tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hopefully things did not get mixed around too much. It compiles under 

Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
This commit is contained in:
Ben Lindstrom 2001-01-22 05:34:40 +00:00
parent 401d58f361
commit 226cfa0378
91 changed files with 1170 additions and 846 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
ChangeLog
View File

@ -1,3 +1,66 @@
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26

2
Makefile.in
View File

@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o

2
acconfig.h
View File

@ -268,7 +268,7 @@
#undef USER_PATH
/* Specify location of ssh.pid */
#undef PIDDIR
#undef _PATH_SSH_PIDDIR
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
#undef IPV4_DEFAULT

4
atomicio.c
View File

@ -24,10 +24,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==write

29
atomicio.h Normal file
View File

@ -0,0 +1,29 @@
/*
* Copyright (c) 1995,1999 Theo de Raadt
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Ensure all of data on socket comes through. f==read || f==write
*/
ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);

3
auth-chall.c
View File

@ -23,9 +23,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
#include "ssh.h"
#include "auth.h"
#ifdef SKEY

16
auth-krb4.c
View File

@ -23,14 +23,18 @@
*/
#include "includes.h"
#include "packet.h"
#include "xmalloc.h"
#include "ssh.h"
#include "servconf.h"
RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
#ifdef KRB4
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
#include "radix.h"
char *ticket = NULL;
extern ServerOptions options;

29
auth-options.c
View File

@ -10,12 +10,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "match.h"
#include "log.h"
#include "canohost.h"
#include "auth-options.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@ -48,9 +50,12 @@ auth_clear_options(void)
}
}
/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
/*
* return 1 if access is granted, 0 if not.
* side effect: sets key option flags
*/
int
auth_parse_options(struct passwd *pw, char *options, u_long linenum)
auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
{
const char *cp;
if (!options)
@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
continue;
}
forced_command[i] = 0;
@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
continue;
}
s[i] = 0;
@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
continue;
}
patterns[i] = 0;
@ -219,9 +224,9 @@ next_option:
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
SSH_USER_PERMITTED_KEYS, linenum, options);
file, linenum, options);
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
SSH_USER_PERMITTED_KEYS, linenum, options);
file, linenum, options);
/* deny access */
return 0;
}

19
auth-options.h
View File

@ -11,10 +11,17 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
#ifndef AUTH_OPTIONS_H
#define AUTH_OPTIONS_H
/* Linked list of custom environment strings */
struct envstring {
struct envstring *next;
char *s;
};
/* Flags that may be set in authorized_keys options. */
extern int no_port_forwarding_flag;
extern int no_agent_forwarding_flag;
@ -23,8 +30,14 @@ extern int no_pty_flag;
extern char *forced_command;
extern struct envstring *custom_environment;
/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
int auth_parse_options(struct passwd *pw, char *options, u_long linenum);
/*
* return 1 if access is granted, 0 if not.
* side effect: sets key option flags
*/
int
auth_parse_options(struct passwd *pw, char *options, char *file,
u_long linenum);
/* reset options flags */
void auth_clear_options(void);

5
auth-pam.c
View File

@ -27,9 +27,12 @@
#ifdef USE_PAM
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "readpass.h"
RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"

7
auth-passwd.c
View File

@ -36,15 +36,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
#include "packet.h"
#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
#ifdef WITH_AIXAUTHENTICATE

17
auth-rh-rsa.c
View File

@ -13,18 +13,19 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
#include "log.h"
#include "servconf.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
#include "pathnames.h"
#include "auth.h"
#include "tildexpand.h"
#include "canohost.h"
/*
* Tries to authenticate the user using the .rhosts file and the host using
@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
found = key_new(KEY_RSA1);
/* Check if we know the host and its host key. */
host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_key, found, NULL);
/* Check user host file unless ignored. */
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
/*
* Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
* Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
* did already check pw->pw_dir, but there is a race XXX
*/
if (options.strict_modes &&

14
auth-rhosts.c
View File

@ -14,13 +14,15 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user)
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
if (!rhosts_files[rhosts_file_index] &&
stat("/etc/hosts.equiv", &st) < 0 &&
stat(SSH_HOSTS_EQUIV, &st) < 0)
stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
return 0;
hostname = get_canonical_hostname();
@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user)
hostname, ipaddr);
return 1;
}
if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
hostname, ipaddr, SSH_HOSTS_EQUIV);
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}

38
auth-rsa.c
View File

@ -14,21 +14,23 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $");
#include "rsa.h"
#include "packet.h"
#include "xmalloc.h"
#include "ssh.h"
#include "mpaux.h"
#include "uidswap.h"
#include "match.h"
#include "servconf.h"
#include "auth-options.h"
RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
#include "rsa.h"
#include "packet.h"
#include "xmalloc.h"
#include "ssh1.h"
#include "mpaux.h"
#include "uidswap.h"
#include "match.h"
#include "auth-options.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
/* import */
extern ServerOptions options;
@ -120,7 +122,7 @@ auth_rsa_challenge_dialog(RSA *pk)
int
auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
char line[8192], file[1024];
char line[8192], file[MAXPATHLEN];
int authenticated;
u_int bits;
FILE *f;
@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
SSH_USER_PERMITTED_KEYS);
_PATH_SSH_USER_PERMITTED_KEYS);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
"bad ownership or modes for '%s'.", pw->pw_name, file);
fail = 1;
} else {
/* Check path to SSH_USER_PERMITTED_KEYS */
/* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
"", SSH_USER_DIR, NULL
"", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
file, linenum);
continue;
}
/* cp now points to the comment part. */
@ -257,7 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
* If our options do not allow this key to be used,
* do not send challenge.
*/
if (!auth_parse_options(pw, options, linenum))
if (!auth_parse_options(pw, options, file, linenum))
continue;
/* Perform the challenge-response dialog for this key. */

13
auth.c
View File

@ -23,13 +23,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "match.h"
#include "servconf.h"
#include "groupaccess.h"
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#include "xmalloc.h"
#include "match.h"
#include "groupaccess.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
#include "canohost.h"
/* import */
extern ServerOptions options;

66
auth.h
View File

@ -21,11 +21,13 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $
* $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
#include <openssl/rsa.h>
typedef struct Authctxt Authctxt;
struct Authctxt {
int success;
@ -39,6 +41,68 @@ struct Authctxt {
char *style;
};
/*
* Tries to authenticate the user using the .rhosts file. Returns true if
* authentication succeeds. If ignore_rhosts is non-zero, this will not
* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
*/
int auth_rhosts(struct passwd * pw, const char *client_user);
/*
* Tries to authenticate the user using the .rhosts file and the host using
* its host key. Returns true if authentication succeeds.
*/
int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int auth_password(struct passwd * pw, const char *password);
/*
* Performs the RSA authentication dialog with the client. This returns 0 if
* the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
*/
int auth_rsa(struct passwd * pw, BIGNUM * client_n);
/*
* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
* over the key. Skips any whitespace at the beginning and at end.
*/
int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
/*
* Performs the RSA authentication challenge-response dialog with the client,
* and returns true (non-zero) if the client gave the correct answer to our
* challenge; returns zero if the client gives a wrong answer.
*/
int auth_rsa_challenge_dialog(RSA *pk);
#ifdef KRB4
#include <krb.h>
/*
* Performs Kerberos v4 mutual authentication with the client. This returns 0
* if the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
*/
int auth_krb4(const char *server_user, KTEXT auth, char **client);
int krb4_init(uid_t uid);
void krb4_cleanup_proc(void *ignore);
int auth_krb4_password(struct passwd * pw, const char *password);
#ifdef AFS
#include <kafs.h>
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int auth_kerberos_tgt(struct passwd * pw, const char *string);
int auth_afs_token(struct passwd * pw, const char *token_string);
#endif /* AFS */
#endif /* KRB4 */
#include "auth-pam.h"
#include "auth2-pam.h"

