,8 +243,10 @@ client_alive_check(void)
int channel_id;
/* timeout, check to see how many we have had */
if (++client_alive_timeouts > options.client_alive_count_max)
packet_disconnect("Timeout, your session not responding.");
if (++client_alive_timeouts > options.client_alive_count_max) {
logit("Timeout, client not responding.");
cleanup_exit(255);
}
/*
* send a bogus global/channel request with "wantreply",

10
crypto/dist/ssh/session.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: session.c,v 1.1.1.23 2006/09/28 21:15:20 christos Exp $ */
/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */
/* $NetBSD: session.c,v 1.1.1.24 2007/03/10 22:35:37 christos Exp $ */
/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -764,7 +764,7 @@ do_setup_env(Session *s, const char *shell)
/* Initialize the environment. */
envsize = 100;
env = xmalloc(envsize * sizeof(char *));
env = xcalloc(envsize, sizeof(char *));
env[0] = NULL;
#ifdef GSSAPI
@ -1599,7 +1599,7 @@ session_input_channel_req(Channel *c, const char *rtype)
} else if (strcmp(rtype, "exec") == 0) {
success = session_exec_req(s);
} else if (strcmp(rtype, "pty-req") == 0) {
success = session_pty_req(s);
success = session_pty_req(s);
} else if (strcmp(rtype, "x11-req") == 0) {
success = session_x11_req(s);
} else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
@ -1724,7 +1724,7 @@ session_close_single_x11(int id, void *arg)
debug3("session_close_single_x11: channel %d", id);
channel_cancel_cleanup(id);
if ((s = session_by_x11_channel(id)) == NULL)
if ((s = session_by_x11_channel(id)) == NULL)
fatal("session_close_single_x11: no x11 channel %d", id);
for (i = 0; s->x11_chanids[i] != -1; i++) {
debug("session_close_single_x11: session %d: "

7
crypto/dist/ssh/sftp-client.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sftp-client.c,v 1.1.1.17 2006/09/28 21:15:21 christos Exp $ */
/* $OpenBSD: sftp-client.c,v 1.74 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: sftp-client.c,v 1.1.1.18 2007/03/10 22:35:46 christos Exp $ */
/* $OpenBSD: sftp-client.c,v 1.76 2007/01/22 11:32:50 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -1125,10 +1125,13 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
if (status != SSH2_FX_OK) {
error("Couldn't write to remote file \"%s\": %s",
remote_path, fx2txt(status));
if (showprogress)
stop_progress_meter();
do_close(conn, handle, handle_len);
close(local_fd);
xfree(data);
xfree(ack);
status = -1;
goto done;
}
debug3("In write loop, ack for %u %u bytes at %llu",

6
crypto/dist/ssh/sftp-server.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sftp-server.c,v 1.1.1.17 2006/09/28 21:15:22 christos Exp $ */
/* $OpenBSD: sftp-server.c,v 1.70 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: sftp-server.c,v 1.1.1.18 2007/03/10 22:35:47 christos Exp $ */
/* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -659,7 +659,7 @@ process_fstat(void)
debug("request %u: fstat \"%s\" (handle %u)",
id, handle_to_name(handle), handle);
fd = handle_to_fd(handle);
if (fd >= 0) {
if (fd >= 0) {
ret = fstat(fd, &st);
if (ret < 0) {
status = errno_to_portable(errno);

