Hopefully things did not get mixed around too much. It compiles under
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
This commit is contained in:
parent
401d58f361
commit
226cfa0378
63
ChangeLog
63
ChangeLog
|
@ -1,3 +1,66 @@
|
||||||
|
20010122
|
||||||
|
- (bal) OpenBSD Resync
|
||||||
|
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
|
||||||
|
[servconf.c ssh.h sshd.c]
|
||||||
|
only auth-chall.c needs #ifdef SKEY
|
||||||
|
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
|
||||||
|
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
|
||||||
|
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
|
||||||
|
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
|
||||||
|
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
|
||||||
|
ssh1.h sshconnect1.c sshd.c ttymodes.c]
|
||||||
|
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
||||||
|
- markus@cvs.openbsd.org 2001/01/19 16:48:14
|
||||||
|
[sshd.8]
|
||||||
|
fix typo; from stevesk@
|
||||||
|
- markus@cvs.openbsd.org 2001/01/19 16:50:58
|
||||||
|
[ssh-dss.c]
|
||||||
|
clear and free digest, make consistent with other code (use dlen); from
|
||||||
|
stevesk@
|
||||||
|
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
|
||||||
|
[auth-options.c auth-options.h auth-rsa.c auth2.c]
|
||||||
|
pass the filename to auth_parse_options()
|
||||||
|
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
|
||||||
|
[readconf.c]
|
||||||
|
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
|
||||||
|
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
|
||||||
|
[sshconnect2.c]
|
||||||
|
dh_new_group() does not return NULL. ok markus@
|
||||||
|
- markus@cvs.openbsd.org 2001/01/20 21:33:42
|
||||||
|
[ssh-add.c]
|
||||||
|
do not loop forever if askpass does not exist; from
|
||||||
|
andrew@pimlott.ne.mediaone.net
|
||||||
|
- djm@cvs.openbsd.org 2001/01/20 23:00:56
|
||||||
|
[servconf.c]
|
||||||
|
Check for NULL return from strdelim; ok markus
|
||||||
|
- djm@cvs.openbsd.org 2001/01/20 23:02:07
|
||||||
|
[readconf.c]
|
||||||
|
KNF; ok markus
|
||||||
|
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
|
||||||
|
[ssh-keygen.1]
|
||||||
|
remove -R flag; ok markus@
|
||||||
|
- markus@cvs.openbsd.org 2001/01/21 19:05:40
|
||||||
|
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
|
||||||
|
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
|
||||||
|
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
|
||||||
|
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
|
||||||
|
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
|
||||||
|
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
|
||||||
|
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
|
||||||
|
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
|
||||||
|
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
|
||||||
|
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
|
||||||
|
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
|
||||||
|
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
|
||||||
|
ttysmodes.c uidswap.c xmalloc.c]
|
||||||
|
split ssh.h and try to cleanup the #include mess. remove unnecessary
|
||||||
|
#includes. rename util.[ch] -> misc.[ch]
|
||||||
|
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
|
||||||
|
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
|
||||||
|
conflict when compiling for non-kerb install
|
||||||
|
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
|
||||||
|
on 1/19.
|
||||||
|
|
||||||
20010120
|
20010120
|
||||||
- (bal) OpenBSD Resync
|
- (bal) OpenBSD Resync
|
||||||
- markus@cvs.openbsd.org 2001/01/19 12:45:26
|
- markus@cvs.openbsd.org 2001/01/19 12:45:26
|
||||||
|
|
|
@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
|
||||||
|
|
||||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
|
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
|
||||||
|
|
||||||
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
|
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
|
||||||
|
|
||||||
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
|
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
|
||||||
|
|
||||||
|
|
|
@ -268,7 +268,7 @@
|
||||||
#undef USER_PATH
|
#undef USER_PATH
|
||||||
|
|
||||||
/* Specify location of ssh.pid */
|
/* Specify location of ssh.pid */
|
||||||
#undef PIDDIR
|
#undef _PATH_SSH_PIDDIR
|
||||||
|
|
||||||
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
|
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
|
||||||
#undef IPV4_DEFAULT
|
#undef IPV4_DEFAULT
|
||||||
|
|
|
@ -24,10 +24,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
|
RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "atomicio.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ensure all of data on socket comes through. f==read || f==write
|
* ensure all of data on socket comes through. f==read || f==write
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 1995,1999 Theo de Raadt
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Ensure all of data on socket comes through. f==read || f==write
|
||||||
|
*/
|
||||||
|
ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
|
|
@ -23,9 +23,8 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
|
RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
|
||||||
#ifdef SKEY
|
#ifdef SKEY
|
||||||
|
|
16
auth-krb4.c
16
auth-krb4.c
|
@ -23,14 +23,18 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
#include "packet.h"
|
RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "servconf.h"
|
|
||||||
|
|
||||||
RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
|
|
||||||
|
|
||||||
#ifdef KRB4
|
#ifdef KRB4
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "packet.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "radix.h"
|
||||||
|
|
||||||
char *ticket = NULL;
|
char *ticket = NULL;
|
||||||
|
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
|
|
|
@ -10,12 +10,14 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
|
RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
#include "auth-options.h"
|
||||||
|
|
||||||
/* Flags set authorized_keys flags */
|
/* Flags set authorized_keys flags */
|
||||||
int no_port_forwarding_flag = 0;
|
int no_port_forwarding_flag = 0;
|
||||||
|
@ -48,9 +50,12 @@ auth_clear_options(void)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
|
/*
|
||||||
|
* return 1 if access is granted, 0 if not.
|
||||||
|
* side effect: sets key option flags
|
||||||
|
*/
|
||||||
int
|
int
|
||||||
auth_parse_options(struct passwd *pw, char *options, u_long linenum)
|
auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
|
||||||
{
|
{
|
||||||
const char *cp;
|
const char *cp;
|
||||||
if (!options)
|
if (!options)
|
||||||
|
@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
|
||||||
}
|
}
|
||||||
if (!*options) {
|
if (!*options) {
|
||||||
debug("%.100s, line %lu: missing end quote",
|
debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
packet_send_debug("%.100s, line %lu: missing end quote",
|
packet_send_debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
forced_command[i] = 0;
|
forced_command[i] = 0;
|
||||||
|
@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
|
||||||
}
|
}
|
||||||
if (!*options) {
|
if (!*options) {
|
||||||
debug("%.100s, line %lu: missing end quote",
|
debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
packet_send_debug("%.100s, line %lu: missing end quote",
|
packet_send_debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
s[i] = 0;
|
s[i] = 0;
|
||||||
|
@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
|
||||||
}
|
}
|
||||||
if (!*options) {
|
if (!*options) {
|
||||||
debug("%.100s, line %lu: missing end quote",
|
debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
packet_send_debug("%.100s, line %lu: missing end quote",
|
packet_send_debug("%.100s, line %lu: missing end quote",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
patterns[i] = 0;
|
patterns[i] = 0;
|
||||||
|
@ -219,9 +224,9 @@ next_option:
|
||||||
|
|
||||||
bad_option:
|
bad_option:
|
||||||
log("Bad options in %.100s file, line %lu: %.50s",
|
log("Bad options in %.100s file, line %lu: %.50s",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum, options);
|
file, linenum, options);
|
||||||
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
|
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum, options);
|
file, linenum, options);
|
||||||
/* deny access */
|
/* deny access */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,17 @@
|
||||||
* called by a name other than "ssh" or "Secure Shell".
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
|
/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
|
||||||
|
|
||||||
#ifndef AUTH_OPTIONS_H
|
#ifndef AUTH_OPTIONS_H
|
||||||
#define AUTH_OPTIONS_H
|
#define AUTH_OPTIONS_H
|
||||||
|
|
||||||
|
/* Linked list of custom environment strings */
|
||||||
|
struct envstring {
|
||||||
|
struct envstring *next;
|
||||||
|
char *s;
|
||||||
|
};
|
||||||
|
|
||||||
/* Flags that may be set in authorized_keys options. */
|
/* Flags that may be set in authorized_keys options. */
|
||||||
extern int no_port_forwarding_flag;
|
extern int no_port_forwarding_flag;
|
||||||
extern int no_agent_forwarding_flag;
|
extern int no_agent_forwarding_flag;
|
||||||
|
@ -23,8 +30,14 @@ extern int no_pty_flag;
|
||||||
extern char *forced_command;
|
extern char *forced_command;
|
||||||
extern struct envstring *custom_environment;
|
extern struct envstring *custom_environment;
|
||||||
|
|
||||||
/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
|
/*
|
||||||
int auth_parse_options(struct passwd *pw, char *options, u_long linenum);
|
* return 1 if access is granted, 0 if not.
|
||||||
|
* side effect: sets key option flags
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
auth_parse_options(struct passwd *pw, char *options, char *file,
|
||||||
|
u_long linenum);
|
||||||
|
|
||||||
/* reset options flags */
|
/* reset options flags */
|
||||||
void auth_clear_options(void);
|
void auth_clear_options(void);
|
||||||
|
|
||||||
|
|
|
@ -27,9 +27,12 @@
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
#include "readpass.h"
|
||||||
|
|
||||||
RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
|
RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
|
||||||
|
|
||||||
#define NEW_AUTHTOK_MSG \
|
#define NEW_AUTHTOK_MSG \
|
||||||
"Warning: Your password has expired, please change it now"
|
"Warning: Your password has expired, please change it now"
|
||||||
|
|
|
@ -36,15 +36,14 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
|
RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
|
||||||
|
|
||||||
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
|
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "servconf.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
|
|
|
@ -13,18 +13,19 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
|
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "tildexpand.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Tries to authenticate the user using the .rhosts file and the host using
|
* Tries to authenticate the user using the .rhosts file and the host using
|
||||||
|
@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
|
||||||
found = key_new(KEY_RSA1);
|
found = key_new(KEY_RSA1);
|
||||||
|
|
||||||
/* Check if we know the host and its host key. */
|
/* Check if we know the host and its host key. */
|
||||||
host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
|
host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
|
||||||
client_key, found, NULL);
|
client_key, found, NULL);
|
||||||
|
|
||||||
/* Check user host file unless ignored. */
|
/* Check user host file unless ignored. */
|
||||||
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
|
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
|
char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
|
||||||
/*
|
/*
|
||||||
* Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
|
* Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
|
||||||
* did already check pw->pw_dir, but there is a race XXX
|
* did already check pw->pw_dir, but there is a race XXX
|
||||||
*/
|
*/
|
||||||
if (options.strict_modes &&
|
if (options.strict_modes &&
|
||||||
|
|
|
@ -14,13 +14,15 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
|
RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function processes an rhosts-style file (.rhosts, .shosts, or
|
* This function processes an rhosts-style file (.rhosts, .shosts, or
|
||||||
|
@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user)
|
||||||
|
|
||||||
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
|
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
|
||||||
if (!rhosts_files[rhosts_file_index] &&
|
if (!rhosts_files[rhosts_file_index] &&
|
||||||
stat("/etc/hosts.equiv", &st) < 0 &&
|
stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
|
||||||
stat(SSH_HOSTS_EQUIV, &st) < 0)
|
stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
hostname = get_canonical_hostname();
|
hostname = get_canonical_hostname();
|
||||||
|
@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user)
|
||||||
hostname, ipaddr);
|
hostname, ipaddr);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
|
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
|
||||||
pw->pw_name)) {
|
pw->pw_name)) {
|
||||||
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
|
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
|
||||||
hostname, ipaddr, SSH_HOSTS_EQUIV);
|
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
38
auth-rsa.c
38
auth-rsa.c
|
@ -14,21 +14,23 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $");
|
RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $");
|
||||||
|
|
||||||
#include "rsa.h"
|
|
||||||
#include "packet.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "mpaux.h"
|
|
||||||
#include "uidswap.h"
|
|
||||||
#include "match.h"
|
|
||||||
#include "servconf.h"
|
|
||||||
#include "auth-options.h"
|
|
||||||
|
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
|
|
||||||
|
#include "rsa.h"
|
||||||
|
#include "packet.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "mpaux.h"
|
||||||
|
#include "uidswap.h"
|
||||||
|
#include "match.h"
|
||||||
|
#include "auth-options.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
|
#include "auth.h"
|
||||||
|
|
||||||
/* import */
|
/* import */
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
|
@ -120,7 +122,7 @@ auth_rsa_challenge_dialog(RSA *pk)
|
||||||
int
|
int
|
||||||
auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||||
{
|
{
|
||||||
char line[8192], file[1024];
|
char line[8192], file[MAXPATHLEN];
|
||||||
int authenticated;
|
int authenticated;
|
||||||
u_int bits;
|
u_int bits;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
|
@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||||
|
|
||||||
/* The authorized keys. */
|
/* The authorized keys. */
|
||||||
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
|
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
|
||||||
SSH_USER_PERMITTED_KEYS);
|
_PATH_SSH_USER_PERMITTED_KEYS);
|
||||||
|
|
||||||
/* Fail quietly if file does not exist */
|
/* Fail quietly if file does not exist */
|
||||||
if (stat(file, &st) < 0) {
|
if (stat(file, &st) < 0) {
|
||||||
|
@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||||
"bad ownership or modes for '%s'.", pw->pw_name, file);
|
"bad ownership or modes for '%s'.", pw->pw_name, file);
|
||||||
fail = 1;
|
fail = 1;
|
||||||
} else {
|
} else {
|
||||||
/* Check path to SSH_USER_PERMITTED_KEYS */
|
/* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
|
||||||
int i;
|
int i;
|
||||||
static const char *check[] = {
|
static const char *check[] = {
|
||||||
"", SSH_USER_DIR, NULL
|
"", _PATH_SSH_USER_DIR, NULL
|
||||||
};
|
};
|
||||||
for (i = 0; check[i]; i++) {
|
for (i = 0; check[i]; i++) {
|
||||||
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
|
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
|
||||||
|
@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||||
/* Parse the key from the line. */
|
/* Parse the key from the line. */
|
||||||
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
|
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
|
||||||
debug("%.100s, line %lu: bad key syntax",
|
debug("%.100s, line %lu: bad key syntax",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
packet_send_debug("%.100s, line %lu: bad key syntax",
|
packet_send_debug("%.100s, line %lu: bad key syntax",
|
||||||
SSH_USER_PERMITTED_KEYS, linenum);
|
file, linenum);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
/* cp now points to the comment part. */
|
/* cp now points to the comment part. */
|
||||||
|
@ -257,7 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
||||||
* If our options do not allow this key to be used,
|
* If our options do not allow this key to be used,
|
||||||
* do not send challenge.