12
auth1.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
@ -19,10 +19,11 @@ RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
@ -278,11 +279,6 @@ do_authloop(Authctxt *authctxt)
xfree(password);
break;
#ifdef SKEY /* ISSUE: Is this right? we don't define
having skey_authentication in
servconf.h by default so I assume
we need to deal with this via #ifdef
in some reasonable way */
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.skey_authentication == 1) {
@ -297,6 +293,7 @@ do_authloop(Authctxt *authctxt)
}
}
break;
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.skey_authentication == 1) {
@ -308,7 +305,6 @@ do_authloop(Authctxt *authctxt)
xfree(response);
}
break;
#endif /* ISSUE: End of wrong SKEY defines */
default:
/*

4
auth2-chall.c
View File

@ -22,14 +22,14 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $");
RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
#include "log.h"
void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
void input_userauth_info_response(int type, int plen, void *ctxt);

7
auth2-pam.c
View File

@ -1,14 +1,16 @@
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $");
RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
#include <security/pam_appl.h>
#include "log.h"
struct {
int finished, num_received, num_expected;
@ -31,7 +33,6 @@ int
auth2_pam(Authctxt *authctxt)
{
int retval = -1;
char *method = "PAM";
if (authctxt->user == NULL)
fatal("auth2_pam: internal error: no user");

20
auth2.c
View File

@ -23,34 +23,34 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $");
RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
# include <siad.h>
#endif
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "channels.h"
#include "bufaux.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth.h"
#include "cipher.h"
#include "key.h"
#include "kex.h"
#include "pathnames.h"
#include "uidswap.h"
#include "auth-options.h"
@ -583,7 +583,7 @@ authmethod_lookup(const char *name)
int
user_key_allowed(struct passwd *pw, Key *key)
{
char line[8192], file[1024];
char line[8192], file[MAXPATHLEN];
int found_key = 0;
FILE *f;
u_long linenum = 0;
@ -598,7 +598,7 @@ user_key_allowed(struct passwd *pw, Key *key)
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
SSH_USER_PERMITTED_KEYS2);
_PATH_SSH_USER_PERMITTED_KEYS2);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
@ -626,10 +626,10 @@ user_key_allowed(struct passwd *pw, Key *key)
key_type(key), pw->pw_name, file);
fail = 1;
} else {
/* Check path to SSH_USER_PERMITTED_KEYS */
/* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
"", SSH_USER_DIR, NULL
"", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s",
@ -686,7 +686,7 @@ user_key_allowed(struct passwd *pw, Key *key)
}
}
if (key_equal(found, key) &&
auth_parse_options(pw, options, linenum) == 1) {
auth_parse_options(pw, options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %ld",
file, linenum);

12
authfd.c
View File

@ -35,7 +35,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $");
#include <openssl/evp.h>
#include "ssh.h"
#include "rsa.h"
@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include "key.h"
#include "authfd.h"
#include "cipher.h"
#include "kex.h"
#include "compat.h"
#include "log.h"
#include "atomicio.h"
#include "authfd.h"
/* helper */
int decode_reply(int type);

11
authfile.c
View File

@ -36,20 +36,19 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $");
RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "cipher.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "ssh.h"
#include "key.h"
#include "ssh.h"
#include "log.h"
/* Version identification string for identity files. */
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"

4
bufaux.c
View File

@ -37,13 +37,13 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
#include "ssh.h"
#include <openssl/bn.h>
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
#include "log.h"
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed

3
bufaux.h
View File

@ -10,12 +10,13 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */
/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
#include "buffer.h"
#include <openssl/bn.h>
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed

4
buffer.c
View File

@ -12,11 +12,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $");
RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
#include "ssh.h"
#include "log.h"
/* Initializes the buffer structure. */

4
canohost.c
View File

@ -12,11 +12,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
/*
* Return the canonical name of the host at the other end of the socket. The

36
canohost.h Normal file
View File

@ -0,0 +1,36 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Returns the name of the machine at the other end of the socket. The
* returned string should be freed by the caller.
*/
char *get_remote_hostname(int socket);
/*
* Return the canonical name of the host in the other side of the current
* connection (as returned by packet_get_connection). The host name is
* cached, so it is efficient to call this several times.
*/
const char *get_canonical_hostname(void);
/*
* Returns the remote IP address as an ascii string. The value need not be
* freed by the caller.
*/
const char *get_remote_ipaddr(void);
/* Returns the port number of the peer of the socket. */
int get_peer_port(int sock);
/* Returns the port number of the remote/local host. */
int get_remote_port(void);
int get_local_port(void);

21
channels.c
View File

@ -40,24 +40,24 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $");
RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "packet.h"
#include "xmalloc.h"
#include "buffer.h"
#include "uidswap.h"
#include "readconf.h"
#include "servconf.h"
#include "log.h"
#include "misc.h"
#include "channels.h"
#include "nchan.h"
#include "compat.h"
#include "ssh2.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "canohost.h"
#include "key.h"
#include "authfd.h"
@ -130,6 +130,9 @@ static int all_opens_permitted = 0;
/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
static int have_hostname_in_open = 0;
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Sets specific protocol options. */
void

5
cipher.c
View File

@ -35,10 +35,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $");
RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"
#include "cipher.h"
#include <openssl/md5.h>

4
cli.c
View File

@ -1,8 +1,8 @@
#include "includes.h"
RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $");
RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
static int cli_input = -1;
static int cli_output = -1;

18
clientloop.c
View File

@ -59,27 +59,25 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "readconf.h"
#include "ssh2.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
#include "buffer.h"
#include "bufaux.h"
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
#include "log.h"
#include "readconf.h"
#include "clientloop.h"
#include "authfd.h"
#include "atomicio.h"
/* import options */
extern Options options;

15
clientloop.h
View File

@ -1,3 +1,14 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -21,4 +32,8 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
void clientloop_set_session_ident(int id);
/* Client side main loop for the interactive session. */
int client_loop(int have_pty, int escape_char, int id);

9
compat.c
View File

@ -25,10 +25,6 @@
#include "includes.h"
RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "compat.h"
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
#else /* Use native regex libraries */
@ -43,6 +39,11 @@ RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
# endif
#endif /* HAVE_LIBPCRE */
#include "packet.h"
#include "xmalloc.h"
#include "compat.h"
#include "log.h"
int compat13 = 0;
int compat20 = 0;
int datafellows = 0;

4
compress.c
View File

@ -12,9 +12,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $");
RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $");
#include "ssh.h"
#include "log.h"
#include "buffer.h"
#include "zlib.h"

2
configure.in
View File

@ -1382,7 +1382,7 @@ if test ! -d $piddir ; then
esac
fi
AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
AC_SUBST(piddir)
dnl allow user to disable some login recording features

4
deattack.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */
/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */
/*
* Cryptographic attack detector for ssh - source code
@ -21,7 +21,7 @@
#include "includes.h"
#include "deattack.h"
#include "ssh.h"
#include "log.h"
#include "crc32.h"
#include "getput.h"
#include "xmalloc.h"

17
dh.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
@ -31,10 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
#include <openssl/dh.h>
#include <openssl/evp.h>
#include "ssh.h"
#include "buffer.h"
#include "cipher.h"
#include "kex.h"
#include "dh.h"
#include "pathnames.h"
#include "log.h"
#include "misc.h"
int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
@ -100,9 +103,9 @@ choose_dh(int minbits)
int linenum;
struct dhgroup dhg;
f = fopen(DH_PRIMES, "r");
f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
log("WARNING: %s does not exist, using old prime", DH_PRIMES);
log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
@ -126,13 +129,13 @@ choose_dh(int minbits)
fclose (f);
if (bestcount == 0) {
log("WARNING: no primes in %s, using old prime", DH_PRIMES);
log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
f = fopen(DH_PRIMES, "r");
f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES);
}
linenum = 0;

