From 6cc43ed622bacb66a8e8dfb830b50f8c138e36c2 Mon Sep 17 00:00:00 2001 From: itojun Date: Sat, 23 Jun 2001 16:36:22 +0000 Subject: [PATCH] OpenSSH 2.9 as of 2001/6/24 --- crypto/dist/ssh/OVERVIEW | 6 ++ crypto/dist/ssh/auth-bsdauth.c | 117 ++++++++++++++++++++++++++++++++ crypto/dist/ssh/auth-options.c | 4 +- crypto/dist/ssh/auth-rh-rsa.c | 37 ++-------- crypto/dist/ssh/auth-rsa.c | 60 +++++------------ crypto/dist/ssh/cipher.h | 7 +- crypto/dist/ssh/dispatch.c | 8 +-- crypto/dist/ssh/kex.h | 6 +- crypto/dist/ssh/nchan.c | 119 ++++++++++++++++++++++----------- crypto/dist/ssh/nchan.ms | 1 + crypto/dist/ssh/packet.h | 9 +-- crypto/dist/ssh/sftp-server.8 | 4 +- crypto/dist/ssh/sshconnect.h | 8 +-- 13 files changed, 247 insertions(+), 139 deletions(-) create mode 100644 crypto/dist/ssh/auth-bsdauth.c diff --git a/crypto/dist/ssh/OVERVIEW b/crypto/dist/ssh/OVERVIEW index 7f34ac45bdf9..ff03ecab21b5 100644 --- a/crypto/dist/ssh/OVERVIEW +++ b/crypto/dist/ssh/OVERVIEW @@ -1,9 +1,15 @@ +[Note: This file has not been updated for OpenSSH versions after +OpenSSH-1.2 and should be considered OBSOLETE. It has been left in +the distribution because some of its information may still be useful +to developers.] + This document is intended for those who wish to read the ssh source code. This tries to give an overview of the structure of the code. Copyright (c) 1995 Tatu Ylonen Updated 17 Nov 1995. Updated 19 Oct 1999 for OpenSSH-1.2 +Updated 20 May 2001 note obsolete for > OpenSSH-1.2 The software consists of ssh (client), sshd (server), scp, sdist, and the auxiliary programs ssh-keygen, ssh-agent, ssh-add, and diff --git a/crypto/dist/ssh/auth-bsdauth.c b/crypto/dist/ssh/auth-bsdauth.c new file mode 100644 index 000000000000..98ab90b4bf0d --- /dev/null +++ b/crypto/dist/ssh/auth-bsdauth.c @@ -0,0 +1,117 @@ +/* $NetBSD: auth-bsdauth.c,v 1.1.1.1 2001/06/23 16:36:59 itojun Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "includes.h" +RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $"); + +#ifdef BSD_AUTH +#include "xmalloc.h" +#include "auth.h" +#include "log.h" + +static void * +bsdauth_init_ctx(Authctxt *authctxt) +{ + return authctxt; +} + +static int +bsdauth_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Authctxt *authctxt = ctx; + char *challenge = NULL; + + if (authctxt->as != NULL) { + debug2("bsdauth_query: try reuse session"); + challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); + if (challenge == NULL) { + auth_close(authctxt->as); + authctxt->as = NULL; + } + } + + if (challenge == NULL) { + debug2("bsdauth_query: new bsd auth session"); + debug3("bsdauth_query: style %s", + authctxt->style ? authctxt->style : ""); + authctxt->as = auth_userchallenge(authctxt->user, + authctxt->style, "auth-ssh", &challenge); + if (authctxt->as == NULL) + challenge = NULL; + debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); + } + + if (challenge == NULL) + return -1; + + *name = xstrdup(""); + *infotxt = xstrdup(""); + *numprompts = 1; + *prompts = xmalloc(*numprompts * sizeof(char*)); + *echo_on = xmalloc(*numprompts * sizeof(u_int)); + (*echo_on)[0] = 0; + (*prompts)[0] = xstrdup(challenge); + + return 0; +} + +static int +bsdauth_respond(void *ctx, u_int numresponses, char **responses) +{ + Authctxt *authctxt = ctx; + int authok; + + if (authctxt->as == 0) + error("bsdauth_respond: no bsd auth session"); + + if (numresponses != 1) + return -1; + + authok = auth_userresponse(authctxt->as, responses[0], 0); + authctxt->as = NULL; + debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); + + return (authok == 0) ? -1 : 0; +} + +static void +bsdauth_free_ctx(void *ctx) +{ + Authctxt *authctxt = ctx; + + if (authctxt && authctxt->as) { + auth_close(authctxt->as); + authctxt->as = NULL; + } +} + +KbdintDevice bsdauth_device = { + "bsdauth", + bsdauth_init_ctx, + bsdauth_query, + bsdauth_respond, + bsdauth_free_ctx +}; +#endif diff --git a/crypto/dist/ssh/auth-options.c b/crypto/dist/ssh/auth-options.c index 3f7fabde0eb7..a0a17f2bc937 100644 --- a/crypto/dist/ssh/auth-options.c +++ b/crypto/dist/ssh/auth-options.