17
crypto/dist/ssh/sftp.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sftp.c,v 1.1.1.16 2006/09/28 21:15:23 christos Exp $ */
/* $OpenBSD: sftp.c,v 1.91 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: sftp.c,v 1.1.1.17 2007/03/10 22:35:48 christos Exp $ */
/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -155,6 +155,7 @@ static const struct CMD cmds[] = {
int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
/* ARGSUSED */
static void
killchild(int signo)
{
@ -166,6 +167,7 @@ killchild(int signo)
_exit(1);
}
/* ARGSUSED */
static void
cmd_interrupt(int signo)
{
@ -287,11 +289,11 @@ static char *
path_append(char *p1, char *p2)
{
char *ret;
int len = strlen(p1) + strlen(p2) + 2;
size_t len = strlen(p1) + strlen(p2) + 2;
ret = xmalloc(len);
strlcpy(ret, p1, len);
if (p1[strlen(p1) - 1] != '/')
if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
strlcat(ret, "/", len);
strlcat(ret, p2, len);
@ -482,7 +484,7 @@ is_dir(char *path)
if (stat(path, &sb) == -1)
return(0);
return(sb.st_mode & S_IFDIR);
return(S_ISDIR(sb.st_mode));
}
static int
@ -506,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
return(0);
if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
return(0);
return(a->perm & S_IFDIR);
return(S_ISDIR(a->perm));
}
static int
@ -966,6 +968,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
case I_CHOWN:
case I_CHGRP:
/* Get numeric arg (mandatory) */
errno = 0;
l = strtol(cp, &cp2, base);
if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) &&
errno == ERANGE) || l < 0) {
@ -1528,7 +1531,7 @@ main(int argc, char **argv)
fprintf(stderr, "Missing username\n");
usage();
}
addargs(&args, "-l%s",userhost);
addargs(&args, "-l%s", userhost);
}
if ((cp = colon(host)) != NULL) {

28
crypto/dist/ssh/ssh-agent.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: ssh-agent.c,v 1.1.1.20 2006/09/28 21:15:24 christos Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.152 2006/08/04 20:46:05 stevesk Exp $ */
/* $NetBSD: ssh-agent.c,v 1.1.1.21 2007/03/10 22:35:49 christos Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -36,12 +36,12 @@
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/queue.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/time.h>
#include <sys/param.h>
#include <openssl/evp.h>
@ -422,6 +422,7 @@ reaper(void)
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
nxt = TAILQ_NEXT(id, next);
if (id->death != 0 && now >= id->death) {
debug("expiring key '%s'", id->comment);
TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
tab->nentries--;
@ -686,9 +687,6 @@ process_message(SocketEntry *e)
u_int msg_len, type;
u_char *cp;
/* kill dead keys */
reaper();
if (buffer_len(&e->input) < 5)
return; /* Incomplete message. */
cp = buffer_ptr(&e->input);
@ -1004,7 +1002,7 @@ int
main(int ac, char **av)
{
int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
int sock, fd, ch;
int sock, fd, ch, result, saved_errno;
u_int nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
@ -1014,6 +1012,7 @@ main(int ac, char **av)
extern char *optarg;
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
struct timeval tv;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@ -1213,13 +1212,18 @@ skip:
nalloc = 0;
while (1) {
tv.tv_sec = 10;
tv.tv_usec = 0;
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
if (errno == EINTR)
result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
saved_errno = errno;
reaper(); /* remove expired keys */
if (result < 0) {
if (saved_errno == EINTR)
continue;
fatal("select: %s", strerror(errno));
}
after_select(readsetp, writesetp);
fatal("select: %s", strerror(saved_errno));
} else if (result > 0)
after_select(readsetp, writesetp);
}
/* NOTREACHED */
}

9
crypto/dist/ssh/ssh-dss.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: ssh-dss.c,v 1.1.1.14 2006/09/28 21:15:24 christos Exp $ */
/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: ssh-dss.c,v 1.1.1.15 2007/03/10 22:35:49 christos Exp $ */
/* $OpenBSD: ssh-dss.c,v 1.24 2006/11/06 21:25:28 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -159,8 +159,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
fatal("ssh_dss_verify: BN_new failed");
if ((sig->s = BN_new()) == NULL)
fatal("ssh_dss_verify: BN_new failed");
BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
fatal("ssh_dss_verify: BN_bin2bn failed");
/* clean up */
memset(sigblob, 0, len);