6
dispatch.c
View File

@ -22,8 +22,10 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $");
#include "ssh.h"
RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $");
#include "ssh1.h"
#include "log.h"
#include "dispatch.h"
#include "packet.h"

10
entropy.c
View File

@ -24,9 +24,6 @@
#include "includes.h"
#include "ssh.h"
#include "xmalloc.h"
#include <openssl/rand.h>
#include <openssl/sha.h>
@ -35,7 +32,12 @@
# include <floatingpoint.h>
#endif /* HAVE_FLOATINGPOINT_H */
RCSID("$Id: entropy.c,v 1.23 2001/01/16 22:37:15 djm Exp $");
#include "ssh.h"
#include "xmalloc.h"
#include "atomicio.h"
#include "log.h"
RCSID("$Id: entropy.c,v 1.24 2001/01/22 05:34:41 mouring Exp $");
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)

2
groupaccess.c
View File

@ -25,9 +25,9 @@
#include "includes.h"
#include "groupaccess.h"
#include "ssh.h"
#include "xmalloc.h"
#include "match.h"
#include "log.h"
static int ngroups;
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */

4
hmac.c
View File

@ -23,11 +23,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $");
RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "getput.h"
#include "log.h"
#include <openssl/hmac.h>

6
hostfile.c
View File

@ -36,15 +36,13 @@
*/
#include "includes.h"
RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $");
RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $");
#include "packet.h"
#include "match.h"
#include "ssh.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
#include "log.h"
/*
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the

21
kex.c
View File

@ -23,18 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "compat.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bio.h>
@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
#include <openssl/dh.h>
#include <openssl/pem.h>
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "compat.h"
#include "cipher.h"
#include "kex.h"
#include "key.h"
#include "log.h"
#define KEX_COOKIE_LEN 16

10
key.c
View File

@ -31,12 +31,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#include "ssh.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
@ -45,8 +44,7 @@
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
#include "log.h"
Key *
key_new(int type)

3
key.h
View File

@ -24,6 +24,9 @@
#ifndef KEY_H
#define KEY_H
#include <openssl/rsa.h>
#include <openssl/dsa.h>
typedef struct Key Key;
enum types {
KEY_RSA1,

4
log-client.c
View File

@ -36,10 +36,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;

4
log-server.c
View File

@ -36,12 +36,12 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $");
RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $");
#include <syslog.h>
#include "packet.h"
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 0;

4
log.c
View File

@ -36,9 +36,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $");
#include "ssh.h"
#include "log.h"
#include "xmalloc.h"
/* Fatal messages. This function never returns. */

76
log.h Normal file
View File

@ -0,0 +1,76 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef SSH_LOG_H
#define SSH_LOG_H
/* Supported syslog facilities and levels. */
typedef enum {
SYSLOG_FACILITY_DAEMON,
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
#ifdef LOG_AUTHPRIV
SYSLOG_FACILITY_AUTHPRIV,
#endif
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
SYSLOG_FACILITY_LOCAL2,
SYSLOG_FACILITY_LOCAL3,
SYSLOG_FACILITY_LOCAL4,
SYSLOG_FACILITY_LOCAL5,
SYSLOG_FACILITY_LOCAL6,
SYSLOG_FACILITY_LOCAL7
} SyslogFacility;
typedef enum {
SYSLOG_LEVEL_QUIET,
SYSLOG_LEVEL_FATAL,
SYSLOG_LEVEL_ERROR,
SYSLOG_LEVEL_INFO,
SYSLOG_LEVEL_VERBOSE,
SYSLOG_LEVEL_DEBUG1,
SYSLOG_LEVEL_DEBUG2,
SYSLOG_LEVEL_DEBUG3
} LogLevel;
/* Initializes logging. */
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
/* Logging implementation, depending on server or client */
void do_log(LogLevel level, const char *fmt, va_list args);
/* name to facility/level */
SyslogFacility log_facility_number(char *name);
LogLevel log_level_number(char *name);
/* Output a message to syslog or stderr */
void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
/* same as fatal() but w/o logging */
void fatal_cleanup(void);
/*
* Registers a cleanup function to be called by fatal()/fatal_cleanup()
* before exiting. It is permissible to call fatal_remove_cleanup for the
* function itself from the function.
*/
void fatal_add_cleanup(void (*proc) (void *context), void *context);
/* Removes a cleanup function to be called at fatal(). */
void fatal_remove_cleanup(void (*proc) (void *context), void *context);
#endif

2
login.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $");
RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $");
#include "loginrec.h"

38
login.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef LOGIN_H
#define LOGIN_H
/*
* Returns the time when the user last logged in. Returns 0 if the
* information is not available. This must be called before record_login.
* The host from which the user logged in is stored in buf.
*/
u_long
get_last_login_time(uid_t uid, const char *logname,
char *buf, u_int bufsize);
/*
* Records that the user has logged in. This does many things normally done
* by login(1).
*/
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr *addr);
/*
* Records that the user has logged out. This does many thigs normally done
* by login(1) or init.
*/
void record_logout(pid_t pid, const char *ttyname);
#endif

4
loginrec.c
View File

@ -160,8 +160,10 @@
#include "ssh.h"
#include "xmalloc.h"
#include "loginrec.h"
#include "log.h"
#include "atomicio.h"
RCSID("$Id: loginrec.c,v 1.29 2000/12/28 00:07:07 mouring Exp $");
RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>

4
match.c
View File

@ -12,9 +12,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $");
RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $");
#include "ssh.h"
#include "match.h"
/*
* Returns true if the given string matches the pattern (which may contain ?

1
util.c → misc.c
View File

@ -28,6 +28,7 @@
RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
#include "ssh.h"
#include "log.h"
char *
chop(char *s)

19
misc.h Normal file
View File

@ -0,0 +1,19 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/* remove newline at end of string */
char *chop(char *s);
/* return next token in configuration line */
char *strdelim(char **s);
/* set filedescriptor to non-blocking */
void set_nonblock(int fd);

9
nchan.c
View File

@ -23,17 +23,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $");
#include "ssh.h"
RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $");
#include "ssh1.h"
#include "ssh2.h"
#include "buffer.h"
#include "packet.h"
#include "channels.h"
#include "nchan.h"
#include "ssh2.h"
#include "compat.h"
#include "log.h"
/* functions manipulating channel states */
/*

6
packet.c
View File

@ -37,13 +37,12 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
#include "packet.h"
#include "bufaux.h"
#include "ssh.h"
#include "crc32.h"
#include "getput.h"
@ -52,6 +51,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "channels.h"
#include "compat.h"
#include "ssh1.h"
#include "ssh2.h"
#include <openssl/bn.h>
@ -61,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "cipher.h"
#include "kex.h"
#include "hmac.h"
#include "log.h"
#include "canohost.h"
#ifdef PACKET_DEBUG
#define DBG(x) x