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-options.c,v 1.1.1.6 2001/04/10 07:13:48 itojun Exp $ */ +/* $NetBSD: auth-options.c,v 1.1.1.7 2001/06/23 16:36:23 itojun Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.16 2001/03/18 12:07:52 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.18 2001/05/31 10:30:12 markus Exp $"); #include "packet.h" #include "xmalloc.h" diff --git a/crypto/dist/ssh/auth-rh-rsa.c b/crypto/dist/ssh/auth-rh-rsa.c index 0e5eb4423a63..a91cf837ccbf 100644 --- a/crypto/dist/ssh/auth-rh-rsa.c +++ b/crypto/dist/ssh/auth-rh-rsa.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-rh-rsa.c,v 1.1.1.4 2001/04/10 07:13:48 itojun Exp $ */ +/* $NetBSD: auth-rh-rsa.c,v 1.1.1.5 2001/06/23 16:36:23 itojun Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.25 2001/06/23 03:04:42 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -39,7 +39,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key extern ServerOptions options; const char *canonical_hostname; HostStatus host_status; - Key *client_key, *found; + Key *client_key; debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); @@ -59,37 +59,12 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key client_key = key_new(KEY_RSA1); BN_copy(client_key->rsa->e, client_host_key->e); BN_copy(client_key->rsa->n, client_host_key->n); - found = key_new(KEY_RSA1); - /* Check if we know the host and its host key. */ - host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, - client_key, found, NULL); + host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, + _PATH_SSH_SYSTEM_HOSTFILE, + options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); - /* Check user host file unless ignored. */ - if (host_status != HOST_OK && !options.ignore_user_known_hosts) { - struct stat st; - char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); - /* - * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() - * did already check pw->pw_dir, but there is a race XXX - */ - if (options.strict_modes && - (stat(user_hostfile, &st) == 0) && - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { - log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", - pw->pw_name, user_hostfile); - } else { - /* XXX race between stat and the following open() */ - temporarily_use_uid(pw); - host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, - client_key, found, NULL); - restore_uid(); - } - xfree(user_hostfile); - } key_free(client_key); - key_free(found); if (host_status != HOST_OK) { debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); diff --git a/crypto/dist/ssh/auth-rsa.c b/crypto/dist/ssh/auth-rsa.c index ee5dd133f142..ac909ddf2af0 100644 --- a/crypto/dist/ssh/auth-rsa.c +++ b/crypto/dist/ssh/auth-rsa.