|
* do not send challenge.
|
||||||
*/
|
*/
|
||||||
if (!auth_parse_options(pw, options, linenum))
|
if (!auth_parse_options(pw, options, file, linenum))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Perform the challenge-response dialog for this key. */
|
/* Perform the challenge-response dialog for this key. */
|
||||||
|
|
13
auth.c
13
auth.c
|
@ -23,13 +23,8 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
|
RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "match.h"
|
|
||||||
#include "servconf.h"
|
|
||||||
#include "groupaccess.h"
|
|
||||||
#ifdef HAVE_LOGIN_H
|
#ifdef HAVE_LOGIN_H
|
||||||
#include <login.h>
|
#include <login.h>
|
||||||
#endif
|
#endif
|
||||||
|
@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
|
||||||
#include <shadow.h>
|
#include <shadow.h>
|
||||||
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
|
||||||
|
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "match.h"
|
||||||
|
#include "groupaccess.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
/* import */
|
/* import */
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
|
|
66
auth.h
66
auth.h
|
@ -21,11 +21,13 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $
|
* $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
|
||||||
*/
|
*/
|
||||||
#ifndef AUTH_H
|
#ifndef AUTH_H
|
||||||
#define AUTH_H
|
#define AUTH_H
|
||||||
|
|
||||||
|
#include <openssl/rsa.h>
|
||||||
|
|
||||||
typedef struct Authctxt Authctxt;
|
typedef struct Authctxt Authctxt;
|
||||||
struct Authctxt {
|
struct Authctxt {
|
||||||
int success;
|
int success;
|
||||||
|
@ -39,6 +41,68 @@ struct Authctxt {
|
||||||
char *style;
|
char *style;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tries to authenticate the user using the .rhosts file. Returns true if
|
||||||
|
* authentication succeeds. If ignore_rhosts is non-zero, this will not
|
||||||
|
* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
|
||||||
|
*/
|
||||||
|
int auth_rhosts(struct passwd * pw, const char *client_user);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tries to authenticate the user using the .rhosts file and the host using
|
||||||
|
* its host key. Returns true if authentication succeeds.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tries to authenticate the user using password. Returns true if
|
||||||
|
* authentication succeeds.
|
||||||
|
*/
|
||||||
|
int auth_password(struct passwd * pw, const char *password);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Performs the RSA authentication dialog with the client. This returns 0 if
|
||||||
|
* the client could not be authenticated, and 1 if authentication was
|
||||||
|
* successful. This may exit if there is a serious protocol violation.
|
||||||
|
*/
|
||||||
|
int auth_rsa(struct passwd * pw, BIGNUM * client_n);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
|
||||||
|
* over the key. Skips any whitespace at the beginning and at end.
|
||||||
|
*/
|
||||||
|
int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Performs the RSA authentication challenge-response dialog with the client,
|
||||||
|
* and returns true (non-zero) if the client gave the correct answer to our
|
||||||
|
* challenge; returns zero if the client gives a wrong answer.
|
||||||
|
*/
|
||||||
|
int auth_rsa_challenge_dialog(RSA *pk);
|
||||||
|
|
||||||
|
#ifdef KRB4
|
||||||
|
#include <krb.h>
|
||||||
|
/*
|
||||||
|
* Performs Kerberos v4 mutual authentication with the client. This returns 0
|
||||||
|
* if the client could not be authenticated, and 1 if authentication was
|
||||||
|
* successful. This may exit if there is a serious protocol violation.
|
||||||
|
*/
|
||||||
|
int auth_krb4(const char *server_user, KTEXT auth, char **client);
|
||||||
|
int krb4_init(uid_t uid);
|
||||||
|
void krb4_cleanup_proc(void *ignore);
|
||||||
|
int auth_krb4_password(struct passwd * pw, const char *password);
|
||||||
|
|
||||||
|
#ifdef AFS
|
||||||
|
#include <kafs.h>
|
||||||
|
|
||||||
|
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
|
||||||
|
int auth_kerberos_tgt(struct passwd * pw, const char *string);
|
||||||
|
int auth_afs_token(struct passwd * pw, const char *token_string);
|
||||||
|
#endif /* AFS */
|
||||||
|
|
||||||
|
#endif /* KRB4 */
|
||||||
|
|
||||||
#include "auth-pam.h"
|
#include "auth-pam.h"
|
||||||
#include "auth2-pam.h"
|
#include "auth2-pam.h"
|
||||||
|
|
||||||
|
|
12
auth1.c
12
auth1.c
|
@ -10,7 +10,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
|
RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_OSF_SIA
|
#ifdef HAVE_OSF_SIA
|
||||||
# include <sia.h>
|
# include <sia.h>
|
||||||
|
@ -19,10 +19,11 @@ RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
#include "ssh1.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "mpaux.h"
|
#include "mpaux.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
@ -278,11 +279,6 @@ do_authloop(Authctxt *authctxt)
|
||||||
xfree(password);
|
xfree(password);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef SKEY /* ISSUE: Is this right? we don't define
|
|
||||||
having skey_authentication in
|
|
||||||
servconf.h by default so I assume
|
|
||||||
we need to deal with this via #ifdef
|
|
||||||
in some reasonable way */
|
|
||||||
case SSH_CMSG_AUTH_TIS:
|
case SSH_CMSG_AUTH_TIS:
|
||||||
debug("rcvd SSH_CMSG_AUTH_TIS");
|
debug("rcvd SSH_CMSG_AUTH_TIS");
|
||||||
if (options.skey_authentication == 1) {
|
if (options.skey_authentication == 1) {
|
||||||
|
@ -297,6 +293,7 @@ do_authloop(Authctxt *authctxt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SSH_CMSG_AUTH_TIS_RESPONSE:
|
case SSH_CMSG_AUTH_TIS_RESPONSE:
|
||||||
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
|
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
|
||||||
if (options.skey_authentication == 1) {
|
if (options.skey_authentication == 1) {
|
||||||
|
@ -308,7 +305,6 @@ do_authloop(Authctxt *authctxt)
|
||||||
xfree(response);
|
xfree(response);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif /* ISSUE: End of wrong SKEY defines */
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -22,14 +22,14 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $");
|
RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
|
void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
|
||||||
void input_userauth_info_response(int type, int plen, void *ctxt);
|
void input_userauth_info_response(int type, int plen, void *ctxt);
|
||||||
|
|
|
@ -1,14 +1,16 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $");
|
RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
|
#include <security/pam_appl.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include <security/pam_appl.h>
|
#include "log.h"
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
int finished, num_received, num_expected;
|
int finished, num_received, num_expected;
|
||||||
|
@ -31,7 +33,6 @@ int
|
||||||
auth2_pam(Authctxt *authctxt)
|
auth2_pam(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
int retval = -1;
|
int retval = -1;
|
||||||
char *method = "PAM";
|
|
||||||
|
|
||||||
if (authctxt->user == NULL)
|
if (authctxt->user == NULL)
|
||||||
fatal("auth2_pam: internal error: no user");
|
fatal("auth2_pam: internal error: no user");
|
||||||
|
|
20
auth2.c
20
auth2.c
|
@ -23,34 +23,34 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $");
|
RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_OSF_SIA
|
#ifdef HAVE_OSF_SIA
|
||||||
# include <sia.h>
|
# include <sia.h>
|
||||||
# include <siad.h>
|
# include <siad.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
#include "ssh2.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "ssh2.h"
|
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "session.h"
|
#include "session.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
|
@ -583,7 +583,7 @@ authmethod_lookup(const char *name)
|
||||||
int
|
int
|
||||||
user_key_allowed(struct passwd *pw, Key *key)
|
user_key_allowed(struct passwd *pw, Key *key)
|
||||||
{
|
{
|
||||||
char line[8192], file[1024];
|
char line[8192], file[MAXPATHLEN];
|
||||||
int found_key = 0;
|
int found_key = 0;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
u_long linenum = 0;
|
u_long linenum = 0;
|
||||||
|
@ -598,7 +598,7 @@ user_key_allowed(struct passwd *pw, Key *key)
|
||||||
|
|
||||||
/* The authorized keys. */
|
/* The authorized keys. */
|
||||||
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
|
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
|
||||||
SSH_USER_PERMITTED_KEYS2);
|
_PATH_SSH_USER_PERMITTED_KEYS2);
|
||||||
|
|
||||||
/* Fail quietly if file does not exist */
|
/* Fail quietly if file does not exist */
|
||||||
if (stat(file, &st) < 0) {
|
if (stat(file, &st) < 0) {
|
||||||
|
@ -626,10 +626,10 @@ user_key_allowed(struct passwd *pw, Key *key)
|
||||||
key_type(key), pw->pw_name, file);
|
key_type(key), pw->pw_name, file);
|
||||||
fail = 1;
|
fail = 1;
|
||||||
} else {
|
} else {
|
||||||
/* Check path to SSH_USER_PERMITTED_KEYS */
|
/* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
|
||||||
int i;
|
int i;
|
||||||
static const char *check[] = {
|
static const char *check[] = {
|
||||||
"", SSH_USER_DIR, NULL
|
"", _PATH_SSH_USER_DIR, NULL
|
||||||
};
|
};
|
||||||
for (i = 0; check[i]; i++) {
|
for (i = 0; check[i]; i++) {
|
||||||
snprintf(line, sizeof line, "%.500s/%.100s",
|
snprintf(line, sizeof line, "%.500s/%.100s",
|
||||||
|
@ -686,7 +686,7 @@ user_key_allowed(struct passwd *pw, Key *key)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (key_equal(found, key) &&
|
if (key_equal(found, key) &&
|
||||||
auth_parse_options(pw, options, linenum) == 1) {
|
auth_parse_options(pw, options, file, linenum) == 1) {
|
||||||
found_key = 1;
|
found_key = 1;
|
||||||
debug("matching key found: file %s, line %ld",
|
debug("matching key found: file %s, line %ld",
|
||||||
file, linenum);
|
file, linenum);
|
||||||
|
|
12
authfd.c
12
authfd.c
|
@ -35,7 +35,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
|
RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $");
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
|
@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
#include "authfd.h"
|
||||||
|
|
||||||
/* helper */
|
/* helper */
|
||||||
int decode_reply(int type);
|
int decode_reply(int type);
|
||||||
|
|
11
authfile.c
11
authfile.c
|
@ -36,20 +36,19 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $");
|
RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/pem.h>
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
|
||||||
|
#include "cipher.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
/* Version identification string for identity files. */
|
/* Version identification string for identity files. */
|
||||||
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
|
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
|
||||||
|
|
4
bufaux.c
4
bufaux.c
|
@ -37,13 +37,13 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
|
RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
||||||
|
|
3
bufaux.h
3
bufaux.h
|
@ -10,12 +10,13 @@
|
||||||
* called by a name other than "ssh" or "Secure Shell".
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */
|
/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */
|
||||||
|
|
||||||
#ifndef BUFAUX_H
|
#ifndef BUFAUX_H
|
||||||
#define BUFAUX_H
|
#define BUFAUX_H
|
||||||
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
||||||
|
|
4
buffer.c
4
buffer.c
|
@ -12,11 +12,11 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $");
|
RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
/* Initializes the buffer structure. */
|
/* Initializes the buffer structure. */
|
||||||
|
|
||||||
|
|
|
@ -12,11 +12,11 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
|
RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return the canonical name of the host at the other end of the socket. The
|
* Return the canonical name of the host at the other end of the socket. The
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Returns the name of the machine at the other end of the socket. The
|
||||||
|
* returned string should be freed by the caller.
|
||||||
|
*/
|
||||||
|
char *get_remote_hostname(int socket);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Return the canonical name of the host in the other side of the current
|
||||||
|
* connection (as returned by packet_get_connection). The host name is
|
||||||
|
* cached, so it is efficient to call this several times.
|
||||||
|
*/
|
||||||
|
const char *get_canonical_hostname(void);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns the remote IP address as an ascii string. The value need not be
|
||||||
|
* freed by the caller.
