diff --git a/ChangeLog b/ChangeLog index eeceec348..f015f5620 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ - OpenBSD CVS update [packet.c] - send debug messages in SSH2 format + [scp.c] + - fix very rare EAGAIN/EINTR issues; based on work by djm + [packet.c] + - less debug, rm unused + [auth2.c] + - disable kerb,s/key in ssh2 + [sshd.8] + - Minor tweaks and typo fixes. + [ssh-keygen.c] + - Put -d into usage and reorder. markus ok. - Include missing headers for OpenSSL tests. Fix from Phil Karn - Fixed __progname symbol collisions reported by Andre Lucas diff --git a/auth2.c b/auth2.c index 9937ed678..cfe63cdf1 100644 --- a/auth2.c +++ b/auth2.c @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.3 2000/04/27 15:23:02 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.4 2000/05/01 07:45:08 markus Exp $"); #include #include @@ -92,6 +92,10 @@ static int userauth_success = 0; void do_authentication2() { + /* turn off skey/kerberos, not supported by SSH2 */ + options.skey_authentication = 0; + options.kerberos_authentication = 0; + dispatch_init(&protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &userauth_success); diff --git a/packet.c b/packet.c index 73a96b986..e70d06091 100644 --- a/packet.c +++ b/packet.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.20 2000/04/30 22:24:07 damien Exp $"); +RCSID("$Id: packet.c,v 1.21 2000/05/01 11:10:33 damien Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -130,7 +130,7 @@ clear_enc_keys(Enc *enc, int len) void packet_set_ssh2_format(void) { - debug("use_ssh2_packet_format"); + DBG(debug("use_ssh2_packet_format")); use_ssh2_packet_format = 1; } @@ -613,7 +613,7 @@ packet_send2() fatal("packet_send2: no KEX"); if (mac->md != NULL) mac->enabled = 1; - debug("cipher_set_key_iv send_context"); + DBG(debug("cipher_set_key_iv send_context")); cipher_set_key_iv(&send_context, enc->type, enc->key, enc->key_len, enc->iv, enc->iv_len); @@ -636,13 +636,6 @@ packet_send() DBG(debug("packet_send done")); } -void -packet_send_and_wait() -{ - packet_send(); - packet_write_wait(); -} - /* * Waits until a packet has been received, and returns its type. Note that * no other data is processed until this returns, so this function should not @@ -921,7 +914,7 @@ packet_read_poll2(int *payload_len_ptr) fatal("packet_read_poll2: no KEX"); if (mac->md != NULL) mac->enabled = 1; - debug("cipher_set_key_iv receive_context"); + DBG(debug("cipher_set_key_iv receive_context")); cipher_set_key_iv(&receive_context, enc->type, enc->key, enc->key_len, enc->iv, enc->iv_len); diff --git a/scp.c b/scp.c index 64869f976..2ac106290 100644 --- a/scp.c +++ b/scp.c @@ -45,7 +45,7 @@ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $"); +RCSID("$Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -543,7 +543,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); (void) sprintf(buf, "T%lu 0 %lu 0\n", (unsigned long) stb.st_mtime, (unsigned long) stb.st_atime); - (void) write(remout, buf, strlen(buf)); + (void) atomicio(write, remout, buf, strlen(buf)); if (response() < 0) goto next; } @@ -556,7 +556,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); fprintf(stderr, "Sending file modes: %s", buf); fflush(stderr); } - (void) write(remout, buf, strlen(buf)); + (void) atomicio(write, remout, buf, strlen(buf)); if (response() < 0) goto next; if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) { @@ -578,7 +578,7 @@ next: (void) close(fd); haderr = result >= 0 ? EIO : errno; } if (haderr) - (void) write(remout, bp->buf, amt); + (void) atomicio(write, remout, bp->buf, amt); else { result = atomicio(write, remout, bp->buf, amt); if (result != amt) @@ -592,7 +592,7 @@ next: (void) close(fd); if (close(fd) < 0 && !haderr) haderr = errno; if (!haderr) - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); else run_err("%s: %s", name, strerror(haderr)); (void) response(); @@ -621,7 +621,7 @@ rsource(name, statp) (void) sprintf(path, "T%lu 0 %lu 0\n", (unsigned long) statp->st_mtime, (unsigned long) statp->st_atime); - (void) write(remout, path, strlen(path)); + (void) atomicio(write, remout, path, strlen(path)); if (response() < 0) { closedir(dirp); return; @@ -632,7 +632,7 @@ rsource(name, statp) 0, last); if (verbose_mode) fprintf(stderr, "Entering directory: %s", path); - (void) write(remout, path, strlen(path)); + (void) atomicio(write, remout, path, strlen(path)); if (response() < 0) { closedir(dirp); return; @@ -651,7 +651,7 @@ rsource(name, statp) source(1, vect); } (void) closedir(dirp); - (void) write(remout, "E\n", 2); + (void) atomicio(write, remout, "E\n", 2); (void) response(); } @@ -687,7 +687,7 @@ sink(argc, argv) if (targetshouldbedirectory) verifydir(targ); - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) targisdir = 1; for (first = 1;; first = 0) { @@ -705,7 +705,7 @@ sink(argc, argv) if (buf[0] == '\01' || buf[0] == '\02') { if (iamremote == 0) - (void) write(STDERR_FILENO, + (void) atomicio(write, STDERR_FILENO, buf + 1, strlen(buf + 1)); if (buf[0] == '\02') exit(1); @@ -713,7 +713,7 @@ sink(argc, argv) continue; } if (buf[0] == 'E') { - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); return; } if (ch == '\n') @@ -737,7 +737,7 @@ sink(argc, argv) getnum(dummy_usec); if (*cp++ != '\0') SCREWUP("atime.usec not delimited"); - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); continue; } if (*cp != 'C' && *cp != 'D') { @@ -816,7 +816,7 @@ sink(argc, argv) bad: run_err("%s: %s", np, strerror(errno)); continue; } - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); if ((bp = allocbuf(&buffer, ofd, 4096)) == NULL) { (void) close(ofd); continue; @@ -897,7 +897,7 @@ bad: run_err("%s: %s", np, strerror(errno)); run_err("%s: %s", np, strerror(wrerrno)); break; case NO: - (void) write(remout, "", 1); + (void) atomicio(write, remout, "", 1); break; case DISPLAYED: break; @@ -932,7 +932,7 @@ response() } while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n'); if (!iamremote) - (void) write(STDERR_FILENO, rbuf, cp - rbuf); + (void) atomicio(write, STDERR_FILENO, rbuf, cp - rbuf); ++errs; if (resp == 1) return (-1); @@ -1008,7 +1008,7 @@ run_err(const char *fmt,...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $ + * $Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $ */ char * @@ -1240,7 +1240,7 @@ progressmeter(int flag) alarmtimer(1); } else if (flag == 1) { alarmtimer(0); - write(fileno(stdout), "\n", 1); + atomicio(write, fileno(stdout), "\n", 1); statbytes = 0; } } diff --git a/ssh-keygen.c b/ssh-keygen.c index d86396896..2154e1ebf 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.15 2000/05/01 10:59:51 damien Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.16 2000/05/01 11:10:34 damien Exp $"); #include #include @@ -492,7 +492,7 @@ void usage(void) { printf("ssh-keygen version %s\n", SSH_VERSION); - printf("Usage: %s [-b bits] [-p] [-c] [-l] [-x] [-X] [-y] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname); + printf("Usage: %s [-b bits] [-c] [-d] [-f file] [-l] [-p] [-q] [-x] [-y] [-C comment] [-N new-pass] [-P pass] [-X]\n", __progname); exit(1); } diff --git a/sshd.8 b/sshd.8 index cd7f9002f..9d8764a9c 100644 --- a/sshd.8 +++ b/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.18 2000/04/20 13:27:27 damien Exp $ +.\" $Id: sshd.8,v 1.19 2000/05/01 11:10:34 damien Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -31,7 +31,7 @@ .Nm (Secure Shell Daemon) is the daemon program for .Xr ssh 1 . -Together these programs replace rlogin and rsh programs, and +Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. The programs are intended to be as easy to @@ -56,19 +56,19 @@ the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. .Pp -Whenever a client connects the daemon, the daemon sends its host -and server public keys to the client. +Whenever a client connects the daemon responds with its public +host and server keys. The client compares the host key against its own database to verify that it has not changed. The client then generates a 256 bit random number. It encrypts this random number using both the host key and the server key, and sends the encrypted number to the server. -Both sides then start to use this +Both sides then use this random number as a session key which is used to encrypt all further communications in the session. The rest of the session is encrypted -using a conventional cipher, currently Blowfish and 3DES, with 3DES +using a conventional cipher, currently Blowfish or 3DES, with 3DES being used by default. The client selects the encryption algorithm to use from those offered by the server. @@ -95,7 +95,7 @@ are disabled (thus completely disabling .Xr rlogin 1 and .Xr rsh 1 -into that machine). +into the machine). .Pp If the client successfully authenticates itself, a dialog for preparing the session is entered. @@ -188,9 +188,9 @@ authentication, and termination of each connection is logged. Do not print an error message if RSA support is missing. .It Fl V Ar client_protocol_id SSH2 compatibility mode. -When this options is specified +When this option is specified .Nm -assumes the client has sent the given version string +assumes the client has sent the supplied version string and skips the Protocol Version Identification Exchange. .It Fl 4