tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

20001123 

- (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.
This commit is contained in:
Ben Lindstrom 2000-11-21 21:24:55 +00:00
parent 4a1d91646d
commit 1492029371
9 changed files with 74 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
ChangeLog
View File

@ -1,3 +1,30 @@
20001123
- (bal) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/15 22:31:36
[auth-options.c]
case insensitive key options; from stevesk@sweeden.hp.com
- markus@cvs.openbsd.org 2000/11/16 17:55:43
[dh.c]
do not use perror() in sshd, after child is forked()
- markus@cvs.openbsd.org 2000/11/14 23:42:40
[auth-rsa.c]
parse option only if key matches; fix some confusing seen by the client
- markus@cvs.openbsd.org 2000/11/14 23:44:19
[session.c]
check no_agent_forward_flag for ssh-2, too
- markus@cvs.openbsd.org 2000/11/15
[ssh-agent.1]
reorder SYNOPSIS; typo, use .It
- markus@cvs.openbsd.org 2000/11/14 23:48:55
[ssh-agent.c]
do not reorder keys if a key is removed
- markus@cvs.openbsd.org 2000/11/15 19:58:08
[ssh.c]
just ignore non existing user keys
- millert@cvs.openbsd.org 200/11/15 20:24:43
[ssh-keygen.c]
Add missing \n at end of error message.
20001122 20001122
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
are compilable. are compilable.

16
auth-options.c
View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.5 2000/10/09 21:32:34 markus Exp $"); RCSID("$OpenBSD: auth-options.c,v 1.6 2000/11/15 22:31:36 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
@ -65,35 +65,35 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
while (*options && *options != ' ' && *options != '\t') { while (*options && *options != ' ' && *options != '\t') {
cp = "no-port-forwarding"; cp = "no-port-forwarding";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Port forwarding disabled."); packet_send_debug("Port forwarding disabled.");
no_port_forwarding_flag = 1; no_port_forwarding_flag = 1;
options += strlen(cp); options += strlen(cp);
goto next_option; goto next_option;
} }
cp = "no-agent-forwarding"; cp = "no-agent-forwarding";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Agent forwarding disabled."); packet_send_debug("Agent forwarding disabled.");
no_agent_forwarding_flag = 1; no_agent_forwarding_flag = 1;
options += strlen(cp); options += strlen(cp);
goto next_option; goto next_option;
} }
cp = "no-X11-forwarding"; cp = "no-X11-forwarding";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("X11 forwarding disabled."); packet_send_debug("X11 forwarding disabled.");
no_x11_forwarding_flag = 1; no_x11_forwarding_flag = 1;
options += strlen(cp); options += strlen(cp);
goto next_option; goto next_option;
} }
cp = "no-pty"; cp = "no-pty";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Pty allocation disabled."); packet_send_debug("Pty allocation disabled.");
no_pty_flag = 1; no_pty_flag = 1;
options += strlen(cp); options += strlen(cp);
goto next_option; goto next_option;
} }
cp = "command=\""; cp = "command=\"";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i; int i;
options += strlen(cp); options += strlen(cp);
forced_command = xmalloc(strlen(options) + 1); forced_command = xmalloc(strlen(options) + 1);
@ -121,7 +121,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
goto next_option; goto next_option;
} }
cp = "environment=\""; cp = "environment=\"";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i; int i;
char *s; char *s;
struct envstring *new_envstring; struct envstring *new_envstring;
@ -156,7 +156,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
goto next_option; goto next_option;
} }
cp = "from=\""; cp = "from=\"";
if (strncmp(options, cp, strlen(cp)) == 0) { if (strncasecmp(options, cp, strlen(cp)) == 0) {
int mname, mip; int mname, mip;
char *patterns = xmalloc(strlen(options) + 1); char *patterns = xmalloc(strlen(options) + 1);
int i; int i;

14
auth-rsa.c
View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $"); RCSID("$OpenBSD: auth-rsa.c,v 1.33 2000/11/14 23:42:40 markus Exp $");
#include "rsa.h" #include "rsa.h"
#include "packet.h" #include "packet.h"
@ -231,12 +231,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
} }
} else } else
options = NULL; options = NULL;
/*
* If our options do not allow this key to be used,
* do not send challenge.
*/
if (!auth_parse_options(pw, options, linenum))
continue;
/* Parse the key from the line. */ /* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
@ -259,6 +253,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
file, linenum, BN_num_bits(pk->n), bits); file, linenum, BN_num_bits(pk->n), bits);
/* We have found the desired key. */ /* We have found the desired key. */
/*
* If our options do not allow this key to be used,
* do not send challenge.
*/
if (!auth_parse_options(pw, options, linenum))
continue;
/* Perform the challenge-response dialog for this key. */ /* Perform the challenge-response dialog for this key. */
if (!auth_rsa_challenge_dialog(pk)) { if (!auth_rsa_challenge_dialog(pk)) {