|
||||||
|
*/
|
||||||
|
const char *get_remote_ipaddr(void);
|
||||||
|
|
||||||
|
/* Returns the port number of the peer of the socket. */
|
||||||
|
int get_peer_port(int sock);
|
||||||
|
|
||||||
|
/* Returns the port number of the remote/local host. */
|
||||||
|
int get_remote_port(void);
|
||||||
|
int get_local_port(void);
|
21
channels.c
21
channels.c
|
@ -40,24 +40,24 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $");
|
RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $");
|
||||||
|
|
||||||
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/dsa.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "ssh2.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "readconf.h"
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "misc.h"
|
||||||
|
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "nchan.h"
|
#include "nchan.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "canohost.h"
|
||||||
#include "ssh2.h"
|
|
||||||
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
|
|
||||||
|
@ -130,6 +130,9 @@ static int all_opens_permitted = 0;
|
||||||
/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
|
/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
|
||||||
static int have_hostname_in_open = 0;
|
static int have_hostname_in_open = 0;
|
||||||
|
|
||||||
|
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
||||||
|
extern int IPv4or6;
|
||||||
|
|
||||||
/* Sets specific protocol options. */
|
/* Sets specific protocol options. */
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
5
cipher.c
5
cipher.c
|
@ -35,10 +35,11 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $");
|
RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "cipher.h"
|
||||||
|
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
|
|
||||||
|
|
4
cli.c
4
cli.c
|
@ -1,8 +1,8 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $");
|
RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
static int cli_input = -1;
|
static int cli_input = -1;
|
||||||
static int cli_output = -1;
|
static int cli_output = -1;
|
||||||
|
|
18
clientloop.c
18
clientloop.c
|
@ -59,27 +59,25 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
|
RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "ssh2.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "readconf.h"
|
|
||||||
|
|
||||||
#include "ssh2.h"
|
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "log.h"
|
||||||
|
#include "readconf.h"
|
||||||
#include "clientloop.h"
|
#include "clientloop.h"
|
||||||
|
#include "authfd.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
|
||||||
/* import options */
|
/* import options */
|
||||||
extern Options options;
|
extern Options options;
|
||||||
|
|
15
clientloop.h
15
clientloop.h
|
@ -1,3 +1,14 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -21,4 +32,8 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void clientloop_set_session_ident(int id);
|
void clientloop_set_session_ident(int id);
|
||||||
|
|
||||||
|
/* Client side main loop for the interactive session. */
|
||||||
|
int client_loop(int have_pty, int escape_char, int id);
|
||||||
|
|
9
compat.c
9
compat.c
|
@ -25,10 +25,6 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
|
RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "packet.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "compat.h"
|
|
||||||
#ifdef HAVE_LIBPCRE
|
#ifdef HAVE_LIBPCRE
|
||||||
# include <pcreposix.h>
|
# include <pcreposix.h>
|
||||||
#else /* Use native regex libraries */
|
#else /* Use native regex libraries */
|
||||||
|
@ -43,6 +39,11 @@ RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
|
||||||
# endif
|
# endif
|
||||||
#endif /* HAVE_LIBPCRE */
|
#endif /* HAVE_LIBPCRE */
|
||||||
|
|
||||||
|
#include "packet.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "compat.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
int compat13 = 0;
|
int compat13 = 0;
|
||||||
int compat20 = 0;
|
int compat20 = 0;
|
||||||
int datafellows = 0;
|
int datafellows = 0;
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $");
|
RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "zlib.h"
|
#include "zlib.h"
|
||||||
|
|
||||||
|
|
|
@ -1382,7 +1382,7 @@ if test ! -d $piddir ; then
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
|
AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
|
||||||
AC_SUBST(piddir)
|
AC_SUBST(piddir)
|
||||||
|
|
||||||
dnl allow user to disable some login recording features
|
dnl allow user to disable some login recording features
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */
|
/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Cryptographic attack detector for ssh - source code
|
* Cryptographic attack detector for ssh - source code
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
#include "deattack.h"
|
#include "deattack.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
#include "crc32.h"
|
#include "crc32.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
17
dh.c
17
dh.c
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
|
RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
@ -31,10 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "dh.h"
|
#include "dh.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
int
|
int
|
||||||
parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
||||||
|
@ -100,9 +103,9 @@ choose_dh(int minbits)
|
||||||
int linenum;
|
int linenum;
|
||||||
struct dhgroup dhg;
|
struct dhgroup dhg;
|
||||||
|
|
||||||
f = fopen(DH_PRIMES, "r");
|
f = fopen(_PATH_DH_PRIMES, "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
log("WARNING: %s does not exist, using old prime", DH_PRIMES);
|
log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES);
|
||||||
return (dh_new_group1());
|
return (dh_new_group1());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -126,13 +129,13 @@ choose_dh(int minbits)
|
||||||
fclose (f);
|
fclose (f);
|
||||||
|
|
||||||
if (bestcount == 0) {
|
if (bestcount == 0) {
|
||||||
log("WARNING: no primes in %s, using old prime", DH_PRIMES);
|
log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES);
|
||||||
return (dh_new_group1());
|
return (dh_new_group1());
|
||||||
}
|
}
|
||||||
|
|
||||||
f = fopen(DH_PRIMES, "r");
|
f = fopen(_PATH_DH_PRIMES, "r");
|
||||||
if (!f) {
|
if (!f) {
|
||||||
fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
|
fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES);
|
||||||
}
|
}
|
||||||
|
|
||||||
linenum = 0;
|
linenum = 0;
|
||||||
|
|
|
@ -22,8 +22,10 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $");
|
RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $");
|
||||||
#include "ssh.h"
|
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "log.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
|
|
||||||
|
|
10
entropy.c
10
entropy.c
|
@ -24,9 +24,6 @@
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
|
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/sha.h>
|
#include <openssl/sha.h>
|
||||||
|
|
||||||
|
@ -35,7 +32,12 @@
|
||||||
# include <floatingpoint.h>
|
# include <floatingpoint.h>
|
||||||
#endif /* HAVE_FLOATINGPOINT_H */
|
#endif /* HAVE_FLOATINGPOINT_H */
|
||||||
|
|
||||||
RCSID("$Id: entropy.c,v 1.23 2001/01/16 22:37:15 djm Exp $");
|
#include "ssh.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
|
RCSID("$Id: entropy.c,v 1.24 2001/01/22 05:34:41 mouring Exp $");
|
||||||
|
|
||||||
#ifndef offsetof
|
#ifndef offsetof
|
||||||
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
||||||
|
|
|
@ -25,9 +25,9 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#include "groupaccess.h"
|
#include "groupaccess.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
static int ngroups;
|
static int ngroups;
|
||||||
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
|
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
|
||||||
|
|
4
hmac.c
4
hmac.c
|
@ -23,11 +23,11 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $");
|
RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
#include <openssl/hmac.h>
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
|
|
|
@ -36,15 +36,13 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $");
|
RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
|
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
|
||||||
|
|
21
kex.c
21
kex.c
|
@ -23,18 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
|
RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "ssh2.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "buffer.h"
|
|
||||||
#include "bufaux.h"
|
|
||||||
#include "packet.h"
|
|
||||||
#include "compat.h"
|
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/dh.h>
|
|
||||||
|
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
|
@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
|
|
||||||
|
#include "ssh2.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "buffer.h"
|
||||||
|
#include "bufaux.h"
|
||||||
|
#include "packet.h"
|
||||||
|
#include "compat.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
#define KEX_COOKIE_LEN 16
|
#define KEX_COOKIE_LEN 16
|
||||||
|
|
||||||
|
|
10
key.c
10
key.c
|
@ -31,12 +31,11 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
#include "ssh.h"
|
RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
|
@ -45,8 +44,7 @@
|
||||||
#include "uuencode.h"
|
#include "uuencode.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
|
#include "log.h"
|
||||||
RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
|
|
||||||
|
|
||||||
Key *
|
Key *
|
||||||
key_new(int type)
|
key_new(int type)
|
||||||
|
|
3
key.h
3
key.h
|
@ -24,6 +24,9 @@
|
||||||
#ifndef KEY_H
|
#ifndef KEY_H
|
||||||
#define KEY_H
|
#define KEY_H
|
||||||
|
|
||||||
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/dsa.h>
|
||||||
|
|
||||||
typedef struct Key Key;
|
typedef struct Key Key;
|
||||||
enum types {
|
enum types {
|
||||||
KEY_RSA1,
|
KEY_RSA1,
|
||||||
|
|
|
@ -36,10 +36,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
|
RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||||
|
|
||||||
|
|
|
@ -36,12 +36,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $");
|
RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $");
|
||||||
|
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||||
static int log_on_stderr = 0;
|
static int log_on_stderr = 0;
|
||||||
|
|
4
log.c
4
log.c
|
@ -36,9 +36,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
|
RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
/* Fatal messages. This function never returns. */
|
/* Fatal messages. This function never returns. */
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef SSH_LOG_H
|
||||||
|
#define SSH_LOG_H
|
||||||
|
|
||||||
|
/* Supported syslog facilities and levels. */
|
||||||
|
typedef enum {
|
||||||
|
SYSLOG_FACILITY_DAEMON,
|
||||||
|
SYSLOG_FACILITY_USER,
|
||||||
|
SYSLOG_FACILITY_AUTH,
|
||||||
|
#ifdef LOG_AUTHPRIV
|
||||||
|
SYSLOG_FACILITY_AUTHPRIV,
|
||||||
|
#endif
|
||||||
|
SYSLOG_FACILITY_LOCAL0,
|
||||||
|
SYSLOG_FACILITY_LOCAL1,
|
||||||
|
SYSLOG_FACILITY_LOCAL2,
|
||||||
|
SYSLOG_FACILITY_LOCAL3,
|
||||||
|
SYSLOG_FACILITY_LOCAL4,
|
||||||
|
SYSLOG_FACILITY_LOCAL5,
|
||||||
|
SYSLOG_FACILITY_LOCAL6,
|
||||||
|
SYSLOG_FACILITY_LOCAL7
|
||||||
|
} SyslogFacility;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
SYSLOG_LEVEL_QUIET,
|
||||||
|
SYSLOG_LEVEL_FATAL,
|
||||||
|
SYSLOG_LEVEL_ERROR,
|
||||||
|
SYSLOG_LEVEL_INFO,
|
||||||
|
SYSLOG_LEVEL_VERBOSE,
|
||||||
|
SYSLOG_LEVEL_DEBUG1,
|
||||||
|
SYSLOG_LEVEL_DEBUG2,
|
||||||
|
SYSLOG_LEVEL_DEBUG3
|
||||||
|
} LogLevel;
|
||||||
|
/* Initializes logging. */
|
||||||
|
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
|
||||||
|
|
||||||
|
/* Logging implementation, depending on server or client */
|
||||||
|
void do_log(LogLevel level, const char *fmt, va_list args);
|
||||||
|
|
||||||
|
/* name to facility/level */
|
||||||
|
SyslogFacility log_facility_number(char *name);
|
||||||
|
LogLevel log_level_number(char *name);
|
||||||
|
|
||||||
|
/* Output a message to syslog or stderr */
|
||||||
|
void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||||
|
|
||||||
|
/* same as fatal() but w/o logging */
|
||||||
|
void fatal_cleanup(void);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Registers a cleanup function to be called by fatal()/fatal_cleanup()
|
||||||
|
* before exiting. It is permissible to call fatal_remove_cleanup for the
|
||||||
|
* function itself from the function.
|
||||||
|
*/
|
||||||
|
void fatal_add_cleanup(void (*proc) (void *context), void *context);
|
||||||
|
|
||||||
|
/* Removes a cleanup function to be called at fatal(). */
|
||||||
|
void fatal_remove_cleanup(void (*proc) (void *context), void *context);
|
||||||
|
|
||||||
|
#endif
|
2
login.c
2
login.c
|
@ -39,7 +39,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $");
|
RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $");
|
||||||
|
|
||||||
#include "loginrec.h"
|
#include "loginrec.h"
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
#ifndef LOGIN_H
|
||||||
|
#define LOGIN_H
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns the time when the user last logged in. Returns 0 if the
|
||||||
|
* information is not available. This must be called before record_login.
|
||||||
|
* The host from which the user logged in is stored in buf.
|
||||||
|
*/
|
||||||
|
u_long
|
||||||
|
get_last_login_time(uid_t uid, const char *logname,
|
||||||
|
char *buf, u_int bufsize);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Records that the user has logged in. This does many things normally done
|
||||||
|
* by login(1).
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
||||||
|
const char *host, struct sockaddr *addr);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Records that the user has logged out. This does many thigs normally done
|
||||||
|
* by login(1) or init.
|
||||||
|
*/
|
||||||
|
void record_logout(pid_t pid, const char *ttyname);
|
||||||
|
|
||||||
|
#endif
|
|
@ -160,8 +160,10 @@
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "loginrec.h"
|
#include "loginrec.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
|
||||||
RCSID("$Id: loginrec.c,v 1.29 2000/12/28 00:07:07 mouring Exp $");
|
RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_UTIL_H
|
#ifdef HAVE_UTIL_H
|
||||||
# include <util.h>
|
# include <util.h>
|
||||||
|
|
4
match.c
4
match.c
|
@ -12,9 +12,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $");
|
RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "match.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Returns true if the given string matches the pattern (which may contain ?
|
* Returns true if the given string matches the pattern (which may contain ?
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
|
RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
char *
|
char *
|
||||||
chop(char *s)
|
chop(char *s)
|
|
@ -0,0 +1,19 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
/* remove newline at end of string */
|
||||||
|
char *chop(char *s);
|
||||||
|
|
||||||
|
/* return next token in configuration line */
|
||||||
|
char *strdelim(char **s);
|
||||||
|
|
||||||
|
/* set filedescriptor to non-blocking */
|
||||||
|
void set_nonblock(int fd);
|
9
nchan.c
9
nchan.c
|
@ -23,17 +23,16 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $");
|
RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
|
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "ssh2.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "nchan.h"
|
#include "nchan.h"
|
||||||
|
|
||||||
#include "ssh2.h"
|
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
/* functions manipulating channel states */
|
/* functions manipulating channel states */
|
||||||
/*
|
/*
|
||||||
|
|
6
packet.c
6
packet.c
|
@ -37,13 +37,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
|
RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "crc32.h"
|
#include "crc32.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
|
|
||||||
|
@ -52,6 +51,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
|
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "ssh1.h"
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
@ -61,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
|
||||||
#include "cipher.h"
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "hmac.h"
|
#include "hmac.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
#ifdef PACKET_DEBUG
|
#ifdef PACKET_DEBUG
|
||||||
#define DBG(x) x
|
#define DBG(x) x
|
||||||
|
|
|
@ -0,0 +1,136 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef ETCDIR
|
||||||
|
#define ETCDIR "/etc"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef _PATH_SSH_PIDDIR
|
||||||
|
#define _PATH_SSH_PIDDIR "/var/run"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* System-wide file containing host keys of known hosts. This file should be
|
||||||
|
* world-readable.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
|
||||||
|
#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Of these, ssh_host_key must be readable only by root, whereas ssh_config
|
||||||
|
* should be world-readable.
|
||||||
|
*/
|
||||||
|
#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key"
|
||||||
|
#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config"
|
||||||
|
#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config"
|
||||||
|
#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
|
||||||
|
#define _PATH_DH_PRIMES ETCDIR "/primes"
|
||||||
|
|
||||||
|
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The process id of the daemon listening for connections is saved here to
|
||||||
|
* make it easier to kill the correct daemon when necessary.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The directory in user\'s home directory in which the files reside. The
|
||||||
|
* directory should be world-readable (though not all files are).