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-rsa.c,v 1.1.1.5 2001/04/10 07:13:49 itojun Exp $ */ +/* $NetBSD: auth-rsa.c,v 1.1.1.6 2001/06/23 16:36:24 itojun Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.40 2001/04/06 21:00:07 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $"); #include #include @@ -123,7 +123,7 @@ auth_rsa_challenge_dialog(RSA *pk) int auth_rsa(struct passwd *pw, BIGNUM *client_n) { - char line[8192], file[MAXPATHLEN]; + char line[8192], *file; int authenticated; u_int bits; FILE *f; @@ -139,13 +139,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) temporarily_use_uid(pw); /* The authorized keys. */ - snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, - _PATH_SSH_USER_PERMITTED_KEYS); + file = authorized_keys_file(pw); + debug("trying public RSA key file %s", file); /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); + xfree(file); return 0; } /* Open the file containing the authorized keys. */ @@ -155,43 +156,17 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) restore_uid(); packet_send_debug("Could not open %.900s for reading.", file); packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); + xfree(file); return 0; } - if (options.strict_modes) { - int fail = 0; - char buf[1024]; - /* Check open file in order to avoid open/stat races */ - if (fstat(fileno(f), &st) < 0 || - (st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0) { - snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " - "bad ownership or modes for '%s'.", pw->pw_name, file); - fail = 1; - } else { - /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ - int i; - static const char *check[] = { - "", _PATH_SSH_USER_DIR, NULL - }; - for (i = 0; check[i]; i++) { - snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); - if (stat(line, &st) < 0 || - (st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0) { - snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " - "bad ownership or modes for '%s'.", pw->pw_name, line); - fail = 1; - break; - } - } - } - if (fail) { - fclose(f); - log("%s", buf); - packet_send_debug("%s", buf); - restore_uid(); - return 0; - } + if (options.strict_modes && + secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { + xfree(file); + fclose(f); + log("Authentication refused: %s", line); + packet_send_debug("Authentication refused: %s", line); + restore_uid(); + return 0; } /* Flag indicating whether authentication has succeeded. */ authenticated = 0; @@ -237,9 +212,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { - debug("%.100s, line %lu: bad key syntax", - file, linenum); - packet_send_debug("%.100s, line %lu: bad key syntax", + debug("%.100s, line %lu: non ssh1 key syntax", file, linenum); continue; } @@ -286,6 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) restore_uid(); /* Close the file. */ + xfree(file); fclose(f); RSA_free(pk); diff --git a/crypto/dist/ssh/cipher.h b/crypto/dist/ssh/cipher.h index 4b9d2218ee3b..2ae1915d77e5 100644 --- a/crypto/dist/ssh/cipher.h +++ b/crypto/dist/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $NetBSD: cipher.h,v 1.1.1.4 2001/04/10 07:13:53 itojun Exp $ */ +/* $NetBSD: cipher.h,v 1.1.1.5 2001/06/23 16:36:31 itojun Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -33,7 +33,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: cipher.h,v 1.25 2000/12/19 23:17:56 markus Exp $"); */ +/* RCSID("$OpenBSD: cipher.h,v 1.26 2001/05/28 22:51:11 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H @@ -72,8 +72,9 @@ struct CipherContext { struct { des_key_schedule key1; des_key_schedule key2; - des_cblock iv2; des_key_schedule key3; + des_cblock iv1; + des_cblock iv2; des_cblock iv3; } des3; struct { diff --git a/crypto/dist/ssh/dispatch.c b/crypto/dist/ssh/dispatch.c index 967a5908ecdc..78cfd4f1b832 100644 --- a/crypto/dist/ssh/dispatch.c +++ b/crypto/dist/ssh/dispatch.c @@ -1,4 +1,4 @@ -/* $NetBSD: dispatch.c,v 1.1.1.4 2001/04/10 07:13:55 itojun Exp $ */ +/* $NetBSD: dispatch.c,v 1.1.1.5 2001/06/23 16:36:32 itojun Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: dispatch.c,v 1.10 2001/02/18 18:33:53 markus Exp $"); +RCSID("$OpenBSD: dispatch.c,v 1.11 2001/06/10 11:29:20 markus Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -40,9 +40,7 @@ dispatch_fn *dispatch[DISPATCH_MAX]; void dispatch_protocol_error(int type, int plen, void *ctxt) { - error("Hm, dispatch protocol error: type %d plen %d", type, plen); - if (compat20 && type == SSH2_MSG_KEXINIT) - fatal("dispatch_protocol_error: rekeying is not supported"); + fatal("dispatch_protocol_error: type %d plen %d", type, plen); } void dispatch_init(dispatch_fn *dflt) diff --git a/crypto/dist/ssh/kex.h b/crypto/dist/ssh/kex.h index d84e5a486e07..4386f5c2ea17 100644 --- a/crypto/dist/ssh/kex.h +++ b/crypto/dist/ssh/kex.h @@ -1,5 +1,5 @@ -/* $NetBSD: kex.h,v 1.1.1.6 2001/04/10 07:13:55 itojun Exp $ */ -/* $OpenBSD: kex.h,v 1.22 2001/04/04 20:25:37 markus Exp $ */ +/* $NetBSD: kex.h,v 1.1.1.7 2001/06/23 16:36:33 itojun Exp $ */ +/* $OpenBSD: kex.h,v 1.23 2001/06/23 02:34:28 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -108,7 +108,7 @@ struct Kex { int flags; char *client_version_string; char *server_version_string; - int (*check_host_key)(Key *hostkey); + int (*verify_host_key)(Key *hostkey); Key *(*load_host_key)(int type); }; diff --git a/crypto/dist/ssh/nchan.c b/crypto/dist/ssh/nchan.c index 8c6337b3caf2..87bb88c2d068 100644 --- a/crypto/dist/ssh/nchan.c +++ b/crypto/dist/ssh/nchan.c @@ -1,4 +1,4 @@ -/* $NetBSD: nchan.c,v 1.1.1.6 2001/05/15 15:02:30 itojun Exp $ */ +/* $NetBSD: nchan.c,v 1.1.1.7 2001/06/23 16:36:35 itojun Exp $ */ /* * Copyright (c) 1999 Markus Friedl. All rights reserved. * @@ -24,17 +24,42 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.24 2001/05/04 23:47:34 markus Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.29 2001/06/23 15:12:19 itojun Exp $"); #include "ssh1.h" #include "ssh2.h" #include "buffer.h" #include "packet.h" #include "channels.h" -#include "nchan.h" #include "compat.h" #include "log.h" +/* + * SSH Protocol 1.5 aka New Channel Protocol + * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored. + * Written by Markus Friedl in October 1999 + * + * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the + * tear down of channels: + * + * 1.3: strict request-ack-protocol: + * CLOSE -> + * <- CLOSE_CONFIRM + * + * 1.5: uses variations of: + * IEOF -> + * <- OCLOSE + * <- IEOF + * OCLOSE -> + * i.e. both sides have to close the channel + * + * 2.0: the EOF messages are optional + * + * See the debugging output from 'ssh -v' and 'sshd -d' of + * ssh-1.2.27 as an example. + * + */ + /* functions manipulating channel states */ /* * EVENTS update channel input/output states execute ACTIONS @@ -50,14 +75,14 @@ chan_event_fn *chan_obuf_empty = NULL; /* * ACTIONS: should never update the channel states */ -static void chan_send_ieof1(Channel *c); -static void chan_send_oclose1(Channel *c); -static void chan_send_close2(Channel *c); -static void chan_send_eof2(Channel *c); +static void chan_send_ieof1(Channel *); +static void chan_send_oclose1(Channel *); +static void chan_send_close2(Channel *); +static void chan_send_eof2(Channel *); /* helper */ -static void chan_shutdown_write(Channel *c); -static void chan_shutdown_read(Channel *c); +static void chan_shutdown_write(Channel *); +static void chan_shutdown_read(Channel *); /* * SSH1 specific implementation of event functions @@ -85,7 +110,7 @@ chan_rcvd_oclose1(Channel *c) c->istate = CHAN_INPUT_CLOSED; break; default: - error("channel %d: protocol error: chan_rcvd_oclose for istate %d", + error("channel %d: protocol error: rcvd_oclose for istate %d", c->self, c->istate); return; } @@ -99,13 +124,15 @@ chan_read_failed_12(Channel *c) debug("channel %d: input open -> drain", c->self); chan_shutdown_read(c); c->istate = CHAN_INPUT_WAIT_DRAIN; +#if 0 if (buffer_len(&c->input) == 0) { debug("channel %d: input: no drain shortcut", c->self); chan_ibuf_empty(c); } +#endif break; default: - error("channel %d: internal error: we do not read, but chan_read_failed for istate %d", + error("channel %d: chan_read_failed for istate %d", c->self, c->istate); break; } @@ -115,7 +142,7 @@ chan_ibuf_empty1(Channel *c) { debug("channel %d: ibuf empty", c->self); if (buffer_len(&c->input)) { - error("channel %d: internal error: chan_ibuf_empty for non empty buffer", + error("channel %d: chan_ibuf_empty for non empty buffer", c->self); return; } @@ -126,7 +153,7 @@ chan_ibuf_empty1(Channel *c) c->istate = CHAN_INPUT_WAIT_OCLOSE; break; default: - error("channel %d: internal error: chan_ibuf_empty for istate %d", + error("channel %d: chan_ibuf_empty for istate %d", c->self, c->istate); break; } @@ -138,19 +165,23 @@ chan_rcvd_ieof1(Channel *c) if (c->type != SSH_CHANNEL_OPEN) { debug("channel %d: non-open", c->self); if (c->istate == CHAN_INPUT_OPEN) { - debug("channel %d: non-open: input open -> wait_oclose", c->self); + debug("channel %d: non-open: input open -> wait_oclose", + c->self); chan_shutdown_read(c); chan_send_ieof1(c); c->istate = CHAN_INPUT_WAIT_OCLOSE; } else { - error("channel %d: istate %d != open", c->self, c->istate); + error("channel %d: non-open: istate %d != open", + c->self, c->istate); } if (c->ostate == CHAN_OUTPUT_OPEN) { - debug("channel %d: non-open: output open -> closed", c->self); + debug("channel %d: non-open: output open -> closed", + c->self); chan_send_oclose1(c); c->ostate = CHAN_OUTPUT_CLOSED; } else { - error("channel %d: ostate %d != open", c->self, c->ostate); + error("channel %d: non-open: ostate %d != open", + c->self, c->ostate); } return; } @@ -164,7 +195,7 @@ chan_rcvd_ieof1(Channel *c) c->ostate = CHAN_OUTPUT_CLOSED; break; default: - error("channel %d: protocol error: chan_rcvd_ieof for ostate %d", + error("channel %d: protocol error: rcvd_ieof for ostate %d", c->self, c->ostate); break; } @@ -185,7 +216,7 @@ chan_write_failed1(Channel *c) c->ostate = CHAN_OUTPUT_CLOSED; break; default: - error("channel %d: internal error: chan_write_failed for ostate %d", + error("channel %d: chan_write_failed for ostate %d", c->self, c->ostate); break; } @@ -195,7 +226,7 @@ chan_obuf_empty1(Channel *c) { debug("channel %d: obuf empty", c->self); if (buffer_len(&c->output)) { - error("channel %d: internal error: chan_obuf_empty for non empty buffer", + error("channel %d: chan_obuf_empty for non empty buffer", c->self); return; } @@ -206,7 +237,7 @@ chan_obuf_empty1(Channel *c) c->ostate = CHAN_OUTPUT_CLOSED; break; default: - error("channel %d: internal error: chan_obuf_empty for ostate %d", + error("channel %d: internal error: obuf_empty for ostate %d", c->self, c->ostate); break; } @@ -223,7 +254,7 @@ chan_send_ieof1(Channel *c) packet_send(); break; default: - error("channel %d: internal error: cannot send ieof for istate %d", + error("channel %d: cannot send ieof for istate %d", c->self, c->istate); break; } @@ -242,7 +273,7 @@ chan_send_oclose1(Channel *c) packet_send(); break; default: - error("channel %d: internal error: cannot