6
dh.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.2 2000/10/11 20:11:35 markus Exp $"); RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
@ -102,7 +102,6 @@ choose_dh(int minbits)
f = fopen(DH_PRIMES, "r"); f = fopen(DH_PRIMES, "r");
if (!f) { if (!f) {
perror(DH_PRIMES);
log("WARNING: %s does not exist, using old prime", DH_PRIMES); log("WARNING: %s does not exist, using old prime", DH_PRIMES);
return (dh_new_group1()); return (dh_new_group1());
} }
@ -133,8 +132,7 @@ choose_dh(int minbits)
f = fopen(DH_PRIMES, "r"); f = fopen(DH_PRIMES, "r");
if (!f) { if (!f) {
perror(DH_PRIMES); fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
exit(1);
} }
linenum = 0; linenum = 0;

6
session.c
View File

@ -33,7 +33,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: session.c,v 1.43 2000/11/06 23:04:56 markus Exp $"); RCSID("$OpenBSD: session.c,v 1.44 2000/11/14 23:44:19 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@ -1745,6 +1745,10 @@ session_auth_agent_req(Session *s)
{ {
static int called = 0; static int called = 0;
packet_done(); packet_done();
if (no_agent_forwarding_flag) {
debug("session_auth_agent_req: no_agent_forwarding_flag");
return 0;
}
if (called) { if (called) {
return 0; return 0;
} else { } else {

18
ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.17 2000/11/10 05:10:40 aaron Exp $ .\" $OpenBSD: ssh-agent.1,v 1.19 2000/11/15 20:09:01 markus Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -42,12 +42,12 @@
.Nd authentication agent .Nd authentication agent
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm ssh-agent .Nm ssh-agent
.Op Fl c Li | Fl s
.Op Fl k
.Oo
.Ar command .Ar command
.Op Ar args ... .Ar args ...
.Oc .Nm ssh-agent
.Op Fl c Li | Fl s
.Nm ssh-agent
.Fl k
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
is a program to hold private keys used for public key authentication is a program to hold private keys used for public key authentication
@ -154,7 +154,7 @@ but is normally added to the agent using
at login time. at login time.
.It Pa $HOME/.ssh/id_dsa .It Pa $HOME/.ssh/id_dsa
Contains the DSA authentication identity of the user. Contains the DSA authentication identity of the user.
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> , .It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
Unix-domain sockets used to contain the connection to the Unix-domain sockets used to contain the connection to the
authentication agent. authentication agent.
These sockets should only be readable by the owner. These sockets should only be readable by the owner.
@ -172,7 +172,7 @@ This version of OpenSSH
.Bl -bullet .Bl -bullet
.It .It
has all components of a restrictive nature (i.e., patents, see has all components of a restrictive nature (i.e., patents, see
.Xr crypto 3 ) .Xr ssl 8 )
directly removed from the source code; any licensed or patented components directly removed from the source code; any licensed or patented components
are chosen from are chosen from
external libraries. external libraries.
@ -191,4 +191,4 @@ supports one-time password authentication with
.Xr ssh-add 1 , .Xr ssh-add 1 ,
.Xr ssh-keygen 1 , .Xr ssh-keygen 1 ,
.Xr sshd 8 , .Xr sshd 8 ,
.Xr crypto 3 .Xr ssl 8

18
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -37,7 +37,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $"); RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "rsa.h" #include "rsa.h"
@ -308,8 +308,9 @@ process_remove_identity(SocketEntry *e, int version)
/* /*
* We have this key. Free the old key. Since we * We have this key. Free the old key. Since we
* don\'t want to leave empty slots in the middle of * don\'t want to leave empty slots in the middle of
* the array, we actually free the key there and copy * the array, we actually free the key there and move
* data from the last entry. * all the entries between the empty slot and the end
* of the array.
*/ */
Idtab *tab = idtab_lookup(version); Idtab *tab = idtab_lookup(version);
key_free(tab->identities[idx].key); key_free(tab->identities[idx].key);
@ -318,8 +319,13 @@ process_remove_identity(SocketEntry *e, int version)
fatal("process_remove_identity: " fatal("process_remove_identity: "
"internal error: tab->nentries %d", "internal error: tab->nentries %d",
tab->nentries); tab->nentries);
if (idx != tab->nentries - 1) if (idx != tab->nentries - 1) {
tab->identities[idx] = tab->identities[tab->nentries - 1]; int i;
for (i = idx; i < tab->nentries - 1; i++)
tab->identities[i] = tab->identities[i+1];
}
tab->identities[tab->nentries - 1].key = NULL;
tab->identities[tab->nentries - 1].comment = NULL;
tab->nentries--; tab->nentries--;
success = 1; success = 1;
} }

4
ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $"); RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@ -727,7 +727,7 @@ main(int ac, char **av)
if (key_type_name != NULL) { if (key_type_name != NULL) {
type = key_type_from_name(key_type_name); type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) { if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s", key_type_name); fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1); exit(1);
} }
} }

4
ssh.c
View File

@ -39,7 +39,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.72 2000/11/12 19:50:38 markus Exp $"); RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/dsa.h> #include <openssl/dsa.h>
@ -1049,7 +1049,7 @@ guess_identity_file_type(const char *filename)
int type = KEY_RSA1; /* default */ int type = KEY_RSA1; /* default */
if (stat(filename, &st) < 0) { if (stat(filename, &st) < 0) {
perror(filename); /* ignore this key */
return KEY_UNSPEC; return KEY_UNSPEC;
} }
public = key_new(type); public = key_new(type);