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_USER_DIR ".ssh"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Per-user file containing host keys of known hosts. This file need not be
|
||||||
|
* readable by anyone except the user him/herself, though this does not
|
||||||
|
* contain anything particularly secret.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
|
||||||
|
#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Name of the default file containing client-side authentication key. This
|
||||||
|
* file should only be readable by the user him/herself.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
|
||||||
|
#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
|
||||||
|
#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Configuration file in user\'s home directory. This file need not be
|
||||||
|
* readable by anyone but the user him/herself, but does not contain anything
|
||||||
|
* particularly secret. If the user\'s home directory resides on an NFS
|
||||||
|
* volume where root is mapped to nobody, this may need to be world-readable.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_USER_CONFFILE ".ssh/config"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* File containing a list of those rsa keys that permit logging in as this
|
||||||
|
* user. This file need not be readable by anyone but the user him/herself,
|
||||||
|
* but does not contain anything particularly secret. If the user\'s home
|
||||||
|
* directory resides on an NFS volume where root is mapped to nobody, this
|
||||||
|
* may need to be world-readable. (This file is read by the daemon which is
|
||||||
|
* running as root.)
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
|
||||||
|
#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Per-user and system-wide ssh "rc" files. These files are executed with
|
||||||
|
* /bin/sh before starting the shell or command if they exist. They will be
|
||||||
|
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
|
||||||
|
* use. xauth will be run if neither of these exists.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_USER_RC ".ssh/rc"
|
||||||
|
#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
|
||||||
|
* ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
|
||||||
|
#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Default location of askpass
|
||||||
|
*/
|
||||||
|
#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
|
||||||
|
|
||||||
|
/* for scp */
|
||||||
|
#ifndef _PATH_CP
|
||||||
|
#define _PATH_CP "cp"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* path to login program */
|
||||||
|
#ifndef LOGIN_PROGRAM
|
||||||
|
# ifdef LOGIN_PROGRAM_FALLBACK
|
||||||
|
# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
|
||||||
|
# else
|
||||||
|
# define LOGIN_PROGRAM "/usr/bin/login"
|
||||||
|
# endif
|
||||||
|
#endif /* LOGIN_PROGRAM */
|
||||||
|
|
||||||
|
/* Askpass program define */
|
||||||
|
#ifndef ASKPASS_PROGRAM
|
||||||
|
#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
|
||||||
|
#endif /* ASKPASS_PROGRAM */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Relevant only when using builtin PRNG.
|
||||||
|
*/
|
||||||
|
#ifndef SSH_PRNG_SEED_FILE
|
||||||
|
# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
|
||||||
|
#endif /* SSH_PRNG_SEED_FILE */
|
||||||
|
#ifndef SSH_PRNG_COMMAND_FILE
|
||||||
|
# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
|
||||||
|
#endif /* SSH_PRNG_COMMAND_FILE */
|
||||||
|
|
4
pty.c
4
pty.c
|
@ -12,14 +12,14 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $");
|
RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_UTIL_H
|
#ifdef HAVE_UTIL_H
|
||||||
# include <util.h>
|
# include <util.h>
|
||||||
#endif /* HAVE_UTIL_H */
|
#endif /* HAVE_UTIL_H */
|
||||||
|
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
|
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
|
||||||
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
|
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 1999 Dug Song. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
|
||||||
|
int radix_to_creds(const char *buf, CREDENTIALS * creds);
|
31
readconf.c
31
readconf.c
|
@ -12,13 +12,17 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $");
|
RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "readconf.h"
|
|
||||||
#include "match.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "cipher.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "readconf.h"
|
||||||
|
#include "match.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
/* Format of the configuration file:
|
/* Format of the configuration file:
|
||||||
|
|
||||||
|
@ -247,7 +251,7 @@ process_config_line(Options *options, const char *host,
|
||||||
/* Ignore leading whitespace. */
|
/* Ignore leading whitespace. */
|
||||||
if (*keyword == '\0')
|
if (*keyword == '\0')
|
||||||
keyword = strdelim(&s);
|
keyword = strdelim(&s);
|
||||||
if (!*keyword || *keyword == '\n' || *keyword == '#')
|
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
opcode = parse_token(keyword, filename, linenum);
|
opcode = parse_token(keyword, filename, linenum);
|
||||||
|
@ -599,8 +603,7 @@ parse_int:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check that there is no garbage at end of line. */
|
/* Check that there is no garbage at end of line. */
|
||||||
if ((arg = strdelim(&s)) != NULL && *arg != '\0')
|
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
||||||
{
|
|
||||||
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
||||||
filename, linenum, arg);
|
filename, linenum, arg);
|
||||||
}
|
}
|
||||||
|
@ -782,27 +785,27 @@ fill_default_options(Options * options)
|
||||||
if (options->num_identity_files == 0) {
|
if (options->num_identity_files == 0) {
|
||||||
if (options->protocol & SSH_PROTO_1) {
|
if (options->protocol & SSH_PROTO_1) {
|
||||||
options->identity_files[options->num_identity_files] =
|
options->identity_files[options->num_identity_files] =
|
||||||
xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
|
xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1);
|
||||||
sprintf(options->identity_files[options->num_identity_files++],
|
sprintf(options->identity_files[options->num_identity_files++],
|
||||||
"~/%.100s", SSH_CLIENT_IDENTITY);
|
"~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
|
||||||
}
|
}
|
||||||
if (options->protocol & SSH_PROTO_2) {
|
if (options->protocol & SSH_PROTO_2) {
|
||||||
options->identity_files[options->num_identity_files] =
|
options->identity_files[options->num_identity_files] =
|
||||||
xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
|
xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1);
|
||||||
sprintf(options->identity_files[options->num_identity_files++],
|
sprintf(options->identity_files[options->num_identity_files++],
|
||||||
"~/%.100s", SSH_CLIENT_ID_DSA);
|
"~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (options->escape_char == -1)
|
if (options->escape_char == -1)
|
||||||
options->escape_char = '~';
|
options->escape_char = '~';
|
||||||
if (options->system_hostfile == NULL)
|
if (options->system_hostfile == NULL)
|
||||||
options->system_hostfile = SSH_SYSTEM_HOSTFILE;
|
options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
|
||||||
if (options->user_hostfile == NULL)
|
if (options->user_hostfile == NULL)
|
||||||
options->user_hostfile = SSH_USER_HOSTFILE;
|
options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
|
||||||
if (options->system_hostfile2 == NULL)
|
if (options->system_hostfile2 == NULL)
|
||||||
options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
|
options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
|
||||||
if (options->user_hostfile2 == NULL)
|
if (options->user_hostfile2 == NULL)
|
||||||
options->user_hostfile2 = SSH_USER_HOSTFILE2;
|
options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
|
||||||
if (options->log_level == (LogLevel) - 1)
|
if (options->log_level == (LogLevel) - 1)
|
||||||
options->log_level = SYSLOG_LEVEL_INFO;
|
options->log_level = SYSLOG_LEVEL_INFO;
|
||||||
/* options->proxy_command should not be set by default */
|
/* options->proxy_command should not be set by default */
|
||||||
|
|
|
@ -32,10 +32,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $");
|
RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "cli.h"
|
#include "cli.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Reads a passphrase from /dev/tty with echo turned off. Returns the
|
||||||
|
* passphrase (allocated with xmalloc). Exits if EOF is encountered. If
|
||||||
|
* from_stdin is true, the passphrase will be read from stdin instead.
|
||||||
|
*/
|
||||||
|
char *read_passphrase(char *prompt, int from_stdin);
|
4
rsa.c
4
rsa.c
|
@ -60,10 +60,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $");
|
RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $");
|
||||||
|
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
12
scp.c
12
scp.c
|
@ -75,14 +75,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
|
RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "atomicio.h"
|
||||||
#ifndef _PATH_CP
|
#include "pathnames.h"
|
||||||
#define _PATH_CP "cp"
|
#include "log.h"
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE___PROGNAME
|
#ifdef HAVE___PROGNAME
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
@ -130,7 +128,7 @@ int verbose_mode = 0;
|
||||||
int showprogress = 1;
|
int showprogress = 1;
|
||||||
|
|
||||||
/* This is the program to execute for the secured connection. ("ssh" or -S) */
|
/* This is the program to execute for the secured connection. ("ssh" or -S) */
|
||||||
char *ssh_program = SSH_PROGRAM;
|
char *ssh_program = _PATH_SSH_PROGRAM;
|
||||||
|
|
||||||
/* This is the list of arguments that scp passes to ssh */
|
/* This is the list of arguments that scp passes to ssh */
|
||||||
struct {
|
struct {
|
||||||
|
|
27
servconf.c
27
servconf.c
|
@ -10,16 +10,32 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $");
|
RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $");
|
||||||
|
|
||||||
|
#ifdef KRB4
|
||||||
|
#include <krb.h>
|
||||||
|
#endif
|
||||||
|
#ifdef AFS
|
||||||
|
#include <kafs.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "tildexpand.h"
|
||||||
|
#include "misc.h"
|
||||||
|
#include "cipher.h"
|
||||||
|
|
||||||
|
|
||||||
/* add listen address */
|
/* add listen address */
|
||||||
void add_listen_addr(ServerOptions *options, char *addr);
|
void add_listen_addr(ServerOptions *options, char *addr);
|
||||||
|
|
||||||
|
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
||||||
|
extern int IPv4or6;
|
||||||
|
|
||||||
/* Initializes the server options to their default values. */
|
/* Initializes the server options to their default values. */
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -87,16 +103,16 @@ fill_default_server_options(ServerOptions *options)
|
||||||
if (options->num_host_key_files == 0) {
|
if (options->num_host_key_files == 0) {
|
||||||
/* fill default hostkeys for protocols */
|
/* fill default hostkeys for protocols */
|
||||||
if (options->protocol & SSH_PROTO_1)
|
if (options->protocol & SSH_PROTO_1)
|
||||||
options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
|
options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
|
||||||
if (options->protocol & SSH_PROTO_2)
|
if (options->protocol & SSH_PROTO_2)
|
||||||
options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
|
options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
|
||||||
}
|
}
|
||||||
if (options->num_ports == 0)
|
if (options->num_ports == 0)
|
||||||
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||||
if (options->listen_addrs == NULL)
|
if (options->listen_addrs == NULL)
|
||||||
add_listen_addr(options, NULL);
|
add_listen_addr(options, NULL);
|
||||||
if (options->pid_file == NULL)
|
if (options->pid_file == NULL)
|
||||||
options->pid_file = SSH_DAEMON_PID_FILE;
|
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
|
||||||
if (options->server_key_bits == -1)
|
if (options->server_key_bits == -1)
|
||||||
options->server_key_bits = 768;
|
options->server_key_bits = 768;
|
||||||
if (options->login_grace_time == -1)
|
if (options->login_grace_time == -1)
|
||||||
|
@ -281,7 +297,6 @@ parse_token(const char *cp, const char *filename,
|
||||||
void
|
void
|
||||||
add_listen_addr(ServerOptions *options, char *addr)
|
add_listen_addr(ServerOptions *options, char *addr)
|
||||||
{
|
{
|
||||||
extern int IPv4or6;
|
|
||||||
struct addrinfo hints, *ai, *aitop;
|
struct addrinfo hints, *ai, *aitop;
|
||||||
char strport[NI_MAXSERV];
|
char strport[NI_MAXSERV];
|
||||||
int gaierr;
|
int gaierr;
|
||||||
|
@ -332,7 +347,7 @@ read_server_config(ServerOptions *options, const char *filename)
|
||||||
/* Ignore leading whitespace */
|
/* Ignore leading whitespace */
|
||||||
if (*arg == '\0')
|
if (*arg == '\0')
|
||||||
arg = strdelim(&cp);
|
arg = strdelim(&cp);
|
||||||
if (!*arg || *arg == '#')
|
if (!arg || !*arg || *arg == '#')
|
||||||
continue;
|
continue;
|
||||||
intptr = NULL;
|
intptr = NULL;
|
||||||
charptr = NULL;
|
charptr = NULL;
|
||||||
|
|
|
@ -35,22 +35,24 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $");
|
RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
|
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "ssh1.h"
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "session.h"
|
#include "session.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
|
#include "serverloop.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Performs the interactive session. This handles data transmission between
|
||||||
|
* the client and the program. Note that the notion of stdin, stdout, and
|
||||||
|
* stderr in this function is sort of reversed: this function writes to stdin
|
||||||
|
* (of the child program), and reads from stdout and stderr (of the child
|
||||||
|
* program).
|
||||||
|
*/
|
||||||
|
void server_loop(pid_t pid, int fdin, int fdout, int fderr);
|
||||||
|
void server_loop2(void);
|
31
session.c
31
session.c
|
@ -33,24 +33,29 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $");
|
RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "ssh2.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "mpaux.h"
|
#include "mpaux.h"
|
||||||
#include "servconf.h"
|
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "nchan.h"
|
#include "nchan.h"
|
||||||
|
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "ssh2.h"
|
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
|
#include "login.h"
|
||||||
|
#include "serverloop.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
#ifdef WITH_IRIX_PROJECT
|
#ifdef WITH_IRIX_PROJECT
|
||||||
#include <proj.h>
|
#include <proj.h>
|
||||||
|
@ -1333,28 +1338,28 @@ do_child(const char *command, struct passwd * pw, const char *term,
|
||||||
* in this order).
|
* in this order).