send oclose for ostate %d", + error("channel %d: cannot send oclose for ostate %d", c->self, c->ostate); break; } @@ -266,7 +297,10 @@ chan_rcvd_oclose2(Channel *c) } switch (c->ostate) { case CHAN_OUTPUT_OPEN: - /* wait until a data from the channel is consumed if a CLOSE is received */ + /* + * wait until a data from the channel is consumed if a CLOSE + * is received + */ debug("channel %d: output open -> drain", c->self); c->ostate = CHAN_OUTPUT_WAIT_DRAIN; break; @@ -288,7 +322,7 @@ chan_ibuf_empty2(Channel *c) { debug("channel %d: ibuf empty", c->self); if (buffer_len(&c->input)) { - error("channel %d: internal error: chan_ibuf_empty for non empty buffer", + error("channel %d: chan_ibuf_empty for non empty buffer", c->self); return; } @@ -300,7 +334,7 @@ chan_ibuf_empty2(Channel *c) c->istate = CHAN_INPUT_CLOSED; break; default: - error("channel %d: internal error: chan_ibuf_empty for istate %d", + error("channel %d: chan_ibuf_empty for istate %d", c->self, c->istate); break; } @@ -330,7 +364,7 @@ chan_write_failed2(Channel *c) c->ostate = CHAN_OUTPUT_CLOSED; break; default: - error("channel %d: internal error: chan_write_failed for ostate %d", + error("channel %d: chan_write_failed for ostate %d", c->self, c->ostate); break; } @@ -340,7 +374,7 @@ chan_obuf_empty2(Channel *c) { debug("channel %d: obuf empty", c->self); if (buffer_len(&c->output)) { - error("internal error: chan_obuf_empty %d for non empty buffer", + error("channel %d: chan_obuf_empty for non empty buffer", c->self); return; } @@ -351,7 +385,7 @@ chan_obuf_empty2(Channel *c) c->ostate = CHAN_OUTPUT_CLOSED; break; default: - error("channel %d: internal error: chan_obuf_empty for ostate %d", + error("channel %d: chan_obuf_empty for ostate %d", c->self, c->ostate); break; } @@ -367,7 +401,7 @@ chan_send_eof2(Channel *c) packet_send(); break; default: - error("channel %d: internal error: cannot send eof for istate %d", + error("channel %d: cannot send eof for istate %d", c->self, c->istate); break; } @@ -378,10 +412,10 @@ chan_send_close2(Channel *c) debug("channel %d: send close", c->self); if (c->ostate != CHAN_OUTPUT_CLOSED || c->istate != CHAN_INPUT_CLOSED) { - error("channel %d: internal error: cannot send close for istate/ostate %d/%d", + error("channel %d: cannot send close for istate/ostate %d/%d", c->self, c->istate, c->ostate); } else if (c->flags & CHAN_CLOSE_SENT) { - error("channel %d: internal error: already sent close", c->self); + error("channel %d: already sent close", c->self); } else { packet_start(SSH2_MSG_CHANNEL_CLOSE); packet_put_int(c->remote_id); @@ -395,14 +429,16 @@ chan_send_close2(Channel *c) void chan_mark_dead(Channel *c) { - c->flags |= CHAN_DEAD; + c->type = SSH_CHANNEL_ZOMBIE; } int chan_is_dead(Channel *c) { - if (c->flags & CHAN_DEAD) + if (c->type == SSH_CHANNEL_ZOMBIE) { + debug("channel %d: zombie", c->self); return 1; + } if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) return 0; if (!compat20) { @@ -479,11 +515,13 @@ chan_shutdown_write(Channel *c) debug("channel %d: close_write", c->self); if (c->sock != -1) { if (shutdown(c->sock, SHUT_WR) < 0) - debug("channel %d: chan_shutdown_write: shutdown() failed for fd%d: %.100s", + debug("channel %d: chan_shutdown_write: " + "shutdown() failed for fd%d: %.100s", c->self, c->sock, strerror(errno)); } else { if (close(c->wfd) < 0) - log("channel %d: chan_shutdown_write: close() failed for fd%d: %.100s", + log("channel %d: chan_shutdown_write: " + "close() failed for fd%d: %.100s", c->self, c->wfd, strerror(errno)); c->wfd = -1; } @@ -496,11 +534,14 @@ chan_shutdown_read(Channel *c) debug("channel %d: close_read", c->self); if (c->sock != -1) { if (shutdown(c->sock, SHUT_RD) < 0) - error("channel %d: chan_shutdown_read: shutdown() failed for fd%d [i%d o%d]: %.100s", - c->self, c->sock, c->istate, c->ostate, strerror(errno)); + error("channel %d: chan_shutdown_read: " + "shutdown() failed for fd%d [i%d o%d]: %.100s", + c->self, c->sock, c->istate, c->ostate, + strerror(errno)); } else { if (close(c->rfd) < 0) - log("channel %d: chan_shutdown_read: close() failed for fd%d: %.100s", + log("channel %d: chan_shutdown_read: " + "close() failed for fd%d: %.100s", c->self, c->rfd, strerror(errno)); c->rfd = -1; } diff --git a/crypto/dist/ssh/nchan.ms b/crypto/dist/ssh/nchan.ms index 2d080228c75f..9b97167c0fc4 100644 --- a/crypto/dist/ssh/nchan.ms +++ b/crypto/dist/ssh/nchan.ms @@ -1,3 +1,4 @@ +.\" $NetBSD: nchan.ms,v 1.1.1.3 2001/06/23 16:36:35 itojun Exp $ .\" $OpenBSD: nchan.ms,v 1.7 2001/01/29 01:58:17 niklas Exp $ .\" .\" diff --git a/crypto/dist/ssh/packet.h b/crypto/dist/ssh/packet.h index 6e3658e59a7c..eab2a6bd288d 100644 --- a/crypto/dist/ssh/packet.h +++ b/crypto/dist/ssh/packet.h @@ -1,4 +1,4 @@ -/* $NetBSD: packet.h,v 1.1.1.6 2001/05/15 15:02:30 itojun Exp $ */ +/* $NetBSD: packet.h,v 1.1.1.7 2001/06/23 16:36:35 itojun Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -12,7 +12,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.22 2001/04/14 16:33:20 stevesk Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.23 2001/05/28 23:58:35 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -72,7 +72,7 @@ void packet_set_interactive(int interactive); int packet_is_interactive(void); /* Starts constructing a packet to send. */ -void packet_start(int type); +void packet_start(u_char type); /* Appends a character to the packet data. */ void packet_put_char(int ch); @@ -209,9 +209,6 @@ do { \ int packet_connection_is_on_socket(void); int packet_connection_is_ipv4(void); -/* enable SSH2 packet format */ -void packet_set_ssh2_format(void); - /* returns remaining payload bytes */ int packet_remaining(void); diff --git a/crypto/dist/ssh/sftp-server.8 b/crypto/dist/ssh/sftp-server.8 index a584ac633c9b..4f163a1705ba 100644 --- a/crypto/dist/ssh/sftp-server.8 +++ b/crypto/dist/ssh/sftp-server.8 @@ -1,5 +1,5 @@ -.\" $NetBSD: sftp-server.8,v 1.1.1.6 2001/05/15 15:02:34 itojun Exp $ -.\" $OpenBSD: sftp-server.8,v 1.6 2001/04/22 13:32:26 markus Exp $ +.\" $NetBSD: sftp-server.8,v 1.1.1.7 2001/06/23 16:36:44 itojun Exp $ +.\" $OpenBSD: sftp-server.8,v 1.8 2001/06/23 05:57:08 deraadt Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" diff --git a/crypto/dist/ssh/sshconnect.h b/crypto/dist/ssh/sshconnect.h index 6d386fc217e8..c51a44efdf53 100644 --- a/crypto/dist/ssh/sshconnect.h +++ b/crypto/dist/ssh/sshconnect.h @@ -1,5 +1,5 @@ -/* $NetBSD: sshconnect.h,v 1.1.1.5 2001/05/15 15:02:38 itojun Exp $ */ -/* $OpenBSD: sshconnect.h,v 1.9 2001/04/12 19:15:25 markus Exp $ */ +/* $NetBSD: sshconnect.h,v 1.1.1.6 2001/06/23 16:36:52 itojun Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.10 2001/06/23 02:34:32 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -37,9 +37,7 @@ void ssh_login(Key **keys, int nkeys, const char *orighost, struct sockaddr *hostaddr, struct passwd *pw); -void -check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, - const char *user_hostfile, const char *system_hostfile); +int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key); void ssh_kex(char *host, struct sockaddr *hostaddr); void ssh_kex2(char *host, struct sockaddr *hostaddr);