19
crypto/dist/ssh/ssh-keygen.1 vendored
View File

@ -1,5 +1,5 @@
.\" $NetBSD: ssh-keygen.1,v 1.1.1.17 2006/02/04 22:23:11 christos Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
.\" $NetBSD: ssh-keygen.1,v 1.1.1.18 2007/03/10 22:35:50 christos Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.74 2007/01/12 20:20:41 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@ -206,8 +206,8 @@ Download the RSA public key stored in the smartcard in
.Ar reader .
.It Fl e
This option will read a private or public OpenSSH key file and
print the key in a
.Sq SECSH Public Key File Format
print the key in
RFC 4716 SSH Public Key File Format
to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
@ -254,7 +254,7 @@ in SSH2-compatible format and print an OpenSSH compatible private
(or public) key to stdout.
.Nm
also reads the
.Sq SECSH Public Key File Format .
RFC 4716 SSH Public Key File Format.
This option allows importing keys from several commercial
SSH implementations.
.It Fl l
@ -451,12 +451,9 @@ The file format is described in
.Xr moduli 5 ,
.Xr sshd 8
.Rs
.%A J. Galbraith
.%A R. Thayer
.%T "SECSH Public Key File Format"
.%N draft-ietf-secsh-publickeyfile-01.txt
.%D March 2001
.%O work in progress material
.%R RFC 4716
.%T "The Secure Shell (SSH) Public Key File Format"
.%D 2006
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free

34
crypto/dist/ssh/ssh-keygen.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: ssh-keygen.c,v 1.1.1.20 2006/09/28 21:15:26 christos Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: ssh-keygen.c,v 1.1.1.21 2007/03/10 22:35:51 christos Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -216,7 +216,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
if (buffer_len(b) < bytes)
fatal("buffer_get_bignum_bits: input buffer too small: "
"need %d have %d", bytes, buffer_len(b));
BN_bin2bn(buffer_ptr(b), bytes, value);
if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
fatal("buffer_get_bignum_bits: BN_bin2bn failed");
buffer_consume(b, bytes);
}
@ -234,7 +235,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
buffer_init(&b);
buffer_append(&b, blob, blen);
magic = buffer_get_int(&b);
magic = buffer_get_int(&b);
if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
buffer_free(&b);
@ -246,7 +247,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
i2 = buffer_get_int(&b);
i3 = buffer_get_int(&b);
i4 = buffer_get_int(&b);
debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
if (strcmp(cipher, "none") != 0) {
error("unsupported cipher %s", cipher);
xfree(cipher);
@ -277,7 +278,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
buffer_get_bignum_bits(&b, key->dsa->priv_key);
break;
case KEY_RSA:
e = buffer_get_char(&b);
e = buffer_get_char(&b);
debug("e %lx", e);
if (e < 30) {
e <<= 8;
@ -339,9 +340,8 @@ get_line(FILE *fp, char *line, size_t len)
line[pos++] = c;
line[pos] = '\0';
}
if (c == EOF)
return -1;
return pos;
/* We reached EOF */
return -1;
}
static void
@ -547,7 +547,7 @@ do_fingerprint(struct passwd *pw)
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '\n' || *cp == '#')
continue ;
continue;
i = strtol(cp, &ep, 10);
if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
int quoted = 0;
@ -1010,13 +1010,13 @@ usage(void)
#ifdef SMARTCARD
fprintf(stderr, " -D reader Download public key from smartcard.\n");
#endif /* SMARTCARD */
fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n");
fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
fprintf(stderr, " -f filename Filename of the key file.\n");
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
fprintf(stderr, " -g Use generic DNS resource record format.\n");
fprintf(stderr, " -H Hash names in known_hosts file.\n");
fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
@ -1042,7 +1042,7 @@ usage(void)
* Main program for key management.
*/
int
main(int ac, char **av)
main(int argc, char **argv)
{
char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
char out_file[MAXPATHLEN], *reader_id = NULL;
@ -1065,7 +1065,7 @@ main(int ac, char **av)
sanitise_stdfd();
SSLeay_add_all_algorithms();
log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
/* we need this for the home * directory. */
pw = getpwuid(getuid());
@ -1078,7 +1078,7 @@ main(int ac, char **av)
exit(1);
}
while ((opt = getopt(ac, av,
while ((opt = getopt(argc, argv,
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
@ -1211,9 +1211,9 @@ main(int ac, char **av)
}
/* reinit */
log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
if (optind < ac) {
if (optind < argc) {
printf("Too many arguments.\n");
usage();
}