|
||||||
*/
|
*/
|
||||||
if (!options.use_login) {
|
if (!options.use_login) {
|
||||||
if (stat(SSH_USER_RC, &st) >= 0) {
|
if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
|
||||||
if (debug_flag)
|
if (debug_flag)
|
||||||
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
|
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC);
|
||||||
|
|
||||||
f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
|
f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
|
||||||
if (f) {
|
if (f) {
|
||||||
if (auth_proto != NULL && auth_data != NULL)
|
if (auth_proto != NULL && auth_data != NULL)
|
||||||
fprintf(f, "%s %s\n", auth_proto, auth_data);
|
fprintf(f, "%s %s\n", auth_proto, auth_data);
|
||||||
pclose(f);
|
pclose(f);
|
||||||
} else
|
} else
|
||||||
fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
|
fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC);
|
||||||
} else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
|
} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
|
||||||
if (debug_flag)
|
if (debug_flag)
|
||||||
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
|
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC);
|
||||||
|
|
||||||
f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
|
f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
|
||||||
if (f) {
|
if (f) {
|
||||||
if (auth_proto != NULL && auth_data != NULL)
|
if (auth_proto != NULL && auth_data != NULL)
|
||||||
fprintf(f, "%s %s\n", auth_proto, auth_data);
|
fprintf(f, "%s %s\n", auth_proto, auth_data);
|
||||||
pclose(f);
|
pclose(f);
|
||||||
} else
|
} else
|
||||||
fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
|
fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC);
|
||||||
} else if (options.xauth_location != NULL) {
|
} else if (options.xauth_location != NULL) {
|
||||||
/* Add authority data to .Xauthority if appropriate. */
|
/* Add authority data to .Xauthority if appropriate. */
|
||||||
if (auth_proto != NULL && auth_data != NULL) {
|
if (auth_proto != NULL && auth_data != NULL) {
|
||||||
|
|
|
@ -22,12 +22,12 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
|
RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
|
#include "log.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
#include "sftp.h"
|
#include "sftp.h"
|
||||||
|
|
19
ssh-add.c
19
ssh-add.c
|
@ -35,18 +35,19 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
|
RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
|
|
||||||
#include "rsa.h"
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "rsa.h"
|
||||||
|
#include "log.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "readpass.h"
|
||||||
|
|
||||||
#ifdef HAVE___PROGNAME
|
#ifdef HAVE___PROGNAME
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
@ -103,6 +104,8 @@ ssh_askpass(char *askpass, char *msg)
|
||||||
int p[2], status;
|
int p[2], status;
|
||||||
char buf[1024];
|
char buf[1024];
|
||||||
|
|
||||||
|
if (fflush(stdout) != 0)
|
||||||
|
error("ssh_askpass: fflush: %s", strerror(errno));
|
||||||
if (askpass == NULL)
|
if (askpass == NULL)
|
||||||
fatal("internal error: askpass undefined");
|
fatal("internal error: askpass undefined");
|
||||||
if (pipe(p) < 0)
|
if (pipe(p) < 0)
|
||||||
|
@ -117,9 +120,7 @@ ssh_askpass(char *askpass, char *msg)
|
||||||
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
|
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
|
||||||
}
|
}
|
||||||
close(p[1]);
|
close(p[1]);
|
||||||
buf[0] = '\0';
|
len = read(p[0], buf, sizeof buf);
|
||||||
atomicio(read, p[0], buf, sizeof buf);
|
|
||||||
len = strlen(buf);
|
|
||||||
close(p[0]);
|
close(p[0]);
|
||||||
while (waitpid(pid, &status, 0) < 0)
|
while (waitpid(pid, &status, 0) < 0)
|
||||||
if (errno != EINTR)
|
if (errno != EINTR)
|
||||||
|
@ -166,7 +167,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
||||||
if (getenv(SSH_ASKPASS_ENV))
|
if (getenv(SSH_ASKPASS_ENV))
|
||||||
askpass = getenv(SSH_ASKPASS_ENV);
|
askpass = getenv(SSH_ASKPASS_ENV);
|
||||||
else
|
else
|
||||||
askpass = SSH_ASKPASS_DEFAULT;
|
askpass = _PATH_SSH_ASKPASS_DEFAULT;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* At first, try empty passphrase */
|
/* At first, try empty passphrase */
|
||||||
|
@ -291,7 +292,7 @@ main(int argc, char **argv)
|
||||||
ssh_close_authentication_connection(ac);
|
ssh_close_authentication_connection(ac);
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
|
snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
|
||||||
if (deleting)
|
if (deleting)
|
||||||
delete_file(ac, buf);
|
delete_file(ac, buf);
|
||||||
else
|
else
|
||||||
|
|
101
ssh-agent.c
101
ssh-agent.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */
|
/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
@ -37,7 +37,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
|
RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $");
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/md5.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
|
@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "getput.h"
|
#include "getput.h"
|
||||||
#include "mpaux.h"
|
#include "mpaux.h"
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/md5.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
int fd;
|
int fd;
|
||||||
|
@ -97,6 +97,8 @@ extern char *__progname;
|
||||||
char *__progname;
|
char *__progname;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
int prepare_select(fd_set **, fd_set **, int *);
|
||||||
|
|
||||||
void
|
void
|
||||||
idtab_init(void)
|
idtab_init(void)
|
||||||
{
|
{
|
||||||
|
@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version)
|
||||||
|
|
||||||
if (bits != key_size(key))
|
if (bits != key_size(key))
|
||||||
log("Warning: identity keysize mismatch: actual %d, announced %d",
|
log("Warning: identity keysize mismatch: actual %d, announced %d",
|
||||||
key_size(key), bits);
|
key_size(key), bits);
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
blob = buffer_get_string(&e->input, &blen);
|
blob = buffer_get_string(&e->input, &blen);
|
||||||
|
@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version)
|
||||||
switch (version) {
|
switch (version) {
|
||||||
case 1:
|
case 1:
|
||||||
k = key_new_private(KEY_RSA1);
|
k = key_new_private(KEY_RSA1);
|
||||||
buffer_get_int(&e->input); /* ignored */
|
buffer_get_int(&e->input); /* ignored */
|
||||||
buffer_get_bignum(&e->input, k->rsa->n);
|
buffer_get_bignum(&e->input, k->rsa->n);
|
||||||
buffer_get_bignum(&e->input, k->rsa->e);
|
buffer_get_bignum(&e->input, k->rsa->e);
|
||||||
buffer_get_bignum(&e->input, k->rsa->d);
|
buffer_get_bignum(&e->input, k->rsa->d);
|
||||||
|
@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version)
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
type_name = buffer_get_string(&e->input, NULL);
|
type_name = buffer_get_string(&e->input, NULL);
|
||||||
type = key_type_from_name(type_name);
|
type = key_type_from_name(type_name);
|
||||||
xfree(type_name);
|
xfree(type_name);
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case KEY_DSA:
|
case KEY_DSA:
|
||||||
|
@ -556,17 +558,17 @@ new_socket(int type, int fd)
|
||||||
buffer_init(&sockets[old_alloc].output);
|
buffer_init(&sockets[old_alloc].output);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
int
|
||||||
prepare_select(fd_set *readset, fd_set *writeset)
|
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
|
||||||
{
|
{
|
||||||
u_int i;
|
u_int i, sz;
|
||||||
for (i = 0; i < sockets_alloc; i++)
|
int n = 0;
|
||||||
|
|
||||||
|
for (i = 0; i < sockets_alloc; i++) {
|
||||||
switch (sockets[i].type) {
|
switch (sockets[i].type) {
|
||||||
case AUTH_SOCKET:
|
case AUTH_SOCKET:
|
||||||
case AUTH_CONNECTION:
|
case AUTH_CONNECTION:
|
||||||
FD_SET(sockets[i].fd, readset);
|
n = MAX(n, sockets[i].fd);
|
||||||
if (buffer_len(&sockets[i].output) > 0)
|
|
||||||
FD_SET(sockets[i].fd, writeset);
|
|
||||||
break;
|
break;
|
||||||
case AUTH_UNUSED:
|
case AUTH_UNUSED:
|
||||||
break;
|
break;
|
||||||
|
@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset)
|
||||||
fatal("Unknown socket type %d", sockets[i].type);
|
fatal("Unknown socket type %d", sockets[i].type);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
|
||||||
|
if (*fdrp == NULL || n > *fdl) {
|
||||||
|
if (*fdrp)
|
||||||
|
free(*fdrp);
|
||||||
|
if (*fdwp)
|
||||||
|
free(*fdwp);
|
||||||
|
*fdrp = xmalloc(sz);
|
||||||
|
*fdwp = xmalloc(sz);
|
||||||
|
*fdl = n;
|
||||||
|
}
|
||||||
|
memset(*fdrp, 0, sz);
|
||||||
|
memset(*fdwp, 0, sz);
|
||||||
|
|
||||||
|
for (i = 0; i < sockets_alloc; i++) {
|
||||||
|
switch (sockets[i].type) {
|
||||||
|
case AUTH_SOCKET:
|
||||||
|
case AUTH_CONNECTION:
|
||||||
|
FD_SET(sockets[i].fd, *fdrp);
|
||||||
|
if (buffer_len(&sockets[i].output) > 0)
|
||||||
|
FD_SET(sockets[i].fd, *fdwp);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||||
case AUTH_SOCKET:
|
case AUTH_SOCKET:
|
||||||
if (FD_ISSET(sockets[i].fd, readset)) {
|
if (FD_ISSET(sockets[i].fd, readset)) {
|
||||||
slen = sizeof(sunaddr);
|
slen = sizeof(sunaddr);
|
||||||
sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
|
sock = accept(sockets[i].fd,
|
||||||
|
(struct sockaddr *) &sunaddr, &slen);
|
||||||
if (sock < 0) {
|
if (sock < 0) {
|
||||||
perror("accept from AUTH_SOCKET");
|
perror("accept from AUTH_SOCKET");
|
||||||
break;
|
break;
|
||||||
|
@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||||
case AUTH_CONNECTION:
|
case AUTH_CONNECTION:
|
||||||
if (buffer_len(&sockets[i].output) > 0 &&
|
if (buffer_len(&sockets[i].output) > 0 &&
|
||||||
FD_ISSET(sockets[i].fd, writeset)) {
|
FD_ISSET(sockets[i].fd, writeset)) {
|
||||||
len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
|
len = write(sockets[i].fd,
|
||||||
buffer_len(&sockets[i].output));
|
buffer_ptr(&sockets[i].output),
|
||||||
|
buffer_len(&sockets[i].output));
|
||||||
if (len <= 0) {
|
if (len <= 0) {
|
||||||
shutdown(sockets[i].fd, SHUT_RDWR);
|
shutdown(sockets[i].fd, SHUT_RDWR);
|
||||||
close(sockets[i].fd);
|
close(sockets[i].fd);
|
||||||
|
@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||||
void
|
void
|
||||||
check_parent_exists(int sig)
|
check_parent_exists(int sig)
|
||||||
{
|
{
|
||||||
|
int save_errno = errno;
|
||||||
|
|
||||||
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
|
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
|
||||||
/* printf("Parent has died - Authentication agent exiting.\n"); */
|
/* printf("Parent has died - Authentication agent exiting.\n"); */
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
signal(SIGALRM, check_parent_exists);
|
signal(SIGALRM, check_parent_exists);
|
||||||
alarm(10);
|
alarm(10);
|
||||||
|
errno = save_errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -664,14 +699,13 @@ usage()
|
||||||
{
|
{
|
||||||
fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
|
fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
|
||||||
fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
|
fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
|
||||||
__progname);
|
__progname);
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int ac, char **av)
|
main(int ac, char **av)
|
||||||
{
|
{
|
||||||
fd_set readset, writeset;
|
|
||||||
int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
|
int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
|
||||||
struct sockaddr_un sunaddr;
|
struct sockaddr_un sunaddr;
|
||||||
#ifdef HAVE_SETRLIMIT
|
#ifdef HAVE_SETRLIMIT
|
||||||
|
@ -680,6 +714,7 @@ main(int ac, char **av)
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
|
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
|
||||||
extern int optind;
|
extern int optind;
|
||||||
|
fd_set *readsetp = NULL, *writesetp = NULL;
|
||||||
|
|
||||||
__progname = get_progname(av[0]);
|
__progname = get_progname(av[0]);
|
||||||
init_rng();
|
init_rng();
|
||||||
|
@ -722,14 +757,13 @@ main(int ac, char **av)
|
||||||
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
|
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
|
||||||
if (pidstr == NULL) {
|
if (pidstr == NULL) {
|
||||||
fprintf(stderr, "%s not set, cannot kill agent\n",
|
fprintf(stderr, "%s not set, cannot kill agent\n",
|
||||||
SSH_AGENTPID_ENV_NAME);
|
SSH_AGENTPID_ENV_NAME);
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
pid = atoi(pidstr);
|
pid = atoi(pidstr);
|
||||||
if (pid < 1) { /* XXX PID_MAX check too */
|
if (pid < 1) {
|
||||||
/* Yes, PID_MAX check please */
|
|
||||||
fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
|
fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
|
||||||
SSH_AGENTPID_ENV_NAME, pidstr);
|
SSH_AGENTPID_ENV_NAME, pidstr);
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
if (kill(pid, SIGTERM) == -1) {
|
if (kill(pid, SIGTERM) == -1) {
|
||||||
|
@ -751,7 +785,7 @@ main(int ac, char **av)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
|
snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
|
||||||
parent_pid);
|
parent_pid);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create socket early so it will exist before command gets run from
|
* Create socket early so it will exist before command gets run from
|
||||||
|
@ -773,6 +807,7 @@ main(int ac, char **av)
|
||||||
perror("listen");
|
perror("listen");
|
||||||
cleanup_exit(1);
|
cleanup_exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fork, and have the parent execute the command, if any, or present
|
* Fork, and have the parent execute the command, if any, or present
|
||||||
* the socket data. The child continues as the authentication agent.
|
* the socket data. The child continues as the authentication agent.