136
pathnames.h Normal file
View File

@ -0,0 +1,136 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef ETCDIR
#define ETCDIR "/etc"
#endif
#ifndef _PATH_SSH_PIDDIR
#define _PATH_SSH_PIDDIR "/var/run"
#endif
/*
* System-wide file containing host keys of known hosts. This file should be
* world-readable.
*/
#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
/*
* Of these, ssh_host_key must be readable only by root, whereas ssh_config
* should be world-readable.
*/
#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key"
#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config"
#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config"
#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
#define _PATH_DH_PRIMES ETCDIR "/primes"
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
/*
* The process id of the daemon listening for connections is saved here to
* make it easier to kill the correct daemon when necessary.
*/
#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
/*
* The directory in user\'s home directory in which the files reside. The
* directory should be world-readable (though not all files are).
*/
#define _PATH_SSH_USER_DIR ".ssh"
/*
* Per-user file containing host keys of known hosts. This file need not be
* readable by anyone except the user him/herself, though this does not
* contain anything particularly secret.
*/
#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
/*
* Name of the default file containing client-side authentication key. This
* file should only be readable by the user him/herself.
*/
#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
/*
* Configuration file in user\'s home directory. This file need not be
* readable by anyone but the user him/herself, but does not contain anything
* particularly secret. If the user\'s home directory resides on an NFS
* volume where root is mapped to nobody, this may need to be world-readable.
*/
#define _PATH_SSH_USER_CONFFILE ".ssh/config"
/*
* File containing a list of those rsa keys that permit logging in as this
* user. This file need not be readable by anyone but the user him/herself,
* but does not contain anything particularly secret. If the user\'s home
* directory resides on an NFS volume where root is mapped to nobody, this
* may need to be world-readable. (This file is read by the daemon which is
* running as root.)
*/
#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
/*
* Per-user and system-wide ssh "rc" files. These files are executed with
* /bin/sh before starting the shell or command if they exist. They will be
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
* use. xauth will be run if neither of these exists.
*/
#define _PATH_SSH_USER_RC ".ssh/rc"
#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc"
/*
* Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
* ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
*/
#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv"
/*
* Default location of askpass
*/
#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
/* for scp */
#ifndef _PATH_CP
#define _PATH_CP "cp"
#endif
/* path to login program */
#ifndef LOGIN_PROGRAM
# ifdef LOGIN_PROGRAM_FALLBACK
# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
# else
# define LOGIN_PROGRAM "/usr/bin/login"
# endif
#endif /* LOGIN_PROGRAM */
/* Askpass program define */
#ifndef ASKPASS_PROGRAM
#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
#endif /* ASKPASS_PROGRAM */
/*
* Relevant only when using builtin PRNG.
*/
#ifndef SSH_PRNG_SEED_FILE
# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
#endif /* SSH_PRNG_SEED_FILE */
#ifndef SSH_PRNG_COMMAND_FILE
# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
#endif /* SSH_PRNG_COMMAND_FILE */

4
pty.c
View File

@ -12,14 +12,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $");
RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
#endif /* HAVE_UTIL_H */
#include "pty.h"
#include "ssh.h"
#include "log.h"
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)

26
radix.h Normal file
View File

@ -0,0 +1,26 @@
/*
* Copyright (c) 1999 Dug Song. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
int radix_to_creds(const char *buf, CREDENTIALS * creds);

31
readconf.c
View File

@ -12,13 +12,17 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $");
RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $");
#include "ssh.h"
#include "readconf.h"
#include "match.h"
#include "xmalloc.h"
#include "compat.h"
#include "cipher.h"
#include "pathnames.h"
#include "log.h"
#include "readconf.h"
#include "match.h"
#include "misc.h"
/* Format of the configuration file:
@ -247,7 +251,7 @@ process_config_line(Options *options, const char *host,
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
if (!*keyword || *keyword == '\n' || *keyword == '#')
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
opcode = parse_token(keyword, filename, linenum);
@ -599,8 +603,7 @@ parse_int:
}
/* Check that there is no garbage at end of line. */
if ((arg = strdelim(&s)) != NULL && *arg != '\0')
{
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
filename, linenum, arg);
}
@ -782,27 +785,27 @@ fill_default_options(Options * options)
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
options->identity_files[options->num_identity_files] =
xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1);
sprintf(options->identity_files[options->num_identity_files++],
"~/%.100s", SSH_CLIENT_IDENTITY);
"~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
}
if (options->protocol & SSH_PROTO_2) {
options->identity_files[options->num_identity_files] =
xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1);
sprintf(options->identity_files[options->num_identity_files++],
"~/%.100s", SSH_CLIENT_ID_DSA);
"~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
}
}
if (options->escape_char == -1)
options->escape_char = '~';
if (options->system_hostfile == NULL)
options->system_hostfile = SSH_SYSTEM_HOSTFILE;
options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
if (options->user_hostfile == NULL)
options->user_hostfile = SSH_USER_HOSTFILE;
options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
if (options->system_hostfile2 == NULL)
options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
if (options->user_hostfile2 == NULL)
options->user_hostfile2 = SSH_USER_HOSTFILE2;
options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
if (options->log_level == (LogLevel) - 1)
options->log_level = SYSLOG_LEVEL_INFO;
/* options->proxy_command should not be set by default */

3
readpass.c
View File

@ -32,10 +32,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $");
RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "cli.h"
/*

18
readpass.h Normal file
View File

@ -0,0 +1,18 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Reads a passphrase from /dev/tty with echo turned off. Returns the
* passphrase (allocated with xmalloc). Exits if EOF is encountered. If
* from_stdin is true, the passphrase will be read from stdin instead.
*/
char *read_passphrase(char *prompt, int from_stdin);

4
rsa.c
View File

@ -60,10 +60,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $");
RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $");
#include "rsa.h"
#include "ssh.h"
#include "log.h"
#include "xmalloc.h"
void

12
scp.c
View File

@ -75,14 +75,12 @@
*/
#include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
#ifndef _PATH_CP
#define _PATH_CP "cp"
#endif
#include "atomicio.h"
#include "pathnames.h"
#include "log.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -130,7 +128,7 @@ int verbose_mode = 0;
int showprogress = 1;
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = SSH_PROGRAM;
char *ssh_program = _PATH_SSH_PROGRAM;
/* This is the list of arguments that scp passes to ssh */
struct {

27
servconf.c
View File

@ -10,16 +10,32 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $");
RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $");
#ifdef KRB4
#include <krb.h>
#endif
#ifdef AFS
#include <kafs.h>
#endif
#include "ssh.h"
#include "log.h"
#include "servconf.h"
#include "xmalloc.h"
#include "compat.h"
#include "pathnames.h"
#include "tildexpand.h"
#include "misc.h"
#include "cipher.h"
/* add listen address */
void add_listen_addr(ServerOptions *options, char *addr);
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Initializes the server options to their default values. */
void
@ -87,16 +103,16 @@ fill_default_server_options(ServerOptions *options)
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
if (options->protocol & SSH_PROTO_2)
options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
}
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->listen_addrs == NULL)
add_listen_addr(options, NULL);
if (options->pid_file == NULL)
options->pid_file = SSH_DAEMON_PID_FILE;
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
@ -281,7 +297,6 @@ parse_token(const char *cp, const char *filename,
void
add_listen_addr(ServerOptions *options, char *addr)
{
extern int IPv4or6;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr;
@ -332,7 +347,7 @@ read_server_config(ServerOptions *options, const char *filename)
/* Ignore leading whitespace */
if (*arg == '\0')
arg = strdelim(&cp);
if (!*arg || *arg == '#')
if (!arg || !*arg || *arg == '#')
continue;
intptr = NULL;
charptr = NULL;

8
serverloop.c
View File

@ -35,22 +35,24 @@
*/
#include "includes.h"
RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $");
RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "pty.h"
#include "channels.h"
#include "compat.h"
#include "ssh1.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth-options.h"
#include "serverloop.h"
#include "misc.h"
extern ServerOptions options;