6
crypto/dist/ssh/ssh-keyscan.1 vendored
View File

@ -1,5 +1,5 @@
.\" $NetBSD: ssh-keyscan.1,v 1.1.1.12 2006/02/04 22:23:12 christos Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $
.\" $NetBSD: ssh-keyscan.1,v 1.1.1.13 2007/03/10 22:35:51 christos Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -103,7 +103,7 @@ Causes
to print debugging messages about its progress.
.El
.Sh SECURITY
If a ssh_known_hosts file is constructed using
If an ssh_known_hosts file is constructed using
.Nm
without verifying the keys, users will be vulnerable to
.Em man in the middle

6
crypto/dist/ssh/ssh-keyscan.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: ssh-keyscan.c,v 1.1.1.18 2006/09/28 21:15:26 christos Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.73 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: ssh-keyscan.c,v 1.1.1.19 2007/03/10 22:35:51 christos Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.74 2006/10/06 02:29:19 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -11,8 +11,8 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <openssl/bn.h>

29
crypto/dist/ssh/ssh.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: ssh.1,v 1.1.1.21 2006/09/28 21:15:27 christos Exp $
.\" $NetBSD: ssh.1,v 1.1.1.22 2007/03/10 22:35:52 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $
.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@ -1078,12 +1078,22 @@ controls whether the server supports this,
and at what level (layer 2 or 3 traffic).
.Pp
The following example would connect client network 10.0.50.0/24
with remote network 10.0.99.0/24, provided that the SSH server
running on the gateway to the remote network,
at 192.168.1.15, allows it:
with remote network 10.0.99.0/24 using a point-to-point connection
from 10.1.1.1 to 10.1.1.2,
provided that the SSH server running on the gateway to the remote network,
at 192.168.1.15, allows it.
.Pp
On the client:
.Bd -literal -offset indent
# ssh -f -w 0:1 192.168.1.15 true
# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252
# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
# route add 10.0.99.0/24 10.1.1.2
.Ed
.Pp
On the server:
.Bd -literal -offset indent
# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
# route add 10.0.50.0/24 10.1.1.1
.Ed
.Pp
Client access may be more finely tuned via the
@ -1106,7 +1116,7 @@ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
.Ed
.Pp
Since a SSH-based setup entails a fair amount of overhead,
Since an SSH-based setup entails a fair amount of overhead,
it may be more suited to temporary setups,
such as for wireless VPNs.
More permanent VPNs are better provided by tools such as
@ -1409,6 +1419,11 @@ manual page for more information.
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
.%D 2006
.Re
.Rs
.%R RFC 4716
.%T "The Secure Shell (SSH) Public Key File Format"
.%D 2006
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.

7
crypto/dist/ssh/ssh.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: ssh.c,v 1.1.1.22 2006/09/28 21:15:28 christos Exp $ */
/* $OpenBSD: ssh.c,v 1.293 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: ssh.c,v 1.1.1.23 2007/03/10 22:35:53 christos Exp $ */
/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -42,6 +42,7 @@
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/ioctl.h>
#include <sys/types.h>
@ -601,7 +602,7 @@ main(int ac, char **av)
if (!read_config_file(config, host, &options, 0))
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
} else {
} else {
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
(void)read_config_file(buf, host, &options, 1);

10
crypto/dist/ssh/ssh_config.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: ssh_config.5,v 1.1.1.7 2006/09/28 21:15:29 christos Exp $
.\" $NetBSD: ssh_config.5,v 1.1.1.8 2007/03/10 22:35:54 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $
.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@ -43,10 +43,8 @@
.Nm ssh_config
.Nd OpenSSH SSH client configuration files
.Sh SYNOPSIS
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/config
.It Pa /etc/ssh/ssh_config
.El
.Nm ~/.ssh/config
.Nm /etc/ssh/ssh_config
.Sh DESCRIPTION
.Xr ssh 1
obtains configuration data from the following sources in