|
||||||
|
@ -788,9 +823,9 @@ main(int ac, char **av)
|
||||||
if (ac == 0) {
|
if (ac == 0) {
|
||||||
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
|
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
|
||||||
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
|
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
|
||||||
SSH_AUTHSOCKET_ENV_NAME);
|
SSH_AUTHSOCKET_ENV_NAME);
|
||||||
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
|
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
|
||||||
SSH_AGENTPID_ENV_NAME);
|
SSH_AGENTPID_ENV_NAME);
|
||||||
printf("echo Agent pid %d;\n", pid);
|
printf("echo Agent pid %d;\n", pid);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
@ -834,15 +869,13 @@ main(int ac, char **av)
|
||||||
signal(SIGHUP, cleanup_exit);
|
signal(SIGHUP, cleanup_exit);
|
||||||
signal(SIGTERM, cleanup_exit);
|
signal(SIGTERM, cleanup_exit);
|
||||||
while (1) {
|
while (1) {
|
||||||
FD_ZERO(&readset);
|
prepare_select(&readsetp, &writesetp, &max_fd);
|
||||||
FD_ZERO(&writeset);
|
if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
|
||||||
prepare_select(&readset, &writeset);
|
|
||||||
if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
|
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
after_select(&readset, &writeset);
|
after_select(readsetp, writesetp);
|
||||||
}
|
}
|
||||||
/* NOTREACHED */
|
/* NOTREACHED */
|
||||||
}
|
}
|
||||||
|
|
22
ssh-dss.c
22
ssh-dss.c
|
@ -23,19 +23,16 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
|
RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
|
||||||
|
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "log.h"
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
|
|
||||||
#define INTBLOB_LEN 20
|
#define INTBLOB_LEN 20
|
||||||
|
@ -54,7 +51,7 @@ ssh_dss_sign(
|
||||||
EVP_MD_CTX md;
|
EVP_MD_CTX md;
|
||||||
u_int rlen;
|
u_int rlen;
|
||||||
u_int slen;
|
u_int slen;
|
||||||
u_int len;
|
u_int len, dlen;
|
||||||
u_char sigblob[SIGBLOB_LEN];
|
u_char sigblob[SIGBLOB_LEN];
|
||||||
Buffer b;
|
Buffer b;
|
||||||
|
|
||||||
|
@ -62,15 +59,18 @@ ssh_dss_sign(
|
||||||
error("ssh_dss_sign: no DSA key");
|
error("ssh_dss_sign: no DSA key");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
digest = xmalloc(evp_md->md_size);
|
dlen = evp_md->md_size;
|
||||||
|
digest = xmalloc(dlen);
|
||||||
EVP_DigestInit(&md, evp_md);
|
EVP_DigestInit(&md, evp_md);
|
||||||
EVP_DigestUpdate(&md, data, datalen);
|
EVP_DigestUpdate(&md, data, datalen);
|
||||||
EVP_DigestFinal(&md, digest, NULL);
|
EVP_DigestFinal(&md, digest, NULL);
|
||||||
|
|
||||||
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
|
sig = DSA_do_sign(digest, dlen, key->dsa);
|
||||||
if (sig == NULL) {
|
if (sig == NULL) {
|
||||||
fatal("ssh_dss_sign: cannot sign");
|
fatal("ssh_dss_sign: cannot sign");
|
||||||
}
|
}
|
||||||
|
memset(digest, 0, dlen);
|
||||||
|
xfree(digest);
|
||||||
|
|
||||||
rlen = BN_num_bytes(sig->r);
|
rlen = BN_num_bytes(sig->r);
|
||||||
slen = BN_num_bytes(sig->s);
|
slen = BN_num_bytes(sig->s);
|
||||||
|
|
|
@ -71,8 +71,6 @@
|
||||||
.Nm ssh-keygen
|
.Nm ssh-keygen
|
||||||
.Fl l
|
.Fl l
|
||||||
.Op Fl f Ar input_keyfile
|
.Op Fl f Ar input_keyfile
|
||||||
.Nm ssh-keygen
|
|
||||||
.Fl R
|
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
generates and manages authentication keys for
|
generates and manages authentication keys for
|
||||||
|
@ -172,10 +170,6 @@ Provides the new comment.
|
||||||
Provides the new passphrase.
|
Provides the new passphrase.
|
||||||
.It Fl P Ar passphrase
|
.It Fl P Ar passphrase
|
||||||
Provides the (old) passphrase.
|
Provides the (old) passphrase.
|
||||||
.It Fl R
|
|
||||||
If RSA support is functional, immediately exits with code 0. If RSA
|
|
||||||
support is not functional, exits with code 1. This flag will be
|
|
||||||
removed once the RSA patent expires.
|
|
||||||
.It Fl x
|
.It Fl x
|
||||||
This option will read a private
|
This option will read a private
|
||||||
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
|
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
|
||||||
|
|
18
ssh-keygen.c
18
ssh-keygen.c
|
@ -12,22 +12,20 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
|
RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "rsa.h"
|
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
#include "uuencode.h"
|
#include "uuencode.h"
|
||||||
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "readpass.h"
|
||||||
|
|
||||||
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
|
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
|
||||||
int bits = 1024;
|
int bits = 1024;
|
||||||
|
@ -87,13 +85,13 @@ ask_filename(struct passwd *pw, const char *prompt)
|
||||||
|
|
||||||
switch (key_type_from_name(key_type_name)) {
|
switch (key_type_from_name(key_type_name)) {
|
||||||
case KEY_RSA1:
|
case KEY_RSA1:
|
||||||
name = SSH_CLIENT_IDENTITY;
|
name = _PATH_SSH_CLIENT_IDENTITY;
|
||||||
break;
|
break;
|
||||||
case KEY_DSA:
|
case KEY_DSA:
|
||||||
name = SSH_CLIENT_ID_DSA;
|
name = _PATH_SSH_CLIENT_ID_DSA;
|
||||||
break;
|
break;
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
name = SSH_CLIENT_ID_RSA;
|
name = _PATH_SSH_CLIENT_ID_RSA;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
fprintf(stderr, "bad key type");
|
fprintf(stderr, "bad key type");
|
||||||
|
@ -757,7 +755,7 @@ main(int ac, char **av)
|
||||||
ask_filename(pw, "Enter file in which to save the key");
|
ask_filename(pw, "Enter file in which to save the key");
|
||||||
|
|
||||||
/* Create ~/.ssh directory if it doesn\'t already exist. */
|
/* Create ~/.ssh directory if it doesn\'t already exist. */
|
||||||
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
|
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||||
if (strstr(identity_file, dotsshdir) != NULL &&
|
if (strstr(identity_file, dotsshdir) != NULL &&
|
||||||
stat(dotsshdir, &st) < 0) {
|
stat(dotsshdir, &st) < 0) {
|
||||||
if (mkdir(dotsshdir, 0700) < 0)
|
if (mkdir(dotsshdir, 0700) < 0)
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
|
RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $");
|
||||||
|
|
||||||
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
|
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
|
||||||
#include <sys/queue.h>
|
#include <sys/queue.h>
|
||||||
|
@ -18,14 +18,14 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
static int argno = 1; /* Number of argument currently being parsed */
|
static int argno = 1; /* Number of argument currently being parsed */
|
||||||
|
|
||||||
|
|
13
ssh-rsa.c
13
ssh-rsa.c
|
@ -23,18 +23,15 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
|
RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "buffer.h"
|
|
||||||
#include "bufaux.h"
|
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "buffer.h"
|
||||||
|
#include "bufaux.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
|
|
||||||
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
|
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
|
||||||
|
|
30
ssh.c
30
ssh.c
|
@ -39,27 +39,31 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
|
RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "packet.h"
|
#include "ssh1.h"
|
||||||
#include "buffer.h"
|
|
||||||
#include "readconf.h"
|
|
||||||
#include "uidswap.h"
|
|
||||||
|
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
#include "cipher.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "packet.h"
|
||||||
|
#include "buffer.h"
|
||||||
|
#include "uidswap.h"
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
|
#include "pathnames.h"
|
||||||
#include "clientloop.h"
|
#include "clientloop.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "readconf.h"
|
||||||
|
#include "sshconnect.h"
|
||||||
|
#include "tildexpand.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
#ifdef HAVE___PROGNAME
|
#ifdef HAVE___PROGNAME
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
@ -555,11 +559,11 @@ main(int ac, char **av)
|
||||||
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
|
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
|
||||||
|
|
||||||
/* Read per-user configuration file. */
|
/* Read per-user configuration file. */
|
||||||
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE);
|
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
|
||||||
read_config_file(buf, host, &options);
|
read_config_file(buf, host, &options);
|
||||||
|
|
||||||
/* Read systemwide configuration file. */
|
/* Read systemwide configuration file. */
|
||||||
read_config_file(HOST_CONFIG_FILE, host, &options);
|
read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
|
||||||
|
|
||||||
/* Fill configuration defaults. */
|
/* Fill configuration defaults. */
|
||||||
fill_default_options(&options);
|
fill_default_options(&options);
|
||||||
|
@ -624,7 +628,7 @@ main(int ac, char **av)
|
||||||
host_private_key = RSA_new();
|
host_private_key = RSA_new();
|
||||||
k.type = KEY_RSA1;
|
k.type = KEY_RSA1;
|
||||||
k.rsa = host_private_key;
|
k.rsa = host_private_key;
|
||||||
if (load_private_key(HOST_KEY_FILE, "", &k, NULL))
|
if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL))
|
||||||
host_private_key_loaded = 1;
|
host_private_key_loaded = 1;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
@ -648,7 +652,7 @@ main(int ac, char **av)
|
||||||
* Now that we are back to our own permissions, create ~/.ssh
|
* Now that we are back to our own permissions, create ~/.ssh
|
||||||
* directory if it doesn\'t already exist.
|
* directory if it doesn\'t already exist.
|
||||||
*/
|
*/
|
||||||
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
|
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||||
if (stat(buf, &st) < 0)
|
if (stat(buf, &st) < 0)
|
||||||
if (mkdir(buf, 0700) < 0)
|
if (mkdir(buf, 0700) < 0)
|
||||||
error("Could not create directory '%.200s'.", buf);
|
error("Could not create directory '%.200s'.", buf);
|
||||||
|
|
471
ssh.h
471
ssh.h
|
@ -3,8 +3,6 @@
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
* All rights reserved
|
* All rights reserved
|
||||||
*
|
*
|
||||||
* Generic header file for ssh.
|
|
||||||
*
|
|
||||||
* As far as I am concerned, the code I have written for this software
|
* As far as I am concerned, the code I have written for this software
|
||||||
* can be used freely for any purpose. Any derived versions of this
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
* software must be clearly marked as such, and if the derived work is
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
@ -12,7 +10,7 @@
|
||||||
* called by a name other than "ssh" or "Secure Shell".
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */
|
/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */
|
||||||
|
|
||||||
#ifndef SSH_H
|
#ifndef SSH_H
|
||||||
#define SSH_H
|
#define SSH_H
|
||||||
|
@ -26,8 +24,9 @@
|
||||||
#ifdef HAVE_SYS_SELECT_H
|
#ifdef HAVE_SYS_SELECT_H
|
||||||
# include <sys/select.h>
|
# include <sys/select.h>
|
||||||
#endif
|
#endif
|
||||||
#include "rsa.h"
|
|
||||||
#include "cipher.h"
|
//#include "rsa.h"
|
||||||
|
//#include "cipher.h"
|
||||||
|
|
||||||
/* Cipher used for encrypting authentication files. */
|
/* Cipher used for encrypting authentication files. */
|
||||||
#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
|
#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
|
||||||
|
@ -68,138 +67,21 @@
|
||||||
# define SSHD_PAM_SERVICE "sshd"
|
# define SSHD_PAM_SERVICE "sshd"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef ETCDIR
|
|
||||||
#define ETCDIR "/etc"
|
|
||||||
#endif /* ETCDIR */
|
|
||||||
|
|
||||||
#ifndef PIDDIR
|
|
||||||
#define PIDDIR "/var/run"
|
|
||||||
#endif /* PIDDIR */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* System-wide file containing host keys of known hosts. This file should be
|
* Name of the environment variable containing the pathname of the
|
||||||
* world-readable.
|
* authentication socket.
|
||||||
*/
|
*/
|
||||||
#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
|
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
|
||||||
#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Of these, ssh_host_key must be readable only by root, whereas ssh_config
|
|
||||||
* should be world-readable.
|
|
||||||
*/
|
|
||||||
#define HOST_KEY_FILE ETCDIR "/ssh_host_key"
|
|
||||||
#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
|
|
||||||
#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
|
|
||||||
#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
|
|
||||||
#define DH_PRIMES ETCDIR "/primes"
|
|
||||||
|
|
||||||
#ifndef SSH_PROGRAM
|
|
||||||
#define SSH_PROGRAM "/usr/bin/ssh"
|
|
||||||
#endif /* SSH_PROGRAM */
|
|
||||||
|
|
||||||
#ifndef LOGIN_PROGRAM
|
|
||||||
# ifdef LOGIN_PROGRAM_FALLBACK
|
|
||||||
# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
|
|
||||||
# else
|
|
||||||
# define LOGIN_PROGRAM "/usr/bin/login"
|
|
||||||
# endif
|
|
||||||
#endif /* LOGIN_PROGRAM */
|
|
||||||
|
|
||||||
#ifndef ASKPASS_PROGRAM
|
|
||||||
#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
|
|
||||||
#endif /* ASKPASS_PROGRAM */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The process id of the daemon listening for connections is saved here to
|
|
||||||
* make it easier to kill the correct daemon when necessary.
|
|
||||||
*/
|
|
||||||
#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The directory in user\'s home directory in which the files reside. The
|
|
||||||
* directory should be world-readable (though not all files are).
|
|
||||||
*/
|
|
||||||
#define SSH_USER_DIR ".ssh"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Relevant only when using builtin PRNG.
|
|
||||||
*/
|
|
||||||
#ifndef SSH_PRNG_SEED_FILE
|
|
||||||
# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
|
|
||||||
#endif /* SSH_PRNG_SEED_FILE */
|
|
||||||
#ifndef SSH_PRNG_COMMAND_FILE
|
|
||||||
# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
|
|
||||||
#endif /* SSH_PRNG_COMMAND_FILE */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Per-user file containing host keys of known hosts. This file need not be
|
|
||||||
* readable by anyone except the user him/herself, though this does not
|
|
||||||
* contain anything particularly secret.
|
|
||||||
*/
|
|
||||||
#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"
|
|
||||||
#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Name of the default file containing client-side authentication key. This
|
|
||||||
* file should only be readable by the user him/herself.
|
|
||||||
*/
|
|
||||||
#define SSH_CLIENT_IDENTITY ".ssh/identity"
|
|
||||||
#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
|
|
||||||
#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Configuration file in user\'s home directory. This file need not be
|
|
||||||
* readable by anyone but the user him/herself, but does not contain anything
|
|
||||||
* particularly secret. If the user\'s home directory resides on an NFS
|
|
||||||
* volume where root is mapped to nobody, this may need to be world-readable.