20
serverloop.h Normal file
View File

@ -0,0 +1,20 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Performs the interactive session. This handles data transmission between
* the client and the program. Note that the notion of stdin, stdout, and
* stderr in this function is sort of reversed: this function writes to stdin
* (of the child program), and reads from stdout and stderr (of the child
* program).
*/
void server_loop(pid_t pid, int fdin, int fdout, int fderr);
void server_loop2(void);

31
session.c
View File

@ -33,24 +33,29 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $");
RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
#include "nchan.h"
#include "bufaux.h"
#include "ssh2.h"
#include "auth.h"
#include "auth-options.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
#include "login.h"
#include "serverloop.h"
#include "canohost.h"
#ifdef WITH_IRIX_PROJECT
#include <proj.h>
@ -1333,28 +1338,28 @@ do_child(const char *command, struct passwd * pw, const char *term,
* in this order).
*/
if (!options.use_login) {
if (stat(SSH_USER_RC, &st) >= 0) {
if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
if (debug_flag)
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC);
f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
} else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC);
} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
if (debug_flag)
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC);
f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC);
} else if (options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {

4
sftp-server.c
View File

@ -22,12 +22,12 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $");
#include "ssh.h"
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
#include "log.h"
#include "xmalloc.h"
#include "sftp.h"

19
ssh-add.c
View File

@ -35,18 +35,19 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "rsa.h"
#include "ssh.h"
#include "rsa.h"
#include "log.h"
#include "xmalloc.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
#include "pathnames.h"
#include "readpass.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -103,6 +104,8 @@ ssh_askpass(char *askpass, char *msg)
int p[2], status;
char buf[1024];
if (fflush(stdout) != 0)
error("ssh_askpass: fflush: %s", strerror(errno));
if (askpass == NULL)
fatal("internal error: askpass undefined");
if (pipe(p) < 0)
@ -117,9 +120,7 @@ ssh_askpass(char *askpass, char *msg)
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
}
close(p[1]);
buf[0] = '\0';
atomicio(read, p[0], buf, sizeof buf);
len = strlen(buf);
len = read(p[0], buf, sizeof buf);
close(p[0]);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
@ -166,7 +167,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
if (getenv(SSH_ASKPASS_ENV))
askpass = getenv(SSH_ASKPASS_ENV);
else
askpass = SSH_ASKPASS_DEFAULT;
askpass = _PATH_SSH_ASKPASS_DEFAULT;
}
/* At first, try empty passphrase */
@ -291,7 +292,7 @@ main(int argc, char **argv)
ssh_close_authentication_connection(ac);
exit(1);
}
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
if (deleting)
delete_file(ac, buf);
else

101
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -37,7 +37,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "ssh.h"
#include "rsa.h"
@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
#include "packet.h"
#include "getput.h"
#include "mpaux.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
#include "cipher.h"
#include "kex.h"
#include "compat.h"
#include "log.h"
typedef struct {
int fd;
@ -97,6 +97,8 @@ extern char *__progname;
char *__progname;
#endif
int prepare_select(fd_set **, fd_set **, int *);
void
idtab_init(void)
{
@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version)
if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d",
key_size(key), bits);
key_size(key), bits);
break;
case 2:
blob = buffer_get_string(&e->input, &blen);
@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version)
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
buffer_get_int(&e->input); /* ignored */
buffer_get_int(&e->input); /* ignored */
buffer_get_bignum(&e->input, k->rsa->n);
buffer_get_bignum(&e->input, k->rsa->e);
buffer_get_bignum(&e->input, k->rsa->d);
@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version)
break;
case 2:
type_name = buffer_get_string(&e->input, NULL);
type = key_type_from_name(type_name);
type = key_type_from_name(type_name);
xfree(type_name);
switch(type) {
case KEY_DSA:
@ -556,17 +558,17 @@ new_socket(int type, int fd)
buffer_init(&sockets[old_alloc].output);
}
void
prepare_select(fd_set *readset, fd_set *writeset)
int
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
{
u_int i;
for (i = 0; i < sockets_alloc; i++)
u_int i, sz;
int n = 0;
for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
case AUTH_SOCKET:
case AUTH_CONNECTION:
FD_SET(sockets[i].fd, readset);
if (buffer_len(&sockets[i].output) > 0)
FD_SET(sockets[i].fd, writeset);
n = MAX(n, sockets[i].fd);
break;
case AUTH_UNUSED:
break;
@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset)
fatal("Unknown socket type %d", sockets[i].type);
break;
}
}
sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
if (*fdrp == NULL || n > *fdl) {
if (*fdrp)
free(*fdrp);
if (*fdwp)
free(*fdwp);
*fdrp = xmalloc(sz);
*fdwp = xmalloc(sz);
*fdl = n;
}
memset(*fdrp, 0, sz);
memset(*fdwp, 0, sz);
for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
case AUTH_SOCKET:
case AUTH_CONNECTION:
FD_SET(sockets[i].fd, *fdrp);
if (buffer_len(&sockets[i].output) > 0)
FD_SET(sockets[i].fd, *fdwp);
break;
default:
break;
}
}
return (1);
}
void
@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset)
case AUTH_SOCKET:
if (FD_ISSET(sockets[i].fd, readset)) {
slen = sizeof(sunaddr);
sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
sock = accept(sockets[i].fd,
(struct sockaddr *) &sunaddr, &slen);
if (sock < 0) {
perror("accept from AUTH_SOCKET");
break;
@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset)
case AUTH_CONNECTION:
if (buffer_len(&sockets[i].output) > 0 &&
FD_ISSET(sockets[i].fd, writeset)) {
len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
buffer_len(&sockets[i].output));
len = write(sockets[i].fd,
buffer_ptr(&sockets[i].output),
buffer_len(&sockets[i].output));
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset)
void
check_parent_exists(int sig)
{
int save_errno = errno;
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
exit(1);
}
signal(SIGALRM, check_parent_exists);
alarm(10);
errno = save_errno;
}
void
@ -664,14 +699,13 @@ usage()
{
fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
__progname);
__progname);
exit(1);
}
int
main(int ac, char **av)
{
fd_set readset, writeset;
int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
@ -680,6 +714,7 @@ main(int ac, char **av)
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
extern int optind;
fd_set *readsetp = NULL, *writesetp = NULL;
__progname = get_progname(av[0]);
init_rng();
@ -722,14 +757,13 @@ main(int ac, char **av)
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
if (pidstr == NULL) {
fprintf(stderr, "%s not set, cannot kill agent\n",
SSH_AGENTPID_ENV_NAME);
SSH_AGENTPID_ENV_NAME);
exit(1);
}
pid = atoi(pidstr);
if (pid < 1) { /* XXX PID_MAX check too */
/* Yes, PID_MAX check please */
if (pid < 1) {
fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
SSH_AGENTPID_ENV_NAME, pidstr);
SSH_AGENTPID_ENV_NAME, pidstr);
exit(1);
}
if (kill(pid, SIGTERM) == -1) {
@ -751,7 +785,7 @@ main(int ac, char **av)
exit(1);
}
snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
parent_pid);
parent_pid);
/*
* Create socket early so it will exist before command gets run from
@ -773,6 +807,7 @@ main(int ac, char **av)
perror("listen");
cleanup_exit(1);
}
/*
* Fork, and have the parent execute the command, if any, or present
* the socket data. The child continues as the authentication agent.
@ -788,9 +823,9 @@ main(int ac, char **av)
if (ac == 0) {
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
SSH_AUTHSOCKET_ENV_NAME);
SSH_AUTHSOCKET_ENV_NAME);
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
SSH_AGENTPID_ENV_NAME);
SSH_AGENTPID_ENV_NAME);
printf("echo Agent pid %d;\n", pid);
exit(0);
}
@ -834,15 +869,13 @@ main(int ac, char **av)
signal(SIGHUP, cleanup_exit);
signal(SIGTERM, cleanup_exit);
while (1) {
FD_ZERO(&readset);
FD_ZERO(&writeset);
prepare_select(&readset, &writeset);
if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
prepare_select(&readsetp, &writesetp, &max_fd);
if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
exit(1);
}
after_select(&readset, &writeset);
after_select(readsetp, writesetp);
}
/* NOTREACHED */
}