13
crypto/dist/ssh/sshconnect.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sshconnect.c,v 1.1.1.21 2006/09/28 21:15:30 christos Exp $ */
/* $OpenBSD: sshconnect.c,v 1.199 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: sshconnect.c,v 1.1.1.22 2007/03/10 22:35:54 christos Exp $ */
/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -312,9 +312,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
gai_strerror(gaierr));
for (attempt = 0; attempt < connection_attempts; attempt++) {
if (attempt > 0)
if (attempt > 0) {
/* Sleep a moment before retrying. */
sleep(1);
debug("Trying again...");
}
/*
* Loop through addresses for this host, and try each one in
* sequence until the connection succeeds.
@ -351,9 +353,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
}
if (sock != -1)
break; /* Successful connection. */
/* Sleep a moment before retrying. */
sleep(1);
}
freeaddrinfo(aitop);

24
crypto/dist/ssh/sshconnect1.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sshconnect1.c,v 1.1.1.19 2006/09/28 21:15:31 christos Exp $ */
/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */
/* $NetBSD: sshconnect1.c,v 1.1.1.20 2007/03/10 22:35:55 christos Exp $ */
/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -561,14 +561,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
* the first 16 bytes of the session id.
*/
if ((key = BN_new()) == NULL)
fatal("respond_to_rsa_challenge: BN_new failed");
BN_set_word(key, 0);
fatal("ssh_kex: BN_new failed");
if (BN_set_word(key, 0) == 0)
fatal("ssh_kex: BN_set_word failed");
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
BN_lshift(key, key, 8);
if (i < 16)
BN_add_word(key, session_key[i] ^ session_id[i]);
else
BN_add_word(key, session_key[i]);
if (BN_lshift(key, key, 8) == 0)
fatal("ssh_kex: BN_lshift failed");
if (i < 16) {
if (BN_add_word(key, session_key[i] ^ session_id[i])
== 0)
fatal("ssh_kex: BN_add_word failed");
} else {
if (BN_add_word(key, session_key[i]) == 0)
fatal("ssh_kex: BN_add_word failed");
}
}
/*

9
crypto/dist/ssh/sshd.c vendored
View File

@ -1,5 +1,5 @@
/* $NetBSD: sshd.c,v 1.1.1.24 2006/09/28 21:15:33 christos Exp $ */
/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
/* $NetBSD: sshd.c,v 1.1.1.25 2007/03/10 22:35:57 christos Exp $ */
/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -289,6 +289,7 @@ sighup_restart(void)
logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
alarm(0); /* alarm timer persists across exec */
execv(saved_argv[0], saved_argv);
logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
@ -1895,10 +1896,10 @@ do_ssh1_kex(void)
* key is in the highest bits.
*/
if (!rsafail) {
BN_mask_bits(session_key_int, sizeof(session_key) * 8);
(void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
if (len < 0 || (u_int)len > sizeof(session_key)) {
error("do_connection: bad session key len from %s: "
error("do_ssh1_kex: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;

15
crypto/dist/ssh/sshd_config.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: sshd_config.5,v 1.1.1.7 2006/09/28 21:15:34 christos Exp $
.\" $NetBSD: sshd_config.5,v 1.1.1.8 2007/03/10 22:35:57 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@ -43,9 +43,7 @@
.Nm sshd_config
.Nd OpenSSH SSH daemon configuration file
.Sh SYNOPSIS
.Bl -tag -width Ds -compact
.It Pa /etc/ssh/sshd_config
.El
.Nm /etc/ssh/sshd_config
.Sh DESCRIPTION
.Xr sshd 8
reads configuration data from
@ -515,9 +513,16 @@ Only a subset of keywords may be used on the lines following a
keyword.
Available keywords are
.Cm AllowTcpForwarding ,
.Cm Banner ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSApiAuthentication ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
.Cm PasswordAuthentication ,
.Cm PermitOpen ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding ,
and

6
crypto/dist/ssh/version.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: version.h,v 1.1.1.24 2006/09/28 21:15:35 christos Exp $ */
/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */
/* $NetBSD: version.h,v 1.1.1.25 2007/03/10 22:35:58 christos Exp $ */
/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */
#define SSH_VERSION "OpenSSH_4.4"
#define SSH_VERSION "OpenSSH_4.6"