|
|
||||||
*/
|
|
||||||
#define SSH_USER_CONFFILE ".ssh/config"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* File containing a list of those rsa keys that permit logging in as this
|
|
||||||
* user. This file need not be readable by anyone but the user him/herself,
|
|
||||||
* but does not contain anything particularly secret. If the user\'s home
|
|
||||||
* directory resides on an NFS volume where root is mapped to nobody, this
|
|
||||||
* may need to be world-readable. (This file is read by the daemon which is
|
|
||||||
* running as root.)
|
|
||||||
*/
|
|
||||||
#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
|
|
||||||
#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Per-user and system-wide ssh "rc" files. These files are executed with
|
|
||||||
* /bin/sh before starting the shell or command if they exist. They will be
|
|
||||||
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
|
|
||||||
* use. xauth will be run if neither of these exists.
|
|
||||||
*/
|
|
||||||
#define SSH_USER_RC ".ssh/rc"
|
|
||||||
#define SSH_SYSTEM_RC ETCDIR "/sshrc"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
|
|
||||||
* ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
|
|
||||||
*/
|
|
||||||
#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Name of the environment variable containing the pathname of the
|
* Name of the environment variable containing the pathname of the
|
||||||
* authentication socket.
|
* authentication socket.
|
||||||
*/
|
*/
|
||||||
#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
|
#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Name of the environment variable containing the pathname of the
|
* Environment variable for overwriting the default location of askpass
|
||||||
* authentication socket.
|
|
||||||
*/
|
*/
|
||||||
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Default path to ssh-askpass used by ssh-add,
|
|
||||||
* environment variable for overwriting the default location
|
|
||||||
*/
|
|
||||||
#ifndef SSH_ASKPASS_DEFAULT
|
|
||||||
# define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
|
|
||||||
#endif
|
|
||||||
#define SSH_ASKPASS_ENV "SSH_ASKPASS"
|
#define SSH_ASKPASS_ENV "SSH_ASKPASS"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -217,339 +99,4 @@
|
||||||
/* Name of Kerberos service for SSH to use. */
|
/* Name of Kerberos service for SSH to use. */
|
||||||
#define KRB4_SERVICE_NAME "rcmd"
|
#define KRB4_SERVICE_NAME "rcmd"
|
||||||
|
|
||||||
/*
|
|
||||||
* Authentication methods. New types can be added, but old types should not
|
|
||||||
* be removed for compatibility. The maximum allowed value is 31.
|
|
||||||
*/
|
|
||||||
#define SSH_AUTH_RHOSTS 1
|
|
||||||
#define SSH_AUTH_RSA 2
|
|
||||||
#define SSH_AUTH_PASSWORD 3
|
|
||||||
#define SSH_AUTH_RHOSTS_RSA 4
|
|
||||||
#define SSH_AUTH_TIS 5
|
|
||||||
#define SSH_AUTH_KERBEROS 6
|
|
||||||
#define SSH_PASS_KERBEROS_TGT 7
|
|
||||||
/* 8 to 15 are reserved */
|
|
||||||
#define SSH_PASS_AFS_TOKEN 21
|
|
||||||
|
|
||||||
/* Protocol flags. These are bit masks. */
|
|
||||||
#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
|
|
||||||
#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Definition of message types. New values can be added, but old values
|
|
||||||
* should not be removed or without careful consideration of the consequences
|
|
||||||
* for compatibility. The maximum value is 254; value 255 is reserved for
|
|
||||||
* future extension.
|
|
||||||
*/
|
|
||||||
/* Message name */ /* msg code */ /* arguments */
|
|
||||||
#define SSH_MSG_NONE 0 /* no message */
|
|
||||||
#define SSH_MSG_DISCONNECT 1 /* cause (string) */
|
|
||||||
#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
|
|
||||||
#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
|
|
||||||
#define SSH_CMSG_USER 4 /* user (string) */
|
|
||||||
#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
|
|
||||||
#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
|
|
||||||
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
|
|
||||||
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
|
|
||||||
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
|
|
||||||
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
|
|
||||||
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
|
|
||||||
#define SSH_CMSG_EXEC_SHELL 12 /* */
|
|
||||||
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
|
|
||||||
#define SSH_SMSG_SUCCESS 14 /* */
|
|
||||||
#define SSH_SMSG_FAILURE 15 /* */
|
|
||||||
#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
|
|
||||||
#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
|
|
||||||
#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
|
|
||||||
#define SSH_CMSG_EOF 19 /* */
|
|
||||||
#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
|
|
||||||
#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
|
|
||||||
#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
|
|
||||||
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
|
|
||||||
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
|
|
||||||
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
|
|
||||||
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
|
|
||||||
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
|
|
||||||
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
|
|
||||||
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
|
|
||||||
#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
|
|
||||||
#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
|
|
||||||
#define SSH_MSG_IGNORE 32 /* string */
|
|
||||||
#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
|
|
||||||
#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
|
|
||||||
#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
|
|
||||||
#define SSH_MSG_DEBUG 36 /* string */
|
|
||||||
#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
|
|
||||||
#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
|
|
||||||
#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
|
|
||||||
#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
|
|
||||||
#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
|
|
||||||
#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
|
|
||||||
#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
|
|
||||||
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
|
|
||||||
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
|
|
||||||
|
|
||||||
/*------------ definitions for login.c -------------*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Returns the time when the user last logged in. Returns 0 if the
|
|
||||||
* information is not available. This must be called before record_login.
|
|
||||||
* The host from which the user logged in is stored in buf.
|
|
||||||
*/
|
|
||||||
u_long
|
|
||||||
get_last_login_time(uid_t uid, const char *logname,
|
|
||||||
char *buf, u_int bufsize);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Records that the user has logged in. This does many things normally done
|
|
||||||
* by login(1).
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
|
||||||
const char *host, struct sockaddr *addr);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Records that the user has logged out. This does many thigs normally done
|
|
||||||
* by login(1) or init.
|
|
||||||
*/
|
|
||||||
void record_logout(pid_t pid, const char *ttyname);
|
|
||||||
|
|
||||||
/*------------ definitions for sshconnect.c ----------*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Opens a TCP/IP connection to the remote server on the given host. If port
|
|
||||||
* is 0, the default port will be used. If anonymous is zero, a privileged
|
|
||||||
* port will be allocated to make the connection. This requires super-user
|
|
||||||
* privileges if anonymous is false. Connection_attempts specifies the
|
|
||||||
* maximum number of tries, one per second. This returns true on success,
|
|
||||||
* and zero on failure. If the connection is successful, this calls
|
|
||||||
* packet_set_connection for the connection.
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
|
||||||
u_short port, int connection_attempts,
|
|
||||||
int anonymous, uid_t original_real_uid,
|
|
||||||
const char *proxy_command);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Starts a dialog with the server, and authenticates the current user on the
|
|
||||||
* server. This does not need any extra privileges. The basic connection to
|
|
||||||
* the server must already have been established before this is called. If
|
|
||||||
* login fails, this function prints an error and never returns. This
|
|
||||||
* initializes the random state, and leaves it initialized (it will also have
|
|
||||||
* references from the packet module).
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
ssh_login(int host_key_valid, RSA * host_key, const char *host,
|
|
||||||
struct sockaddr * hostaddr, uid_t original_real_uid);
|
|
||||||
|
|
||||||
/*------------ Definitions for various authentication methods. -------*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Tries to authenticate the user using the .rhosts file. Returns true if
|
|
||||||
* authentication succeeds. If ignore_rhosts is non-zero, this will not
|
|
||||||
* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
|
|
||||||
*/
|
|
||||||
int auth_rhosts(struct passwd * pw, const char *client_user);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Tries to authenticate the user using the .rhosts file and the host using
|
|
||||||
* its host key. Returns true if authentication succeeds.
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Tries to authenticate the user using password. Returns true if
|
|
||||||
* authentication succeeds.
|
|
||||||
*/
|
|
||||||
int auth_password(struct passwd * pw, const char *password);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Performs the RSA authentication dialog with the client. This returns 0 if
|
|
||||||
* the client could not be authenticated, and 1 if authentication was
|
|
||||||
* successful. This may exit if there is a serious protocol violation.
|
|
||||||
*/
|
|
||||||
int auth_rsa(struct passwd * pw, BIGNUM * client_n);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
|
|
||||||
* over the key. Skips any whitespace at the beginning and at end.
|
|
||||||
*/
|
|
||||||
int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Returns the name of the machine at the other end of the socket. The
|
|
||||||
* returned string should be freed by the caller.
|
|
||||||
*/
|
|
||||||
char *get_remote_hostname(int socket);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Return the canonical name of the host in the other side of the current
|
|
||||||
* connection (as returned by packet_get_connection). The host name is
|
|
||||||
* cached, so it is efficient to call this several times.
|
|
||||||
*/
|
|
||||||
const char *get_canonical_hostname(void);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Returns the remote IP address as an ascii string. The value need not be
|
|
||||||
* freed by the caller.
|
|
||||||
*/
|
|
||||||
const char *get_remote_ipaddr(void);
|
|
||||||
|
|
||||||
/* Returns the port number of the peer of the socket. */
|
|
||||||
int get_peer_port(int sock);
|
|
||||||
|
|
||||||
/* Returns the port number of the remote/local host. */
|
|
||||||
int get_remote_port(void);
|
|
||||||
int get_local_port(void);
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Performs the RSA authentication challenge-response dialog with the client,
|
|
||||||
* and returns true (non-zero) if the client gave the correct answer to our
|
|
||||||
* challenge; returns zero if the client gives a wrong answer.
|
|
||||||
*/
|
|
||||||
int auth_rsa_challenge_dialog(RSA *pk);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Reads a passphrase from /dev/tty with echo turned off. Returns the
|
|
||||||
* passphrase (allocated with xmalloc). Exits if EOF is encountered. If
|
|
||||||
* from_stdin is true, the passphrase will be read from stdin instead.
|
|
||||||
*/
|
|
||||||
char *read_passphrase(const char *prompt, int from_stdin);
|
|
||||||
|
|
||||||
|
|
||||||
/*------------ Definitions for logging. -----------------------*/
|
|
||||||
|
|
||||||
/* Supported syslog facilities and levels. */
|
|
||||||
typedef enum {
|
|
||||||
SYSLOG_FACILITY_DAEMON,
|
|
||||||
SYSLOG_FACILITY_USER,
|
|
||||||
SYSLOG_FACILITY_AUTH,
|
|
||||||
#ifdef LOG_AUTHPRIV
|
|
||||||
SYSLOG_FACILITY_AUTHPRIV,
|
|
||||||
#endif
|
|
||||||
SYSLOG_FACILITY_LOCAL0,
|
|
||||||
SYSLOG_FACILITY_LOCAL1,
|
|
||||||
SYSLOG_FACILITY_LOCAL2,
|
|
||||||
SYSLOG_FACILITY_LOCAL3,
|
|
||||||
SYSLOG_FACILITY_LOCAL4,
|
|
||||||
SYSLOG_FACILITY_LOCAL5,
|
|
||||||
SYSLOG_FACILITY_LOCAL6,
|
|
||||||
SYSLOG_FACILITY_LOCAL7
|
|
||||||
} SyslogFacility;
|
|
||||||
|
|
||||||
typedef enum {
|
|
||||||
SYSLOG_LEVEL_QUIET,
|
|
||||||
SYSLOG_LEVEL_FATAL,
|
|
||||||
SYSLOG_LEVEL_ERROR,
|
|
||||||
SYSLOG_LEVEL_INFO,
|
|
||||||
SYSLOG_LEVEL_VERBOSE,
|
|
||||||
SYSLOG_LEVEL_DEBUG1,
|
|
||||||
SYSLOG_LEVEL_DEBUG2,
|
|
||||||
SYSLOG_LEVEL_DEBUG3
|
|
||||||
} LogLevel;
|
|
||||||
/* Initializes logging. */
|
|
||||||
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
|
|
||||||
|
|
||||||
/* Logging implementation, depending on server or client */
|
|
||||||
void do_log(LogLevel level, const char *fmt, va_list args);
|
|
||||||
|
|
||||||
/* name to facility/level */
|
|
||||||
SyslogFacility log_facility_number(char *name);
|
|
||||||
LogLevel log_level_number(char *name);
|
|
||||||
|
|
||||||
/* Output a message to syslog or stderr */
|
|
||||||
void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
|
||||||
|
|
||||||
/* same as fatal() but w/o logging */
|
|
||||||
void fatal_cleanup(void);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Registers a cleanup function to be called by fatal()/fatal_cleanup()
|
|
||||||
* before exiting. It is permissible to call fatal_remove_cleanup for the
|
|
||||||
* function itself from the function.
|
|
||||||
*/
|
|
||||||
void fatal_add_cleanup(void (*proc) (void *context), void *context);
|
|
||||||
|
|
||||||
/* Removes a cleanup function to be called at fatal(). */
|
|
||||||
void fatal_remove_cleanup(void (*proc) (void *context), void *context);
|
|
||||||
|
|
||||||
/* ---- misc */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
|
||||||
* Warning: this calls getpw*.
|
|
||||||
*/
|
|
||||||
char *tilde_expand_filename(const char *filename, uid_t my_uid);
|
|
||||||
|
|
||||||
/* remove newline at end of string */
|
|
||||||
char *chop(char *s);
|
|
||||||
|
|
||||||
/* return next token in configuration line */
|
|
||||||
char *strdelim(char **s);
|
|
||||||
|
|
||||||
/* set filedescriptor to non-blocking */
|
|
||||||
void set_nonblock(int fd);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Performs the interactive session. This handles data transmission between
|
|
||||||
* the client and the program. Note that the notion of stdin, stdout, and
|
|
||||||
* stderr in this function is sort of reversed: this function writes to stdin
|
|
||||||
* (of the child program), and reads from stdout and stderr (of the child
|
|
||||||
* program).