22
ssh-dss.c
View File

@ -23,19 +23,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "compat.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include "log.h"
#include "key.h"
#define INTBLOB_LEN 20
@ -54,7 +51,7 @@ ssh_dss_sign(
EVP_MD_CTX md;
u_int rlen;
u_int slen;
u_int len;
u_int len, dlen;
u_char sigblob[SIGBLOB_LEN];
Buffer b;
@ -62,15 +59,18 @@ ssh_dss_sign(
error("ssh_dss_sign: no DSA key");
return -1;
}
digest = xmalloc(evp_md->md_size);
dlen = evp_md->md_size;
digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, NULL);
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
sig = DSA_do_sign(digest, dlen, key->dsa);
if (sig == NULL) {
fatal("ssh_dss_sign: cannot sign");
}
memset(digest, 0, dlen);
xfree(digest);
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);

6
ssh-keygen.1
View File

@ -71,8 +71,6 @@
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl R
.Sh DESCRIPTION
.Nm
generates and manages authentication keys for
@ -172,10 +170,6 @@ Provides the new comment.
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl R
If RSA support is functional, immediately exits with code 0. If RSA
support is not functional, exits with code 1. This flag will be
removed once the RSA patent expires.
.It Fl x
This option will read a private
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.

18
ssh-keygen.c
View File

@ -12,22 +12,20 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "ssh.h"
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
#include "authfile.h"
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
#include "pathnames.h"
#include "log.h"
#include "readpass.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024;
@ -87,13 +85,13 @@ ask_filename(struct passwd *pw, const char *prompt)
switch (key_type_from_name(key_type_name)) {
case KEY_RSA1:
name = SSH_CLIENT_IDENTITY;
name = _PATH_SSH_CLIENT_IDENTITY;
break;
case KEY_DSA:
name = SSH_CLIENT_ID_DSA;
name = _PATH_SSH_CLIENT_ID_DSA;
break;
case KEY_RSA:
name = SSH_CLIENT_ID_RSA;
name = _PATH_SSH_CLIENT_ID_RSA;
break;
default:
fprintf(stderr, "bad key type");
@ -757,7 +755,7 @@ main(int ac, char **av)
ask_filename(pw, "Enter file in which to save the key");
/* Create ~/.ssh directory if it doesn\'t already exist. */
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (strstr(identity_file, dotsshdir) != NULL &&
stat(dotsshdir, &st) < 0) {
if (mkdir(dotsshdir, 0700) < 0)

6
ssh-keyscan.c
View File

@ -8,7 +8,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
@ -18,14 +18,14 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
#include <errno.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "key.h"
#include "buffer.h"
#include "bufaux.h"
#include "log.h"
static int argno = 1; /* Number of argument currently being parsed */

13
ssh-rsa.c
View File

@ -23,18 +23,15 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include "xmalloc.h"
#include "log.h"
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */

30
ssh.c
View File

@ -39,27 +39,31 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include "xmalloc.h"
#include "ssh.h"
#include "packet.h"
#include "buffer.h"
#include "readconf.h"
#include "uidswap.h"
#include "ssh1.h"
#include "ssh2.h"
#include "compat.h"
#include "cipher.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "uidswap.h"
#include "channels.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
#include "pathnames.h"
#include "clientloop.h"
#include "log.h"
#include "readconf.h"
#include "sshconnect.h"
#include "tildexpand.h"
#include "misc.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -555,11 +559,11 @@ main(int ac, char **av)
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
/* Read per-user configuration file. */
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE);
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
read_config_file(buf, host, &options);
/* Read systemwide configuration file. */
read_config_file(HOST_CONFIG_FILE, host, &options);
read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
/* Fill configuration defaults. */
fill_default_options(&options);
@ -624,7 +628,7 @@ main(int ac, char **av)
host_private_key = RSA_new();
k.type = KEY_RSA1;
k.rsa = host_private_key;
if (load_private_key(HOST_KEY_FILE, "", &k, NULL))
if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL))
host_private_key_loaded = 1;
}
/*
@ -648,7 +652,7 @@ main(int ac, char **av)
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn\'t already exist.
*/
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);

471
ssh.h
View File

@ -3,8 +3,6 @@
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* Generic header file for ssh.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
@ -12,7 +10,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */
/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
@ -26,8 +24,9 @@
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
#include "rsa.h"
#include "cipher.h"
//#include "rsa.h"
//#include "cipher.h"
/* Cipher used for encrypting authentication files. */
#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
@ -68,138 +67,21 @@
# define SSHD_PAM_SERVICE "sshd"
#endif
#ifndef ETCDIR
#define ETCDIR "/etc"
#endif /* ETCDIR */
#ifndef PIDDIR
#define PIDDIR "/var/run"
#endif /* PIDDIR */
/*
* System-wide file containing host keys of known hosts. This file should be
* world-readable.
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
/*
* Of these, ssh_host_key must be readable only by root, whereas ssh_config
* should be world-readable.
*/
#define HOST_KEY_FILE ETCDIR "/ssh_host_key"
#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
#define DH_PRIMES ETCDIR "/primes"
#ifndef SSH_PROGRAM
#define SSH_PROGRAM "/usr/bin/ssh"
#endif /* SSH_PROGRAM */
#ifndef LOGIN_PROGRAM
# ifdef LOGIN_PROGRAM_FALLBACK
# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
# else
# define LOGIN_PROGRAM "/usr/bin/login"
# endif
#endif /* LOGIN_PROGRAM */
#ifndef ASKPASS_PROGRAM
#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
#endif /* ASKPASS_PROGRAM */
/*
* The process id of the daemon listening for connections is saved here to
* make it easier to kill the correct daemon when necessary.
*/
#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"
/*
* The directory in user\'s home directory in which the files reside. The
* directory should be world-readable (though not all files are).
*/
#define SSH_USER_DIR ".ssh"
/*
* Relevant only when using builtin PRNG.
*/
#ifndef SSH_PRNG_SEED_FILE
# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
#endif /* SSH_PRNG_SEED_FILE */
#ifndef SSH_PRNG_COMMAND_FILE
# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
#endif /* SSH_PRNG_COMMAND_FILE */
/*
* Per-user file containing host keys of known hosts. This file need not be
* readable by anyone except the user him/herself, though this does not
* contain anything particularly secret.
*/
#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"
#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
/*
* Name of the default file containing client-side authentication key. This
* file should only be readable by the user him/herself.
*/
#define SSH_CLIENT_IDENTITY ".ssh/identity"
#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
/*
* Configuration file in user\'s home directory. This file need not be
* readable by anyone but the user him/herself, but does not contain anything
* particularly secret. If the user\'s home directory resides on an NFS
* volume where root is mapped to nobody, this may need to be world-readable.
*/
#define SSH_USER_CONFFILE ".ssh/config"
/*
* File containing a list of those rsa keys that permit logging in as this
* user. This file need not be readable by anyone but the user him/herself,
* but does not contain anything particularly secret. If the user\'s home
* directory resides on an NFS volume where root is mapped to nobody, this
* may need to be world-readable. (This file is read by the daemon which is
* running as root.)
*/
#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
/*
* Per-user and system-wide ssh "rc" files. These files are executed with
* /bin/sh before starting the shell or command if they exist. They will be
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
* use. xauth will be run if neither of these exists.
*/
#define SSH_USER_RC ".ssh/rc"
#define SSH_SYSTEM_RC ETCDIR "/sshrc"
/*
* Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
* ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
*/
#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
* Environment variable for overwriting the default location of askpass
*/
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
/*
* Default path to ssh-askpass used by ssh-add,
* environment variable for overwriting the default location
*/
#ifndef SSH_ASKPASS_DEFAULT
# define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
#endif
#define SSH_ASKPASS_ENV "SSH_ASKPASS"
/*
@ -217,339 +99,4 @@
/* Name of Kerberos service for SSH to use. */
#define KRB4_SERVICE_NAME "rcmd"
/*
* Authentication methods. New types can be added, but old types should not
* be removed for compatibility. The maximum allowed value is 31.
*/
#define SSH_AUTH_RHOSTS 1
#define SSH_AUTH_RSA 2
#define SSH_AUTH_PASSWORD 3
#define SSH_AUTH_RHOSTS_RSA 4
#define SSH_AUTH_TIS 5
#define SSH_AUTH_KERBEROS 6
#define SSH_PASS_KERBEROS_TGT 7
/* 8 to 15 are reserved */
#define SSH_PASS_AFS_TOKEN 21
/* Protocol flags. These are bit masks. */
#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
/*
* Definition of message types. New values can be added, but old values
* should not be removed or without careful consideration of the consequences
* for compatibility. The maximum value is 254; value 255 is reserved for
* future extension.
*/
/* Message name */ /* msg code */ /* arguments */
#define SSH_MSG_NONE 0 /* no message */
#define SSH_MSG_DISCONNECT 1 /* cause (string) */
#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
#define SSH_CMSG_USER 4 /* user (string) */
#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
#define SSH_CMSG_EXEC_SHELL 12 /* */
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
#define SSH_SMSG_SUCCESS 14 /* */
#define SSH_SMSG_FAILURE 15 /* */
#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
#define SSH_CMSG_EOF 19 /* */
#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
#define SSH_MSG_IGNORE 32 /* string */
#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
#define SSH_MSG_DEBUG 36 /* string */
#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
/*------------ definitions for login.c -------------*/
/*
* Returns the time when the user last logged in. Returns 0 if the
* information is not available. This must be called before record_login.
* The host from which the user logged in is stored in buf.
*/
u_long
get_last_login_time(uid_t uid, const char *logname,
char *buf, u_int bufsize);
/*
* Records that the user has logged in. This does many things normally done
* by login(1).
*/
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr *addr);
/*
* Records that the user has logged out. This does many thigs normally done
* by login(1) or init.
*/
void record_logout(pid_t pid, const char *ttyname);
/*------------ definitions for sshconnect.c ----------*/
/*
* Opens a TCP/IP connection to the remote server on the given host. If port
* is 0, the default port will be used. If anonymous is zero, a privileged
* port will be allocated to make the connection. This requires super-user
* privileges if anonymous is false. Connection_attempts specifies the
* maximum number of tries, one per second. This returns true on success,
* and zero on failure. If the connection is successful, this calls
* packet_set_connection for the connection.
*/
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int connection_attempts,
int anonymous, uid_t original_real_uid,
const char *proxy_command);
/*
* Starts a dialog with the server, and authenticates the current user on the
* server. This does not need any extra privileges. The basic connection to
* the server must already have been established before this is called. If
* login fails, this function prints an error and never returns. This
* initializes the random state, and leaves it initialized (it will also have
* references from the packet module).
*/
void
ssh_login(int host_key_valid, RSA * host_key, const char *host,
struct sockaddr * hostaddr, uid_t original_real_uid);
/*------------ Definitions for various authentication methods. -------*/
/*
* Tries to authenticate the user using the .rhosts file. Returns true if
* authentication succeeds. If ignore_rhosts is non-zero, this will not
* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
*/
int auth_rhosts(struct passwd * pw, const char *client_user);
/*
* Tries to authenticate the user using the .rhosts file and the host using
* its host key. Returns true if authentication succeeds.
*/
int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int auth_password(struct passwd * pw, const char *password);
/*
* Performs the RSA authentication dialog with the client. This returns 0 if
* the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
*/
int auth_rsa(struct passwd * pw, BIGNUM * client_n);
/*
* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
* over the key. Skips any whitespace at the beginning and at end.
*/
int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
/*
* Returns the name of the machine at the other end of the socket. The
* returned string should be freed by the caller.
*/
char *get_remote_hostname(int socket);
/*
* Return the canonical name of the host in the other side of the current
* connection (as returned by packet_get_connection). The host name is
* cached, so it is efficient to call this several times.
*/
const char *get_canonical_hostname(void);
/*
* Returns the remote IP address as an ascii string. The value need not be
* freed by the caller.
*/
const char *get_remote_ipaddr(void);
/* Returns the port number of the peer of the socket. */
int get_peer_port(int sock);
/* Returns the port number of the remote/local host. */
int get_remote_port(void);
int get_local_port(void);
/*
* Performs the RSA authentication challenge-response dialog with the client,
* and returns true (non-zero) if the client gave the correct answer to our
* challenge; returns zero if the client gives a wrong answer.
*/
int auth_rsa_challenge_dialog(RSA *pk);
/*
* Reads a passphrase from /dev/tty with echo turned off. Returns the
* passphrase (allocated with xmalloc). Exits if EOF is encountered. If
* from_stdin is true, the passphrase will be read from stdin instead.
*/
char *read_passphrase(const char *prompt, int from_stdin);
/*------------ Definitions for logging. -----------------------*/
/* Supported syslog facilities and levels. */
typedef enum {
SYSLOG_FACILITY_DAEMON,
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
#ifdef LOG_AUTHPRIV
SYSLOG_FACILITY_AUTHPRIV,
#endif
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
SYSLOG_FACILITY_LOCAL2,
SYSLOG_FACILITY_LOCAL3,
SYSLOG_FACILITY_LOCAL4,
SYSLOG_FACILITY_LOCAL5,
SYSLOG_FACILITY_LOCAL6,
SYSLOG_FACILITY_LOCAL7
} SyslogFacility;
typedef enum {
SYSLOG_LEVEL_QUIET,
SYSLOG_LEVEL_FATAL,
SYSLOG_LEVEL_ERROR,
SYSLOG_LEVEL_INFO,
SYSLOG_LEVEL_VERBOSE,
SYSLOG_LEVEL_DEBUG1,
SYSLOG_LEVEL_DEBUG2,
SYSLOG_LEVEL_DEBUG3
} LogLevel;
/* Initializes logging. */
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
/* Logging implementation, depending on server or client */
void do_log(LogLevel level, const char *fmt, va_list args);
/* name to facility/level */
SyslogFacility log_facility_number(char *name);
LogLevel log_level_number(char *name);
/* Output a message to syslog or stderr */
void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
/* same as fatal() but w/o logging */
void fatal_cleanup(void);
/*
* Registers a cleanup function to be called by fatal()/fatal_cleanup()
* before exiting. It is permissible to call fatal_remove_cleanup for the
* function itself from the function.
*/
void fatal_add_cleanup(void (*proc) (void *context), void *context);
/* Removes a cleanup function to be called at fatal(). */
void fatal_remove_cleanup(void (*proc) (void *context), void *context);
/* ---- misc */
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
* Warning: this calls getpw*.
*/
char *tilde_expand_filename(const char *filename, uid_t my_uid);
/* remove newline at end of string */
char *chop(char *s);
/* return next token in configuration line */
char *strdelim(char **s);
/* set filedescriptor to non-blocking */
void set_nonblock(int fd);
/*
* Performs the interactive session. This handles data transmission between
* the client and the program. Note that the notion of stdin, stdout, and
* stderr in this function is sort of reversed: this function writes to stdin
* (of the child program), and reads from stdout and stderr (of the child
* program).
*/
void server_loop(pid_t pid, int fdin, int fdout, int fderr);
void server_loop2(void);
/* Client side main loop for the interactive session. */
int client_loop(int have_pty, int escape_char, int id);
/* Linked list of custom environment strings (see auth-rsa.c). */
struct envstring {
struct envstring *next;
char *s;
};
/*
* Ensure all of data on socket comes through. f==read || f==write
*/
ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
#ifdef KRB4
#include <krb.h>
/*
* Performs Kerberos v4 mutual authentication with the client. This returns 0
* if the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
*/
int auth_krb4(const char *server_user, KTEXT auth, char **client);
int krb4_init(uid_t uid);
void krb4_cleanup_proc(void *ignore);
int auth_krb4_password(struct passwd * pw, const char *password);
#ifdef AFS
#include <kafs.h>
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int auth_kerberos_tgt(struct passwd * pw, const char *string);
int auth_afs_token(struct passwd * pw, const char *token_string);
int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
int radix_to_creds(const char *buf, CREDENTIALS * creds);
#endif /* AFS */
#endif /* KRB4 */
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
#endif /* SSH_H */