|
|
||||||
*/
|
|
||||||
void server_loop(pid_t pid, int fdin, int fdout, int fderr);
|
|
||||||
void server_loop2(void);
|
|
||||||
|
|
||||||
/* Client side main loop for the interactive session. */
|
|
||||||
int client_loop(int have_pty, int escape_char, int id);
|
|
||||||
|
|
||||||
/* Linked list of custom environment strings (see auth-rsa.c). */
|
|
||||||
struct envstring {
|
|
||||||
struct envstring *next;
|
|
||||||
char *s;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Ensure all of data on socket comes through. f==read || f==write
|
|
||||||
*/
|
|
||||||
ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
|
|
||||||
|
|
||||||
#ifdef KRB4
|
|
||||||
#include <krb.h>
|
|
||||||
/*
|
|
||||||
* Performs Kerberos v4 mutual authentication with the client. This returns 0
|
|
||||||
* if the client could not be authenticated, and 1 if authentication was
|
|
||||||
* successful. This may exit if there is a serious protocol violation.
|
|
||||||
*/
|
|
||||||
int auth_krb4(const char *server_user, KTEXT auth, char **client);
|
|
||||||
int krb4_init(uid_t uid);
|
|
||||||
void krb4_cleanup_proc(void *ignore);
|
|
||||||
int auth_krb4_password(struct passwd * pw, const char *password);
|
|
||||||
|
|
||||||
#ifdef AFS
|
|
||||||
#include <kafs.h>
|
|
||||||
|
|
||||||
/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
|
|
||||||
int auth_kerberos_tgt(struct passwd * pw, const char *string);
|
|
||||||
int auth_afs_token(struct passwd * pw, const char *token_string);
|
|
||||||
|
|
||||||
int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
|
|
||||||
int radix_to_creds(const char *buf, CREDENTIALS * creds);
|
|
||||||
#endif /* AFS */
|
|
||||||
|
|
||||||
#endif /* KRB4 */
|
|
||||||
|
|
||||||
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
|
||||||
extern int IPv4or6;
|
|
||||||
|
|
||||||
#endif /* SSH_H */
|
#endif /* SSH_H */
|
||||||
|
|
|
@ -0,0 +1,84 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Definition of message types. New values can be added, but old values
|
||||||
|
* should not be removed or without careful consideration of the consequences
|
||||||
|
* for compatibility. The maximum value is 254; value 255 is reserved for
|
||||||
|
* future extension.
|
||||||
|
*/
|
||||||
|
/* Message name */ /* msg code */ /* arguments */
|
||||||
|
#define SSH_MSG_NONE 0 /* no message */
|
||||||
|
#define SSH_MSG_DISCONNECT 1 /* cause (string) */
|
||||||
|
#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
|
||||||
|
#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
|
||||||
|
#define SSH_CMSG_USER 4 /* user (string) */
|
||||||
|
#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
|
||||||
|
#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
|
||||||
|
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
|
||||||
|
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
|
||||||
|
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
|
||||||
|
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
|
||||||
|
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
|
||||||
|
#define SSH_CMSG_EXEC_SHELL 12 /* */
|
||||||
|
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
|
||||||
|
#define SSH_SMSG_SUCCESS 14 /* */
|
||||||
|
#define SSH_SMSG_FAILURE 15 /* */
|
||||||
|
#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
|
||||||
|
#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
|
||||||
|
#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
|
||||||
|
#define SSH_CMSG_EOF 19 /* */
|
||||||
|
#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
|
||||||
|
#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
|
||||||
|
#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
|
||||||
|
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
|
||||||
|
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
|
||||||
|
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
|
||||||
|
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
|
||||||
|
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
|
||||||
|
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
|
||||||
|
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
|
||||||
|
#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
|
||||||
|
#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
|
||||||
|
#define SSH_MSG_IGNORE 32 /* string */
|
||||||
|
#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
|
||||||
|
#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
|
||||||
|
#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
|
||||||
|
#define SSH_MSG_DEBUG 36 /* string */
|
||||||
|
#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
|
||||||
|
#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
|
||||||
|
#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
|
||||||
|
#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
|
||||||
|
#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
|
||||||
|
#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
|
||||||
|
#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
|
||||||
|
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
|
||||||
|
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Authentication methods. New types can be added, but old types should not
|
||||||
|
* be removed for compatibility. The maximum allowed value is 31.
|
||||||
|
*/
|
||||||
|
#define SSH_AUTH_RHOSTS 1
|
||||||
|
#define SSH_AUTH_RSA 2
|
||||||
|
#define SSH_AUTH_PASSWORD 3
|
||||||
|
#define SSH_AUTH_RHOSTS_RSA 4
|
||||||
|
#define SSH_AUTH_TIS 5
|
||||||
|
#define SSH_AUTH_KERBEROS 6
|
||||||
|
#define SSH_PASS_KERBEROS_TGT 7
|
||||||
|
/* 8 to 15 are reserved */
|
||||||
|
#define SSH_PASS_AFS_TOKEN 21
|
||||||
|
|
||||||
|
/* Protocol flags. These are bit masks. */
|
||||||
|
#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
|
||||||
|
#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
|
||||||
|
|
14
sshconnect.c
14
sshconnect.c
|
@ -13,23 +13,24 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
|
RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
|
|
||||||
|
#include "ssh.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "readconf.h"
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "sshconnect.h"
|
#include "sshconnect.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "readconf.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
char *client_version_string = NULL;
|
char *client_version_string = NULL;
|
||||||
char *server_version_string = NULL;
|
char *server_version_string = NULL;
|
||||||
|
@ -37,6 +38,9 @@ char *server_version_string = NULL;
|
||||||
extern Options options;
|
extern Options options;
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
|
||||||
|
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
||||||
|
extern int IPv4or6;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Connect to the given ssh server using a proxy command.
|
* Connect to the given ssh server using a proxy command.
|
||||||
*/
|
*/
|
||||||
|
|
28
sshconnect.h
28
sshconnect.h
|
@ -23,6 +23,34 @@
|
||||||
*/
|
*/
|
||||||
#ifndef SSHCONNECT_H
|
#ifndef SSHCONNECT_H
|
||||||
#define SSHCONNECT_H
|
#define SSHCONNECT_H
|
||||||
|
/*
|
||||||
|
* Opens a TCP/IP connection to the remote server on the given host. If port
|
||||||
|
* is 0, the default port will be used. If anonymous is zero, a privileged
|
||||||
|
* port will be allocated to make the connection. This requires super-user
|
||||||
|
* privileges if anonymous is false. Connection_attempts specifies the
|
||||||
|
* maximum number of tries, one per second. This returns true on success,
|
||||||
|
* and zero on failure. If the connection is successful, this calls
|
||||||
|
* packet_set_connection for the connection.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
||||||
|
u_short port, int connection_attempts,
|
||||||
|
int anonymous, uid_t original_real_uid,
|
||||||
|
const char *proxy_command);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Starts a dialog with the server, and authenticates the current user on the
|
||||||
|
* server. This does not need any extra privileges. The basic connection to
|
||||||
|
* the server must already have been established before this is called. If
|
||||||
|
* login fails, this function prints an error and never returns. This
|
||||||
|
* initializes the random state, and leaves it initialized (it will also have
|
||||||
|
* references from the packet module).
|
||||||
|
*/
|
||||||
|
|
||||||
|
void
|
||||||
|
ssh_login(int host_key_valid, RSA * host_key, const char *host,
|
||||||
|
struct sockaddr * hostaddr, uid_t original_real_uid);
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||||
|
|
|
@ -13,25 +13,36 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $");
|
RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
#ifdef KRB4
|
||||||
|
#include <krb.h>
|
||||||
|
#include "radix.h"
|
||||||
|
#endif
|
||||||
|
#ifdef AFS
|
||||||
|
#include <kafs.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "mpaux.h"
|
#include "mpaux.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
|
#include "log.h"
|
||||||
#include "readconf.h"
|
#include "readconf.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
#include "sshconnect.h"
|
#include "sshconnect.h"
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
|
#include "readpass.h"
|
||||||
|
#include "cipher.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
|
||||||
/* Session id for the current session. */
|
/* Session id for the current session. */
|
||||||
u_char session_id[16];
|
u_char session_id[16];
|
||||||
|
|
|
@ -23,25 +23,23 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
|
RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/hmac.h>
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
|
#include "ssh2.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "readconf.h"
|
|
||||||
#include "bufaux.h"
|
#include "bufaux.h"
|
||||||
#include "ssh2.h"
|
#include "cipher.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "myproposal.h"
|
#include "myproposal.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
|
@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
|
||||||
#include "cli.h"
|
#include "cli.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "readconf.h"
|
||||||
|
#include "readpass.h"
|
||||||
|
|
||||||
void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
|
void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
|
||||||
void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
|
void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
|
||||||
|
@ -332,8 +333,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
|
||||||
if ((g = BN_new()) == NULL)
|
if ((g = BN_new()) == NULL)
|
||||||
fatal("BN_new");
|
fatal("BN_new");
|
||||||
packet_get_bignum2(g, &dlen);
|
packet_get_bignum2(g, &dlen);
|
||||||
if ((dh = dh_new_group(g, p)) == NULL)
|
dh = dh_new_group(g, p);
|
||||||
fatal("dh_new_group");
|
|
||||||
|
|
||||||
dh_gen_key(dh);
|
dh_gen_key(dh);
|
||||||
|
|
||||||
|
|
4
sshd.8
4
sshd.8
|
@ -34,7 +34,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $
|
.\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSHD 8
|
.Dt SSHD 8
|
||||||
.Os
|
.Os
|
||||||
|
@ -394,7 +394,7 @@ Specifies the file containing the private host keys (default
|
||||||
used by SSH protocol versions 1 and 2.
|
used by SSH protocol versions 1 and 2.
|
||||||
Note that
|
Note that
|
||||||
.Nm
|
.Nm
|
||||||
if this file is group/world-accessible.
|
will refuse to use a file if it is group/world-accessible.
|
||||||
It is possible to have multiple host key files.
|
It is possible to have multiple host key files.
|
||||||
.Dq rsa1
|
.Dq rsa1
|
||||||
keys are used for version 1 and
|
keys are used for version 1 and
|
||||||
|
|
32
sshd.c
32
sshd.c
|
@ -40,32 +40,36 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $");
|
RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
|
||||||
|
|
||||||
|
#include <openssl/dh.h>
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
#include "ssh2.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#include "ssh.h"
|
|
||||||
#include "pty.h"
|
#include "pty.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "mpaux.h"
|
#include "mpaux.h"
|
||||||
|
#include "log.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
#include "cipher.h"
|
||||||
#include "ssh2.h"
|
|
||||||
#include <openssl/dh.h>
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/hmac.h>
|
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include <openssl/dsa.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "dh.h"
|
#include "dh.h"
|
||||||
|
|
||||||
#include "auth.h"
|
|
||||||
#include "myproposal.h"
|
#include "myproposal.h"
|
||||||
#include "authfile.h"
|
#include "authfile.h"
|
||||||
|
#include "pathnames.h"
|
||||||
|
#include "atomicio.h"
|
||||||
|
#include "canohost.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "misc.h"
|
||||||
|
|
||||||
#ifdef LIBWRAP
|
#ifdef LIBWRAP
|
||||||
#include <tcpd.h>
|
#include <tcpd.h>
|
||||||
|
@ -88,7 +92,7 @@ char *__progname;
|
||||||
ServerOptions options;
|
ServerOptions options;
|
||||||
|
|
||||||
/* Name of the server configuration file. */
|
/* Name of the server configuration file. */
|
||||||
char *config_file_name = SERVER_CONFIG_FILE;
|
char *config_file_name = _PATH_SERVER_CONFIG_FILE;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
|
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
|
||||||
|
@ -643,7 +647,7 @@ main(int ac, char **av)
|
||||||
fprintf(stderr, "sshd version %s\n", SSH_VERSION);
|
fprintf(stderr, "sshd version %s\n", SSH_VERSION);
|
||||||
fprintf(stderr, "Usage: %s [options]\n", __progname);
|
fprintf(stderr, "Usage: %s [options]\n", __progname);
|
||||||
fprintf(stderr, "Options:\n");
|
fprintf(stderr, "Options:\n");
|
||||||
fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE);
|
fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
|
||||||
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
|
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
|
||||||
fprintf(stderr, " -i Started from inetd\n");
|
fprintf(stderr, " -i Started from inetd\n");
|
||||||
fprintf(stderr, " -D Do not fork into daemon mode\n");
|
fprintf(stderr, " -D Do not fork into daemon mode\n");
|
||||||
|
@ -653,7 +657,7 @@ main(int ac, char **av)
|
||||||
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
|
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
|
||||||
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
|
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
|
||||||
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
|
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
|
||||||
HOST_KEY_FILE);
|
_PATH_HOST_KEY_FILE);
|
||||||
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
|
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
|
||||||
fprintf(stderr, " -4 Use IPv4 only\n");
|
fprintf(stderr, " -4 Use IPv4 only\n");
|
||||||
fprintf(stderr, " -6 Use IPv6 only\n");
|
fprintf(stderr, " -6 Use IPv6 only\n");
|
||||||
|
|
|
@ -11,10 +11,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $");
|
RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
/*
|
||||||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
* All rights reserved
|
||||||
|
*
|
||||||
|
* As far as I am concerned, the code I have written for this software
|
||||||
|
* can be used freely for any purpose. Any derived versions of this
|
||||||
|
* software must be clearly marked as such, and if the derived work is
|
||||||
|
* incompatible with the protocol description in the RFC file, it must be
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
||||||
|
* Warning: this calls getpw*.
|
||||||
|
*/
|
||||||
|
char *tilde_expand_filename(const char *filename, uid_t my_uid);
|
|
@ -15,10 +15,11 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
|
RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
|
#include "ssh1.h"
|
||||||
|
|
||||||
#define TTY_OP_END 0
|
#define TTY_OP_END 0
|
||||||
#define TTY_OP_ISPEED 192 /* int follows */
|
#define TTY_OP_ISPEED 192 /* int follows */
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
|
RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "log.h"
|
||||||
#include "uidswap.h"
|
#include "uidswap.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -13,9 +13,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
|
RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "xmalloc.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
void *
|
void *
|
||||||
xmalloc(size_t size)
|
xmalloc(size_t size)
|
||||||
|
|
Loading…
Reference in New Issue