84
ssh1.h Normal file
View File

@ -0,0 +1,84 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Definition of message types. New values can be added, but old values
* should not be removed or without careful consideration of the consequences
* for compatibility. The maximum value is 254; value 255 is reserved for
* future extension.
*/
/* Message name */ /* msg code */ /* arguments */
#define SSH_MSG_NONE 0 /* no message */
#define SSH_MSG_DISCONNECT 1 /* cause (string) */
#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
#define SSH_CMSG_USER 4 /* user (string) */
#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
#define SSH_CMSG_EXEC_SHELL 12 /* */
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
#define SSH_SMSG_SUCCESS 14 /* */
#define SSH_SMSG_FAILURE 15 /* */
#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
#define SSH_CMSG_EOF 19 /* */
#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
#define SSH_MSG_IGNORE 32 /* string */
#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
#define SSH_MSG_DEBUG 36 /* string */
#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
/*
* Authentication methods. New types can be added, but old types should not
* be removed for compatibility. The maximum allowed value is 31.
*/
#define SSH_AUTH_RHOSTS 1
#define SSH_AUTH_RSA 2
#define SSH_AUTH_PASSWORD 3
#define SSH_AUTH_RHOSTS_RSA 4
#define SSH_AUTH_TIS 5
#define SSH_AUTH_KERBEROS 6
#define SSH_PASS_KERBEROS_TGT 7
/* 8 to 15 are reserved */
#define SSH_PASS_AFS_TOKEN 21
/* Protocol flags. These are bit masks. */
#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */

14
sshconnect.c
View File

@ -13,23 +13,24 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include "ssh.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
#include "readconf.h"
#include "key.h"
#include "sshconnect.h"
#include "hostfile.h"
#include "log.h"
#include "readconf.h"
#include "atomicio.h"
#include "misc.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
@ -37,6 +38,9 @@ char *server_version_string = NULL;
extern Options options;
extern char *__progname;
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/*
* Connect to the given ssh server using a proxy command.
*/

28
sshconnect.h
View File

@ -23,6 +23,34 @@
*/
#ifndef SSHCONNECT_H
#define SSHCONNECT_H
/*
* Opens a TCP/IP connection to the remote server on the given host. If port
* is 0, the default port will be used. If anonymous is zero, a privileged
* port will be allocated to make the connection. This requires super-user
* privileges if anonymous is false. Connection_attempts specifies the
* maximum number of tries, one per second. This returns true on success,
* and zero on failure. If the connection is successful, this calls
* packet_set_connection for the connection.
*/
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int connection_attempts,
int anonymous, uid_t original_real_uid,
const char *proxy_command);
/*
* Starts a dialog with the server, and authenticates the current user on the
* server. This does not need any extra privileges. The basic connection to
* the server must already have been established before this is called. If
* login fails, this function prints an error and never returns. This
* initializes the random state, and leaves it initialized (it will also have
* references from the packet module).
*/
void
ssh_login(int host_key_valid, RSA * host_key, const char *host,
struct sockaddr * hostaddr, uid_t original_real_uid);
void
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,

19
sshconnect1.c
View File

@ -13,25 +13,36 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $");
RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#ifdef KRB4
#include <krb.h>
#include "radix.h"
#endif
#ifdef AFS
#include <kafs.h>
#endif
#include "ssh.h"
#include "ssh1.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "mpaux.h"
#include "uidswap.h"
#include "log.h"
#include "readconf.h"
#include "key.h"
#include "authfd.h"
#include "sshconnect.h"
#include "authfile.h"
#include "readpass.h"
#include "cipher.h"
#include "canohost.h"
/* Session id for the current session. */
u_char session_id[16];

14
sshconnect2.c
View File

@ -23,25 +23,23 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/hmac.h>
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
#include "readconf.h"
#include "bufaux.h"
#include "ssh2.h"
#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
#include "key.h"
@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
#include "cli.h"
#include "dispatch.h"
#include "authfd.h"
#include "log.h"
#include "readconf.h"
#include "readpass.h"
void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
@ -332,8 +333,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g, &dlen);
if ((dh = dh_new_group(g, p)) == NULL)
fatal("dh_new_group");
dh = dh_new_group(g, p);
dh_gen_key(dh);

4
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $
.\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -394,7 +394,7 @@ Specifies the file containing the private host keys (default
used by SSH protocol versions 1 and 2.
Note that
.Nm
if this file is group/world-accessible.
will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
keys are used for version 1 and

32
sshd.c
View File

@ -40,32 +40,36 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $");
RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/hmac.h>
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "buffer.h"
#include "ssh2.h"
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/hmac.h>
#include "cipher.h"
#include "kex.h"
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include "key.h"
#include "dh.h"
#include "auth.h"
#include "myproposal.h"
#include "authfile.h"
#include "pathnames.h"
#include "atomicio.h"
#include "canohost.h"
#include "auth.h"
#include "misc.h"
#ifdef LIBWRAP
#include <tcpd.h>
@ -88,7 +92,7 @@ char *__progname;
ServerOptions options;
/* Name of the server configuration file. */
char *config_file_name = SERVER_CONFIG_FILE;
char *config_file_name = _PATH_SERVER_CONFIG_FILE;
/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
@ -643,7 +647,7 @@ main(int ac, char **av)
fprintf(stderr, "sshd version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE);
fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
fprintf(stderr, " -i Started from inetd\n");
fprintf(stderr, " -D Do not fork into daemon mode\n");
@ -653,7 +657,7 @@ main(int ac, char **av)
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
HOST_KEY_FILE);
_PATH_HOST_KEY_FILE);
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
fprintf(stderr, " -4 Use IPv4 only\n");
fprintf(stderr, " -6 Use IPv6 only\n");

4
tildexpand.c
View File

@ -11,10 +11,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $");
RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.

17
tildexpand.h Normal file
View File

@ -0,0 +1,17 @@
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
* Warning: this calls getpw*.
*/
char *tilde_expand_filename(const char *filename, uid_t my_uid);

5
ttymodes.c
View File

@ -15,10 +15,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "packet.h"
#include "ssh.h"
#include "log.h"
#include "ssh1.h"
#define TTY_OP_END 0
#define TTY_OP_ISPEED 192 /* int follows */

4
uidswap.c
View File

@ -12,9 +12,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
#include "ssh.h"
#include "log.h"
#include "uidswap.h"
/*

5
xmalloc.c
View File

@ -13,9 +13,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"
void *
xmalloc(size_t size)